2354 lines
104 KiB
Plaintext
2354 lines
104 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Apr 18 14:17:31 CEST 2008 - poeml@suse.de
|
|
|
|
- sync up with changes from Build Service:
|
|
- new implementation of sysconf_addword, using sed instead of ed.
|
|
Moving it from the -utils subpackage into the parent package,
|
|
where it's actually needed. If sysconf_addword is already present
|
|
in the system, it is preferred (by PATH). That's because the tool
|
|
has been integrated into aaa_base.rpm with openSUSE 11.0.
|
|
Removing the requires on the ed package. [bnc#377131]
|
|
- better documentation how to enable SSL in /etc/sysconfig/apache2
|
|
- quickstart readme: the link to the openSUSE wiki is about to move
|
|
- add "127.0.0.1" to the local access list in mod_status.conf,
|
|
because on some systems "localhost" seems to resolve only to IPv6
|
|
localhost
|
|
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
|
|
- fix graceful-restart. Wait until the pidfile is gone, but don't
|
|
wait for the parent to disappear. It stays there, after closing
|
|
the listen ports.
|
|
- don't configure in maintainer-mode. It not only enables compile
|
|
time warnings, but also adds AP_DEBUG into the mix which causes
|
|
enablement of debug code which is not wanted in production
|
|
builds.
|
|
- drop obsolete patches mod_dbd.c-issue18989-autoconnect.dif and
|
|
mod_dbd.c-r571441, as the 2.2.8 mod_dbd is just fine.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 1 16:05:07 CEST 2008 - mkoenig@suse.de
|
|
|
|
- remove dir /usr/share/omc/svcinfo.d as it is provided now
|
|
by filesystem
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 14 15:28:13 CET 2008 - skh@suse.de
|
|
|
|
- update to upstream 2.2.8 --> see CHANGES in package for details
|
|
- removed obsolete patches:
|
|
- apache2-mod_cache-CVE-2007-1863.patch
|
|
- apache2-mod_status-CVE-2006-5752.patch
|
|
- httpd-2.2.4-mod_autoindex-charset-r570962.patch
|
|
- httpd-2.2.x.doublefree.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 13 16:58:03 CET 2007 - ro@suse.de
|
|
|
|
- remove sysconf_addword, now in aaa_base (#328599)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 22 17:38:19 CEST 2007 - sbrabec@suse.cz
|
|
|
|
- Use correct SuSEfirewall2 rule directory.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 3 13:43:22 CEST 2007 - skh@suse.de
|
|
|
|
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de
|
|
|
|
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
|
|
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
|
|
(backport from 2.2.6)
|
|
* Merge r570532, r570535, r570558 from trunk:
|
|
IndexOptions ContentType=text/html Charset=UTF-8 magic.
|
|
http://svn.apache.org/viewvc?rev=570962&view=rev
|
|
http://issues.apache.org/bugzilla/show_bug.cgi?id=42105
|
|
This means that the AddDirectoryIndexCharset is no longer
|
|
available. Instead, IndexOptions Charset=xyz can be used.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 31 11:42:58 CEST 2007 - poeml@suse.de
|
|
|
|
- remove libexpat-devel in the build service version of the package
|
|
- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the
|
|
buildservice package
|
|
- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it
|
|
patches only modules/database/mod_dbd.c which is replaced with
|
|
trunk version anyway
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 23 11:27:19 CEST 2007 - mskibbe@suse.de
|
|
|
|
- Bug 289996 - VUL-0: mod_status XSS in public server status page
|
|
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 18 16:04:05 CEST 2007 - skh@suse.de
|
|
|
|
- split off apache2-utils subpackage, containing all helper tools that
|
|
are useful for system administrators in general (b.n.c. #272292 and
|
|
FATE #302059)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 29 19:14:16 CEST 2007 - dmueller@suse.de
|
|
|
|
- add zlib-devel to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 23 08:55:47 CET 2007 - poeml@suse.de
|
|
|
|
- add mod_dbd.c from trunk (r512038), the version we run ourselves
|
|
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?view=log
|
|
- add mod_dbd.c-issue18989-autoconnect.dif, but disabled. It
|
|
applies to 2.2.4 mod_dbd.c but not to the trunk version
|
|
- build mod_version
|
|
- fix documentation link in apache2-httpd.conf
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 20 10:47:18 CET 2007 - mskibbe@suse.de
|
|
|
|
- add firewall file for ssl (#246929)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 19 12:44:22 CET 2007 - mskibbe@suse.de
|
|
|
|
- Apache - Support for FATE #300687: Ports for SuSEfirewall added
|
|
via packages (#246929)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 26 12:44:04 CET 2007 - poeml@suse.de
|
|
|
|
- the QUICKSTART Readmes have been moved to
|
|
http://www.opensuse.org/Apache
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 22 11:24:32 CET 2007 - poeml@suse.de
|
|
|
|
- point out better in README.QUICKSTART.SSL that a vhost needs to
|
|
be created
|
|
- fixes to README.QUICKSTART.WebDAV
|
|
- updated email addresses (now there is apache@suse.de)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 20 17:16:20 CET 2007 - poeml@suse.de
|
|
|
|
- add httpd-2.2.x.doublefree.patch, backport of
|
|
http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
|
|
See http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 18 22:00:48 CET 2007 - poeml@suse.de
|
|
|
|
- create debuginfo package in the buildservice
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 12 14:25:51 CET 2007 - mskibbe@suse.de
|
|
|
|
- change path to service cml document (fate #301708)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 9 15:59:42 CET 2007 - poeml@suse.de
|
|
|
|
- upstream 2.2.4
|
|
mod_authnz_ldap:
|
|
- Add an AuthLDAPRemoteUserAttribute directive. If set,
|
|
REMOTE_USER will be set to this attribute, rather than the
|
|
username supplied by the user. Useful for example when you
|
|
want users to log in using an email address, but need to
|
|
supply a userid instead to the backend.
|
|
mod_cache:
|
|
- From RFC3986 (section 6.2.3.) if a URI contains an authority
|
|
component and an empty path, the empty path is to be
|
|
equivalent to "/". It explicitly cites the following four URIs
|
|
as equivalents:
|
|
http://example.com
|
|
http://example.com/
|
|
http://example.com:/
|
|
http://example.com:80/
|
|
- Eliminate a bogus error in the log when a filter returns
|
|
AP_FILTER_ERROR.
|
|
- Don't cache requests with a expires date in the past;
|
|
otherwise mod_cache will always try to cache the URL. This bug
|
|
might lead to numerous rename() errors on win32 if the URL was
|
|
previously cached.
|
|
mod_cgi and mod_cgid:
|
|
- Don't use apr_status_t error return from input filters as HTTP
|
|
return value from the handler. PR 31579.
|
|
mod_dbd:
|
|
- share per-request database handles across subrequests and
|
|
internal redirects
|
|
- key connection pools to virtual hosts correctly even when
|
|
ServerName is unset/unavailable
|
|
mod_deflate:
|
|
- Rework inflate output and deflate output filter to fix several
|
|
issues: Incorrect handling of flush buckets, potential memory
|
|
leaks, excessive memory usage in inflate output filter for
|
|
large compressed content. PR 39854.
|
|
mod_disk_cache:
|
|
- Make sure that only positive integers are accepted for the
|
|
CacheMaxFileSize and CacheMinFileSize parameters in the config
|
|
file. PR39380.
|
|
mod_dumpio:
|
|
- Allow mod_dumpio to log at other than DEBUG levels via the new
|
|
DumpIOLogLevel directive.
|
|
mod_echo:
|
|
- Fix precedence problem in if statement. PR 40658.
|
|
mod_ext_filter:
|
|
- Handle filter names which include capital letters. PR 40323.
|
|
mod_headers:
|
|
- Support regexp-based editing of HTTP headers.
|
|
mod_mime_magic:
|
|
- Fix precedence problem in if statement. PR 40656.
|
|
mod_mem_cache:
|
|
- Memory leak fix: Unconditionally free the buffer.
|
|
- Convert mod_mem_cache to use APR memory pool functions by
|
|
creating a root pool for object persistence across requests.
|
|
This also eliminates the need for custom serialization code.
|
|
mod_proxy:
|
|
- Don't try to use dead backend connection. PR 37770.
|
|
- Add explicit flushing feature. When Servlet container sends
|
|
AJP body message with size 0, this means that Servlet
|
|
container has asked for an explicit flush. Create flush bucket
|
|
in that case. This feature has been added to the recent Tomcat
|
|
versions without breaking the AJP protocol.
|
|
mod_proxy_ajp:
|
|
- Close connection to backend if reading of request body fails.
|
|
PR 40310.
|
|
- Added cping/cpong support for the AJP protocol. A new worker
|
|
directive ping=timeout will cause CPING packet to be send
|
|
expecting CPONG packet within defined timeout. In case the
|
|
backend is too busy this will fail instead sending the full
|
|
header.
|
|
mod_proxy_balancer:
|
|
- Workers can now be defined as part of a balancer cluster "set"
|
|
in which members of a lower-numbered set are preferred over
|
|
higher numbered ones.
|
|
- Workers can now be defined as "hot standby" which will only be
|
|
used if all other workers are unusable (eg: in error or
|
|
disabled). Also, the balancer-manager displays the election
|
|
count and I/O counts of all workers.
|
|
- Retry worker chosen by route / redirect worker if it is in
|
|
error state before sending "Service Temporarily Unavailable".
|
|
PR 38962.
|
|
- Extract stickysession routing information contained as
|
|
parameter in the URL correctly. PR 40400.
|
|
- Set the new environment variable BALANCER_ROUTE_CHANGED if a
|
|
worker with a route different from the one supplied by the
|
|
client had been chosen or if the client supplied no routing
|
|
information for a balancer with sticky sessions.
|
|
- Add information about the route, the sticky session and the
|
|
worker used during a request as environment variables. PR
|
|
39806.
|
|
core:
|
|
- Fix issue which could cause piped loggers to be orphaned and
|
|
never terminate after a graceful restart. PR 40651.
|
|
- Fix address-in-use startup failure caused by corruption of the
|
|
list of listen sockets in some configurations with multiple
|
|
generic Listen directives.
|
|
- Fix NONBLOCK status of listening sockets on restart/graceful
|
|
PR 37680.
|
|
- Deal with the widespread use of apr_status_t return values as
|
|
HTTP status codes, as documented in PR#31759 (a bug shared by
|
|
the default handler, mod_cgi, mod_cgid, mod_proxy, and
|
|
probably others). PR31759.
|
|
- The full server version information is now included in the
|
|
error log at startup as well as server status reports,
|
|
irrespective of the setting of the ServerTokens directive.
|
|
ap_get_server_version() is now deprecated, and is replaced by
|
|
ap_get_server_banner() and ap_get_server_description().
|
|
misc:
|
|
- Allow htcacheclean, httxt2dbm, and fcgistarter to link
|
|
apr/apr-util statically like the older support programs.
|
|
- Better detection and clean up of ldap connection that has been
|
|
terminated by the ldap server. PR 40878.
|
|
- rotatelogs: Improve error message for open failures. PR
|
|
39487.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 8 11:57:04 CET 2007 - mskibbe@suse.de
|
|
|
|
- Apache XML Service Description Document (fate #301708)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 21 10:36:14 CET 2006 - poeml@suse.de
|
|
|
|
- add patch to add charset=utf-8 to directory listings generated by
|
|
mod_autoindex, and add a directive to allow overriding the
|
|
charset (testing, needs to be discussed with upstream) [#153557]
|
|
httpd-2.2.3-AddDirectoryIndexCharset.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 20 15:58:35 CET 2006 - poeml@suse.de
|
|
|
|
- set a proper HOME (/var/lib/apache2), otherwise the server might
|
|
end up HOME=/root and some script might try to use that [#132769]
|
|
- add two notes to the QUICKSTART readmes
|
|
- don't install /etc/apache2/extra configuration since this is only
|
|
serving as an example and installed with the documentation anyway
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 26 11:13:52 CEST 2006 - poeml@suse.de
|
|
|
|
- add rpm macro for suexec_safepath
|
|
- use _bindir/_sbindir in a few places [#202355]
|
|
- remove unused /sbin/conf.d directory from build root
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 31 15:26:54 CEST 2006 - poeml@suse.de
|
|
|
|
- Enable fatal exception hook for use by diagnostic modules.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 29 16:33:59 CEST 2006 - poeml@suse.de
|
|
|
|
- move some binaries, where calling by users makes sense (dbmmanage
|
|
htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 9 16:13:07 CEST 2006 - poeml@suse.de
|
|
|
|
- upstream 2.2.3
|
|
|SECURITY: CVE-2006-3747 (cve.mitre.org)
|
|
| mod_rewrite: Fix an off-by-one security problem in the ldap scheme
|
|
| handling. For some RewriteRules this could lead to a pointer being
|
|
| written out of bounds. Reported by Mark Dowd of McAfee.
|
|
| mod_authn_alias: Add a check to make sure that the base provider and the
|
|
| alias names are different and also that the alias has not been registered
|
|
| before. PR 40051.
|
|
| mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
|
|
| client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
|
|
| mod_autoindex: Fix filename escaping with FancyIndexing disabled.
|
|
| PR 38910.
|
|
| mod_cache:
|
|
| - Make caching of reverse SSL proxies possible again. PR 39593.
|
|
| - Do not overwrite the Content-Type in the cache, for
|
|
| successfully revalidated cached objects. PR 39647.
|
|
| mod_charset_lite: Bypass translation when the source and dest charsets
|
|
| are the same.
|
|
| mod_dbd: Fix dependence on virtualhost configuration in
|
|
| defining prepared statements (possible segfault at startup
|
|
| in user modules such as mod_authn_dbd).
|
|
| mod_mem_cache: Set content type correctly when delivering data from
|
|
| cache. PR 39266.
|
|
| mod_speling: Add directive to deal with case corrections only
|
|
| and ignore other misspellings
|
|
| miscellaneous:
|
|
| - Add optional 'scheme://' prefix to ServerName directive,
|
|
| allowing correct determination of the canonical server URL
|
|
| for use behind a proxy or offload device handling SSL;
|
|
| fixing redirect generation in those cases. PR 33398.
|
|
| - Added server_scheme field to server_rec for above. Minor MMN bump.
|
|
| - Worker MPM: On graceless shutdown or restart, send signals
|
|
| to each worker thread to wake them up if they're polling on
|
|
| a Keep-Alive connection. PR 38737.
|
|
| - worker and event MPMs: fix excessive forking if fork() or
|
|
| child_init take a long time. PR 39275.
|
|
| - Respect GracefulShutdownTimeout in the worker and event MPMs.
|
|
| - configure: Add "--with-included-apr" flag to force use of
|
|
| the bundled version of APR at build time.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 4 12:20:54 CEST 2006 - poeml@suse.de
|
|
|
|
- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is
|
|
found
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 23 09:52:17 CEST 2006 - poeml@suse.de
|
|
|
|
- fix typo in apache-20-22-upgrade script: mod_image_map ->
|
|
mod_imagemap
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 12 11:28:59 CEST 2006 - poeml@suse.de
|
|
|
|
- enable logresolve processing of lines longer than 1024 characters
|
|
by compiling with MAXLINE=4096 [#162806]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 9 23:11:45 CEST 2006 - poeml@suse.de
|
|
|
|
- upstream 2.2.2
|
|
| SECURITY: CVE-2005-3357 (cve.mitre.org)
|
|
| mod_ssl: Fix a possible crash during access control checks
|
|
| if a non-SSL request is processed for an SSL vhost (such as
|
|
| the "HTTP request received on SSL port" error message when
|
|
| an 400 ErrorDocument is configured, or if using "SSLEngine
|
|
| optional"). PR 37791.
|
|
| SECURITY: CVE-2005-3352 (cve.mitre.org)
|
|
| mod_imagemap: Escape untrusted referer header before
|
|
| outputting in HTML to avoid potential cross-site scripting.
|
|
| Change also made to ap_escape_html so we escape quotes.
|
|
| Reported by JPCERT.
|
|
| mod_cache:
|
|
| - Make caching of reverse proxies possible again. PR 38017.
|
|
| mod_disk_cache:
|
|
| - Return the correct error codes from bucket read failures,
|
|
| instead of APR_EGENERAL.
|
|
| mod_dbd:
|
|
| - Update defaults, improve error reporting.
|
|
| - Create own pool and mutex to avoid problem use of process
|
|
| pool in request processing.
|
|
| mod_deflate:
|
|
| - work correctly in an internal redirect
|
|
| mod_proxy:
|
|
| - don't reuse a connection that may be to the wrong backend PR 39253
|
|
| - Do not release connections from connection pool twice. PR 38793.
|
|
| - Fix KeepAlives not being allowed and set to backend servers. PR 38602.
|
|
| - Fix incorrect usage of local and shared worker init. PR 38403.
|
|
| - If we get an error reading the upstream response, close the
|
|
| connection.
|
|
| mod_proxy_balancer:
|
|
| - Initialize members of a balancer correctly. PR 38227.
|
|
| mod_proxy_ajp:
|
|
| - Flushing of the output after each AJP chunk is now
|
|
| configurable at runtime via the 'flushpackets' and 'flushwait'
|
|
| worker params. Minor MMN bump.
|
|
| - Crosscheck the length of the body chunk with the length of the
|
|
| ajp message to prevent mod_proxy_ajp from reading beyond the
|
|
| buffer boundaries and thus revealing possibly sensitive memory
|
|
| contents to the client.
|
|
| - Support common headers of the AJP protocol in responses. PR 38340.
|
|
| mod_proxy_http:
|
|
| - Do send keep-alive header if the client sent connection:
|
|
| keep-alive and do not close backend connection if the client
|
|
| sent connection: close. PR 38524.
|
|
| mod_proxy_balancer:
|
|
| - Do not overwrite the status of initialized workers and respect
|
|
| the configured status of uninitilized workers when creating a
|
|
| new child process.
|
|
| - Fix off-by-one error in proxy_balancer. PR 37753.
|
|
| mod_speling:
|
|
| - Stop crashing with certain non-file requests.
|
|
| mod_ssl:
|
|
| - Fix possible crashes in shmcb with gcc 4 on platforms
|
|
| requiring word-aligned pointers. PR 38838.
|
|
| miscellaneous:
|
|
| - core: Prevent reading uninitialized memory while reading a line of
|
|
| protocol input. PR 39282.
|
|
| - core: Reject invalid Expect header immediately. PR 38123.
|
|
| - Default handler: Don't return output filter apr_status_t values.
|
|
| PR 31759.
|
|
| - Add APR/APR-Util Compiled and Runtime Version numbers to the
|
|
| output of 'httpd -V'.
|
|
| - http: If a connection is aborted while waiting for a chunked line,
|
|
| flag the connection as errored out.
|
|
| - Don't hang on error return from post_read_request. PR 37790.
|
|
| - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
|
|
| - Fix recursive ErrorDocument handling. PR 36090.
|
|
| - Ensure that the proper status line is written to the client, fixing
|
|
| incorrect status lines caused by filters which modify r->status without
|
|
| resetting r->status_line, such as the built-in byterange filter.
|
|
| - HTML-escape the Expect error message. Not classed as security as
|
|
| an attacker has no way to influence the Expect header a victim will
|
|
| send to a target site.
|
|
| - Chunk filter: Fix chunk filter to create correct chunks in the case that
|
|
| a flush bucket is surrounded by data buckets.
|
|
| - Avoid Server-driven negotiation when a script has emitted an
|
|
| explicit Status: header. PR 38070.
|
|
| - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
|
|
| - htdbm: Warn the user when adding a plaintext password on a platform
|
|
| where it wouldn't work with the server (i.e., anywhere that has
|
|
| crypt()).
|
|
- adapted httpd-2.1.3alpha-autoconf-2.59.dif
|
|
- other user visible changes:
|
|
* use a2enmod, a2enflag in apache2-README.QUICKSTART.*
|
|
* add README.QUICKSTART link to httpd.conf
|
|
- when installing/updating, avoid irritating message in
|
|
/var/log/messages ("group is unknown - group=wwwadmin") [#183071]
|
|
- build system changes:
|
|
* clean up old cruft tight to suse_version macros
|
|
* don't run buildconf, and thus don't need python.
|
|
* don't ship uid.conf as source file, but create it dynamically
|
|
instead, according to user/group defined via rpm macro
|
|
* create wwwrun:www user on non-SUSE builds
|
|
* work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
|
|
* add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
|
|
* make sure that the rpm macro sles_version is defined
|
|
* remove obsolete VENDOR UnitedLinux macro
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 25 18:10:28 CEST 2006 - poeml@suse.de
|
|
|
|
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
|
|
except SLES9 and old SL releases)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 29 11:54:00 CEST 2006 - poeml@suse.de
|
|
|
|
- remove php4 from default modules [#155333]
|
|
- fix comment in /etc/init.d/apache2 [#148559]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 20 13:49:07 CET 2006 - poeml@suse.de
|
|
|
|
- fixed comment in init script which indicated wrong version [#148559]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 30 12:41:20 CET 2006 - poeml@suse.de
|
|
|
|
- added Requires: libapr-util1-devel to apache2-devel package [#146496]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 27 15:10:15 CET 2006 - poeml@suse.de
|
|
|
|
- add a note about NameVirtualHost statements to the vhost template
|
|
files [#145000]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:34:16 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 20 13:20:04 CET 2006 - poeml@suse.de
|
|
|
|
- cleanup: remove obsolete metuxmpm patch
|
|
- improve informational text in apache-20-22-upgrade
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 18 10:11:12 CET 2006 - poeml@suse.de
|
|
|
|
- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to
|
|
increase it anymore (fixes [#143536])
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 19 13:25:20 CET 2005 - poeml@suse.de
|
|
|
|
- update to 2.2.0
|
|
- enable all new modules
|
|
- replaced modules "auth auth_dbm access" in default configuration
|
|
by "auth_basic authn_file authn_dbm authz_host authz_default
|
|
authz_user""
|
|
- /usr/share/apache2/apache-20-22-upgrade will fix the module list
|
|
on upgrade
|
|
- fix bug in sysconf_addword (used by a2enmod) to respect word
|
|
boundaries when removing a word (but don't count slashes as word
|
|
boundary)
|
|
- remove perchild mpm subpackage, add experimemtal event mpm
|
|
- remove obsolete tool apache2-reconfigure-mpm
|
|
- remove obsolete perchild config from apache2-server-tuning.conf
|
|
- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild
|
|
- build against system pcre
|
|
- build with --enable-pie
|
|
- don't modify which libraries are linked in
|
|
- adjust IndexIgnore setting to upstream default. Previously, the
|
|
parent directory (..) was being ignored
|
|
- package the symlinks in ssl.crt
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 7 11:07:21 CET 2005 - poeml@suse.de
|
|
|
|
- patch apxs to use the new a2enmod tool, when called with -a
|
|
- add -l option to a2enmod, which gives a list of active modules
|
|
- adjust feedback address in the readmes
|
|
- update README.QUICKSTART.SSL (mention TinyCA)
|
|
- add more documentation in server-tuning.conf, and adjust defaults
|
|
- do not document the restart-hup action of the init script. It
|
|
should not be used
|
|
- don't install the tool checkgid -- it is only usable during
|
|
installation
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 18 13:22:21 CET 2005 - poeml@suse.de
|
|
|
|
- fix duplicated Source45 tag
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 24 14:17:08 CEST 2005 - poeml@suse.de
|
|
|
|
- update to 2.0.55. Relevant changes:
|
|
| SECURITY: CAN-2005-2700 (cve.mitre.org)
|
|
| mod_ssl: Fix a security issue where "SSLVerifyClient" was
|
|
| not enforced in per-location context if "SSLVerifyClient
|
|
| optional" was configured in the vhost configuration.
|
|
| SECURITY: CAN-2005-2491 (cve.mitre.org):
|
|
| Fix integer overflows in PCRE in quantifier parsing which
|
|
| could be triggered by a local user through use of a
|
|
| carefully-crafted regex in an .htaccess file.
|
|
| SECURITY: CAN-2005-2088 (cve.mitre.org)
|
|
| proxy: Correctly handle the Transfer-Encoding and
|
|
| Content-Length headers. Discard the request Content-Length
|
|
| whenever T-E: chunked is used, always passing one of either
|
|
| C-L or T-E: chunked whenever the request includes a request
|
|
| body. Resolves an entire class of proxy HTTP Request
|
|
| Splitting/Spoofing attacks.
|
|
| SECURITY: CAN-2005-2728 (cve.mitre.org)
|
|
| Fix cases where the byterange filter would buffer responses
|
|
| into memory. PR 29962.
|
|
| SECURITY: CAN-2005-2088 (cve.mitre.org)
|
|
| core: If a request contains both Transfer-Encoding and
|
|
| Content-Length headers, remove the Content-Length,
|
|
| mitigating some HTTP Request Splitting/Spoofing attacks.
|
|
| SECURITY: CAN-2005-1268 (cve.mitre.org)
|
|
| mod_ssl: Fix off-by-one overflow whilst printing CRL
|
|
| information at "LogLevel debug" which could be triggered if
|
|
| configured to use a "malicious" CRL. PR 35081.
|
|
| miscellaneous:
|
|
| - worker MPM: Fix a memory leak which can occur after an
|
|
| aborted connection in some limited circumstances.
|
|
| - worker mpm: don't take down the whole server for a transient
|
|
| thread creation failure. PR 34514
|
|
| - Added TraceEnable [on|off|extended] per-server directive to
|
|
| alter the behavior of the TRACE method. This addresses a
|
|
| flaw in proxy conformance to RFC 2616 - previously the proxy
|
|
| server would accept a TRACE request body although the RFC
|
|
| prohibited it. The default remains 'TraceEnable on'.
|
|
| - Add ap_log_cerror() for logging messages associated with
|
|
| particular client connections.
|
|
| - Support the suppress-error-charset setting, as with Apache
|
|
| 1.3.x. PR 31274.
|
|
| - Fix bad globbing comparison which could result in getting a
|
|
| directory listing when a file was requested. PR 34512.
|
|
| - Fix a file descriptor leak when starting piped loggers. PR
|
|
| 33748.
|
|
| - Prevent hangs of child processes when writing to piped
|
|
| loggers at the time of graceful restart. PR 26467.
|
|
| mod_cgid:
|
|
| - Correct mod_cgid's argv[0] so that the full path can be
|
|
| delved by the invoked cgi application, to conform to the
|
|
| behavior of mod_cgi.
|
|
| mod_include:
|
|
| - Fix possible environment variable corruption when using
|
|
| nested includes. PR 12655.
|
|
| mod_ldap:
|
|
| - Fix PR 36563. Keep track of the number of attributes
|
|
| retrieved from LDAP so that all of the values can be
|
|
| properly cached even if the value is NULL.
|
|
| - Fix core dump if mod_auth_ldap's
|
|
| mod_auth_ldap_auth_checker() was called even if
|
|
| mod_auth_ldap_check_user_id() was not (or if it didn't
|
|
| succeed) for non-authoritative cases.
|
|
| - Avoid segfaults when opening connections if using a version
|
|
| of OpenLDAP older than 2.2.21. PR 34618.
|
|
| - Fix various shared memory cache handling bugs. PR 34209.
|
|
| mod_proxy:
|
|
| - Fix over-eager handling of '%' for reverse proxies. PR
|
|
| 15207.
|
|
| - proxy HTTP: If a response contains both Transfer-Encoding
|
|
| and a Content-Length, remove the Content-Length and don't
|
|
| reuse the connection, mitigating some HTTP Response
|
|
| Splitting attacks.
|
|
| - proxy HTTP: Rework the handling of request bodies to handle
|
|
| chunked input and input filters which modify content length,
|
|
| and avoid spooling arbitrary-sized request bodies in memory.
|
|
| PR 15859.
|
|
| mod_ssl:
|
|
| - Fix build with OpenSSL 0.9.8. PR 35757.
|
|
| mod_rewrite:
|
|
| - use buffered I/O to improve performance with large
|
|
| RewriteMap txt: files.
|
|
| mod_userdir:
|
|
| - Fix possible memory corruption issue. PR 34588.
|
|
- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif
|
|
httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif
|
|
apache2-bundled-pcre-5.0-CAN-2005-2491.dif
|
|
httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff
|
|
httpd-2.0.54-ap_byterange-CAN-2005-2728.diff
|
|
- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 20 15:50:35 CEST 2005 - poeml@suse.de
|
|
|
|
- rc.apache2: when stopping the server, wait for the actual binary
|
|
of the parent process to disappear. Waiting for the pid file to
|
|
disappear is not sufficient, because not all cleanup might be
|
|
finished at the time of its removal. [#96492], [#85539]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 12 15:42:47 CEST 2005 - poeml@suse.de
|
|
|
|
- fix security hole by wrongly initializing LD_LIBRARY_PATH in
|
|
/usr/sbin/envvars (used by apache2ctl only) [#118188]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 30 09:47:20 CEST 2005 - poeml@suse.de
|
|
|
|
- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 26 01:24:18 CEST 2005 - ro@suse.de
|
|
|
|
- define LDAP_DEPRECATED in CFLAGS
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 2 12:55:08 CEST 2005 - poeml@suse.de
|
|
|
|
- security fix [CAN-2005-2728 (cve.mitre.org)]:
|
|
fix memory consumption bug in byterange handling
|
|
- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701]
|
|
if "SSLVerifyClient optional" has been configured at the vhost
|
|
context then "SSLVerifyClient require" is not enforced in a
|
|
location context within that vhost; effectively allowing clients
|
|
to bypass client-cert authentication checks. [#114701]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 31 15:39:38 CEST 2005 - poeml@suse.de
|
|
|
|
- Security fix: fix integer overflows in PCRE in quantifier parsing which
|
|
could be triggered by a local user through use of a carefully-crafted
|
|
regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 30 17:41:46 CEST 2005 - lmuelle@suse.de
|
|
|
|
- Escape also any forward slash while removing a word with sysconf_addword.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 26 14:33:34 CEST 2005 - lmuelle@suse.de
|
|
|
|
- Escape any forward slash in the word argument of sysconf_addword.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 14 00:20:26 CEST 2005 - ro@suse.de
|
|
|
|
- alingn suexec2 permissions with permissions.secure
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 11 11:09:49 CEST 2005 - poeml@suse.de
|
|
|
|
- the permissions files are now maintained centrally and packaged
|
|
in the permissions package. Package suexec2 with mode 0750. [#66304]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 5 13:10:21 CEST 2005 - poeml@suse.de
|
|
|
|
- change SSLMutex "default" so APR always picks the best on the
|
|
platform
|
|
- fix Source42 tag which was present twice
|
|
- add a2enmod/a2enflag to add/remove modules/flags conveniently
|
|
- add charset.conv table for mod_auth_ldap
|
|
- make sure that suse_version is defined (it might be unset by e.g.
|
|
ISPs preinstallations)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 12 23:49:29 CEST 2005 - poeml@suse.de
|
|
|
|
- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request
|
|
contains both Transfer-Encoding and a Content-Length, remove the
|
|
Content-Length, stopping some HTTP Request smuggling attacks.
|
|
mod_proxy: Reject chunked requests. [#95709]
|
|
- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix
|
|
off-by-one overflow whilst printing CRL information at "LogLevel
|
|
debug" which could be triggered if configured to use a
|
|
"malicious" CRL. PR 35081. [#95709]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 20 12:57:17 CEST 2005 - poeml@suse.de
|
|
|
|
- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with
|
|
-fpie and link with -pie
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 18 16:46:22 CEST 2005 - poeml@suse.de
|
|
|
|
- update to 2.0.54. Relevant changes:
|
|
| mod_cache:
|
|
| - Add CacheIgnoreHeaders directive. PR 30399.
|
|
| mod_dav:
|
|
| - Correctly export all public functions.
|
|
| mod_ldap:
|
|
| - Added the directive LDAPConnectionTimeout to configure the
|
|
| ldap socket connection timeout value.
|
|
| mod_ssl:
|
|
| - If SSLUsername is used, set r->user earlier. PR 31418.
|
|
| miscellaneous:
|
|
| - Unix MPMs: Shut down the server more quickly when child
|
|
| processes are slow to exit.
|
|
| - worker MPM: Fix a problem which could cause httpd processes
|
|
| to remain active after shutdown.
|
|
| - Remove formatting characters from ap_log_error() calls.
|
|
| These were escaped as fallout from CAN-2003-0020.
|
|
| - core_input_filter: Move buckets to a persistent brigade
|
|
| instead of creating a new brigade. This stop a memory leak
|
|
| when proxying a Streaming Media Server. PR 33382.
|
|
| - htdigest: Fix permissions of created files. PR 33765.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 14 17:13:27 CET 2005 - poeml@suse.de
|
|
|
|
- revise README
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 7 17:14:16 CET 2005 - poeml@suse.de
|
|
|
|
- when building the suexec binary, set the "docroot" compile time
|
|
option to the datadir (/srv/www) instead of the htdocsdir
|
|
(/srv/www/htdocs), so it can be used with virtual hosts placed
|
|
e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper.
|
|
- add php5 to APACHE_MODULES by default, so it can be used simply
|
|
by installing the package. Suppress warning about not-found
|
|
module in the php4/php5 case. [#66729]
|
|
- remove a redundant get_module_list call from the init script
|
|
- add hints about vhost setup to README.QUICKSTART
|
|
- after a change of APACHE_MPM, apache2-reconfigure-mpm is no
|
|
longer needed since SuSEconfig.apache2 is gone. Leave it for
|
|
compatibility, because /etc/sysconfig/apache2 is probably not
|
|
updated and yast may still use it.
|
|
- move the 4 most important variables in sysconfig.apache2 to the
|
|
top of the file
|
|
- add note about the old monolithic configuration file and how to
|
|
use it
|
|
- drop patch httpd-2.0.40-openssl-version.dif (we don't even have
|
|
openssl-0.9.6e anywhere, any longer)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 2 12:38:55 CET 2005 - poeml@suse.de
|
|
|
|
- fix TLS upgrade patch: with SSLEngine set to Optional, an
|
|
additional token in an Upgrade: header before "TLS/1.0" could
|
|
result into an infinite loop [#67126]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 22 16:23:33 CET 2005 - poeml@suse.de
|
|
|
|
- run /usr/share/apache2/get_module_list post install, which will
|
|
also create the symlink to the httpd2 binary, which might be
|
|
necessary during package building when apache has been installed
|
|
but never been run.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 21 16:16:16 CET 2005 - poeml@suse.de
|
|
|
|
- remove SuSEconfig.apache2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 11 15:14:14 CET 2005 - poeml@suse.de
|
|
|
|
- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all
|
|
available modules plus 9 perl modules was beginning to fail
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 9 11:46:37 CET 2005 - poeml@suse.de
|
|
|
|
- update to 2.0.53. Relevant changes:
|
|
| SECURITY: CAN-2004-0942 (cve.mitre.org)
|
|
| Fix for memory consumption DoS in handling of MIME folded request
|
|
| headers.
|
|
| SECURITY: CAN-2004-0885 (cve.mitre.org)
|
|
| mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
|
|
| bypassed during an SSL renegotiation. PR 31505.
|
|
| mod_dumpio:
|
|
| - new I/O logging/dumping module, added to the
|
|
| modules/expermimental subdirectory.
|
|
| mod_ssl:
|
|
| - fail quickly if SSL connection is aborted rather than making
|
|
| many doomed ap_pass_brigade calls. PR 32699.
|
|
| - Fail at startup rather than segfault at runtime if a client cert
|
|
| is configured with an encrypted private key. PR 24030.
|
|
| mod_include:
|
|
| - Fix bug which could truncate variable expansions of N*64
|
|
| characters by one byte. PR 32985.
|
|
| mod_status:
|
|
| - Start keeping track of time-taken-to-process-request again if
|
|
| ExtendedStatus is enabled.
|
|
| util_ldap:
|
|
| - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so
|
|
| that ldap authorization only modules have access to the
|
|
| util_ldap user cache without having to require ldap
|
|
| authentication as well. PR 31898.
|
|
| mod_ldap:
|
|
| - Fix format strings to use %APR_PID_T_FMT instead of %d.
|
|
| - prevent the possiblity of an infinite loop in the LDAP
|
|
| statistics display. PR 29216.
|
|
| - fix a bogus error message to tell the user which file is causing
|
|
| a potential problem with the LDAP shared memory cache. PR 31431
|
|
| - Fix the re-linking issue when purging elements from the LDAP
|
|
| cache PR 24801.
|
|
| mod_auth_ldap:
|
|
| - Added the directive "Requires ldap-attribute" that allows the
|
|
| module to only authorize a user if the attribute value specified
|
|
| matches the value of the user object. PR 31913
|
|
| - Handle the inconsistent way in which the MS LDAP library handles
|
|
| special characters. PR 24437.
|
|
| mod_proxy:
|
|
| - Fix ProxyRemoteMatch directive. PR 33170.
|
|
| - Respect errors reported by pre_connection hooks.
|
|
| - Handle client-aborted connections correctly. PR 32443.
|
|
| mod_cache:
|
|
| - CacheDisable will only disable the URLs it was meant to disable,
|
|
| not all caching. PR 31128.
|
|
| - Try to correctly follow RFC 2616 13.3 on validating stale cache
|
|
| responses.
|
|
| - Fix Expires handling.
|
|
| mod_disk_cache:
|
|
| - Do not store aborted content. PR 21492.
|
|
| - Correctly store cached content type. PR 30278.
|
|
| - Do not store hop-by-hop headers.
|
|
| - Fix races in saving responses.
|
|
| mod_expires:
|
|
| - Alter mod_expires to run at a different filter priority to allow
|
|
| proper Expires storage by mod_cache.
|
|
| mod_rewrite:
|
|
| - Handle per-location rules when r->filename is unset. Previously
|
|
| this would segfault or simply not match as expected, depending
|
|
| on the platform.
|
|
| - Fix 0 bytes write into random memory position. PR 31036.
|
|
| miscellaneous:
|
|
| - Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
|
|
| - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
|
|
| - Allow for the use of --with-module=foo:bar where the ./modules/foo
|
|
| directory is local only. Assumes, of course, that the required
|
|
| files are in ./modules/foo, but makes it easier to statically
|
|
| build/log "external" modules.
|
|
| - --with-module can now take more than one module to be statically
|
|
| linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
|
|
| If the <modtype>-subdirectory doesn't exist it will be created and
|
|
| populated with a standard Makefile.in.
|
|
| - Fix handling of files >2Gb on all platforms (or builds) where
|
|
| apr_off_t is larger than apr_size_t. PR 28898.
|
|
| - Remove compiled-in upper limit on LimitRequestFieldSize.
|
|
| - Correct handling of certain bucket types in ap_save_brigade, fixing
|
|
| possible segfaults in mod_cgi with #include virtual. PR 31247.
|
|
| - conf: Remove AddDefaultCharset from the default configuration
|
|
| because setting a site-wide default does more harm than good. PR
|
|
| 23421.
|
|
| - Add charset to example CGI scripts.
|
|
- merge tls-upgrade.patch
|
|
- remove obsolete httpd-2.0.47-headtail.dif
|
|
httpd-2.0.52-util_ldap_cache_mgr.c.dif
|
|
httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif
|
|
httpd-2.0.52-ssl-incomplete-keypair.dif
|
|
httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif
|
|
httpd-2.0.52.21492.diff
|
|
httpd-2.0.52.30278.diff
|
|
httpd-2.0.52.30399.diff
|
|
httpd-2.0.52.30419.diff
|
|
httpd-2.0.52.31385.diff
|
|
- sync configuration with upstream changes
|
|
* Remove AddDefaultCharset (see upstream changelog above)
|
|
* LanguagePriority for error documents updated
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 15 20:46:53 CET 2005 - schwab@suse.de
|
|
|
|
- Use <owner>:<group> in permissions file.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 11 14:08:35 CET 2005 - schwab@suse.de
|
|
|
|
- Fix /etc/init.d/apache2 to use readlink instead of linkto or file.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 29 14:42:40 CET 2004 - hvogel@suse.de
|
|
|
|
- fix permission handling
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 11 13:06:22 CET 2004 - poeml@suse.de
|
|
|
|
- fix /etc/init.d/apache2 to correctly handle the start of multiple
|
|
instances of the same binary (using startproc -f plus prior check
|
|
for running instance) [#48153]
|
|
- fix helper scripts to allow overriding of $sysconfig_file and
|
|
other useful values
|
|
- remove unused 'rundir' variable from /etc/init.d/apache2
|
|
- removed backward compatibility code for pre-8.0
|
|
- add documentation to the vhost template files and
|
|
README.QUICKSTART
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 8 16:14:23 CET 2004 - poeml@suse.de
|
|
|
|
- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory
|
|
consumption DoS [#47967]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 4 16:47:59 CET 2004 - poeml@suse.de
|
|
|
|
- remove heimdal-devel from #neededforbuild, it is not needed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 15 07:44:20 CEST 2004 - poeml@suse.de
|
|
|
|
- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117]
|
|
- update the TLS upgrade patch [#47207]
|
|
- mod_ssl returned invalid method on TLS upgraded connections
|
|
- additional checks for httpd_method and default_port hooks
|
|
- fixed typo in upgrade header
|
|
- add patches from Ruediger Pluem for the experimental modules
|
|
mod_disk_cache, mod_cache
|
|
PR 21492: mod_disk_cache: Do not store aborted content.
|
|
PR 30278: mod_disk_cache: Correctly store cached content type.
|
|
PR 30399: make storing of Set-Cookie headers optional
|
|
PR 30419: weird caching behaviour of mod_cache and old Cookies
|
|
PR 31385: skipping start of file if recaching already cached file
|
|
- patch from 2.0.53: Fail to configure when an SSL proxy is
|
|
configured with incomplete client cert keypair, rather than
|
|
segfaulting at runtime. PR 24030
|
|
http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 11 14:31:42 CEST 2004 - poeml@suse.de
|
|
|
|
- add patch fixing re-linking issue when purging elements from the
|
|
LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801
|
|
http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 11 14:07:33 CEST 2004 - poeml@suse.de
|
|
|
|
- sync update configuration with upstream changes (2.0.52)
|
|
(mostly comments; configuration for spanish manual added)
|
|
- add mime type for shortcut icons (favicon.ico)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 8 18:36:21 CEST 2004 - poeml@suse.de
|
|
|
|
- update to 2.0.52. Relevant changes:
|
|
| SECURITY: CAN-2004-0811 (cve.mitre.org)
|
|
| Fix merging of the Satisfy directive, which was applied to
|
|
| the surrounding context and could allow access despite configured
|
|
| authentication. PR 31315.
|
|
| util_ldap:
|
|
| Fix a segfault in the LDAP cache when it is configured switched off.
|
|
| mod_mem_cache:
|
|
| Fixed race condition causing segfault because of memory being
|
|
| freed twice, or reused after being freed.
|
|
| mod_log_config:
|
|
| Fix a bug which prevented request completion time from being
|
|
| logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
|
|
| processing. PR 29696.
|
|
| miscellaneous:
|
|
| - Use HTML 2.0 <hr> for error pages. PR 30732
|
|
| - Fix the handling of URIs containing %2F when
|
|
| AllowEncodedSlashes is enabled. Previously, such urls would
|
|
| still be rejected.
|
|
| - Fix the global mutex crash when the global mutex is never
|
|
| allocated due to disabled/empty caches.
|
|
| - Add -l option to rotatelogs to let it use local time rather
|
|
| than UTC. PR 24417.
|
|
- changes from 2.0.51:
|
|
| SECURITY: CAN-2004-0786 (cve.mitre.org)
|
|
| Fix an input validation issue in apr-util which could be
|
|
| triggered by malformed IPv6 literal addresses.
|
|
| SECURITY: CAN-2004-0747 (cve.mitre.org)
|
|
| Fix buffer overflow in expansion of environment variables in
|
|
| configuration file parsing.
|
|
| SECURITY: CAN-2004-0809 (cve.mitre.org)
|
|
| mod_dav_fs: Fix a segfault in the handling of an indirect lock
|
|
| refresh. PR 31183.
|
|
| SECURITY: CAN-2004-0751 (cve.mitre.org)
|
|
| mod_ssl: Fix a segfault in the SSL input filter which could be
|
|
| triggered if using "speculative" mode, for instance by a proxy
|
|
| request to an SSL server. PR 30134.
|
|
| SECURITY: CAN-2004-0748 (cve.mitre.org)
|
|
| mod_ssl: Fix a potential infinite loop. PR 29964.
|
|
| mod_include:
|
|
| no longer checks for recursion, because that's done in the core.
|
|
| This allows for careful usage of recursive SSI.
|
|
| mod_rewrite:
|
|
| - Fix memory leak in the cache handlingof mod_rewrite. PR 27862.
|
|
| - Add %{SSL:...} and %{HTTPS} variable lookups. PR 30464.
|
|
| - mod_rewrite now officially supports RewriteRules in <Proxy>
|
|
| sections. PR 27985.
|
|
| - no longer confuse the RewriteMap caches if different maps
|
|
| defined in different virtual hosts use the same map name. PR 26462.
|
|
| mod_ssl:
|
|
| - Add new 'ssl_is_https' optional function.
|
|
| - Add "SSLUserName" directive to set r->user based on a chosen SSL
|
|
| environment variable. PR 20957.
|
|
| - Avoid startup failure after unclean shutdown if using shmcb. PR 18989.
|
|
| mod_autoindex:
|
|
| - Don't truncate the directory listing if a stat() call fails (for
|
|
| instance on a >2Gb file). PR 17357.
|
|
| mod_cache, mod_disk_cache, mod_mem_cache:
|
|
| - Refactor cache modules, and switch to the provider API instead
|
|
| of hooks.
|
|
| mod_disk_cache:
|
|
| - Implement binary format for on-disk header files.
|
|
| - Optimize network performance of disk cache subsystem by allowing
|
|
| zero-copy (sendfile) writes and other miscellaneous fixes.
|
|
| mod_userdir:
|
|
| - Ensure that the userdir identity is used for suexec userdir
|
|
| access in a virtual host which has suexec configured. PR 18156.
|
|
| mod_setenvif:
|
|
| - Remove "support" for Remote_User variable which never worked at
|
|
| all. PR 25725.
|
|
| - Extend the SetEnvIf directive to capture subexpressions of the
|
|
| matched value.
|
|
| mod_headers:
|
|
| - Backport from 2.1 / Regression from 1.3: mod_headers now knows
|
|
| again the functionality of the ErrorHeader directive. But
|
|
| instead using this misnomer additional flags to the Header
|
|
| directive were introduced ("always" and "onsuccess", defaulting
|
|
| to the latter). PR 28657.
|
|
| mod_usertrack:
|
|
| - Escape the cookie name before pasting into the regexp.
|
|
| mod_dir:
|
|
| - the trailing-slash behaviour is now configurable using the
|
|
| DirectorySlash directive.
|
|
| util_ldap:
|
|
| - Switched the lock types on the shared memory cache from thread
|
|
| reader/writer locks to global mutexes in order to provide cross
|
|
| process cache protection.
|
|
| - Reworked the cache locking scheme to eliminate duplicate cache
|
|
| entries in the credentials cache due to race conditions.
|
|
| - Enhanced the util_ldap cache-info display to show more detail
|
|
| about the contents and current state of the cache.
|
|
| mod_ldap:
|
|
| - Enable the option to support anonymous shared memory in
|
|
| mod_ldap. This makes the cache work on Linux again.
|
|
| miscellaneous:
|
|
| - Include directives no longer refuse to process symlinks on
|
|
| directories. Instead there's now a maximum nesting level of
|
|
| included directories (128 as distributed). This is configurable
|
|
| at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR
|
|
| 28492, PR 28370.
|
|
| - Prevent CGI script output which includes a Content-Range header
|
|
| from being passed through the byterange filter.
|
|
| - Satisfy directives now can be influenced by a surrounding
|
|
| <Limit> container. PR 14726.
|
|
| - Makefile fix: httpd is linked against LIBS given to the 'make'
|
|
| invocation. PR 7882.
|
|
| - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
|
|
| - apachectl: Fix a problem finding envvars if sbindir != bindir.
|
|
| PR 30723.
|
|
| - Use the higher performing 'httpready' Accept Filter on all
|
|
| platforms except FreeBSD < 4.1.1.
|
|
| - Allow proxying of resources that are invoked via DirectoryIndex.
|
|
| PR 14648, 15112, 29961.
|
|
| - Small fix to allow reverse proxying to an ftp server. Previously
|
|
| an attempt to do this would try and connect to 0.0.0.0,
|
|
| regardless of the server specified. PR 24922
|
|
| - Enable special ErrorDocument value 'default' which restores the
|
|
| canned server response for the scope of the directive.
|
|
| - work around MSIE Digest auth bug - if
|
|
| AuthDigestEnableQueryStringHack is set in r->subprocess_env
|
|
| allow mismatched query strings to pass. PR 27758.
|
|
| - Accept URLs for the ServerAdmin directive. If the supplied
|
|
| argument is not recognized as an URL, assume it's a mail
|
|
| address. PR 28174.
|
|
| - initialize server arrays prior to calling
|
|
| ap_setup_prelinked_modules so that static modules can push
|
|
| Defines values when registering hooks just like DSO modules can
|
|
- drop obsolete security fixes
|
|
httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif
|
|
httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif
|
|
httpd-2.0.50-CAN-2004-0747-ENVVAR.dif
|
|
httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif
|
|
httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif
|
|
- httpd-2.0.45-anon-mmap.dif included upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 14 12:11:58 CEST 2004 - poeml@suse.de
|
|
|
|
- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in
|
|
mod_dav by remotely triggerable null-pointer dereference
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231]
|
|
- fix hint about vhost checking in the SSL readme
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 8 14:24:19 CEST 2004 - poeml@suse.de
|
|
|
|
- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability
|
|
in the apr-util library (lacking input validation on IPv6 literal
|
|
addresses in the apr_uri_parse function [#44736]
|
|
- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer
|
|
overflow that can occur when expanding ${ENVVAR} constructs in
|
|
.htaccess or httpd.conf files. [#44736]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 6 12:48:21 CEST 2004 - poeml@suse.de
|
|
|
|
- rename check_forensic script to avoid clash with apache 1.3.x
|
|
package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 27 16:18:41 CEST 2004 - poeml@suse.de
|
|
|
|
- implement action "startssl" in the init script. [#42365]
|
|
- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs.
|
|
- disable building of leader and metuxmpm MPMs.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 25 12:58:20 CEST 2004 - poeml@suse.de
|
|
|
|
- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential
|
|
infinite loop in the SSL input filter which can be triggered by
|
|
an aborted connection
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103]
|
|
- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential
|
|
segfault in the SSL input filter which can be triggered by the
|
|
response to request which is proxied to a remote SSL server
|
|
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103]
|
|
- remove the obsolete notify message on package update
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 8 14:17:13 CEST 2004 - poeml@suse.de
|
|
|
|
- update to 2.0.50. Relevant changes:
|
|
| SECURITY: CAN-2004-0493 (cve.mitre.org)
|
|
| Close a denial of service vulnerability identified by Georgi
|
|
| Guninski which could lead to memory exhaustion with certain
|
|
| input data.
|
|
| SECURITY: CAN-2004-0488 (cve.mitre.org)
|
|
| mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for
|
|
| a (trusted) client certificate subject DN which exceeds 6K in
|
|
| length.
|
|
| mod_alias:
|
|
| now emits a warning if it detects overlapping *Alias* directives.
|
|
| mod_cgi: Handle output on stderr during script execution on Unix
|
|
| platforms; preventing deadlock when stderr output fills pipe
|
|
| buffer. Also fixes case where stderr from nph- scripts could be
|
|
| lost. PR 22030, 18348.
|
|
| mod_dav:
|
|
| - Fix a problem that could cause crashes when manipulating locks
|
|
| on some platforms.
|
|
| mod_dav_fs:
|
|
| - Fix MKCOL response for missing parent collections, which caused
|
|
| issues for the Eclipse WebDAV extension. PR 29034.
|
|
| mod_deflate:
|
|
| - Fix memory consumption (which was proportional to the response
|
|
| size). PR 29318.
|
|
| mod_expires:
|
|
| - Fix segfault which occured under certain circumstances. PR 28047.
|
|
| mod_headers:
|
|
| - no longer crashes if an empty header value should be added.
|
|
| mod_log_forensic:
|
|
| - new module.
|
|
| mod_logio:
|
|
| - no longer removes the EOS bucket. PR 27928.
|
|
| mod_proxy:
|
|
| - Fix handling of IPv6 numeric strings.
|
|
| mod_rewrite:
|
|
| no longer turns forward proxy requests into reverse proxy
|
|
| requests. PR 28125
|
|
| mod_ssl:
|
|
| - Log the errors returned on failure to load or initialize a
|
|
| crypto accelerator engine.
|
|
| - Fix a potential segfault in the 'shmcb' session cache for small
|
|
| cache sizes. PR 27751.
|
|
| - Fix memory leak in session cache handling. PR 26562
|
|
| - Fix potential segfaults when performing SSL shutdown from a pool
|
|
| cleanup. PR 27945.
|
|
| mod_auth_ldap/util_ldap:
|
|
| - allow relative paths for LDAPTrustedCA to be resolved against
|
|
| ServerRoot PR#26602
|
|
| - Throw an error message if an attempt is made to use the
|
|
| LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost.
|
|
| PR 26390
|
|
| - Fix a potential segfault if the bind password in the LDAP cache
|
|
| is NULL. PR 28250.
|
|
| - Overhaul handling of LDAP error conditions, so that the
|
|
| util_ldap_* functions leave the connections in a sane state
|
|
| after errors have occurred. PR 27748, 17274, 17599, 18661,
|
|
| 21787, 24595, 24683, 27134, 27271
|
|
| - mod_ldap calls ldap_simple_bind_s() to validate the user
|
|
| credentials. If the bind fails, the connection is left in an
|
|
| unbound state. Make sure that the ldap connection record is
|
|
| updated to show that the connection is no longer bound.
|
|
| - Update the bind credentials for the cached LDAP connection to
|
|
| reflect the last bind. This prevents util_ldap from creating
|
|
| unnecessary connections rather than reusing cached connections.
|
|
| - Quotes cannot be used around require group and require dn
|
|
| directives, update the documentation to reflect this. Also add
|
|
| quotes around the dn and group within debug messages, to make it
|
|
| more obvious why authentication is failing if quotes are used in
|
|
| error. PR 19304.
|
|
| miscellaneous:
|
|
| - Allow RequestHeader directives to be conditional. PR 27951.
|
|
| - Allow LimitRequestBody to be reset to unlimited. PR 29106
|
|
| - <VirtualHost myhost> now applies to all IP addresses for myhost
|
|
| instead of just the first one reported by the resolver. This
|
|
| corrects a regression since 1.3.
|
|
| - Fix a bunch of cases where the return code of the regex compiler
|
|
| was not checked properly. This affects: mod_setenvif,
|
|
| mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218.
|
|
| - Remove 2Gb log file size restriction on some 32-bit platforms.
|
|
| PR 13511.
|
|
| - htpasswd no longer refuses to process files that contain empty
|
|
| lines.
|
|
| - Regression from 1.3: At startup, suexec now will be checked for
|
|
| availability, the setuid bit and user root. The works only if
|
|
| httpd is compiled with the shipped APR version (0.9.5). PR
|
|
| 28287.
|
|
| - Unix MPMs: Stop dropping connections when the file descriptor is
|
|
| at least FD_SETSIZE.
|
|
| - Fix a segfault when requests for shared memory fails and returns
|
|
| NULL. Fix a segfault caused by a lack of bounds checking on the
|
|
| cache. PR 24801.
|
|
| - Ensure that lines in the request which are too long are properly
|
|
| terminated before logging.
|
|
| - htpasswd: use apr_temp_dir_get() and general cleanup
|
|
| - logresolve: Allow size of log line buffer to be overridden at
|
|
| build time (MAXLINE). PR 27793.
|
|
| - Fix the comment delimiter in htdbm so that it correctly parses
|
|
| the username comment. Also add a terminate function to allow
|
|
| NetWare to pause the output before the screen is destroyed.
|
|
| - Fix crash when Apache was started with no Listen directives.
|
|
| - core_output_filter: Fix bug that could result in sending garbage
|
|
| over the network when module handlers construct bucket brigades
|
|
| containing multiple file buckets all referencing the same open
|
|
| file descriptor.
|
|
| - Fix memory corruption problem with ap_custom_response()
|
|
| function. The core per-dir config would later point to request
|
|
| pool data that would be reused for different purposes on
|
|
| different requests.
|
|
- drop obsolete patches
|
|
- change vendor string SuSE -> SUSE
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 29 11:35:24 CEST 2004 - poeml@suse.de
|
|
|
|
- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of
|
|
Service vulnaribility which could lead to memory exhaustion with
|
|
certain input data. [#42566]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 18 11:39:53 CEST 2004 - poeml@suse.de
|
|
|
|
- package forgotten CHANGES file
|
|
- package apr and apr-util documentation files
|
|
- fix log_server_status2 to use perl's Socket module
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 19 13:38:41 CEST 2004 - poeml@suse.de
|
|
|
|
- security fix for mod_ssl: fix buffer overflow in
|
|
ssl_util_uuencode() [#40791]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 28 14:04:34 CEST 2004 - poeml@suse.de
|
|
|
|
- add TLS upgrade patch [#39449]
|
|
- add patch to allow writing log files larger than 2>GB [#39453]
|
|
- obsolete apache and mod_ssl versions only when older than what is
|
|
shipped with 9.1
|
|
- don't provide mod_ssl
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 2 15:56:30 CEST 2004 - cschum@suse.de
|
|
|
|
- Add "suse_help_viewer" provides [#37932]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 29 17:57:46 CEST 2004 - poeml@suse.de
|
|
|
|
- provide and obsolete packages apache, mod_ssl, apache-doc and
|
|
apache-example-pages [#37084]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 22 18:37:27 CET 2004 - poeml@suse.de
|
|
|
|
- disable large file support by not building with _FILE_OFFSET_BITS=64,
|
|
in favour of retaining a binary compatible module API.
|
|
Therefore, do not change the module magic number. LFS can be
|
|
enabled by building via rpmbuild --define 'build_with_LFS 1'
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 20:35:06 CET 2004 - poeml@suse.de
|
|
|
|
- update to proposed 2.0.49 tarball
|
|
- mod_cgid: Fix storage corruption caused by use of incorrect pool.
|
|
- docs update
|
|
- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635]
|
|
- fix a comment in default-server.conf
|
|
- remove obsolete ssl_scache_cleanup support script and ftok helper
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 16 00:41:07 CET 2004 - poeml@suse.de
|
|
|
|
- change mmn in header file as well, for modules that include it
|
|
from there
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 15 17:36:07 CET 2004 - poeml@suse.de
|
|
|
|
- update to 2.0.49-rc2. Relevant changes:
|
|
| The whole codebase was relicensed and is now available under the
|
|
| Apache License, Version 2.0 (http://www.apache.org/licenses).
|
|
| [Apache Software Foundation]
|
|
| Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory
|
|
| leak in plain-HTTP-on-SSL-port handling. PR 27106.
|
|
| Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data
|
|
| before writing into the errorlog. Unescaped errorlogs are still
|
|
| possible using the compile time switch
|
|
| "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
|
|
| mod_ssl:
|
|
| - Send the Close Alert message to the peer before closing the
|
|
| SSL session. PR 27428.
|
|
| - Fix bug in passphrase handling which could cause spurious
|
|
| failures in SSL functions later. PR 21160.
|
|
| - Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057.
|
|
| - Fix streaming output from an nph- CGI script. PR 21944
|
|
| - Advertise SSL library version as determined at run-time rather
|
|
| than at compile-time. PR 23956.
|
|
| - Fix segfault on a non-SSL request if the 'c' log format code
|
|
| is used. PR 22741.
|
|
| - Fix segfaults at startup if other modules which use OpenSSL
|
|
| are also loaded.
|
|
| - Use human-readable OpenSSL error strings in logs; use
|
|
| thread-safe interface for retrieving error strings.
|
|
| mod_cache:
|
|
| - Fixed cache-removal order in mod_mem_cache.
|
|
| - Fix segfault in mod_mem_cache cache_insert() due to cache size
|
|
| becoming negative. PR: 21285, 21287
|
|
| - Modified the cache code to be header-location agnostic. Also
|
|
| fixed a number of other cache code bugs related to PR 15852.
|
|
| Includes a patch submitted by Sushma Rai <rsushma novell.com>.
|
|
| This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
|
|
| closing the PR since that is what they are using.
|
|
| mod_dav:
|
|
| - Reject requests which include an unescaped fragment in the
|
|
| Request-URI. PR 21779.
|
|
| - Use bucket brigades when reading PUT data. This avoids
|
|
| problems if the data stream is modified by an input filter. PR
|
|
| 22104.
|
|
| - Return a WWW-auth header for MOVE/COPY requests where the
|
|
| destination resource gives a 401. PR 15571.
|
|
| - Fix a problem with namespace mappings being dropped in
|
|
| mod_dav_fs; if any property values were set which defined
|
|
| namespaces these came out mangled in the PROPFIND response.
|
|
| PR 11637.
|
|
| mod_expires:
|
|
| - Initialize ExpiresDefault to NULL instead of "" to avoid
|
|
| reporting an Internal Server error if it is used without
|
|
| having been set in the httpd.conf file. PR: 23748, 24459
|
|
| - Add support for IMT minor-type wildcards (e.g., text/*) to
|
|
| ExpiresByType. PR#7991
|
|
| mod_log_config / logging:
|
|
| - Fix some piped log problems: bogus "piped log program '(null)'
|
|
| failed" messages during restart and problem with the logger
|
|
| respawning again after Apache is stopped. PR 21648, PR 24805.
|
|
| - mod_log_config: Fix corruption of buffered logs with threaded
|
|
| MPMs. PR 25520.
|
|
| - mod_log_config: Log the minutes component of the timezone correctly.
|
|
| PR 23642.
|
|
| mod_proxy*:
|
|
| - proxy_http fix: mod_proxy hangs when both KeepAlive and
|
|
| ProxyErrorOverride are enabled, and a non-200 response without a
|
|
| body is generated by the backend server. (e.g.: a client makes a
|
|
| request containing the "If-Modified-Since" and "If-None-Match"
|
|
| headers, to which the backend server respond with status 304.)
|
|
| - Fix memory leak in handling of request bodies during reverse
|
|
| proxy operations. PR 24991.
|
|
| - mod_proxy: Fix cases where an invalid status-line could be sent
|
|
| to the client. PR 23998.
|
|
| mod_rewrite:
|
|
| - Catch an edge case, where strange subsequent RewriteRules
|
|
| could lead to a 400 (Bad Request) response.
|
|
| - Make REMOTE_PORT variable available in mod_rewrite. PR 25772.
|
|
| - In external rewrite maps lookup keys containing
|
|
| a newline now cause a lookup failure. PR 14453.
|
|
| - Fix RewriteBase directive to not add double slashes.
|
|
| mod_usertrack:
|
|
| - Fix bug in mod_usertrack when no CookieName is set.
|
|
| - mod_usertrack no longer inspects the Cookie2 header for
|
|
| the cookie name. PR 11475.
|
|
| - mod_usertrack no longer overwrites other cookies.
|
|
| PR 26002.
|
|
| mod_include, filters:
|
|
| - Backport major overhaul of mod_include's filter parser from 2.1.
|
|
| The new parser code is expected to be more robust and should
|
|
| catch all of the edge cases that were not handled by the previous one.
|
|
| The 2.1 external API changes were hidden by a wrapper which is
|
|
| expected to keep the API backwards compatible.
|
|
| - Add a hook (insert_error_filter) to allow filters to re-insert
|
|
| themselves during processing of error responses. Enable mod_expires
|
|
| to use the new hook to include Expires headers in valid error
|
|
| responses. This addresses an RFC violation. It fixes PRs 19794,
|
|
| 24884, and 25123.
|
|
| - complain via error_log when mod_include's INCLUDES filter is
|
|
| enabled, but the relevant Options flag allowing the filter to run
|
|
| for the specific resource wasn't set, so that the filter won't
|
|
| silently get skipped. next remove itself, so the warning will be
|
|
| logged only once
|
|
| - Fix mod_include's expression parser to recognize strings correctly
|
|
| even if they start with an escaped token.
|
|
| - Fix a problem with the display of empty variables ("SetEnv foo") in
|
|
| mod_include. PR 24734
|
|
| - mod_include no longer allows an ETag header on 304 responses.
|
|
| PR 19355.
|
|
| mod_autoindex:
|
|
| - Don't omit the <tr> start tag if the SuppressIcon option is
|
|
| set. PR 21668.
|
|
| - Restore the ability to add a description for directories that
|
|
| don't contain an index file. (Broken in 2.0.48)
|
|
| - mod_autoindex / core: Don't fail to show filenames containing
|
|
| special characters like '%'. PR 13598.
|
|
| - Add 'XHTML' option in order to allow switching between HTML
|
|
| 3.2 and XHTML 1.0 output. PR 23747.
|
|
| mod_status:
|
|
| - Add mod_status hook to allow modules to add to the mod_status
|
|
| report.
|
|
| - Report total CPU time accurately when using a threaded MPM.
|
|
| PR 23795.
|
|
| mod_info:
|
|
| - Fix mod_info to use the real config file name, not the default
|
|
| config file name.
|
|
| - HTML escape configuration information so it displays
|
|
| correctly. PR 24232.
|
|
| mod_auth_digest:
|
|
| - Allow mod_auth_digest to work with sub-requests with different
|
|
| methods than the original request. PR 25040.
|
|
| mod_auth_ldap:
|
|
| - Fix some segfaults in the cache logic. PR 18756.
|
|
| mod_cgid:
|
|
| - Restart the cgid daemon if it crashes. PR 19849
|
|
| mod_setenvif:
|
|
| - Fix the regex optimizer, which under circumstances
|
|
| treated the supplied regex as literal string. PR 24219.
|
|
| miscellaneous:
|
|
| - core.c: If large file support is enabled, allow any file that is
|
|
| greater than AP_MAX_SENDFILE to be split into multiple buckets.
|
|
| This allows Apache to send files that are greater than 2gig.
|
|
| Otherwise we run into 32/64 bit type mismatches in the file size.
|
|
| - Fixed file extensions for real media files and removed rpm extension
|
|
| from mime.types. PR 26079.
|
|
| - Remove compile-time length limit on request strings. Length is
|
|
| now enforced solely with the LimitRequestLine config directive.
|
|
| - Set the scoreboard state to indicate logging prior to running
|
|
| logging hooks so that server-status will show 'L' for hung loggers
|
|
| instead of 'W'.
|
|
| - Fix the inability to log errors like exec failure in
|
|
| mod_ext_filter/mod_cgi script children. This was broken after
|
|
| such children stopped inheriting the error log handle.
|
|
| - fix "Expected </Foo>> but saw </Foo>" errors in nested,
|
|
| argumentless containers.
|
|
| - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
|
|
| instead of mmn.
|
|
| - Add Polish translation of error messages. PR 25101.
|
|
| - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query.
|
|
| - Fix htdbm to generate comment fields in DBM files correctly.
|
|
| - Correct UseCanonicalName Off to properly check incoming port number.
|
|
| - Fix slow graceful restarts with prefork MPM.
|
|
| - Keep focus of ITERATE and ITERATE2 on the current module when
|
|
| the module chooses to return DECLINE_CMD for the directive.
|
|
| PR 22299.
|
|
| - Build array of allowed methods with proper dimensions, fixing
|
|
| possible memory corruption.
|
|
| - worker MPM: fix stack overlay bug that could cause the parent
|
|
| process to crash.
|
|
| - Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
|
|
| - Fix build with parallel make. PR 24643.
|
|
| - Add fatal exception hook for use by diagnostic modules. The hook
|
|
| is only available if the --enable-exception-hook configure parm
|
|
| is used and the EnableExceptionHook directive has been set to
|
|
| "on".
|
|
| - Improve 'configure --help' output for some modules.
|
|
- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is
|
|
fixed)
|
|
- disable automatic restarts, because they do not work properly
|
|
[#35408]
|
|
- change MMN to prevent loading of incompatible modules (modules
|
|
that are not built with `apxs -q CFLAGS` and therefore miss
|
|
_FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in
|
|
addition.
|
|
- use CPPFLAGS for passing preprocessor flags because they are
|
|
removed from CFLAGS
|
|
- Stop dropping connections when the file descriptor
|
|
is at least FD_SETSIZE. This isn't a problem on Linux because
|
|
poll() is used instead of select() by APR. Assert HAVE_POLL.
|
|
[#34178]
|
|
- add modifications to the code to the NOTICE file as required by
|
|
the new license
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 27 17:42:24 CET 2004 - poeml@suse.de
|
|
|
|
- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware
|
|
crypto accelerators
|
|
- compile with -DMAX_SERVER_LIMIT=200000
|
|
- if an SSL passphrase is not entered within the timeout, fall back
|
|
to start apache without SSL (with -D NOSSL). This could/should be
|
|
made configurable.
|
|
- clean up output of SuSEconfig.apache2
|
|
- add pre-defined LogFormat "vhost_combined"
|
|
- configure /var/lib/apache2 for WebDAV locks
|
|
- add a readme about configuring WebDAV with digest authentication
|
|
- add default configuration for mod_usertrack (this is the current
|
|
workaround for the problem in the 1.3.29/2.0.48 release that
|
|
occurs if no CookieName is configured)
|
|
- in vhost.template, enclose all virtual host configuration in the
|
|
VirtualHost container
|
|
- update metuxmpm patch to r7
|
|
- fix test run as non-root
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 13 16:38:05 CET 2004 - schwab@suse.de
|
|
|
|
- Fix quoting in autoconf macros.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 13 17:28:48 CET 2003 - poeml@suse.de
|
|
|
|
- add changes to gensslcert from Volker Kuhlmann [#31803]
|
|
- revert default character set from UTF-8 to ISO-8859-1, and revert
|
|
the misleading comment that talked about filenames while it is
|
|
all about content of the files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 18 14:14:39 CET 2003 - poeml@suse.de
|
|
|
|
- add a ServerLimit directive to server-tuning.conf, so it's
|
|
already in the right place if someone needs to tweak it [#32852]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 7 13:00:07 CET 2003 - poeml@suse.de
|
|
|
|
- mark apache2-manual.conf in %files doc as %config
|
|
- wrap directives specific to the mod_negotiation module into an
|
|
<IfModule> block [#32848]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 30 11:41:19 CET 2003 - poeml@suse.de
|
|
|
|
- update to 2.0.48. Relevant / user visible changes are:
|
|
Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX
|
|
socket used to communicate with the cgid daemon and the CGI
|
|
script.
|
|
Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and
|
|
mod_rewrite which occurred if one configured a regular
|
|
expression with more than 9 captures.
|
|
mod_rewrite:
|
|
- Don't die silently when failing to open RewriteLogs. PR 23416
|
|
- Fix support of the [P] option to send rewritten request using
|
|
"proxy:". The code was adding multiple "proxy:" fields in the
|
|
rewritten URI. PR: 13946.
|
|
- Ignore RewriteRules in .htaccess files if the directory
|
|
containing the .htaccess file is requested without a trailing
|
|
slash. PR 20195.
|
|
mod_include:
|
|
- Fix a trio of bugs that would cause various unusual sequences
|
|
of parsed bytes to omit portions of the output stream. PR 21095
|
|
- fix segfault which occured if the filename was not set, for
|
|
example, when processing some error conditions.
|
|
mod_cgid: fix a hash table corruption problem which could
|
|
result in the wrong script being cleaned up at the end of a
|
|
request.
|
|
mod_ssl: Fix segfaults after renegotiation failure. PR 21370
|
|
- Fix a problem setting variables that represent the client
|
|
certificate chain. PR 21371
|
|
- Fix FakeBasicAuth for subrequest. Log an error when an
|
|
identity spoof is encountered.
|
|
- Assure that we block properly when reading input bodies with
|
|
SSL. PR 19242.
|
|
mod_autoindex: If a directory contains a file listed in the
|
|
DirectoryIndex directive, the folder icon is no longer replaced
|
|
by the icon of that file. PR 9587.
|
|
mod_usertrack: do not get false positive matches on the
|
|
user-tracking cookie's name. PR 16661.
|
|
mod_cache:
|
|
- Fix the cache code so that responses can be cached if they
|
|
have an Expires header but no Etag or Last-Modified headers.
|
|
PR 23130. cache_util: Fix ap_check_cache_freshness to check
|
|
max_age, smax_age, and expires as directed in RFC 2616.
|
|
mod_deflate:
|
|
- fix to not call deflate() without checking first whether it
|
|
has something to deflate. (Currently this causes deflate to
|
|
generate a fatal error according to the zlib spec.) PR 22259.
|
|
- Don't attempt to hold all of the response until we're done.
|
|
- Fix a bug, where mod_deflate sometimes unconditionally
|
|
compressed the content if the Accept-Encoding header
|
|
contained only other tokens than "gzip" (such as "deflate").
|
|
PR 21523.
|
|
mod_proxy: Don't respect the Server header field as set by
|
|
modules and CGIs. As with 1.3, for proxy requests any such
|
|
field is from the origin server; otherwise it will have our
|
|
server info as controlled by the ServerTokens directive.
|
|
mod_log_config: Fix %b log format to write really "-" when 0
|
|
bytes were sent (e.g. with 304 or 204 response codes).
|
|
mod_ext_filter: Set additional environment variables for use by
|
|
the external filter. PR 20944.
|
|
core:
|
|
- allow <Foo>..</Foo> containers (no arguments in the opening
|
|
tag), as in 1.3. Needed by mod_perl <Perl> sections
|
|
- Fix a misleading message from the some of the threaded MPMs
|
|
when MaxClients has to be lowered due to the setting of
|
|
ServerLimit.
|
|
- Avoid an infinite recursion, which occured if the name of an
|
|
included config file or directory contained a wildcard
|
|
character. PR 22194.
|
|
- MPMs: The bucket brigades subsystem now honors the MaxMemFree
|
|
setting.
|
|
- Lower the severity of the "listener thread didn't exit"
|
|
message to debug, as it is of interest only to developers.
|
|
miscellaneous:
|
|
- Update the header token parsing code to allow LWS between the
|
|
token word and the ':' seperator. [PR 16520]
|
|
- Remember an authenticated user during internal redirects if
|
|
the redirection target is not access protected and pass it to
|
|
scripts using the REDIRECT_REMOTE_USER environment variable.
|
|
PR 10678, 11602.
|
|
- Update mime.types to include latest IANA and W3C types.
|
|
- Modify ap_get_client_block() to note if it has seen EOS.
|
|
ab:
|
|
- Overlong credentials given via command line no longer clobber
|
|
the buffer.
|
|
- Work over non-loopback on Unix again. PR 21495.
|
|
- Fix NULL-pointer issue in ab when parsing an incomplete or
|
|
non-HTTP response. PR 21085.
|
|
- add another example to apache2-listen.conf
|
|
- update apache2-mod_mime-defaults.conf according to 2.0.48 changes
|
|
(be clearer in describing the connection between AddType and
|
|
AddEncoding for defining the meaning of compressed file
|
|
extensions.)
|
|
- use a better example domain name in apache2-vhost-ssl.template
|
|
- the "define version_perl" was nowhere needed
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 22 17:49:40 CEST 2003 - mls@suse.de
|
|
|
|
- don't provide httpddoc in apache2-doc
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 18 18:48:33 CEST 2003 - poeml@suse.de
|
|
|
|
- add mod_php4 to the default list of APACHE_MODULES, and change
|
|
get_module_list to ignore non-existant modules (warnings will
|
|
be issued when it is run from SuSEconfig, but not from the init
|
|
script). How to enable the PHP4 module has been the most
|
|
frequently asked questions in user feedback [cf to #29735].
|
|
This bug is tracked in [#31306]
|
|
- include conf.d/*.conf by default, as it was the case until
|
|
recently. User feedback showed that for many people the
|
|
separation of configuration includes into individual virtual
|
|
hosts is overkill, and it complicates the setup too much. More
|
|
finegrained control can be achieved by commenting out the
|
|
respective line in the default server config. [#30866], [#29735]
|
|
- remove the FIXME at the end of httpd.conf (obsoleted by the above
|
|
change), and place a strategical comment there about .local files
|
|
- add <IfDefine SSL> container around configuration in ssl template
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 9 12:50:47 CEST 2003 - poeml@suse.de
|
|
|
|
- change comment in sysconfig template to work around a fillup bug
|
|
[#30279]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 8 18:28:12 CEST 2003 - poeml@suse.de
|
|
|
|
- fix wrong variable name in a comment of the sysconfig template
|
|
- update README.QUICKSTART
|
|
- add README.QUICKSTART.SSL
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 8 10:09:53 CEST 2003 - poeml@suse.de
|
|
|
|
- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 5 16:44:07 CEST 2003 - poeml@suse.de
|
|
|
|
- disallow UserDir for user root
|
|
- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as
|
|
they were set on SuSE Linux 8.1
|
|
- add more documentation to README.QUICKSTART, also mentioning what
|
|
might be too obvious: the document root [#29674]
|
|
- in %post, diff to httpd.conf.default only when .rpmnew is present
|
|
- improve message sent on update
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 29 23:22:31 CEST 2003 - poeml@suse.de
|
|
|
|
- improve documentation on configuration
|
|
- compile with -Wall
|
|
- do not obsolete httpddoc, which is provided by apache-doc package
|
|
from apache1
|
|
- add conflict apache2-example-pages <-> apache-example-pages
|
|
- fix building on older distros
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 19 02:19:18 CEST 2003 - poeml@suse.de
|
|
|
|
- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me
|
|
- don't force setting of a DocumentRoot, because the configuration
|
|
of the default vhost already contains it
|
|
- when testing on SL 8.0, the www group has to be created as well
|
|
- when testing on even older systems, don't add buildroot to
|
|
DocumentRoot in default-server.conf
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 15 21:40:46 CEST 2003 - poeml@suse.de
|
|
|
|
- revamped configuration
|
|
- add some CustomLog formats
|
|
- AddDefaultCharset UTF-8 [#22427]
|
|
- add activation metadata to sysconfig template [#28834]
|
|
- default APACHE_MODULES: add mod_ssl, remove mod_status
|
|
- new sysconfig variables: APACHE_USE_CANONICAL_NAME,
|
|
APACHE_DOCUMENT_ROOT
|
|
- get rid of the "suse_" prefix in generated config snippets, and
|
|
place them below /etc/apache2/sysconfig.d/. On update, convert
|
|
the Include statements in httpd.conf for the new locations
|
|
- add /etc/apache2/vhosts.d and virtual host templates
|
|
- the configuration for the manual is now seperate and installed
|
|
together with apache2-doc (conf.d/apache2-manual.conf)
|
|
- add distilled wisdom in form of README.QUICKSTART
|
|
- change group of wwwrun user: nogroup -> www [#21782]
|
|
- proxycachedir and localstatedir should not be world readable
|
|
- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to
|
|
configure the PidFile directive
|
|
- add -fno-strict-aliasing, due to warnings about code where
|
|
dereferencing type-punned pointers will break strict aliasing
|
|
- clean the RPM_BUILD_ROOT, but not in the build system
|
|
- new macros for stop/restart of services on rpm update/removal,
|
|
and improved try-restart section in rc.apache2
|
|
- get rid of "modules" subdir, and remove dead code from
|
|
SuSEconfig.apache2
|
|
- add some tools: get_includes, find_httpd2_includes,
|
|
apache2-reconfigure-mpm
|
|
- rename README.SuSE to README.{SuSE,UnitedLinux}
|
|
- include directories in filelists of MPM subpackages
|
|
- enclose package descriptions of MPMs in %ifdef
|
|
- add a dependency of the MPM subpackages on the version of the
|
|
main package
|
|
- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 28 18:23:28 CEST 2003 - poeml@suse.de
|
|
|
|
- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG,
|
|
and remove the respective directives from httpd.conf.dist
|
|
- merge the ssl.conf.dif and httpd.conf.dif into one patch
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 27 12:22:29 CEST 2003 - poeml@suse.de
|
|
|
|
- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel
|
|
supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES
|
|
(which is unconditionally off, otherwise). Keep
|
|
-D_LARGEFILE_SOURCE since some modules might need it.
|
|
- make sure the package can be built as ordinary user
|
|
- special case mod_auth_mysql since its module_id is reversed
|
|
- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious)
|
|
- don't explicitely strip binaries since RPM handles it, and may
|
|
keep the stripped information somewhere
|
|
- reformat the header of the spec file
|
|
- allow to pass a number-of-jobs parameter into spec file via rpm
|
|
--define 'jobs N'
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 10 16:49:50 CEST 2003 - poeml@suse.de
|
|
|
|
- update to 2.0.47. relevant / user visible changes:
|
|
Security [CAN-2003-0192]: Fixed a bug whereby certain sequences
|
|
of per-directory renegotiations and the SSLCipherSuite
|
|
directive being used to upgrade from a weak ciphersuite to a
|
|
strong one could result in the weak ciphersuite being used in
|
|
place of the strong one.
|
|
Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing
|
|
temporary denial of service when accept() on a rarely accessed
|
|
port returns certain errors.
|
|
Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
|
|
of service when target host is IPv6 but proxy server can't
|
|
create IPv6 socket. Fixed by the reporter.
|
|
Security [VU#379828]: Prevent the server from crashing when entering
|
|
infinite loops. The new LimitInternalRecursion directive
|
|
configures limits of subsequent internal redirects and nested
|
|
subrequests, after which the request will be aborted. PR 19753+
|
|
core:
|
|
core_output_filter: don't split the brigade after a FLUSH
|
|
bucket if it's the last bucket. This prevents creating
|
|
unneccessary empty brigades which may not be destroyed until
|
|
the end of a keepalive connection.
|
|
mod_cgid:
|
|
Eliminate a double-close of a socket. This resolves various
|
|
operational problems in a threaded MPM, since on the second
|
|
attempt to close the socket, the same descriptor was often
|
|
already in use by another thread for another purpose.
|
|
mod_negotiation:
|
|
Introduce "prefer-language" environment variable, which allows
|
|
to influence the negotiation process on request basis to prefer
|
|
a certain language.
|
|
mod_expire:
|
|
Make ExpiresByType directive work properly, including for
|
|
dynamically-generated documents.
|
|
- apr bugfixes
|
|
- more fixes of deprecated head/tail -1 calls
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 28 20:40:24 CEST 2003 - poeml@suse.de
|
|
|
|
- update to 2.0.46. relevant / user visible changes:
|
|
Security [CAN-2003-0245]: Fixed a bug that could be triggered
|
|
remotely through mod_dav
|
|
Security [CAN-2003-0189]: Fixed a denial-of-service
|
|
vulnerability affecting basic authentication
|
|
Security: forward port of buffer overflow fixes for htdigest.
|
|
mod_ssl:
|
|
- SSL session caching(shmht) : Fix a SEGV problem with SHMHT
|
|
session caching.
|
|
mod_deflate:
|
|
- Add another check for already compressed content
|
|
- Check also err_headers_out for an already set
|
|
Content-Encoding: gzip header. This prevents gzip compressed
|
|
content from a CGI script from being compressed once more.
|
|
mod_mime_magic:
|
|
- If mod_mime_magic does not know the content-type, do not
|
|
attempt to guess.
|
|
mod_rewrite:
|
|
- Fix handling of absolute URIs.
|
|
mod_log_config:
|
|
- Add the ability to log the id of the thread processing the
|
|
request via new %P formats.
|
|
mod_auth_ldap:
|
|
- Use generic whitespace character class when parsing "require"
|
|
directives, instead of literal spaces only.
|
|
mod_proxy:
|
|
- Fixed a segfault when multiple ProxyBlock directives were used.
|
|
- Added AllowEncodedSlashes directive to permit control of
|
|
whether the server will accept encoded slashes ('%2f') in the
|
|
URI path. Default condition is off (the historical behaviour).
|
|
- If Apache is started as root and you code CoreDumpDirectory,
|
|
coredumps are enabled via the prctl() syscall.
|
|
- htpasswd: Check the processed file on validity; add a delete flag.
|
|
- httpd-2.0.45-libtool-1.5.dif is obsolete
|
|
- mark suse_include.conf as %ghost
|
|
- note the rebirth of the httpd and apachectl man pages (thanks to
|
|
RPMv4 :)
|
|
- let the module RPM packages only depend on the _major_ module
|
|
magic number, not on the minor
|
|
- fix some paths in config_vars.mk, which facilitates building of
|
|
certain modules
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 14 14:12:56 CEST 2003 - poeml@suse.de
|
|
|
|
- use mmap() via MAP_ANON as shared memory allocation method, to
|
|
prevent restart problems with stale (or in use) files that are
|
|
associated with shared memory
|
|
- package forgotten files, and remove hack in %clean
|
|
- remove files from the build root that are not packaged
|
|
- remove suse_include.conf from filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 9 14:47:54 CEST 2003 - poeml@suse.de
|
|
|
|
- update to 2.0.45. relevant / user visible changes:
|
|
Security: Eliminated leaks of several file descriptors to
|
|
child processes, such as CGI scripts. This fix depends on the
|
|
latest APR library release 0.9.2, which is distributed with the
|
|
httpd source tarball for Apache 2.0.45. PR 17206
|
|
Security [CAN-2003-0132]: Close a Denial of Service
|
|
vulnerability identified by David Endler <DEndler@iDefense.com>
|
|
on all platforms.
|
|
General:
|
|
- Fix segfault which occurred when a section in an included
|
|
configuration file was not closed. PR 17093.
|
|
- Fix a nasty segfault in mmap_bucket_setaside() caused by
|
|
passing an incompatible pointer type to mmap_bucket_destroy(void*).
|
|
- prevent filters (such as mod_deflate) from adding garbage to
|
|
the response. PR 14451.
|
|
- Simpler, faster code path for request header scanning
|
|
- Try to log an error if a piped log program fails. Try to
|
|
restart a piped log program in more failure situations.
|
|
- Fix bug where 'Satisfy Any' without an AuthType lost all MIME
|
|
information (and more). Related to PR 9076.
|
|
- Fix If header parsing when a non-mod_dav lock token is passed to it.
|
|
- Fix apxs to insert LoadModule directives only outside of
|
|
sections.
|
|
- apxs: Include any special APR ld flags when linking the DSO.
|
|
suexec: Be more pedantic when cleaning environment. Clean it
|
|
immediately after startup. PR 2790, 10449. Use saner default
|
|
config values for suexec. PR 15713.
|
|
mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
|
|
be started on Unix because of such problems as bad permissions,
|
|
bad shebang line, etc. Fix possible segfaults under obscure
|
|
error conditions within the cgid daemon.
|
|
mod_deflate:
|
|
- you can now specify the compression level.
|
|
- Extend the DeflateFilterNote directive to allow accurate
|
|
logging of the filter's in- and outstream.
|
|
- Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
|
|
mod_ssl:
|
|
Allow SSLMutex to select/use the full range of APR locking
|
|
mechanisms available to it. Also, fix the bug that SSLMutex
|
|
uses APR_LOCK_DEFAULT no matter what. PR 8122
|
|
mod_autoindex no longer forgets output format and enabled version
|
|
sort in linked column headers.
|
|
mod_rewrite:
|
|
- Prevent endless loops of internal redirects in mod_rewrite by
|
|
aborting after exceeding a limit of internal redirects. The
|
|
limit defaults to 10 and can be changed using the
|
|
RewriteOptions directive. PR 17462.
|
|
- Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
|
|
(or SymlinksIfOwnermatch) is set. PR 12395.
|
|
mod_ldap:
|
|
- Updated mod_ldap and mod_auth_ldap to support the Novell LDAP
|
|
SDK SSL and standardized the LDAP SSL support across the
|
|
various LDAP SDKs. Isolated the SSL functionality to
|
|
mod_ldap rather than speading it across mod_auth_ldap and
|
|
mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType
|
|
directives to mod_ldap to allow for a more common method of
|
|
specifying the SSL certificate.
|
|
- fix fault when caching was disabled, and some memory leaks
|
|
- Fix mod_ldap to open an existing shared memory file should
|
|
one already exist. PR 12757.
|
|
- Added character set support to mod_auth_LDAP to allow it to
|
|
convert extended characters used in the user ID to UTF-8
|
|
before authenticating against the LDAP directory. The new
|
|
directive AuthLDAPCharsetConfig is used to specify the config
|
|
file that contains the character set conversion table.
|
|
mod_ssl:
|
|
- Fixed mod_ssl's SSLCertificateChain initialization to no
|
|
longer skip the first cert of the chain by default. This
|
|
misbehavior was introduced in 2.0.34. PR 14560
|
|
- Fix 64-bit problem in mod_ssl input logic.
|
|
mod_proxy:
|
|
- Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
|
|
mod_rewrite proxied URLs will not be escaped accidentally by
|
|
mod_proxy's fixup. PR 16368
|
|
- Don't remove the Content-Length from responses in mod_proxy PR: 8677
|
|
mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
|
|
not specified. Now it assumes "/" as already documented. PR 16937.
|
|
mod_file_cache: fix segfaults
|
|
- improve the start/restart section of the init script, and add a
|
|
ssl_scache_cleanup script
|
|
- understand a syntax like -DSTATUS, as described in the sysconfig
|
|
file help text (bug noted in #25404]
|
|
- don't package the *.exp files, as they are needed only on AIX
|
|
- fix filelist for usage of %dir for files
|
|
- fix the cosmetical but irritating "Inappropriate ioctl for
|
|
device" error message, when rcapache2 is called from within YaST
|
|
- remove the unused /etc/apache2/modules directory from the package
|
|
- remove the now unused --enable-experimental-libtool
|
|
- fix to build with libtool-1.5
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 9 02:00:20 CEST 2003 - ro@suse.de
|
|
|
|
- fix deprecated head/tail call syntax "-1"
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 17 11:59:36 CET 2003 - kukuk@suse.de
|
|
|
|
- Remove suse_help_viewer from provides [Bug #25436]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 13 12:54:59 CET 2003 - poeml@suse.de
|
|
|
|
- security fix: do not write the startup log file to a world
|
|
writable directory, reversing the change of Jan 23 (wasn't in any
|
|
released package) [#25239]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 10 17:36:00 CET 2003 - poeml@suse.de
|
|
|
|
- change permissions of /var/log/apache2 from wwwrun:root mode 770
|
|
to root:root mode 750 [#24951]
|
|
- fix wrong list() in sysconfig.apache2 [#24719], and add a missing
|
|
default value
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 3 17:41:56 CET 2003 - kukuk@suse.de
|
|
|
|
- Remove ghost entry for pid file [Bug #24566]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 27 14:43:01 CET 2003 - poeml@suse.de
|
|
|
|
- use the official MIME types, which are more complete [#23988]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 24 18:17:02 CET 2003 - poeml@suse.de
|
|
|
|
- don't include log files into the package, and don't touch them in
|
|
%post; it's not needed
|
|
- fix comment in httpd.conf talking about SuSEconfig
|
|
- adjust some variable types in the sysconfig template
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 18 11:39:18 CET 2003 - poeml@suse.de
|
|
|
|
- apache2 Makefiles do support DESTDIR now, so let's use that
|
|
instead of the explicit paths (fixes a wrong path in
|
|
config_vars.mk [#23699]). Some files (*.exp, libapr*) are
|
|
automatically installed in the right location now.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 14 16:39:40 CET 2003 - poeml@suse.de
|
|
|
|
- fix configuration script to find apache modules on 64 bit archs
|
|
- mark ssl.conf (noreplace)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 10 18:35:15 CET 2003 - poeml@suse.de
|
|
|
|
- add mod_ldap, mod_auth_ldap, but link only them against the LDAP
|
|
libs. Likewise, do not link everything against ssl libs. This way
|
|
we can avoid RPM package (and build) requirements on a lot of
|
|
libs for subversion and other packages that build on apache.
|
|
- move more code from SuSEconfig into rcapache2 (actually into
|
|
support scripts below /usr/share/apache2/, so apache2 can be
|
|
configured without starting it)
|
|
- improve full-server-status once again
|
|
- remove suse_loadmodule.conf from filelist
|
|
- remove obsolete README.modules
|
|
- rename LOADMODULES -> APACHE_MODULES
|
|
- add APACHE_BUFFERED_LOGS
|
|
- update README.SuSE
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 28 13:32:04 CET 2003 - poeml@suse.de
|
|
|
|
- rc.apache2
|
|
- add extreme-configtest (trying to run server as nobody, which
|
|
detects _all_ config errors)
|
|
- evaluate LOADMODULES from sysconfig.apache2 on-the-fly from
|
|
rcapache2 instead of SuSEconfig
|
|
- when restarting, do something useful instead of 'sleep 3': wait
|
|
just as long until the server has terminated all children
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 26 21:27:31 CET 2003 - poeml@suse.de
|
|
|
|
- build mod_logio, mod_case_filter, mod_case_filter_in
|
|
- rename apr subpackage to libapr0 (the library is called libapr-0
|
|
meanwhile). add compatibility links named (libapr{,util}.so.0)
|
|
- configure SSL session caching with shm circular buffer
|
|
SSLSessionCache shm:/var/lib/httpd/ssl_scache
|
|
SSLSessionCacheTimeout 600
|
|
SSLMutex sem
|
|
- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing
|
|
- strip objects
|
|
- rename gensslcert2 to gensslcert
|
|
- show a list all available modules in /etc/sysconfig/apache2
|
|
- nicer output of apache2ctl
|
|
- reorder Requires
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 23 12:05:59 CET 2003 - poeml@suse.de
|
|
|
|
- update to 2.0.44
|
|
- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif
|
|
- the apachectl and httpd man pages have been dropped upstreams
|
|
- add robots.txt to the example-pages subpackage that blocks spiders
|
|
- disable the perchild MPM
|
|
- disable httpd-2.0.36-64bit.dif
|
|
- rename apachectl2 to apache2ctl
|
|
- write the startup log to /var/tmp instead of /var/log/apache2
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 12 22:52:50 CET 2003 - poeml@suse.de
|
|
|
|
- fix last fix (rpm macro before hash wasn't expanded)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 10 02:35:58 CET 2003 - poeml@suse.de
|
|
|
|
- fix lib64 path in SuSEconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 3 23:01:14 CET 2003 - poeml@suse.de
|
|
|
|
- fix typo in spec file, preventing replacement of @userdir@ in
|
|
httpd.conf-std.in
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 18 15:11:53 CET 2002 - poeml@suse.de
|
|
|
|
- sysconfig.apache2:
|
|
- add APACHE_SERVER_FLAGS variable
|
|
- change default: APACHE_SERVERSIGNATURE=on to match apache deflt
|
|
- add APACHE_CONF_INCLUDE_DIRS
|
|
- drop bogus APACHE_ACCESS_SERVERINFO variable
|
|
- adapt to our new sysconfig template
|
|
- SuSEconfig.apache2:
|
|
- understand LOADMODULES also if it is not an array [#21816]
|
|
- be very flexible with regard to LOADMODULE input (e.g., say
|
|
mod_php4 and it will find libphp4.so with ID php4_module)
|
|
- also ignore *,v files
|
|
- include APACHE_CONF_INCLUDE_DIRS
|
|
- dump some files: suse_define.conf (not needed) & suse_text.conf
|
|
(too much overhead)
|
|
- rc.apache2:
|
|
- implement most of apachectl's commands (graceful, configtest)
|
|
- use server_flags from sysconfig.apache2
|
|
- pass server flags like -DSTATUS from the command line through
|
|
to httpd2
|
|
- add commmands to show the server status
|
|
- don't quit silently when no apache MPM is installed
|
|
- handle ServerSignature and other stuff on the command line
|
|
(save modifications to httpd.conf)
|
|
- fix the /manual Alias that points to the documentation
|
|
- configure /cgi-bin for cgi execution
|
|
- configure /home/*/public_html for mod_userdir -- if it is loaded
|
|
- configure internationalized error responses
|
|
- fix apachectl2
|
|
- add /etc/apache2/{,modules} to the filelist
|
|
- add /etc/apache2/conf.d as drop-in directory for packages
|
|
- hard code some more default paths into the executable
|
|
- finally, run a test!
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 5 13:55:06 CET 2002 - poeml@suse.de
|
|
|
|
- move ap{r,u}-config* into the apr package, as well
|
|
- add generic ap{r,u}-config
|
|
- add %includedir to filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 5 00:26:22 CET 2002 - poeml@suse.de
|
|
|
|
- more checks and warnings to SuSEconfig.apache2
|
|
- shift APR files into the the apr package
|
|
- try 1.136 revision of perchild.c
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 3 16:27:35 CET 2002 - poeml@suse.de
|
|
|
|
- add forgotten ssl.conf to the filelist (thanks, Robert)
|
|
- add httpd-2.0.43-mod_ssl-memory-leak.dif
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 14 19:34:38 CEST 2002 - poeml@suse.de
|
|
|
|
- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE:
|
|
CAN-2002-0840)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 7 09:39:45 CEST 2002 - poeml@suse.de
|
|
|
|
- do not append a '2' suffix to the scripts included with the
|
|
documentation
|
|
- move error, icons and manual dir to /usr/share/apache2
|
|
- fix nested array in SuSEconfig.apache2
|
|
- let SuSEconfig pick one MPM that is installed. Do not default to
|
|
"worker". [#20724]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 3 14:50:20 CEST 2002 - poeml@suse.de
|
|
|
|
- update to 2.0.42 (primarily a bug-fix release, including updates
|
|
to the experimental caching module, the removal of several memory
|
|
leaks, and fixes for several segfaults, one of which could have
|
|
been used as a denial-of-service against mod_dav (VU#406121).)
|
|
- increase flexibility of the spec file: build any set of MPMs,
|
|
depending on RPM %defines. Improve the mechanism that merges the
|
|
modules so it works with any number of MPMs.
|
|
- use a "Server:" header that fits the product apache is built for
|
|
- add an RPM dependency on the module magic number to the MPM
|
|
subpackages
|
|
- build the "leader/follower" MPM. On i686, enable nonportable but
|
|
faster atomics for it.
|
|
- use filelists for more flexibility. APRVARS ceased to exist.
|
|
Don't add README* twice.
|
|
- perchild: use AcceptMutex fcntl to prevent permission conflict as
|
|
suggested in Apache Bugzilla #7921
|
|
- remove mod_rewrite and mod_proxy from the default modules
|
|
- build the mod_auth_digest module
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 9 15:30:34 CEST 2002 - poeml@suse.de
|
|
|
|
- add patch that changes PLATFORM (as seen in the HTTP Server
|
|
header) from "Unix" to "SuSE/Linux" [#18543]
|
|
- add README.SuSE, explaining how to build modules with apxs2
|
|
- fixed some paths in README.modules, put it into docdir and mark
|
|
it as %doc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 28 16:39:59 CEST 2002 - poeml@suse.de
|
|
|
|
- new package, now building all three MPMs and putting all specific
|
|
modules in specific directories. Branch a subpackage for each
|
|
MPM, containing the server and MPM-specific modules.
|
|
- branch apr package off, so apache2 doesn't need to be installed
|
|
to have the libs. (apr is not released yet, that's why we build
|
|
it here)
|
|
- allow coexistence of apache1 by using directories named apache2
|
|
or suffixed with "2"
|
|
- allow building modules via apxs2 (for all server MPMs) --- or via
|
|
apxs2-{worker,perchild,prefork} for a specific server MPM
|
|
- add permissions.apache2 setting /usr/sbin/suexec2 to 4755
|
|
- rewrite SuSEconfig.apache2 for apache 2.
|
|
- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in
|
|
mod_proxy when given an invalid URL
|
|
- branch apache2-example-pages off (docroot contents)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 16:43:37 CEST 2002 - poeml@suse.de
|
|
|
|
- actually use the new SuSE81 layout, and add SuSE81_64 layout
|
|
- cleaned up httpd-2.0.36-conf.dif
|
|
- fixed comment in SuSEconfig.apache
|
|
- drop SuSEconfig subpackage
|
|
- split main package and -devel package in three packages, one for
|
|
each MPM...
|
|
apache2 -> apache2-{worker,perchild,prefork}
|
|
apache2-devel -> apache2-{worker,perchild,prefork}-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 12 17:47:08 CEST 2002 - poeml@suse.de
|
|
|
|
- bugfix update to 2.0.40
|
|
- fix Requires of -devel subpackage
|
|
- add variable to sysconfig.apache to switch off SuSEconfig.apache
|
|
- add new layout SUSE81 to config.layout due to the moved server
|
|
root (so the old SuSE6.1 can be kept for building on older
|
|
distributions)
|
|
- one of the lib64 path fixes could be removed, now included
|
|
upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 7 18:47:33 CEST 2002 - poeml@suse.de
|
|
|
|
- put PreReq in an if-statement to allow building on older distris
|
|
- relax the Requires
|
|
- the apache_mmn macro had to be moved down in the spec file to be
|
|
evaluated
|
|
- libmm is not needed for building (and it is not threadsafe)
|
|
- fix config.layout for the moved server root
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 2 23:44:31 CEST 2002 - poeml@suse.de
|
|
|
|
- fix libdir in config.layout for lib64
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 2 12:22:33 CEST 2002 - poeml@suse.de
|
|
|
|
- fix RPM Requires
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 1 17:50:53 CEST 2002 - poeml@suse.de
|
|
|
|
- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www
|
|
- drop obsolete README.SuSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 1 01:01:32 CEST 2002 - poeml@suse.de
|
|
|
|
- spec file: use PreReq
|
|
- don't delete SuSEconfig's md5 files in %post, that's no good
|
|
- add apache.logrotate
|
|
- provide the magic module number as executable script
|
|
(/usr/lib/apache/MMN) and as RPM Provides, indicating API changes
|
|
- mark httpd.conf noreplace
|
|
- fix installbuilddir in config.layout, needed for apxs
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 14 15:27:24 CEST 2002 - poeml@suse.de
|
|
|
|
- update to 2.0.39
|
|
- drop obsolete moduledir and apxs patches
|
|
- rc.apache INIT section: use X-UnitedLinux-Should-Start
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 3 01:53:35 CEST 2002 - ro@suse.de
|
|
|
|
- rename to "apache2" again
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 11 17:02:47 CEST 2002 - ro@suse.de
|
|
|
|
- get apxs to work:
|
|
include needed files in devel package
|
|
adapt some pathes in apxs
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 29 18:16:00 CEST 2002 - poeml@suse.de
|
|
|
|
- update to 2.0.36
|
|
- drop mod_ssl subpackage; mod_ssl is part of the apache bsae
|
|
distribution now
|
|
- RPM can be built as user now
|
|
- SuSEconfig.apache: understand relative and absolute pathnames
|
|
- disable experimental auth_digest_module
|
|
|