Commit Graph

136 Commits

Author SHA256 Message Date
Tomáš Chvátal
3e25bad9f4 - Version bumpt o 2.4.12:
*) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
     internationalization.  [William Rowe]
  *) mpm_winnt: Normalize the error and status messages emitted by service.c,
     the service control interface for Windows.  [William Rowe]
  *) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824.
     [ olli hauer <ohauer gmx.de>, Yann Ylavic ]

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=437
2015-02-25 20:00:01 +00:00
Tomáš Chvátal
21519bff71 - Exit cleanly on end of the post and cleanup the update detection
- Remove Apache.xpm as it ain't used

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=436
2015-02-25 18:03:53 +00:00
Tomáš Chvátal
8b05757aa0 - Cleanup init/unit decision making and provide just systemd service
on systemd systems

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=435
2015-02-25 15:59:55 +00:00
Tomáš Chvátal
75383b5f81 - Deprecate realver define as it is equal to version.
- Explicitely state MPM mods to ensure we don't lose some bnc#444878

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=434
2015-02-25 13:54:02 +00:00
Tomáš Chvátal
f121dc4250 - Pass over spec-cleaner, there should be no actual technical
change in this just reduction of lines in the spec

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=433
2015-02-25 13:43:34 +00:00
Cristian Rodríguez
02163d8757 Accepting request 287376 from home:kstreitova:branches:Apache
- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug
  where a maliciously crafted websockets PING after a script calls
  r:wsupgrade() can cause a child process crash
  [CVE-2015-0228], [bnc#918352].

OBS-URL: https://build.opensuse.org/request/show/287376
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=432
2015-02-24 01:47:47 +00:00
1bd179994f Accepting request 281990 from home:elvigia:branches:Apache
- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon 
  with pkg-config, this is the only correct way, in current
  versions sd_notify is in libsystemd and in old products
  in libsystemd-daemon.

OBS-URL: https://build.opensuse.org/request/show/281990
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=431
2015-02-18 10:45:26 +00:00
f4f49e5231 Accepting request 283916 from home:pgajdos
- httpd2.pid in rc.apache2 was wrong [bnc#898193]

OBS-URL: https://build.opensuse.org/request/show/283916
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=430
2015-02-03 16:13:11 +00:00
Cristian Rodríguez
b3413e39e4 Accepting request 281475 from home:elvigia:branches:Apache
- remove obsolete patches 
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch

- Apache 2.4.11 
  *) SECURITY: CVE-2014-3583 (cve.mitre.org)
     mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with 
     response headers' size above 8K.  [Yann Ylavic, Jeff Trawick]
  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
     mod_cache: Avoid a crash when Content-Type has an empty value.
     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]
  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
  *) mod_ssl: New directive SSLSessionTickets (On|Off).
     The directive controls the use of TLS session tickets (RFC 5077),
     default value is "On" (unchanged behavior).
     Session ticket creation uses a random key created during web
     server startup and recreated during restarts. No other key
     recreation mechanism is available currently. Therefore using session
     tickets without restarting the web server with an appropriate frequency

OBS-URL: https://build.opensuse.org/request/show/281475
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429
2015-01-16 15:52:19 +00:00
Roman Drahtmueller
b9fbfaa975 Accepting request 280882 from home:bruno_friedmann:branches:Apache
- Redone lost patch to fix boo#859439 
  + service reload can cause log data to be lost with logrotate
  under some circumstances: remove "-t" from service reload.
  [bnc#859439]

OBS-URL: https://build.opensuse.org/request/show/280882
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=428
2015-01-12 11:47:35 +00:00
Roman Drahtmueller
3cd0bfc911 Accepting request 280312 from home:AndreasSchwab:f
- Fix URL syntax in various files

OBS-URL: https://build.opensuse.org/request/show/280312
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=427
2015-01-08 14:49:10 +00:00
fefabf0a4d Accepting request 266793 from home:pgajdos
- fix IfModule directive around SSLSessionCache [bnc#842377c#11]

OBS-URL: https://build.opensuse.org/request/show/266793
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=426
2014-12-30 13:15:12 +00:00
Tomáš Chvátal
b23df1a23f Accepting request 265897 from home:kstreitova:branches:Apache
- Repair patch names in the changelog in order to be submitted to the
  Factory without error from the check script.

OBS-URL: https://build.opensuse.org/request/show/265897
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=425
2014-12-26 11:13:18 +00:00
Cristian Rodríguez
ba24c8b5d8 Accepting request 265358 from home:kstreitova:branches:Apache
- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_\
  requests.patch to fix flaw in the way mod_headers handled chunked
  requests. Adds "MergeTrailers" directive to restore legacy
  behavior [bnc#871310], [CVE-2013-5704].

- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_\
  Require_line.patch that fixes handling of the Require line when
  a LuaAuthzProvider is  used in multiple Require directives with
  different arguments [bnc#909715], [CVE-2014-8109].

OBS-URL: https://build.opensuse.org/request/show/265358
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=424
2014-12-19 01:04:03 +00:00
Cristian Rodríguez
07869f95a0 Accepting request 264210 from home:pgajdos
- fixed start at boot for ssl and encrypted key [bnc#792309]

OBS-URL: https://build.opensuse.org/request/show/264210
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=423
2014-12-08 05:06:40 +00:00
bb240f4d27 Accepting request 263394 from home:Ledest:bashisms
fix shebang in start_apache2 script that contains bash-specific constructions

OBS-URL: https://build.opensuse.org/request/show/263394
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=422
2014-12-04 09:37:13 +00:00
Roman Drahtmueller
f64d31d835 Accepting request 263227 from home:pgajdos
- small improvement of ssl instructions [bnc#891813]

OBS-URL: https://build.opensuse.org/request/show/263227
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=421
2014-11-27 13:45:11 +00:00
bf5cc252d9 Accepting request 260627 from home:kstreitova:branches:Apache
- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch 
  and updated (fixed bashism).

OBS-URL: https://build.opensuse.org/request/show/260627
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=420
2014-11-11 17:06:29 +00:00
40b2a9f983 Accepting request 260414 from home:Ledest:misc
fix bashisms in post scripts

OBS-URL: https://build.opensuse.org/request/show/260414
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=419
2014-11-10 10:08:27 +00:00
Roman Drahtmueller
951efc68a1 Accepting request 260263 from home:kstreitova:branches:Apache
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
  a crash when Content-Type has an empty value [bnc#899836], 
  CVE-2014-3581

OBS-URL: https://build.opensuse.org/request/show/260263
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
2014-11-07 16:56:25 +00:00
a751749ac2 Accepting request 260088 from home:Ledest:misc
fix bashism in apache2ctl script: replace 'source' with '.'

OBS-URL: https://build.opensuse.org/request/show/260088
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=417
2014-11-07 15:23:57 +00:00
Cristian Rodríguez
5494e05306 Accepting request 259172 from home:elvigia:branches:Apache
- httpd-event-deadlock.patch:  Fix worker-listener 
  deadlock in graceful restart.

OBS-URL: https://build.opensuse.org/request/show/259172
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=416
2014-10-31 17:05:48 +00:00
89a0424a96 Accepting request 256892 from home:pgajdos
- drop (turned off) itk mpm spec file code as mpm-itk is now 
  provided as a separate module, not via patch 
  (see http://mpm-itk.sesse.net/ and [bnc#851229])

OBS-URL: https://build.opensuse.org/request/show/256892
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=413
2014-10-16 13:07:28 +00:00
5700ed3d4b Accepting request 255745 from home:pgajdos
- enable mod_imagemap [bnc#866366]

OBS-URL: https://build.opensuse.org/request/show/255745
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=412
2014-10-13 16:20:07 +00:00
691a4e4389 Accepting request 254957 from home:pgajdos
- fixed link to Apache quickstart [bnc#624681], [bnc#789806]

OBS-URL: https://build.opensuse.org/request/show/254957
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=411
2014-10-10 13:06:23 +00:00
9fe47c8d91 - the following unused patches were removed from the package:
* apache2-mod_ssl_npn.patch
  * httpd-2.0.49-log_server_status.dif

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=410
2014-10-06 12:46:43 +00:00
9c9e69c324 Accepting request 253625 from home:pgajdos
- 700 permissions for /usr/sbin/apache2-systemd-ask-pass and
  /usr/sbin/start_apache2 [bnc#851627]

OBS-URL: https://build.opensuse.org/request/show/253625
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=409
2014-10-06 12:08:39 +00:00
94c97faa9a - allow only TCP ports in Yast2 firewall files
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=408
2014-09-29 08:30:32 +00:00
163b7694ca Accepting request 252743 from home:lnussel:branches:Apache
- move most ssl options to ssl-global.conf. There is usually no need
  for every vhost to re-define the ciphers for example (bnc#865582).
  Drop some commented entries that only lead to confusion.

OBS-URL: https://build.opensuse.org/request/show/252743
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=407
2014-09-29 08:10:08 +00:00
4b31aea044 Accepting request 252506 from home:pgajdos
- more 2.2 -> 2.4 [bnc#862058]

OBS-URL: https://build.opensuse.org/request/show/252506
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=406
2014-09-26 15:16:44 +00:00
e897f2962b Accepting request 252298 from home:pgajdos
- ServerSignature=Off and ServerTokens=Prod by request from 
  security team [bnc#716495]

- fix documentation links 2.2 -> 2.4 [bnc#888163] (internal)

OBS-URL: https://build.opensuse.org/request/show/252298
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=405
2014-09-25 15:29:49 +00:00
Cristian Rodríguez
b0906927d0 Accepting request 241778 from home:elvigia:branches:Apache
- Update package Summary and Description. 
- version 2.4.10
* SECURITY: CVE-2014-0117 (cve.mitre.org)
* SECURITY: CVE-2014-3523 (cve.mitre.org)
* SECURITY: CVE-2014-0226 (cve.mitre.org)
* SECURITY: CVE-2014-0118 (cve.mitre.org)
* SECURITY: CVE-2014-0231 (cve.mitre.org)
* Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua
* mod_proxy_fcgi supports unix sockets.

OBS-URL: https://build.opensuse.org/request/show/241778
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=404
2014-07-23 20:22:18 +00:00
Roman Drahtmueller
d7aec51e00 Accepting request 241685 from home:mcalmer:branches:Apache
- provide httpd.service as alias for apache2.service for
  compatibility reasons (bnc#888093)

OBS-URL: https://build.opensuse.org/request/show/241685
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=403
2014-07-21 10:12:28 +00:00
Cristian Rodríguez
19a944dee7 Accepting request 227796 from home:elvigia:branches:Apache
- version 2.4.9 
* SECURITY: CVE-2014-0098
* SECURITY: CVE-2013-6438
* multiple bugfixes and improvements to mod_ssl, mod_lua,
  mod_session and core, see CHANGES for details.

OBS-URL: https://build.opensuse.org/request/show/227796
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=402
2014-03-27 16:21:35 +00:00
Roman Drahtmueller
c5bb63f9e2 - /etc/sysconfig/apache2: add socache_shmcb to the list of modules
that are enabled.
  /etc/apache2/ssl-global.conf: make SSLSessionCache shmcb...
  conditional on IfModule socache_shmcb.
  The same applies to SSLSessionCache dmb:* via module socache_dbm
  in commented section of same file. [bnc#864185]
- /etc/sysconfig/apache2: remove reference to non-existing script
  /usr/share/doc/packages/apache2/certificate.sh, which was only a
  wrapper to mkcert.sh anyways. [bnc#864185]

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=401
2014-02-17 17:32:05 +00:00
Peter Poeml
c00cf22114 Accepting request 214772 from home:aeneas_jaissle:branches:Apache
Correct apache2.changes, mention the drop of httpd-event-ssl.patch

OBS-URL: https://build.opensuse.org/request/show/214772
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=400
2014-02-11 23:36:16 +00:00
Cristian Rodríguez
74d7ddb780 Accepting request 208347 from home:elvigia:branches:Apache
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
  and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
 (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
*  event MPM: Fix possible crashes
*  mod_deflate: Improve error detection
* core: Add open_htaccess hook  in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
  keys, and unconditionally disable aNULL, eNULL and EXP ciphers
 (not overridable via SSLCipherSuite)
* see CHANGES for more details

OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
2013-11-25 22:26:02 +00:00
Cristian Rodríguez
8ac24cac75 Accepting request 207095 from home:elvigia:branches:Apache
- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes
 mod_ssl-2.4.x-ekh.diff this new patch is the final
  form of the rework, merged for 2.4.7.

OBS-URL: https://build.opensuse.org/request/show/207095
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=398
2013-11-16 01:22:18 +00:00
Tomáš Chvátal
738fecb393 Accepting request 205788 from home:fdekruijf:branches:Apache
Removed obsolete directive DefaultType bnc#848146
Changed access control to use new Require type directives

OBS-URL: https://build.opensuse.org/request/show/205788
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=397
2013-11-11 14:10:25 +00:00
Cristian Rodríguez
4c27b7a385 Accepting request 204767 from home:elvigia:branches:Apache
- reenable mod_ssl-2.4.x-ekh.diff

OBS-URL: https://build.opensuse.org/request/show/204767
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=396
2013-10-25 00:06:51 +00:00
Cristian Rodríguez
028198afb4 Accepting request 204342 from home:elvigia:branches:Apache
- Correct build in old distros. 

- disable (revert) mod_ssl changes in the previous
  commit so it does not end in factory or 13.1 yet.

- make mod_systemd static so scenarios described in 
  [bnc#846897] do not happen again.

OBS-URL: https://build.opensuse.org/request/show/204342
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=395
2013-10-22 15:46:52 +00:00
Cristian Rodríguez
4380c6bdd7 Accepting request 204244 from home:elvigia:branches:Apache
- mod_ssl: improve ephemeral key handling in particular, support DH params
  with more than 1024 bits, and allow custom configuration.
  This patch adjust DH parameters according to the relevant RFC 
  recommendations and permanently disables the usage of "export"
  and "NULL" ciphers no matter what the user configuration is
  (mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)

OBS-URL: https://build.opensuse.org/request/show/204244
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=394
2013-10-21 23:51:12 +00:00
Cristian Rodríguez
a7e48a73f8 Accepting request 204242 from home:elvigia:branches:Apache
- fix [bnc#846897] problems building kiwi images due to 
  systemd not being running in chroot. (submit to 13.1 ASAP)

OBS-URL: https://build.opensuse.org/request/show/204242
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=393
2013-10-21 23:38:35 +00:00
093d4afe6d Accepting request 203323 from home:a_jaeger:FactoryFix
Fix SUSE spelling.

OBS-URL: https://build.opensuse.org/request/show/203323
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=392
2013-10-15 15:43:17 +00:00
Cristian Rodríguez
1d6ce77ab3 Accepting request 197315 from home:elvigia:branches:Apache
- Also fix subtle non-obvious systemd unit confusion
  we really mean -DFOREGROUND not -DNO_DETACH the latter only 
  inhibits the parent from forking, not quite the same as 
  running in well.. the foreground as required.

OBS-URL: https://build.opensuse.org/request/show/197315
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=391
2013-09-03 15:41:55 +00:00
Cristian Rodríguez
888fcaf9d4 Accepting request 197199 from home:elvigia:branches:Apache
- Ensure we only use /run and not /var/run

OBS-URL: https://build.opensuse.org/request/show/197199
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=390
2013-09-03 04:07:30 +00:00
Cristian Rodríguez
4281e40e7d Accepting request 196847 from home:elvigia:branches:Apache
- Really use %requires_ge for libapr1 and libapr-util1 
  mentioned but not implemented in the previous commit.

OBS-URL: https://build.opensuse.org/request/show/196847
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=389
2013-08-30 04:51:32 +00:00
Cristian Rodríguez
5c9e18bb5e Accepting request 196614 from home:elvigia:branches:Apache
- Use %requires_ge for libapr1 and libapr-util1
- apache2-default-server.conf: Need to use IncludeOptional
- apache-20-22-upgrade: also load authz_core
- httpd-visibility.patch: Use compiler symbol visibility.

OBS-URL: https://build.opensuse.org/request/show/196614
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=387
2013-08-28 07:32:31 +00:00
Cristian Rodríguez
efb0f36327 Accepting request 185577 from home:msmeissn:branches:Apache
- Make the default keysize in the sample gensslcerts 2048 bits to match
  government recommendations.

OBS-URL: https://build.opensuse.org/request/show/185577
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=386
2013-08-02 18:44:55 +00:00
Cristian Rodríguez
0652f52358 Accepting request 185347 from home:elvigia:branches:Apache
- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)

OBS-URL: https://build.opensuse.org/request/show/185347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=385
2013-08-01 02:55:58 +00:00