Tomáš Chvátal
3e25bad9f4
- Version bumpt o 2.4.12:
...
*) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
internationalization. [William Rowe]
*) mpm_winnt: Normalize the error and status messages emitted by service.c,
the service control interface for Windows. [William Rowe]
*) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824.
[ olli hauer <ohauer gmx.de>, Yann Ylavic ]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=437
2015-02-25 20:00:01 +00:00
Tomáš Chvátal
21519bff71
- Exit cleanly on end of the post and cleanup the update detection
...
- Remove Apache.xpm as it ain't used
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=436
2015-02-25 18:03:53 +00:00
Tomáš Chvátal
8b05757aa0
- Cleanup init/unit decision making and provide just systemd service
...
on systemd systems
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=435
2015-02-25 15:59:55 +00:00
Tomáš Chvátal
75383b5f81
- Deprecate realver define as it is equal to version.
...
- Explicitely state MPM mods to ensure we don't lose some bnc#444878
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=434
2015-02-25 13:54:02 +00:00
Tomáš Chvátal
f121dc4250
- Pass over spec-cleaner, there should be no actual technical
...
change in this just reduction of lines in the spec
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=433
2015-02-25 13:43:34 +00:00
Cristian Rodríguez
02163d8757
Accepting request 287376 from home:kstreitova:branches:Apache
...
- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug
where a maliciously crafted websockets PING after a script calls
r:wsupgrade() can cause a child process crash
[CVE-2015-0228], [bnc#918352].
OBS-URL: https://build.opensuse.org/request/show/287376
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=432
2015-02-24 01:47:47 +00:00
1bd179994f
Accepting request 281990 from home:elvigia:branches:Apache
...
- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon
with pkg-config, this is the only correct way, in current
versions sd_notify is in libsystemd and in old products
in libsystemd-daemon.
OBS-URL: https://build.opensuse.org/request/show/281990
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=431
2015-02-18 10:45:26 +00:00
f4f49e5231
Accepting request 283916 from home:pgajdos
...
- httpd2.pid in rc.apache2 was wrong [bnc#898193]
OBS-URL: https://build.opensuse.org/request/show/283916
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=430
2015-02-03 16:13:11 +00:00
Cristian Rodríguez
b3413e39e4
Accepting request 281475 from home:elvigia:branches:Apache
...
- remove obsolete patches
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
- Apache 2.4.11
*) SECURITY: CVE-2014-3583 (cve.mitre.org)
mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
response headers' size above 8K. [Yann Ylavic, Jeff Trawick]
*) SECURITY: CVE-2014-3581 (cve.mitre.org)
mod_cache: Avoid a crash when Content-Type has an empty value.
PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
used in multiple Require directives with different arguments.
PR57204 [Edward Lu <Chaosed0 gmail.com>]
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) mod_ssl: New directive SSLSessionTickets (On|Off).
The directive controls the use of TLS session tickets (RFC 5077),
default value is "On" (unchanged behavior).
Session ticket creation uses a random key created during web
server startup and recreated during restarts. No other key
recreation mechanism is available currently. Therefore using session
tickets without restarting the web server with an appropriate frequency
OBS-URL: https://build.opensuse.org/request/show/281475
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429
2015-01-16 15:52:19 +00:00
Roman Drahtmueller
b9fbfaa975
Accepting request 280882 from home:bruno_friedmann:branches:Apache
...
- Redone lost patch to fix boo#859439
+ service reload can cause log data to be lost with logrotate
under some circumstances: remove "-t" from service reload.
[bnc#859439]
OBS-URL: https://build.opensuse.org/request/show/280882
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=428
2015-01-12 11:47:35 +00:00
Roman Drahtmueller
3cd0bfc911
Accepting request 280312 from home:AndreasSchwab:f
...
- Fix URL syntax in various files
OBS-URL: https://build.opensuse.org/request/show/280312
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=427
2015-01-08 14:49:10 +00:00
fefabf0a4d
Accepting request 266793 from home:pgajdos
...
- fix IfModule directive around SSLSessionCache [bnc#842377c#11]
OBS-URL: https://build.opensuse.org/request/show/266793
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=426
2014-12-30 13:15:12 +00:00
Tomáš Chvátal
b23df1a23f
Accepting request 265897 from home:kstreitova:branches:Apache
...
- Repair patch names in the changelog in order to be submitted to the
Factory without error from the check script.
OBS-URL: https://build.opensuse.org/request/show/265897
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=425
2014-12-26 11:13:18 +00:00
Cristian Rodríguez
ba24c8b5d8
Accepting request 265358 from home:kstreitova:branches:Apache
...
- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_\
requests.patch to fix flaw in the way mod_headers handled chunked
requests. Adds "MergeTrailers" directive to restore legacy
behavior [bnc#871310], [CVE-2013-5704].
- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_\
Require_line.patch that fixes handling of the Require line when
a LuaAuthzProvider is used in multiple Require directives with
different arguments [bnc#909715], [CVE-2014-8109].
OBS-URL: https://build.opensuse.org/request/show/265358
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=424
2014-12-19 01:04:03 +00:00
Cristian Rodríguez
07869f95a0
Accepting request 264210 from home:pgajdos
...
- fixed start at boot for ssl and encrypted key [bnc#792309]
OBS-URL: https://build.opensuse.org/request/show/264210
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=423
2014-12-08 05:06:40 +00:00
bb240f4d27
Accepting request 263394 from home:Ledest:bashisms
...
fix shebang in start_apache2 script that contains bash-specific constructions
OBS-URL: https://build.opensuse.org/request/show/263394
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=422
2014-12-04 09:37:13 +00:00
Roman Drahtmueller
f64d31d835
Accepting request 263227 from home:pgajdos
...
- small improvement of ssl instructions [bnc#891813]
OBS-URL: https://build.opensuse.org/request/show/263227
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=421
2014-11-27 13:45:11 +00:00
bf5cc252d9
Accepting request 260627 from home:kstreitova:branches:Apache
...
- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch
and updated (fixed bashism).
OBS-URL: https://build.opensuse.org/request/show/260627
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=420
2014-11-11 17:06:29 +00:00
40b2a9f983
Accepting request 260414 from home:Ledest:misc
...
fix bashisms in post scripts
OBS-URL: https://build.opensuse.org/request/show/260414
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=419
2014-11-10 10:08:27 +00:00
Roman Drahtmueller
951efc68a1
Accepting request 260263 from home:kstreitova:branches:Apache
...
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
a crash when Content-Type has an empty value [bnc#899836],
CVE-2014-3581
OBS-URL: https://build.opensuse.org/request/show/260263
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
2014-11-07 16:56:25 +00:00
a751749ac2
Accepting request 260088 from home:Ledest:misc
...
fix bashism in apache2ctl script: replace 'source' with '.'
OBS-URL: https://build.opensuse.org/request/show/260088
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=417
2014-11-07 15:23:57 +00:00
Cristian Rodríguez
5494e05306
Accepting request 259172 from home:elvigia:branches:Apache
...
- httpd-event-deadlock.patch: Fix worker-listener
deadlock in graceful restart.
OBS-URL: https://build.opensuse.org/request/show/259172
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=416
2014-10-31 17:05:48 +00:00
89a0424a96
Accepting request 256892 from home:pgajdos
...
- drop (turned off) itk mpm spec file code as mpm-itk is now
provided as a separate module, not via patch
(see http://mpm-itk.sesse.net/ and [bnc#851229])
OBS-URL: https://build.opensuse.org/request/show/256892
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=413
2014-10-16 13:07:28 +00:00
5700ed3d4b
Accepting request 255745 from home:pgajdos
...
- enable mod_imagemap [bnc#866366]
OBS-URL: https://build.opensuse.org/request/show/255745
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=412
2014-10-13 16:20:07 +00:00
691a4e4389
Accepting request 254957 from home:pgajdos
...
- fixed link to Apache quickstart [bnc#624681], [bnc#789806]
OBS-URL: https://build.opensuse.org/request/show/254957
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=411
2014-10-10 13:06:23 +00:00
9fe47c8d91
- the following unused patches were removed from the package:
...
* apache2-mod_ssl_npn.patch
* httpd-2.0.49-log_server_status.dif
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=410
2014-10-06 12:46:43 +00:00
9c9e69c324
Accepting request 253625 from home:pgajdos
...
- 700 permissions for /usr/sbin/apache2-systemd-ask-pass and
/usr/sbin/start_apache2 [bnc#851627]
OBS-URL: https://build.opensuse.org/request/show/253625
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=409
2014-10-06 12:08:39 +00:00
94c97faa9a
- allow only TCP ports in Yast2 firewall files
...
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=408
2014-09-29 08:30:32 +00:00
163b7694ca
Accepting request 252743 from home:lnussel:branches:Apache
...
- move most ssl options to ssl-global.conf. There is usually no need
for every vhost to re-define the ciphers for example (bnc#865582).
Drop some commented entries that only lead to confusion.
OBS-URL: https://build.opensuse.org/request/show/252743
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=407
2014-09-29 08:10:08 +00:00
4b31aea044
Accepting request 252506 from home:pgajdos
...
- more 2.2 -> 2.4 [bnc#862058]
OBS-URL: https://build.opensuse.org/request/show/252506
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=406
2014-09-26 15:16:44 +00:00
e897f2962b
Accepting request 252298 from home:pgajdos
...
- ServerSignature=Off and ServerTokens=Prod by request from
security team [bnc#716495]
- fix documentation links 2.2 -> 2.4 [bnc#888163] (internal)
OBS-URL: https://build.opensuse.org/request/show/252298
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=405
2014-09-25 15:29:49 +00:00
Cristian Rodríguez
b0906927d0
Accepting request 241778 from home:elvigia:branches:Apache
...
- Update package Summary and Description.
- version 2.4.10
* SECURITY: CVE-2014-0117 (cve.mitre.org)
* SECURITY: CVE-2014-3523 (cve.mitre.org)
* SECURITY: CVE-2014-0226 (cve.mitre.org)
* SECURITY: CVE-2014-0118 (cve.mitre.org)
* SECURITY: CVE-2014-0231 (cve.mitre.org)
* Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua
* mod_proxy_fcgi supports unix sockets.
OBS-URL: https://build.opensuse.org/request/show/241778
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=404
2014-07-23 20:22:18 +00:00
Roman Drahtmueller
d7aec51e00
Accepting request 241685 from home:mcalmer:branches:Apache
...
- provide httpd.service as alias for apache2.service for
compatibility reasons (bnc#888093)
OBS-URL: https://build.opensuse.org/request/show/241685
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=403
2014-07-21 10:12:28 +00:00
Cristian Rodríguez
19a944dee7
Accepting request 227796 from home:elvigia:branches:Apache
...
- version 2.4.9
* SECURITY: CVE-2014-0098
* SECURITY: CVE-2013-6438
* multiple bugfixes and improvements to mod_ssl, mod_lua,
mod_session and core, see CHANGES for details.
OBS-URL: https://build.opensuse.org/request/show/227796
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=402
2014-03-27 16:21:35 +00:00
Roman Drahtmueller
c5bb63f9e2
- /etc/sysconfig/apache2: add socache_shmcb to the list of modules
...
that are enabled.
/etc/apache2/ssl-global.conf: make SSLSessionCache shmcb...
conditional on IfModule socache_shmcb.
The same applies to SSLSessionCache dmb:* via module socache_dbm
in commented section of same file. [bnc#864185]
- /etc/sysconfig/apache2: remove reference to non-existing script
/usr/share/doc/packages/apache2/certificate.sh, which was only a
wrapper to mkcert.sh anyways. [bnc#864185]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=401
2014-02-17 17:32:05 +00:00
Peter Poeml
c00cf22114
Accepting request 214772 from home:aeneas_jaissle:branches:Apache
...
Correct apache2.changes, mention the drop of httpd-event-ssl.patch
OBS-URL: https://build.opensuse.org/request/show/214772
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=400
2014-02-11 23:36:16 +00:00
Cristian Rodríguez
74d7ddb780
Accepting request 208347 from home:elvigia:branches:Apache
...
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
(obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
* event MPM: Fix possible crashes
* mod_deflate: Improve error detection
* core: Add open_htaccess hook in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite)
* see CHANGES for more details
OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
2013-11-25 22:26:02 +00:00
Cristian Rodríguez
8ac24cac75
Accepting request 207095 from home:elvigia:branches:Apache
...
- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes
mod_ssl-2.4.x-ekh.diff this new patch is the final
form of the rework, merged for 2.4.7.
OBS-URL: https://build.opensuse.org/request/show/207095
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=398
2013-11-16 01:22:18 +00:00
Tomáš Chvátal
738fecb393
Accepting request 205788 from home:fdekruijf:branches:Apache
...
Removed obsolete directive DefaultType bnc#848146
Changed access control to use new Require type directives
OBS-URL: https://build.opensuse.org/request/show/205788
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=397
2013-11-11 14:10:25 +00:00
Cristian Rodríguez
4c27b7a385
Accepting request 204767 from home:elvigia:branches:Apache
...
- reenable mod_ssl-2.4.x-ekh.diff
OBS-URL: https://build.opensuse.org/request/show/204767
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=396
2013-10-25 00:06:51 +00:00
Cristian Rodríguez
028198afb4
Accepting request 204342 from home:elvigia:branches:Apache
...
- Correct build in old distros.
- disable (revert) mod_ssl changes in the previous
commit so it does not end in factory or 13.1 yet.
- make mod_systemd static so scenarios described in
[bnc#846897] do not happen again.
OBS-URL: https://build.opensuse.org/request/show/204342
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=395
2013-10-22 15:46:52 +00:00
Cristian Rodríguez
4380c6bdd7
Accepting request 204244 from home:elvigia:branches:Apache
...
- mod_ssl: improve ephemeral key handling in particular, support DH params
with more than 1024 bits, and allow custom configuration.
This patch adjust DH parameters according to the relevant RFC
recommendations and permanently disables the usage of "export"
and "NULL" ciphers no matter what the user configuration is
(mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)
OBS-URL: https://build.opensuse.org/request/show/204244
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=394
2013-10-21 23:51:12 +00:00
Cristian Rodríguez
a7e48a73f8
Accepting request 204242 from home:elvigia:branches:Apache
...
- fix [bnc#846897] problems building kiwi images due to
systemd not being running in chroot. (submit to 13.1 ASAP)
OBS-URL: https://build.opensuse.org/request/show/204242
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=393
2013-10-21 23:38:35 +00:00
093d4afe6d
Accepting request 203323 from home:a_jaeger:FactoryFix
...
Fix SUSE spelling.
OBS-URL: https://build.opensuse.org/request/show/203323
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=392
2013-10-15 15:43:17 +00:00
Cristian Rodríguez
1d6ce77ab3
Accepting request 197315 from home:elvigia:branches:Apache
...
- Also fix subtle non-obvious systemd unit confusion
we really mean -DFOREGROUND not -DNO_DETACH the latter only
inhibits the parent from forking, not quite the same as
running in well.. the foreground as required.
OBS-URL: https://build.opensuse.org/request/show/197315
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=391
2013-09-03 15:41:55 +00:00
Cristian Rodríguez
888fcaf9d4
Accepting request 197199 from home:elvigia:branches:Apache
...
- Ensure we only use /run and not /var/run
OBS-URL: https://build.opensuse.org/request/show/197199
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=390
2013-09-03 04:07:30 +00:00
Cristian Rodríguez
4281e40e7d
Accepting request 196847 from home:elvigia:branches:Apache
...
- Really use %requires_ge for libapr1 and libapr-util1
mentioned but not implemented in the previous commit.
OBS-URL: https://build.opensuse.org/request/show/196847
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=389
2013-08-30 04:51:32 +00:00
Cristian Rodríguez
5c9e18bb5e
Accepting request 196614 from home:elvigia:branches:Apache
...
- Use %requires_ge for libapr1 and libapr-util1
- apache2-default-server.conf: Need to use IncludeOptional
- apache-20-22-upgrade: also load authz_core
- httpd-visibility.patch: Use compiler symbol visibility.
OBS-URL: https://build.opensuse.org/request/show/196614
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=387
2013-08-28 07:32:31 +00:00
Cristian Rodríguez
efb0f36327
Accepting request 185577 from home:msmeissn:branches:Apache
...
- Make the default keysize in the sample gensslcerts 2048 bits to match
government recommendations.
OBS-URL: https://build.opensuse.org/request/show/185577
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=386
2013-08-02 18:44:55 +00:00
Cristian Rodríguez
0652f52358
Accepting request 185347 from home:elvigia:branches:Apache
...
- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)
OBS-URL: https://build.opensuse.org/request/show/185347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=385
2013-08-01 02:55:58 +00:00