Commit Graph

116 Commits

Author SHA256 Message Date
Tomáš Chvátal
f121dc4250 - Pass over spec-cleaner, there should be no actual technical
change in this just reduction of lines in the spec

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=433
2015-02-25 13:43:34 +00:00
Cristian Rodríguez
02163d8757 Accepting request 287376 from home:kstreitova:branches:Apache
- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug
  where a maliciously crafted websockets PING after a script calls
  r:wsupgrade() can cause a child process crash
  [CVE-2015-0228], [bnc#918352].

OBS-URL: https://build.opensuse.org/request/show/287376
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=432
2015-02-24 01:47:47 +00:00
1bd179994f Accepting request 281990 from home:elvigia:branches:Apache
- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon 
  with pkg-config, this is the only correct way, in current
  versions sd_notify is in libsystemd and in old products
  in libsystemd-daemon.

OBS-URL: https://build.opensuse.org/request/show/281990
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=431
2015-02-18 10:45:26 +00:00
Cristian Rodríguez
b3413e39e4 Accepting request 281475 from home:elvigia:branches:Apache
- remove obsolete patches 
* httpd-2.4.10-check_null_pointer_dereference.patch
* httpd-event-deadlock.patch
* httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch
* httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch

- Apache 2.4.11 
  *) SECURITY: CVE-2014-3583 (cve.mitre.org)
     mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with 
     response headers' size above 8K.  [Yann Ylavic, Jeff Trawick]
  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
     mod_cache: Avoid a crash when Content-Type has an empty value.
     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]
  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]
  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
  *) mod_ssl: New directive SSLSessionTickets (On|Off).
     The directive controls the use of TLS session tickets (RFC 5077),
     default value is "On" (unchanged behavior).
     Session ticket creation uses a random key created during web
     server startup and recreated during restarts. No other key
     recreation mechanism is available currently. Therefore using session
     tickets without restarting the web server with an appropriate frequency

OBS-URL: https://build.opensuse.org/request/show/281475
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=429
2015-01-16 15:52:19 +00:00
Cristian Rodríguez
ba24c8b5d8 Accepting request 265358 from home:kstreitova:branches:Apache
- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_\
  requests.patch to fix flaw in the way mod_headers handled chunked
  requests. Adds "MergeTrailers" directive to restore legacy
  behavior [bnc#871310], [CVE-2013-5704].

- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_\
  Require_line.patch that fixes handling of the Require line when
  a LuaAuthzProvider is  used in multiple Require directives with
  different arguments [bnc#909715], [CVE-2014-8109].

OBS-URL: https://build.opensuse.org/request/show/265358
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=424
2014-12-19 01:04:03 +00:00
40b2a9f983 Accepting request 260414 from home:Ledest:misc
fix bashisms in post scripts

OBS-URL: https://build.opensuse.org/request/show/260414
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=419
2014-11-10 10:08:27 +00:00
Roman Drahtmueller
951efc68a1 Accepting request 260263 from home:kstreitova:branches:Apache
- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid
  a crash when Content-Type has an empty value [bnc#899836], 
  CVE-2014-3581

OBS-URL: https://build.opensuse.org/request/show/260263
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=418
2014-11-07 16:56:25 +00:00
a751749ac2 Accepting request 260088 from home:Ledest:misc
fix bashism in apache2ctl script: replace 'source' with '.'

OBS-URL: https://build.opensuse.org/request/show/260088
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=417
2014-11-07 15:23:57 +00:00
Cristian Rodríguez
5494e05306 Accepting request 259172 from home:elvigia:branches:Apache
- httpd-event-deadlock.patch:  Fix worker-listener 
  deadlock in graceful restart.

OBS-URL: https://build.opensuse.org/request/show/259172
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=416
2014-10-31 17:05:48 +00:00
Tomáš Chvátal
9c7ab77596 Accepting request 259117 from home:pgajdos:apache2
OBS-URL: https://build.opensuse.org/request/show/259117
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=415
2014-10-31 09:50:04 +00:00
Tomáš Chvátal
e906ab12cb Accepting request 258991 from home:pgajdos:apache2
OBS-URL: https://build.opensuse.org/request/show/258991
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=414
2014-10-30 14:33:56 +00:00
89a0424a96 Accepting request 256892 from home:pgajdos
- drop (turned off) itk mpm spec file code as mpm-itk is now 
  provided as a separate module, not via patch 
  (see http://mpm-itk.sesse.net/ and [bnc#851229])

OBS-URL: https://build.opensuse.org/request/show/256892
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=413
2014-10-16 13:07:28 +00:00
5700ed3d4b Accepting request 255745 from home:pgajdos
- enable mod_imagemap [bnc#866366]

OBS-URL: https://build.opensuse.org/request/show/255745
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=412
2014-10-13 16:20:07 +00:00
9c9e69c324 Accepting request 253625 from home:pgajdos
- 700 permissions for /usr/sbin/apache2-systemd-ask-pass and
  /usr/sbin/start_apache2 [bnc#851627]

OBS-URL: https://build.opensuse.org/request/show/253625
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=409
2014-10-06 12:08:39 +00:00
94c97faa9a - allow only TCP ports in Yast2 firewall files
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=408
2014-09-29 08:30:32 +00:00
4b31aea044 Accepting request 252506 from home:pgajdos
- more 2.2 -> 2.4 [bnc#862058]

OBS-URL: https://build.opensuse.org/request/show/252506
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=406
2014-09-26 15:16:44 +00:00
Cristian Rodríguez
b0906927d0 Accepting request 241778 from home:elvigia:branches:Apache
- Update package Summary and Description. 
- version 2.4.10
* SECURITY: CVE-2014-0117 (cve.mitre.org)
* SECURITY: CVE-2014-3523 (cve.mitre.org)
* SECURITY: CVE-2014-0226 (cve.mitre.org)
* SECURITY: CVE-2014-0118 (cve.mitre.org)
* SECURITY: CVE-2014-0231 (cve.mitre.org)
* Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua
* mod_proxy_fcgi supports unix sockets.

OBS-URL: https://build.opensuse.org/request/show/241778
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=404
2014-07-23 20:22:18 +00:00
Cristian Rodríguez
19a944dee7 Accepting request 227796 from home:elvigia:branches:Apache
- version 2.4.9 
* SECURITY: CVE-2014-0098
* SECURITY: CVE-2013-6438
* multiple bugfixes and improvements to mod_ssl, mod_lua,
  mod_session and core, see CHANGES for details.

OBS-URL: https://build.opensuse.org/request/show/227796
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=402
2014-03-27 16:21:35 +00:00
Cristian Rodríguez
74d7ddb780 Accepting request 208347 from home:elvigia:branches:Apache
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
  and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
 (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
*  event MPM: Fix possible crashes
*  mod_deflate: Improve error detection
* core: Add open_htaccess hook  in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
  keys, and unconditionally disable aNULL, eNULL and EXP ciphers
 (not overridable via SSLCipherSuite)
* see CHANGES for more details

OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
2013-11-25 22:26:02 +00:00
Cristian Rodríguez
8ac24cac75 Accepting request 207095 from home:elvigia:branches:Apache
- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes
 mod_ssl-2.4.x-ekh.diff this new patch is the final
  form of the rework, merged for 2.4.7.

OBS-URL: https://build.opensuse.org/request/show/207095
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=398
2013-11-16 01:22:18 +00:00
Cristian Rodríguez
4c27b7a385 Accepting request 204767 from home:elvigia:branches:Apache
- reenable mod_ssl-2.4.x-ekh.diff

OBS-URL: https://build.opensuse.org/request/show/204767
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=396
2013-10-25 00:06:51 +00:00
Cristian Rodríguez
028198afb4 Accepting request 204342 from home:elvigia:branches:Apache
- Correct build in old distros. 

- disable (revert) mod_ssl changes in the previous
  commit so it does not end in factory or 13.1 yet.

- make mod_systemd static so scenarios described in 
  [bnc#846897] do not happen again.

OBS-URL: https://build.opensuse.org/request/show/204342
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=395
2013-10-22 15:46:52 +00:00
Cristian Rodríguez
4380c6bdd7 Accepting request 204244 from home:elvigia:branches:Apache
- mod_ssl: improve ephemeral key handling in particular, support DH params
  with more than 1024 bits, and allow custom configuration.
  This patch adjust DH parameters according to the relevant RFC 
  recommendations and permanently disables the usage of "export"
  and "NULL" ciphers no matter what the user configuration is
  (mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)

OBS-URL: https://build.opensuse.org/request/show/204244
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=394
2013-10-21 23:51:12 +00:00
Cristian Rodríguez
888fcaf9d4 Accepting request 197199 from home:elvigia:branches:Apache
- Ensure we only use /run and not /var/run

OBS-URL: https://build.opensuse.org/request/show/197199
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=390
2013-09-03 04:07:30 +00:00
Cristian Rodríguez
4281e40e7d Accepting request 196847 from home:elvigia:branches:Apache
- Really use %requires_ge for libapr1 and libapr-util1 
  mentioned but not implemented in the previous commit.

OBS-URL: https://build.opensuse.org/request/show/196847
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=389
2013-08-30 04:51:32 +00:00
Cristian Rodríguez
817593e1a4 Accepting request 196621 from home:elvigia:branches:Apache
OBS-URL: https://build.opensuse.org/request/show/196621
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=388
2013-08-28 08:08:21 +00:00
Cristian Rodríguez
5c9e18bb5e Accepting request 196614 from home:elvigia:branches:Apache
- Use %requires_ge for libapr1 and libapr-util1
- apache2-default-server.conf: Need to use IncludeOptional
- apache-20-22-upgrade: also load authz_core
- httpd-visibility.patch: Use compiler symbol visibility.

OBS-URL: https://build.opensuse.org/request/show/196614
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=387
2013-08-28 07:32:31 +00:00
Cristian Rodríguez
0652f52358 Accepting request 185347 from home:elvigia:branches:Apache
- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)

OBS-URL: https://build.opensuse.org/request/show/185347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=385
2013-08-01 02:55:58 +00:00
Cristian Rodríguez
148df8527a Accepting request 184902 from home:elvigia:branches:Apache
- provide and obsolete mod_macro 
- upgrade: some people complain that log_config module 
 is not enabled by default sometimes, fix that.
- upgrade : "SSLMutex" no longer exists.
- Toogle EnableSendfile on because now apache defaults to off
  due to kernel bugs. that's a silly thing to do here 
  as kernel bugs have to be fixed at their source, not worked around
  in applications.

OBS-URL: https://build.opensuse.org/request/show/184902
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=384
2013-07-29 23:51:31 +00:00
Cristian Rodríguez
47f165c1bd Accepting request 184028 from home:elvigia:branches:Apache
- httpd-event-ssl.patch: from upstream 
  Lift the restriction that prevents mod_ssl taking
  full advantage of the event MPM.

OBS-URL: https://build.opensuse.org/request/show/184028
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=383
2013-07-22 22:00:14 +00:00
Cristian Rodríguez
647cfe7aba Accepting request 184014 from home:elvigia:branches:Apache
- Update to version 2.4.6
*  SECURITY: CVE-2013-1896 (cve.mitre.org)
*  SECURITY: CVE-2013-2249 (cve.mitre.org)
*  Major updates to mod_lua
*  Support for proxying websocket requests
*  Higher performant shm-based cache implementation
*  Addition of mod_macro for easier configuration management
*  As well as several exciting fixes, especially those related to RFC edge
 cases in mod_cache and mod_proxy.
- IMPORTANT : With the current packaging scheme, we can no longer
Include the ITK MPM, therefore it has been disabled. This is because
this MPM can now only be provided as a loadable module but we do
not currently build MPMs as shared modules but as independant
binaries and all helpers/startup scripts depend on that behaviour.
It will be fixed in the upcoming weeks/months.

OBS-URL: https://build.opensuse.org/request/show/184014
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=382
2013-07-22 17:04:27 +00:00
Cristian Rodríguez
6c94b60b21 Accepting request 179377 from home:elvigia:branches:Apache
- fix apache_mmn spec macro, otherwise all modules down 
  the chain will have broken dependencies

OBS-URL: https://build.opensuse.org/request/show/179377
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=380
2013-06-18 06:46:24 +00:00
Cristian Rodríguez
c386f992ca Accepting request 179374 from home:elvigia:branches:Apache
- remove After=mysql.service php-fpm.service postgresql.service 
  which were added in the previous change, those must be added
  as Before=apache2.service in the respective services.

- Include mod_systemd for more complete integration with 
  systemd, turn the service to Typé=notify as required
- Disable SSL NPN patch for now, it is required for mod_spdy
  but mod_spdy does not support apache 2.4

- apache 2.4.4 
* fix for CVE-2012-3499
* fix for the CRIME attack (disable ssl compression by default)
* many other bugfies
* build access_compat amd unixd as static modules and solve
 some other upgrade quirks (bnc#813705)

OBS-URL: https://build.opensuse.org/request/show/179374
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=379
2013-06-18 05:57:29 +00:00
Cristian Rodríguez
86ea9c10f2 Accepting request 156289 from home:mlin7442:branches:Apache
Install apache2.service accordingly (/usr/lib/systemd for 12.3 and up or /lib/systemd for older versions)

OBS-URL: https://build.opensuse.org/request/show/156289
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=378
2013-02-25 18:49:36 +00:00
Cristian Rodríguez
01f74d8ce8 Accepting request 149979 from home:elvigia:branches:Apache
-  Apache 2.4.3 
* SECURITY: CVE-2012-3502
* SECURITY: CVE-2012-2687
* mod_cache: Set content type in case we return stale content.
* lots of bugfixes see http://www.apache.org/dist/httpd/CHANGES_2.4.3

- Improve systemd unit file (tested for months)

OBS-URL: https://build.opensuse.org/request/show/149979
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=376
2013-01-28 03:33:43 +00:00
e22b74353a Accepting request 148936 from home:-miska-:branches:Apache
- - use %set_permissions instead %run_permissions (bnc#764097)

OBS-URL: https://build.opensuse.org/request/show/148936
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=375
2013-01-18 17:45:43 +00:00
Cristian Rodríguez
55a6bc22c8 Accepting request 129514 from home:elvigia:branches:Apache
- Fix factory-auto (aka r2dbag) complains about URL.
- Provide a symlink for apxs2 new location otherwise 
  all buggy spec files of external modules will break.

OBS-URL: https://build.opensuse.org/request/show/129514
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=372
2012-08-01 04:13:58 +00:00
Cristian Rodríguez
435dd9044b Accepting request 129511 from home:elvigia:branches:Apache
- BuildRequire xz explicitly, fix build in !Factory 
- Drop more old, unused patches

OBS-URL: https://build.opensuse.org/request/show/129511
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=371
2012-08-01 02:26:59 +00:00
Roman Drahtmueller
e249e1729b Accepting request 129508 from home:elvigia:branches:Apache
- Upgrade to apache 2.4.2
** ATTENTION, before installing this update YOU MUST
READ http://httpd.apache.org/docs/2.4/upgrading.html
CAREFULLY otherwise your server will most likely
fail to start due to backward incompatible changes.
* You can read the huge complete list of changes
  at http://httpd.apache.org/docs/2.4/new_features_2_4.html

OBS-URL: https://build.opensuse.org/request/show/129508
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=370
2012-08-01 01:54:19 +00:00
Factory Maintainer
a0c3c6411d Accepting request 114975 from home:dimstar
Add patch to enable npn for mod_spdy... specially advertise this capability...

OBS-URL: https://build.opensuse.org/request/show/114975
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=363
2012-05-29 09:03:52 +00:00
Roman Drahtmueller
c3a81454c7 Accepting request 110180 from home:adrianSuSE:branches:Apache
patch seems to be lost, we require it on our OBS installations

OBS-URL: https://build.opensuse.org/request/show/110180
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=361
2012-03-20 18:13:21 +00:00
Peter Poeml
8877af9243 - fix installation of (moved) man pages
- adjusted SSL template/default config for upstream changes, and added
  MaxRanges example to apache2-server-tuning.conf

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=359
2012-02-18 21:19:08 +00:00
Peter Poeml
61c26886ee update to 2.2.22
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=358
2012-02-18 16:52:29 +00:00
Factory Maintainer
120b388e44 Accepting request 103789 from home:coolo:branches:openSUSE:Factory
- compile with pcre 8.30 - patch taken from apache bugzilla

OBS-URL: https://build.opensuse.org/request/show/103789
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=356
2012-02-13 12:49:59 +00:00
Factory Maintainer
dc9fbb8810 Accepting request 102748 from home:computersalat:devel:apache
add default vhost configs

OBS-URL: https://build.opensuse.org/request/show/102748
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=355
2012-02-11 08:39:57 +00:00
Roman Drahtmueller
58cce20330 - enable mod_reqtimeout by default via APACHE_MODULES in
/etc/sysconfig/apache2, configuration 
  /etc/apache2/mod_reqtimeout.conf .
  Of course, the existing configuration remains unchanged.

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=354
2012-01-21 12:57:30 +00:00
Roman Drahtmueller
3fdc7560a6 Accepting request 96234 from home:msmeissn:branches:Apache
does not need openldap2 package, just openldap2-devel and libldap...

OBS-URL: https://build.opensuse.org/request/show/96234
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=352
2011-12-12 11:06:24 +00:00
Stephan Kulow
df135f4b2d Accepting request 94928 from home:coolo:removeautomake
add automake to buildrequires

OBS-URL: https://build.opensuse.org/request/show/94928
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=351
2011-12-02 16:41:12 +00:00
Roman Drahtmueller
8015fbf1a2 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=347 2011-10-25 11:52:32 +00:00
Roman Drahtmueller
7f6a31d85c OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=346 2011-10-25 11:49:34 +00:00