diff --git a/.gitattributes b/.gitattributes
index 6a7e248..8f5be96 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -22,4 +22,5 @@
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
+60C5442D.key filter=lfs diff=lfs merge=lfs -text
Apache.xpm filter=lfs diff=lfs merge=lfs -text
diff --git a/60C5442D.key b/60C5442D.key
new file mode 100644
index 0000000..138c2aa
--- /dev/null
+++ b/60C5442D.key
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2d0f272a697be2b07f52f676817d8a07fb1715d0a1402ed4cff60cb3bb1ba907
+size 64309
diff --git a/apache2-ssl-global.conf b/apache2-ssl-global.conf
index 16b9ddc..ed88bce 100644
--- a/apache2-ssl-global.conf
+++ b/apache2-ssl-global.conf
@@ -29,7 +29,12 @@
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
+
+ SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass
+
+
SSLPassPhraseDialog builtin
+
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
diff --git a/apache2-systemd-ask-pass b/apache2-systemd-ask-pass
new file mode 100644
index 0000000..f9b8973
--- /dev/null
+++ b/apache2-systemd-ask-pass
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2): "
diff --git a/apache2-vhost-ssl.template b/apache2-vhost-ssl.template
index 4976128..cf4d277 100644
--- a/apache2-vhost-ssl.template
+++ b/apache2-vhost-ssl.template
@@ -182,7 +182,7 @@
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
- SetEnvIf User-Agent ".*MSIE.*" \
+ SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
diff --git a/apache2.2-mpm-itk-20090414-00.patch b/apache2.2-mpm-itk-20090414-00.patch
index cdc97cf..f3c17d4 100644
--- a/apache2.2-mpm-itk-20090414-00.patch
+++ b/apache2.2-mpm-itk-20090414-00.patch
@@ -1,22 +1,20 @@
unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:39:03.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/Makefile.in
@@ -0,0 +1,5 @@
+
+LTLIBRARY_NAME = libitk.la
+LTLIBRARY_SOURCES = itk.c
+
+include $(top_srcdir)/build/ltlib.mk
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:39:03.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/config.m4
@@ -0,0 +1,3 @@
+if test "$MPM_NAME" = "itk" ; then
-+ APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
+fi
-diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/experimental/itk/itk.c
---- httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200
-+++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:31:05.000000000 +0200
+--- /dev/null
++++ server/mpm/experimental/itk/itk.c
@@ -0,0 +1,1740 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
@@ -1758,9 +1756,8 @@ diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/e
+ itk_cmds, /* command apr_table_t */
+ itk_hooks, /* register hooks */
+};
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:39:03.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:33.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/mpm.h
@@ -0,0 +1,68 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
@@ -1830,9 +1827,8 @@ unchanged:
+extern server_rec *ap_server_conf;
+#endif /* APACHE_MPM_ITK_H */
+/** @} */
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:39:03.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:33.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/mpm_default.h
@@ -0,0 +1,80 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
@@ -1914,19 +1910,18 @@ unchanged:
+
+#endif /* AP_MPM_DEFAULT_H */
+/** @} */
-unchanged:
---- apache2.2.orig/server/mpm/config.m4 2007-01-29 21:30:26.000000000 +0100
-+++ apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100
+--- server/mpm/config.m4.orig
++++ server/mpm/config.m4
@@ -1,7 +1,7 @@
AC_MSG_CHECKING(which MPM to use)
AC_ARG_WITH(mpm,
APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use.
-- MPM={beos|event|worker|prefork|mpmt_os2}),[
-+ MPM={beos|event|worker|prefork|mpmt_os2|itk}),[
+- MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[
++ MPM={beos|event|worker|prefork|mpmt_os2|winnt|itk}),[
APACHE_MPM=$withval
],[
if test "x$APACHE_MPM" = "x"; then
-@@ -23,7 +23,7 @@
+@@ -23,7 +23,7 @@ ap_mpm_is_threaded ()
ap_mpm_is_experimental ()
{
@@ -1935,17 +1930,20 @@ unchanged:
return 0
else
return 1
-unchanged:
---- apache2.2.orig/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:51.000000000 +0100
-+++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100
-@@ -1,3 +1,3 @@
- if test "$MPM_NAME" = "itk" ; then
-- APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
-+ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
+@@ -66,6 +66,11 @@ if ap_mpm_is_experimental; then
+ else
+ MPM_SUBDIR_NAME=$MPM_NAME
fi
-unchanged:
---- httpd-2.2.11/include/http_request.h 2009-03-21 13:03:31.000000000 +0100
-+++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:41.000000000 +0100
++
++if test "$apache_cv_mpm" = "itk" ; then
++ AC_CHECK_LIB(cap, cap_init)
++fi
++
+ MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
+ MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
+
+--- include/http_request.h.orig
++++ include/http_request.h
@@ -12,6 +12,12 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
@@ -1959,7 +1957,7 @@ unchanged:
*/
/**
-@@ -350,6 +356,15 @@
+@@ -350,6 +356,15 @@ AP_DECLARE_HOOK(int,auth_checker,(reques
*/
AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
@@ -1975,9 +1973,8 @@ unchanged:
AP_DECLARE(int) ap_location_walk(request_rec *r);
AP_DECLARE(int) ap_directory_walk(request_rec *r);
AP_DECLARE(int) ap_file_walk(request_rec *r);
-unchanged:
---- httpd-2.2.11/server/request.c 2009-03-21 13:03:13.000000000 +0100
-+++ httpd-2.2.11/server/request.c 2009-03-21 13:03:41.000000000 +0100
+--- server/request.c.orig
++++ server/request.c
@@ -12,6 +12,12 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
@@ -1991,7 +1988,7 @@ unchanged:
*/
/*
-@@ -61,6 +67,7 @@
+@@ -61,6 +67,7 @@ APR_HOOK_STRUCT(
APR_HOOK_LINK(auth_checker)
APR_HOOK_LINK(insert_filter)
APR_HOOK_LINK(create_request)
@@ -1999,7 +1996,7 @@ unchanged:
)
AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
-@@ -80,6 +87,8 @@
+@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,auth_che
AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
(request_rec *r), (r), OK, DECLINED)
@@ -2008,7 +2005,7 @@ unchanged:
static int decl_die(int status, char *phase, request_rec *r)
-@@ -158,6 +167,13 @@
+@@ -158,6 +167,13 @@ AP_DECLARE(int) ap_process_request_inter
return access_status;
}
@@ -2022,18 +2019,3 @@ unchanged:
/* Only on the main request! */
if (r->main == NULL) {
if ((access_status = ap_run_header_parser(r))) {
-unchanged:
---- httpd-2.2.11.orig/server/mpm/config.m4 2009-04-14 23:26:41.000000000 +0200
-+++ httpd-2.2.11/server/mpm/config.m4 2009-04-14 23:28:03.000000000 +0200
-@@ -66,6 +66,11 @@
- else
- MPM_SUBDIR_NAME=$MPM_NAME
- fi
-+
-+if test "$apache_cv_mpm" = "itk" ; then
-+ AC_CHECK_LIB(cap, cap_init)
-+fi
-+
- MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
- MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
-
diff --git a/apache2.changes b/apache2.changes
index 3e4f9ac..7e75b3a 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,104 @@
+-------------------------------------------------------------------
+Wed Sep 14 01:11:55 CEST 2011 - draht@suse.de
+
+- Update to 2.2.21. News therein:
+ * re-worked CVE-2011-3192 (byterange_filter.c) with a regression
+ fix. New config option: MaxRanges (PR 51748)
+ * multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs,
+ mod_alias, mod_rewrite. As always, see CHANGES file.
+- added httpd-%{realver}.tar.bz2.asc to source, along with
+ 60C5442D.key which the tarball was signed with.
+
+-------------------------------------------------------------------
+Tue Sep 13 10:37:37 CEST 2011 - draht@suse.de
+
+- need to add %ghost /lib/systemd to satisfy distributions that
+ have no systemd yet.
+
+-------------------------------------------------------------------
+Thu Sep 1 09:43:49 UTC 2011 - fcrozat@suse.com
+
+- Add apache2-systemd-ask-pass / apache2.service / start_apache2
+ and modify apache2-ssl-global.conf for systemd support
+ (bnc#697137).
+
+-------------------------------------------------------------------
+Wed Aug 31 12:52:22 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to version 2.2.20, fix CVE-2011-3192
+ mod_deflate D.o.S.
+
+
+-------------------------------------------------------------------
+Fri Aug 5 06:02:35 UTC 2011 - crrodriguez@opensuse.org
+
+- Fix apache PR 45076
+
+-------------------------------------------------------------------
+Sun Jul 17 19:49:55 UTC 2011 - crrodriguez@opensuse.org
+
+- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage
+
+-------------------------------------------------------------------
+Wed Jun 22 16:12:10 UTC 2011 - crrodriguez@opensuse.org
+
+- Add 2 patches from the "low hanging fruit" warnings in apache
+ STATUS page.
+ * mod_deflate: Stop compressing HEAD requests
+ if there is not Content-Length header
+ * mod_reqtimeout: Disable keep-alive after read timeout
+
+-------------------------------------------------------------------
+Fri Jun 10 00:59:53 UTC 2011 - crrodriguez@opensuse.org
+
+- Remove -fno-strict-aliasing from CFLAGS, no longer needed.
+
+-------------------------------------------------------------------
+Wed Jun 8 19:10:41 UTC 2011 - crrodriguez@opensuse.org
+
+- Allow KeepAliveTimeout to be expressed in miliseconds
+ sometimes one second is too long, upstream r733557.
+
+-------------------------------------------------------------------
+Mon Jun 6 18:16:05 UTC 2011 - crrodriguez@opensuse.org
+
+- When linux changes to version 3.x configure tests are gonna break.
+ remove version check, assuming kernel 2.2 or later.
+
+-------------------------------------------------------------------
+Thu May 26 03:35:05 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to 2.2.19, only one bugfix.
+*) Revert ABI breakage in 2.2.18 caused by the function signature change
+ of ap_unescape_url_keep2f(). This release restores the signature from
+ 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
+ [Eric Covener]
+
+-------------------------------------------------------------------
+Fri May 20 19:28:03 UTC 2011 - crrodriguez@opensuse.org
+
+- Remove SSLv2 disabled patch, already in upstream.
+- Update to version 2.2.18
+* mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+* core: Treat timeout reading request as 408 error, not 400.
+* core: Only log a 408 if it is no keepalive timeout.
+* mod_rewrite: Allow to unset environment variables.
+* prefork: Update MPM state in children during a graceful restart.
+* Other fixes in mod_cache,mod_dav,mod_proxy se NEWS for detail.
+
+-------------------------------------------------------------------
+Wed Apr 20 23:24:26 UTC 2011 - crrodriguez@opensuse.org
+
+- Fix regular expression in vhost ssl template IE workaround
+ it is obsolete see https://issues.apache.org/bugzilla/show_bug.cgi?id=49484
+ You should apply this update to fix painfully slow SSL
+ connections when using IE.
+
+-------------------------------------------------------------------
+Mon Apr 11 16:19:14 UTC 2011 - crrodriguez@opensuse.org
+
+- Allow usage of an openSSL library compiled without SSlv2
+
-------------------------------------------------------------------
Fri Apr 8 13:41:48 UTC 2011 - lnussel@suse.de
diff --git a/apache2.service b/apache2.service
new file mode 100644
index 0000000..9e30d6c
--- /dev/null
+++ b/apache2.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=apache
+After=syslog.target network.target
+Before=getty@tty1.service
+
+[Service]
+Type=forking
+PIDFile=/var/run/httpd2.pid
+EnvironmentFile=/etc/sysconfig/apache2
+ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start
+ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -t
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/apache2.spec b/apache2.spec
index b530dbd..739a110 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -67,13 +67,15 @@ BuildRequires: expat-devel
%define platform_string Linux/%VENDOR
License: ASLv..
Group: Productivity/Networking/Web/Servers
-%define realver 2.2.17
-Version: 2.2.17
-Release: 6
+%define realver 2.2.21
+Version: 2.2.21
+Release: 1
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
# Add file to take mtime from it in prep section
Source1: apache2.changes
+Source5: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2.asc
+Source6: 60C5442D.key
Source10: SUSE-NOTICE
Source11: rc.%{pname}
Source13: sysconfig.%{pname}
@@ -116,6 +118,9 @@ Source130: apache2-vhost.template
Source131: apache2-vhost-ssl.template
Source140: apache2-check_forensic
Source141: apache-20-22-upgrade
+Source142: start_apache2
+Source143: apache2-systemd-ask-pass
+Source144: apache2.service
Patch2: httpd-2.1.3alpha-layout.dif
Patch23: httpd-2.1.9-apachectl.dif
Patch65: httpd-2.0.49-log_server_status.dif
@@ -123,6 +128,10 @@ Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
Patch68: httpd-2.x.x-logresolve.patch
Patch100: apache2.2-mpm-itk-20090414-00.patch
+Patch101: httpd-2.2.19-linux3.patch
+Patch102: httpd-keepalivetimeout-millisecs.patch
+Patch104: httpd-mod_deflate_head.patch
+Patch105: ssl-mode-release-buffers.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.0
@@ -339,7 +348,11 @@ to administrators of web servers in general.
%patch66 -p1
%patch67 -p1
%patch68 -p1
-%patch100 -p1
+%patch100
+%patch101
+%patch102
+%patch104
+%patch105
#
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
#
@@ -354,8 +367,7 @@ sed -i -e "s/__DATE__ \" \" __TIME__;/\"$CHANGES\";/" server/buildmark.c
# now configure Apache
#
%if 0%{?suse_version} > 910
-aclocal
-autoreconf --force --install
+autoreconf -fiv
%else
rm -rf aclocal.m4 autom4te*.cache
autoheader
@@ -368,7 +380,7 @@ autoconf
# /O |_)|_|||(_|
#
function configure {
- CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
+ CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -DLDAP_DEPRECATED" \
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
./configure \
--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
@@ -455,7 +467,6 @@ for mpm in %{mpms_to_build}; do
mv include/ap_config_auto.h.new include/ap_config_auto.h
make CFLAGS="$RPM_OPT_FLAGS -fPIC \
- -fno-strict-aliasing \
-Wall \
-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
@@ -589,7 +600,11 @@ tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir}
#
# init script and friends
mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/etc/init.d $RPM_BUILD_ROOT/lib/systemd/system/
install -m 744 $RPM_SOURCE_DIR/rc.%{pname} $RPM_BUILD_ROOT/etc/init.d/%{pname}
+install -m 744 $RPM_SOURCE_DIR/start_apache2 $RPM_BUILD_ROOT/usr/sbin/start_apache2
+install -m 744 $RPM_SOURCE_DIR/apache2-systemd-ask-pass $RPM_BUILD_ROOT/usr/sbin/apache2-systemd-ask-pass
+install -m 744 $RPM_SOURCE_DIR/apache2.service $RPM_BUILD_ROOT/lib/systemd/system/apache2.service
ln -sf ../../etc/init.d/%{pname} $RPM_BUILD_ROOT/%{_sbindir}/rc%{pname}
install -m 755 $RPM_SOURCE_DIR/load_configuration $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
install -m 755 $RPM_SOURCE_DIR/find_mpm $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
@@ -847,6 +862,7 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%config(noreplace) /etc/permissions.d/%{pname}
%endif
%config /etc/init.d/%{pname}
+/lib/systemd/system/%{pname}.service
#
%{_sbindir}/rc%{pname}
%{_sbindir}/apache%{vers}ctl
@@ -857,6 +873,8 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%{_sbindir}/a2enmod
%{_sbindir}/a2disflag
%{_sbindir}/a2dismod
+%{_sbindir}/start_apache2
+%{_sbindir}/apache2-systemd-ask-pass
%{_bindir}/log_server_status%{vers}
%{iconsdir}
%{errordir}
@@ -875,6 +893,9 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
%{_prefix}/share/%{pname}/sysconf_addword
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
+%ghost /lib/systemd
+%ghost /lib/systemd/system
+
%if %prefork
%files prefork
diff --git a/httpd-2.2.17.tar.bz2 b/httpd-2.2.17.tar.bz2
deleted file mode 100644
index 494bfc2..0000000
--- a/httpd-2.2.17.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
-size 4951247
diff --git a/httpd-2.2.19-linux3.patch b/httpd-2.2.19-linux3.patch
new file mode 100644
index 0000000..57ef1c5
--- /dev/null
+++ b/httpd-2.2.19-linux3.patch
@@ -0,0 +1,17 @@
+--- configure.in.orig
++++ configure.in
+@@ -274,13 +274,7 @@ case $host in
+ APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+ ;;
+ *-linux-*)
+- case `uname -r` in
+- 2.[[2-9]]* )
+- APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+- ;;
+- * )
+- ;;
+- esac
++ APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+ ;;
+ *486-*-bsdi* | *-netbsd* | *-freebsd* | *-apple-darwin* | *-dec-osf* | *-qnx)
+ APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
diff --git a/httpd-2.2.21.tar.bz2 b/httpd-2.2.21.tar.bz2
new file mode 100644
index 0000000..599657a
--- /dev/null
+++ b/httpd-2.2.21.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
+size 5324905
diff --git a/httpd-2.2.21.tar.bz2.asc b/httpd-2.2.21.tar.bz2.asc
new file mode 100644
index 0000000..d11ac68
--- /dev/null
+++ b/httpd-2.2.21.tar.bz2.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAABAgAGBQJOaiQfAAoJEFWTvKlgxUQtWu4P/j/xCzXtpb2h1H4gNQtakXjp
+KFhfccvzlOGFpkUjauQ0so5Jj+wVVAgiElr7L0+YvmtXoUyNjCgToqqJTqT/3fwG
+uxKDFfqB5ujbCstKbJ4yKhMy92aDjX1+uWWr8J/1WX//SOWY/uUl/GhJnhEFAB6p
+YExuqqrQfrZcAfC6ME35Gbam6+I8OfHVIeT0m6hLOw6UaHaPXdoRj0CAKNy4NFEf
+ckyw2ddlz83ivek9naGxVFg4v/jN8CoSw3zVfto1QaQ7P+FMA5CrYoCPiEI0A6KA
+534L8xcXf02mN6Y2lgl3C6PYQYcGO198Zmd9xU3RCXsfaFgaOrV4D/fD9TVq1hLK
+OSHPU3AOf7IdFiq99qo7EsXNYrxS0xurv67HaodKXvNNRg8D8TBxDNWO1NpbGp3A
+/zDLm3wxpV2qSOSaZbIbyH8PhX2i4UurSo6y2AVrLENUmV4/bD51qJlitCL23YOo
+5vnK99CnPsWHe36p/GyMMJW2d2fn2tUroLTo/ebCdICZlQJhhWYI7+GHNQNkhqMt
+hp5m8so9Goabs+cKtdxiyARR6+AsyLh+2aRc35dgHpa95Tn3SkuAJ1KTM3ecbzgj
+BxJbA0M3snO9RmNo2h88HELzaA5WaB0Z1kVgYW6gjYELnWRpu+iGMJxFpgXQ6guQ
+CUiByAFuIQukRlpIU/qx
+=AWI2
+-----END PGP SIGNATURE-----
diff --git a/httpd-keepalivetimeout-millisecs.patch b/httpd-keepalivetimeout-millisecs.patch
new file mode 100644
index 0000000..2970a91
--- /dev/null
+++ b/httpd-keepalivetimeout-millisecs.patch
@@ -0,0 +1,20 @@
+--- modules/http/http_core.c.orig
++++ modules/http/http_core.c
+@@ -47,12 +47,15 @@ static int ap_process_http_connection(co
+ static const char *set_keep_alive_timeout(cmd_parms *cmd, void *dummy,
+ const char *arg)
+ {
++ apr_interval_time_t timeout;
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+ if (err != NULL) {
+ return err;
+ }
+-
+- cmd->server->keep_alive_timeout = apr_time_from_sec(atoi(arg));
++ /* Stolen from mod_proxy.c */
++ if (ap_timeout_parameter_parse(arg, &timeout, "s") != APR_SUCCESS)
++ return "KeepAliveTimeout has wrong format";
++ cmd->server->keep_alive_timeout = timeout;
+ return NULL;
+ }
+
diff --git a/httpd-mod_deflate_head.patch b/httpd-mod_deflate_head.patch
new file mode 100644
index 0000000..6d4011a
--- /dev/null
+++ b/httpd-mod_deflate_head.patch
@@ -0,0 +1,23 @@
+--- modules/filters/mod_deflate.c.orig
++++ modules/filters/mod_deflate.c
+@@ -582,6 +582,20 @@ static apr_status_t deflate_out_filter(a
+ apr_bucket *b;
+ apr_size_t len;
+
++ /*
++ * Optimization: If we are a HEAD request and bytes_sent is not zero
++ * it means that we have passed the content-length filter once and
++ * have more data to sent. This means that the content-length filter
++ * could not determine our content-length for the response to the
++ * HEAD request anyway (the associated GET request would deliver the
++ * body in chunked encoding) and we can stop compressing.
++ */
++ if (r->header_only && r->bytes_sent) {
++ ap_remove_output_filter(f);
++ return ap_pass_brigade(f->next, bb);
++ }
++
++
+ e = APR_BRIGADE_FIRST(bb);
+
+ if (APR_BUCKET_IS_EOS(e)) {
diff --git a/ssl-mode-release-buffers.patch b/ssl-mode-release-buffers.patch
new file mode 100644
index 0000000..5898966
--- /dev/null
+++ b/ssl-mode-release-buffers.patch
@@ -0,0 +1,13 @@
+--- modules/ssl/ssl_engine_init.c.orig
++++ modules/ssl/ssl_engine_init.c
+@@ -482,7 +482,9 @@ static void ssl_init_ctx_protocol(server
+ }
+
+ mctx->ssl_ctx = ctx;
+-
++#ifdef SSL_MODE_RELEASE_BUFFERS
++ SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
++#endif
+ SSL_CTX_set_options(ctx, SSL_OP_ALL);
+
+ if (!(protocol & SSL_PROTOCOL_SSLV2)) {
diff --git a/start_apache2 b/start_apache2
new file mode 100644
index 0000000..48ff11b
--- /dev/null
+++ b/start_apache2
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
+# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
+# Copyright (c) 2002, 2003, (2004?) SuSE Linux AG
+# Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH
+#
+# Authors: Rolf Haberrecker , 2001
+# Peter Poeml , 2002, 2003, 2004, 2005, 2006, 2007,
+# 2008, 2009, 2010
+#
+#
+pname=apache2
+. /usr/share/$pname/load_configuration
+
+export ${!APACHE_*}
+
+apache_link=/usr/sbin/httpd2
+apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
+httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2/httpd.conf}
+
+test -L $apache_link && apache_bin=$(readlink $apache_link)
+
+if [ -z "$APACHE_MPM" ]; then
+ APACHE_MPM=${apache_bin##*-}
+fi
+
+if ! [ -x $apache_bin ]; then
+ echo >&2 $apache_bin-$APACHE_MPM is not a valid httpd2 binary.
+ echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname.
+ exit 5
+fi
+
+# a proper home should be set, otherwise the server might end up
+# with HOME=/root and some script might try to use that
+HOME=/var/lib/apache2
+
+unset server_flags
+case "$action" in startssl) server_flags="-DSSL";; esac
+for i in $APACHE_SERVER_FLAGS; do
+ case $i in
+ -D) ;;
+ -D*) server_flags="$server_flags $i";;
+ *) server_flags="$server_flags -D$i";;
+ esac
+done
+${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true
+${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true
+
+export -n ${!APACHE_*}
+exec $apache_bin -f $httpd_conf $server_flags $@