- add patch: httpd-2.4.12-lua-5.2.patch
* lua_dump introduced a new strip option in 5.3, set it to 0
to get the old behavior
* luaL_register was deprecated in 5.2, use luaL_setfuncs and
luaL_newlib instead
* luaL_optint was deprecated in 5.3, use luaL_optinteger instead
* lua_strlen and lua_objlen wad deprecated in 5.2, use lua_rawlen
instead
OBS-URL: https://build.opensuse.org/request/show/317328
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=455
- change Provides: from suse_maintenance_mmn = # to
suse_maintenance_mmn_#
- apache2 Suggests:, not Recommends: apache2-prefork; that means
for example, that `zypper in apache2-worker` will not pull
apache2-prefork also
- installing /usr/sbin/httpd link:
* do not try to install it in '%post <MPM>' when apache2 (which
includes /usr/share/apache2/script-helpers) is not installed
yet (fixes installation on 11sp3)
* install it in '%post' if apache2 is installed after
apache2-<MPM> to be sure it is there
OBS-URL: https://build.opensuse.org/request/show/317068
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=454
- access_compat shared also for 11sp3
- apache2-implicit-pointer-decl.patch renamed to
httpd-implicit-pointer-decl.patch to align with other
patches names
- apachectl is now wrapper to start_apache2; therefore, it honors
HTTPD_INSTANCE variable, see README-instances.txt for details
+ httpd-apachectl.patch
- httpd-2.4.10-apachectl.patch
- a2enmod/a2dismod and a2enflag/a2disflag now respect
HTTPD_INSTANCE=<instance_name> environment variable, which can be
used to specify apache instance name; sysconfig file is expected
at /etc/sysconfig/apache2@<instance_name>
(see README-instances.txt for details)
- provides suse_maintenance_mmn symbol [bnc#915666] (internal)
- credits to Roman Drahtmueller:
* add reference to /etc/permissions.local to output of %post if
setting the permissions of suexec2 fails
* do not enable mod_php5 by default any longer
* httpd-2.0.49-log_server_status.dif obsoleted
* apache2-mod_ssl_npn.patch removed because not used
* include mod_reqtimeout.conf in httpd.conf
* added cgid-timeout.conf, include
it in httpd.conf
- fix default value APACHE_MODULES in sysconfig file
- %service_* macros for apache2@.service
OBS-URL: https://build.opensuse.org/request/show/316550
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=453
- allow to run multiple instances of Apache on one system
[fate#317786] (internal)
* distributed httpd.conf no longer includes sysconfig.d, nor this
directory is shipped. httpd.conf includes loadmodule.conf and
global.conf which are former sysconfig.d/loadmodule.conf and
sysconfig.d/global.conf for default /etc/sysconfig/apache2
global.conf and loadmodule.conf are not included when
sysconfig variables could have been read by start_apache2
startup script (run with systemd services). Therefore, when
starting server via /usr/sbin/httpd, sysconfig variables
are not taken into account.
* some not-maintained scripts are moved from
/usr/share/apache2 to /usr/share/apache2/deprecated-scripts
* all modules comment in sysconfig file is not generated
anymore
* added README-instances.txt
* removed Sources:
load_configuration
find_mpm
get_module_list
get_includes
find_httpd_includes
apache-find-directives
* added Sources:
deprecated-scripts.tar.xz
apache2-README-instances.txt
apache2-loadmodule.conf
apache2-global.conf
apache2-find-directives
apache2@.service
OBS-URL: https://build.opensuse.org/request/show/314699
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=452
*) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
internationalization. [William Rowe]
*) mpm_winnt: Normalize the error and status messages emitted by service.c,
the service control interface for Windows. [William Rowe]
*) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824.
[ olli hauer <ohauer gmx.de>, Yann Ylavic ]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=437
- remove obsolete patches
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch
- Apache 2.4.11
*) SECURITY: CVE-2014-3583 (cve.mitre.org)
mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
response headers' size above 8K. [Yann Ylavic, Jeff Trawick]
*) SECURITY: CVE-2014-3581 (cve.mitre.org)
mod_cache: Avoid a crash when Content-Type has an empty value.
PR 56924. [Mark Montague <mark catseye.org>, Jan Kaluza]
*) SECURITY: CVE-2014-8109 (cve.mitre.org)
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
used in multiple Require directives with different arguments.
PR57204 [Edward Lu <Chaosed0 gmail.com>]
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
*) mod_ssl: New directive SSLSessionTickets (On|Off).
The directive controls the use of TLS session tickets (RFC 5077),
default value is "On" (unchanged behavior).
Session ticket creation uses a random key created during web
server startup and recreated during restarts. No other key
recreation mechanism is available currently. Therefore using session
tickets without restarting the web server with an appropriate frequency
OBS-URL: https://build.opensuse.org/request/show/281475
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429
- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_\
requests.patch to fix flaw in the way mod_headers handled chunked
requests. Adds "MergeTrailers" directive to restore legacy
behavior [bnc#871310], [CVE-2013-5704].
- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_\
Require_line.patch that fixes handling of the Require line when
a LuaAuthzProvider is used in multiple Require directives with
different arguments [bnc#909715], [CVE-2014-8109].
OBS-URL: https://build.opensuse.org/request/show/265358
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=424
