From d15e98e21bffa98611b2eb19485abda6d4cd1239649e64f5b85c93f9c1e71356 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Mon, 16 Jul 2018 12:08:37 +0000
Subject: [PATCH 1/3] - updated to 2.4.34:   *) Introduce zh-cn and zh-tw
 (simplified and traditional Chinese) error      document translations.
 [CodeingBoy, popcorner]   *) event: avoid possible race conditions with
 modules on the child pool.      [Stefan Fritsch]   *) mod_proxy: Fix a corner
 case where the ProxyPassReverseCookieDomain or     
 ProxyPassReverseCookiePath directive could fail to update correctly     
 'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.      [Christophe
 Jaillet]   *) mod_ratelimit: fix behavior when proxing content. PR 62362.    
  [Luca Toscano, Yann Ylavic]   *) core: Re-allow '_' (underscore) in
 hostnames.      [Eric Covener]   *) mod_authz_core: If several parameters are
 used in a AuthzProviderAlias      directive, if these parameters are not
 enclosed in quotation mark, only      the first one is handled. The other
 ones are silently ignored.      Add a message to warn about such a spurious
 configuration.      PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe
 Jaillet]   *) mod_md: improvements and bugfixes      - MDNotifyCmd now takes
 additional parameter that are passed on to the called command.      - ACME
 challenges have better checks for interference with other modules      - ACME
 challenges are only handled for domains managed by the module, allowing      
  other ACME clients to operate for other domains in the server.      - better
 libressl integration   *) mod_proxy_wstunnel: Add default schema ports for
 'ws' and 'wss'.      PR 62480. [Lubos Uhliarik <luhliari redhat.com>}   *)
 logging: Some early logging-related startup messages could be lost      when
 using syslog for the global ErrorLog. [Eric Covener]   *) mod_cache: Handle
 case of an invalid Expires header value RFC compliant      like the case of
 an Expires time in the past: allow to overwrite the

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=562
---
 apache2.changes          | 111 +++++++++++++++++++++++++++++++++++++++
 apache2.spec             |  23 +++-----
 httpd-2.4.33.tar.bz2     |   3 --
 httpd-2.4.33.tar.bz2.asc |  11 ----
 httpd-2.4.34.tar.bz2     |   3 ++
 httpd-2.4.34.tar.bz2.asc |  16 ++++++
 6 files changed, 138 insertions(+), 29 deletions(-)
 delete mode 100644 httpd-2.4.33.tar.bz2
 delete mode 100644 httpd-2.4.33.tar.bz2.asc
 create mode 100644 httpd-2.4.34.tar.bz2
 create mode 100644 httpd-2.4.34.tar.bz2.asc

diff --git a/apache2.changes b/apache2.changes
index c34f38f..103123e 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,11 +1,122 @@
+-------------------------------------------------------------------
+Mon Jul 16 12:03:39 UTC 2018 - pgajdos@suse.com
+
+- updated to 2.4.34:
+  *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
+     document translations. [CodeingBoy, popcorner]
+  *) event: avoid possible race conditions with modules on the child pool.
+     [Stefan Fritsch]
+  *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
+     ProxyPassReverseCookiePath directive could fail to update correctly
+     'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.
+     [Christophe Jaillet]
+  *) mod_ratelimit: fix behavior when proxing content. PR 62362.
+     [Luca Toscano, Yann Ylavic]
+  *) core: Re-allow '_' (underscore) in hostnames.
+     [Eric Covener]
+  *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
+     directive, if these parameters are not enclosed in quotation mark, only
+     the first one is handled. The other ones are silently ignored.
+     Add a message to warn about such a spurious configuration.
+     PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
+  *) mod_md: improvements and bugfixes
+     - MDNotifyCmd now takes additional parameter that are passed on to the called command.
+     - ACME challenges have better checks for interference with other modules
+     - ACME challenges are only handled for domains managed by the module, allowing
+       other ACME clients to operate for other domains in the server.
+     - better libressl integration
+  *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
+     PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
+  *) logging: Some early logging-related startup messages could be lost
+     when using syslog for the global ErrorLog. [Eric Covener]
+  *) mod_cache: Handle case of an invalid Expires header value RFC compliant
+     like the case of an Expires time in the past: allow to overwrite the
+     non-caching decision using CacheStoreExpired and respect Cache-Control
+     "max-age" and "s-maxage".  [Rainer Jung]
+  *) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.
+     [Micha Lenk <micha lenk.info>, Yann Ylavic]
+  *) mod_proxy_http: Fix response header thrown away after the previous one
+     was considered too large and truncated. PR 62196. [Yann Ylavic]
+  *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
+     of functions to consume the end of line when the buffer is exhausted.
+     PR 62198. [Yann Ylavic]
+  *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
+     allow maximum HTTP response header size to be increased past 8192
+     bytes.  PR 62199.  [Hank Ibell <hwibell gmail.com>]
+  *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
+     of a certificate chain.  PR62112.
+     [Ricardo Martin Camarero <rickyepoderi yahoo.es>]
+  *) http: Fix small memory leak per request when handling persistent
+     connections.  [Ruediger Pluem, Joe Orton]
+  *) mod_proxy_html: Fix variable interpolation and memory allocation failure
+     in ProxyHTMLURLMap.  [Ewald Dieterich <ewald mailbox.org>]
+  *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
+     PR 62220.  [Chritophe Jaillet, Yann Ylavic]
+  *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
+     zero out what had been initialized as the connection-level port.  PR59931.
+     [Hank Ibell <hwibell gmail.com>]
+  *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
+     [Yann Ylavic]
+  *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
+     Hot spare members are used as drop-in replacements for unusable workers
+     in the same load balancer set. This differs from hot standbys which are
+     only used when all workers in a set are unusable. PR 61140. [Jim Riggs]
+  *) suexec: Add --enable-suexec-capabilites support on Linux, to use
+     setuid/setgid capability bits rather than a setuid root binary.
+     [Joe Orton]
+  *) suexec: Add support for logging to syslog as an alternative to
+     logging to a file; use --without-suexec-logfile --with-suexec-syslog.
+     [Joe Orton]
+  *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
+     which broke some rare but previously-working configs.  [Joe Orton]
+  *) core, log: improve sanity checks for the ErrorLog's syslog config, and
+     explicitly allow only lowercase 'syslog' settings. PR 62102
+     [Luca Toscano, Jim Riggs, Christophe Jaillet]
+  *) mod_http2: accurate reporting of h2 data input/output per request via
+     mod_logio. Fixes an issue where output sizes where counted n-times on
+     reused slave connections.  [Stefan Eissing]
+     See github issue: https://github.com/icing/mod_h2/issues/158
+  *) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
+     [Stefan Eissing]
+  *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
+     [Stefan Eissing]
+  *) mod_proxy: Do not restrict the maximum pool size for backend connections
+     any longer by the maximum number of threads per process and use a better
+     default if mod_http2 is loaded.
+     [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Gregg Smith]
+  *) mod_slotmem_shm: Add generation number to shm filename to fix races
+     with graceful restarts. PRs 62044 and 62308.  [Jim Jagielski, Yann Ylavic]
+  *) core: Preserve the original HTTP request method in the '%<m' LogFormat
+     when an path-based ErrorDocument is used.  PR 62186.
+     [Micha Lenk <micha lenk.info>]
+  *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
+     HTTP/2 requests.  [Stefan Eissing]
+     See also https://github.com/roadrunner2/mod-proxy-protocol/issues/6
+  *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
+     regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic]
+  *) mod_md: Fix compilation with OpenSSL before version 1.0.2.  [Rainer Jung]
+  *) mod_dumpio: do nothing below log level TRACE7.  [Yann Ylavic]
+  *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
+     [Eric Covener]
+  *) core: On ECBDIC platforms, some errors related to oversized headers
+     may be misreported or be logged as ASCII escapes.  PR 62200
+     [Hank Ibell <hwibell gmail.com>]
+  *) mod_ssl: Fix cmake-based build.  PR 62266.  [Rainer Jung]
+  *) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
+     section containers.  [Eric Covener, Joe Orton]
+* %check: do not load all modules, just use default loadmodule.conf; some 
+  modules require to load another ones in advance
+
 -------------------------------------------------------------------
 Tue Mar 27 15:22:00 UTC 2018 - mikhail.kasimov@gmail.com
 
 - Updated description for SSLProtocol option. [bsc#1086854]
+
 -------------------------------------------------------------------
 Tue Mar 27 14:19:00 UTC 2018 - mikhail.kasimov@gmail.com
 
 - Updated description (PCI DSS) for SSLProtocol option. [bsc#1086854]
+
 -------------------------------------------------------------------
 Mon Mar 26 14:16:14 UTC 2018 - pgajdos@suse.com
 
diff --git a/apache2.spec b/apache2.spec
index d68770c..7e130e0 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -68,7 +68,7 @@
 %define build_http2 0
 %endif
 Name:           apache2
-Version:        2.4.33
+Version:        2.4.34
 Release:        0
 Summary:        The Apache Web Server Version 2.4
 License:        Apache-2.0
@@ -457,7 +457,7 @@ for mpm in %{mpms_to_build}; do
 	sed -i -e "s@%{_localstatedir}/run@%{runtimedir}@g" include/ap_config_layout.h
 
 	make CFLAGS="%{optflags} -fvisibility=hidden -fPIC -Wall -DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"'" %{?_smp_mflags}
-	make DESTDIR=%{buildroot} install %{?_smp_mflags}
+	make DESTDIR=%{buildroot} install #%{?_smp_mflags}
 
 	# show pathnames in config files
 	echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||:
@@ -773,6 +773,11 @@ rm -f %{buildroot}/%{_libdir}/%{name}-*/*.exp	# needed only on AIX
 rm -f %{buildroot}/%{_libdir}/%{name}/*.exp		# needed only on AIX
 rm -f %{buildroot}/%{_sbindir}/checkgid		# needed only for user installations from tarball
 rm -r %{buildroot}/%{sysconfdir}/extra 		# it is already in the documentation directory
+#
+# do not ship example configuration files in
+# /etc/apache2, but %doc them later
+#
+mv %{buildroot}/%{sysconfdir}/original .
 
 %check
 # now check wether httpd binary runs properly
@@ -780,8 +785,6 @@ rm -r %{buildroot}/%{sysconfdir}/extra 		# it is already in the documentation di
 #
 pushd %{buildroot}/%{sysconfdir}
 for i in *.conf; do
-  # loadmodule.conf.test will be created later
-  [ "$i" == loadmodule.conf ] && continue
   cp $i $i.test;
 done
 sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
@@ -795,23 +798,13 @@ sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
 		default-server.conf > default-server.conf.test
 sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \
 		global.conf.test
-
-popd
-pushd %{buildroot}
-for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
-	mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module
-	mod_path=
-	echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test
-done
-# auth_ldap_module needs to be loaded after ldap_module
-echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test
+sed -i 's+%{_libdir}+%{buildroot}/%{_libdir}+' loadmodule.conf.test
 popd
 
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
 %{buildroot}/%{_sbindir}/httpd-%{default_mpm} \
 	-e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1
 rm %{buildroot}/%{sysconfdir}/*.test
-mv %{buildroot}/%{sysconfdir}/original .
 
 %files -f filelist
 %defattr(-,root,root)
diff --git a/httpd-2.4.33.tar.bz2 b/httpd-2.4.33.tar.bz2
deleted file mode 100644
index 144129e..0000000
--- a/httpd-2.4.33.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de02511859b00d17845b9abdd1f975d5ccb5d0b280c567da5bf2ad4b70846f05
-size 6934765
diff --git a/httpd-2.4.33.tar.bz2.asc b/httpd-2.4.33.tar.bz2.asc
deleted file mode 100644
index eeadb09..0000000
--- a/httpd-2.4.33.tar.bz2.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQEcBAABCAAGBQJarafeAAoJEJleNSIa2E3/aj8IAKOyV2UbjIQiugBS7CAV1PUh
-WSAHWDjWM4LnmZj9rfQUTdbWxlz8oMDlnE1C2eIstH3aG5BCf9VRx4phlD+tYtTz
-Iykh3gKKB/x3+HFN/8aQ+tSGLtaeqfvx9cyUdRbzKWy6vU/6UxISHzQS6VhISxjn
-5+xW+GpJMS78rsP9sO7xC9V5pjsjIbz8gBhwxrX0e1fIOaEKBo2sWzwStzRnEzfz
-BzP6qQTHe0cIQexTzdppBHIU+Sh2Ef//FCv33jOW2drXcLJFaYVGfK+aZwS789Hl
-AFWAw5ShVAR+u+8rivvAjY25z73I/iBpzxrXfSt9J9UvGcl9bjFxKBx/KiR61zs=
-=FtXJ
------END PGP SIGNATURE-----
diff --git a/httpd-2.4.34.tar.bz2 b/httpd-2.4.34.tar.bz2
new file mode 100644
index 0000000..82dbc26
--- /dev/null
+++ b/httpd-2.4.34.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fa53c95631febb08a9de41fd2864cfff815cf62d9306723ab0d4b8d7aa1638f0
+size 6942969
diff --git a/httpd-2.4.34.tar.bz2.asc b/httpd-2.4.34.tar.bz2.asc
new file mode 100644
index 0000000..72d27bc
--- /dev/null
+++ b/httpd-2.4.34.tar.bz2.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEqT1i7MPI6hLbIg7JNOp25nkUhagFAltEutIACgkQNOp25nkU
+haij3g/+LUZNmeOdnP1qG1jHII2gZO+47TtHYzAXflBJ7tG1bbmbsRfJrvnuTSKb
+/6buFczrK5++s+Q2IfQY8FW0Nudg51a+2w1jXJd53rmt+VSS8YP1dtu7dYDJTYXn
+fiau4Q1Q7M5rKE2HRar34ElpGhpdyGZY7hm8vkKi+mjmWAer1YitIlnmYOqgvvqu
+11SKmlZBGaayE+nFTjpmrrFP8o9bo2qvU/j9CKrbhxPhtFxmuX9/6sRgI59e51O5
+TPx/VsRfKaWoA/9Dxjm7c5EjRXPsB7X/OSLG0CYXMVNCVFoUxCtWbYulhELrSzb4
+0dbhv70zi/uS6hgEAgRCN0TeqL2zjocihEDmlc67ERtn3/ByB7N0WfF2wqO2KuWC
+tKr3LSUUobRFJZ/uB1n7wsT6/8J7m6UbaQQaEe2VtQTbIdsK8xjsfZxRSCMIGXco
+q2CwtsNREFf3t9fFPKJYet2M3AGtoq75mCljD1DKyAO3Pc8zmd0BtGg8ZtzjnaBl
+YvFKChTYlZCZe5HK2xY6RSfT6q62Gu75ze7CAhCJ9vu5Z2PrDK7k1v1rsFbOI4bd
+a7asCmOuoytjbENx/ArvnmNusG1JCASuBvqOYk3tB6mBEVVnJgGIO8Eyy1EEaYnL
+HmVNx/WipEQgJtuTvTLTCuMZTuZ1pAm4J72QjDx82ilP11+j0eY=
+=yJjl
+-----END PGP SIGNATURE-----

From cb7119cf39082ba3668d06522eb2ac8763268ddd36399f3f8eb0d4b27d9ca035 Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Mon, 16 Jul 2018 12:42:01 +0000
Subject: [PATCH 2/3] OBS-URL:
 https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=563

---
 apache2.spec | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/apache2.spec b/apache2.spec
index 7e130e0..da3093b 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -21,7 +21,8 @@
   %define _fillupdir /var/adm/fillup-templates
 %endif
 
-%define apache_mmn	%(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
+%define src_name        httpd-%{version}
+%define apache_mmn	%(test -s %{src_name}.tar.bz2 && { echo -n apache_mmn_; bzcat %{src_name}.tar.bz2 | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; } || echo apache_mmn_notfound)
 %define suse_maintenance_mmn  0
 %define	default_mpm	prefork
 %define prefork 1
@@ -74,8 +75,8 @@ Summary:        The Apache Web Server Version 2.4
 License:        Apache-2.0
 Group:          Productivity/Networking/Web/Servers
 Url:            http://httpd.apache.org/
-Source0:        http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1:        http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
+Source0:        http://www.apache.org/dist/httpd/%{src_name}.tar.bz2
+Source1:        http://www.apache.org/dist/httpd/%{src_name}.tar.bz2.asc
 Source2:        apache2.keyring
 # Add file to take mtime from it in prep section
 Source3:        apache2.changes
@@ -333,7 +334,7 @@ Utilities provided by the Apache 2 Web Server project which are useful
 to administrators of web servers in general.
 
 %prep
-%setup -q -n httpd-%{version} -a30
+%setup -q -n %{src_name} -a30
 %patch2 -p1
 %patch23
 %patch66 -p1

From 3c89d098ac6fa6aed48f70cc6c2051571177d66595fd792ec2a8afcf97f1273d Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Mon, 16 Jul 2018 13:15:03 +0000
Subject: [PATCH 3/3] * %install: parallel install is broken

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=564
---
 apache2.changes | 1 +
 apache2.spec    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apache2.changes b/apache2.changes
index 103123e..115faa9 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -106,6 +106,7 @@ Mon Jul 16 12:03:39 UTC 2018 - pgajdos@suse.com
      section containers.  [Eric Covener, Joe Orton]
 * %check: do not load all modules, just use default loadmodule.conf; some 
   modules require to load another ones in advance
+* %install: parallel install is broken
 
 -------------------------------------------------------------------
 Tue Mar 27 15:22:00 UTC 2018 - mikhail.kasimov@gmail.com
diff --git a/apache2.spec b/apache2.spec
index da3093b..9f641e5 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -458,7 +458,7 @@ for mpm in %{mpms_to_build}; do
 	sed -i -e "s@%{_localstatedir}/run@%{runtimedir}@g" include/ap_config_layout.h
 
 	make CFLAGS="%{optflags} -fvisibility=hidden -fPIC -Wall -DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"'" %{?_smp_mflags}
-	make DESTDIR=%{buildroot} install #%{?_smp_mflags}
+	make DESTDIR=%{buildroot} install -j1
 
 	# show pathnames in config files
 	echo;echo;echo; diff -U1 docs/conf/httpd-std.conf.in docs/conf/httpd-std.conf ||: