Commit Graph

108 Commits

Author SHA256 Message Date
163b7694ca Accepting request 252743 from home:lnussel:branches:Apache
- move most ssl options to ssl-global.conf. There is usually no need
  for every vhost to re-define the ciphers for example (bnc#865582).
  Drop some commented entries that only lead to confusion.

OBS-URL: https://build.opensuse.org/request/show/252743
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=407
2014-09-29 08:10:08 +00:00
4b31aea044 Accepting request 252506 from home:pgajdos
- more 2.2 -> 2.4 [bnc#862058]

OBS-URL: https://build.opensuse.org/request/show/252506
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=406
2014-09-26 15:16:44 +00:00
e897f2962b Accepting request 252298 from home:pgajdos
- ServerSignature=Off and ServerTokens=Prod by request from 
  security team [bnc#716495]

- fix documentation links 2.2 -> 2.4 [bnc#888163] (internal)

OBS-URL: https://build.opensuse.org/request/show/252298
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=405
2014-09-25 15:29:49 +00:00
Cristian Rodríguez
b0906927d0 Accepting request 241778 from home:elvigia:branches:Apache
- Update package Summary and Description. 
- version 2.4.10
* SECURITY: CVE-2014-0117 (cve.mitre.org)
* SECURITY: CVE-2014-3523 (cve.mitre.org)
* SECURITY: CVE-2014-0226 (cve.mitre.org)
* SECURITY: CVE-2014-0118 (cve.mitre.org)
* SECURITY: CVE-2014-0231 (cve.mitre.org)
* Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua
* mod_proxy_fcgi supports unix sockets.

OBS-URL: https://build.opensuse.org/request/show/241778
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=404
2014-07-23 20:22:18 +00:00
Roman Drahtmueller
d7aec51e00 Accepting request 241685 from home:mcalmer:branches:Apache
- provide httpd.service as alias for apache2.service for
  compatibility reasons (bnc#888093)

OBS-URL: https://build.opensuse.org/request/show/241685
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=403
2014-07-21 10:12:28 +00:00
Cristian Rodríguez
19a944dee7 Accepting request 227796 from home:elvigia:branches:Apache
- version 2.4.9 
* SECURITY: CVE-2014-0098
* SECURITY: CVE-2013-6438
* multiple bugfixes and improvements to mod_ssl, mod_lua,
  mod_session and core, see CHANGES for details.

OBS-URL: https://build.opensuse.org/request/show/227796
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=402
2014-03-27 16:21:35 +00:00
Roman Drahtmueller
c5bb63f9e2 - /etc/sysconfig/apache2: add socache_shmcb to the list of modules
that are enabled.
  /etc/apache2/ssl-global.conf: make SSLSessionCache shmcb...
  conditional on IfModule socache_shmcb.
  The same applies to SSLSessionCache dmb:* via module socache_dbm
  in commented section of same file. [bnc#864185]
- /etc/sysconfig/apache2: remove reference to non-existing script
  /usr/share/doc/packages/apache2/certificate.sh, which was only a
  wrapper to mkcert.sh anyways. [bnc#864185]

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=401
2014-02-17 17:32:05 +00:00
Peter Poeml
c00cf22114 Accepting request 214772 from home:aeneas_jaissle:branches:Apache
Correct apache2.changes, mention the drop of httpd-event-ssl.patch

OBS-URL: https://build.opensuse.org/request/show/214772
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=400
2014-02-11 23:36:16 +00:00
Cristian Rodríguez
74d7ddb780 Accepting request 208347 from home:elvigia:branches:Apache
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
  and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
 (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
*  event MPM: Fix possible crashes
*  mod_deflate: Improve error detection
* core: Add open_htaccess hook  in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
  keys, and unconditionally disable aNULL, eNULL and EXP ciphers
 (not overridable via SSLCipherSuite)
* see CHANGES for more details

OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
2013-11-25 22:26:02 +00:00
Cristian Rodríguez
8ac24cac75 Accepting request 207095 from home:elvigia:branches:Apache
- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes
 mod_ssl-2.4.x-ekh.diff this new patch is the final
  form of the rework, merged for 2.4.7.

OBS-URL: https://build.opensuse.org/request/show/207095
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=398
2013-11-16 01:22:18 +00:00
Tomáš Chvátal
738fecb393 Accepting request 205788 from home:fdekruijf:branches:Apache
Removed obsolete directive DefaultType bnc#848146
Changed access control to use new Require type directives

OBS-URL: https://build.opensuse.org/request/show/205788
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=397
2013-11-11 14:10:25 +00:00
Cristian Rodríguez
4c27b7a385 Accepting request 204767 from home:elvigia:branches:Apache
- reenable mod_ssl-2.4.x-ekh.diff

OBS-URL: https://build.opensuse.org/request/show/204767
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=396
2013-10-25 00:06:51 +00:00
Cristian Rodríguez
028198afb4 Accepting request 204342 from home:elvigia:branches:Apache
- Correct build in old distros. 

- disable (revert) mod_ssl changes in the previous
  commit so it does not end in factory or 13.1 yet.

- make mod_systemd static so scenarios described in 
  [bnc#846897] do not happen again.

OBS-URL: https://build.opensuse.org/request/show/204342
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=395
2013-10-22 15:46:52 +00:00
Cristian Rodríguez
4380c6bdd7 Accepting request 204244 from home:elvigia:branches:Apache
- mod_ssl: improve ephemeral key handling in particular, support DH params
  with more than 1024 bits, and allow custom configuration.
  This patch adjust DH parameters according to the relevant RFC 
  recommendations and permanently disables the usage of "export"
  and "NULL" ciphers no matter what the user configuration is
  (mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)

OBS-URL: https://build.opensuse.org/request/show/204244
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=394
2013-10-21 23:51:12 +00:00
Cristian Rodríguez
a7e48a73f8 Accepting request 204242 from home:elvigia:branches:Apache
- fix [bnc#846897] problems building kiwi images due to 
  systemd not being running in chroot. (submit to 13.1 ASAP)

OBS-URL: https://build.opensuse.org/request/show/204242
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=393
2013-10-21 23:38:35 +00:00
093d4afe6d Accepting request 203323 from home:a_jaeger:FactoryFix
Fix SUSE spelling.

OBS-URL: https://build.opensuse.org/request/show/203323
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=392
2013-10-15 15:43:17 +00:00
Cristian Rodríguez
1d6ce77ab3 Accepting request 197315 from home:elvigia:branches:Apache
- Also fix subtle non-obvious systemd unit confusion
  we really mean -DFOREGROUND not -DNO_DETACH the latter only 
  inhibits the parent from forking, not quite the same as 
  running in well.. the foreground as required.

OBS-URL: https://build.opensuse.org/request/show/197315
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=391
2013-09-03 15:41:55 +00:00
Cristian Rodríguez
888fcaf9d4 Accepting request 197199 from home:elvigia:branches:Apache
- Ensure we only use /run and not /var/run

OBS-URL: https://build.opensuse.org/request/show/197199
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=390
2013-09-03 04:07:30 +00:00
Cristian Rodríguez
4281e40e7d Accepting request 196847 from home:elvigia:branches:Apache
- Really use %requires_ge for libapr1 and libapr-util1 
  mentioned but not implemented in the previous commit.

OBS-URL: https://build.opensuse.org/request/show/196847
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=389
2013-08-30 04:51:32 +00:00
Cristian Rodríguez
5c9e18bb5e Accepting request 196614 from home:elvigia:branches:Apache
- Use %requires_ge for libapr1 and libapr-util1
- apache2-default-server.conf: Need to use IncludeOptional
- apache-20-22-upgrade: also load authz_core
- httpd-visibility.patch: Use compiler symbol visibility.

OBS-URL: https://build.opensuse.org/request/show/196614
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=387
2013-08-28 07:32:31 +00:00
Cristian Rodríguez
efb0f36327 Accepting request 185577 from home:msmeissn:branches:Apache
- Make the default keysize in the sample gensslcerts 2048 bits to match
  government recommendations.

OBS-URL: https://build.opensuse.org/request/show/185577
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=386
2013-08-02 18:44:55 +00:00
Cristian Rodríguez
0652f52358 Accepting request 185347 from home:elvigia:branches:Apache
- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)

OBS-URL: https://build.opensuse.org/request/show/185347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=385
2013-08-01 02:55:58 +00:00
Cristian Rodríguez
148df8527a Accepting request 184902 from home:elvigia:branches:Apache
- provide and obsolete mod_macro 
- upgrade: some people complain that log_config module 
 is not enabled by default sometimes, fix that.
- upgrade : "SSLMutex" no longer exists.
- Toogle EnableSendfile on because now apache defaults to off
  due to kernel bugs. that's a silly thing to do here 
  as kernel bugs have to be fixed at their source, not worked around
  in applications.

OBS-URL: https://build.opensuse.org/request/show/184902
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=384
2013-07-29 23:51:31 +00:00
Cristian Rodríguez
47f165c1bd Accepting request 184028 from home:elvigia:branches:Apache
- httpd-event-ssl.patch: from upstream 
  Lift the restriction that prevents mod_ssl taking
  full advantage of the event MPM.

OBS-URL: https://build.opensuse.org/request/show/184028
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=383
2013-07-22 22:00:14 +00:00
Cristian Rodríguez
647cfe7aba Accepting request 184014 from home:elvigia:branches:Apache
- Update to version 2.4.6
*  SECURITY: CVE-2013-1896 (cve.mitre.org)
*  SECURITY: CVE-2013-2249 (cve.mitre.org)
*  Major updates to mod_lua
*  Support for proxying websocket requests
*  Higher performant shm-based cache implementation
*  Addition of mod_macro for easier configuration management
*  As well as several exciting fixes, especially those related to RFC edge
 cases in mod_cache and mod_proxy.
- IMPORTANT : With the current packaging scheme, we can no longer
Include the ITK MPM, therefore it has been disabled. This is because
this MPM can now only be provided as a loadable module but we do
not currently build MPMs as shared modules but as independant
binaries and all helpers/startup scripts depend on that behaviour.
It will be fixed in the upcoming weeks/months.

OBS-URL: https://build.opensuse.org/request/show/184014
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=382
2013-07-22 17:04:27 +00:00
Cristian Rodríguez
8ec9a9f331 Accepting request 179383 from home:elvigia:branches:Apache
- apache-20-22-upgrade: still no cookie, module authn_file 
  is ok and must not be disabled on update.
  authn_core must however be enabled too.

OBS-URL: https://build.opensuse.org/request/show/179383
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=381
2013-06-18 07:44:40 +00:00
Cristian Rodríguez
6c94b60b21 Accepting request 179377 from home:elvigia:branches:Apache
- fix apache_mmn spec macro, otherwise all modules down 
  the chain will have broken dependencies

OBS-URL: https://build.opensuse.org/request/show/179377
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=380
2013-06-18 06:46:24 +00:00
Cristian Rodríguez
c386f992ca Accepting request 179374 from home:elvigia:branches:Apache
- remove After=mysql.service php-fpm.service postgresql.service 
  which were added in the previous change, those must be added
  as Before=apache2.service in the respective services.

- Include mod_systemd for more complete integration with 
  systemd, turn the service to Typé=notify as required
- Disable SSL NPN patch for now, it is required for mod_spdy
  but mod_spdy does not support apache 2.4

- apache 2.4.4 
* fix for CVE-2012-3499
* fix for the CRIME attack (disable ssl compression by default)
* many other bugfies
* build access_compat amd unixd as static modules and solve
 some other upgrade quirks (bnc#813705)

OBS-URL: https://build.opensuse.org/request/show/179374
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=379
2013-06-18 05:57:29 +00:00
Cristian Rodríguez
86ea9c10f2 Accepting request 156289 from home:mlin7442:branches:Apache
Install apache2.service accordingly (/usr/lib/systemd for 12.3 and up or /lib/systemd for older versions)

OBS-URL: https://build.opensuse.org/request/show/156289
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=378
2013-02-25 18:49:36 +00:00
163ede5f9d OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=377 2013-01-28 09:04:59 +00:00
Cristian Rodríguez
01f74d8ce8 Accepting request 149979 from home:elvigia:branches:Apache
-  Apache 2.4.3 
* SECURITY: CVE-2012-3502
* SECURITY: CVE-2012-2687
* mod_cache: Set content type in case we return stale content.
* lots of bugfixes see http://www.apache.org/dist/httpd/CHANGES_2.4.3

- Improve systemd unit file (tested for months)

OBS-URL: https://build.opensuse.org/request/show/149979
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=376
2013-01-28 03:33:43 +00:00
e22b74353a Accepting request 148936 from home:-miska-:branches:Apache
- - use %set_permissions instead %run_permissions (bnc#764097)

OBS-URL: https://build.opensuse.org/request/show/148936
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=375
2013-01-18 17:45:43 +00:00
Cristian Rodríguez
55a6bc22c8 Accepting request 129514 from home:elvigia:branches:Apache
- Fix factory-auto (aka r2dbag) complains about URL.
- Provide a symlink for apxs2 new location otherwise 
  all buggy spec files of external modules will break.

OBS-URL: https://build.opensuse.org/request/show/129514
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=372
2012-08-01 04:13:58 +00:00
Cristian Rodríguez
435dd9044b Accepting request 129511 from home:elvigia:branches:Apache
- BuildRequire xz explicitly, fix build in !Factory 
- Drop more old, unused patches

OBS-URL: https://build.opensuse.org/request/show/129511
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=371
2012-08-01 02:26:59 +00:00
Roman Drahtmueller
e249e1729b Accepting request 129508 from home:elvigia:branches:Apache
- Upgrade to apache 2.4.2
** ATTENTION, before installing this update YOU MUST
READ http://httpd.apache.org/docs/2.4/upgrading.html
CAREFULLY otherwise your server will most likely
fail to start due to backward incompatible changes.
* You can read the huge complete list of changes
  at http://httpd.apache.org/docs/2.4/new_features_2_4.html

OBS-URL: https://build.opensuse.org/request/show/129508
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370
2012-08-01 01:54:19 +00:00
Roman Drahtmueller
9386014e7c Accepting request 128919 from home:saschpe:branches:Apache
- gensslcert: Use 0400 permissions for generated SSL certificate files
  instead of 0644

OBS-URL: https://build.opensuse.org/request/show/128919
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=368
2012-07-27 11:17:03 +00:00
Cristian Rodríguez
bb379cae66 Accepting request 127274 from home:msmeissn:branches:Apache
- modified apache2.2-mpm-itk-20090414-00.patch to fix
  itk running as root. bnc#681176 / CVE-2011-1176

OBS-URL: https://build.opensuse.org/request/show/127274
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=366
2012-07-10 23:37:45 +00:00
Roman Drahtmueller
f52518a957 Accepting request 127265 from home:msmeissn:branches:Apache
- remove the insecure LD_LIBRARY_PATH line. bnc#757710

OBS-URL: https://build.opensuse.org/request/show/127265
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=365
2012-07-06 10:09:39 +00:00
Factory Maintainer
a0c3c6411d Accepting request 114975 from home:dimstar
Add patch to enable npn for mod_spdy... specially advertise this capability...

OBS-URL: https://build.opensuse.org/request/show/114975
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=363
2012-05-29 09:03:52 +00:00
Roman Drahtmueller
c3a81454c7 Accepting request 110180 from home:adrianSuSE:branches:Apache
patch seems to be lost, we require it on our OBS installations

OBS-URL: https://build.opensuse.org/request/show/110180
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361
2012-03-20 18:13:21 +00:00
Peter Poeml
8877af9243 - fix installation of (moved) man pages
- adjusted SSL template/default config for upstream changes, and added
  MaxRanges example to apache2-server-tuning.conf

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=359
2012-02-18 21:19:08 +00:00
Peter Poeml
61c26886ee update to 2.2.22
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=358
2012-02-18 16:52:29 +00:00
Factory Maintainer
120b388e44 Accepting request 103789 from home:coolo:branches:openSUSE:Factory
- compile with pcre 8.30 - patch taken from apache bugzilla

OBS-URL: https://build.opensuse.org/request/show/103789
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=356
2012-02-13 12:49:59 +00:00
Factory Maintainer
dc9fbb8810 Accepting request 102748 from home:computersalat:devel:apache
add default vhost configs

OBS-URL: https://build.opensuse.org/request/show/102748
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=355
2012-02-11 08:39:57 +00:00
Roman Drahtmueller
58cce20330 - enable mod_reqtimeout by default via APACHE_MODULES in
/etc/sysconfig/apache2, configuration 
  /etc/apache2/mod_reqtimeout.conf .
  Of course, the existing configuration remains unchanged.

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=354
2012-01-21 12:57:30 +00:00
Roman Drahtmueller
3fdc7560a6 Accepting request 96234 from home:msmeissn:branches:Apache
does not need openldap2 package, just openldap2-devel and libldap...

OBS-URL: https://build.opensuse.org/request/show/96234
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=352
2011-12-12 11:06:24 +00:00
Stephan Kulow
df135f4b2d Accepting request 94928 from home:coolo:removeautomake
add automake to buildrequires

OBS-URL: https://build.opensuse.org/request/show/94928
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=351
2011-12-02 16:41:12 +00:00
Roman Drahtmueller
1ee79ea228 - update to /etc/init.d/apache2: handle reload with deleted
binaries after package update more thoughtfully: If the binaries
  have been replaced, then a dlopen(3) on the apache modules is
  prone to fail. => Don't reload then, but complain and fail.
  Especially important for logrotate!

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=350
2011-11-18 15:55:03 +00:00
Roman Drahtmueller
2c5775e2e0 - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff fixes mod_proxy
reverse exposure via RewriteRule or ProxyPassMatch directives.
  This is CVE-2011-3368.

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=344
2011-10-07 15:12:49 +00:00
Roman Drahtmueller
1796587345 Accepting request 87076 from home:fcrozat:branches:Apache
- Ensure service_add_pre macro is correctly called for 
  openSUSE 12.1 or later.

OBS-URL: https://build.opensuse.org/request/show/87076
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=343
2011-10-07 15:06:00 +00:00