From 692583743ff173c4af1babadde0c5b0d908f322d4b954a6f831e2e0f90193a5e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 20 Dec 2006 17:01:15 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=1 --- .gitattributes | 25 + .gitignore | 1 + Apache.xpm | 3 + SUSE-NOTICE | 13 + a2enflag | 49 + a2enmod | 62 + apache-20-22-upgrade | 64 + apache-ssl-stuff.tar.bz2 | 3 + apache2-README | 114 ++ apache2-README.QUICKSTART | 101 + apache2-README.QUICKSTART.SSL | 59 + apache2-README.QUICKSTART.WebDAV | 75 + apache2-check_forensic | 22 + apache2-default-server.conf | 106 ++ apache2-errors.conf | 68 + apache2-httpd.conf | 212 +++ apache2-listen.conf | 47 + apache2-manual.conf | 22 + apache2-mod_autoindex-defaults.conf | 51 + apache2-mod_info.conf | 15 + apache2-mod_log_config.conf | 35 + apache2-mod_mime-defaults.conf | 154 ++ apache2-mod_status.conf | 15 + apache2-mod_userdir.conf | 45 + apache2-mod_usertrack.conf | 7 + apache2-server-tuning.conf | 134 ++ apache2-ssl-global.conf | 72 + apache2-vhost-ssl.template | 201 ++ apache2-vhost.template | 125 ++ apache2.changes | 2072 ++++++++++++++++++++ apache2.logrotate | 69 + apache2.spec | 2704 +++++++++++++++++++++++++++ certificate.sh | 4 + favicon.ico | Bin 0 -> 302 bytes find_httpd2_includes | 31 + find_mpm | 46 + gensslcert | 198 ++ get_includes | 45 + get_module_list | 150 ++ httpd-2.0.49-log_server_status.dif | 36 + httpd-2.0.54-envvars.dif | 11 + httpd-2.1.3alpha-autoconf-2.59.dif | 396 ++++ httpd-2.1.3alpha-layout.dif | 57 + httpd-2.1.9-apachectl.dif | 65 + httpd-2.2.0-apxs-a2enmod.dif | 111 ++ httpd-2.2.3.tar.bz2 | 3 + load_configuration | 10 + mkcert.sh.gz | 3 + permissions.apache2 | 1 + rc.apache2 | 324 ++++ ready | 0 robots.txt | 11 + sysconf_addword | 129 ++ sysconfig.apache2 | 270 +++ 54 files changed, 8646 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Apache.xpm create mode 100644 SUSE-NOTICE create mode 100644 a2enflag create mode 100644 a2enmod create mode 100644 apache-20-22-upgrade create mode 100644 apache-ssl-stuff.tar.bz2 create mode 100644 apache2-README create mode 100644 apache2-README.QUICKSTART create mode 100644 apache2-README.QUICKSTART.SSL create mode 100644 apache2-README.QUICKSTART.WebDAV create mode 100644 apache2-check_forensic create mode 100644 apache2-default-server.conf create mode 100644 apache2-errors.conf create mode 100644 apache2-httpd.conf create mode 100644 apache2-listen.conf create mode 100644 apache2-manual.conf create mode 100644 apache2-mod_autoindex-defaults.conf create mode 100644 apache2-mod_info.conf create mode 100644 apache2-mod_log_config.conf create mode 100644 apache2-mod_mime-defaults.conf create mode 100644 apache2-mod_status.conf create mode 100644 apache2-mod_userdir.conf create mode 100644 apache2-mod_usertrack.conf create mode 100644 apache2-server-tuning.conf create mode 100644 apache2-ssl-global.conf create mode 100644 apache2-vhost-ssl.template create mode 100644 apache2-vhost.template create mode 100644 apache2.changes create mode 100644 apache2.logrotate create mode 100644 apache2.spec create mode 100644 certificate.sh create mode 100644 favicon.ico create mode 100644 find_httpd2_includes create mode 100644 find_mpm create mode 100644 gensslcert create mode 100644 get_includes create mode 100644 get_module_list create mode 100644 httpd-2.0.49-log_server_status.dif create mode 100644 httpd-2.0.54-envvars.dif create mode 100644 httpd-2.1.3alpha-autoconf-2.59.dif create mode 100644 httpd-2.1.3alpha-layout.dif create mode 100644 httpd-2.1.9-apachectl.dif create mode 100644 httpd-2.2.0-apxs-a2enmod.dif create mode 100644 httpd-2.2.3.tar.bz2 create mode 100644 load_configuration create mode 100644 mkcert.sh.gz create mode 100644 permissions.apache2 create mode 100644 rc.apache2 create mode 100644 ready create mode 100644 robots.txt create mode 100644 sysconf_addword create mode 100644 sysconfig.apache2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..6a7e248 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,25 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text +## Specific LFS patterns +Apache.xpm filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Apache.xpm b/Apache.xpm new file mode 100644 index 0000000..7c0bce1 --- /dev/null +++ b/Apache.xpm @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:995d4deb92a87593dff872345780ca183d734af6d4d2af439827377adfc74d41 +size 9044 diff --git a/SUSE-NOTICE b/SUSE-NOTICE new file mode 100644 index 0000000..74c8129 --- /dev/null +++ b/SUSE-NOTICE @@ -0,0 +1,13 @@ + +The SuSE build of apache2 contains the following modifications: + * assert HAVE_POLL during compilation (safety measure) + * small fixes in apachectl to make it work with multiple MPMs, and + use w3m alternatively to lynx + * avoid error if compiled with openssl 0.9.6e + * added patch to experimental caching module that fixes segfault for 'GET + https://whatever.html HTTP/1.0' request on HTTP Port + (/modules/experimental/cache_util.c) + * RFC 2817 TLS upgrade backported from 2.1 + * fixed log_server_status to use Socket.pm and match our configuration + * fixed check_forensic script (adjusted for GNU tools, use safe tmpdir) + * http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch diff --git a/a2enflag b/a2enflag new file mode 100644 index 0000000..f77b6b9 --- /dev/null +++ b/a2enflag @@ -0,0 +1,49 @@ +#!/bin/bash + +# Copyright 2005 Peter Poeml . All Rights Reserved. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + + +sysconf=/etc/sysconfig/apache2 +var=APACHE_SERVER_FLAGS +PATH="$PATH:/usr/bin:/usr/sbin" + +debug=true + +function usage() { + echo "$(basename $0): enable/disable a flag in $var in $sysconf" + echo + echo "usage: $(basename $0) [-d] flag" + #echo " $(basename $0) -h runtests" + exit 1 +} + +if [ $# -lt 1 ]; then + usage +fi + +action=enable +case "$1" in +-d) action=disable; shift;; +-*) usage;; +esac + +case $(basename $0) in +a2disflag) action=disable;; +esac + +flag=$1 + + +if [ $action = enable ]; then + sysconf_addword $sysconf $var $flag + exit $? +else + sysconf_addword -r $sysconf $var $flag + exit $? +fi + diff --git a/a2enmod b/a2enmod new file mode 100644 index 0000000..43f04a8 --- /dev/null +++ b/a2enmod @@ -0,0 +1,62 @@ +#!/bin/bash + +# Copyright 2005 Peter Poeml . All Rights Reserved. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + + +sysconf=/etc/sysconfig/apache2 +var=APACHE_MODULES +PATH="$PATH:/usr/bin:/usr/sbin" + +debug=true + +function usage() { + echo "$(basename $0): enable/disable an apache module in $var in $sysconf" + echo + echo "usage: $(basename $0) [-d] module" + echo " $(basename $0) -l list modules" + echo " $(basename $0) -q module query if module is installed" + #echo " $(basename $0) -h runtests" + exit 1 +} + +if [ $# -lt 1 ]; then + usage +fi + +action=enable +case "$1" in +-d) action=disable; shift;; +-l) action=list; shift;; +-q) action=query; shift;; +-*) usage;; +esac + +case $(basename $0) in +a2dismod) action=disable;; +esac + +mod=$1 + + +if [ $action = enable ]; then + sysconf_addword $sysconf $var $mod + exit $? +elif [ $action = disable ]; then + sysconf_addword -r $sysconf $var $mod + exit $? +elif [ $action = query ]; then + if a2enmod -l | grep -q "\<$mod\>"; then + exit 0 + else + exit 1 + fi +else + source $sysconf + eval echo \$$var +fi + diff --git a/apache-20-22-upgrade b/apache-20-22-upgrade new file mode 100644 index 0000000..6eeaaf2 --- /dev/null +++ b/apache-20-22-upgrade @@ -0,0 +1,64 @@ +#!/bin/bash + +# obsolete 2.0 modules -> 2.2 modules + +echo 'looking for old 2.0 modules to be renamed...' + +if a2enmod -q auth; then + echo 'auth -> auth_basic authn_file' + + a2dismod auth + a2enmod auth_basic + a2enmod authn_file + a2enmod authz_groupfile + a2enmod authz_default + a2enmod authz_user + + cat <<-EOF + + + !!!ATTENTION!!! + + If you use basic authentication, you will need to update your + configuration. Typically, you need to add + AuthBasicProvider file + (example for file-based authentication) below "AuthType Basic". + + !!!ATTENTION!!! + + + EOF + +fi + +if a2enmod -q access; then + echo 'access -> authz_host' + a2dismod access + a2enmod authz_host +fi + +if a2enmod -q auth_dbm; then + echo 'auth_dbm -> authn_dbm' + a2dismod auth_dbm + a2enmod authn_dbm +fi + +if a2enmod -q imap; then + echo 'imap -> imagemap' + a2dismod imap + a2enmod imagemap +fi + +if a2enmod -q image_map; then + echo 'image_map -> imagemap' + a2dismod image_map + a2enmod imagemap +fi + +if a2enmod -q auth_ldap; then + echo 'auth_ldap -> mod_authnz_ldap' + a2dismod auth_ldap + a2enmod mod_authnz_ldap +fi + +echo 'Done.' diff --git a/apache-ssl-stuff.tar.bz2 b/apache-ssl-stuff.tar.bz2 new file mode 100644 index 0000000..4b4b4aa --- /dev/null +++ b/apache-ssl-stuff.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a4c919f1ebd8ce788c10749b28a259302843c0061d56e199c2cb7a929c30d6ed +size 82910 diff --git a/apache2-README b/apache2-README new file mode 100644 index 0000000..9e51ca2 --- /dev/null +++ b/apache2-README @@ -0,0 +1,114 @@ +README.SuSE for Apache 2 + + +For The Impatient +================= + + o There are several MPM packages (MPM = multiprocessing module, which implements + the threads/processes model). The MPM packages contain the actual apache binary. + At least one MPM package must be installed. + + o The apache v1 and v2 packages can be installed and run side by side :) + + o Some commands have a "2" suffix, and are thus easily confused with Apache 1 + commands -- if you have an old apache (1.3) installation around. + + o Edit /etc/sysconfig/apache2 to configure the list of modules to load, and other things. + It is no longer required to run SuSEconfig after such changes. (In fact, the + SuSEconfig.apache2 does no longer exist.) + + + o For building apache modules, there are 4 apxs commands (all come with the + apache2-devel package): + apxs2 builds a common module for all MPMs and installs to /usr/lib/apache2 + apxs2-prefork builds for prefork and installs to /usr/lib/apache2-prefork + apxs2-worker builds for worker and installs to /usr/lib/apache2-worker + + If you build apache modules, the configure script might not find apxs, and + you'll need an option like --with-apxs=apxs2[-worker, ...], or of course you can set + a symlink to apxs2. + + o The Apache Runtime (APR) is in the "libapr0" package (this package was named "apr" + in the past (8.1)) + + +Choosing the right MPM for your application +=========================================== + +apache2-prefork is implemented with a prefork regime, while +apache2-worker uses a hybrid threaded/preforked model. + +Which one to use? The short answer is: + - if in doubt, simply use prefork + - use prefork if you use mod_php4 + - use worker if you need maximal performance with (possibly) less resources + (smaller memory footprint of threade compared to the same number as processes) + +The following nice article has a more in depth answer: +http://www.onlamp.com/pub/a/apache/2004/06/17/apacheckbk.html + +See +http://httpd.apache.org/docs-2.2/mpm.html and +http://httpd.apache.org/docs-2.2/misc/perf-tuning.html#compiletime +for more technical details. + +In general, using a threaded MPM (worker) requires that all libraries that are +loaded into apache (and libraries loaded by them in turn) be threadsafe as well. +See +http://httpd.apache.org/docs-2.2/developer/thread_safety.html for a status on +some libraries. + + +Upgrading from apache 1.3 +========================= + +For a smooth transition from apache 1.3, apache 2 is installable alongside apache +1.3. There are a few modules for apache 1 that have not been ported or enough +tested for apache 2, but most important modules are available by now. + +The mechanism of specifying modules to load into the server has been cleaned up +so a reasonable default set of modules is loaded. (It is not useful to load all +available modules by default, it would make the server quite big and slow. This +is important given as the number of modules in the apache base distribution is +rising and rising (about 50 at this time). + +In previous apache packages (1.3), modules were activated by setting a +APACHE_MOD_XYZ variable to "yes" and running SuSEconfig. +Nowadays, modules are activated by adding them to a the APACHE_MODULES +variable in /etc/sysconfig/apache2, and simply restarting apache. + + +Building modules for apache 2 +============================= + +Therefore, the different MPMs will be needed and a mechanism to build +the modules spesific to them. This can now be done with the apxs2, +apxs2-worker or apxs2-prefork script. + +For a module's configure script, you would typically use + --which-apxs=/usr/sbin/apxs2-prefork + +In RPM spec files, you can use + %define apxs apxs2 + %define apache_libexecdir %(%{apxs} -q libexecdir) +to build modules, or use apxs2-prefork (for instance) to build a module +specifically for the prefork MPM. + +To further the example, apxs2-prefork will install a module below +/usr/lib/apache2-prefork/, while "apxs2" will install it below +/usr/lib/apache2/. + +-a adds the module to APACHE_MODULES in /etc/sysconfig/apache2, which in turn +takes care of loading the module. + +Thus, usually you will only have to call + apxs2 -cia my_module.c +and all is fine. + + +-- +Suggestions or bug reports (via http://bugzilla.novell.com/) are most +welcome. + + +Mar 14 2005, Peter Poeml diff --git a/apache2-README.QUICKSTART b/apache2-README.QUICKSTART new file mode 100644 index 0000000..d69de61 --- /dev/null +++ b/apache2-README.QUICKSTART @@ -0,0 +1,101 @@ + +QUICKSTART -- How to get your server up and running as fast as possible + +o General machine setup: + - configure your network + - make sure that all components are current, by running YaST Online Update + regularly + +o synchronise time (parts of the HTTP protocol depend on correct time): + - configure machine as NTP client, either with the YaST configuration module or + by editing /etc/ntp.conf (just put a server name into it) and starting + "rcxntpd start", and running "chkconfig -a xntpd" + +o if you run a firewall, make sure to allow access through port 80 if the server + should be reachable from other machines. + +o start the server, and configure it to automatically start at boot time: + - rcapache2 start + - chkconfig -a apache2 + +o add web pages: + - the DocumentRoot is at /srv/www/htdocs + - if you add documents somewhere else and link to them with e.g. + Alias someplace "/path/to/someplace" + make sure to also use ... + to define access permissions and options for that directory, since + (starting with SuSE Linux 9.0) access to the entire filesystem is blocked + by default. See http://httpd.apache.org/docs-2.2/mod/core.html#directory + +o go through /etc/sysconfig/apache2: + - check loaded modules (APACHE_MODULES="..."). + - add "php4", "perl", or other needed modules to APACHE_MODULES al gusto. + - modules can be enabled/disabled in a simple (Debian-compatible ;) way from + the command line like this: + a2enmod php5 + a2dismod php5 + - there is also a command a2enflag, to change APACHE_SERVER_FLAGS + - restart the server ('rcapache2 restart') + +o where to add your own configuration: + - add e.g. /etc/apache2/httpd.conf.local and change APACHE_CONF_INCLUDE_FILES + in /etc/sysconfig/apache2, e.g. APACHE_CONF_INCLUDE_FILES="httpd.conf.local" + - to understand the hierarchy and layout of all include files, read the + comments at the top of httpd.conf + - if you strongly prefer the old, single, 40K, monolithic configuration file, + it's there! Just use it: + mv /etc/apache2/httpd.conf /etc/apache2/httpd.conf.dist + cp /usr/share/doc/packages/apache2/httpd-std.conf-prefork /etc/apache2/httpd.conf + rcapache2 restart + +o add virtual hosts: + - edit /etc/apache2/listen.conf. It is a suitable place to add + NameVirtualHost directives. + - copy the commented template /etc/apache2/vhosts.d/vhost.template to + /etc/apache2/vhosts.d/yourhost.conf + (note, it must end in .conf to be automatically read) + - edit /etc/apache2/vhosts.d/yourhost.conf to suit your needs + - alternative approach: simply append the NameVirtualHost directive and the + container to your local configuration (httpd.conf.local -- + see above) + - if in doubt about how apache interprets your vhost setup, always use + httpd2 -S. If SSL is involved you will need to run httpd2 -S -DSSL instead -- + likewise for other needed defines. + - the "default" server, which responds to requests not handled by other + vhosts, is always the one which is defined first. If you want a dedicated + "default" server for such requests, you need to put it first in the configuration. + If the configuration is in multiple files, like /etc/apache2/vhosts.d/*.conf, then + simply name the file _default.conf, or e.g. _192.168.0.1.conf if you do it per IP + address. + +o TROUBLESHOOTING -- if anything does not work: + - fire up "tail -F /var/log/apache2/*_log &" in a root shell + - reproduce what is not working (starting apache, doing client requests, + or whatever), and see how it is reflected in the logs + - read http://www.suse.com/~poeml/apache-faq.html + - make use of http://bugzilla.novell.com if you suspect a bug + +o for all configuration questions, consult + http://localhost/manual (if the apache2-doc package is installed), or + http://httpd.apache.org/docs-2.2/ (the online version) + - read the documentation under /usr/share/doc/packages/apache2/ (where you + will also find example configuration files) + +o building 3rd party modules: + - install apache2-devel (and of course gcc as well as other needed + development tools) + - use + apxs2 -- to build a module for all MPM types, or + apxs2-prefork -- to build a module for the Prefork MPM, or + apxs2-worker -- to build a module for the Worker MPM + (see man 8 apxs2). In most cases you can just use "apxs2", the most + notably exception being mod_php4. Using apxs2-prefork then will prevent + you from accidentally trying to use the module with the Worker MPM. + Typical example: apxs2 -c -i -a mod_foo.c + -c compiles + -i installs the module in the right place + -a activates the module by running 'a2enmod mod_foo' + - if the module's build system does not allow to use apxs, use at least + CFLAGS=$(apxs2 -q CFLAGS) + to determine the right compiler flags for your apache installation. + diff --git a/apache2-README.QUICKSTART.SSL b/apache2-README.QUICKSTART.SSL new file mode 100644 index 0000000..4794ff7 --- /dev/null +++ b/apache2-README.QUICKSTART.SSL @@ -0,0 +1,59 @@ + +QUICKSTART.SSL -- How to get your SSL server up and running as fast as possible + +You need to have read the README.QUICKSTART before going on with +this one! + + +o make sure that apache starts with mod_ssl loaded + - a2enmod ssl + It adapts /etc/sysconfig/apache2:APACHE_MODULES. + +o make sure that the SSL configuration is active + - a2enflag SSL + It adapts /etc/sysconfig/apache2:APACHE_SERVER_FLAGS. + - the reason why the flag SSL is also needed is because it's enclosed in + statements. This way it can be dormant until the necessary + prerequisite are present (keys) and you want to use it. In addition, it + can be useful to be able to start apache unattended at boot time even if + you use encrypted keys that need a passphrase otherwise. + +o for a real SSL setup, I recommend TinyCA to create and manage a real ssl setup. + It is available on SUSE Linux as package "tinyca2". + Also, please refer to the mod_ssl documentation. + +o The following steps will create _dummy_ keys in a very simple way: + - run /usr/bin/gensslcert + - it will (over)write /etc/apache2/ssl.crt/ca.crt + /etc/apache2/ssl.key/server.key + /etc/apache2/ssl.crt/server.crt + /etc/apache2/ssl.csr/server.csr + - a copy of ca.crt will be installed as /srv/www/htdocs/CA.crt for download. + - cp vhosts.d/vhost-ssl.template vhosts.d/vhost-ssl.conf + and adapt vhosts.d/vhost-ssl.conf al gusto + (note it must end in .conf to be read automatically) + +o to check your vhost setup, use "httpd2 -S -DSSL" + +o for all configuration questions, consult + http://localhost/manual (if the apache2-doc package is installed), or + http://httpd.apache.org/docs-2.2/ (the online version) + - read the documentation under /usr/share/doc/packages/apache2/ (where you + will also find example configuration files) + +o TROUBLESHOOTING -- if anything does not work: + - fire up "tail -F /var/log/apache2/*_log &" in a root shell + - reproduce what is not working (starting apache, doing client requests, + or whatever), and see how it is reflected in the logs + - read http://www.suse.com/~poeml/apache-faq.html + - make use of http://bugzilla.novell.com if you suspect a bug + +o common symptom: + - server logs this: [Thu Aug 28 21:07:39 2003] [error] [client 192.168.0.180] Invalid method in request j + - client shows this: SSL error: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol + cause: client speaks HTTPS, server speaks HTTP. If that happens to be port + 443, it means that the server is listening on the port but not with + SSL. If it was the other way round (client speaks HTTP, server + speaks HTTPS), the server would log 400 and the client show an error + 400 (HTTP_BAD_REQUEST) page. + diff --git a/apache2-README.QUICKSTART.WebDAV b/apache2-README.QUICKSTART.WebDAV new file mode 100644 index 0000000..60d4652 --- /dev/null +++ b/apache2-README.QUICKSTART.WebDAV @@ -0,0 +1,75 @@ + +# +# Example (using Digest Authentication) +# + +# enable needed apache modules: +/usr/sbin/a2enmod dav +/usr/sbin/a2enmod dav_fs + +# Define directory to be accesed: +davdir="editme" +# Define a location where the credentials are stored: +acldir=ACL +auth_realm=$davdir + +cd /srv/www + +# create a directory for WebDAV access: +mkdir $davdir +chmod 770 $davdir +chown root:www $davdir + +# create the directory for the credentials: +mkdir $acldir +chmod 750 $acldir +chown root:www $acldir + +# create credentials file: +touch $acldir/$davdir +chown root:www $acldir/$davdir +chmod 640 $acldir/$davdir + +# set up a user accound +htdigest $acldir/$davdir $auth_realm ${user:-user1} + + +cat < + DavLockDB /var/lib/apache2/DAVLock + + + + + Alias /$davdir /srv/www/$davdir + + DAV On + #ForceType text/plain + + Order Deny,Allow + Deny from all + + AuthType Digest + AuthName "private area" + + AuthDigestFile /srv/www/ACL/$davdir + AuthDigestDomain /$davdir/ + AuthName $auth_realm + + Require valid-user + Satisfy Any + + + + +EOF diff --git a/apache2-check_forensic b/apache2-check_forensic new file mode 100644 index 0000000..a1f5305 --- /dev/null +++ b/apache2-check_forensic @@ -0,0 +1,22 @@ +#!/bin/sh + +# check_forensic + +# check the forensic log for requests that did not complete +# output the request log for each one + +# This script is based on Ben Laurie's check_forensic, but is adjusted for GNU +# tools (as used on Linux) and it works in a safe tmpdir directory. +# todo: rewrite in a form that allows running on more operating systems. + +F=${1:?give filename as argument. cannot read from stdin.} + +tmpprefix=${TMPDIR:-/tmp}/check_forensic.XXXXXX +tdir=$(mktemp -d $tmpprefix); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; } + +cut -f 1 -d '|' $F > $tdir/fc-all.$$ +grep ^+ < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-in.$$ +grep -- ^- < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-out.$$ +join -v 1 $tdir/fc-in.$$ $tdir/fc-out.$$ | xargs -ixx egrep "^\\+xx" $F +rm $tdir/fc-all.$$ $tdir/fc-in.$$ $tdir/fc-out.$$ +rmdir $tdir diff --git a/apache2-default-server.conf b/apache2-default-server.conf new file mode 100644 index 0000000..fc45e52 --- /dev/null +++ b/apache2-default-server.conf @@ -0,0 +1,106 @@ +# +# Global configuration that will be applicable for all virtual hosts, unless +# deleted here, or overriden elswhere. +# + +DocumentRoot "/srv/www/htdocs" + +# +# Configure the DocumentRoot +# + + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs-2.2/mod/core.html#options + # for more information. + Options None + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride None + # Controls who can get stuff from this server. + Order allow,deny + Allow from all + + +# Aliases: aliases can be added as needed (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If you +# do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/apache2/icons/" + + + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# +ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/" + +# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options +ExecCGI -Includes + Order allow,deny + Allow from all + + +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# To disable it, simply remove userdir from the list of modules in APACHE_MODULES +# in /etc/sysconfig/apache2. +# + + # Note that the name of the user directory ("public_html") cannot simply be + # changed here, since it is a compile time setting. The apache package + # would have to be rebuilt. You could work around by deleting + # /usr/sbin/suexec, but then all scripts from the directories would be + # executed with the UID of the webserver. + UserDir public_html + # The actual configuration of the directory is in + # /etc/apache2/mod_userdir.conf. + Include /etc/apache2/mod_userdir.conf + # You can, however, change the ~ if you find it awkward, by mapping e.g. + # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ + #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2 + + + +# Include all *.conf files from /etc/apache2/conf.d/. +# +# This is mostly meant as a place for other RPM packages to drop in their +# configuration snippet. +# +# You can comment this out here if you want those bits include only in a +# certain virtual host, but not here. +# +Include /etc/apache2/conf.d/*.conf + +# The manual... if it is installed ('?' means it won't complain) +Include /etc/apache2/conf.d/apache2-manual?conf + diff --git a/apache2-errors.conf b/apache2-errors.conf new file mode 100644 index 0000000..56e1764 --- /dev/null +++ b/apache2-errors.conf @@ -0,0 +1,68 @@ + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +Alias /error/ "/usr/share/apache2/error/" + + + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + + ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var + ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var + ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var + ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var + ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var + ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var + ErrorDocument 410 /error/HTTP_GONE.html.var + ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var + ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var + ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var + ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var + ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var + ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var + ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var + ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var + ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var + ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + diff --git a/apache2-httpd.conf b/apache2-httpd.conf new file mode 100644 index 0000000..d3c0741 --- /dev/null +++ b/apache2-httpd.conf @@ -0,0 +1,212 @@ +# +# /etc/apache2/httpd.conf +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information about +# the directives. + +# Based upon the default apache configuration file that ships with apache, +# which is based upon the NCSA server configuration files originally by Rob +# McCool. This file was knocked together by Peter Poeml . + +# If possible, avoid changes to this file. It does mainly contain Include +# statements and global settings that can/should be overridden in the +# configuration of your virtual hosts. + +# Quickstart guide: +# /usr/share/doc/packages/apache2/README.QUICKSTART + + +# Overview of include files, chronologically: +# +# httpd.conf +# | +# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under +# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) +# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules +# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on +# |-- mod_log_config.conf . . . . . . . . . define logging formats +# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings +# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) +# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info +# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking +# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings +# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration +# |-- errors.conf . . . . . . . . . . . . . customize error responses +# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts +# | +# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests +# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) +# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) +# | +# |-- sysconfig.d/include.conf . . . . . . [*] your include files +# | (for each file to be included here, put its name +# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2) +# | +# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here +# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) +# +# +# Files marked [*] are created from sysconfig upon server restart: instead of +# these files, you edit /etc/sysconfig/apache2 + + + +# Filesystem layout: +# +# /etc/apache2/ +# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap +# |-- conf.d/ +# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc +# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 +# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages +# |-- default-server.conf +# |-- errors.conf +# |-- httpd.conf . . . . . . . . . . . . . top level configuration file +# |-- listen.conf +# |-- magic +# |-- mime.types -> ../mime.types +# |-- mod_autoindex-defaults.conf +# |-- mod_info.conf +# |-- mod_log_config.conf +# |-- mod_mime-defaults.conf +# |-- mod_perl-startup.pl +# |-- mod_status.conf +# |-- mod_userdir.conf +# |-- mod_usertrack.conf +# |-- server-tuning.conf +# |-- ssl-global.conf +# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) +# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates +# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests +# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys +# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files +# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2 +# | |-- global.conf +# | |-- include.conf +# | `-- loadmodule.conf +# |-- uid.conf +# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here +# |-- vhost-ssl.template +# `-- vhost.template + + + +### Global Environment ###################################################### +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests. + +# run under this user/group id +Include /etc/apache2/uid.conf + +# - how many server processes to start (server pool regulation) +# - usage of KeepAlive +Include /etc/apache2/server-tuning.conf + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +ErrorLog /var/log/apache2/error_log + +# generated from APACHE_MODULES in /etc/sysconfig/apache2 +Include /etc/apache2/sysconfig.d/loadmodule.conf + +# IP addresses / ports to listen on +Include /etc/apache2/listen.conf + +# predefined logging formats +Include /etc/apache2/mod_log_config.conf + +# generated from global settings in /etc/sysconfig/apache2 +Include /etc/apache2/sysconfig.d/global.conf + +# optional mod_status, mod_info +Include /etc/apache2/mod_status.conf +Include /etc/apache2/mod_info.conf + +# optional cookie-based user tracking +# read the documentation before using it!! +Include /etc/apache2/mod_usertrack.conf + +# configuration of server-generated directory listings +Include /etc/apache2/mod_autoindex-defaults.conf + +# associate MIME types with filename extensions +TypesConfig /etc/apache2/mime.types +DefaultType text/plain +Include /etc/apache2/mod_mime-defaults.conf + +# set up (customizable) error responses +Include /etc/apache2/errors.conf + +# global (server-wide) SSL configuration, that is not specific to +# any virtual host +Include /etc/apache2/ssl-global.conf + +# forbid access to the entire filesystem by default + + Options None + AllowOverride None + Order deny,allow + Deny from all + + +# use .htaccess files for overriding, +AccessFileName .htaccess +# and never show them + + Order allow,deny + Deny from all + + +# List of resources to look for when the client requests a directory +DirectoryIndex index.html index.html.var + +### 'Main' server configuration ############################################# +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# +Include /etc/apache2/default-server.conf + + +# Another way to include your own files +# +# The file below is generated from /etc/sysconfig/apache2, +# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and +# APACHE_CONF_INCLUDE_DIRS +Include /etc/apache2/sysconfig.d/include.conf + + +### Virtual server configuration ############################################ +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. +# +Include /etc/apache2/vhosts.d/*.conf + + +# Note: instead of adding your own configuration here, consider +# adding it in your own file (/etc/apache2/httpd.conf.local) +# putting its name into APACHE_CONF_INCLUDE_FILES in +# /etc/sysconfig/apache2 -- this will make system updates +# easier :) diff --git a/apache2-listen.conf b/apache2-listen.conf new file mode 100644 index 0000000..4780a8d --- /dev/null +++ b/apache2-listen.conf @@ -0,0 +1,47 @@ +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports. See also the directive. +# +# http://httpd.apache.org/docs-2.2/mod/mpm_common.html#listen +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +# +#Listen 12.34.56.78:80 +#Listen 80 +#Listen 443 + +Listen 80 + + + + + + + Listen 443 + + + + + + +# Use name-based virtual hosting +# +# - on a specified address / port: +# +#NameVirtualHost 12.34.56.78:80 +# +# - name-based virtual hosting: +# +#NameVirtualHost *:80 +# +# - on all addresses and ports. This is your best bet when you are on +# dynamically assigned IP addresses: +# +#NameVirtualHost * + diff --git a/apache2-manual.conf b/apache2-manual.conf new file mode 100644 index 0000000..82ddfc4 --- /dev/null +++ b/apache2-manual.conf @@ -0,0 +1,22 @@ +# +# This configuration file belongs to the apache2-doc package. +# +# The alias provides the manual, even if you choose to move your DocumentRoot. +# this out if you do not care for the documentation. +# +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/apache2/manual$1" + + + Options Indexes + AllowOverride None + Order allow,deny + Allow from all + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 + + diff --git a/apache2-mod_autoindex-defaults.conf b/apache2-mod_autoindex-defaults.conf new file mode 100644 index 0000000..a78d8f2 --- /dev/null +++ b/apache2-mod_autoindex-defaults.conf @@ -0,0 +1,51 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# see http://httpd.apache.org/docs-2.2/mod/mod_autoindex.html +# + + + + IndexOptions FancyIndexing VersionSort NameWidth=* + + # Add Last-Modified and ETag values for the listed directory in the HTTP header, + # based on files' modification dates + #IndexOptions +TrackModified + + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + AddIcon /icons/bomb.gif core + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + DefaultIcon /icons/unknown.gif + + ReadmeName README.html + HeaderName HEADER.html + + IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t + + diff --git a/apache2-mod_info.conf b/apache2-mod_info.conf new file mode 100644 index 0000000..f2f57c1 --- /dev/null +++ b/apache2-mod_info.conf @@ -0,0 +1,15 @@ +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# +# see http://httpd.apache.org/docs-2.2/mod/mod_info.html +# + + + SetHandler server-info + Order deny,allow + Deny from all + Allow from localhost + + + diff --git a/apache2-mod_log_config.conf b/apache2-mod_log_config.conf new file mode 100644 index 0000000..709b487 --- /dev/null +++ b/apache2-mod_log_config.conf @@ -0,0 +1,35 @@ +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# http://httpd.apache.org/docs-2.2/mod/mod_log_config.html +# + +# +# Format string: Nickname: +# +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%v %h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined + +# To use %I and %O, you need to enable mod_logio + +LogFormat "%h %l %u %t \"%r\" %>s %b \ +\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + +# Use one of these when you want a compact non-error SSL logfile on a virtual +# host basis: + +Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ +\"%r\" %b" ssl_common +Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ +\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined + + + diff --git a/apache2-mod_mime-defaults.conf b/apache2-mod_mime-defaults.conf new file mode 100644 index 0000000..4cfb4fe --- /dev/null +++ b/apache2-mod_mime-defaults.conf @@ -0,0 +1,154 @@ +# +# mod_mime configuration: +# associate various bits of "meta information" with files by their filename extensions +# +# see http://httpd.apache.org/docs-2.2/mod/mod_mime.html +# + +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# + +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb +AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk +AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb +AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-8 .utf8 + +# The set below does not map to a specific (iso) standard +# but works on a fairly wide range of browsers. Note that +# capitalization actually matters (it should not, but it +# does for some browsers). +# +# See http://www.iana.org/assignments/character-sets +# for a list of sorts. But browsers support few. +# +AddCharset GB2312 .gb2312 .gb +AddCharset utf-7 .utf7 +AddCharset utf-8 .utf8 +AddCharset big5 .big5 .b5 +AddCharset EUC-TW .euc-tw +AddCharset EUC-JP .euc-jp +AddCharset EUC-KR .euc-kr +AddCharset shift_jis .sjis + + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-tar .tgz +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz +# +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# Shortcut icons don't seem to be registered by IANA yet, but they +# are so commonly used that we add them here. +Addtype image/x-icon .ico + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + + +# Guess the MIME type of a file by looking at a few bytes of its contents +# http://httpd.apache.org/docs-2.2/mod/mod_mime_magic.html + + MIMEMagicFile /etc/apache2/magic + + diff --git a/apache2-mod_status.conf b/apache2-mod_status.conf new file mode 100644 index 0000000..fa1bf08 --- /dev/null +++ b/apache2-mod_status.conf @@ -0,0 +1,15 @@ +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# +# see http://httpd.apache.org/docs-2.2/mod/mod_status.html +# + + + SetHandler server-status + Order deny,allow + Deny from all + Allow from localhost + + + diff --git a/apache2-mod_userdir.conf b/apache2-mod_userdir.conf new file mode 100644 index 0000000..0b75bbd --- /dev/null +++ b/apache2-mod_userdir.conf @@ -0,0 +1,45 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# + + + # Note that the name of the user directory ("public_html") cannot easily be + # changed here, since it is a compile time setting. The apache package + # would have to be rebuilt. You could work around by deleting + # /usr/sbin/suexec, but then all scripts from the directories would be + # executed with the UID of the webserver. + # + # To rebuild apache with another setting you need to change the + # %userdir define in the spec file. + + # not every user's directory should be visible: + UserDir disabled root + + # to enable UserDir only for a certain set of users, use this instead: + #UserDir disabled + #UserDir enabled user1 user2 + + + # the UserDir directive is actually used inside the virtual hosts, to + # have more control + #UserDir public_html + + + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + + Order allow,deny + Allow from all + + + + Order deny,allow + Deny from all + + + + + diff --git a/apache2-mod_usertrack.conf b/apache2-mod_usertrack.conf new file mode 100644 index 0000000..c6be45b --- /dev/null +++ b/apache2-mod_usertrack.conf @@ -0,0 +1,7 @@ + + + + # This is the default. + CookieName Apache + + diff --git a/apache2-server-tuning.conf b/apache2-server-tuning.conf new file mode 100644 index 0000000..e50ef24 --- /dev/null +++ b/apache2-server-tuning.conf @@ -0,0 +1,134 @@ +## +## Server-Pool Size Regulation (MPM specific) +## + +# the MPM (multiprocessing module) is not a dynamically loadable module in the +# sense of other modules. It is a compile time decision which one is used. We +# provide different apache2 MPM packages, containing different httpd2 binaries +# compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2. + +# prefork MPM + + # number of server processes to start + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#startservers + StartServers 5 + # minimum number of server processes which are kept spare + # http://httpd.apache.org/docs/2.2/mod/prefork.html#minspareservers + MinSpareServers 5 + # maximum number of server processes which are kept spare + # http://httpd.apache.org/docs/2.2/mod/prefork.html#maxspareservers + MaxSpareServers 10 + # highest possible MaxClients setting for the lifetime of the Apache process. + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#serverlimit + ServerLimit 150 + # maximum number of server processes allowed to start + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients + MaxClients 150 + # maximum number of requests a server process serves + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxrequestsperchild + MaxRequestsPerChild 10000 + + +# worker MPM + + # initial number of server processes to start + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#startservers + StartServers 3 + # minimum number of worker threads which are kept spare + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#minsparethreads + MinSpareThreads 25 + # maximum number of worker threads which are kept spare + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxsparethreads + MaxSpareThreads 75 + # upper limit on the configurable number of threads per child process + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#threadlimit + ThreadLimit 64 + # maximum number of simultaneous client connections + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients + MaxClients 150 + # number of worker threads created by each child process + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#threadsperchild + ThreadsPerChild 25 + # maximum number of requests a server process serves + # http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxrequestsperchild + MaxRequestsPerChild 10000 + + +# leader MPM + + # initial number of server processes to start + StartServers 2 + # minimum number of worker threads which are kept spare + MinSpareThreads 25 + # maximum number of worker threads which are kept spare + MaxSpareThreads 75 + # maximum number of simultaneous client connections + MaxClients 150 + # constant number of worker threads in each server process + ThreadsPerChild 25 + # maximum number of requests a server process serves + MaxRequestsPerChild 10000 + + + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +# +# EnableMMAP: Control whether memory-mapping is used to deliver +# files (assuming that the underlying OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. On some systems, turning it off (regardless of +# filesystem) can improve performance; for details, please see +# http://httpd.apache.org/docs-2.2/mod/core.html#enablemmap +# +#EnableMMAP off + +# +# EnableSendfile: Control whether the sendfile kernel support is +# used to deliver files (assuming that the OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. Please see +# http://httpd.apache.org/docs-2.2/mod/core.html#enablesendfile +# +#EnableSendfile off + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs" redirect-carefully + diff --git a/apache2-ssl-global.conf b/apache2-ssl-global.conf new file mode 100644 index 0000000..16b9ddc --- /dev/null +++ b/apache2-ssl-global.conf @@ -0,0 +1,72 @@ +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# These are the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. + +# This global SSL configuration is ignored if +# "SSL" is not defined, or if "NOSSL" is defined. + + + + + # + # Some MIME-types for downloading Certificates and CRLs + # + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal + # terminal dialog) has to provide the pass phrase on stdout. + SSLPassPhraseDialog builtin + + # Inter-Process Session Cache: + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + # shm means the same as shmht. + # Note that on most platforms shared memory segments are not allowed to be on + # network-mounted drives, so in that case you need to use the dbm method. + #SSLSessionCache none + #SSLSessionCache dbm:/var/lib/apache2/ssl_scache + #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) + SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) + SSLSessionCacheTimeout 600 + + # This configures the SSL engine's semaphore (aka. lock) which is + # used for mutual exclusion of operations which have to be done in a + # synchronized way between the pre-forked Apache server processes. + # "default" tells the SSL Module to pick the default locking + # implementation as determined by the platform and APR. + SSLMutex default + + # Pseudo Random Number Generator (PRNG): + # Configure one or more sources to seed the PRNG of the + # SSL library. The seed data should be of good random quality. + # WARNING! On some platforms /dev/random blocks if not enough entropy + # is available. This means you then cannot use the /dev/random device + # because it would lead to very long connection times (as long as + # it requires to make more entropy available). But usually those + # platforms additionally provide a /dev/urandom device which doesn't + # block. So, if available, use this one instead. Read the mod_ssl User + # Manual for more details. + SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + #SSLRandomSeed startup file:/dev/random 512 + #SSLRandomSeed connect file:/dev/random 512 + #SSLRandomSeed startup file:/dev/urandom 512 + #SSLRandomSeed connect file:/dev/urandom 512 + + + + diff --git a/apache2-vhost-ssl.template b/apache2-vhost-ssl.template new file mode 100644 index 0000000..91b53af --- /dev/null +++ b/apache2-vhost-ssl.template @@ -0,0 +1,201 @@ +# Template for a VirtualHost with SSL +# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf. +# Files must have the .conf suffix to be loaded. +# +# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints +# about virtual hosts. + +# NameVirtualHost statements should be added to /etc/apache2/listen.conf. + +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see +# +# For the moment, see for this info. +# The documents are still being prepared from material donated by the +# modssl project. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +# Until documentation is completed, please check http://www.modssl.org/ +# for additional config examples and module docmentation. Directives +# and features of mod_ssl are largely unchanged from the mod_ssl project +# for Apache 1.3. + + + + +## +## SSL Virtual Host Context +## + + + + # General setup for the virtual host + DocumentRoot "/srv/www/htdocs" + #ServerName www.example.com:443 + #ServerAdmin webmaster@example.com + ErrorLog /var/log/apache2/error_log + TransferLog /var/log/apache2/access_log + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + # Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If + # the certificate is encrypted, then you will be prompted for a + # pass phrase. Note that a kill -HUP will prompt again. Keep + # in mind that if you have both an RSA and a DSA certificate you + # can configure both in parallel (to also allow the use of DSA + # ciphers, etc.) + SSLCertificateFile /etc/apache2/ssl.crt/server.crt + #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt + + # Server Private Key: + # If the key is not combined with the certificate, use this + # directive to point at the key file. Keep in mind that if + # you've both a RSA and a DSA private key you can configure + # both in parallel (to also allow the use of DSA ciphers, etc.) + SSLCertificateKeyFile /etc/apache2/ssl.key/server.key + #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/apache2/ssl.crt + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # Access Control: + # With SSLRequire you can do per-directory access control based + # on arbitrary complex boolean expressions containing server + # variable checks and other lookup directives. The syntax is a + # mixture between C and Perl. See the mod_ssl documentation + # for more details. + # + #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o CompatEnvVars: + # This exports obsolete environment variables for backward compatibility + # to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this + # to provide compatibility to existing CGI scripts. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + # Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a + # compact non-error SSL logfile on a virtual host basis. + CustomLog /var/log/apache2/ssl_request_log ssl_combined + + + + + + diff --git a/apache2-vhost.template b/apache2-vhost.template new file mode 100644 index 0000000..d20e299 --- /dev/null +++ b/apache2-vhost.template @@ -0,0 +1,125 @@ +# +# VirtualHost template +# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf. +# Files must have the .conf suffix to be loaded. +# +# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints +# about virtual hosts. +# +# NameVirtualHost statements can be added to /etc/apache2/listen.conf. +# +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# + + ServerAdmin webmaster@dummy-host.example.com + ServerName dummy-host.example.com + + # DocumentRoot: The directory out of which you will serve your + # documents. By default, all requests are taken from this directory, but + # symbolic links and aliases may be used to point to other locations. + DocumentRoot /srv/www/vhosts/dummy-host.example.com + + # if not specified, the global error log is used + ErrorLog /var/log/apache2/dummy-host.example.com-error_log + CustomLog /var/log/apache2/dummy-host.example.com-access_log combined + + # don't loose time with IP address lookups + HostnameLookups Off + + # needed for named virtual hosts + UseCanonicalName Off + + # configures the footer on server-generated documents + ServerSignature On + + + # Optionally, include *.conf files from /etc/apache2/conf.d/ + # + # For example, to allow execution of PHP scripts: + # + # Include /etc/apache2/conf.d/mod_php4.conf + # + # or, to include all configuration snippets added by packages: + # Include /etc/apache2/conf.d/*.conf + + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the realname directory are treated as applications and + # run by the server when requested rather than as documents sent to the client. + # The same rules about trailing "/" apply to ScriptAlias directives as to + # Alias. + # + ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/" + + # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased + # CGI directory exists, if you have one, and where ScriptAlias points to. + # + + AllowOverride None + Options +ExecCGI -Includes + Order allow,deny + Allow from all + + + + # UserDir: The name of the directory that is appended onto a user's home + # directory if a ~user request is received. + # + # To disable it, simply remove userdir from the list of modules in APACHE_MODULES + # in /etc/sysconfig/apache2. + # + + # Note that the name of the user directory ("public_html") cannot simply be + # changed here, since it is a compile time setting. The apache package + # would have to be rebuilt. You could work around by deleting + # /usr/sbin/suexec, but then all scripts from the directories would be + # executed with the UID of the webserver. + UserDir public_html + # The actual configuration of the directory is in + # /etc/apache2/mod_userdir.conf. + Include /etc/apache2/mod_userdir.conf + # You can, however, change the ~ if you find it awkward, by mapping e.g. + # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ + #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2 + + + + # + # This should be changed to whatever you set DocumentRoot to. + # + + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs-2.2/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Order allow,deny + Allow from all + + + + + diff --git a/apache2.changes b/apache2.changes new file mode 100644 index 0000000..4c61441 --- /dev/null +++ b/apache2.changes @@ -0,0 +1,2072 @@ +------------------------------------------------------------------- +Wed Dec 20 15:58:35 CET 2006 - poeml@suse.de + +- set a proper HOME (/var/lib/apache2), otherwise the server might + end up HOME=/root and some script might try to use that [#132769] +- add two notes to the QUICKSTART readmes +- don't install /etc/apache2/extra configuration since this is only + serving as an example and installed with the documentation anyway + +------------------------------------------------------------------- +Tue Sep 26 11:13:52 CEST 2006 - poeml@suse.de + +- add rpm macro for suexec_safepath +- use _bindir/_sbindir in a few places [#202355] +- remove unused /sbin/conf.d directory from build root + +------------------------------------------------------------------- +Thu Aug 31 15:26:54 CEST 2006 - poeml@suse.de + +- Enable fatal exception hook for use by diagnostic modules. + +------------------------------------------------------------------- +Tue Aug 29 16:33:59 CEST 2006 - poeml@suse.de + +- move some binaries, where calling by users makes sense (dbmmanage + htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133] + +------------------------------------------------------------------- +Wed Aug 9 16:13:07 CEST 2006 - poeml@suse.de + +- upstream 2.2.3 + |SECURITY: CVE-2006-3747 (cve.mitre.org) + | mod_rewrite: Fix an off-by-one security problem in the ldap scheme + | handling. For some RewriteRules this could lead to a pointer being + | written out of bounds. Reported by Mark Dowd of McAfee. + | mod_authn_alias: Add a check to make sure that the base provider and the + | alias names are different and also that the alias has not been registered + | before. PR 40051. + | mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP + | client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529. + | mod_autoindex: Fix filename escaping with FancyIndexing disabled. + | PR 38910. + | mod_cache: + | - Make caching of reverse SSL proxies possible again. PR 39593. + | - Do not overwrite the Content-Type in the cache, for + | successfully revalidated cached objects. PR 39647. + | mod_charset_lite: Bypass translation when the source and dest charsets + | are the same. + | mod_dbd: Fix dependence on virtualhost configuration in + | defining prepared statements (possible segfault at startup + | in user modules such as mod_authn_dbd). + | mod_mem_cache: Set content type correctly when delivering data from + | cache. PR 39266. + | mod_speling: Add directive to deal with case corrections only + | and ignore other misspellings + | miscellaneous: + | - Add optional 'scheme://' prefix to ServerName directive, + | allowing correct determination of the canonical server URL + | for use behind a proxy or offload device handling SSL; + | fixing redirect generation in those cases. PR 33398. + | - Added server_scheme field to server_rec for above. Minor MMN bump. + | - Worker MPM: On graceless shutdown or restart, send signals + | to each worker thread to wake them up if they're polling on + | a Keep-Alive connection. PR 38737. + | - worker and event MPMs: fix excessive forking if fork() or + | child_init take a long time. PR 39275. + | - Respect GracefulShutdownTimeout in the worker and event MPMs. + | - configure: Add "--with-included-apr" flag to force use of + | the bundled version of APR at build time. + +------------------------------------------------------------------- +Tue Jul 4 12:20:54 CEST 2006 - poeml@suse.de + +- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is + found + +------------------------------------------------------------------- +Fri Jun 23 09:52:17 CEST 2006 - poeml@suse.de + +- fix typo in apache-20-22-upgrade script: mod_image_map -> + mod_imagemap + +------------------------------------------------------------------- +Mon Jun 12 11:28:59 CEST 2006 - poeml@suse.de + +- enable logresolve processing of lines longer than 1024 characters + by compiling with MAXLINE=4096 [#162806] + +------------------------------------------------------------------- +Fri Jun 9 23:11:45 CEST 2006 - poeml@suse.de + +- upstream 2.2.2 + | SECURITY: CVE-2005-3357 (cve.mitre.org) + | mod_ssl: Fix a possible crash during access control checks + | if a non-SSL request is processed for an SSL vhost (such as + | the "HTTP request received on SSL port" error message when + | an 400 ErrorDocument is configured, or if using "SSLEngine + | optional"). PR 37791. + | SECURITY: CVE-2005-3352 (cve.mitre.org) + | mod_imagemap: Escape untrusted referer header before + | outputting in HTML to avoid potential cross-site scripting. + | Change also made to ap_escape_html so we escape quotes. + | Reported by JPCERT. + | mod_cache: + | - Make caching of reverse proxies possible again. PR 38017. + | mod_disk_cache: + | - Return the correct error codes from bucket read failures, + | instead of APR_EGENERAL. + | mod_dbd: + | - Update defaults, improve error reporting. + | - Create own pool and mutex to avoid problem use of process + | pool in request processing. + | mod_deflate: + | - work correctly in an internal redirect + | mod_proxy: + | - don't reuse a connection that may be to the wrong backend PR 39253 + | - Do not release connections from connection pool twice. PR 38793. + | - Fix KeepAlives not being allowed and set to backend servers. PR 38602. + | - Fix incorrect usage of local and shared worker init. PR 38403. + | - If we get an error reading the upstream response, close the + | connection. + | mod_proxy_balancer: + | - Initialize members of a balancer correctly. PR 38227. + | mod_proxy_ajp: + | - Flushing of the output after each AJP chunk is now + | configurable at runtime via the 'flushpackets' and 'flushwait' + | worker params. Minor MMN bump. + | - Crosscheck the length of the body chunk with the length of the + | ajp message to prevent mod_proxy_ajp from reading beyond the + | buffer boundaries and thus revealing possibly sensitive memory + | contents to the client. + | - Support common headers of the AJP protocol in responses. PR 38340. + | mod_proxy_http: + | - Do send keep-alive header if the client sent connection: + | keep-alive and do not close backend connection if the client + | sent connection: close. PR 38524. + | mod_proxy_balancer: + | - Do not overwrite the status of initialized workers and respect + | the configured status of uninitilized workers when creating a + | new child process. + | - Fix off-by-one error in proxy_balancer. PR 37753. + | mod_speling: + | - Stop crashing with certain non-file requests. + | mod_ssl: + | - Fix possible crashes in shmcb with gcc 4 on platforms + | requiring word-aligned pointers. PR 38838. + | miscellaneous: + | - core: Prevent reading uninitialized memory while reading a line of + | protocol input. PR 39282. + | - core: Reject invalid Expect header immediately. PR 38123. + | - Default handler: Don't return output filter apr_status_t values. + | PR 31759. + | - Add APR/APR-Util Compiled and Runtime Version numbers to the + | output of 'httpd -V'. + | - http: If a connection is aborted while waiting for a chunked line, + | flag the connection as errored out. + | - Don't hang on error return from post_read_request. PR 37790. + | - Fix mis-shifted 32 bit scope, masked to 64 bits as a method. + | - Fix recursive ErrorDocument handling. PR 36090. + | - Ensure that the proper status line is written to the client, fixing + | incorrect status lines caused by filters which modify r->status without + | resetting r->status_line, such as the built-in byterange filter. + | - HTML-escape the Expect error message. Not classed as security as + | an attacker has no way to influence the Expect header a victim will + | send to a target site. + | - Chunk filter: Fix chunk filter to create correct chunks in the case that + | a flush bucket is surrounded by data buckets. + | - Avoid Server-driven negotiation when a script has emitted an + | explicit Status: header. PR 38070. + | - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX. + | - htdbm: Warn the user when adding a plaintext password on a platform + | where it wouldn't work with the server (i.e., anywhere that has + | crypt()). +- adapted httpd-2.1.3alpha-autoconf-2.59.dif +- other user visible changes: + * use a2enmod, a2enflag in apache2-README.QUICKSTART.* + * add README.QUICKSTART link to httpd.conf +- when installing/updating, avoid irritating message in + /var/log/messages ("group is unknown - group=wwwadmin") [#183071] +- build system changes: + * clean up old cruft tight to suse_version macros + * don't run buildconf, and thus don't need python. + * don't ship uid.conf as source file, but create it dynamically + instead, according to user/group defined via rpm macro + * create wwwrun:www user on non-SUSE builds + * work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds + * add openssl-devel and expat-devel to Buildrequires for non-SUSE builds + * make sure that the rpm macro sles_version is defined + * remove obsolete VENDOR UnitedLinux macro + +------------------------------------------------------------------- +Tue Apr 25 18:10:28 CEST 2006 - poeml@suse.de + +- obsolete 'apache' package on SLES10 (obsolete it on all platforms + except SLES9 and old SL releases) + +------------------------------------------------------------------- +Wed Mar 29 11:54:00 CEST 2006 - poeml@suse.de + +- remove php4 from default modules [#155333] +- fix comment in /etc/init.d/apache2 [#148559] + +------------------------------------------------------------------- +Mon Feb 20 13:49:07 CET 2006 - poeml@suse.de + +- fixed comment in init script which indicated wrong version [#148559] + +------------------------------------------------------------------- +Mon Jan 30 12:41:20 CET 2006 - poeml@suse.de + +- added Requires: libapr-util1-devel to apache2-devel package [#146496] + +------------------------------------------------------------------- +Fri Jan 27 15:10:15 CET 2006 - poeml@suse.de + +- add a note about NameVirtualHost statements to the vhost template + files [#145000] + +------------------------------------------------------------------- +Wed Jan 25 21:34:16 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 20 13:20:04 CET 2006 - poeml@suse.de + +- cleanup: remove obsolete metuxmpm patch +- improve informational text in apache-20-22-upgrade + +------------------------------------------------------------------- +Wed Jan 18 10:11:12 CET 2006 - poeml@suse.de + +- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to + increase it anymore (fixes [#143536]) + +------------------------------------------------------------------- +Mon Dec 19 13:25:20 CET 2005 - poeml@suse.de + +- update to 2.2.0 +- enable all new modules +- replaced modules "auth auth_dbm access" in default configuration + by "auth_basic authn_file authn_dbm authz_host authz_default + authz_user"" +- /usr/share/apache2/apache-20-22-upgrade will fix the module list + on upgrade +- fix bug in sysconf_addword (used by a2enmod) to respect word + boundaries when removing a word (but don't count slashes as word + boundary) +- remove perchild mpm subpackage, add experimemtal event mpm +- remove obsolete tool apache2-reconfigure-mpm +- remove obsolete perchild config from apache2-server-tuning.conf +- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild +- build against system pcre +- build with --enable-pie +- don't modify which libraries are linked in +- adjust IndexIgnore setting to upstream default. Previously, the + parent directory (..) was being ignored +- package the symlinks in ssl.crt + +------------------------------------------------------------------- +Wed Dec 7 11:07:21 CET 2005 - poeml@suse.de + +- patch apxs to use the new a2enmod tool, when called with -a +- add -l option to a2enmod, which gives a list of active modules +- adjust feedback address in the readmes +- update README.QUICKSTART.SSL (mention TinyCA) +- add more documentation in server-tuning.conf, and adjust defaults +- do not document the restart-hup action of the init script. It + should not be used +- don't install the tool checkgid -- it is only usable during + installation + +------------------------------------------------------------------- +Fri Nov 18 13:22:21 CET 2005 - poeml@suse.de + +- fix duplicated Source45 tag + +------------------------------------------------------------------- +Mon Oct 24 14:17:08 CEST 2005 - poeml@suse.de + +- update to 2.0.55. Relevant changes: + | SECURITY: CAN-2005-2700 (cve.mitre.org) + | mod_ssl: Fix a security issue where "SSLVerifyClient" was + | not enforced in per-location context if "SSLVerifyClient + | optional" was configured in the vhost configuration. + | SECURITY: CAN-2005-2491 (cve.mitre.org): + | Fix integer overflows in PCRE in quantifier parsing which + | could be triggered by a local user through use of a + | carefully-crafted regex in an .htaccess file. + | SECURITY: CAN-2005-2088 (cve.mitre.org) + | proxy: Correctly handle the Transfer-Encoding and + | Content-Length headers. Discard the request Content-Length + | whenever T-E: chunked is used, always passing one of either + | C-L or T-E: chunked whenever the request includes a request + | body. Resolves an entire class of proxy HTTP Request + | Splitting/Spoofing attacks. + | SECURITY: CAN-2005-2728 (cve.mitre.org) + | Fix cases where the byterange filter would buffer responses + | into memory. PR 29962. + | SECURITY: CAN-2005-2088 (cve.mitre.org) + | core: If a request contains both Transfer-Encoding and + | Content-Length headers, remove the Content-Length, + | mitigating some HTTP Request Splitting/Spoofing attacks. + | SECURITY: CAN-2005-1268 (cve.mitre.org) + | mod_ssl: Fix off-by-one overflow whilst printing CRL + | information at "LogLevel debug" which could be triggered if + | configured to use a "malicious" CRL. PR 35081. + | miscellaneous: + | - worker MPM: Fix a memory leak which can occur after an + | aborted connection in some limited circumstances. + | - worker mpm: don't take down the whole server for a transient + | thread creation failure. PR 34514 + | - Added TraceEnable [on|off|extended] per-server directive to + | alter the behavior of the TRACE method. This addresses a + | flaw in proxy conformance to RFC 2616 - previously the proxy + | server would accept a TRACE request body although the RFC + | prohibited it. The default remains 'TraceEnable on'. + | - Add ap_log_cerror() for logging messages associated with + | particular client connections. + | - Support the suppress-error-charset setting, as with Apache + | 1.3.x. PR 31274. + | - Fix bad globbing comparison which could result in getting a + | directory listing when a file was requested. PR 34512. + | - Fix a file descriptor leak when starting piped loggers. PR + | 33748. + | - Prevent hangs of child processes when writing to piped + | loggers at the time of graceful restart. PR 26467. + | mod_cgid: + | - Correct mod_cgid's argv[0] so that the full path can be + | delved by the invoked cgi application, to conform to the + | behavior of mod_cgi. + | mod_include: + | - Fix possible environment variable corruption when using + | nested includes. PR 12655. + | mod_ldap: + | - Fix PR 36563. Keep track of the number of attributes + | retrieved from LDAP so that all of the values can be + | properly cached even if the value is NULL. + | - Fix core dump if mod_auth_ldap's + | mod_auth_ldap_auth_checker() was called even if + | mod_auth_ldap_check_user_id() was not (or if it didn't + | succeed) for non-authoritative cases. + | - Avoid segfaults when opening connections if using a version + | of OpenLDAP older than 2.2.21. PR 34618. + | - Fix various shared memory cache handling bugs. PR 34209. + | mod_proxy: + | - Fix over-eager handling of '%' for reverse proxies. PR + | 15207. + | - proxy HTTP: If a response contains both Transfer-Encoding + | and a Content-Length, remove the Content-Length and don't + | reuse the connection, mitigating some HTTP Response + | Splitting attacks. + | - proxy HTTP: Rework the handling of request bodies to handle + | chunked input and input filters which modify content length, + | and avoid spooling arbitrary-sized request bodies in memory. + | PR 15859. + | mod_ssl: + | - Fix build with OpenSSL 0.9.8. PR 35757. + | mod_rewrite: + | - use buffered I/O to improve performance with large + | RewriteMap txt: files. + | mod_userdir: + | - Fix possible memory corruption issue. PR 34588. +- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif + httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif + apache2-bundled-pcre-5.0-CAN-2005-2491.dif + httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff + httpd-2.0.54-ap_byterange-CAN-2005-2728.diff +- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55) + +------------------------------------------------------------------- +Thu Oct 20 15:50:35 CEST 2005 - poeml@suse.de + +- rc.apache2: when stopping the server, wait for the actual binary + of the parent process to disappear. Waiting for the pid file to + disappear is not sufficient, because not all cleanup might be + finished at the time of its removal. [#96492], [#85539] + +------------------------------------------------------------------- +Wed Oct 12 15:42:47 CEST 2005 - poeml@suse.de + +- fix security hole by wrongly initializing LD_LIBRARY_PATH in + /usr/sbin/envvars (used by apache2ctl only) [#118188] + +------------------------------------------------------------------- +Fri Sep 30 09:47:20 CEST 2005 - poeml@suse.de + +- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch) + +------------------------------------------------------------------- +Mon Sep 26 01:24:18 CEST 2005 - ro@suse.de + +- define LDAP_DEPRECATED in CFLAGS + +------------------------------------------------------------------- +Fri Sep 2 12:55:08 CEST 2005 - poeml@suse.de + +- security fix [CAN-2005-2728 (cve.mitre.org)]: + fix memory consumption bug in byterange handling +- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701] + if "SSLVerifyClient optional" has been configured at the vhost + context then "SSLVerifyClient require" is not enforced in a + location context within that vhost; effectively allowing clients + to bypass client-cert authentication checks. [#114701] + +------------------------------------------------------------------- +Wed Aug 31 15:39:38 CEST 2005 - poeml@suse.de + +- Security fix: fix integer overflows in PCRE in quantifier parsing which + could be triggered by a local user through use of a carefully-crafted + regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209] + +------------------------------------------------------------------- +Tue Aug 30 17:41:46 CEST 2005 - lmuelle@suse.de + +- Escape also any forward slash while removing a word with sysconf_addword. + +------------------------------------------------------------------- +Fri Aug 26 14:33:34 CEST 2005 - lmuelle@suse.de + +- Escape any forward slash in the word argument of sysconf_addword. + +------------------------------------------------------------------- +Sun Aug 14 00:20:26 CEST 2005 - ro@suse.de + +- alingn suexec2 permissions with permissions.secure + +------------------------------------------------------------------- +Thu Aug 11 11:09:49 CEST 2005 - poeml@suse.de + +- the permissions files are now maintained centrally and packaged + in the permissions package. Package suexec2 with mode 0750. [#66304] + +------------------------------------------------------------------- +Fri Aug 5 13:10:21 CEST 2005 - poeml@suse.de + +- change SSLMutex "default" so APR always picks the best on the + platform +- fix Source42 tag which was present twice +- add a2enmod/a2enflag to add/remove modules/flags conveniently +- add charset.conv table for mod_auth_ldap +- make sure that suse_version is defined (it might be unset by e.g. + ISPs preinstallations) + +------------------------------------------------------------------- +Tue Jul 12 23:49:29 CEST 2005 - poeml@suse.de + +- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request + contains both Transfer-Encoding and a Content-Length, remove the + Content-Length, stopping some HTTP Request smuggling attacks. + mod_proxy: Reject chunked requests. [#95709] +- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix + off-by-one overflow whilst printing CRL information at "LogLevel + debug" which could be triggered if configured to use a + "malicious" CRL. PR 35081. [#95709] + +------------------------------------------------------------------- +Mon Jun 20 12:57:17 CEST 2005 - poeml@suse.de + +- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with + -fpie and link with -pie + +------------------------------------------------------------------- +Wed May 18 16:46:22 CEST 2005 - poeml@suse.de + +- update to 2.0.54. Relevant changes: + | mod_cache: + | - Add CacheIgnoreHeaders directive. PR 30399. + | mod_dav: + | - Correctly export all public functions. + | mod_ldap: + | - Added the directive LDAPConnectionTimeout to configure the + | ldap socket connection timeout value. + | mod_ssl: + | - If SSLUsername is used, set r->user earlier. PR 31418. + | miscellaneous: + | - Unix MPMs: Shut down the server more quickly when child + | processes are slow to exit. + | - worker MPM: Fix a problem which could cause httpd processes + | to remain active after shutdown. + | - Remove formatting characters from ap_log_error() calls. + | These were escaped as fallout from CAN-2003-0020. + | - core_input_filter: Move buckets to a persistent brigade + | instead of creating a new brigade. This stop a memory leak + | when proxying a Streaming Media Server. PR 33382. + | - htdigest: Fix permissions of created files. PR 33765. + +------------------------------------------------------------------- +Mon Mar 14 17:13:27 CET 2005 - poeml@suse.de + +- revise README + +------------------------------------------------------------------- +Mon Mar 7 17:14:16 CET 2005 - poeml@suse.de + +- when building the suexec binary, set the "docroot" compile time + option to the datadir (/srv/www) instead of the htdocsdir + (/srv/www/htdocs), so it can be used with virtual hosts placed + e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper. +- add php5 to APACHE_MODULES by default, so it can be used simply + by installing the package. Suppress warning about not-found + module in the php4/php5 case. [#66729] +- remove a redundant get_module_list call from the init script +- add hints about vhost setup to README.QUICKSTART +- after a change of APACHE_MPM, apache2-reconfigure-mpm is no + longer needed since SuSEconfig.apache2 is gone. Leave it for + compatibility, because /etc/sysconfig/apache2 is probably not + updated and yast may still use it. +- move the 4 most important variables in sysconfig.apache2 to the + top of the file +- add note about the old monolithic configuration file and how to + use it +- drop patch httpd-2.0.40-openssl-version.dif (we don't even have + openssl-0.9.6e anywhere, any longer) + +------------------------------------------------------------------- +Wed Mar 2 12:38:55 CET 2005 - poeml@suse.de + +- fix TLS upgrade patch: with SSLEngine set to Optional, an + additional token in an Upgrade: header before "TLS/1.0" could + result into an infinite loop [#67126] + +------------------------------------------------------------------- +Tue Feb 22 16:23:33 CET 2005 - poeml@suse.de + +- run /usr/share/apache2/get_module_list post install, which will + also create the symlink to the httpd2 binary, which might be + necessary during package building when apache has been installed + but never been run. + +------------------------------------------------------------------- +Mon Feb 21 16:16:16 CET 2005 - poeml@suse.de + +- remove SuSEconfig.apache2 + +------------------------------------------------------------------- +Fri Feb 11 15:14:14 CET 2005 - poeml@suse.de + +- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all + available modules plus 9 perl modules was beginning to fail + +------------------------------------------------------------------- +Wed Feb 9 11:46:37 CET 2005 - poeml@suse.de + +- update to 2.0.53. Relevant changes: + | SECURITY: CAN-2004-0942 (cve.mitre.org) + | Fix for memory consumption DoS in handling of MIME folded request + | headers. + | SECURITY: CAN-2004-0885 (cve.mitre.org) + | mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be + | bypassed during an SSL renegotiation. PR 31505. + | mod_dumpio: + | - new I/O logging/dumping module, added to the + | modules/expermimental subdirectory. + | mod_ssl: + | - fail quickly if SSL connection is aborted rather than making + | many doomed ap_pass_brigade calls. PR 32699. + | - Fail at startup rather than segfault at runtime if a client cert + | is configured with an encrypted private key. PR 24030. + | mod_include: + | - Fix bug which could truncate variable expansions of N*64 + | characters by one byte. PR 32985. + | mod_status: + | - Start keeping track of time-taken-to-process-request again if + | ExtendedStatus is enabled. + | util_ldap: + | - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so + | that ldap authorization only modules have access to the + | util_ldap user cache without having to require ldap + | authentication as well. PR 31898. + | mod_ldap: + | - Fix format strings to use %APR_PID_T_FMT instead of %d. + | - prevent the possiblity of an infinite loop in the LDAP + | statistics display. PR 29216. + | - fix a bogus error message to tell the user which file is causing + | a potential problem with the LDAP shared memory cache. PR 31431 + | - Fix the re-linking issue when purging elements from the LDAP + | cache PR 24801. + | mod_auth_ldap: + | - Added the directive "Requires ldap-attribute" that allows the + | module to only authorize a user if the attribute value specified + | matches the value of the user object. PR 31913 + | - Handle the inconsistent way in which the MS LDAP library handles + | special characters. PR 24437. + | mod_proxy: + | - Fix ProxyRemoteMatch directive. PR 33170. + | - Respect errors reported by pre_connection hooks. + | - Handle client-aborted connections correctly. PR 32443. + | mod_cache: + | - CacheDisable will only disable the URLs it was meant to disable, + | not all caching. PR 31128. + | - Try to correctly follow RFC 2616 13.3 on validating stale cache + | responses. + | - Fix Expires handling. + | mod_disk_cache: + | - Do not store aborted content. PR 21492. + | - Correctly store cached content type. PR 30278. + | - Do not store hop-by-hop headers. + | - Fix races in saving responses. + | mod_expires: + | - Alter mod_expires to run at a different filter priority to allow + | proper Expires storage by mod_cache. + | mod_rewrite: + | - Handle per-location rules when r->filename is unset. Previously + | this would segfault or simply not match as expected, depending + | on the platform. + | - Fix 0 bytes write into random memory position. PR 31036. + | miscellaneous: + | - Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740. + | - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448 + | - Allow for the use of --with-module=foo:bar where the ./modules/foo + | directory is local only. Assumes, of course, that the required + | files are in ./modules/foo, but makes it easier to statically + | build/log "external" modules. + | - --with-module can now take more than one module to be statically + | linked: --with-module=:,:,... + | If the -subdirectory doesn't exist it will be created and + | populated with a standard Makefile.in. + | - Fix handling of files >2Gb on all platforms (or builds) where + | apr_off_t is larger than apr_size_t. PR 28898. + | - Remove compiled-in upper limit on LimitRequestFieldSize. + | - Correct handling of certain bucket types in ap_save_brigade, fixing + | possible segfaults in mod_cgi with #include virtual. PR 31247. + | - conf: Remove AddDefaultCharset from the default configuration + | because setting a site-wide default does more harm than good. PR + | 23421. + | - Add charset to example CGI scripts. +- merge tls-upgrade.patch +- remove obsolete httpd-2.0.47-headtail.dif + httpd-2.0.52-util_ldap_cache_mgr.c.dif + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif + httpd-2.0.52-ssl-incomplete-keypair.dif + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif + httpd-2.0.52.21492.diff + httpd-2.0.52.30278.diff + httpd-2.0.52.30399.diff + httpd-2.0.52.30419.diff + httpd-2.0.52.31385.diff +- sync configuration with upstream changes + * Remove AddDefaultCharset (see upstream changelog above) + * LanguagePriority for error documents updated + +------------------------------------------------------------------- +Sat Jan 15 20:46:53 CET 2005 - schwab@suse.de + +- Use : in permissions file. + +------------------------------------------------------------------- +Tue Jan 11 14:08:35 CET 2005 - schwab@suse.de + +- Fix /etc/init.d/apache2 to use readlink instead of linkto or file. + +------------------------------------------------------------------- +Mon Nov 29 14:42:40 CET 2004 - hvogel@suse.de + +- fix permission handling + +------------------------------------------------------------------- +Thu Nov 11 13:06:22 CET 2004 - poeml@suse.de + +- fix /etc/init.d/apache2 to correctly handle the start of multiple + instances of the same binary (using startproc -f plus prior check + for running instance) [#48153] +- fix helper scripts to allow overriding of $sysconfig_file and + other useful values +- remove unused 'rundir' variable from /etc/init.d/apache2 +- removed backward compatibility code for pre-8.0 +- add documentation to the vhost template files and + README.QUICKSTART + +------------------------------------------------------------------- +Mon Nov 8 16:14:23 CET 2004 - poeml@suse.de + +- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory + consumption DoS [#47967] + +------------------------------------------------------------------- +Thu Nov 4 16:47:59 CET 2004 - poeml@suse.de + +- remove heimdal-devel from #neededforbuild, it is not needed + +------------------------------------------------------------------- +Fri Oct 15 07:44:20 CEST 2004 - poeml@suse.de + +- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117] +- update the TLS upgrade patch [#47207] + - mod_ssl returned invalid method on TLS upgraded connections + - additional checks for httpd_method and default_port hooks + - fixed typo in upgrade header +- add patches from Ruediger Pluem for the experimental modules + mod_disk_cache, mod_cache + PR 21492: mod_disk_cache: Do not store aborted content. + PR 30278: mod_disk_cache: Correctly store cached content type. + PR 30399: make storing of Set-Cookie headers optional + PR 30419: weird caching behaviour of mod_cache and old Cookies + PR 31385: skipping start of file if recaching already cached file +- patch from 2.0.53: Fail to configure when an SSL proxy is + configured with incomplete client cert keypair, rather than + segfaulting at runtime. PR 24030 + http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119 + +------------------------------------------------------------------- +Mon Oct 11 14:31:42 CEST 2004 - poeml@suse.de + +- add patch fixing re-linking issue when purging elements from the + LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801 + http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch + +------------------------------------------------------------------- +Mon Oct 11 14:07:33 CEST 2004 - poeml@suse.de + +- sync update configuration with upstream changes (2.0.52) + (mostly comments; configuration for spanish manual added) +- add mime type for shortcut icons (favicon.ico) + +------------------------------------------------------------------- +Fri Oct 8 18:36:21 CEST 2004 - poeml@suse.de + +- update to 2.0.52. Relevant changes: + | SECURITY: CAN-2004-0811 (cve.mitre.org) + | Fix merging of the Satisfy directive, which was applied to + | the surrounding context and could allow access despite configured + | authentication. PR 31315. + | util_ldap: + | Fix a segfault in the LDAP cache when it is configured switched off. + | mod_mem_cache: + | Fixed race condition causing segfault because of memory being + | freed twice, or reused after being freed. + | mod_log_config: + | Fix a bug which prevented request completion time from being + | logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE + | processing. PR 29696. + | miscellaneous: + | - Use HTML 2.0
for error pages. PR 30732 + | - Fix the handling of URIs containing %2F when + | AllowEncodedSlashes is enabled. Previously, such urls would + | still be rejected. + | - Fix the global mutex crash when the global mutex is never + | allocated due to disabled/empty caches. + | - Add -l option to rotatelogs to let it use local time rather + | than UTC. PR 24417. +- changes from 2.0.51: + | SECURITY: CAN-2004-0786 (cve.mitre.org) + | Fix an input validation issue in apr-util which could be + | triggered by malformed IPv6 literal addresses. + | SECURITY: CAN-2004-0747 (cve.mitre.org) + | Fix buffer overflow in expansion of environment variables in + | configuration file parsing. + | SECURITY: CAN-2004-0809 (cve.mitre.org) + | mod_dav_fs: Fix a segfault in the handling of an indirect lock + | refresh. PR 31183. + | SECURITY: CAN-2004-0751 (cve.mitre.org) + | mod_ssl: Fix a segfault in the SSL input filter which could be + | triggered if using "speculative" mode, for instance by a proxy + | request to an SSL server. PR 30134. + | SECURITY: CAN-2004-0748 (cve.mitre.org) + | mod_ssl: Fix a potential infinite loop. PR 29964. + | mod_include: + | no longer checks for recursion, because that's done in the core. + | This allows for careful usage of recursive SSI. + | mod_rewrite: + | - Fix memory leak in the cache handlingof mod_rewrite. PR 27862. + | - Add %{SSL:...} and %{HTTPS} variable lookups. PR 30464. + | - mod_rewrite now officially supports RewriteRules in + | sections. PR 27985. + | - no longer confuse the RewriteMap caches if different maps + | defined in different virtual hosts use the same map name. PR 26462. + | mod_ssl: + | - Add new 'ssl_is_https' optional function. + | - Add "SSLUserName" directive to set r->user based on a chosen SSL + | environment variable. PR 20957. + | - Avoid startup failure after unclean shutdown if using shmcb. PR 18989. + | mod_autoindex: + | - Don't truncate the directory listing if a stat() call fails (for + | instance on a >2Gb file). PR 17357. + | mod_cache, mod_disk_cache, mod_mem_cache: + | - Refactor cache modules, and switch to the provider API instead + | of hooks. + | mod_disk_cache: + | - Implement binary format for on-disk header files. + | - Optimize network performance of disk cache subsystem by allowing + | zero-copy (sendfile) writes and other miscellaneous fixes. + | mod_userdir: + | - Ensure that the userdir identity is used for suexec userdir + | access in a virtual host which has suexec configured. PR 18156. + | mod_setenvif: + | - Remove "support" for Remote_User variable which never worked at + | all. PR 25725. + | - Extend the SetEnvIf directive to capture subexpressions of the + | matched value. + | mod_headers: + | - Backport from 2.1 / Regression from 1.3: mod_headers now knows + | again the functionality of the ErrorHeader directive. But + | instead using this misnomer additional flags to the Header + | directive were introduced ("always" and "onsuccess", defaulting + | to the latter). PR 28657. + | mod_usertrack: + | - Escape the cookie name before pasting into the regexp. + | mod_dir: + | - the trailing-slash behaviour is now configurable using the + | DirectorySlash directive. + | util_ldap: + | - Switched the lock types on the shared memory cache from thread + | reader/writer locks to global mutexes in order to provide cross + | process cache protection. + | - Reworked the cache locking scheme to eliminate duplicate cache + | entries in the credentials cache due to race conditions. + | - Enhanced the util_ldap cache-info display to show more detail + | about the contents and current state of the cache. + | mod_ldap: + | - Enable the option to support anonymous shared memory in + | mod_ldap. This makes the cache work on Linux again. + | miscellaneous: + | - Include directives no longer refuse to process symlinks on + | directories. Instead there's now a maximum nesting level of + | included directories (128 as distributed). This is configurable + | at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR + | 28492, PR 28370. + | - Prevent CGI script output which includes a Content-Range header + | from being passed through the byterange filter. + | - Satisfy directives now can be influenced by a surrounding + | container. PR 14726. + | - Makefile fix: httpd is linked against LIBS given to the 'make' + | invocation. PR 7882. + | - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs. + | - apachectl: Fix a problem finding envvars if sbindir != bindir. + | PR 30723. + | - Use the higher performing 'httpready' Accept Filter on all + | platforms except FreeBSD < 4.1.1. + | - Allow proxying of resources that are invoked via DirectoryIndex. + | PR 14648, 15112, 29961. + | - Small fix to allow reverse proxying to an ftp server. Previously + | an attempt to do this would try and connect to 0.0.0.0, + | regardless of the server specified. PR 24922 + | - Enable special ErrorDocument value 'default' which restores the + | canned server response for the scope of the directive. + | - work around MSIE Digest auth bug - if + | AuthDigestEnableQueryStringHack is set in r->subprocess_env + | allow mismatched query strings to pass. PR 27758. + | - Accept URLs for the ServerAdmin directive. If the supplied + | argument is not recognized as an URL, assume it's a mail + | address. PR 28174. + | - initialize server arrays prior to calling + | ap_setup_prelinked_modules so that static modules can push + | Defines values when registering hooks just like DSO modules can +- drop obsolete security fixes + httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif + httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif + httpd-2.0.50-CAN-2004-0747-ENVVAR.dif + httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif + httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif +- httpd-2.0.45-anon-mmap.dif included upstream + +------------------------------------------------------------------- +Tue Sep 14 12:11:58 CEST 2004 - poeml@suse.de + +- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in + mod_dav by remotely triggerable null-pointer dereference + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231] +- fix hint about vhost checking in the SSL readme + +------------------------------------------------------------------- +Wed Sep 8 14:24:19 CEST 2004 - poeml@suse.de + +- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability + in the apr-util library (lacking input validation on IPv6 literal + addresses in the apr_uri_parse function [#44736] +- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer + overflow that can occur when expanding ${ENVVAR} constructs in + .htaccess or httpd.conf files. [#44736] + +------------------------------------------------------------------- +Mon Sep 6 12:48:21 CEST 2004 - poeml@suse.de + +- rename check_forensic script to avoid clash with apache 1.3.x + package + +------------------------------------------------------------------- +Fri Aug 27 16:18:41 CEST 2004 - poeml@suse.de + +- implement action "startssl" in the init script. [#42365] +- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs. +- disable building of leader and metuxmpm MPMs. + +------------------------------------------------------------------- +Wed Aug 25 12:58:20 CEST 2004 - poeml@suse.de + +- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential + infinite loop in the SSL input filter which can be triggered by + an aborted connection + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103] +- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential + segfault in the SSL input filter which can be triggered by the + response to request which is proxied to a remote SSL server + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103] +- remove the obsolete notify message on package update + +------------------------------------------------------------------- +Thu Jul 8 14:17:13 CEST 2004 - poeml@suse.de + +- update to 2.0.50. Relevant changes: + | SECURITY: CAN-2004-0493 (cve.mitre.org) + | Close a denial of service vulnerability identified by Georgi + | Guninski which could lead to memory exhaustion with certain + | input data. + | SECURITY: CAN-2004-0488 (cve.mitre.org) + | mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for + | a (trusted) client certificate subject DN which exceeds 6K in + | length. + | mod_alias: + | now emits a warning if it detects overlapping *Alias* directives. + | mod_cgi: Handle output on stderr during script execution on Unix + | platforms; preventing deadlock when stderr output fills pipe + | buffer. Also fixes case where stderr from nph- scripts could be + | lost. PR 22030, 18348. + | mod_dav: + | - Fix a problem that could cause crashes when manipulating locks + | on some platforms. + | mod_dav_fs: + | - Fix MKCOL response for missing parent collections, which caused + | issues for the Eclipse WebDAV extension. PR 29034. + | mod_deflate: + | - Fix memory consumption (which was proportional to the response + | size). PR 29318. + | mod_expires: + | - Fix segfault which occured under certain circumstances. PR 28047. + | mod_headers: + | - no longer crashes if an empty header value should be added. + | mod_log_forensic: + | - new module. + | mod_logio: + | - no longer removes the EOS bucket. PR 27928. + | mod_proxy: + | - Fix handling of IPv6 numeric strings. + | mod_rewrite: + | no longer turns forward proxy requests into reverse proxy + | requests. PR 28125 + | mod_ssl: + | - Log the errors returned on failure to load or initialize a + | crypto accelerator engine. + | - Fix a potential segfault in the 'shmcb' session cache for small + | cache sizes. PR 27751. + | - Fix memory leak in session cache handling. PR 26562 + | - Fix potential segfaults when performing SSL shutdown from a pool + | cleanup. PR 27945. + | mod_auth_ldap/util_ldap: + | - allow relative paths for LDAPTrustedCA to be resolved against + | ServerRoot PR#26602 + | - Throw an error message if an attempt is made to use the + | LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. + | PR 26390 + | - Fix a potential segfault if the bind password in the LDAP cache + | is NULL. PR 28250. + | - Overhaul handling of LDAP error conditions, so that the + | util_ldap_* functions leave the connections in a sane state + | after errors have occurred. PR 27748, 17274, 17599, 18661, + | 21787, 24595, 24683, 27134, 27271 + | - mod_ldap calls ldap_simple_bind_s() to validate the user + | credentials. If the bind fails, the connection is left in an + | unbound state. Make sure that the ldap connection record is + | updated to show that the connection is no longer bound. + | - Update the bind credentials for the cached LDAP connection to + | reflect the last bind. This prevents util_ldap from creating + | unnecessary connections rather than reusing cached connections. + | - Quotes cannot be used around require group and require dn + | directives, update the documentation to reflect this. Also add + | quotes around the dn and group within debug messages, to make it + | more obvious why authentication is failing if quotes are used in + | error. PR 19304. + | miscellaneous: + | - Allow RequestHeader directives to be conditional. PR 27951. + | - Allow LimitRequestBody to be reset to unlimited. PR 29106 + | - now applies to all IP addresses for myhost + | instead of just the first one reported by the resolver. This + | corrects a regression since 1.3. + | - Fix a bunch of cases where the return code of the regex compiler + | was not checked properly. This affects: mod_setenvif, + | mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. + | - Remove 2Gb log file size restriction on some 32-bit platforms. + | PR 13511. + | - htpasswd no longer refuses to process files that contain empty + | lines. + | - Regression from 1.3: At startup, suexec now will be checked for + | availability, the setuid bit and user root. The works only if + | httpd is compiled with the shipped APR version (0.9.5). PR + | 28287. + | - Unix MPMs: Stop dropping connections when the file descriptor is + | at least FD_SETSIZE. + | - Fix a segfault when requests for shared memory fails and returns + | NULL. Fix a segfault caused by a lack of bounds checking on the + | cache. PR 24801. + | - Ensure that lines in the request which are too long are properly + | terminated before logging. + | - htpasswd: use apr_temp_dir_get() and general cleanup + | - logresolve: Allow size of log line buffer to be overridden at + | build time (MAXLINE). PR 27793. + | - Fix the comment delimiter in htdbm so that it correctly parses + | the username comment. Also add a terminate function to allow + | NetWare to pause the output before the screen is destroyed. + | - Fix crash when Apache was started with no Listen directives. + | - core_output_filter: Fix bug that could result in sending garbage + | over the network when module handlers construct bucket brigades + | containing multiple file buckets all referencing the same open + | file descriptor. + | - Fix memory corruption problem with ap_custom_response() + | function. The core per-dir config would later point to request + | pool data that would be reused for different purposes on + | different requests. +- drop obsolete patches +- change vendor string SuSE -> SUSE + +------------------------------------------------------------------- +Tue Jun 29 11:35:24 CEST 2004 - poeml@suse.de + +- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of + Service vulnaribility which could lead to memory exhaustion with + certain input data. [#42566] + +------------------------------------------------------------------- +Fri Jun 18 11:39:53 CEST 2004 - poeml@suse.de + +- package forgotten CHANGES file +- package apr and apr-util documentation files +- fix log_server_status2 to use perl's Socket module + +------------------------------------------------------------------- +Wed May 19 13:38:41 CEST 2004 - poeml@suse.de + +- security fix for mod_ssl: fix buffer overflow in + ssl_util_uuencode() [#40791] + +------------------------------------------------------------------- +Wed Apr 28 14:04:34 CEST 2004 - poeml@suse.de + +- add TLS upgrade patch [#39449] +- add patch to allow writing log files larger than 2>GB [#39453] +- obsolete apache and mod_ssl versions only when older than what is + shipped with 9.1 +- don't provide mod_ssl + +------------------------------------------------------------------- +Fri Apr 2 15:56:30 CEST 2004 - cschum@suse.de + +- Add "suse_help_viewer" provides [#37932] + +------------------------------------------------------------------- +Mon Mar 29 17:57:46 CEST 2004 - poeml@suse.de + +- provide and obsolete packages apache, mod_ssl, apache-doc and + apache-example-pages [#37084] + +------------------------------------------------------------------- +Mon Mar 22 18:37:27 CET 2004 - poeml@suse.de + +- disable large file support by not building with _FILE_OFFSET_BITS=64, + in favour of retaining a binary compatible module API. + Therefore, do not change the module magic number. LFS can be + enabled by building via rpmbuild --define 'build_with_LFS 1' + +------------------------------------------------------------------- +Thu Mar 18 20:35:06 CET 2004 - poeml@suse.de + +- update to proposed 2.0.49 tarball + - mod_cgid: Fix storage corruption caused by use of incorrect pool. + - docs update +- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635] +- fix a comment in default-server.conf +- remove obsolete ssl_scache_cleanup support script and ftok helper + +------------------------------------------------------------------- +Tue Mar 16 00:41:07 CET 2004 - poeml@suse.de + +- change mmn in header file as well, for modules that include it + from there + +------------------------------------------------------------------- +Mon Mar 15 17:36:07 CET 2004 - poeml@suse.de + +- update to 2.0.49-rc2. Relevant changes: + | The whole codebase was relicensed and is now available under the + | Apache License, Version 2.0 (http://www.apache.org/licenses). + | [Apache Software Foundation] + | Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory + | leak in plain-HTTP-on-SSL-port handling. PR 27106. + | Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data + | before writing into the errorlog. Unescaped errorlogs are still + | possible using the compile time switch + | "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". + | mod_ssl: + | - Send the Close Alert message to the peer before closing the + | SSL session. PR 27428. + | - Fix bug in passphrase handling which could cause spurious + | failures in SSL functions later. PR 21160. + | - Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057. + | - Fix streaming output from an nph- CGI script. PR 21944 + | - Advertise SSL library version as determined at run-time rather + | than at compile-time. PR 23956. + | - Fix segfault on a non-SSL request if the 'c' log format code + | is used. PR 22741. + | - Fix segfaults at startup if other modules which use OpenSSL + | are also loaded. + | - Use human-readable OpenSSL error strings in logs; use + | thread-safe interface for retrieving error strings. + | mod_cache: + | - Fixed cache-removal order in mod_mem_cache. + | - Fix segfault in mod_mem_cache cache_insert() due to cache size + | becoming negative. PR: 21285, 21287 + | - Modified the cache code to be header-location agnostic. Also + | fixed a number of other cache code bugs related to PR 15852. + | Includes a patch submitted by Sushma Rai . + | This fixes mod_mem_cache but not mod_disk_cache yet so I'm not + | closing the PR since that is what they are using. + | mod_dav: + | - Reject requests which include an unescaped fragment in the + | Request-URI. PR 21779. + | - Use bucket brigades when reading PUT data. This avoids + | problems if the data stream is modified by an input filter. PR + | 22104. + | - Return a WWW-auth header for MOVE/COPY requests where the + | destination resource gives a 401. PR 15571. + | - Fix a problem with namespace mappings being dropped in + | mod_dav_fs; if any property values were set which defined + | namespaces these came out mangled in the PROPFIND response. + | PR 11637. + | mod_expires: + | - Initialize ExpiresDefault to NULL instead of "" to avoid + | reporting an Internal Server error if it is used without + | having been set in the httpd.conf file. PR: 23748, 24459 + | - Add support for IMT minor-type wildcards (e.g., text/*) to + | ExpiresByType. PR#7991 + | mod_log_config / logging: + | - Fix some piped log problems: bogus "piped log program '(null)' + | failed" messages during restart and problem with the logger + | respawning again after Apache is stopped. PR 21648, PR 24805. + | - mod_log_config: Fix corruption of buffered logs with threaded + | MPMs. PR 25520. + | - mod_log_config: Log the minutes component of the timezone correctly. + | PR 23642. + | mod_proxy*: + | - proxy_http fix: mod_proxy hangs when both KeepAlive and + | ProxyErrorOverride are enabled, and a non-200 response without a + | body is generated by the backend server. (e.g.: a client makes a + | request containing the "If-Modified-Since" and "If-None-Match" + | headers, to which the backend server respond with status 304.) + | - Fix memory leak in handling of request bodies during reverse + | proxy operations. PR 24991. + | - mod_proxy: Fix cases where an invalid status-line could be sent + | to the client. PR 23998. + | mod_rewrite: + | - Catch an edge case, where strange subsequent RewriteRules + | could lead to a 400 (Bad Request) response. + | - Make REMOTE_PORT variable available in mod_rewrite. PR 25772. + | - In external rewrite maps lookup keys containing + | a newline now cause a lookup failure. PR 14453. + | - Fix RewriteBase directive to not add double slashes. + | mod_usertrack: + | - Fix bug in mod_usertrack when no CookieName is set. + | - mod_usertrack no longer inspects the Cookie2 header for + | the cookie name. PR 11475. + | - mod_usertrack no longer overwrites other cookies. + | PR 26002. + | mod_include, filters: + | - Backport major overhaul of mod_include's filter parser from 2.1. + | The new parser code is expected to be more robust and should + | catch all of the edge cases that were not handled by the previous one. + | The 2.1 external API changes were hidden by a wrapper which is + | expected to keep the API backwards compatible. + | - Add a hook (insert_error_filter) to allow filters to re-insert + | themselves during processing of error responses. Enable mod_expires + | to use the new hook to include Expires headers in valid error + | responses. This addresses an RFC violation. It fixes PRs 19794, + | 24884, and 25123. + | - complain via error_log when mod_include's INCLUDES filter is + | enabled, but the relevant Options flag allowing the filter to run + | for the specific resource wasn't set, so that the filter won't + | silently get skipped. next remove itself, so the warning will be + | logged only once + | - Fix mod_include's expression parser to recognize strings correctly + | even if they start with an escaped token. + | - Fix a problem with the display of empty variables ("SetEnv foo") in + | mod_include. PR 24734 + | - mod_include no longer allows an ETag header on 304 responses. + | PR 19355. + | mod_autoindex: + | - Don't omit the start tag if the SuppressIcon option is + | set. PR 21668. + | - Restore the ability to add a description for directories that + | don't contain an index file. (Broken in 2.0.48) + | - mod_autoindex / core: Don't fail to show filenames containing + | special characters like '%'. PR 13598. + | - Add 'XHTML' option in order to allow switching between HTML + | 3.2 and XHTML 1.0 output. PR 23747. + | mod_status: + | - Add mod_status hook to allow modules to add to the mod_status + | report. + | - Report total CPU time accurately when using a threaded MPM. + | PR 23795. + | mod_info: + | - Fix mod_info to use the real config file name, not the default + | config file name. + | - HTML escape configuration information so it displays + | correctly. PR 24232. + | mod_auth_digest: + | - Allow mod_auth_digest to work with sub-requests with different + | methods than the original request. PR 25040. + | mod_auth_ldap: + | - Fix some segfaults in the cache logic. PR 18756. + | mod_cgid: + | - Restart the cgid daemon if it crashes. PR 19849 + | mod_setenvif: + | - Fix the regex optimizer, which under circumstances + | treated the supplied regex as literal string. PR 24219. + | miscellaneous: + | - core.c: If large file support is enabled, allow any file that is + | greater than AP_MAX_SENDFILE to be split into multiple buckets. + | This allows Apache to send files that are greater than 2gig. + | Otherwise we run into 32/64 bit type mismatches in the file size. + | - Fixed file extensions for real media files and removed rpm extension + | from mime.types. PR 26079. + | - Remove compile-time length limit on request strings. Length is + | now enforced solely with the LimitRequestLine config directive. + | - Set the scoreboard state to indicate logging prior to running + | logging hooks so that server-status will show 'L' for hung loggers + | instead of 'W'. + | - Fix the inability to log errors like exec failure in + | mod_ext_filter/mod_cgi script children. This was broken after + | such children stopped inheriting the error log handle. + | - fix "Expected > but saw " errors in nested, + | argumentless containers. + | - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm + | instead of mmn. + | - Add Polish translation of error messages. PR 25101. + | - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. + | - Fix htdbm to generate comment fields in DBM files correctly. + | - Correct UseCanonicalName Off to properly check incoming port number. + | - Fix slow graceful restarts with prefork MPM. + | - Keep focus of ITERATE and ITERATE2 on the current module when + | the module chooses to return DECLINE_CMD for the directive. + | PR 22299. + | - Build array of allowed methods with proper dimensions, fixing + | possible memory corruption. + | - worker MPM: fix stack overlay bug that could cause the parent + | process to crash. + | - Add XHTML Document Type Definitions to httpd.h (minor MMN bump). + | - Fix build with parallel make. PR 24643. + | - Add fatal exception hook for use by diagnostic modules. The hook + | is only available if the --enable-exception-hook configure parm + | is used and the EnableExceptionHook directive has been set to + | "on". + | - Improve 'configure --help' output for some modules. +- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is + fixed) +- disable automatic restarts, because they do not work properly + [#35408] +- change MMN to prevent loading of incompatible modules (modules + that are not built with `apxs -q CFLAGS` and therefore miss + _FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in + addition. +- use CPPFLAGS for passing preprocessor flags because they are + removed from CFLAGS +- Stop dropping connections when the file descriptor + is at least FD_SETSIZE. This isn't a problem on Linux because + poll() is used instead of select() by APR. Assert HAVE_POLL. + [#34178] +- add modifications to the code to the NOTICE file as required by + the new license + +------------------------------------------------------------------- +Fri Feb 27 17:42:24 CET 2004 - poeml@suse.de + +- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware + crypto accelerators +- compile with -DMAX_SERVER_LIMIT=200000 +- if an SSL passphrase is not entered within the timeout, fall back + to start apache without SSL (with -D NOSSL). This could/should be + made configurable. +- clean up output of SuSEconfig.apache2 +- add pre-defined LogFormat "vhost_combined" +- configure /var/lib/apache2 for WebDAV locks +- add a readme about configuring WebDAV with digest authentication +- add default configuration for mod_usertrack (this is the current + workaround for the problem in the 1.3.29/2.0.48 release that + occurs if no CookieName is configured) +- in vhost.template, enclose all virtual host configuration in the + VirtualHost container +- update metuxmpm patch to r7 +- fix test run as non-root + +------------------------------------------------------------------- +Tue Jan 13 16:38:05 CET 2004 - schwab@suse.de + +- Fix quoting in autoconf macros. + +------------------------------------------------------------------- +Sat Dec 13 17:28:48 CET 2003 - poeml@suse.de + +- add changes to gensslcert from Volker Kuhlmann [#31803] +- revert default character set from UTF-8 to ISO-8859-1, and revert + the misleading comment that talked about filenames while it is + all about content of the files + +------------------------------------------------------------------- +Tue Nov 18 14:14:39 CET 2003 - poeml@suse.de + +- add a ServerLimit directive to server-tuning.conf, so it's + already in the right place if someone needs to tweak it [#32852] + +------------------------------------------------------------------- +Fri Nov 7 13:00:07 CET 2003 - poeml@suse.de + +- mark apache2-manual.conf in %files doc as %config +- wrap directives specific to the mod_negotiation module into an + block [#32848] + +------------------------------------------------------------------- +Thu Oct 30 11:41:19 CET 2003 - poeml@suse.de + +- update to 2.0.48. Relevant / user visible changes are: + Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX + socket used to communicate with the cgid daemon and the CGI + script. + Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and + mod_rewrite which occurred if one configured a regular + expression with more than 9 captures. + mod_rewrite: + - Don't die silently when failing to open RewriteLogs. PR 23416 + - Fix support of the [P] option to send rewritten request using + "proxy:". The code was adding multiple "proxy:" fields in the + rewritten URI. PR: 13946. + - Ignore RewriteRules in .htaccess files if the directory + containing the .htaccess file is requested without a trailing + slash. PR 20195. + mod_include: + - Fix a trio of bugs that would cause various unusual sequences + of parsed bytes to omit portions of the output stream. PR 21095 + - fix segfault which occured if the filename was not set, for + example, when processing some error conditions. + mod_cgid: fix a hash table corruption problem which could + result in the wrong script being cleaned up at the end of a + request. + mod_ssl: Fix segfaults after renegotiation failure. PR 21370 + - Fix a problem setting variables that represent the client + certificate chain. PR 21371 + - Fix FakeBasicAuth for subrequest. Log an error when an + identity spoof is encountered. + - Assure that we block properly when reading input bodies with + SSL. PR 19242. + mod_autoindex: If a directory contains a file listed in the + DirectoryIndex directive, the folder icon is no longer replaced + by the icon of that file. PR 9587. + mod_usertrack: do not get false positive matches on the + user-tracking cookie's name. PR 16661. + mod_cache: + - Fix the cache code so that responses can be cached if they + have an Expires header but no Etag or Last-Modified headers. + PR 23130. cache_util: Fix ap_check_cache_freshness to check + max_age, smax_age, and expires as directed in RFC 2616. + mod_deflate: + - fix to not call deflate() without checking first whether it + has something to deflate. (Currently this causes deflate to + generate a fatal error according to the zlib spec.) PR 22259. + - Don't attempt to hold all of the response until we're done. + - Fix a bug, where mod_deflate sometimes unconditionally + compressed the content if the Accept-Encoding header + contained only other tokens than "gzip" (such as "deflate"). + PR 21523. + mod_proxy: Don't respect the Server header field as set by + modules and CGIs. As with 1.3, for proxy requests any such + field is from the origin server; otherwise it will have our + server info as controlled by the ServerTokens directive. + mod_log_config: Fix %b log format to write really "-" when 0 + bytes were sent (e.g. with 304 or 204 response codes). + mod_ext_filter: Set additional environment variables for use by + the external filter. PR 20944. + core: + - allow .. containers (no arguments in the opening + tag), as in 1.3. Needed by mod_perl sections + - Fix a misleading message from the some of the threaded MPMs + when MaxClients has to be lowered due to the setting of + ServerLimit. + - Avoid an infinite recursion, which occured if the name of an + included config file or directory contained a wildcard + character. PR 22194. + - MPMs: The bucket brigades subsystem now honors the MaxMemFree + setting. + - Lower the severity of the "listener thread didn't exit" + message to debug, as it is of interest only to developers. + miscellaneous: + - Update the header token parsing code to allow LWS between the + token word and the ':' seperator. [PR 16520] + - Remember an authenticated user during internal redirects if + the redirection target is not access protected and pass it to + scripts using the REDIRECT_REMOTE_USER environment variable. + PR 10678, 11602. + - Update mime.types to include latest IANA and W3C types. + - Modify ap_get_client_block() to note if it has seen EOS. + ab: + - Overlong credentials given via command line no longer clobber + the buffer. + - Work over non-loopback on Unix again. PR 21495. + - Fix NULL-pointer issue in ab when parsing an incomplete or + non-HTTP response. PR 21085. +- add another example to apache2-listen.conf +- update apache2-mod_mime-defaults.conf according to 2.0.48 changes + (be clearer in describing the connection between AddType and + AddEncoding for defining the meaning of compressed file + extensions.) +- use a better example domain name in apache2-vhost-ssl.template +- the "define version_perl" was nowhere needed + +------------------------------------------------------------------- +Mon Sep 22 17:49:40 CEST 2003 - mls@suse.de + +- don't provide httpddoc in apache2-doc + +------------------------------------------------------------------- +Thu Sep 18 18:48:33 CEST 2003 - poeml@suse.de + +- add mod_php4 to the default list of APACHE_MODULES, and change + get_module_list to ignore non-existant modules (warnings will + be issued when it is run from SuSEconfig, but not from the init + script). How to enable the PHP4 module has been the most + frequently asked questions in user feedback [cf to #29735]. + This bug is tracked in [#31306] +- include conf.d/*.conf by default, as it was the case until + recently. User feedback showed that for many people the + separation of configuration includes into individual virtual + hosts is overkill, and it complicates the setup too much. More + finegrained control can be achieved by commenting out the + respective line in the default server config. [#30866], [#29735] +- remove the FIXME at the end of httpd.conf (obsoleted by the above + change), and place a strategical comment there about .local files +- add container around configuration in ssl template + +------------------------------------------------------------------- +Tue Sep 9 12:50:47 CEST 2003 - poeml@suse.de + +- change comment in sysconfig template to work around a fillup bug + [#30279] + +------------------------------------------------------------------- +Mon Sep 8 18:28:12 CEST 2003 - poeml@suse.de + +- fix wrong variable name in a comment of the sysconfig template +- update README.QUICKSTART +- add README.QUICKSTART.SSL + +------------------------------------------------------------------- +Mon Sep 8 10:09:53 CEST 2003 - poeml@suse.de + +- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template + +------------------------------------------------------------------- +Fri Sep 5 16:44:07 CEST 2003 - poeml@suse.de + +- disallow UserDir for user root +- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as + they were set on SuSE Linux 8.1 +- add more documentation to README.QUICKSTART, also mentioning what + might be too obvious: the document root [#29674] +- in %post, diff to httpd.conf.default only when .rpmnew is present +- improve message sent on update + +------------------------------------------------------------------- +Fri Aug 29 23:22:31 CEST 2003 - poeml@suse.de + +- improve documentation on configuration +- compile with -Wall +- do not obsolete httpddoc, which is provided by apache-doc package + from apache1 +- add conflict apache2-example-pages <-> apache-example-pages +- fix building on older distros + +------------------------------------------------------------------- +Tue Aug 19 02:19:18 CEST 2003 - poeml@suse.de + +- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me +- don't force setting of a DocumentRoot, because the configuration + of the default vhost already contains it +- when testing on SL 8.0, the www group has to be created as well +- when testing on even older systems, don't add buildroot to + DocumentRoot in default-server.conf + +------------------------------------------------------------------- +Fri Aug 15 21:40:46 CEST 2003 - poeml@suse.de + +- revamped configuration + - add some CustomLog formats + - AddDefaultCharset UTF-8 [#22427] + - add activation metadata to sysconfig template [#28834] + - default APACHE_MODULES: add mod_ssl, remove mod_status + - new sysconfig variables: APACHE_USE_CANONICAL_NAME, + APACHE_DOCUMENT_ROOT + - get rid of the "suse_" prefix in generated config snippets, and + place them below /etc/apache2/sysconfig.d/. On update, convert + the Include statements in httpd.conf for the new locations + - add /etc/apache2/vhosts.d and virtual host templates + - the configuration for the manual is now seperate and installed + together with apache2-doc (conf.d/apache2-manual.conf) +- add distilled wisdom in form of README.QUICKSTART +- change group of wwwrun user: nogroup -> www [#21782] +- proxycachedir and localstatedir should not be world readable +- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to + configure the PidFile directive +- add -fno-strict-aliasing, due to warnings about code where + dereferencing type-punned pointers will break strict aliasing +- clean the RPM_BUILD_ROOT, but not in the build system +- new macros for stop/restart of services on rpm update/removal, + and improved try-restart section in rc.apache2 +- get rid of "modules" subdir, and remove dead code from + SuSEconfig.apache2 +- add some tools: get_includes, find_httpd2_includes, + apache2-reconfigure-mpm +- rename README.SuSE to README.{SuSE,UnitedLinux} +- include directories in filelists of MPM subpackages +- enclose package descriptions of MPMs in %ifdef +- add a dependency of the MPM subpackages on the version of the + main package +- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff) + +------------------------------------------------------------------- +Mon Jul 28 18:23:28 CEST 2003 - poeml@suse.de + +- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG, + and remove the respective directives from httpd.conf.dist +- merge the ssl.conf.dif and httpd.conf.dif into one patch + +------------------------------------------------------------------- +Sun Jul 27 12:22:29 CEST 2003 - poeml@suse.de + +- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel + supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES + (which is unconditionally off, otherwise). Keep + -D_LARGEFILE_SOURCE since some modules might need it. +- make sure the package can be built as ordinary user +- special case mod_auth_mysql since its module_id is reversed +- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious) +- don't explicitely strip binaries since RPM handles it, and may + keep the stripped information somewhere +- reformat the header of the spec file +- allow to pass a number-of-jobs parameter into spec file via rpm + --define 'jobs N' + +------------------------------------------------------------------- +Thu Jul 10 16:49:50 CEST 2003 - poeml@suse.de + +- update to 2.0.47. relevant / user visible changes: + Security [CAN-2003-0192]: Fixed a bug whereby certain sequences + of per-directory renegotiations and the SSLCipherSuite + directive being used to upgrade from a weak ciphersuite to a + strong one could result in the weak ciphersuite being used in + place of the strong one. + Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing + temporary denial of service when accept() on a rarely accessed + port returns certain errors. + Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial + of service when target host is IPv6 but proxy server can't + create IPv6 socket. Fixed by the reporter. + Security [VU#379828]: Prevent the server from crashing when entering + infinite loops. The new LimitInternalRecursion directive + configures limits of subsequent internal redirects and nested + subrequests, after which the request will be aborted. PR 19753+ + core: + core_output_filter: don't split the brigade after a FLUSH + bucket if it's the last bucket. This prevents creating + unneccessary empty brigades which may not be destroyed until + the end of a keepalive connection. + mod_cgid: + Eliminate a double-close of a socket. This resolves various + operational problems in a threaded MPM, since on the second + attempt to close the socket, the same descriptor was often + already in use by another thread for another purpose. + mod_negotiation: + Introduce "prefer-language" environment variable, which allows + to influence the negotiation process on request basis to prefer + a certain language. + mod_expire: + Make ExpiresByType directive work properly, including for + dynamically-generated documents. +- apr bugfixes +- more fixes of deprecated head/tail -1 calls + +------------------------------------------------------------------- +Wed May 28 20:40:24 CEST 2003 - poeml@suse.de + +- update to 2.0.46. relevant / user visible changes: + Security [CAN-2003-0245]: Fixed a bug that could be triggered + remotely through mod_dav + Security [CAN-2003-0189]: Fixed a denial-of-service + vulnerability affecting basic authentication + Security: forward port of buffer overflow fixes for htdigest. + mod_ssl: + - SSL session caching(shmht) : Fix a SEGV problem with SHMHT + session caching. + mod_deflate: + - Add another check for already compressed content + - Check also err_headers_out for an already set + Content-Encoding: gzip header. This prevents gzip compressed + content from a CGI script from being compressed once more. + mod_mime_magic: + - If mod_mime_magic does not know the content-type, do not + attempt to guess. + mod_rewrite: + - Fix handling of absolute URIs. + mod_log_config: + - Add the ability to log the id of the thread processing the + request via new %P formats. + mod_auth_ldap: + - Use generic whitespace character class when parsing "require" + directives, instead of literal spaces only. + mod_proxy: + - Fixed a segfault when multiple ProxyBlock directives were used. + - Added AllowEncodedSlashes directive to permit control of + whether the server will accept encoded slashes ('%2f') in the + URI path. Default condition is off (the historical behaviour). + - If Apache is started as root and you code CoreDumpDirectory, + coredumps are enabled via the prctl() syscall. + - htpasswd: Check the processed file on validity; add a delete flag. +- httpd-2.0.45-libtool-1.5.dif is obsolete +- mark suse_include.conf as %ghost +- note the rebirth of the httpd and apachectl man pages (thanks to + RPMv4 :) +- let the module RPM packages only depend on the _major_ module + magic number, not on the minor +- fix some paths in config_vars.mk, which facilitates building of + certain modules + +------------------------------------------------------------------- +Wed May 14 14:12:56 CEST 2003 - poeml@suse.de + +- use mmap() via MAP_ANON as shared memory allocation method, to + prevent restart problems with stale (or in use) files that are + associated with shared memory +- package forgotten files, and remove hack in %clean +- remove files from the build root that are not packaged +- remove suse_include.conf from filelist + +------------------------------------------------------------------- +Fri May 9 14:47:54 CEST 2003 - poeml@suse.de + +- update to 2.0.45. relevant / user visible changes: + Security: Eliminated leaks of several file descriptors to + child processes, such as CGI scripts. This fix depends on the + latest APR library release 0.9.2, which is distributed with the + httpd source tarball for Apache 2.0.45. PR 17206 + Security [CAN-2003-0132]: Close a Denial of Service + vulnerability identified by David Endler + on all platforms. + General: + - Fix segfault which occurred when a section in an included + configuration file was not closed. PR 17093. + - Fix a nasty segfault in mmap_bucket_setaside() caused by + passing an incompatible pointer type to mmap_bucket_destroy(void*). + - prevent filters (such as mod_deflate) from adding garbage to + the response. PR 14451. + - Simpler, faster code path for request header scanning + - Try to log an error if a piped log program fails. Try to + restart a piped log program in more failure situations. + - Fix bug where 'Satisfy Any' without an AuthType lost all MIME + information (and more). Related to PR 9076. + - Fix If header parsing when a non-mod_dav lock token is passed to it. + - Fix apxs to insert LoadModule directives only outside of + sections. + - apxs: Include any special APR ld flags when linking the DSO. + suexec: Be more pedantic when cleaning environment. Clean it + immediately after startup. PR 2790, 10449. Use saner default + config values for suexec. PR 15713. + mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot + be started on Unix because of such problems as bad permissions, + bad shebang line, etc. Fix possible segfaults under obscure + error conditions within the cgid daemon. + mod_deflate: + - you can now specify the compression level. + - Extend the DeflateFilterNote directive to allow accurate + logging of the filter's in- and outstream. + - Fix potential memory leaks in mod_deflate on malformed data. PR 16046. + mod_ssl: + Allow SSLMutex to select/use the full range of APR locking + mechanisms available to it. Also, fix the bug that SSLMutex + uses APR_LOCK_DEFAULT no matter what. PR 8122 + mod_autoindex no longer forgets output format and enabled version + sort in linked column headers. + mod_rewrite: + - Prevent endless loops of internal redirects in mod_rewrite by + aborting after exceeding a limit of internal redirects. The + limit defaults to 10 and can be changed using the + RewriteOptions directive. PR 17462. + - Allow "RewriteEngine Off" even if no "Options FollowSymlinks" + (or SymlinksIfOwnermatch) is set. PR 12395. + mod_ldap: + - Updated mod_ldap and mod_auth_ldap to support the Novell LDAP + SDK SSL and standardized the LDAP SSL support across the + various LDAP SDKs. Isolated the SSL functionality to + mod_ldap rather than speading it across mod_auth_ldap and + mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType + directives to mod_ldap to allow for a more common method of + specifying the SSL certificate. + - fix fault when caching was disabled, and some memory leaks + - Fix mod_ldap to open an existing shared memory file should + one already exist. PR 12757. + - Added character set support to mod_auth_LDAP to allow it to + convert extended characters used in the user ID to UTF-8 + before authenticating against the LDAP directory. The new + directive AuthLDAPCharsetConfig is used to specify the config + file that contains the character set conversion table. + mod_ssl: + - Fixed mod_ssl's SSLCertificateChain initialization to no + longer skip the first cert of the chain by default. This + misbehavior was introduced in 2.0.34. PR 14560 + - Fix 64-bit problem in mod_ssl input logic. + mod_proxy: + - Hook mod_proxy's fixup before mod_rewrite's fixup, so that by + mod_rewrite proxied URLs will not be escaped accidentally by + mod_proxy's fixup. PR 16368 + - Don't remove the Content-Length from responses in mod_proxy PR: 8677 + mod_auth_digest no longer tries to guess AuthDigestDomain, if it's + not specified. Now it assumes "/" as already documented. PR 16937. + mod_file_cache: fix segfaults +- improve the start/restart section of the init script, and add a + ssl_scache_cleanup script +- understand a syntax like -DSTATUS, as described in the sysconfig + file help text (bug noted in #25404] +- don't package the *.exp files, as they are needed only on AIX +- fix filelist for usage of %dir for files +- fix the cosmetical but irritating "Inappropriate ioctl for + device" error message, when rcapache2 is called from within YaST +- remove the unused /etc/apache2/modules directory from the package +- remove the now unused --enable-experimental-libtool +- fix to build with libtool-1.5 + +------------------------------------------------------------------- +Wed Apr 9 02:00:20 CEST 2003 - ro@suse.de + +- fix deprecated head/tail call syntax "-1" + +------------------------------------------------------------------- +Mon Mar 17 11:59:36 CET 2003 - kukuk@suse.de + +- Remove suse_help_viewer from provides [Bug #25436] + +------------------------------------------------------------------- +Thu Mar 13 12:54:59 CET 2003 - poeml@suse.de + +- security fix: do not write the startup log file to a world + writable directory, reversing the change of Jan 23 (wasn't in any + released package) [#25239] + +------------------------------------------------------------------- +Mon Mar 10 17:36:00 CET 2003 - poeml@suse.de + +- change permissions of /var/log/apache2 from wwwrun:root mode 770 + to root:root mode 750 [#24951] +- fix wrong list() in sysconfig.apache2 [#24719], and add a missing + default value + +------------------------------------------------------------------- +Mon Mar 3 17:41:56 CET 2003 - kukuk@suse.de + +- Remove ghost entry for pid file [Bug #24566] + +------------------------------------------------------------------- +Thu Feb 27 14:43:01 CET 2003 - poeml@suse.de + +- use the official MIME types, which are more complete [#23988] + +------------------------------------------------------------------- +Mon Feb 24 18:17:02 CET 2003 - poeml@suse.de + +- don't include log files into the package, and don't touch them in + %post; it's not needed +- fix comment in httpd.conf talking about SuSEconfig +- adjust some variable types in the sysconfig template + +------------------------------------------------------------------- +Tue Feb 18 11:39:18 CET 2003 - poeml@suse.de + +- apache2 Makefiles do support DESTDIR now, so let's use that + instead of the explicit paths (fixes a wrong path in + config_vars.mk [#23699]). Some files (*.exp, libapr*) are + automatically installed in the right location now. + +------------------------------------------------------------------- +Fri Feb 14 16:39:40 CET 2003 - poeml@suse.de + +- fix configuration script to find apache modules on 64 bit archs +- mark ssl.conf (noreplace) + +------------------------------------------------------------------- +Mon Feb 10 18:35:15 CET 2003 - poeml@suse.de + +- add mod_ldap, mod_auth_ldap, but link only them against the LDAP + libs. Likewise, do not link everything against ssl libs. This way + we can avoid RPM package (and build) requirements on a lot of + libs for subversion and other packages that build on apache. +- move more code from SuSEconfig into rcapache2 (actually into + support scripts below /usr/share/apache2/, so apache2 can be + configured without starting it) +- improve full-server-status once again +- remove suse_loadmodule.conf from filelist +- remove obsolete README.modules +- rename LOADMODULES -> APACHE_MODULES +- add APACHE_BUFFERED_LOGS +- update README.SuSE + +------------------------------------------------------------------- +Tue Jan 28 13:32:04 CET 2003 - poeml@suse.de + +- rc.apache2 + - add extreme-configtest (trying to run server as nobody, which + detects _all_ config errors) + - evaluate LOADMODULES from sysconfig.apache2 on-the-fly from + rcapache2 instead of SuSEconfig + - when restarting, do something useful instead of 'sleep 3': wait + just as long until the server has terminated all children + +------------------------------------------------------------------- +Sun Jan 26 21:27:31 CET 2003 - poeml@suse.de + +- build mod_logio, mod_case_filter, mod_case_filter_in +- rename apr subpackage to libapr0 (the library is called libapr-0 + meanwhile). add compatibility links named (libapr{,util}.so.0) +- configure SSL session caching with shm circular buffer + SSLSessionCache shm:/var/lib/httpd/ssl_scache + SSLSessionCacheTimeout 600 + SSLMutex sem +- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing +- strip objects +- rename gensslcert2 to gensslcert +- show a list all available modules in /etc/sysconfig/apache2 +- nicer output of apache2ctl +- reorder Requires + +------------------------------------------------------------------- +Thu Jan 23 12:05:59 CET 2003 - poeml@suse.de + +- update to 2.0.44 +- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif +- the apachectl and httpd man pages have been dropped upstreams +- add robots.txt to the example-pages subpackage that blocks spiders +- disable the perchild MPM +- disable httpd-2.0.36-64bit.dif +- rename apachectl2 to apache2ctl +- write the startup log to /var/tmp instead of /var/log/apache2 + +------------------------------------------------------------------- +Sun Jan 12 22:52:50 CET 2003 - poeml@suse.de + +- fix last fix (rpm macro before hash wasn't expanded) + +------------------------------------------------------------------- +Fri Jan 10 02:35:58 CET 2003 - poeml@suse.de + +- fix lib64 path in SuSEconfig + +------------------------------------------------------------------- +Fri Jan 3 23:01:14 CET 2003 - poeml@suse.de + +- fix typo in spec file, preventing replacement of @userdir@ in + httpd.conf-std.in + +------------------------------------------------------------------- +Wed Dec 18 15:11:53 CET 2002 - poeml@suse.de + +- sysconfig.apache2: + - add APACHE_SERVER_FLAGS variable + - change default: APACHE_SERVERSIGNATURE=on to match apache deflt + - add APACHE_CONF_INCLUDE_DIRS + - drop bogus APACHE_ACCESS_SERVERINFO variable + - adapt to our new sysconfig template +- SuSEconfig.apache2: + - understand LOADMODULES also if it is not an array [#21816] + - be very flexible with regard to LOADMODULE input (e.g., say + mod_php4 and it will find libphp4.so with ID php4_module) + - also ignore *,v files + - include APACHE_CONF_INCLUDE_DIRS + - dump some files: suse_define.conf (not needed) & suse_text.conf + (too much overhead) +- rc.apache2: + - implement most of apachectl's commands (graceful, configtest) + - use server_flags from sysconfig.apache2 + - pass server flags like -DSTATUS from the command line through + to httpd2 + - add commmands to show the server status + - don't quit silently when no apache MPM is installed + - handle ServerSignature and other stuff on the command line + (save modifications to httpd.conf) +- fix the /manual Alias that points to the documentation +- configure /cgi-bin for cgi execution +- configure /home/*/public_html for mod_userdir -- if it is loaded +- configure internationalized error responses +- fix apachectl2 +- add /etc/apache2/{,modules} to the filelist +- add /etc/apache2/conf.d as drop-in directory for packages +- hard code some more default paths into the executable +- finally, run a test! + +------------------------------------------------------------------- +Thu Dec 5 13:55:06 CET 2002 - poeml@suse.de + +- move ap{r,u}-config* into the apr package, as well +- add generic ap{r,u}-config +- add %includedir to filelist + +------------------------------------------------------------------- +Thu Dec 5 00:26:22 CET 2002 - poeml@suse.de + +- more checks and warnings to SuSEconfig.apache2 +- shift APR files into the the apr package +- try 1.136 revision of perchild.c + +------------------------------------------------------------------- +Tue Dec 3 16:27:35 CET 2002 - poeml@suse.de + +- add forgotten ssl.conf to the filelist (thanks, Robert) +- add httpd-2.0.43-mod_ssl-memory-leak.dif + +------------------------------------------------------------------- +Mon Oct 14 19:34:38 CEST 2002 - poeml@suse.de + +- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE: + CAN-2002-0840) + +------------------------------------------------------------------- +Mon Oct 7 09:39:45 CEST 2002 - poeml@suse.de + +- do not append a '2' suffix to the scripts included with the + documentation +- move error, icons and manual dir to /usr/share/apache2 +- fix nested array in SuSEconfig.apache2 +- let SuSEconfig pick one MPM that is installed. Do not default to + "worker". [#20724] + +------------------------------------------------------------------- +Thu Oct 3 14:50:20 CEST 2002 - poeml@suse.de + +- update to 2.0.42 (primarily a bug-fix release, including updates + to the experimental caching module, the removal of several memory + leaks, and fixes for several segfaults, one of which could have + been used as a denial-of-service against mod_dav (VU#406121).) +- increase flexibility of the spec file: build any set of MPMs, + depending on RPM %defines. Improve the mechanism that merges the + modules so it works with any number of MPMs. +- use a "Server:" header that fits the product apache is built for +- add an RPM dependency on the module magic number to the MPM + subpackages +- build the "leader/follower" MPM. On i686, enable nonportable but + faster atomics for it. +- use filelists for more flexibility. APRVARS ceased to exist. + Don't add README* twice. +- perchild: use AcceptMutex fcntl to prevent permission conflict as + suggested in Apache Bugzilla #7921 +- remove mod_rewrite and mod_proxy from the default modules +- build the mod_auth_digest module + +------------------------------------------------------------------- +Mon Sep 9 15:30:34 CEST 2002 - poeml@suse.de + +- add patch that changes PLATFORM (as seen in the HTTP Server + header) from "Unix" to "SuSE/Linux" [#18543] +- add README.SuSE, explaining how to build modules with apxs2 +- fixed some paths in README.modules, put it into docdir and mark + it as %doc + +------------------------------------------------------------------- +Wed Aug 28 16:39:59 CEST 2002 - poeml@suse.de + +- new package, now building all three MPMs and putting all specific + modules in specific directories. Branch a subpackage for each + MPM, containing the server and MPM-specific modules. +- branch apr package off, so apache2 doesn't need to be installed + to have the libs. (apr is not released yet, that's why we build + it here) +- allow coexistence of apache1 by using directories named apache2 + or suffixed with "2" +- allow building modules via apxs2 (for all server MPMs) --- or via + apxs2-{worker,perchild,prefork} for a specific server MPM +- add permissions.apache2 setting /usr/sbin/suexec2 to 4755 +- rewrite SuSEconfig.apache2 for apache 2. +- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in + mod_proxy when given an invalid URL +- branch apache2-example-pages off (docroot contents) + +------------------------------------------------------------------- +Mon Aug 19 16:43:37 CEST 2002 - poeml@suse.de + +- actually use the new SuSE81 layout, and add SuSE81_64 layout +- cleaned up httpd-2.0.36-conf.dif +- fixed comment in SuSEconfig.apache +- drop SuSEconfig subpackage +- split main package and -devel package in three packages, one for + each MPM... + apache2 -> apache2-{worker,perchild,prefork} + apache2-devel -> apache2-{worker,perchild,prefork}-devel + +------------------------------------------------------------------- +Mon Aug 12 17:47:08 CEST 2002 - poeml@suse.de + +- bugfix update to 2.0.40 +- fix Requires of -devel subpackage +- add variable to sysconfig.apache to switch off SuSEconfig.apache +- add new layout SUSE81 to config.layout due to the moved server + root (so the old SuSE6.1 can be kept for building on older + distributions) +- one of the lib64 path fixes could be removed, now included + upstream + +------------------------------------------------------------------- +Wed Aug 7 18:47:33 CEST 2002 - poeml@suse.de + +- put PreReq in an if-statement to allow building on older distris +- relax the Requires +- the apache_mmn macro had to be moved down in the spec file to be + evaluated +- libmm is not needed for building (and it is not threadsafe) +- fix config.layout for the moved server root + +------------------------------------------------------------------- +Fri Aug 2 23:44:31 CEST 2002 - poeml@suse.de + +- fix libdir in config.layout for lib64 + +------------------------------------------------------------------- +Fri Aug 2 12:22:33 CEST 2002 - poeml@suse.de + +- fix RPM Requires + +------------------------------------------------------------------- +Thu Aug 1 17:50:53 CEST 2002 - poeml@suse.de + +- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www +- drop obsolete README.SuSE + +------------------------------------------------------------------- +Thu Aug 1 01:01:32 CEST 2002 - poeml@suse.de + +- spec file: use PreReq +- don't delete SuSEconfig's md5 files in %post, that's no good +- add apache.logrotate +- provide the magic module number as executable script + (/usr/lib/apache/MMN) and as RPM Provides, indicating API changes +- mark httpd.conf noreplace +- fix installbuilddir in config.layout, needed for apxs + +------------------------------------------------------------------- +Sun Jul 14 15:27:24 CEST 2002 - poeml@suse.de + +- update to 2.0.39 +- drop obsolete moduledir and apxs patches +- rc.apache INIT section: use X-UnitedLinux-Should-Start + +------------------------------------------------------------------- +Wed Jul 3 01:53:35 CEST 2002 - ro@suse.de + +- rename to "apache2" again + +------------------------------------------------------------------- +Tue Jun 11 17:02:47 CEST 2002 - ro@suse.de + +- get apxs to work: + include needed files in devel package + adapt some pathes in apxs + +------------------------------------------------------------------- +Wed May 29 18:16:00 CEST 2002 - poeml@suse.de + +- update to 2.0.36 +- drop mod_ssl subpackage; mod_ssl is part of the apache bsae + distribution now +- RPM can be built as user now +- SuSEconfig.apache: understand relative and absolute pathnames +- disable experimental auth_digest_module + diff --git a/apache2.logrotate b/apache2.logrotate new file mode 100644 index 0000000..37fe7e1 --- /dev/null +++ b/apache2.logrotate @@ -0,0 +1,69 @@ +/var/log/apache2/access_log { + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 644 root root + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/error_log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/suexec.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/ssl_request_log { + compress + dateext + maxage 365 + rotate 99 + size=+4096k + notifempty + missingok + create 644 root root + postrotate + /etc/init.d/apache2 reload + endscript +} + +/var/log/apache2/ssl_engine_log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + create 644 root root + postrotate + /etc/init.d/apache2 reload + endscript +} diff --git a/apache2.spec b/apache2.spec new file mode 100644 index 0000000..ec987e3 --- /dev/null +++ b/apache2.spec @@ -0,0 +1,2704 @@ +# +# spec file for package apache2 (Version 2.2.3) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: apache2 +BuildRequires: db-devel ed libapr-util1-devel libapr1-devel openldap2 openldap2-devel openssl-devel pcre-devel +%if %{?suse_version:1}0 +%define httpduser wwwrun +%define httpdgroup www +%else +%define httpduser apache +%define httpdgroup apache +BuildRequires: expat-devel +%endif +# +%define pname apache2 +%define vers 2 +%define httpd httpd2 +%define apache_mmn %(test -s %{S:0} && { echo -n apache_mmn_; bzcat %{S:0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; }) +%define default_mpm prefork +%{!?prefork:%define prefork 1} +%{!?worker:%define worker 1} +%{!?event:%define event 1} +%define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event) +# dir names +%define datadir /srv/www +%define htdocsdir %{datadir}/htdocs +%define manualdir %{_prefix}/share/%{pname}/manual +%define errordir %{_prefix}/share/%{pname}/error +%define iconsdir %{_prefix}/share/%{pname}/icons +%define cgidir %{datadir}/cgi-bin +%define localstatedir /var/lib/%{pname} +%define proxycachedir /var/cache/%{pname} +%define logfiledir /var/log/%{pname} +%define runtimedir /var/run +%define sysconfdir /etc/%{pname} +%define includedir %{_includedir}/%{pname} +%define libexecdir %_libdir/%{pname} +%define installbuilddir %{_prefix}/share/%{pname}/build +%define userdir public_html +%define suexec_safepath /usr/local/bin:/usr/bin:/bin +# "Server:" header +%define VENDOR SUSE +%define platform_string Linux/%VENDOR +License: The Apache Software License +Group: Productivity/Networking/Web/Servers +%define realver 2.2.3 +Version: 2.2.3 +Release: 23 +#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 +Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 +Source10: SUSE-NOTICE +Source11: rc.%{pname} +Source13: sysconfig.%{pname} +Source16: certificate.sh +Source17: mkcert.sh.gz +Source18: robots.txt +Source20: favicon.ico +Source22: apache2-README.QUICKSTART +Source23: apache2-README.QUICKSTART.SSL +Source231: apache2-README.QUICKSTART.WebDAV +Source24: apache2-README +Source25: gensslcert +Source27: %{pname}.logrotate +Source28: permissions.%{pname} +Source29: apache-ssl-stuff.tar.bz2 +Source40: load_configuration +Source41: find_mpm +Source42: get_module_list +Source43: get_includes +Source44: find_httpd2_includes +Source45: sysconf_addword +Source46: a2enflag +Source47: a2enmod +Source100: apache2-httpd.conf +Source101: apache2-errors.conf +Source102: apache2-default-server.conf +Source103: apache2-listen.conf +Source104: apache2-manual.conf +Source105: apache2-mod_autoindex-defaults.conf +Source106: apache2-mod_info.conf +Source107: apache2-mod_log_config.conf +Source108: apache2-mod_mime-defaults.conf +Source109: apache2-mod_status.conf +Source110: apache2-mod_userdir.conf +Source111: apache2-server-tuning.conf +Source113: apache2-ssl-global.conf +Source114: apache2-mod_usertrack.conf +Source130: apache2-vhost.template +Source131: apache2-vhost-ssl.template +Source140: apache2-check_forensic +Source141: apache-20-22-upgrade +Patch2: httpd-2.1.3alpha-layout.dif +Patch10: httpd-2.1.3alpha-autoconf-2.59.dif +Patch23: httpd-2.1.9-apachectl.dif +Patch65: httpd-2.0.49-log_server_status.dif +Patch66: httpd-2.0.54-envvars.dif +Patch67: httpd-2.2.0-apxs-a2enmod.dif +URL: http://httpd.apache.org/ +Icon: Apache.xpm +Summary: The Apache Web Server Version 2.0 +Autoreqprov: on +Provides: httpd http_daemon %{apache_mmn} suse_help_viewer +Requires: %{pname}-MPM /etc/mime.types +Requires: logrotate +Requires: libapr1 >= 1.0 +Requires: libapr1 < 2.0 +PreReq: fileutils textutils grep sed +%if %{?suse_version:1}0 +PreReq: %insserv_prereq %fillup_prereq permissions shadow +%endif +%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 +Provides: apache +Obsoletes: apache < 1.3.29 +Obsoletes: mod_ssl < 2.8.16 +%endif +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Apache 2, the successor to Apache 1. + +Apache is the most used Web server software worldwide. + +Some new features in Apache 2: - hybrid multiprocess, multithreaded + mode for improved scalability + +- multiprotocol support + +- stream filtering + +- IPv6 support + +- new module API + +New modules include: - mod_auth_db + +- mod_auth_digest + +- mod_charset_lite + +- mod_dav + +- mod_file_cache + +Mod_ssl is no longer a separate package, but is now included in the +Apache distribution. + +See /usr/share/doc/packages/apache2/, http://httpd.apache.org/, and +http://httpd.apache.org/docs-2.0/upgrading.html. + + + +Authors: +-------- + Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + +%if %worker +%package worker +Summary: Apache 2 worker MPM (Multi-Processing Module) +Group: Productivity/Networking/Web/Servers +Provides: %{pname}-MPM +Requires: %{name} = %{version} +%endif +%if %prefork +%package prefork +Summary: Apache 2 "prefork" MPM (Multi-Processing Module) +Group: Productivity/Networking/Web/Servers +Provides: %{pname}-MPM +%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 +Provides: apache:/usr/sbin/httpd +%endif +Requires: %{name} = %{version} +%endif +%if %event +%package event +Summary: Apache 2 event MPM (Multi-Processing Module) +Group: Productivity/Networking/Web/Servers +Provides: %{pname}-MPM +Requires: %{name} = %{version} +%endif +%if %worker + +%description worker +The worker MPM (multi-Processing Module) implementing a hybrid +multi-threaded multi-process web server. + +This combination offers a performance boost and retains some of the +stability of the multi-process model. + + + +Authors: +-------- + Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + +%endif +%if %prefork + +%description prefork +"prefork" MPM (Multi-Processing Module) + +This MPM is basically the one that Apache 1.3.x used. It warrants the +maximum stability because each server runs in its own process. If a +process dies it will not affect other servers. + + + +Authors: +-------- + Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + +%endif +%if %event + +%description event +The event MPM (multi-Processing Module) is experimental, so it may or +may not work as expected. + +It uses a seperate thread to handle Keep Alive requests and accepting +connections. Keep Alive requests have traditionally required httpd to +dedicate a worker to handle it. This dedicated worker could not be used +again until the Keep Alive timeout was reached. + +This MPM depends on APR's atomic compare-and-swap operations for thread +synchronization. + + + +Authors: +-------- + Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + +%endif +%package devel +Summary: Apache 2.0 Header and Include Files +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} %{pname}-MPM +Requires: libapr1-devel libapr-util1-devel + +%description devel +This package contains header files and include files that are needed +for development using the Apache API. + + + +%package doc +Summary: Additional Package Documentation. +Group: Documentation/Other +%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 +Provides: apache-doc +Obsoletes: apache-doc +%endif + +%description doc +This package contains optional documentation provided in addition to +this package's base documentation. + + + +%package example-pages +Summary: Example Pages for the Apache 2 Web Server +Group: Productivity/Networking/Web/Servers +%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 +Provides: apache-example-pages +Obsoletes: apache-example-pages +%endif + +%description example-pages +Some Example pages for Apache that show information about the installed +server. + + + +Authors: +-------- + Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + +%prep +# +# O/ ._ .__ ._ +# /O |_)|(/_|_) +# | | +# +%setup -q -n httpd-%{realver} +%patch2 -p1 +%patch10 -p1 +%patch23 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +# +cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE +# +cp -p %{S:16} %{S:17} .; gunzip mkcert.sh.gz +# +# replace PLATFORM string that's seen in the "Server:" header +# +sed 's,(" PLATFORM "),(%platform_string),' server/core.c > tmp_file && mv tmp_file server/core.c + +sed 's/public_html/%{userdir}/g' docs/conf/extra/httpd-userdir.conf.in > tmp_file && mv tmp_file docs/conf/extra/httpd-userdir.conf.in +# +# now configure Apache +# +aclocal +autoreconf --force --install + +%build +# +# O/ |_ o| _| +# /O |_)|_|||(_| +# +function configure { + CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \ + CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \ + ./configure \ + --enable-maintainer-mode \ + --enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \ + --with-program-name=httpd%{vers}$mpm_suffix \ + --with-apr=%{_bindir}/apr-1-config \ + --with-apr-util=%{_bindir}/apu-1-config \ + --with-mpm=$mpm \ +%if "$mpm" == "worker" || "$mpm" == "event" +%ifarch %ix86 +%ifnarch i386 + --enable-nonportable-atomics=yes \ +%endif +%endif +%endif + \ + --enable-exception-hook \ + \ +%if %{?suse_version:%suse_version}%{?!suse_version:9999} > 930 + --with-pcre \ + --enable-pie \ +%endif + --enable-mods-shared=all \ + --enable-ssl=shared \ + \ + --disable-isapi \ + --enable-deflate \ + --enable-echo \ + --enable-filter \ + --enable-ext-filter \ + --enable-charset-lite \ + --enable-file-cache \ + --enable-logio \ + --enable-dumpio \ + --enable-bucketeer \ + --enable-case_filter \ + --enable-case_filter_in \ + \ + --with-ldap \ + --enable-ldap \ + --enable-authnz_ldap \ + \ + --enable-proxy \ + --enable-proxy-connect \ + --enable-proxy-ftp \ + --enable-proxy-http \ + --enable-cache \ + --enable-disk-cache \ + --enable-mem-cache \ + \ + --enable-dav-lock \ + --enable-authn-alias \ + --enable-optional-hook-export \ + --enable-optional-hook-import \ + --enable-optional-fn-import \ + --enable-optional-fn-export \ + \ + --enable-suexec \ + --with-suexec-bin=%{_sbindir}/suexec%{vers} \ + --with-suexec-caller=%httpduser \ + --with-suexec-docroot=%{datadir} \ + --with-suexec-logfile=%{logfiledir}/suexec.log \ + --with-suexec-userdir=%{userdir} \ + --with-suexec-uidmin=96 \ + --with-suexec-gidmin=96 \ + --with-suexec-safepath=%{suexec_safepath} +} + + +# +# |_ o| _| | _ _ ._ +# |_)|_|||(_| |(_)(_)|_) +# | +# +# build the 3 multi-processing modules (MPM) in a loop +# +[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT; +for mpm in %{mpms_to_build}; do + echo $mpm >> .status + test -s Makefile && make clean >/dev/null + echo -e "\n\n\n \e[01m***** Building $mpm MPM *****\e[00m\n\n\n" + export mpm_suffix=-$mpm + configure + sed "s/%{vers}-$mpm//" include/ap_config_auto.h > include/ap_config_auto.h.new + mv include/ap_config_auto.h.new include/ap_config_auto.h + + make CFLAGS="$RPM_OPT_FLAGS -fPIC \ + -fno-strict-aliasing \ + -Wall \ + -DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \ + -DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \ + %{?jobs:-j%jobs} + + make DESTDIR=$RPM_BUILD_ROOT install + + #rm -rf $RPM_BUILD_ROOT.$mpm.pre + #cp -a $RPM_BUILD_ROOT/ $RPM_BUILD_ROOT.$mpm.pre + # show pathnames in config files + echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||: + echo;echo;echo; diff -U1 docs/conf/ssl-std.conf.in docs/conf/ssl-std.conf ||: + # show compile settings + pwd + printf "\n\n\n"; ./%{httpd}$mpm_suffix -V + printf "\n\n\n"; ./%{httpd}$mpm_suffix -l + #mv $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf$mpm_suffix + #mv $RPM_BUILD_ROOT/%{sysconfdir}/httpd2-prefork.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd-std.conf$mpm_suffix + # fix up and rename config_vars file: remove references to the RPM build dir; + # remove references to RPM build root; fix apr/apu includedir + sed -e "/^EXTRA_INCLUDES/s|-I$RPM_BUILD_DIR[^ ]* ||g" \ + -e "/^AP._INCLUDEDIR/s|$RPM_BUILD_DIR.*$|%{includedir}$mpm_suffix|" \ + -e "/abs_srcdir/d" \ + -e "/AP_LIBS/d" \ + < $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk \ + > $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk$mpm_suffix + rm $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk + #rm -rf $RPM_BUILD_ROOT.$mpm.post + #cp -a $RPM_BUILD_ROOT/ $RPM_BUILD_ROOT.$mpm.post +done +mkdir -p $RPM_BUILD_ROOT/%{libexecdir} + +# remove references to mpm type in config_vars +sed -e "s^/usr/%_lib/%{pname}-%{default_mpm}^/usr/%_lib/%{pname}^" \ + -e "s/httpd$/%{httpd}-%{default_mpm}/" \ + -e "s/%{pname}-%{default_mpm}/%{pname}/" \ + < $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk-%{default_mpm} \ + > $RPM_BUILD_ROOT/%{installbuilddir}/config_vars.mk + +# get rid of modules that do not differ between the MPMs (since most of them are the same) +# by putting them in /usr/lib/apache%{vers} +ldir=$RPM_BUILD_ROOT/%{libexecdir} +for i in $(cd $ldir-%{default_mpm}; ls -1); do + identical=true + for mpm in %{mpms_to_build}; do + cmp -s $ldir-{%{default_mpm},$mpm}/$i || identical=false + done + if $identical; then + cp -dp $ldir-%{default_mpm}/$i $ldir + for mpm in %{mpms_to_build}; do + rm $ldir-$mpm/$i + ln -s ../%{pname}/$i $ldir-$mpm/$i + done + fi +done + +# merge the three /usr/include/apache2-* directories +# by putting them in /usr/lib/apache%{vers} +idir=$RPM_BUILD_ROOT/%{includedir} +mkdir -p $idir +for i in $(cd $idir-%{default_mpm}; ls -1); do + identical=true + for mpm in %{mpms_to_build}; do + cmp -s $idir-{%{default_mpm},$mpm}/$i || identical=false + done + if $identical; then + cp -dp $idir-%{default_mpm}/$i $idir + for mpm in %{mpms_to_build}; do + rm $idir-$mpm/$i + ln -s ../%{pname}/$i $idir-$mpm/$i + done + fi +done +for i in ap_config_auto.h ap_config_layout.h; do + if [ ! -f $idir/$i ]; then + sed 's/-%{default_mpm}//' $idir-%{default_mpm}/$i > $idir/$i + fi +done + + +%install +# +# O/ o._ __|_ _.|| +# /O || |_> |_(_||| +# +# +# (most installation (to build root) has already been done in %build) +# +# save MODULE_MAGIC_NUMBER +cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF + #!/bin/sh + echo %{apache_mmn} +EOF + +cp -p $RPM_BUILD_ROOT/%{sysconfdir}/%{httpd}-%{default_mpm}.conf $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf +cp -p $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf ./httpd.conf.default +rm $RPM_BUILD_ROOT/%{sysconfdir}/%{httpd}-*.conf +# +# create directories +mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates \ + $RPM_BUILD_ROOT/%{proxycachedir} \ + $RPM_BUILD_ROOT/%{localstatedir} +# +# support files +install -m 755 support/log_server_status $RPM_BUILD_ROOT/%{_bindir}/log_server_status%{vers} +install -m 755 support/split-logfile $RPM_BUILD_ROOT/%{_bindir}/split-logfile%{vers} +install -m 755 support/logresolve.pl $RPM_BUILD_ROOT/%{_sbindir}/logresolve.pl%{vers} +mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +install -m 644 $RPM_SOURCE_DIR/%{pname}.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%{pname} +# since 10.0, the permission files are maintained centrally +%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000 +mkdir -p $RPM_BUILD_ROOT/etc/permissions.d +install -m 644 $RPM_SOURCE_DIR/permissions.%{pname} $RPM_BUILD_ROOT/etc/permissions.d/%{pname} +%endif +install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic $RPM_BUILD_ROOT/%{_bindir}/check_forensic%{vers} +# +# ssl stuff +install -m 755 %{S:25} $RPM_BUILD_ROOT/%{_bindir}/ +chmod 755 certificate.sh mkcert.sh +tar xjf $RPM_SOURCE_DIR/apache-ssl-stuff.tar.bz2 -C $RPM_BUILD_ROOT/%{sysconfdir} +# +# init script and friends +mkdir -p $RPM_BUILD_ROOT/etc/init.d +install -m 744 $RPM_SOURCE_DIR/rc.%{pname} $RPM_BUILD_ROOT/etc/init.d/%{pname} +ln -sf ../../etc/init.d/%{pname} $RPM_BUILD_ROOT/%{_sbindir}/rc%{pname} +install -m 755 $RPM_SOURCE_DIR/load_configuration $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/ +install -m 755 $RPM_SOURCE_DIR/find_mpm $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/ +install -m 755 $RPM_SOURCE_DIR/get_includes $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/ +install -m 755 $RPM_SOURCE_DIR/find_httpd2_includes $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/ +install -m 755 $RPM_SOURCE_DIR/apache-20-22-upgrade $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/ +sed 's+/usr/lib+/usr/%_lib+' $RPM_SOURCE_DIR/get_module_list \ + > $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/get_module_list +chmod 755 $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/get_module_list +install -m 755 $RPM_SOURCE_DIR/sysconf_addword $RPM_BUILD_ROOT/%{_sbindir} +install -m 755 $RPM_SOURCE_DIR/a2enflag $RPM_BUILD_ROOT/%{_sbindir} +ln -s a2enflag $RPM_BUILD_ROOT/%{_sbindir}/a2disflag +install -m 755 $RPM_SOURCE_DIR/a2enmod $RPM_BUILD_ROOT/%{_sbindir} +ln -s a2enmod $RPM_BUILD_ROOT/%{_sbindir}/a2dismod +# +# directories for files from other packages and other configuration +mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d +mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d +# +# make list of all modules, and install sysconfig template +for i in $(find $RPM_BUILD_ROOT/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do + modname=${i#*mod_}; modname=${modname%.so} + modname=${modname##*lib} + all_modules="$all_modules $modname" +done +all_modules=$(echo $all_modules | fmt | sed 's/\(.*\)/# \1\\/') +sed "s+@@all_modules@@+$all_modules +" $RPM_SOURCE_DIR/sysconfig.%{pname} \ + > $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/sysconfig.%{pname} +# +# install READMEs +cp -p $RPM_SOURCE_DIR/%{pname}-README README.%VENDOR +cp -p $RPM_SOURCE_DIR/%{pname}-README.QUICKSTART README.QUICKSTART +cp -p $RPM_SOURCE_DIR/%{pname}-README.QUICKSTART.SSL README.QUICKSTART.SSL +cp -p $RPM_SOURCE_DIR/%{pname}-README.QUICKSTART.WebDAV README.QUICKSTART.WebDAV +# +# install configuration files: +mkdir -p $RPM_BUILD_ROOT/%{runtimedir} +touch $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d/include.conf +mkdir -p $RPM_BUILD_ROOT/%{sysconfdir}/conf.d +for i in default-server.conf \ + errors.conf \ + httpd.conf \ + listen.conf \ + mod_autoindex-defaults.conf \ + mod_info.conf \ + mod_log_config.conf \ + mod_mime-defaults.conf \ + mod_status.conf \ + mod_userdir.conf \ + mod_usertrack.conf \ + server-tuning.conf \ + ssl-global.conf +do + install -m 644 $RPM_SOURCE_DIR/apache2-$i $RPM_BUILD_ROOT/%{sysconfdir}/$i +done +cat > $RPM_BUILD_ROOT/%{sysconfdir}/uid.conf <<-EOF + User %httpduser + Group %httpdgroup +EOF + +# remove configuration for mpms which have not been built +mpm_confs="$(awk '/IfModule .*\.c/ {print $2}' $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf | cut -d. -f1 | tr '\n' ' ')" +for mpm_conf in $mpm_confs; do + case "%{mpms_to_build}" in + *$mpm_conf*) ;; + *) sed "/^# $mpm_conf/, /^$/ d" $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf > t + #diff -u $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf t ||: + mv t $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf + ;; + esac +done +install -m 644 $RPM_SOURCE_DIR/apache2-vhost.template $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d/vhost.template +install -m 644 $RPM_SOURCE_DIR/apache2-vhost-ssl.template $RPM_BUILD_ROOT/%{sysconfdir}/vhosts.d/vhost-ssl.template +install -m 644 $RPM_SOURCE_DIR/apache2-manual.conf $RPM_BUILD_ROOT/%{sysconfdir}/conf.d/ +# for mod_auth_ldap +install -m 644 docs/conf/charset.conv $RPM_BUILD_ROOT/%{sysconfdir}/ + +cp -p $RPM_SOURCE_DIR/robots.txt . +cp -p $RPM_SOURCE_DIR/favicon.ico $RPM_BUILD_ROOT/%{htdocsdir}/ +cat > $RPM_BUILD_ROOT/%{htdocsdir}/robots.txt <<-EOF + User-Agent: * + Disallow: / +EOF + +# +# use official mime.types (more complete) +# +ln -sf ../mime.types $RPM_BUILD_ROOT/%{sysconfdir}/mime.types + +mv $RPM_BUILD_ROOT/%{cgidir}/printenv . +mv $RPM_BUILD_ROOT/%{cgidir}/test-cgi . +pushd $RPM_BUILD_ROOT/%{_mandir} + for i in $(find . -type f); do + mv $i ${i%.*}%{vers}.${i#*.*.} || true + done +popd +pushd $RPM_BUILD_ROOT/%{_sbindir} + for i in ab dbmmanage htdbm htdigest htpasswd logresolve rotatelogs suexec; do + mv $i ${i}%{vers} || true + done + mv apachectl apachectl.tmp; mv apachectl.tmp apache%{vers}ctl + for i in dbmmanage htdbm htdigest htpasswd; do + mv ${i}%{vers} ../bin/ + done +popd +# fix up apxs +pushd $RPM_BUILD_ROOT/%{_sbindir} + for mpm in %{mpms_to_build}; do + cat <<-EOT_ED | ed -s apxs + H + ,s/^\(.*\)config_vars.mk\(.*\)$/\1config_vars.mk\$mpm_suffix\2/ + /config_vars.mk + ^ + i + my \$mpm_suffix = "-$mpm"; + . + wq apxs%{vers}-$mpm + EOT_ED + chmod 755 apxs%{vers}-$mpm + done + cat <<-EOT_ED | ed -s apxs + H + /config_vars + a + my \$mpm_suffix = ""; + . + wq + EOT_ED + mv apxs apxs%{vers} +popd + +# +# filelists +# +>filelist; >filelist-devel +for mpm in %{mpms_to_build}; do + echo %dir %{_libdir}/%{pname}-$mpm >> filelist + ( + echo %dir %{includedir}-$mpm + echo %{_sbindir}/apxs%{vers}-$mpm + ) >> filelist-devel +done +find $RPM_BUILD_ROOT/%{includedir}/.. -type f -o -type l \ + | sed "s#$RPM_BUILD_ROOT##" \ + >> filelist-devel +find $RPM_BUILD_ROOT/%{installbuilddir} -type f \ + | sed "s#$RPM_BUILD_ROOT##" \ + >> filelist-devel + +# remove files from the build root that we won't package +rm -f $RPM_BUILD_ROOT/%{_libdir}/%{pname}-*/*.exp # needed only on AIX +rm -f $RPM_BUILD_ROOT/%{_libdir}/%{pname}/*.exp # needed only on AIX +rm -f $RPM_BUILD_ROOT/%{_sbindir}/checkgid # needed only for user installations from tarball +rm -r $RPM_BUILD_ROOT/%{sysconfdir}/extra # it is already in the documentation directory + + +# +# O/ _|_ _ __|_ +# /O |_(/__> |_ +# +# +# now check wether httpd binary runs properly +# and validate httpd.conf file +# +pushd $RPM_BUILD_ROOT/%{sysconfdir} +for i in *.conf; do cp $i $i.test; done +%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 810 + echo -e "User %httpduser \nGroup nogroup" > uid.conf.test + sed 's+/srv/www+/usr/local/httpd+' default-server.conf > t + mv t default-server.conf + mkdir -p /usr/local/httpd/htdocs +%endif +# for Fedora +%if %{?suse_version:0}%{!?suse_version:1} + echo -e "User nobody \nGroup nobody" > uid.conf.test + mkdir -p $RPM_BUILD_ROOT/%{htdocsdir} +%endif +sed -e 's+/usr/%_lib+'$RPM_BUILD_ROOT'/usr/%_lib+' \ + -e 's+/var/run+'$RPM_BUILD_ROOT'/var/run+' \ + -e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \ + -e 's+%{datadir}+'$RPM_BUILD_ROOT'%{datadir}+' \ + -e 's+\.conf$+&.test+' \ + httpd.conf > httpd.conf.test +sed -e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \ + default-server.conf > default-server.conf.test +touch sysconfig.d/global.conf.test +touch sysconfig.d/include.conf.test +popd +pushd $RPM_BUILD_ROOT +for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do + mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module + mod_path= + echo LoadModule $mod_id $RPM_BUILD_ROOT/${i#.} >> .%{sysconfdir}/sysconfig.d/loadmodule.conf.test +done +# auth_ldap_module needs to be loaded after ldap_module +echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test +popd + +%if %{?suse_version:1}%{!?suse_version:0} +LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \ +$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \ + -e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || exit 1 +%else +LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \ +$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \ + -e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || : +%endif +rm $RPM_BUILD_ROOT/%{sysconfdir}/*.test +rm $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d/* +mv $RPM_BUILD_ROOT/%{sysconfdir}/original . + +%files -f filelist +# _ +# O/ _|_o| _ _ +# /O | ||(/__> +# +%defattr(-,root,root) +%doc INSTALL READM* LICENSE ABOUT_APACHE CHANGES +%doc support/SHA1 +%doc %attr(755,root,root) certificate.sh +%doc %attr(755,root,root) mkcert.sh +%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz +%doc %{_mandir}/man1/htdbm%{vers}.1.gz +%doc %{_mandir}/man1/htdigest%{vers}.1.gz +%doc %{_mandir}/man1/htpasswd%{vers}.1.gz +%doc %{_mandir}/man8/ab%{vers}.8.gz +%doc %{_mandir}/man8/apachectl%{vers}.8.gz +%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz +%doc %{_mandir}/man8/%{httpd}.8.gz +%doc %{_mandir}/man8/logresolve%{vers}.8.gz +%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz +%doc %{_mandir}/man8/suexec%{vers}.8.gz +%doc %{_mandir}/man8/apxs%{vers}.8.gz +%doc robots.txt +%doc printenv +%doc test-cgi +#%doc httpd-std.conf-* +#%doc ssl-std.conf +%doc httpd.conf.default +%doc original +%attr(750,root,root) %dir %{logfiledir} +%attr(750,%httpduser,root) %dir %{proxycachedir} +%attr(750,%httpduser,root) %dir %{localstatedir} +%dir %{sysconfdir} +%config %{sysconfdir}/magic +%config %{sysconfdir}/mime.types +%config (noreplace) %{sysconfdir}/*.conf +%config (noreplace) %{sysconfdir}/charset.conv +%{sysconfdir}/vhosts.d/*.template +%dir %{sysconfdir}/ssl.crl +%dir %{sysconfdir}/ssl.crt +%dir %{sysconfdir}/ssl.csr +%dir %attr(700,root,root) %{sysconfdir}/ssl.key +%dir %{sysconfdir}/ssl.prm + %{sysconfdir}/ssl.*/README* +%config %{sysconfdir}/ssl.*/Makefile + %{sysconfdir}/ssl.*/snakeoil* + %{sysconfdir}/ssl.*/*.0 +%config %{sysconfdir}/ssl.crt/ca-bundle.crt +%config(noreplace) %{sysconfdir}/ssl.crt/server.crt +%config(noreplace) %{sysconfdir}/ssl.csr/server.csr +%config(noreplace) %{sysconfdir}/ssl.key/server.key +%dir %{sysconfdir}/conf.d +%dir %{sysconfdir}/vhosts.d +%dir %{sysconfdir}/sysconfig.d +%config(noreplace) /etc/logrotate.d/%{pname} +%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000 +%config(noreplace) /etc/permissions.d/%{pname} +%endif +%config /etc/init.d/%{pname} +# +%{_sbindir}/rc%{pname} +%{_sbindir}/ab%{vers} +%{_sbindir}/apache%{vers}ctl +%{_sbindir}/envvars +%{_sbindir}/envvars-std +%{_sbindir}/htcacheclean +%{_sbindir}/httxt2dbm +%{_sbindir}/logresolve%{vers} +%{_sbindir}/logresolve.pl%{vers} +%{_sbindir}/rotatelogs%{vers} +%{_sbindir}/sysconf_addword +%{_sbindir}/a2enflag +%{_sbindir}/a2enmod +%{_sbindir}/a2disflag +%{_sbindir}/a2dismod +%{_bindir}/log_server_status%{vers} +%{_bindir}/split-logfile%{vers} +%{_bindir}/gensslcert +%{_bindir}/check_forensic%{vers} +%{_bindir}/dbmmanage%{vers} +%{_bindir}/htdbm%{vers} +%{_bindir}/htdigest%{vers} +%{_bindir}/htpasswd%{vers} +%verify(not mode) %attr(0755,root,root) %_sbindir/suexec2 +%{iconsdir} +%{errordir} +%{_var}/adm/fillup-templates/sysconfig.%{pname} +%attr(755,root,root) %{_libdir}/%{pname}_MMN +%dir %{_libdir}/%{pname} +%{_libdir}/%{pname}/mod_*.so +%dir %{installbuilddir} +%dir %{_prefix}/share/%{pname} +%{_prefix}/share/%{pname}/apache-20-22-upgrade +%{_prefix}/share/%{pname}/get_module_list +%{_prefix}/share/%{pname}/get_includes +%{_prefix}/share/%{pname}/find_httpd2_includes +%{_prefix}/share/%{pname}/find_mpm +%{_prefix}/share/%{pname}/load_configuration +%if %prefork + +%files prefork +%defattr(-,root,root) +%{_sbindir}/%{httpd}-prefork +%dir %{_libdir}/%{pname}-prefork +%{_libdir}/%{pname}-prefork/mod_*.so +%endif +%if %worker + +%files worker +%defattr(-,root,root) +%{_sbindir}/%{httpd}-worker +%dir %{_libdir}/%{pname}-worker +%{_libdir}/%{pname}-worker/mod_*.so +%endif +%if %event + +%files event +%defattr(-,root,root) +%{_sbindir}/%{httpd}-event +%dir %{_libdir}/%{pname}-event +%{_libdir}/%{pname}-event/mod_*.so +%endif + +%files devel -f filelist-devel +%defattr(-,root,root) +%dir %{_prefix}/share/%{pname} +%dir %{installbuilddir} +%dir %{includedir} +%{_sbindir}/apxs%{vers} + +%files doc +%defattr(-,root,root) +%doc %{manualdir} +%dir %{sysconfdir} +%dir %{sysconfdir}/conf.d +%config %{sysconfdir}/conf.d/apache2-manual.conf + +%files example-pages +%defattr(-,root,root) +%config(noreplace) %{htdocsdir}/index.htm* +%config(noreplace) %{htdocsdir}/apache_*.png +%config(noreplace) %{htdocsdir}/apache_*.gif +%config(noreplace) %{htdocsdir}/favicon.ico +%config(noreplace) %{htdocsdir}/robots.txt +%if %prefork + +%post prefork +/usr/share/%{pname}/get_module_list &>/dev/null +exit 0 +%endif +%if %worker + +%post worker +/usr/share/%{pname}/get_module_list &>/dev/null +exit 0 +%endif +%if %event + +%post event +/usr/share/%{pname}/get_module_list &>/dev/null +exit 0 +%endif +%if %{?suse_version:0}%{!?suse_version:1} + +%pre +# on Fedora, add the "apache" user +/usr/sbin/useradd -c "Apache" -u 48 \ + -s /sbin/nologin -r -d %{localstatedir} apache 2> /dev/null || : +%endif + +%preun +# +# O/ ._ .__ / ._ _ __|_ +# /O |_)|(/_ / |_)(_)_> |_ +# | | +# +#if %suse_version > 810 +#stop_on_removal %{pname} +#endif +for i in %{_sbindir}/%{httpd} \ + %{installbuilddir}/config_vars.mk +do + test -L $i && rm $i +done +exit 0 + +%postun +#if %suse_version > 810 +#restart_on_update %{pname} +#endif +%insserv_cleanup + +%post +%run_permissions +%if 0%{?suse_version} +# a group wwwadmin has existed in the distant past, and it was renamed to www +if grep -q "^wwwadmin:" /etc/group; then + groupmod -n www wwwadmin 2>/dev/null ||: +fi +%endif +usermod -g %httpdgroup %httpduser 2>/dev/null ||: +usermod -s /bin/false %httpduser 2>/dev/null ||: +tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; } +tmpfile=$tmpdir/tmpfile +RC_CONFIG=etc/rc.config +if [ -e $RC_CONFIG ]; then + . $RC_CONFIG + if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then + echo -n "removing obsolete START_HTTPSD from etc/rc.config ..." + sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \ + -e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \ + && cp $tmpfile $RC_CONFIG + echo "done" + fi +fi + +if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then + sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \ + && cp $tmpfile etc/sysconfig/%{pname} +fi +%{fillup_and_insserv -ns apache2 apache2 START_HTTPD} +%{fillup_only -ans apache2 apache2} +# Update ? +if [ ${FIRST_ARG:-0} -gt 1 ]; then + # update from package with the old near-monolithic conf file? + if [ -s ./%{sysconfdir}/httpd.conf.default -a -s ./%{sysconfdir}/httpd.conf.rpmnew ]; then + diff -u .%{sysconfdir}/httpd.conf.default .%{sysconfdir}/httpd.conf \ + > $tmpdir/httpd.conf.dif ||: + cp -p $tmpdir/httpd.conf.dif ./%{sysconfdir}/httpd.conf var/adm/backup/ + archive_conf=$(old var/adm/backup/httpd.conf 2>/dev/null); archive_conf=${archive_conf##*/} + archive_dif=$(old var/adm/backup/httpd.conf.dif 2>/dev/null); archive_dif=${archive_dif##*/} + fi + # + sed " + # generated files were renamed from suse_* to sysconfig.d/* + s|\(^Include /etc/apache2\)/suse_\(\(include\|loadmodule\|global\).conf\)|\1/sysconfig.d/\2| + + # the access_log configuration is now configurable + s|^CustomLog /var/log/apache2/access_log.*|# &| + + # group of wwwrun has changed + s|^Group nogroup|Group www| + + " < ./%{sysconfdir}/httpd.conf > $tmpfile + chmod --reference=./%{sysconfdir}/httpd.conf $tmpfile + chown --reference=./%{sysconfdir}/httpd.conf $tmpfile + cmp -s $tmpfile ./%{sysconfdir}/httpd.conf || cp -p $tmpfile ./%{sysconfdir}/httpd.conf +fi + +rm -rf $tmpdir +/usr/share/%{pname}/apache-20-22-upgrade +/usr/share/%{pname}/get_module_list &>/dev/null +exit 0 + +%verifyscript +%verify_permissions -e %{_sbindir}/suexec2 + +%clean +if ! test -f /.buildenv; then + rm -rf $RPM_BUILD_ROOT +fi + +%changelog -n apache2 +* Wed Dec 20 2006 - poeml@suse.de +- set a proper HOME (/var/lib/apache2), otherwise the server might + end up HOME=/root and some script might try to use that [#132769] +- add two notes to the QUICKSTART readmes +- don't install /etc/apache2/extra configuration since this is only + serving as an example and installed with the documentation anyway +* Tue Sep 26 2006 - poeml@suse.de +- add rpm macro for suexec_safepath +- use _bindir/_sbindir in a few places [#202355] +- remove unused /sbin/conf.d directory from build root +* Thu Aug 31 2006 - poeml@suse.de +- Enable fatal exception hook for use by diagnostic modules. +* Tue Aug 29 2006 - poeml@suse.de +- move some binaries, where calling by users makes sense (dbmmanage + htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133] +* Wed Aug 09 2006 - poeml@suse.de +- upstream 2.2.3 + |SECURITY: CVE-2006-3747 (cve.mitre.org) + | mod_rewrite: Fix an off-by-one security problem in the ldap scheme + | handling. For some RewriteRules this could lead to a pointer being + | written out of bounds. Reported by Mark Dowd of McAfee. + | mod_authn_alias: Add a check to make sure that the base provider and the + | alias names are different and also that the alias has not been registered + | before. PR 40051. + | mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP + | client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529. + | mod_autoindex: Fix filename escaping with FancyIndexing disabled. + | PR 38910. + | mod_cache: + | - Make caching of reverse SSL proxies possible again. PR 39593. + | - Do not overwrite the Content-Type in the cache, for + | successfully revalidated cached objects. PR 39647. + | mod_charset_lite: Bypass translation when the source and dest charsets + | are the same. + | mod_dbd: Fix dependence on virtualhost configuration in + | defining prepared statements (possible segfault at startup + | in user modules such as mod_authn_dbd). + | mod_mem_cache: Set content type correctly when delivering data from + | cache. PR 39266. + | mod_speling: Add directive to deal with case corrections only + | and ignore other misspellings + | miscellaneous: + | - Add optional 'scheme://' prefix to ServerName directive, + | allowing correct determination of the canonical server URL + | for use behind a proxy or offload device handling SSL; + | fixing redirect generation in those cases. PR 33398. + | - Added server_scheme field to server_rec for above. Minor MMN bump. + | - Worker MPM: On graceless shutdown or restart, send signals + | to each worker thread to wake them up if they're polling on + | a Keep-Alive connection. PR 38737. + | - worker and event MPMs: fix excessive forking if fork() or + | child_init take a long time. PR 39275. + | - Respect GracefulShutdownTimeout in the worker and event MPMs. + | - configure: Add "--with-included-apr" flag to force use of + | the bundled version of APR at build time. +* Tue Jul 04 2006 - poeml@suse.de +- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is + found +* Fri Jun 23 2006 - poeml@suse.de +- fix typo in apache-20-22-upgrade script: mod_image_map -> + mod_imagemap +* Mon Jun 12 2006 - poeml@suse.de +- enable logresolve processing of lines longer than 1024 characters + by compiling with MAXLINE=4096 [#162806] +* Fri Jun 09 2006 - poeml@suse.de +- upstream 2.2.2 + | SECURITY: CVE-2005-3357 (cve.mitre.org) + | mod_ssl: Fix a possible crash during access control checks + | if a non-SSL request is processed for an SSL vhost (such as + | the "HTTP request received on SSL port" error message when + | an 400 ErrorDocument is configured, or if using "SSLEngine + | optional"). PR 37791. + | SECURITY: CVE-2005-3352 (cve.mitre.org) + | mod_imagemap: Escape untrusted referer header before + | outputting in HTML to avoid potential cross-site scripting. + | Change also made to ap_escape_html so we escape quotes. + | Reported by JPCERT. + | mod_cache: + | - Make caching of reverse proxies possible again. PR 38017. + | mod_disk_cache: + | - Return the correct error codes from bucket read failures, + | instead of APR_EGENERAL. + | mod_dbd: + | - Update defaults, improve error reporting. + | - Create own pool and mutex to avoid problem use of process + | pool in request processing. + | mod_deflate: + | - work correctly in an internal redirect + | mod_proxy: + | - don't reuse a connection that may be to the wrong backend PR 39253 + | - Do not release connections from connection pool twice. PR 38793. + | - Fix KeepAlives not being allowed and set to backend servers. PR 38602. + | - Fix incorrect usage of local and shared worker init. PR 38403. + | - If we get an error reading the upstream response, close the + | connection. + | mod_proxy_balancer: + | - Initialize members of a balancer correctly. PR 38227. + | mod_proxy_ajp: + | - Flushing of the output after each AJP chunk is now + | configurable at runtime via the 'flushpackets' and 'flushwait' + | worker params. Minor MMN bump. + | - Crosscheck the length of the body chunk with the length of the + | ajp message to prevent mod_proxy_ajp from reading beyond the + | buffer boundaries and thus revealing possibly sensitive memory + | contents to the client. + | - Support common headers of the AJP protocol in responses. PR 38340. + | mod_proxy_http: + | - Do send keep-alive header if the client sent connection: + | keep-alive and do not close backend connection if the client + | sent connection: close. PR 38524. + | mod_proxy_balancer: + | - Do not overwrite the status of initialized workers and respect + | the configured status of uninitilized workers when creating a + | new child process. + | - Fix off-by-one error in proxy_balancer. PR 37753. + | mod_speling: + | - Stop crashing with certain non-file requests. + | mod_ssl: + | - Fix possible crashes in shmcb with gcc 4 on platforms + | requiring word-aligned pointers. PR 38838. + | miscellaneous: + | - core: Prevent reading uninitialized memory while reading a line of + | protocol input. PR 39282. + | - core: Reject invalid Expect header immediately. PR 38123. + | - Default handler: Don't return output filter apr_status_t values. + | PR 31759. + | - Add APR/APR-Util Compiled and Runtime Version numbers to the + | output of 'httpd -V'. + | - http: If a connection is aborted while waiting for a chunked line, + | flag the connection as errored out. + | - Don't hang on error return from post_read_request. PR 37790. + | - Fix mis-shifted 32 bit scope, masked to 64 bits as a method. + | - Fix recursive ErrorDocument handling. PR 36090. + | - Ensure that the proper status line is written to the client, fixing + | incorrect status lines caused by filters which modify r->status without + | resetting r->status_line, such as the built-in byterange filter. + | - HTML-escape the Expect error message. Not classed as security as + | an attacker has no way to influence the Expect header a victim will + | send to a target site. + | - Chunk filter: Fix chunk filter to create correct chunks in the case that + | a flush bucket is surrounded by data buckets. + | - Avoid Server-driven negotiation when a script has emitted an + | explicit Status: header. PR 38070. + | - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX. + | - htdbm: Warn the user when adding a plaintext password on a platform + | where it wouldn't work with the server (i.e., anywhere that has + | crypt()). +- adapted httpd-2.1.3alpha-autoconf-2.59.dif +- other user visible changes: + * use a2enmod, a2enflag in apache2-README.QUICKSTART.* + * add README.QUICKSTART link to httpd.conf +- when installing/updating, avoid irritating message in + /var/log/messages ("group is unknown - group=wwwadmin") [#183071] +- build system changes: + * clean up old cruft tight to suse_version macros + * don't run buildconf, and thus don't need python. + * don't ship uid.conf as source file, but create it dynamically + instead, according to user/group defined via rpm macro + * create wwwrun:www user on non-SUSE builds + * work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds + * add openssl-devel and expat-devel to Buildrequires for non-SUSE builds + * make sure that the rpm macro sles_version is defined + * remove obsolete VENDOR UnitedLinux macro +* Tue Apr 25 2006 - poeml@suse.de +- obsolete 'apache' package on SLES10 (obsolete it on all platforms + except SLES9 and old SL releases) +* Wed Mar 29 2006 - poeml@suse.de +- remove php4 from default modules [#155333] +- fix comment in /etc/init.d/apache2 [#148559] +* Mon Feb 20 2006 - poeml@suse.de +- fixed comment in init script which indicated wrong version [#148559] +* Mon Jan 30 2006 - poeml@suse.de +- added Requires: libapr-util1-devel to apache2-devel package [#146496] +* Fri Jan 27 2006 - poeml@suse.de +- add a note about NameVirtualHost statements to the vhost template + files [#145000] +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 20 2006 - poeml@suse.de +- cleanup: remove obsolete metuxmpm patch +- improve informational text in apache-20-22-upgrade +* Wed Jan 18 2006 - poeml@suse.de +- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to + increase it anymore (fixes [#143536]) +* Mon Dec 19 2005 - poeml@suse.de +- update to 2.2.0 +- enable all new modules +- replaced modules "auth auth_dbm access" in default configuration + by "auth_basic authn_file authn_dbm authz_host authz_default + authz_user"" +- /usr/share/apache2/apache-20-22-upgrade will fix the module list + on upgrade +- fix bug in sysconf_addword (used by a2enmod) to respect word + boundaries when removing a word (but don't count slashes as word + boundary) +- remove perchild mpm subpackage, add experimemtal event mpm +- remove obsolete tool apache2-reconfigure-mpm +- remove obsolete perchild config from apache2-server-tuning.conf +- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild +- build against system pcre +- build with --enable-pie +- don't modify which libraries are linked in +- adjust IndexIgnore setting to upstream default. Previously, the + parent directory (..) was being ignored +- package the symlinks in ssl.crt +* Wed Dec 07 2005 - poeml@suse.de +- patch apxs to use the new a2enmod tool, when called with -a +- add -l option to a2enmod, which gives a list of active modules +- adjust feedback address in the readmes +- update README.QUICKSTART.SSL (mention TinyCA) +- add more documentation in server-tuning.conf, and adjust defaults +- do not document the restart-hup action of the init script. It + should not be used +- don't install the tool checkgid -- it is only usable during + installation +* Fri Nov 18 2005 - poeml@suse.de +- fix duplicated Source45 tag +* Mon Oct 24 2005 - poeml@suse.de +- update to 2.0.55. Relevant changes: + | SECURITY: CAN-2005-2700 (cve.mitre.org) + | mod_ssl: Fix a security issue where "SSLVerifyClient" was + | not enforced in per-location context if "SSLVerifyClient + | optional" was configured in the vhost configuration. + | SECURITY: CAN-2005-2491 (cve.mitre.org): + | Fix integer overflows in PCRE in quantifier parsing which + | could be triggered by a local user through use of a + | carefully-crafted regex in an .htaccess file. + | SECURITY: CAN-2005-2088 (cve.mitre.org) + | proxy: Correctly handle the Transfer-Encoding and + | Content-Length headers. Discard the request Content-Length + | whenever T-E: chunked is used, always passing one of either + | C-L or T-E: chunked whenever the request includes a request + | body. Resolves an entire class of proxy HTTP Request + | Splitting/Spoofing attacks. + | SECURITY: CAN-2005-2728 (cve.mitre.org) + | Fix cases where the byterange filter would buffer responses + | into memory. PR 29962. + | SECURITY: CAN-2005-2088 (cve.mitre.org) + | core: If a request contains both Transfer-Encoding and + | Content-Length headers, remove the Content-Length, + | mitigating some HTTP Request Splitting/Spoofing attacks. + | SECURITY: CAN-2005-1268 (cve.mitre.org) + | mod_ssl: Fix off-by-one overflow whilst printing CRL + | information at "LogLevel debug" which could be triggered if + | configured to use a "malicious" CRL. PR 35081. + | miscellaneous: + | - worker MPM: Fix a memory leak which can occur after an + | aborted connection in some limited circumstances. + | - worker mpm: don't take down the whole server for a transient + | thread creation failure. PR 34514 + | - Added TraceEnable [on|off|extended] per-server directive to + | alter the behavior of the TRACE method. This addresses a + | flaw in proxy conformance to RFC 2616 - previously the proxy + | server would accept a TRACE request body although the RFC + | prohibited it. The default remains 'TraceEnable on'. + | - Add ap_log_cerror() for logging messages associated with + | particular client connections. + | - Support the suppress-error-charset setting, as with Apache + | 1.3.x. PR 31274. + | - Fix bad globbing comparison which could result in getting a + | directory listing when a file was requested. PR 34512. + | - Fix a file descriptor leak when starting piped loggers. PR + | 33748. + | - Prevent hangs of child processes when writing to piped + | loggers at the time of graceful restart. PR 26467. + | mod_cgid: + | - Correct mod_cgid's argv[0] so that the full path can be + | delved by the invoked cgi application, to conform to the + | behavior of mod_cgi. + | mod_include: + | - Fix possible environment variable corruption when using + | nested includes. PR 12655. + | mod_ldap: + | - Fix PR 36563. Keep track of the number of attributes + | retrieved from LDAP so that all of the values can be + | properly cached even if the value is NULL. + | - Fix core dump if mod_auth_ldap's + | mod_auth_ldap_auth_checker() was called even if + | mod_auth_ldap_check_user_id() was not (or if it didn't + | succeed) for non-authoritative cases. + | - Avoid segfaults when opening connections if using a version + | of OpenLDAP older than 2.2.21. PR 34618. + | - Fix various shared memory cache handling bugs. PR 34209. + | mod_proxy: + | - Fix over-eager handling of '%%' for reverse proxies. PR + | 15207. + | - proxy HTTP: If a response contains both Transfer-Encoding + | and a Content-Length, remove the Content-Length and don't + | reuse the connection, mitigating some HTTP Response + | Splitting attacks. + | - proxy HTTP: Rework the handling of request bodies to handle + | chunked input and input filters which modify content length, + | and avoid spooling arbitrary-sized request bodies in memory. + | PR 15859. + | mod_ssl: + | - Fix build with OpenSSL 0.9.8. PR 35757. + | mod_rewrite: + | - use buffered I/O to improve performance with large + | RewriteMap txt: files. + | mod_userdir: + | - Fix possible memory corruption issue. PR 34588. +- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif + httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif + apache2-bundled-pcre-5.0-CAN-2005-2491.dif + httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff + httpd-2.0.54-ap_byterange-CAN-2005-2728.diff +- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55) +* Thu Oct 20 2005 - poeml@suse.de +- rc.apache2: when stopping the server, wait for the actual binary + of the parent process to disappear. Waiting for the pid file to + disappear is not sufficient, because not all cleanup might be + finished at the time of its removal. [#96492], [#85539] +* Wed Oct 12 2005 - poeml@suse.de +- fix security hole by wrongly initializing LD_LIBRARY_PATH in + /usr/sbin/envvars (used by apache2ctl only) [#118188] +* Fri Sep 30 2005 - poeml@suse.de +- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch) +* Mon Sep 26 2005 - ro@suse.de +- define LDAP_DEPRECATED in CFLAGS +* Fri Sep 02 2005 - poeml@suse.de +- security fix [CAN-2005-2728 (cve.mitre.org)]: + fix memory consumption bug in byterange handling +- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701] + if "SSLVerifyClient optional" has been configured at the vhost + context then "SSLVerifyClient require" is not enforced in a + location context within that vhost; effectively allowing clients + to bypass client-cert authentication checks. [#114701] +* Wed Aug 31 2005 - poeml@suse.de +- Security fix: fix integer overflows in PCRE in quantifier parsing which + could be triggered by a local user through use of a carefully-crafted + regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209] +* Tue Aug 30 2005 - lmuelle@suse.de +- Escape also any forward slash while removing a word with sysconf_addword. +* Fri Aug 26 2005 - lmuelle@suse.de +- Escape any forward slash in the word argument of sysconf_addword. +* Sun Aug 14 2005 - ro@suse.de +- alingn suexec2 permissions with permissions.secure +* Thu Aug 11 2005 - poeml@suse.de +- the permissions files are now maintained centrally and packaged + in the permissions package. Package suexec2 with mode 0750. [#66304] +* Fri Aug 05 2005 - poeml@suse.de +- change SSLMutex "default" so APR always picks the best on the + platform +- fix Source42 tag which was present twice +- add a2enmod/a2enflag to add/remove modules/flags conveniently +- add charset.conv table for mod_auth_ldap +- make sure that suse_version is defined (it might be unset by e.g. + ISPs preinstallations) +* Tue Jul 12 2005 - poeml@suse.de +- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request + contains both Transfer-Encoding and a Content-Length, remove the + Content-Length, stopping some HTTP Request smuggling attacks. + mod_proxy: Reject chunked requests. [#95709] +- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix + off-by-one overflow whilst printing CRL information at "LogLevel + debug" which could be triggered if configured to use a + "malicious" CRL. PR 35081. [#95709] +* Mon Jun 20 2005 - poeml@suse.de +- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with + -fpie and link with -pie +* Wed May 18 2005 - poeml@suse.de +- update to 2.0.54. Relevant changes: + | mod_cache: + | - Add CacheIgnoreHeaders directive. PR 30399. + | mod_dav: + | - Correctly export all public functions. + | mod_ldap: + | - Added the directive LDAPConnectionTimeout to configure the + | ldap socket connection timeout value. + | mod_ssl: + | - If SSLUsername is used, set r->user earlier. PR 31418. + | miscellaneous: + | - Unix MPMs: Shut down the server more quickly when child + | processes are slow to exit. + | - worker MPM: Fix a problem which could cause httpd processes + | to remain active after shutdown. + | - Remove formatting characters from ap_log_error() calls. + | These were escaped as fallout from CAN-2003-0020. + | - core_input_filter: Move buckets to a persistent brigade + | instead of creating a new brigade. This stop a memory leak + | when proxying a Streaming Media Server. PR 33382. + | - htdigest: Fix permissions of created files. PR 33765. +* Mon Mar 14 2005 - poeml@suse.de +- revise README +* Mon Mar 07 2005 - poeml@suse.de +- when building the suexec binary, set the "docroot" compile time + option to the datadir (/srv/www) instead of the htdocsdir + (/srv/www/htdocs), so it can be used with virtual hosts placed + e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper. +- add php5 to APACHE_MODULES by default, so it can be used simply + by installing the package. Suppress warning about not-found + module in the php4/php5 case. [#66729] +- remove a redundant get_module_list call from the init script +- add hints about vhost setup to README.QUICKSTART +- after a change of APACHE_MPM, apache2-reconfigure-mpm is no + longer needed since SuSEconfig.apache2 is gone. Leave it for + compatibility, because /etc/sysconfig/apache2 is probably not + updated and yast may still use it. +- move the 4 most important variables in sysconfig.apache2 to the + top of the file +- add note about the old monolithic configuration file and how to + use it +- drop patch httpd-2.0.40-openssl-version.dif (we don't even have + openssl-0.9.6e anywhere, any longer) +* Wed Mar 02 2005 - poeml@suse.de +- fix TLS upgrade patch: with SSLEngine set to Optional, an + additional token in an Upgrade: header before "TLS/1.0" could + result into an infinite loop [#67126] +* Tue Feb 22 2005 - poeml@suse.de +- run /usr/share/apache2/get_module_list post install, which will + also create the symlink to the httpd2 binary, which might be + necessary during package building when apache has been installed + but never been run. +* Mon Feb 21 2005 - poeml@suse.de +- remove SuSEconfig.apache2 +* Fri Feb 11 2005 - poeml@suse.de +- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all + available modules plus 9 perl modules was beginning to fail +* Wed Feb 09 2005 - poeml@suse.de +- update to 2.0.53. Relevant changes: + | SECURITY: CAN-2004-0942 (cve.mitre.org) + | Fix for memory consumption DoS in handling of MIME folded request + | headers. + | SECURITY: CAN-2004-0885 (cve.mitre.org) + | mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be + | bypassed during an SSL renegotiation. PR 31505. + | mod_dumpio: + | - new I/O logging/dumping module, added to the + | modules/expermimental subdirectory. + | mod_ssl: + | - fail quickly if SSL connection is aborted rather than making + | many doomed ap_pass_brigade calls. PR 32699. + | - Fail at startup rather than segfault at runtime if a client cert + | is configured with an encrypted private key. PR 24030. + | mod_include: + | - Fix bug which could truncate variable expansions of N*64 + | characters by one byte. PR 32985. + | mod_status: + | - Start keeping track of time-taken-to-process-request again if + | ExtendedStatus is enabled. + | util_ldap: + | - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so + | that ldap authorization only modules have access to the + | util_ldap user cache without having to require ldap + | authentication as well. PR 31898. + | mod_ldap: + | - Fix format strings to use %%APR_PID_T_FMT instead of %%d. + | - prevent the possiblity of an infinite loop in the LDAP + | statistics display. PR 29216. + | - fix a bogus error message to tell the user which file is causing + | a potential problem with the LDAP shared memory cache. PR 31431 + | - Fix the re-linking issue when purging elements from the LDAP + | cache PR 24801. + | mod_auth_ldap: + | - Added the directive "Requires ldap-attribute" that allows the + | module to only authorize a user if the attribute value specified + | matches the value of the user object. PR 31913 + | - Handle the inconsistent way in which the MS LDAP library handles + | special characters. PR 24437. + | mod_proxy: + | - Fix ProxyRemoteMatch directive. PR 33170. + | - Respect errors reported by pre_connection hooks. + | - Handle client-aborted connections correctly. PR 32443. + | mod_cache: + | - CacheDisable will only disable the URLs it was meant to disable, + | not all caching. PR 31128. + | - Try to correctly follow RFC 2616 13.3 on validating stale cache + | responses. + | - Fix Expires handling. + | mod_disk_cache: + | - Do not store aborted content. PR 21492. + | - Correctly store cached content type. PR 30278. + | - Do not store hop-by-hop headers. + | - Fix races in saving responses. + | mod_expires: + | - Alter mod_expires to run at a different filter priority to allow + | proper Expires storage by mod_cache. + | mod_rewrite: + | - Handle per-location rules when r->filename is unset. Previously + | this would segfault or simply not match as expected, depending + | on the platform. + | - Fix 0 bytes write into random memory position. PR 31036. + | miscellaneous: + | - Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740. + | - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448 + | - Allow for the use of --with-module=foo:bar where the ./modules/foo + | directory is local only. Assumes, of course, that the required + | files are in ./modules/foo, but makes it easier to statically + | build/log "external" modules. + | - --with-module can now take more than one module to be statically + | linked: --with-module=:,:,... + | If the -subdirectory doesn't exist it will be created and + | populated with a standard Makefile.in. + | - Fix handling of files >2Gb on all platforms (or builds) where + | apr_off_t is larger than apr_size_t. PR 28898. + | - Remove compiled-in upper limit on LimitRequestFieldSize. + | - Correct handling of certain bucket types in ap_save_brigade, fixing + | possible segfaults in mod_cgi with #include virtual. PR 31247. + | - conf: Remove AddDefaultCharset from the default configuration + | because setting a site-wide default does more harm than good. PR + | 23421. + | - Add charset to example CGI scripts. +- merge tls-upgrade.patch +- remove obsolete httpd-2.0.47-headtail.dif + httpd-2.0.52-util_ldap_cache_mgr.c.dif + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif + httpd-2.0.52-ssl-incomplete-keypair.dif + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif + httpd-2.0.52.21492.diff + httpd-2.0.52.30278.diff + httpd-2.0.52.30399.diff + httpd-2.0.52.30419.diff + httpd-2.0.52.31385.diff +- sync configuration with upstream changes + * Remove AddDefaultCharset (see upstream changelog above) + * LanguagePriority for error documents updated +* Sat Jan 15 2005 - schwab@suse.de +- Use : in permissions file. +* Tue Jan 11 2005 - schwab@suse.de +- Fix /etc/init.d/apache2 to use readlink instead of linkto or file. +* Mon Nov 29 2004 - hvogel@suse.de +- fix permission handling +* Thu Nov 11 2004 - poeml@suse.de +- fix /etc/init.d/apache2 to correctly handle the start of multiple + instances of the same binary (using startproc -f plus prior check + for running instance) [#48153] +- fix helper scripts to allow overriding of $sysconfig_file and + other useful values +- remove unused 'rundir' variable from /etc/init.d/apache2 +- removed backward compatibility code for pre-8.0 +- add documentation to the vhost template files and + README.QUICKSTART +* Mon Nov 08 2004 - poeml@suse.de +- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory + consumption DoS [#47967] +* Thu Nov 04 2004 - poeml@suse.de +- remove heimdal-devel from #neededforbuild, it is not needed +* Fri Oct 15 2004 - poeml@suse.de +- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117] +- update the TLS upgrade patch [#47207] + - mod_ssl returned invalid method on TLS upgraded connections + - additional checks for httpd_method and default_port hooks + - fixed typo in upgrade header +- add patches from Ruediger Pluem for the experimental modules + mod_disk_cache, mod_cache + PR 21492: mod_disk_cache: Do not store aborted content. + PR 30278: mod_disk_cache: Correctly store cached content type. + PR 30399: make storing of Set-Cookie headers optional + PR 30419: weird caching behaviour of mod_cache and old Cookies + PR 31385: skipping start of file if recaching already cached file +- patch from 2.0.53: Fail to configure when an SSL proxy is + configured with incomplete client cert keypair, rather than + segfaulting at runtime. PR 24030 + http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119 +* Mon Oct 11 2004 - poeml@suse.de +- add patch fixing re-linking issue when purging elements from the + LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801 + http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch +* Mon Oct 11 2004 - poeml@suse.de +- sync update configuration with upstream changes (2.0.52) + (mostly comments; configuration for spanish manual added) +- add mime type for shortcut icons (favicon.ico) +* Fri Oct 08 2004 - poeml@suse.de +- update to 2.0.52. Relevant changes: + | SECURITY: CAN-2004-0811 (cve.mitre.org) + | Fix merging of the Satisfy directive, which was applied to + | the surrounding context and could allow access despite configured + | authentication. PR 31315. + | util_ldap: + | Fix a segfault in the LDAP cache when it is configured switched off. + | mod_mem_cache: + | Fixed race condition causing segfault because of memory being + | freed twice, or reused after being freed. + | mod_log_config: + | Fix a bug which prevented request completion time from being + | logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE + | processing. PR 29696. + | miscellaneous: + | - Use HTML 2.0
for error pages. PR 30732 + | - Fix the handling of URIs containing %%2F when + | AllowEncodedSlashes is enabled. Previously, such urls would + | still be rejected. + | - Fix the global mutex crash when the global mutex is never + | allocated due to disabled/empty caches. + | - Add -l option to rotatelogs to let it use local time rather + | than UTC. PR 24417. +- changes from 2.0.51: + | SECURITY: CAN-2004-0786 (cve.mitre.org) + | Fix an input validation issue in apr-util which could be + | triggered by malformed IPv6 literal addresses. + | SECURITY: CAN-2004-0747 (cve.mitre.org) + | Fix buffer overflow in expansion of environment variables in + | configuration file parsing. + | SECURITY: CAN-2004-0809 (cve.mitre.org) + | mod_dav_fs: Fix a segfault in the handling of an indirect lock + | refresh. PR 31183. + | SECURITY: CAN-2004-0751 (cve.mitre.org) + | mod_ssl: Fix a segfault in the SSL input filter which could be + | triggered if using "speculative" mode, for instance by a proxy + | request to an SSL server. PR 30134. + | SECURITY: CAN-2004-0748 (cve.mitre.org) + | mod_ssl: Fix a potential infinite loop. PR 29964. + | mod_include: + | no longer checks for recursion, because that's done in the core. + | This allows for careful usage of recursive SSI. + | mod_rewrite: + | - Fix memory leak in the cache handlingof mod_rewrite. PR 27862. + | - Add %%{SSL:...} and %%{HTTPS} variable lookups. PR 30464. + | - mod_rewrite now officially supports RewriteRules in + | sections. PR 27985. + | - no longer confuse the RewriteMap caches if different maps + | defined in different virtual hosts use the same map name. PR 26462. + | mod_ssl: + | - Add new 'ssl_is_https' optional function. + | - Add "SSLUserName" directive to set r->user based on a chosen SSL + | environment variable. PR 20957. + | - Avoid startup failure after unclean shutdown if using shmcb. PR 18989. + | mod_autoindex: + | - Don't truncate the directory listing if a stat() call fails (for + | instance on a >2Gb file). PR 17357. + | mod_cache, mod_disk_cache, mod_mem_cache: + | - Refactor cache modules, and switch to the provider API instead + | of hooks. + | mod_disk_cache: + | - Implement binary format for on-disk header files. + | - Optimize network performance of disk cache subsystem by allowing + | zero-copy (sendfile) writes and other miscellaneous fixes. + | mod_userdir: + | - Ensure that the userdir identity is used for suexec userdir + | access in a virtual host which has suexec configured. PR 18156. + | mod_setenvif: + | - Remove "support" for Remote_User variable which never worked at + | all. PR 25725. + | - Extend the SetEnvIf directive to capture subexpressions of the + | matched value. + | mod_headers: + | - Backport from 2.1 / Regression from 1.3: mod_headers now knows + | again the functionality of the ErrorHeader directive. But + | instead using this misnomer additional flags to the Header + | directive were introduced ("always" and "onsuccess", defaulting + | to the latter). PR 28657. + | mod_usertrack: + | - Escape the cookie name before pasting into the regexp. + | mod_dir: + | - the trailing-slash behaviour is now configurable using the + | DirectorySlash directive. + | util_ldap: + | - Switched the lock types on the shared memory cache from thread + | reader/writer locks to global mutexes in order to provide cross + | process cache protection. + | - Reworked the cache locking scheme to eliminate duplicate cache + | entries in the credentials cache due to race conditions. + | - Enhanced the util_ldap cache-info display to show more detail + | about the contents and current state of the cache. + | mod_ldap: + | - Enable the option to support anonymous shared memory in + | mod_ldap. This makes the cache work on Linux again. + | miscellaneous: + | - Include directives no longer refuse to process symlinks on + | directories. Instead there's now a maximum nesting level of + | included directories (128 as distributed). This is configurable + | at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR + | 28492, PR 28370. + | - Prevent CGI script output which includes a Content-Range header + | from being passed through the byterange filter. + | - Satisfy directives now can be influenced by a surrounding + | container. PR 14726. + | - Makefile fix: httpd is linked against LIBS given to the 'make' + | invocation. PR 7882. + | - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs. + | - apachectl: Fix a problem finding envvars if sbindir != bindir. + | PR 30723. + | - Use the higher performing 'httpready' Accept Filter on all + | platforms except FreeBSD < 4.1.1. + | - Allow proxying of resources that are invoked via DirectoryIndex. + | PR 14648, 15112, 29961. + | - Small fix to allow reverse proxying to an ftp server. Previously + | an attempt to do this would try and connect to 0.0.0.0, + | regardless of the server specified. PR 24922 + | - Enable special ErrorDocument value 'default' which restores the + | canned server response for the scope of the directive. + | - work around MSIE Digest auth bug - if + | AuthDigestEnableQueryStringHack is set in r->subprocess_env + | allow mismatched query strings to pass. PR 27758. + | - Accept URLs for the ServerAdmin directive. If the supplied + | argument is not recognized as an URL, assume it's a mail + | address. PR 28174. + | - initialize server arrays prior to calling + | ap_setup_prelinked_modules so that static modules can push + | Defines values when registering hooks just like DSO modules can +- drop obsolete security fixes + httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif + httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif + httpd-2.0.50-CAN-2004-0747-ENVVAR.dif + httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif + httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif +- httpd-2.0.45-anon-mmap.dif included upstream +* Tue Sep 14 2004 - poeml@suse.de +- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in + mod_dav by remotely triggerable null-pointer dereference + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231] +- fix hint about vhost checking in the SSL readme +* Wed Sep 08 2004 - poeml@suse.de +- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability + in the apr-util library (lacking input validation on IPv6 literal + addresses in the apr_uri_parse function [#44736] +- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer + overflow that can occur when expanding ${ENVVAR} constructs in + .htaccess or httpd.conf files. [#44736] +* Mon Sep 06 2004 - poeml@suse.de +- rename check_forensic script to avoid clash with apache 1.3.x + package +* Fri Aug 27 2004 - poeml@suse.de +- implement action "startssl" in the init script. [#42365] +- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs. +- disable building of leader and metuxmpm MPMs. +* Wed Aug 25 2004 - poeml@suse.de +- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential + infinite loop in the SSL input filter which can be triggered by + an aborted connection + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103] +- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential + segfault in the SSL input filter which can be triggered by the + response to request which is proxied to a remote SSL server + http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103] +- remove the obsolete notify message on package update +* Thu Jul 08 2004 - poeml@suse.de +- update to 2.0.50. Relevant changes: + | SECURITY: CAN-2004-0493 (cve.mitre.org) + | Close a denial of service vulnerability identified by Georgi + | Guninski which could lead to memory exhaustion with certain + | input data. + | SECURITY: CAN-2004-0488 (cve.mitre.org) + | mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for + | a (trusted) client certificate subject DN which exceeds 6K in + | length. + | mod_alias: + | now emits a warning if it detects overlapping *Alias* directives. + | mod_cgi: Handle output on stderr during script execution on Unix + | platforms; preventing deadlock when stderr output fills pipe + | buffer. Also fixes case where stderr from nph- scripts could be + | lost. PR 22030, 18348. + | mod_dav: + | - Fix a problem that could cause crashes when manipulating locks + | on some platforms. + | mod_dav_fs: + | - Fix MKCOL response for missing parent collections, which caused + | issues for the Eclipse WebDAV extension. PR 29034. + | mod_deflate: + | - Fix memory consumption (which was proportional to the response + | size). PR 29318. + | mod_expires: + | - Fix segfault which occured under certain circumstances. PR 28047. + | mod_headers: + | - no longer crashes if an empty header value should be added. + | mod_log_forensic: + | - new module. + | mod_logio: + | - no longer removes the EOS bucket. PR 27928. + | mod_proxy: + | - Fix handling of IPv6 numeric strings. + | mod_rewrite: + | no longer turns forward proxy requests into reverse proxy + | requests. PR 28125 + | mod_ssl: + | - Log the errors returned on failure to load or initialize a + | crypto accelerator engine. + | - Fix a potential segfault in the 'shmcb' session cache for small + | cache sizes. PR 27751. + | - Fix memory leak in session cache handling. PR 26562 + | - Fix potential segfaults when performing SSL shutdown from a pool + | cleanup. PR 27945. + | mod_auth_ldap/util_ldap: + | - allow relative paths for LDAPTrustedCA to be resolved against + | ServerRoot PR#26602 + | - Throw an error message if an attempt is made to use the + | LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost. + | PR 26390 + | - Fix a potential segfault if the bind password in the LDAP cache + | is NULL. PR 28250. + | - Overhaul handling of LDAP error conditions, so that the + | util_ldap_* functions leave the connections in a sane state + | after errors have occurred. PR 27748, 17274, 17599, 18661, + | 21787, 24595, 24683, 27134, 27271 + | - mod_ldap calls ldap_simple_bind_s() to validate the user + | credentials. If the bind fails, the connection is left in an + | unbound state. Make sure that the ldap connection record is + | updated to show that the connection is no longer bound. + | - Update the bind credentials for the cached LDAP connection to + | reflect the last bind. This prevents util_ldap from creating + | unnecessary connections rather than reusing cached connections. + | - Quotes cannot be used around require group and require dn + | directives, update the documentation to reflect this. Also add + | quotes around the dn and group within debug messages, to make it + | more obvious why authentication is failing if quotes are used in + | error. PR 19304. + | miscellaneous: + | - Allow RequestHeader directives to be conditional. PR 27951. + | - Allow LimitRequestBody to be reset to unlimited. PR 29106 + | - now applies to all IP addresses for myhost + | instead of just the first one reported by the resolver. This + | corrects a regression since 1.3. + | - Fix a bunch of cases where the return code of the regex compiler + | was not checked properly. This affects: mod_setenvif, + | mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218. + | - Remove 2Gb log file size restriction on some 32-bit platforms. + | PR 13511. + | - htpasswd no longer refuses to process files that contain empty + | lines. + | - Regression from 1.3: At startup, suexec now will be checked for + | availability, the setuid bit and user root. The works only if + | httpd is compiled with the shipped APR version (0.9.5). PR + | 28287. + | - Unix MPMs: Stop dropping connections when the file descriptor is + | at least FD_SETSIZE. + | - Fix a segfault when requests for shared memory fails and returns + | NULL. Fix a segfault caused by a lack of bounds checking on the + | cache. PR 24801. + | - Ensure that lines in the request which are too long are properly + | terminated before logging. + | - htpasswd: use apr_temp_dir_get() and general cleanup + | - logresolve: Allow size of log line buffer to be overridden at + | build time (MAXLINE). PR 27793. + | - Fix the comment delimiter in htdbm so that it correctly parses + | the username comment. Also add a terminate function to allow + | NetWare to pause the output before the screen is destroyed. + | - Fix crash when Apache was started with no Listen directives. + | - core_output_filter: Fix bug that could result in sending garbage + | over the network when module handlers construct bucket brigades + | containing multiple file buckets all referencing the same open + | file descriptor. + | - Fix memory corruption problem with ap_custom_response() + | function. The core per-dir config would later point to request + | pool data that would be reused for different purposes on + | different requests. +- drop obsolete patches +- change vendor string SuSE -> SUSE +* Tue Jun 29 2004 - poeml@suse.de +- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of + Service vulnaribility which could lead to memory exhaustion with + certain input data. [#42566] +* Fri Jun 18 2004 - poeml@suse.de +- package forgotten CHANGES file +- package apr and apr-util documentation files +- fix log_server_status2 to use perl's Socket module +* Wed May 19 2004 - poeml@suse.de +- security fix for mod_ssl: fix buffer overflow in + ssl_util_uuencode() [#40791] +* Wed Apr 28 2004 - poeml@suse.de +- add TLS upgrade patch [#39449] +- add patch to allow writing log files larger than 2>GB [#39453] +- obsolete apache and mod_ssl versions only when older than what is + shipped with 9.1 +- don't provide mod_ssl +* Fri Apr 02 2004 - cschum@suse.de +- Add "suse_help_viewer" provides [#37932] +* Mon Mar 29 2004 - poeml@suse.de +- provide and obsolete packages apache, mod_ssl, apache-doc and + apache-example-pages [#37084] +* Mon Mar 22 2004 - poeml@suse.de +- disable large file support by not building with _FILE_OFFSET_BITS=64, + in favour of retaining a binary compatible module API. + Therefore, do not change the module magic number. LFS can be + enabled by building via rpmbuild --define 'build_with_LFS 1' +* Thu Mar 18 2004 - poeml@suse.de +- update to proposed 2.0.49 tarball + - mod_cgid: Fix storage corruption caused by use of incorrect pool. + - docs update +- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635] +- fix a comment in default-server.conf +- remove obsolete ssl_scache_cleanup support script and ftok helper +* Tue Mar 16 2004 - poeml@suse.de +- change mmn in header file as well, for modules that include it + from there +* Mon Mar 15 2004 - poeml@suse.de +- update to 2.0.49-rc2. Relevant changes: + | The whole codebase was relicensed and is now available under the + | Apache License, Version 2.0 (http://www.apache.org/licenses). + | [Apache Software Foundation] + | Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory + | leak in plain-HTTP-on-SSL-port handling. PR 27106. + | Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data + | before writing into the errorlog. Unescaped errorlogs are still + | possible using the compile time switch + | "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". + | mod_ssl: + | - Send the Close Alert message to the peer before closing the + | SSL session. PR 27428. + | - Fix bug in passphrase handling which could cause spurious + | failures in SSL functions later. PR 21160. + | - Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057. + | - Fix streaming output from an nph- CGI script. PR 21944 + | - Advertise SSL library version as determined at run-time rather + | than at compile-time. PR 23956. + | - Fix segfault on a non-SSL request if the 'c' log format code + | is used. PR 22741. + | - Fix segfaults at startup if other modules which use OpenSSL + | are also loaded. + | - Use human-readable OpenSSL error strings in logs; use + | thread-safe interface for retrieving error strings. + | mod_cache: + | - Fixed cache-removal order in mod_mem_cache. + | - Fix segfault in mod_mem_cache cache_insert() due to cache size + | becoming negative. PR: 21285, 21287 + | - Modified the cache code to be header-location agnostic. Also + | fixed a number of other cache code bugs related to PR 15852. + | Includes a patch submitted by Sushma Rai . + | This fixes mod_mem_cache but not mod_disk_cache yet so I'm not + | closing the PR since that is what they are using. + | mod_dav: + | - Reject requests which include an unescaped fragment in the + | Request-URI. PR 21779. + | - Use bucket brigades when reading PUT data. This avoids + | problems if the data stream is modified by an input filter. PR + | 22104. + | - Return a WWW-auth header for MOVE/COPY requests where the + | destination resource gives a 401. PR 15571. + | - Fix a problem with namespace mappings being dropped in + | mod_dav_fs; if any property values were set which defined + | namespaces these came out mangled in the PROPFIND response. + | PR 11637. + | mod_expires: + | - Initialize ExpiresDefault to NULL instead of "" to avoid + | reporting an Internal Server error if it is used without + | having been set in the httpd.conf file. PR: 23748, 24459 + | - Add support for IMT minor-type wildcards (e.g., text/*) to + | ExpiresByType. PR#7991 + | mod_log_config / logging: + | - Fix some piped log problems: bogus "piped log program '(null)' + | failed" messages during restart and problem with the logger + | respawning again after Apache is stopped. PR 21648, PR 24805. + | - mod_log_config: Fix corruption of buffered logs with threaded + | MPMs. PR 25520. + | - mod_log_config: Log the minutes component of the timezone correctly. + | PR 23642. + | mod_proxy*: + | - proxy_http fix: mod_proxy hangs when both KeepAlive and + | ProxyErrorOverride are enabled, and a non-200 response without a + | body is generated by the backend server. (e.g.: a client makes a + | request containing the "If-Modified-Since" and "If-None-Match" + | headers, to which the backend server respond with status 304.) + | - Fix memory leak in handling of request bodies during reverse + | proxy operations. PR 24991. + | - mod_proxy: Fix cases where an invalid status-line could be sent + | to the client. PR 23998. + | mod_rewrite: + | - Catch an edge case, where strange subsequent RewriteRules + | could lead to a 400 (Bad Request) response. + | - Make REMOTE_PORT variable available in mod_rewrite. PR 25772. + | - In external rewrite maps lookup keys containing + | a newline now cause a lookup failure. PR 14453. + | - Fix RewriteBase directive to not add double slashes. + | mod_usertrack: + | - Fix bug in mod_usertrack when no CookieName is set. + | - mod_usertrack no longer inspects the Cookie2 header for + | the cookie name. PR 11475. + | - mod_usertrack no longer overwrites other cookies. + | PR 26002. + | mod_include, filters: + | - Backport major overhaul of mod_include's filter parser from 2.1. + | The new parser code is expected to be more robust and should + | catch all of the edge cases that were not handled by the previous one. + | The 2.1 external API changes were hidden by a wrapper which is + | expected to keep the API backwards compatible. + | - Add a hook (insert_error_filter) to allow filters to re-insert + | themselves during processing of error responses. Enable mod_expires + | to use the new hook to include Expires headers in valid error + | responses. This addresses an RFC violation. It fixes PRs 19794, + | 24884, and 25123. + | - complain via error_log when mod_include's INCLUDES filter is + | enabled, but the relevant Options flag allowing the filter to run + | for the specific resource wasn't set, so that the filter won't + | silently get skipped. next remove itself, so the warning will be + | logged only once + | - Fix mod_include's expression parser to recognize strings correctly + | even if they start with an escaped token. + | - Fix a problem with the display of empty variables ("SetEnv foo") in + | mod_include. PR 24734 + | - mod_include no longer allows an ETag header on 304 responses. + | PR 19355. + | mod_autoindex: + | - Don't omit the start tag if the SuppressIcon option is + | set. PR 21668. + | - Restore the ability to add a description for directories that + | don't contain an index file. (Broken in 2.0.48) + | - mod_autoindex / core: Don't fail to show filenames containing + | special characters like '%%'. PR 13598. + | - Add 'XHTML' option in order to allow switching between HTML + | 3.2 and XHTML 1.0 output. PR 23747. + | mod_status: + | - Add mod_status hook to allow modules to add to the mod_status + | report. + | - Report total CPU time accurately when using a threaded MPM. + | PR 23795. + | mod_info: + | - Fix mod_info to use the real config file name, not the default + | config file name. + | - HTML escape configuration information so it displays + | correctly. PR 24232. + | mod_auth_digest: + | - Allow mod_auth_digest to work with sub-requests with different + | methods than the original request. PR 25040. + | mod_auth_ldap: + | - Fix some segfaults in the cache logic. PR 18756. + | mod_cgid: + | - Restart the cgid daemon if it crashes. PR 19849 + | mod_setenvif: + | - Fix the regex optimizer, which under circumstances + | treated the supplied regex as literal string. PR 24219. + | miscellaneous: + | - core.c: If large file support is enabled, allow any file that is + | greater than AP_MAX_SENDFILE to be split into multiple buckets. + | This allows Apache to send files that are greater than 2gig. + | Otherwise we run into 32/64 bit type mismatches in the file size. + | - Fixed file extensions for real media files and removed rpm extension + | from mime.types. PR 26079. + | - Remove compile-time length limit on request strings. Length is + | now enforced solely with the LimitRequestLine config directive. + | - Set the scoreboard state to indicate logging prior to running + | logging hooks so that server-status will show 'L' for hung loggers + | instead of 'W'. + | - Fix the inability to log errors like exec failure in + | mod_ext_filter/mod_cgi script children. This was broken after + | such children stopped inheriting the error log handle. + | - fix "Expected > but saw " errors in nested, + | argumentless containers. + | - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm + | instead of mmn. + | - Add Polish translation of error messages. PR 25101. + | - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. + | - Fix htdbm to generate comment fields in DBM files correctly. + | - Correct UseCanonicalName Off to properly check incoming port number. + | - Fix slow graceful restarts with prefork MPM. + | - Keep focus of ITERATE and ITERATE2 on the current module when + | the module chooses to return DECLINE_CMD for the directive. + | PR 22299. + | - Build array of allowed methods with proper dimensions, fixing + | possible memory corruption. + | - worker MPM: fix stack overlay bug that could cause the parent + | process to crash. + | - Add XHTML Document Type Definitions to httpd.h (minor MMN bump). + | - Fix build with parallel make. PR 24643. + | - Add fatal exception hook for use by diagnostic modules. The hook + | is only available if the --enable-exception-hook configure parm + | is used and the EnableExceptionHook directive has been set to + | "on". + | - Improve 'configure --help' output for some modules. +- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is + fixed) +- disable automatic restarts, because they do not work properly + [#35408] +- change MMN to prevent loading of incompatible modules (modules + that are not built with `apxs -q CFLAGS` and therefore miss + _FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in + addition. +- use CPPFLAGS for passing preprocessor flags because they are + removed from CFLAGS +- Stop dropping connections when the file descriptor + is at least FD_SETSIZE. This isn't a problem on Linux because + poll() is used instead of select() by APR. Assert HAVE_POLL. + [#34178] +- add modifications to the code to the NOTICE file as required by + the new license +* Fri Feb 27 2004 - poeml@suse.de +- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware + crypto accelerators +- compile with -DMAX_SERVER_LIMIT=200000 +- if an SSL passphrase is not entered within the timeout, fall back + to start apache without SSL (with -D NOSSL). This could/should be + made configurable. +- clean up output of SuSEconfig.apache2 +- add pre-defined LogFormat "vhost_combined" +- configure /var/lib/apache2 for WebDAV locks +- add a readme about configuring WebDAV with digest authentication +- add default configuration for mod_usertrack (this is the current + workaround for the problem in the 1.3.29/2.0.48 release that + occurs if no CookieName is configured) +- in vhost.template, enclose all virtual host configuration in the + VirtualHost container +- update metuxmpm patch to r7 +- fix test run as non-root +* Tue Jan 13 2004 - schwab@suse.de +- Fix quoting in autoconf macros. +* Sat Dec 13 2003 - poeml@suse.de +- add changes to gensslcert from Volker Kuhlmann [#31803] +- revert default character set from UTF-8 to ISO-8859-1, and revert + the misleading comment that talked about filenames while it is + all about content of the files +* Tue Nov 18 2003 - poeml@suse.de +- add a ServerLimit directive to server-tuning.conf, so it's + already in the right place if someone needs to tweak it [#32852] +* Fri Nov 07 2003 - poeml@suse.de +- mark apache2-manual.conf in %%files doc as %%config +- wrap directives specific to the mod_negotiation module into an + block [#32848] +* Thu Oct 30 2003 - poeml@suse.de +- update to 2.0.48. Relevant / user visible changes are: + Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX + socket used to communicate with the cgid daemon and the CGI + script. + Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and + mod_rewrite which occurred if one configured a regular + expression with more than 9 captures. + mod_rewrite: + - Don't die silently when failing to open RewriteLogs. PR 23416 + - Fix support of the [P] option to send rewritten request using + "proxy:". The code was adding multiple "proxy:" fields in the + rewritten URI. PR: 13946. + - Ignore RewriteRules in .htaccess files if the directory + containing the .htaccess file is requested without a trailing + slash. PR 20195. + mod_include: + - Fix a trio of bugs that would cause various unusual sequences + of parsed bytes to omit portions of the output stream. PR 21095 + - fix segfault which occured if the filename was not set, for + example, when processing some error conditions. + mod_cgid: fix a hash table corruption problem which could + result in the wrong script being cleaned up at the end of a + request. + mod_ssl: Fix segfaults after renegotiation failure. PR 21370 + - Fix a problem setting variables that represent the client + certificate chain. PR 21371 + - Fix FakeBasicAuth for subrequest. Log an error when an + identity spoof is encountered. + - Assure that we block properly when reading input bodies with + SSL. PR 19242. + mod_autoindex: If a directory contains a file listed in the + DirectoryIndex directive, the folder icon is no longer replaced + by the icon of that file. PR 9587. + mod_usertrack: do not get false positive matches on the + user-tracking cookie's name. PR 16661. + mod_cache: + - Fix the cache code so that responses can be cached if they + have an Expires header but no Etag or Last-Modified headers. + PR 23130. cache_util: Fix ap_check_cache_freshness to check + max_age, smax_age, and expires as directed in RFC 2616. + mod_deflate: + - fix to not call deflate() without checking first whether it + has something to deflate. (Currently this causes deflate to + generate a fatal error according to the zlib spec.) PR 22259. + - Don't attempt to hold all of the response until we're done. + - Fix a bug, where mod_deflate sometimes unconditionally + compressed the content if the Accept-Encoding header + contained only other tokens than "gzip" (such as "deflate"). + PR 21523. + mod_proxy: Don't respect the Server header field as set by + modules and CGIs. As with 1.3, for proxy requests any such + field is from the origin server; otherwise it will have our + server info as controlled by the ServerTokens directive. + mod_log_config: Fix %%b log format to write really "-" when 0 + bytes were sent (e.g. with 304 or 204 response codes). + mod_ext_filter: Set additional environment variables for use by + the external filter. PR 20944. + core: + - allow .. containers (no arguments in the opening + tag), as in 1.3. Needed by mod_perl sections + - Fix a misleading message from the some of the threaded MPMs + when MaxClients has to be lowered due to the setting of + ServerLimit. + - Avoid an infinite recursion, which occured if the name of an + included config file or directory contained a wildcard + character. PR 22194. + - MPMs: The bucket brigades subsystem now honors the MaxMemFree + setting. + - Lower the severity of the "listener thread didn't exit" + message to debug, as it is of interest only to developers. + miscellaneous: + - Update the header token parsing code to allow LWS between the + token word and the ':' seperator. [PR 16520] + - Remember an authenticated user during internal redirects if + the redirection target is not access protected and pass it to + scripts using the REDIRECT_REMOTE_USER environment variable. + PR 10678, 11602. + - Update mime.types to include latest IANA and W3C types. + - Modify ap_get_client_block() to note if it has seen EOS. + ab: + - Overlong credentials given via command line no longer clobber + the buffer. + - Work over non-loopback on Unix again. PR 21495. + - Fix NULL-pointer issue in ab when parsing an incomplete or + non-HTTP response. PR 21085. +- add another example to apache2-listen.conf +- update apache2-mod_mime-defaults.conf according to 2.0.48 changes + (be clearer in describing the connection between AddType and + AddEncoding for defining the meaning of compressed file + extensions.) +- use a better example domain name in apache2-vhost-ssl.template +- the "define version_perl" was nowhere needed +* Mon Sep 22 2003 - mls@suse.de +- don't provide httpddoc in apache2-doc +* Thu Sep 18 2003 - poeml@suse.de +- add mod_php4 to the default list of APACHE_MODULES, and change + get_module_list to ignore non-existant modules (warnings will + be issued when it is run from SuSEconfig, but not from the init + script). How to enable the PHP4 module has been the most + frequently asked questions in user feedback [cf to #29735]. + This bug is tracked in [#31306] +- include conf.d/*.conf by default, as it was the case until + recently. User feedback showed that for many people the + separation of configuration includes into individual virtual + hosts is overkill, and it complicates the setup too much. More + finegrained control can be achieved by commenting out the + respective line in the default server config. [#30866], [#29735] +- remove the FIXME at the end of httpd.conf (obsoleted by the above + change), and place a strategical comment there about .local files +- add container around configuration in ssl template +* Tue Sep 09 2003 - poeml@suse.de +- change comment in sysconfig template to work around a fillup bug + [#30279] +* Mon Sep 08 2003 - poeml@suse.de +- fix wrong variable name in a comment of the sysconfig template +- update README.QUICKSTART +- add README.QUICKSTART.SSL +* Mon Sep 08 2003 - poeml@suse.de +- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template +* Fri Sep 05 2003 - poeml@suse.de +- disallow UserDir for user root +- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as + they were set on SuSE Linux 8.1 +- add more documentation to README.QUICKSTART, also mentioning what + might be too obvious: the document root [#29674] +- in %%post, diff to httpd.conf.default only when .rpmnew is present +- improve message sent on update +* Fri Aug 29 2003 - poeml@suse.de +- improve documentation on configuration +- compile with -Wall +- do not obsolete httpddoc, which is provided by apache-doc package + from apache1 +- add conflict apache2-example-pages <-> apache-example-pages +- fix building on older distros +* Tue Aug 19 2003 - poeml@suse.de +- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me +- don't force setting of a DocumentRoot, because the configuration + of the default vhost already contains it +- when testing on SL 8.0, the www group has to be created as well +- when testing on even older systems, don't add buildroot to + DocumentRoot in default-server.conf +* Fri Aug 15 2003 - poeml@suse.de +- revamped configuration + - add some CustomLog formats + - AddDefaultCharset UTF-8 [#22427] + - add activation metadata to sysconfig template [#28834] + - default APACHE_MODULES: add mod_ssl, remove mod_status + - new sysconfig variables: APACHE_USE_CANONICAL_NAME, + APACHE_DOCUMENT_ROOT + - get rid of the "suse_" prefix in generated config snippets, and + place them below /etc/apache2/sysconfig.d/. On update, convert + the Include statements in httpd.conf for the new locations + - add /etc/apache2/vhosts.d and virtual host templates + - the configuration for the manual is now seperate and installed + together with apache2-doc (conf.d/apache2-manual.conf) +- add distilled wisdom in form of README.QUICKSTART +- change group of wwwrun user: nogroup -> www [#21782] +- proxycachedir and localstatedir should not be world readable +- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to + configure the PidFile directive +- add -fno-strict-aliasing, due to warnings about code where + dereferencing type-punned pointers will break strict aliasing +- clean the RPM_BUILD_ROOT, but not in the build system +- new macros for stop/restart of services on rpm update/removal, + and improved try-restart section in rc.apache2 +- get rid of "modules" subdir, and remove dead code from + SuSEconfig.apache2 +- add some tools: get_includes, find_httpd2_includes, + apache2-reconfigure-mpm +- rename README.SuSE to README.{SuSE,UnitedLinux} +- include directories in filelists of MPM subpackages +- enclose package descriptions of MPMs in %%ifdef +- add a dependency of the MPM subpackages on the version of the + main package +- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff) +* Mon Jul 28 2003 - poeml@suse.de +- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG, + and remove the respective directives from httpd.conf.dist +- merge the ssl.conf.dif and httpd.conf.dif into one patch +* Sun Jul 27 2003 - poeml@suse.de +- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel + supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES + (which is unconditionally off, otherwise). Keep + -D_LARGEFILE_SOURCE since some modules might need it. +- make sure the package can be built as ordinary user +- special case mod_auth_mysql since its module_id is reversed +- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious) +- don't explicitely strip binaries since RPM handles it, and may + keep the stripped information somewhere +- reformat the header of the spec file +- allow to pass a number-of-jobs parameter into spec file via rpm + --define 'jobs N' +* Thu Jul 10 2003 - poeml@suse.de +- update to 2.0.47. relevant / user visible changes: + Security [CAN-2003-0192]: Fixed a bug whereby certain sequences + of per-directory renegotiations and the SSLCipherSuite + directive being used to upgrade from a weak ciphersuite to a + strong one could result in the weak ciphersuite being used in + place of the strong one. + Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing + temporary denial of service when accept() on a rarely accessed + port returns certain errors. + Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial + of service when target host is IPv6 but proxy server can't + create IPv6 socket. Fixed by the reporter. + Security [VU#379828]: Prevent the server from crashing when entering + infinite loops. The new LimitInternalRecursion directive + configures limits of subsequent internal redirects and nested + subrequests, after which the request will be aborted. PR 19753+ + core: + core_output_filter: don't split the brigade after a FLUSH + bucket if it's the last bucket. This prevents creating + unneccessary empty brigades which may not be destroyed until + the end of a keepalive connection. + mod_cgid: + Eliminate a double-close of a socket. This resolves various + operational problems in a threaded MPM, since on the second + attempt to close the socket, the same descriptor was often + already in use by another thread for another purpose. + mod_negotiation: + Introduce "prefer-language" environment variable, which allows + to influence the negotiation process on request basis to prefer + a certain language. + mod_expire: + Make ExpiresByType directive work properly, including for + dynamically-generated documents. +- apr bugfixes +- more fixes of deprecated head/tail -1 calls +* Wed May 28 2003 - poeml@suse.de +- update to 2.0.46. relevant / user visible changes: + Security [CAN-2003-0245]: Fixed a bug that could be triggered + remotely through mod_dav + Security [CAN-2003-0189]: Fixed a denial-of-service + vulnerability affecting basic authentication + Security: forward port of buffer overflow fixes for htdigest. + mod_ssl: + - SSL session caching(shmht) : Fix a SEGV problem with SHMHT + session caching. + mod_deflate: + - Add another check for already compressed content + - Check also err_headers_out for an already set + Content-Encoding: gzip header. This prevents gzip compressed + content from a CGI script from being compressed once more. + mod_mime_magic: + - If mod_mime_magic does not know the content-type, do not + attempt to guess. + mod_rewrite: + - Fix handling of absolute URIs. + mod_log_config: + - Add the ability to log the id of the thread processing the + request via new %%P formats. + mod_auth_ldap: + - Use generic whitespace character class when parsing "require" + directives, instead of literal spaces only. + mod_proxy: + - Fixed a segfault when multiple ProxyBlock directives were used. + - Added AllowEncodedSlashes directive to permit control of + whether the server will accept encoded slashes ('%%2f') in the + URI path. Default condition is off (the historical behaviour). + - If Apache is started as root and you code CoreDumpDirectory, + coredumps are enabled via the prctl() syscall. + - htpasswd: Check the processed file on validity; add a delete flag. +- httpd-2.0.45-libtool-1.5.dif is obsolete +- mark suse_include.conf as %%ghost +- note the rebirth of the httpd and apachectl man pages (thanks to + RPMv4 :) +- let the module RPM packages only depend on the _major_ module + magic number, not on the minor +- fix some paths in config_vars.mk, which facilitates building of + certain modules +* Wed May 14 2003 - poeml@suse.de +- use mmap() via MAP_ANON as shared memory allocation method, to + prevent restart problems with stale (or in use) files that are + associated with shared memory +- package forgotten files, and remove hack in %%clean +- remove files from the build root that are not packaged +- remove suse_include.conf from filelist +* Fri May 09 2003 - poeml@suse.de +- update to 2.0.45. relevant / user visible changes: + Security: Eliminated leaks of several file descriptors to + child processes, such as CGI scripts. This fix depends on the + latest APR library release 0.9.2, which is distributed with the + httpd source tarball for Apache 2.0.45. PR 17206 + Security [CAN-2003-0132]: Close a Denial of Service + vulnerability identified by David Endler + on all platforms. + General: + - Fix segfault which occurred when a section in an included + configuration file was not closed. PR 17093. + - Fix a nasty segfault in mmap_bucket_setaside() caused by + passing an incompatible pointer type to mmap_bucket_destroy(void*). + - prevent filters (such as mod_deflate) from adding garbage to + the response. PR 14451. + - Simpler, faster code path for request header scanning + - Try to log an error if a piped log program fails. Try to + restart a piped log program in more failure situations. + - Fix bug where 'Satisfy Any' without an AuthType lost all MIME + information (and more). Related to PR 9076. + - Fix If header parsing when a non-mod_dav lock token is passed to it. + - Fix apxs to insert LoadModule directives only outside of + sections. + - apxs: Include any special APR ld flags when linking the DSO. + suexec: Be more pedantic when cleaning environment. Clean it + immediately after startup. PR 2790, 10449. Use saner default + config values for suexec. PR 15713. + mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot + be started on Unix because of such problems as bad permissions, + bad shebang line, etc. Fix possible segfaults under obscure + error conditions within the cgid daemon. + mod_deflate: + - you can now specify the compression level. + - Extend the DeflateFilterNote directive to allow accurate + logging of the filter's in- and outstream. + - Fix potential memory leaks in mod_deflate on malformed data. PR 16046. + mod_ssl: + Allow SSLMutex to select/use the full range of APR locking + mechanisms available to it. Also, fix the bug that SSLMutex + uses APR_LOCK_DEFAULT no matter what. PR 8122 + mod_autoindex no longer forgets output format and enabled version + sort in linked column headers. + mod_rewrite: + - Prevent endless loops of internal redirects in mod_rewrite by + aborting after exceeding a limit of internal redirects. The + limit defaults to 10 and can be changed using the + RewriteOptions directive. PR 17462. + - Allow "RewriteEngine Off" even if no "Options FollowSymlinks" + (or SymlinksIfOwnermatch) is set. PR 12395. + mod_ldap: + - Updated mod_ldap and mod_auth_ldap to support the Novell LDAP + SDK SSL and standardized the LDAP SSL support across the + various LDAP SDKs. Isolated the SSL functionality to + mod_ldap rather than speading it across mod_auth_ldap and + mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType + directives to mod_ldap to allow for a more common method of + specifying the SSL certificate. + - fix fault when caching was disabled, and some memory leaks + - Fix mod_ldap to open an existing shared memory file should + one already exist. PR 12757. + - Added character set support to mod_auth_LDAP to allow it to + convert extended characters used in the user ID to UTF-8 + before authenticating against the LDAP directory. The new + directive AuthLDAPCharsetConfig is used to specify the config + file that contains the character set conversion table. + mod_ssl: + - Fixed mod_ssl's SSLCertificateChain initialization to no + longer skip the first cert of the chain by default. This + misbehavior was introduced in 2.0.34. PR 14560 + - Fix 64-bit problem in mod_ssl input logic. + mod_proxy: + - Hook mod_proxy's fixup before mod_rewrite's fixup, so that by + mod_rewrite proxied URLs will not be escaped accidentally by + mod_proxy's fixup. PR 16368 + - Don't remove the Content-Length from responses in mod_proxy PR: 8677 + mod_auth_digest no longer tries to guess AuthDigestDomain, if it's + not specified. Now it assumes "/" as already documented. PR 16937. + mod_file_cache: fix segfaults +- improve the start/restart section of the init script, and add a + ssl_scache_cleanup script +- understand a syntax like -DSTATUS, as described in the sysconfig + file help text (bug noted in #25404] +- don't package the *.exp files, as they are needed only on AIX +- fix filelist for usage of %%dir for files +- fix the cosmetical but irritating "Inappropriate ioctl for + device" error message, when rcapache2 is called from within YaST +- remove the unused /etc/apache2/modules directory from the package +- remove the now unused --enable-experimental-libtool +- fix to build with libtool-1.5 +* Wed Apr 09 2003 - ro@suse.de +- fix deprecated head/tail call syntax "-1" +* Mon Mar 17 2003 - kukuk@suse.de +- Remove suse_help_viewer from provides [Bug #25436] +* Thu Mar 13 2003 - poeml@suse.de +- security fix: do not write the startup log file to a world + writable directory, reversing the change of Jan 23 (wasn't in any + released package) [#25239] +* Mon Mar 10 2003 - poeml@suse.de +- change permissions of /var/log/apache2 from wwwrun:root mode 770 + to root:root mode 750 [#24951] +- fix wrong list() in sysconfig.apache2 [#24719], and add a missing + default value +* Mon Mar 03 2003 - kukuk@suse.de +- Remove ghost entry for pid file [Bug #24566] +* Thu Feb 27 2003 - poeml@suse.de +- use the official MIME types, which are more complete [#23988] +* Mon Feb 24 2003 - poeml@suse.de +- don't include log files into the package, and don't touch them in + %%post; it's not needed +- fix comment in httpd.conf talking about SuSEconfig +- adjust some variable types in the sysconfig template +* Tue Feb 18 2003 - poeml@suse.de +- apache2 Makefiles do support DESTDIR now, so let's use that + instead of the explicit paths (fixes a wrong path in + config_vars.mk [#23699]). Some files (*.exp, libapr*) are + automatically installed in the right location now. +* Fri Feb 14 2003 - poeml@suse.de +- fix configuration script to find apache modules on 64 bit archs +- mark ssl.conf (noreplace) +* Mon Feb 10 2003 - poeml@suse.de +- add mod_ldap, mod_auth_ldap, but link only them against the LDAP + libs. Likewise, do not link everything against ssl libs. This way + we can avoid RPM package (and build) requirements on a lot of + libs for subversion and other packages that build on apache. +- move more code from SuSEconfig into rcapache2 (actually into + support scripts below /usr/share/apache2/, so apache2 can be + configured without starting it) +- improve full-server-status once again +- remove suse_loadmodule.conf from filelist +- remove obsolete README.modules +- rename LOADMODULES -> APACHE_MODULES +- add APACHE_BUFFERED_LOGS +- update README.SuSE +* Tue Jan 28 2003 - poeml@suse.de +- rc.apache2 + - add extreme-configtest (trying to run server as nobody, which + detects _all_ config errors) + - evaluate LOADMODULES from sysconfig.apache2 on-the-fly from + rcapache2 instead of SuSEconfig + - when restarting, do something useful instead of 'sleep 3': wait + just as long until the server has terminated all children +* Sun Jan 26 2003 - poeml@suse.de +- build mod_logio, mod_case_filter, mod_case_filter_in +- rename apr subpackage to libapr0 (the library is called libapr-0 + meanwhile). add compatibility links named (libapr{,util}.so.0) +- configure SSL session caching with shm circular buffer + SSLSessionCache shm:/var/lib/httpd/ssl_scache + SSLSessionCacheTimeout 600 + SSLMutex sem +- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing +- strip objects +- rename gensslcert2 to gensslcert +- show a list all available modules in /etc/sysconfig/apache2 +- nicer output of apache2ctl +- reorder Requires +* Thu Jan 23 2003 - poeml@suse.de +- update to 2.0.44 +- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif +- the apachectl and httpd man pages have been dropped upstreams +- add robots.txt to the example-pages subpackage that blocks spiders +- disable the perchild MPM +- disable httpd-2.0.36-64bit.dif +- rename apachectl2 to apache2ctl +- write the startup log to /var/tmp instead of /var/log/apache2 +* Sun Jan 12 2003 - poeml@suse.de +- fix last fix (rpm macro before hash wasn't expanded) +* Fri Jan 10 2003 - poeml@suse.de +- fix lib64 path in SuSEconfig +* Fri Jan 03 2003 - poeml@suse.de +- fix typo in spec file, preventing replacement of @userdir@ in + httpd.conf-std.in +* Wed Dec 18 2002 - poeml@suse.de +- sysconfig.apache2: + - add APACHE_SERVER_FLAGS variable + - change default: APACHE_SERVERSIGNATURE=on to match apache deflt + - add APACHE_CONF_INCLUDE_DIRS + - drop bogus APACHE_ACCESS_SERVERINFO variable + - adapt to our new sysconfig template +- SuSEconfig.apache2: + - understand LOADMODULES also if it is not an array [#21816] + - be very flexible with regard to LOADMODULE input (e.g., say + mod_php4 and it will find libphp4.so with ID php4_module) + - also ignore *,v files + - include APACHE_CONF_INCLUDE_DIRS + - dump some files: suse_define.conf (not needed) & suse_text.conf + (too much overhead) +- rc.apache2: + - implement most of apachectl's commands (graceful, configtest) + - use server_flags from sysconfig.apache2 + - pass server flags like -DSTATUS from the command line through + to httpd2 + - add commmands to show the server status + - don't quit silently when no apache MPM is installed + - handle ServerSignature and other stuff on the command line + (save modifications to httpd.conf) +- fix the /manual Alias that points to the documentation +- configure /cgi-bin for cgi execution +- configure /home/*/public_html for mod_userdir -- if it is loaded +- configure internationalized error responses +- fix apachectl2 +- add /etc/apache2/{,modules} to the filelist +- add /etc/apache2/conf.d as drop-in directory for packages +- hard code some more default paths into the executable +- finally, run a test! +* Thu Dec 05 2002 - poeml@suse.de +- move ap{r,u}-config* into the apr package, as well +- add generic ap{r,u}-config +- add %%includedir to filelist +* Thu Dec 05 2002 - poeml@suse.de +- more checks and warnings to SuSEconfig.apache2 +- shift APR files into the the apr package +- try 1.136 revision of perchild.c +* Tue Dec 03 2002 - poeml@suse.de +- add forgotten ssl.conf to the filelist (thanks, Robert) +- add httpd-2.0.43-mod_ssl-memory-leak.dif +* Mon Oct 14 2002 - poeml@suse.de +- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE: + CAN-2002-0840) +* Mon Oct 07 2002 - poeml@suse.de +- do not append a '2' suffix to the scripts included with the + documentation +- move error, icons and manual dir to /usr/share/apache2 +- fix nested array in SuSEconfig.apache2 +- let SuSEconfig pick one MPM that is installed. Do not default to + "worker". [#20724] +* Thu Oct 03 2002 - poeml@suse.de +- update to 2.0.42 (primarily a bug-fix release, including updates + to the experimental caching module, the removal of several memory + leaks, and fixes for several segfaults, one of which could have + been used as a denial-of-service against mod_dav (VU#406121).) +- increase flexibility of the spec file: build any set of MPMs, + depending on RPM %%defines. Improve the mechanism that merges the + modules so it works with any number of MPMs. +- use a "Server:" header that fits the product apache is built for +- add an RPM dependency on the module magic number to the MPM + subpackages +- build the "leader/follower" MPM. On i686, enable nonportable but + faster atomics for it. +- use filelists for more flexibility. APRVARS ceased to exist. + Don't add README* twice. +- perchild: use AcceptMutex fcntl to prevent permission conflict as + suggested in Apache Bugzilla #7921 +- remove mod_rewrite and mod_proxy from the default modules +- build the mod_auth_digest module +* Mon Sep 09 2002 - poeml@suse.de +- add patch that changes PLATFORM (as seen in the HTTP Server + header) from "Unix" to "SuSE/Linux" [#18543] +- add README.SuSE, explaining how to build modules with apxs2 +- fixed some paths in README.modules, put it into docdir and mark + it as %%doc +* Wed Aug 28 2002 - poeml@suse.de +- new package, now building all three MPMs and putting all specific + modules in specific directories. Branch a subpackage for each + MPM, containing the server and MPM-specific modules. +- branch apr package off, so apache2 doesn't need to be installed + to have the libs. (apr is not released yet, that's why we build + it here) +- allow coexistence of apache1 by using directories named apache2 + or suffixed with "2" +- allow building modules via apxs2 (for all server MPMs) --- or via + apxs2-{worker,perchild,prefork} for a specific server MPM +- add permissions.apache2 setting /usr/sbin/suexec2 to 4755 +- rewrite SuSEconfig.apache2 for apache 2. +- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in + mod_proxy when given an invalid URL +- branch apache2-example-pages off (docroot contents) +* Mon Aug 19 2002 - poeml@suse.de +- actually use the new SuSE81 layout, and add SuSE81_64 layout +- cleaned up httpd-2.0.36-conf.dif +- fixed comment in SuSEconfig.apache +- drop SuSEconfig subpackage +- split main package and -devel package in three packages, one for + each MPM... + apache2 -> apache2-{worker,perchild,prefork} + apache2-devel -> apache2-{worker,perchild,prefork}-devel +* Mon Aug 12 2002 - poeml@suse.de +- bugfix update to 2.0.40 +- fix Requires of -devel subpackage +- add variable to sysconfig.apache to switch off SuSEconfig.apache +- add new layout SUSE81 to config.layout due to the moved server + root (so the old SuSE6.1 can be kept for building on older + distributions) +- one of the lib64 path fixes could be removed, now included + upstream +* Wed Aug 07 2002 - poeml@suse.de +- put PreReq in an if-statement to allow building on older distris +- relax the Requires +- the apache_mmn macro had to be moved down in the spec file to be + evaluated +- libmm is not needed for building (and it is not threadsafe) +- fix config.layout for the moved server root +* Fri Aug 02 2002 - poeml@suse.de +- fix libdir in config.layout for lib64 +* Fri Aug 02 2002 - poeml@suse.de +- fix RPM Requires +* Thu Aug 01 2002 - poeml@suse.de +- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www +- drop obsolete README.SuSE +* Thu Aug 01 2002 - poeml@suse.de +- spec file: use PreReq +- don't delete SuSEconfig's md5 files in %%post, that's no good +- add apache.logrotate +- provide the magic module number as executable script + (/usr/lib/apache/MMN) and as RPM Provides, indicating API changes +- mark httpd.conf noreplace +- fix installbuilddir in config.layout, needed for apxs +* Sun Jul 14 2002 - poeml@suse.de +- update to 2.0.39 +- drop obsolete moduledir and apxs patches +- rc.apache INIT section: use X-UnitedLinux-Should-Start +* Wed Jul 03 2002 - ro@suse.de +- rename to "apache2" again +* Tue Jun 11 2002 - ro@suse.de +- get apxs to work: + include needed files in devel package + adapt some pathes in apxs +* Wed May 29 2002 - poeml@suse.de +- update to 2.0.36 +- drop mod_ssl subpackage; mod_ssl is part of the apache bsae + distribution now +- RPM can be built as user now +- SuSEconfig.apache: understand relative and absolute pathnames +- disable experimental auth_digest_module diff --git a/certificate.sh b/certificate.sh new file mode 100644 index 0000000..3e70ff0 --- /dev/null +++ b/certificate.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +./mkcert.sh make --no-print-directory /usr/bin/openssl /usr/sbin/ test + diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d8e4026ed1fb996062fcdaa2ceadfb72243f618cf8f8379df9b20b61e2168f73 GIT binary patch literal 302 zcmZQzU<5(|0RaXO;9z865ChU0KnxO50AfZ479h#MumDV=6951IXZZjBJHzw$?-?}r z-eWj-?ixe(-g69^Q;spL-MW>5A$tl#Pfrg+P;oUwR8SCufT1OWp{62(00#%eAePc8 zN>d9M7{bze@3y5nFc}*sc{dveFc_O{U/dev/null) + for i in $found; do + case $i in + *\**) + # filter filenames that are unexpanded, in the lack of a match, + # like /etc/apache2/conf.d/*.conf + ;; + *) + conffiles="$conffiles $i" + find_include_files $i + ;; + esac + done +} + +find_include_files $httpd_conf + +#echo $httpd_conf $conffiles +echo $conffiles +exit 0 + diff --git a/find_mpm b/find_mpm new file mode 100644 index 0000000..b43279e --- /dev/null +++ b/find_mpm @@ -0,0 +1,46 @@ +#!/bin/bash + +: ${apache_link:=/usr/sbin/httpd2} + +. /usr/share/apache2/load_configuration + +if ! ${mpm_set:=false}; then + if [ -z "$APACHE_MPM" ]; then + # guess + for i in $r/$apache_link-*; do + test -f $i || continue + i=$(basename $i) + i=${i#*-} + installed_mpms=(${installed_mpms[*]} $i) + done + if [ -z "${installed_mpms[*]}" ]; then + echo >&2 ${warn}Apache binary ${apache_link#*-} not found. No MPM package installed? $norm + echo >&2 Hint: install the apache2-prefork package, and try again. + fi + if [ ${#installed_mpms[*]} = 1 ]; then + APACHE_MPM=${installed_mpms[*]} + else + case ${installed_mpms[*]} in + *prefork*) APACHE_MPM=prefork;; + *worker*) APACHE_MPM=worker;; + *event*) APACHE_MPM=event;; + *leader*) APACHE_MPM=leader;; + *metuxmpm*) APACHE_MPM=metuxmpm;; + *threadpool*) APACHE_MPM=threadpool;; + esac + fi + + fi + if [ -x $apache_link-$APACHE_MPM ]; then + ln -sf $apache_link-$APACHE_MPM $apache_link + echo $apache_link-$APACHE_MPM + else + echo >&2 ${warn}$apache_link-$APACHE_MPM is not a valid httpd2 binary. + echo >&2 Check your APACHE_MPM setting.$norm + exit 1 + fi + + export APACHE_MPM mpm_set=true +fi + + diff --git a/gensslcert b/gensslcert new file mode 100644 index 0000000..14e854c --- /dev/null +++ b/gensslcert @@ -0,0 +1,198 @@ +#!/bin/bash +# Peter Poeml +# +# Script to generate ssl keys for mod_ssl, without requiring user input +# most of it is copied from mkcert.sh of the mod_ssl distribution +# +# XXX This is just a hack, it won't be able to do anything you want! +# + +function usage +{ + cat <<-EOF + `basename $0` will generate a test certificate "the quick way", i.e. without interaction. + You can change some defaults however. + It will overwrite /root/.mkcert.cfg + + These options are recognized: Default: + + -C Common name "$name" + -N comment "$comment" + -c country (two letters, e.g. DE) $C + -s state $ST + -l city $L + -o organisation "$O" + -u organisational unit "$U" + -n fully qualified domain name $CN (\$FQHOSTNAME) + -e email address of webmaster webmaster@$CN + -y days server cert is valid for $srvdays + -Y days CA cert is valid for $CAdays + -d run in debug mode + -h show usage + EOF +} + + +test -t && { BRIGHT=''; RED=''; NORMAL=''; } +function myecho { echo $BRIGHT$@$NORMAL; } +function error { echo $RED$@$NORMAL; } +function myexit { error something ugly seems to have happened in line $1...; exit $2; } + +r=$ROOT +. $r/etc/sysconfig/network/config +FQHOSTNAME=`cat /etc/HOSTNAME` + +# defaults + comment="mod_ssl server certificate" + name= + C=XY + ST=unknown + L=unknown + U="web server" + O="SuSE Linux Web Server" + CN=$FQHOSTNAME + email=webmaster@$FQHOSTNAME + CAdays=$((365 * 6)) + srvdays=$((365 * 2)) + +while getopts C:N:c:s:l:o:u:n:e:y:dh OPT; do + case $OPT in + C) name=$OPTARG-;; + N) comment=$OPTARG;; + c) C=$OPTARG;; + s) ST=$OPTARG;; + l) L=$OPTARG;; + u) U=$OPTARG;; + o) O=$OPTARG;; + n) CN=$OPTARG;; + e) email=$OPTARG;; + y) srvdays=$OPTARG;; + Y) CAdays=$OPTARG;; + d) set -x;; + h) usage; exit 2;; + *) echo unrecognized option: $OPT; usage; exit 2;; + esac +done + +GO_LEFT="\033[80D" +GO_MIDDLE="$GO_LEFT\033[15C" +for i in comment name C ST L U O CN email srvdays CAdays; do + eval "echo -e $i\"$GO_MIDDLE\" \$$i;" +done + + +openssl=$r/usr/bin/openssl +sslcrtdir=$r/etc/apache2/ssl.crt +sslcsrdir=$r/etc/apache2/ssl.csr +sslkeydir=$r/etc/apache2/ssl.key +sslprmdir=$r/etc/apache2/ssl.prm + +# +# CA +# +echo;myecho creating CA key ... +$openssl genrsa -rand $r/var/log/y2log:$r/var/log/messages -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $? + +cat >$r/root/.mkcert.cfg <$r/root/.mkcert.cfg <$r/root/.mkcert.cfg <$r/root/.mkcert.serial +myecho "creating server certificate ..." +$openssl x509 \ + -extfile $r/root/.mkcert.cfg \ + -days $srvdays \ + -CAserial $r/root/.mkcert.serial \ + -CA $sslcrtdir/${name}ca.crt \ + -CAkey $sslkeydir/${name}ca.key \ + -in $sslcsrdir/${name}server.csr -req \ + -out $sslcrtdir/${name}server.crt || myexit $LINENO $? + +rm -f $r/root/.mkcert.cfg + + + + +echo;myecho "Verify: matching certificate & key modulus" +modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` +modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` + +if [ ".$modcrt" != ".$modkey" ]; then + error "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 + myexit $LINENO $? +fi + +echo;myecho Verify: matching certificate signature + $openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $? +if [ $? -ne 0 ]; then + error "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 + myexit $LINENO $? +fi + + +exit 0 + diff --git a/get_includes b/get_includes new file mode 100644 index 0000000..febd566 --- /dev/null +++ b/get_includes @@ -0,0 +1,45 @@ +#!/bin/bash + +pname=apache2 +: ${sysconfdir:=/etc/$pname} +: ${sysconfig_apache:=/etc/sysconfig/$pname} + +test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration +apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) +APACHE_MPM=${apache_bin##*-} +if [ -z "$APACHE_MPM" ]; then + echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM. +fi + +#echo -n writing sysconfig.d/include.conf +exec 3>$sysconfdir/sysconfig.d/include.conf +echo >&3 "# +# This file is created at apache start time by /usr/sbin/rc$pname. Do not edit it! +# + +# as listed in APACHE_INCLUDE_* ($sysconfig_apache) +" +for file in $APACHE_CONF_INCLUDE_FILES; do + test ${file:0:1} = / || file=$sysconfdir/$file + if [ -e $file ]; then + echo >&3 Include $file + else + echo >&2 File $file from APACHE_CONF_INCLUDE_FILES not found. Ignored. + fi +done + +# here, we do not want to use globbing. apache will do it +set -o noglob +for dir in $APACHE_CONF_INCLUDE_DIRS; do + test ${dir:0:1} = / || dir=$sysconfdir/$dir + if [ -d $dir -o -d /$(dirname $dir) ]; then + echo >&3 Include $dir + else + echo >&2 Directory $dir from APACHE_CONF_INCLUDE_DIRS not found. Ignored. + fi +done +set +o noglob + +echo >&3 -e "#\n" +exec 3<&- +#echo -n ". " diff --git a/get_module_list b/get_module_list new file mode 100644 index 0000000..c234744 --- /dev/null +++ b/get_module_list @@ -0,0 +1,150 @@ +#!/bin/bash + +pname=apache2 +: ${sysconfdir:=/etc/$pname} +: ${sysconfig_apache:=/etc/sysconfig/$pname} +default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs + +test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration +apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) +APACHE_MPM=${apache_bin##*-} +if [ -z "$APACHE_MPM" ]; then + echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM. +fi + +if [ "$1" = -q ]; then + quiet=true +else + quiet=false +fi + +#echo -n writing sysconfig.d/loadmodule.conf +exec 3>$sysconfdir/sysconfig.d/loadmodule.conf +echo >&3 "# +# Files in this directory are created at apache start time by /usr/sbin/rc$pname +# Do not edit them! +# + +# as listed in APACHE_MODULES ($sysconfig_apache) +" +test -z "$APACHE_MODULES" && APACHE_MODULES=$LOADMODULES +# see whether APACHE_MODULES is declared as array (it was so, in the past) +# if it is not an array, we convert it to one. +if [[ -z ${APACHE_MODULES[1]} ]]; then + # strip leading and trailing parens... since it might erroneously be written as + # APACHE_MODULES="(asdf 1234)" + APACHE_MODULES=${APACHE_MODULES/(}; APACHE_MODULES=${APACHE_MODULES/)} + APACHE_MODULES=($APACHE_MODULES) +fi + +for i in ${APACHE_MODULES[*]}; do + unset module_path module_id + case $i in mod_cgid|cgid) case $APACHE_MPM in prefork|leader) i=${i%d};; esac;; esac + case $i in mod_cgi|cgi) case $APACHE_MPM in event|worker) i=${i}d;; esac;; esac + + module_id=${i##*/} + module_id=${module_id#mod_} + module_id=${module_id#lib} + module_id=${module_id%.so}_module + + # special case + case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac + + case $i in + /*) + module_path=$i + ;; + *) + for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \ + /usr/lib/$pname-$APACHE_MPM/$i.so \ + /usr/lib/$pname-$APACHE_MPM/mod_$i \ + /usr/lib/$pname-$APACHE_MPM/$i \ + /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \ + /usr/lib/$pname-$APACHE_MPM/${i/mod_} \ + /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \ + /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \ + /usr/lib/$pname-$APACHE_MPM/lib$i.so \ + /usr/lib/$pname-$APACHE_MPM/lib$i \ + /usr/lib/$pname/mod_$i.so \ + /usr/lib/$pname/$i.so \ + /usr/lib/$pname/mod_$i \ + /usr/lib/$pname/$i \ + /usr/lib/$pname/${i/mod_}.so \ + /usr/lib/$pname/${i/mod_} \ + /usr/lib/$pname/lib${i/mod_}.so \ + /usr/lib/$pname/lib${i/mod_} \ + /usr/lib/$pname/lib$i.so \ + /usr/lib/$pname/lib$i + do + if [ -f $j ]; then + module_path=$j + break + fi + done + ;; + esac + + if [[ -f $module_path ]]; then + printf "LoadModule %-30s %s\n" $module_id $module_path >&3 + else + # print a warning? + # php modules are in the list by default, so we don't warn about it [#66729] + if ! $quiet && [ $i != "php4" -a $i != "php5" ]; then + echo >&2 "Module \"$i\" is not installed, ignoring." + echo >&2 "Check the APACHE_MODULES setting in /etc/sysconfig/$pname." + fi + + fi +done +echo >&3 -e "#\n" +exec 3<&- +#echo -n ". " + + +#echo -n writing sysconfig.d/global.conf +exec 3>$sysconfdir/sysconfig.d/global.conf +echo >&3 "# +# Files in this directory are created at apache start time by /usr/sbin/rc$pname +# Do not edit them! +# + +# see $sysconfig_apache +" + +if [[ -n $APACHE_DOCUMENT_ROOT ]]; then + echo >&3 "DocumentRoot $APACHE_DOCUMENT_ROOT" +# else +# if ! grep -q "^DocumentRoot" $sysconfdir/httpd.conf 2>/dev/null; then +# echo >&3 "DocumentRoot $default_APACHE_DOCUMENT_ROOT" +# fi +fi + +[[ -n $APACHE_TIMEOUT ]] && echo >&3 "Timeout $APACHE_TIMEOUT" +if [[ -n $APACHE_SERVERSIGNATURE ]]; then + case $APACHE_SERVERSIGNATURE in + no) APACHE_SERVERSIGNATURE=off;; + yes) APACHE_SERVERSIGNATURE=on;; + esac + echo >&3 "ServerSignature $APACHE_SERVERSIGNATURE" +fi +[[ -n $APACHE_SERVERADMIN ]] && echo >&3 "ServerAdmin $APACHE_SERVERADMIN" +[[ -n $APACHE_SERVERNAME ]] && echo >&3 "ServerName $APACHE_SERVERNAME" +[[ -n $APACHE_USE_CANONICAL_NAME ]] && echo >&3 "UseCanonicalName $APACHE_USE_CANONICAL_NAME" +[[ -n $APACHE_SERVERTOKENS ]] && echo >&3 "ServerTokens $APACHE_SERVERTOKENS" +[[ $APACHE_EXTENDED_STATUS = on ]] && echo -e >&3 "\n ExtendedStatus on\n" +[[ $APACHE_BUFFERED_LOGS = on ]] && echo >&3 "BufferedLogs on" +[[ -n $APACHE_LOGLEVEL ]] && echo >&3 "LogLevel $APACHE_LOGLEVEL" +if [[ -n $APACHE_ACCESS_LOG ]]; then + # split multiple entries + APACHE_ACCESS_LOG=($APACHE_ACCESS_LOG) + for ((i=0; $i<${#APACHE_ACCESS_LOG[*]}; i=i+2)); do + filename=${APACHE_ACCESS_LOG[$i]} + format=${APACHE_ACCESS_LOG[$i+1]} + echo >&3 "CustomLog $filename ${format/%,}" + done +fi + + +exec 3<&- +#echo -n ". " + diff --git a/httpd-2.0.49-log_server_status.dif b/httpd-2.0.49-log_server_status.dif new file mode 100644 index 0000000..1b07d68 --- /dev/null +++ b/httpd-2.0.49-log_server_status.dif @@ -0,0 +1,36 @@ +--- httpd-2.0.49.orig/support/log_server_status.in 2004-02-09 21:59:49.000000000 +0100 ++++ httpd-2.0.49/support/log_server_status2 2004-06-18 11:34:37.000000000 +0200 +@@ -24,18 +24,18 @@ + # it to a file. Make sure the directory $wherelog is writable by the + # user who runs this script. + # +-require 'sys/socket.ph'; ++use Socket; + +-$wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/19960312" ++$wherelog = "/var/log/apache2/status/"; # Logs will be like "/var/log/apache2/status/19960312" + $server = "localhost"; # Name of server, could be "www.foo.com" + $port = "80"; # Port on server +-$request = "/status/?auto"; # Request to send ++$request = "/server-status/?auto"; # Request to send + + sub tcp_connect + { + local($host,$port) =@_; + $sockaddr='S n a4 x8'; +- chop($hostname=`hostname`); ++ chop($hostname='localhost'); + $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/; + $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]); + $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]); +@@ -66,8 +66,8 @@ + } + print S "GET $request\n"; + while () { +- $requests=$1 if ( m|^BusyServers:\ (\S+)|); +- $idle=$1 if ( m|^IdleServers:\ (\S+)|); ++ $requests=$1 if ( m|^BusyWorkers:\ (\S+)|); ++ $idle=$1 if ( m|^IdleWorkers:\ (\S+)|); + $number=$1 if ( m|sses:\ (\S+)|); + $cpu=$1 if (m|^CPULoad:\ (\S+)|); + } diff --git a/httpd-2.0.54-envvars.dif b/httpd-2.0.54-envvars.dif new file mode 100644 index 0000000..5c87e16 --- /dev/null +++ b/httpd-2.0.54-envvars.dif @@ -0,0 +1,11 @@ +diff -uNr httpd-2.0.54.orig/support/envvars-std.in httpd-2.0.54/support/envvars-std.in +--- httpd-2.0.54.orig/support/envvars-std.in 2005-02-04 21:21:18.000000000 +0100 ++++ httpd-2.0.54/support/envvars-std.in 2005-10-07 13:56:49.223546288 +0200 +@@ -19,6 +19,7 @@ + # This file is generated from envvars-std.in + # + @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" ++@SHLIBPATH_VAR@="@exp_libdir@${@SHLIBPATH_VAR@+:$@SHLIBPATH_VAR@}" + export @SHLIBPATH_VAR@ + # + @OS_SPECIFIC_VARS@ diff --git a/httpd-2.1.3alpha-autoconf-2.59.dif b/httpd-2.1.3alpha-autoconf-2.59.dif new file mode 100644 index 0000000..78f398d --- /dev/null +++ b/httpd-2.1.3alpha-autoconf-2.59.dif @@ -0,0 +1,396 @@ +--- httpd-2.1.3-alpha/acinclude.m4 ++++ httpd-2.1.3-alpha/acinclude.m4 +@@ -4,25 +4,25 @@ + dnl AC_HELP_STRING, so let's try to call it if we can. + dnl Note: this define must be on one line so that it can be properly returned + dnl as the help string. +-AC_DEFUN(APACHE_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl ++AC_DEFUN([APACHE_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING($1,$2),[ ]$1 substr([ ],len($1))$2)])dnl + + dnl APACHE_SUBST(VARIABLE) + dnl Makes VARIABLE available in generated files + dnl (do not use @variable@ in Makefiles, but $(variable)) +-AC_DEFUN(APACHE_SUBST,[ ++AC_DEFUN([APACHE_SUBST],[ + APACHE_VAR_SUBST="$APACHE_VAR_SUBST $1" + AC_SUBST($1) + ]) + + dnl APACHE_FAST_OUTPUT(FILENAME) + dnl Perform substitutions on FILENAME (Makefiles only) +-AC_DEFUN(APACHE_FAST_OUTPUT,[ ++AC_DEFUN([APACHE_FAST_OUTPUT],[ + APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $1" + ]) + + dnl APACHE_GEN_CONFIG_VARS + dnl Creates config_vars.mk +-AC_DEFUN(APACHE_GEN_CONFIG_VARS,[ ++AC_DEFUN([APACHE_GEN_CONFIG_VARS],[ + APACHE_SUBST(abs_srcdir) + APACHE_SUBST(bindir) + APACHE_SUBST(sbindir) +@@ -109,14 +109,14 @@ + + dnl APACHE_GEN_MAKEFILES + dnl Creates Makefiles +-AC_DEFUN(APACHE_GEN_MAKEFILES,[ ++AC_DEFUN([APACHE_GEN_MAKEFILES],[ + $SHELL $srcdir/build/fastgen.sh $srcdir $ac_cv_mkdir_p $BSD_MAKEFILE $APACHE_FAST_OUTPUT_FILES + ]) + + dnl ## APACHE_OUTPUT(file) + dnl ## adds "file" to the list of files generated by AC_OUTPUT + dnl ## This macro can be used several times. +-AC_DEFUN(APACHE_OUTPUT, [ ++AC_DEFUN([APACHE_OUTPUT], [ + APACHE_OUTPUT_FILES="$APACHE_OUTPUT_FILES $1" + ]) + +@@ -125,7 +125,7 @@ + dnl + dnl If rlim_t is not defined, define it to int + dnl +-AC_DEFUN(APACHE_TYPE_RLIM_T, [ ++AC_DEFUN([APACHE_TYPE_RLIM_T], [ + AC_CACHE_CHECK([for rlim_t], ac_cv_type_rlim_t, [ + AC_TRY_COMPILE([ + #include +@@ -143,7 +143,7 @@ + ]) + + dnl APACHE_MODPATH_INIT(modpath) +-AC_DEFUN(APACHE_MODPATH_INIT,[ ++AC_DEFUN([APACHE_MODPATH_INIT],[ + current_dir=$1 + modpath_current=modules/$1 + modpath_static= +@@ -152,7 +152,7 @@ + > $modpath_current/modules.mk + ])dnl + dnl +-AC_DEFUN(APACHE_MODPATH_FINISH,[ ++AC_DEFUN([APACHE_MODPATH_FINISH],[ + echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk + echo "static = $modpath_static" >> $modpath_current/modules.mk + echo "shared = $modpath_shared" >> $modpath_current/modules.mk +@@ -165,7 +165,7 @@ + ])dnl + dnl + dnl APACHE_MODPATH_ADD(name[, shared[, objects [, ldflags[, libs]]]]) +-AC_DEFUN(APACHE_MODPATH_ADD,[ ++AC_DEFUN([APACHE_MODPATH_ADD],[ + if test -z "$3"; then + objects="mod_$1.lo" + else +@@ -209,7 +209,7 @@ + dnl setting. otherwise, fall under the "all" setting. + dnl explicit yes/no always overrides. + dnl +-AC_DEFUN(APACHE_MODULE,[ ++AC_DEFUN([APACHE_MODULE],[ + AC_MSG_CHECKING(whether to enable mod_$1) + define([optname],[--]ifelse($5,yes,disable,enable)[-]translit($1,_,-))dnl + AC_ARG_ENABLE(translit($1,_,-),APACHE_HELP_STRING(optname(),$2),,enable_$1=ifelse($5,,maybe-all,$5)) +@@ -282,7 +282,7 @@ + dnl + dnl APACHE_ENABLE_MODULES + dnl +-AC_DEFUN(APACHE_ENABLE_MODULES,[ ++AC_DEFUN([APACHE_ENABLE_MODULES],[ + module_selection=default + module_default=yes + +@@ -312,7 +312,7 @@ + ]) + ]) + +-AC_DEFUN(APACHE_REQUIRE_CXX,[ ++AC_DEFUN([APACHE_REQUIRE_CXX],[ + if test -z "$apache_cxx_done"; then + AC_PROG_CXX + AC_PROG_CXXCPP +@@ -326,7 +326,7 @@ + dnl Configure for the detected openssl/ssl-c toolkit installation, giving + dnl preference to "--with-ssl=" if it was specified. + dnl +-AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[ ++AC_DEFUN([APACHE_CHECK_SSL_TOOLKIT],[ + if test "x$ap_ssltk_configured" = "x"; then + dnl initialise the variables we use + ap_ssltk_base="" +@@ -499,14 +499,14 @@ + dnl apache will use while generating scripts like autoconf and apxs and + dnl the default config file. + +-AC_DEFUN(APACHE_SUBST_EXPANDED_ARG,[ ++AC_DEFUN([APACHE_SUBST_EXPANDED_ARG],[ + APR_EXPAND_VAR(exp_$1, [$]$1) + APACHE_SUBST(exp_$1) + APR_PATH_RELATIVE(rel_$1, [$]exp_$1, ${prefix}) + APACHE_SUBST(rel_$1) + ]) + +-AC_DEFUN(APACHE_EXPORT_ARGUMENTS,[ ++AC_DEFUN([APACHE_EXPORT_ARGUMENTS],[ + APACHE_SUBST_EXPANDED_ARG(exec_prefix) + APACHE_SUBST_EXPANDED_ARG(bindir) + APACHE_SUBST_EXPANDED_ARG(sbindir) +--- httpd-2.1.3-alpha/build/apr_common.m4 ++++ httpd-2.1.3-alpha/build/apr_common.m4 +@@ -22,7 +22,7 @@ + dnl + dnl Saves a snapshot of the configure command-line for later reuse + dnl +-AC_DEFUN(APR_CONFIG_NICE,[ ++AC_DEFUN([APR_CONFIG_NICE],[ + rm -f $1 + cat >$1</dev/null 2>&1 +@@ -112,7 +112,7 @@ + dnl Trying to optimize this is left as an exercise to the reader who wants + dnl to put up with more autoconf craziness. I give up. + dnl +-AC_DEFUN(APR_SUBDIR_CONFIG, [ ++AC_DEFUN([APR_SUBDIR_CONFIG], [ + # save our work to this point; this allows the sub-package to use it + AC_CACHE_SAVE + +@@ -180,7 +180,7 @@ + dnl + dnl Stores the variable (usually a Makefile macro) for later restoration + dnl +-AC_DEFUN(APR_SAVE_THE_ENVIRONMENT,[ ++AC_DEFUN([APR_SAVE_THE_ENVIRONMENT],[ + apr_ste_save_$1="$$1" + ])dnl + +@@ -192,7 +192,7 @@ + dnl and restoring the original variable contents. This makes it possible + dnl for a user to override configure when it does something stupid. + dnl +-AC_DEFUN(APR_RESTORE_THE_ENVIRONMENT,[ ++AC_DEFUN([APR_RESTORE_THE_ENVIRONMENT],[ + if test "x$apr_ste_save_$1" = "x"; then + $2$1="$$1" + $1= +@@ -216,7 +216,7 @@ + dnl + dnl Set variable iff it's currently null + dnl +-AC_DEFUN(APR_SETIFNULL,[ ++AC_DEFUN([APR_SETIFNULL],[ + if test -z "$$1"; then + test "x$silent" != "xyes" && echo " setting $1 to \"$2\"" + $1="$2" +@@ -228,7 +228,7 @@ + dnl + dnl Set variable no matter what + dnl +-AC_DEFUN(APR_SETVAR,[ ++AC_DEFUN([APR_SETVAR],[ + test "x$silent" != "xyes" && echo " forcing $1 to \"$2\"" + $1="$2" + ])dnl +@@ -238,7 +238,7 @@ + dnl + dnl Add value to variable + dnl +-AC_DEFUN(APR_ADDTO,[ ++AC_DEFUN([APR_ADDTO],[ + if test "x$$1" = "x"; then + test "x$silent" != "xyes" && echo " setting $1 to \"$2\"" + $1="$2" +@@ -265,7 +265,7 @@ + dnl + dnl Remove a value from a variable + dnl +-AC_DEFUN(APR_REMOVEFROM,[ ++AC_DEFUN([APR_REMOVEFROM],[ + if test "x$$1" = "x$2"; then + test "x$silent" != "xyes" && echo " nulling $1" + $1="" +@@ -289,7 +289,7 @@ + dnl + dnl APR_CHECK_DEFINE_FILES( symbol, header_file [header_file ...] ) + dnl +-AC_DEFUN(APR_CHECK_DEFINE_FILES,[ ++AC_DEFUN([APR_CHECK_DEFINE_FILES],[ + AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[ + ac_cv_define_$1=no + for curhdr in $2 +@@ -311,7 +311,7 @@ + dnl + dnl APR_CHECK_DEFINE(symbol, header_file) + dnl +-AC_DEFUN(APR_CHECK_DEFINE,[ ++AC_DEFUN([APR_CHECK_DEFINE],[ + AC_CACHE_CHECK([for $1 in $2],ac_cv_define_$1,[ + AC_EGREP_CPP(YES_IS_DEFINED, [ + #include <$2> +@@ -328,7 +328,7 @@ + dnl + dnl APR_CHECK_APR_DEFINE( symbol ) + dnl +-AC_DEFUN(APR_CHECK_APR_DEFINE,[ ++AC_DEFUN([APR_CHECK_APR_DEFINE],[ + apr_old_cppflags=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $INCLUDES" + AC_EGREP_CPP(YES_IS_DEFINED, [ +@@ -353,7 +353,7 @@ + fi]) + ]) + +-define(APR_IFALLYES,[dnl ++define([APR_IFALLYES],[dnl + ac_rc=yes + for ac_spec in $1; do + ac_type=`echo "$ac_spec" | sed -e 's/:.*$//'` +@@ -405,7 +405,7 @@ + ]) + + +-define(APR_DECISION_OVERRIDE,[dnl ++define([APR_DECISION_OVERRIDE],[dnl + ac_decision='' + for ac_item in $1; do + eval "ac_decision_this=\$ac_decision_${ac_item}" +@@ -417,13 +417,13 @@ + ]) + + +-define(APR_DECISION_FORCE,[dnl ++define([APR_DECISION_FORCE],[dnl + ac_decision="$1" + eval "ac_decision_msg=\"\$ac_decision_${ac_decision}_msg\"" + ]) + + +-define(APR_END_DECISION,[dnl ++define([APR_END_DECISION],[dnl + if test ".$ac_decision" = .; then + echo "[$]0:Error: decision on $ac_decision_item failed" 1>&2 + exit 1 +@@ -443,7 +443,7 @@ + dnl A variant of AC_CHECK_SIZEOF which allows the checking of + dnl sizes of non-builtin types + dnl +-AC_DEFUN(APR_CHECK_SIZEOF_EXTENDED, ++AC_DEFUN([APR_CHECK_SIZEOF_EXTENDED], + [changequote(<<,>>)dnl + dnl The name to #define + define(<>, translit(sizeof_$2, [a-z *], [A-Z_P]))dnl +@@ -515,7 +515,7 @@ + dnl string. + dnl + dnl +-AC_DEFUN(APR_CHECK_STRERROR_R_RC,[ ++AC_DEFUN([APR_CHECK_STRERROR_R_RC],[ + AC_MSG_CHECKING(for type of return code from strerror_r) + AC_TRY_RUN([ + #include +@@ -550,7 +550,7 @@ + dnl structure on this platform. Single UNIX Spec says d_ino, + dnl BSD uses d_fileno. Undef to find the real beast. + dnl +-AC_DEFUN(APR_CHECK_DIRENT_INODE, [ ++AC_DEFUN([APR_CHECK_DIRENT_INODE], [ + AC_CACHE_CHECK([for inode member of struct dirent], apr_cv_dirent_inode, [ + apr_cv_dirent_inode=no + AC_TRY_COMPILE([ +@@ -588,7 +588,7 @@ + dnl Note that this is worthless without DT_xxx macros, so + dnl look for one while we are at it. + dnl +-AC_DEFUN(APR_CHECK_DIRENT_TYPE,[ ++AC_DEFUN([APR_CHECK_DIRENT_TYPE],[ + AC_CACHE_CHECK([for file type member of struct dirent], apr_cv_dirent_type,[ + apr_cv_dirent_type=no + AC_TRY_COMPILE([ +@@ -637,7 +637,7 @@ + dnl all "." and "-" chars. If the 3rd parameter is "yes" then instead of + dnl setting to 1 or 0, we set FLAG-TO-SET to yes or no. + dnl +-AC_DEFUN(APR_FLAG_HEADERS,[ ++AC_DEFUN([APR_FLAG_HEADERS],[ + AC_CHECK_HEADERS($1) + for aprt_i in $1 + do +@@ -658,7 +658,7 @@ + dnl is "yes" then instead of setting to 1 or 0, we set FLAG-TO-SET + dnl to yes or no. + dnl +-AC_DEFUN(APR_FLAG_FUNCS,[ ++AC_DEFUN([APR_FLAG_FUNCS],[ + AC_CHECK_FUNCS($1) + for aprt_j in $1 + do +@@ -683,7 +683,7 @@ + dnl APR_EXPAND_VAR(fraz, $baz) + dnl $fraz is now "1/2/3" + dnl +-AC_DEFUN(APR_EXPAND_VAR,[ ++AC_DEFUN([APR_EXPAND_VAR],[ + ap_last= + ap_cur="$2" + while test "x${ap_cur}" != "x${ap_last}"; +@@ -702,7 +702,7 @@ + dnl orig_path="${prefix}/bar" + dnl APR_PATH_RELATIVE(final_path, $orig_path, $prefix) + dnl $final_path now contains "bar" +-AC_DEFUN(APR_PATH_RELATIVE,[ ++AC_DEFUN([APR_PATH_RELATIVE],[ + ap_stripped=`echo $2 | sed -e "s#^$3##"` + # check if the stripping was successful + if test "x$2" != "x${ap_stripped}"; then +@@ -720,12 +720,12 @@ + dnl Note: this define must be on one line so that it can be properly returned + dnl as the help string. When using this macro with a multi-line RHS, ensure + dnl that you surround the macro invocation with []s +-AC_DEFUN(APR_HELP_STRING,[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])]) ++AC_DEFUN([APR_HELP_STRING],[ifelse(regexp(AC_ACVERSION, 2\.1), -1, AC_HELP_STRING([$1],[$2]),[ ][$1] substr([ ],len($1))[$2])]) + + dnl + dnl APR_LAYOUT(configlayout, layoutname [, extravars]) + dnl +-AC_DEFUN(APR_LAYOUT,[ ++AC_DEFUN([APR_LAYOUT],[ + if test ! -f $srcdir/config.layout; then + echo "** Error: Layout file $srcdir/config.layout not found" + echo "** Error: Cannot use undefined layout '$LAYOUT'" +@@ -781,7 +781,7 @@ + dnl + dnl APR_ENABLE_LAYOUT(default layout name [, extra vars]) + dnl +-AC_DEFUN(APR_ENABLE_LAYOUT,[ ++AC_DEFUN([APR_ENABLE_LAYOUT],[ + AC_ARG_ENABLE(layout, + [ --enable-layout=LAYOUT],[ + LAYOUT=$enableval +@@ -802,7 +802,7 @@ + dnl a reimplementation of autoconf's argument parser, + dnl used here to allow us to co-exist layouts and argument based + dnl set ups. +-AC_DEFUN(APR_PARSE_ARGUMENTS,[ ++AC_DEFUN([APR_PARSE_ARGUMENTS],[ + ac_prev= + for ac_option + do +@@ -924,7 +924,7 @@ + dnl + dnl Determine what program we can use to generate .deps-style dependencies + dnl +-AC_DEFUN(APR_CHECK_DEPEND,[ ++AC_DEFUN([APR_CHECK_DEPEND],[ + dnl Try to determine what depend program we can use + dnl All GCC-variants should have -MM. + dnl If not, then we can check on those, too. diff --git a/httpd-2.1.3alpha-layout.dif b/httpd-2.1.3alpha-layout.dif new file mode 100644 index 0000000..279c746 --- /dev/null +++ b/httpd-2.1.3alpha-layout.dif @@ -0,0 +1,57 @@ +--- httpd-2.1.3-alpha.orig/config.layout ++++ httpd-2.1.3-alpha/config.layout +@@ -202,6 +202,54 @@ + proxycachedir: /var/cache/httpd + + ++# SuSE >= 8.1 layout (32 bit system) ++ ++ prefix: /srv/www ++ exec_prefix: /usr ++ bindir: ${exec_prefix}/bin ++ sbindir: ${exec_prefix}/sbin ++ libdir: ${exec_prefix}/lib ++ libexecdir: ${exec_prefix}/lib/apache2${mpm_suffix} ++ mandir: ${exec_prefix}/share/man ++ sysconfdir: /etc/apache2 ++ datadir: ${prefix} ++ installbuilddir: ${exec_prefix}/share/apache2/build ++ errordir: ${exec_prefix}/share/apache2/error ++ iconsdir: ${exec_prefix}/share/apache2/icons ++ htdocsdir: ${datadir}/htdocs ++ manualdir: ${exec_prefix}/share/apache2/manual ++ cgidir: ${datadir}/cgi-bin ++ includedir: ${exec_prefix}/include/apache2${mpm_suffix} ++ localstatedir: /var/lib/apache2 ++ runtimedir: /var/run ++ logfiledir: /var/log/apache2 ++ proxycachedir: /var/cache/apache2 ++ ++ ++# SuSE >= 8.1 layout (64 bit system) ++ ++ prefix: /srv/www ++ exec_prefix: /usr ++ bindir: ${exec_prefix}/bin ++ sbindir: ${exec_prefix}/sbin ++ libdir: ${exec_prefix}/lib64 ++ libexecdir: ${exec_prefix}/lib64/apache2${mpm_suffix} ++ mandir: ${exec_prefix}/share/man ++ sysconfdir: /etc/apache2 ++ datadir: ${prefix} ++ installbuilddir: ${exec_prefix}/share/apache2/build ++ errordir: ${exec_prefix}/share/apache2/error ++ iconsdir: ${exec_prefix}/share/apache2/icons ++ htdocsdir: ${datadir}/htdocs ++ manualdir: ${exec_prefix}/share/apache2/manual ++ cgidir: ${datadir}/cgi-bin ++ includedir: ${exec_prefix}/include/apache2${mpm_suffix} ++ localstatedir: /var/lib/apache2 ++ runtimedir: /var/run ++ logfiledir: /var/log/apache2 ++ proxycachedir: /var/cache/apache2 ++ ++ + # BSD/OS layout + + prefix: /var/www diff --git a/httpd-2.1.9-apachectl.dif b/httpd-2.1.9-apachectl.dif new file mode 100644 index 0000000..3d25d4c --- /dev/null +++ b/httpd-2.1.9-apachectl.dif @@ -0,0 +1,65 @@ +diff -uNr httpd-2.1.3-alpha.orig/support/apachectl.in httpd-2.1.3-alpha/support/apachectl.in +--- httpd-2.1.3-alpha.orig/support/apachectl.in 2005-02-04 21:28:49.000000000 +0100 ++++ httpd-2.1.3-alpha/support/apachectl.in 2005-02-25 02:52:49.203566813 +0100 +@@ -41,17 +41,32 @@ + # -------------------- -------------------- + # + # the path to your httpd binary, including options if necessary +-HTTPD='@exp_sbindir@/@progname@' ++HTTPD='@exp_sbindir@/httpd2' + # + # pick up any necessary environment variables + if test -f @exp_sbindir@/envvars; then + . @exp_sbindir@/envvars + fi ++ ++pname=apache2 ++sysconfig_apache=/etc/sysconfig/$pname ++sysconfdir=/etc/$pname ++ ++test -s $sysconfig_apache && source $sysconfig_apache ++httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf} ++ + # + # a command that outputs a formatted text version of the HTML at the + # url given on the command line. Designed for lynx, however other + # programs may work. +-LYNX="@LYNX_PATH@ -dump" ++ ++if [ -x "`which w3m`" ]; then ++ LYNX="w3m -dump -cols ${COLUMNS:-80}" ++elif [ -x "`which lynx`" ]; then ++ LYNX="lynx -dump -width=${COLUMNS:-80}" ++fi ++ ++ + # + # the URL to your server's mod_status status page. If you do not + # have one, then status and fullstatus will not work. +@@ -77,7 +92,7 @@ + + case $ARGV in + start|stop|restart|graceful|graceful-stop) +- $HTTPD -k $ARGV ++ $HTTPD ${httpd_conf+-f $httpd_conf} -k $ARGV + ERROR=$? + ;; + startssl|sslstart|start-SSL) +@@ -87,7 +102,7 @@ + ERROR=2 + ;; + configtest) +- $HTTPD -t ++ $HTTPD ${httpd_conf+-f $httpd_conf} -t + ERROR=$? + ;; + status) +@@ -97,7 +112,7 @@ + $LYNX $STATUSURL + ;; + *) +- $HTTPD $ARGV ++ $HTTPD ${httpd_conf+-f $httpd_conf} $ARGV + ERROR=$? + esac + diff --git a/httpd-2.2.0-apxs-a2enmod.dif b/httpd-2.2.0-apxs-a2enmod.dif new file mode 100644 index 0000000..9583d7a --- /dev/null +++ b/httpd-2.2.0-apxs-a2enmod.dif @@ -0,0 +1,111 @@ +diff -uNr httpd-2.2.0.orig/support/apxs.in httpd-2.2.0/support/apxs.in +--- httpd-2.2.0.orig/support/apxs.in 2005-06-10 11:18:14.000000000 +0200 ++++ httpd-2.2.0/support/apxs.in 2005-12-07 11:04:38.337999601 +0100 +@@ -527,105 +527,14 @@ + + # activate module via LoadModule/AddModule directive + if ($opt_a or $opt_A) { +- if (not -f "$CFG_SYSCONFDIR/$CFG_TARGET.conf") { +- error("Config file $CFG_SYSCONFDIR/$CFG_TARGET.conf not found"); +- exit(1); +- } +- +- open(FP, "<$CFG_SYSCONFDIR/$CFG_TARGET.conf") || die; +- my $content = join('', ); +- close(FP); +- +- if ($content !~ m|\n#?\s*LoadModule\s+|) { +- error("Activation failed for custom $CFG_SYSCONFDIR/$CFG_TARGET.conf file."); +- error("At least one `LoadModule' directive already has to exist."); +- exit(1); +- } + + my $lmd; + my $c = ''; + $c = '#' if ($opt_A); + foreach $lmd (@lmd) { +- my $what = $opt_A ? "preparing" : "activating"; +- if ($content !~ m|\n#?\s*$lmd|) { +- # check for open , so that the new LoadModule +- # directive always appears *outside* of an . +- +- my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0]; +- +- # the '()=' trick forces list context and the scalar +- # assignment counts the number of list members (aka number +- # of matches) then +- my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg); +- my $cntclose = () = ($before =~ m|^\s*$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { +- print FP $content; +- close(FP); +- system("cp $CFG_SYSCONFDIR/$CFG_TARGET.conf $CFG_SYSCONFDIR/$CFG_TARGET.conf.bak && " . +- "cp $CFG_SYSCONFDIR/$CFG_TARGET.conf.new $CFG_SYSCONFDIR/$CFG_TARGET.conf && " . +- "rm $CFG_SYSCONFDIR/$CFG_TARGET.conf.new"); +- } else { +- notice("unable to open configuration file"); +- } +- } + } + } + diff --git a/httpd-2.2.3.tar.bz2 b/httpd-2.2.3.tar.bz2 new file mode 100644 index 0000000..22fb273 --- /dev/null +++ b/httpd-2.2.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd86e8221f9efb85497c46229d0f04237d4e66d293fabe98eb0745166aaf4b6c +size 4905728 diff --git a/load_configuration b/load_configuration new file mode 100644 index 0000000..63e0ccf --- /dev/null +++ b/load_configuration @@ -0,0 +1,10 @@ +#!/bin/bash + +: ${sysconfig_apache:=/etc/sysconfig/apache2} + +# +# load the configuration, but only if it hasn't been done already +# +if [ -z "$APACHE_MODULES" ]; then + . $sysconfig_apache +fi diff --git a/mkcert.sh.gz b/mkcert.sh.gz new file mode 100644 index 0000000..47001b0 --- /dev/null +++ b/mkcert.sh.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:90308cef136bdc2ad7501647a19ab321f9645f34a87bf2c496a334098915eef2 +size 4601 diff --git a/permissions.apache2 b/permissions.apache2 new file mode 100644 index 0000000..4ea02aa --- /dev/null +++ b/permissions.apache2 @@ -0,0 +1 @@ +/usr/sbin/suexec2 root:root 4755 diff --git a/rc.apache2 b/rc.apache2 new file mode 100644 index 0000000..13173c6 --- /dev/null +++ b/rc.apache2 @@ -0,0 +1,324 @@ +#!/bin/sh +# +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002, 2003 SuSE Linux AG +# +# Authors: Rolf Haberrecker , 2001 +# Peter Poeml , 2002, 2003, 2004, 2005 +# +# +# /etc/init.d/apache2 +# +### BEGIN INIT INFO +# Provides: apache2 httpd2 +# Required-Start: $local_fs $remote_fs $network +# X-UnitedLinux-Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd +# Required-Stop: $local_fs $remote_fs $network +# X-UnitedLinux-Should-Stop: +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: Apache 2.2 httpd +# Description: Start the httpd daemon Apache +### END INIT INFO + +pname=apache2 +: ${sysconfdir:=/etc/$pname} +: ${apache_link:=/usr/sbin/httpd2} +: ${sysconfig_apache:=/etc/sysconfig/$pname} +: ${pidfile:=/var/run/httpd2.pid} +: ${logdir:=/var/log/$pname} +: ${homedir:=/var/lib/$pname} + +# +# load the configuration +# +test -s /etc/rc.status && . /etc/rc.status && rc_reset + +. /usr/share/$pname/load_configuration +export ${!APACHE_*} + +httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf} + +apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) + +test -L $apache_link && apache_bin=$(readlink $apache_link) + +if [ -z "$APACHE_MPM" ]; then + APACHE_MPM=${apache_bin##*-} +fi + +if ! [ -x $apache_bin ]; then + echo >&2 ${warn}$apache_bin-$APACHE_MPM is not a valid httpd2 binary. + echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname. $norm + rc_failed 5 + rc_status -v1 + rc_exit +fi + +# a proper home should be set, otherwise the server might end up +# with HOME=/root and some script might try to use that +HOME=$homedir + +get_server_flags() +{ + unset server_flags + case "$action" in startssl) server_flags="-DSSL";; esac + for i in $APACHE_SERVER_FLAGS; do + case $i in + -D) ;; + -D*) server_flags="$server_flags $i";; + *) server_flags="$server_flags -D$i";; + esac + done +} + +action="$1" +case "$action" in + stop|try-restart|*status*|probe) + ;; + *) + shift; get_server_flags + ${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true + ${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true + ;; +esac + +# +# main part +# +case "$action" in + start*) + if [ -e $pidfile ]; then + $0 status &>/dev/null + ret=$? + if [ $ret = 1 ]; then + echo "Warning: found stale pidfile (unclean shutdown?)" + elif [ $ret = 0 ]; then + echo "Apache is already running ($pidfile)" + rc_failed $ret + rc_status -v1 + rc_exit + fi + fi + + echo -n "Starting httpd2 (${APACHE_MPM:-${apache_bin#*-}}) " + cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") + if eval $cmdline -t > $logdir/rc$pname.out 2>&1 ; then + export -n ${!APACHE_*} + eval startproc -f -t ${APACHE_START_TIMEOUT:-2} $cmdline + ret=$? + + if test -t 1 && stty -a 2>/dev/null | grep -q -- -echo\ ; then + # this means that apache was still waiting for a passphrase to be entered + stty echo 2>/dev/null + echo;echo + echo >&2 An SSL passphrase has not been entered within ${APACHE_START_TIMEOUT:-} seconds. + echo >&2 To increase this timeout, adjust APACHE_START_TIMEOUT in $sysconfig_apache . + # this surely means that apache won't start, despite it looked good to startproc + killall $apache_bin + echo >&2 "Trying to start the server without SSL (-D NOSSL)." + $0 start "$@" -D NOSSL + # rc_failed 1 + # rc_status -v1 + # rc_exit + else + rc_failed $ret + rc_status -v + fi + else + if [ "$link" = "$base" ] ; then + cat $logdir/rc$pname.out + echo >&2 + echo >&2 The command line was: + echo >&2 $cmdline + echo >&2 + else + echo -e -n "\nsee $logdir/rc$pname.out for details\n"; + fi + rc_failed 1 + rc_status -v1 + fi + ;; + stop) + echo -n "Shutting down httpd2 " + if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi + if ! [ -f $pidfile ]; then + echo -n "(not running)" + else + pid=$(<$pidfile) + kill -TERM $pid 2>/dev/null + case $? in + 1) echo -n "(not running)";; + 0) # wait until the processes are gone (the parent is the last one) + echo -n "(waiting for all children to terminate) " + for ((wait=0; wait<120; wait++)); do + if test -f $pidfile; then + usleep 500000 + continue + fi + if ! test -f /proc/$pid/exe; then + break + fi + if test "$(readlink /proc/$pid/exe 2>/dev/null)" = $apache_bin; then + usleep 500000 + else + break + fi + + done + ;; + esac + fi + + rc_status -v + ;; + try-restart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + $0 configtest "$@" || { rc_failed $?; rc_exit; } + + if $0 status &>/dev/null; then + $0 stop + fi + $0 start "$@" + # Remember status and be quiet + rc_status + ;; + restart-hup) + $0 configtest "$@" || { rc_failed $?; rc_exit; } + + if $0 status &>/dev/null; then + echo -n "Restarting httpd2 (SIGHUP)" + kill -HUP $(<$pidfile) || return=$rc_failed + else + $0 start "$@" + fi + # Remember status and be quiet + rc_status -v + ;; + reload|force-reload|graceful) + echo -n "Reload httpd2 (graceful restart)" + cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") + if eval $cmdline -t &> $logdir/rc$pname.out; then + killproc -USR1 $apache_bin || return=$rc_failed + rc_status -v + else + if [ "$link" = "$base" ] ; then + echo -e -n "\n\n" + cat $logdir/rc$pname.out + echo >&2 + echo >&2 The command line was: + echo >&2 $cmdline + echo >&2 + else + echo -e -n "\nsee $logdir/rc$pname.out for details\n"; + fi + rc_failed 6 + rc_status -v1 + fi + ;; + status) + if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi + echo -n "Checking for httpd2: " + # we don't use checkproc here since it is confused when we exchange the binaries + if ! [ -f $pidfile ]; then + # not running + rc_failed 3 + elif [ -s $pidfile -a -d /proc/$(<$pidfile) ]; then + # running + : + else + # stale pid file + rc_failed 1 + #rm -f $pidfile + fi + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + for i in $httpd_conf \ + $APACHE_CONF_INCLUDE_FILES \ + $APACHE_CONF_INCLUDE_DIRS + do + if [ $i -nt $pidfile ]; then + echo reload + break + fi + done + ;; + + conf*|test|syntax|check) + cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") + eval $cmdline -t + rc_failed $? + rc_exit + ;; + + extr*) + cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") + out=$(su - nobody -c "$cmdline" 2>&1) + case $out in + *make_sock:\ could\ not\ bind\ to\ address*) echo Syntax: OK; rc_failed=0;; + *) echo Syntax: NOT OK:; echo $out; rc_failed=1;; + esac + rc_exit + ;; + + server-status) + apache2ctl status + ;; + + full-server-status|fullstatus) + apache2ctl fullstatus + ;; + + *) + cat >&2 <<-EOF + Usage: $0 + + where is one of: + start - start httpd + startssl - start httpd with -DSSL + stop - stop httpd (sendign SIGTERM to parent) + try-restart - stop httpd and if this succeeds (i.e. if + it was running before), start it again. + status - check whether httpd is running + restart - stop httpd if running; start httpd + reload|graceful - do a graceful restart by sending a SIGUSR1 or + start if not running + configtest - do a configuration syntax test + extreme-configtest - try to run httpd as nobody (detects more errors + by actually loading the configuration, but cannot + read SSL certificates) + probe - probe for the necessity of a reload, give + out the argument which is required for a reload. + (by comparing conf files with pidfile timestamp) + full-server-status - dump a full status screen; requires lynx or w3m + and mod_status enabled + server-status - dump a short status screen; requires lynx or w3m + and mod_status enabled + help - this screen + + optional server flags are passed through to httpd. + + EOF + exit 1 +esac + + +# Inform the caller not only verbosely and set an exit status. +rc_exit diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..b05a9fb --- /dev/null +++ b/robots.txt @@ -0,0 +1,11 @@ +# exclude help system from robots +User-agent: * +Disallow: /manual/ +Disallow: /doc/ +Disallow: /gif/ +# but allow htdig to index our doc-tree +User-agent: susedig +Disallow: +# disallow stress test +user-agent: stress-agent +Disallow: / diff --git a/sysconf_addword b/sysconf_addword new file mode 100644 index 0000000..422d903 --- /dev/null +++ b/sysconf_addword @@ -0,0 +1,129 @@ +#!/bin/bash + +# Copyright 2005 Peter Poeml . All Rights Reserved. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + + +debug=false + +function usage() { + cat <<-EOF + usage: $(basename $0) [-r] FILE VAR WORD + + Add word WORD to variable VAR in file FILE, or remove + it if the -r option is given. + + Example: + $(basename $0) /etc/sysconfig/apache2 APACHE_SERVER_FLAGS asdf + leads to the change: + -APACHE_SERVER_FLAGS="SSL STATUS ruby" + +APACHE_SERVER_FLAGS="SSL STATUS ruby asdf" + + If multiple lines matching ^VAR= are found (which happens to be a habit of + mine), only the last one is manipulated. + + It does not work for WORD starting with characters like a dash which + prevent word boundary matching. + + EOF +} + +function word_present () { + . $file + case " ${!var} " in + *" $word "*) true;; + *) false;; + esac +} + +function add_word() { + local word=$1 + local word_quoted=$2 + if ! word_present; then + $debug && cp $file $tmpf + + cat <<-EOT_ED | ed -s $file &>/dev/null + H + # search backwards to last occurrence of var + ?^$var + s/^\($var=".*\)\(".*\)/\1 $word_quoted\2/ + s/=" /="/ + wq + EOT_ED + + $debug && diff -u $tmpf $file + else + echo \"$word\" already present + fi +} + +function remove_word() { + local word=$1 + local word_quoted=$2 + if word_present; then + $debug && cp $file $tmpf + + cat <<-EOT_ED | ed -s $file &>/dev/null + H + # search backwards to last occurrence of var + ?^$var + s/\(['" ]\)$word_quoted\(['" ]\)/\1 \2/g + s/ / /g + wq + EOT_ED + + $debug && diff -u $tmpf $file + else + echo \"$word\" not present + fi + +} + +# poor man's option parsing + +case "$1" in +-h) usage; exit 0;; +esac + +if [ $# -lt 3 ]; then + echo not enough arguments + echo + usage; exit 1 +fi + +action=add +case "$1" in +-r) action=remove; shift;; +esac + +file=$1; shift +var=$1; shift +word=$1 +word_quoted=${1//\//\\\/} + +if $debug; then + echo FILE: $file + echo VAR: $var + echo WORD: $word + echo current content: + grep "^$var=" $file | tail -n 1 + echo + +fi + + +$debug && tmpf=$(mktemp /tmp/$(basename $0).XXXXXX) + +if [ $action = add ]; then + add_word $word $word_quoted +else + remove_word $word $word_quoted +fi + +$debug && rm -f $tmpf + +exit 0 diff --git a/sysconfig.apache2 b/sysconfig.apache2 new file mode 100644 index 0000000..ff6eb66 --- /dev/null +++ b/sysconfig.apache2 @@ -0,0 +1,270 @@ +## Path: Network/WWW/Apache2 +## Description: Configuration for Apache 2 + +## Type: string +## Default: "" +## ServiceRestart: apache2 +# +# Here you can name files, separated by spaces, that should be Include'd from +# httpd.conf. +# +# This allows you to add e.g. VirtualHost statements without touching +# /etc/apache2/httpd.conf itself, which makes upgrading easier. +# +APACHE_CONF_INCLUDE_FILES="" + +## Type: string +## Default: "" +## ServiceRestart: apache2 +# +# Here you can name directories, separated by spaces, that should be Include'd +# from httpd.conf. +# +# All files contained in these directories will be recursively included by apache. +# If a pattern like *.conf is appended, apache will use it. +# +# Examples: "/etc/apache2/my_conf/" +# "/etc/apache2/virtual_hosts/*.conf" +# "local/*.conf /srv/www/virtual/" +# +APACHE_CONF_INCLUDE_DIRS="" + +## Type: string +## Default: "actions alias auth_basic authz_host authn_file authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5" +## ServiceRestart: apache2 +# +# [It might look silly to not simply edit httpd.conf for the LoadModule statements. +# However, since the LoadModule statements might need an absolute path to the modules, +# switching between MPMs can be quite a hassle. It's easier to just give the names here.] +# +# * list of all modules shipped with the base distribution: +# +@@all_modules@@ +# +# see http://httpd.apache.org/docs-2.2/mod/ ! +# +# * It pays to use IfDefine statements... like +# +# .... +# +# +# * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax. +# You may also name an absolute path if you like. +# +# * NOTE ON MOD_SSL: before you can enable this module, you need a server certificate. +# A test certificate can be created by entering +# 'cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. +# Also, you need to set the ServerName inside the +# block to the fully qualified domain name (see /etc/HOSTNAME). +# +# * if your server certificate is protected by a passphrase you should increase the +# APACHE_START_TIMEOUT (see above) +# +# * modules listed here will be ignored if they are not installed +# +# +# EXAMPLES: +# +# fairly minimal +# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif" +# +# apache's default installation +# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir" +# your settings +APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5" + + +## Type: string +## Default: "" +## ServiceRestart: apache2 +# +# Additional server flags: +# +# Put here any server flags ("Defines") that you want to hand over to +# httpd at start time, or other command line flags. +# +# Background: Any directives within an ... +# section are only processed if the flag is defined. +# This allows to write configuration which is active only in a +# special cases, like during server maintenance, or for testing +# something temporarily. +# +# Notably, to enable SSL support, 'SSL' needs to be added here. +# To enable the server-status, 'STATUS' needs to be added here. +# +# It does not matter if you write flag1, -D flag1 or -Dflag1. +# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2". +# +# Specifying such flags here is equivalent to giving them on the commandline. +# (e.g. via rcapache2 start -DReverseProxy) +# +# Example: +# "SSL STATUS AWSTATS SVN_VIEWCVS no_subversion_today" +# +APACHE_SERVER_FLAGS="" + +## Type: string +## Default: "" +## ServiceRestart: apache2 +# +# Which config file do you want to use? +# (if not set, /etc/apache2/httpd.conf is used.) +# It is unusual to need to use this setting. +# +APACHE_HTTPD_CONF="" + +## Type: list(prefork,worker) +## Default: "" +## ServiceRestart: apache2 +# +# MPM (multi-processing module) to use. +# +# Needed to determine with which MPM apache will run, as well as +# against which header files modules will be built. +# +# If not set, the system will simply pick one of the installed MPMs. +# +# The implementation of the logic is in /usr/share/apache2/find_mpm, +# a script which can be used standalone as well if needed. +# +APACHE_MPM="" + +## Type: string +## Default: "" +## ServiceReload: apache2 +# +# email address of the server administrator (ServerAdmin directive) +# This address is added to the server's responses if APACHE_SERVERSIGNATURE +# is set to "email". +# +# If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is +# taken from /etc/HOSTNAME. +# +# Note that ServerAdmin directives inside VirtualHost statements are not +# changed, even not the one in the stock SSL virtual host block. +# +APACHE_SERVERADMIN="" + +## Type: string +## Default: "" +## ServiceReload: apache2 +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If this is not set to valid DNS name for your host, server-generated +# redirections will not work. See also the UseCanonicalName directive. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address anyway, and this will make +# redirections work in a sensible way. +# +APACHE_SERVERNAME="" + +## Type: integer +## Default: 2 +# +# timeout during server startup (seconds) +# after this time, the start script decides wether the httpd process started without error. +# +# Increase it, if you use mod_ssl and your certificate is passphrase protected! +# +APACHE_START_TIMEOUT="2" + +## Type: list(on,off,email) +## Default: "on" +## ServiceReload: apache2 +# +# Configures the footer on server-generated documents +# This correlates to the ServerSignature directive. +# +APACHE_SERVERSIGNATURE="on" + +## Type: list(debug,info,notice,warn,error,crit,alert,emerg) +## Default: "warn" +## ServiceReload: apache2 +# +# LogLevel: Control the number of messages logged to the error_log. +# +APACHE_LOGLEVEL="warn" + +## Type: string +## Default: "/var/log/apache2/access_log combined" +## ServiceRestart: apache2 +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a +# container, they will be logged here. Contrarywise, if you *do* +# define per- access logfiles, transactions will be +# logged therein and *not* in this file. +# +# Simply set it to empty, if you configure it yourself somewhere else. +# +# Examples: +# +# If you would like to have agent and referer logfiles: +# +# setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent" +# corresponds to +# CustomLog /var/log/apache2/referer_log referer +# CustomLog /var/log/apache2/agent_log agent +# +# If you prefer a single logfile with access, agent, and referer information +# (Combined Logfile Format): +# +# setting it to "/var/log/apache2/access_log combined" +# corresponds to +# CustomLog /var/log/apache2/access_log combined +# +APACHE_ACCESS_LOG="/var/log/apache2/access_log combined" + +## Type: list(On,Off,DNS) +## Default: "Off" +## ServiceReload: apache2 +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +APACHE_USE_CANONICAL_NAME="off" + +## Type: list(Major,Minor,Minimal,ProductOnly,OS,Full) +## Default: "OS" +## ServiceReload: apache2 +# +# How much information the server response header field contains about the server. +# (installed modules, versions, etc.) +# see http://httpd.apache.org/docs-2.2/mod/core.html#servertokens +# +APACHE_SERVERTOKENS="OS" + +## Type: list(on,off) +## Default: "off" +## ServiceReload: apache2 +# +# If mod_status is used, include extended information about the server, like +# CPU usage, in the status report. It is a server-wide setting, and it can cost +# some performance! +# +APACHE_EXTENDED_STATUS="off" + +## Type: list(on,off) +## Default: "off" +## ServiceRestart: apache2 +# +# Enable buffered logging +# +APACHE_BUFFERED_LOGS="off" + +## Type: integer +## Default: 300 +## ServiceReload: apache2 +# +# Timeout: The number of seconds before receives and sends time out. +# It is a server wide setting. +# +APACHE_TIMEOUT="300" +