rpm/apache2
SHA256
1
0
Fork 0
forked from pool/apache2
Code Pull Requests Activity

Accepting request 532105 from Apache

Browse Source 
- updated to 2.4.28:
  *) SECURITY: CVE-2017-9798 (cve.mitre.org)
     Corrupted or freed memory access. <Limit[Except]> must now be used in the
     main configuration file (httpd.conf) to register HTTP methods before the
     .htaccess files.  [Yann Ylavic]
  *) event: Avoid possible blocking in the listener thread when shutting down
     connections. PR 60956.  [Yann Ylavic]
  *) mod_speling: Don't embed referer data in a link in error page.
     PR 38923 [Nick Kew]
  *) htdigest: prevent a buffer overflow when a string exceeds the allowed max
     length in a password file.
     [Luca Toscano, Hanno Böck <hanno hboeck de>]
  *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
     [Jim Jagielski]
  *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
     PR 61142.
  *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
     down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
     's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
  *) mod_http2: Fix for stalling when more than 32KB are written to a
     suspended stream.  [Stefan Eissing]
  *) build: allow configuration without APR sources.  [Jacob Champion]
  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
     [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
      Yann Ylavic]
  *) core/log: Support use of optional "tag" in syslog entries.
     PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski]
  *) mod_proxy: Fix ProxyAddHeaders merging.  [Joe Orton]
  *) core: Disallow multiple Listen on the same IP:port when listener buckets
     are configured (ListenCoresBucketsRatio > 0), consistently with the single

OBS-URL: https://build.opensuse.org/request/show/532105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=136
This commit is contained in:
Dominique Leuenberger 2017-10-10 09:37:47 +00:00 committed by Git OBS Bridge
commit 06a8f464b4
10 changed files with 278 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apache-22-24-upgrade
View File

@ -1,22 +0,0 @@
#!/bin/bash
# obsolete 2.2 modules -> 2.4 modules
for module in mod_authn_default mod_authz_default mod_mem_cache authz_default authn_default mem_cache; do
if a2enmod -q "$module"; then
echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!"
a2dismod "$module"
fi
done
if ! a2enmod -q authn_core; then
a2enmod authn_core
fi
if ! a2enmod -q authz_core; then
a2enmod authz_core
fi
if ! a2enmod -q log_config; then
a2enmod log_config
fi

84
apache2-init.logrotate Normal file
View File

@ -0,0 +1,84 @@
/var/log/apache2/access_log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 644 root root
prerotate
/etc/init.d/apache2 check-reload
endscript
postrotate
/etc/init.d/apache2 reload
endscript
}
/var/log/apache2/error_log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 644 root root
prerotate
/etc/init.d/apache2 check-reload
endscript
postrotate
/etc/init.d/apache2 reload
endscript
}
/var/log/apache2/suexec.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 644 root root
prerotate
/etc/init.d/apache2 check-reload
endscript
postrotate
/etc/init.d/apache2 reload
endscript
}
/var/log/apache2/ssl_request_log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 644 root root
prerotate
/etc/init.d/apache2 check-reload
endscript
postrotate
/etc/init.d/apache2 reload
endscript
}
/var/log/apache2/ssl_engine_log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 644 root root
prerotate
/etc/init.d/apache2 check-reload
endscript
postrotate
/etc/init.d/apache2 reload
endscript
}

57
apache2.changes
View File

@ -1,3 +1,60 @@
-------------------------------------------------------------------
Fri Oct 6 07:45:55 UTC 2017 - pgajdos@suse.com
- updated to 2.4.28:
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except]> must now be used in the
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files. [Yann Ylavic]
*) event: Avoid possible blocking in the listener thread when shutting down
connections. PR 60956. [Yann Ylavic]
*) mod_speling: Don't embed referer data in a link in error page.
PR 38923 [Nick Kew]
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
[Luca Toscano, Hanno Böck <hanno hboeck de>]
*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
[Jim Jagielski]
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
PR 61142.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream. [Stefan Eissing]
*) build: allow configuration without APR sources. [Jacob Champion]
*) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184.
[Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
Yann Ylavic]
*) core/log: Support use of optional "tag" in syslog entries.
PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski]
*) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton]
*) core: Disallow multiple Listen on the same IP:port when listener buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the single
bucket case (default), thus avoiding the leak of the corresponding socket
descriptors on graceful restart. [Yann Ylavic]
*) event: Avoid listener periodic wake ups by using the pollset wake-ability
when available. PR 57399. [Yann Ylavic, Luca Toscano]
*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
led to spurious HTTP 502 error messages sent on upgrade connections.
PR 61283. [Yann Ylavic]
-------------------------------------------------------------------
Thu Oct 5 12:57:56 UTC 2017 - pgajdos@suse.com
- suexec binary moved to main package [bsc#1054741]
-------------------------------------------------------------------
Tue Oct 3 16:13:13 UTC 2017 - pgajdos@suse.com
- do not call and do not ship apache-22-24-upgrade [bsc#1042037]
-------------------------------------------------------------------
Mon Jul 24 15:25:09 UTC 2017 - schneemann@b1-systems.de
- make the package runable on non systemd systems
+ deprecated-scripts-arch.patch
-------------------------------------------------------------------
Mon Jul 17 09:30:36 UTC 2017 - pgajdos@suse.com

43
apache2.spec
View File

@ -53,7 +53,7 @@
%define mods_static unixd
%endif
Name: apache2
Version: 2.4.27
Version: 2.4.28
Release: 0
Summary: The Apache Web Server Version 2.4
License: Apache-2.0
@ -107,7 +107,6 @@ Source119: apache2-protocols.conf
Source130: apache2-vhost.template
Source131: apache2-vhost-ssl.template
Source140: apache2-check_forensic
Source141: apache-22-24-upgrade
Source142: start_apache2
Source143: apache2-systemd-ask-pass
Source144: apache2.service
@ -115,6 +114,7 @@ Source145: apache2-find-directives
Source146: apache2@.service
Source147: apache2-script-helpers
Source148: apache2.target
Source149: %{name}-init.logrotate
Patch2: httpd-2.1.3alpha-layout.dif
Patch23: httpd-apachectl.patch
Patch66: httpd-2.0.54-envvars.dif
@ -127,6 +127,7 @@ Patch109: httpd-2.4.3-mod_systemd.patch
Patch111: httpd-visibility.patch
# PATCH-FEATURE-UPSTREAM kstreitova@suse.com -- backport of HttpContentLengthHeadZero and HttpExpectStrict
Patch115: httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
Patch116: deprecated-scripts-arch.patch
BuildRequires: apache-rpm-macros-control
BuildRequires: apr-util-devel
BuildRequires: automake
@ -315,6 +316,9 @@ to administrators of web servers in general.
%endif
%patch111 -p1
%patch115 -p1
%if 0%{?suse_version} == 1110
%patch116 -p1
%endif
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
# install READMEs
a=$(basename %{SOURCE22})
@ -523,6 +527,9 @@ install -m 755 support/split-logfile %{buildroot}/%{_bindir}/
install -m 755 support/logresolve.pl %{buildroot}/%{_sbindir}/
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%if 0%{?suse_version} == 1110
install -m 644 $RPM_SOURCE_DIR/%{name}-init.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
%endif
install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic %{buildroot}/%{_bindir}/check_forensic
install -m 755 $RPM_SOURCE_DIR/apache2-find-directives %{buildroot}/%{_bindir}/
#
@ -533,6 +540,7 @@ tar xjf %{SOURCE29} -C %{buildroot}/%{sysconfdir}
# init script and friends
install -m 644 $RPM_SOURCE_DIR/apache2-script-helpers %{buildroot}/%{_datadir}/%{name}/script-helpers
install -m 744 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/
cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/
%if 0%{?suse_version} >= 1210
mkdir -p %{buildroot}%{_unitdir}/
install -m 700 $RPM_SOURCE_DIR/apache2-systemd-ask-pass %{buildroot}%{_sbindir}/
@ -542,11 +550,19 @@ install -m 644 $RPM_SOURCE_DIR/apache2.target %{buildroot}%{_unitdir}/
ln -sf service %{buildroot}/%{_sbindir}/rcapache2
%else
mkdir -p %{buildroot}%{_sysconfdir}/init.d
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/sysconfig.d
install -m 744 $RPM_SOURCE_DIR/rc.%{name} %{buildroot}%{_initddir}/%{name}
ln -sf ../..%{_initddir}/%{name} %{buildroot}/%{_sbindir}/rcapache2
for file in find_mpm \
get_includes \
get_module_list \
load_configuration
do
ln -sf deprecated-scripts/$file %{buildroot}/%{_datadir}/%{name}/$file
chmod +x %{buildroot}/%{_datadir}/%{name}/$file
done
%endif
cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir}
ln -s a2enflag %{buildroot}/%{_sbindir}/a2disflag
@ -769,6 +785,8 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_mandir}/man?/httpd2.?.*
%{_mandir}/man?/apxs.?.*
%{_mandir}/man?/apxs2.?.*
%{_mandir}/man?/suexec.?.*
%{_mandir}/man?/suexec2.?.*
%doc robots.txt
%doc printenv
%doc test-cgi
@ -799,6 +817,7 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_sbindir}/apache2-systemd-ask-pass
%else
%{_initddir}/%{name}
%dir %{_sysconfdir}/%{name}/sysconfig.d
%endif
%{_sbindir}/rcapache2
%{_sbindir}/apachectl
@ -813,6 +832,8 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_sbindir}/start_apache2
%{_bindir}/log_server_status
%{_bindir}/log_server_status2
%verify(not mode) %attr(0755,root,root) %{_sbindir}/suexec
%{_sbindir}/suexec2
%{iconsdir}
%{errordir}
%{_var}/adm/fillup-templates/sysconfig.%{name}
@ -821,12 +842,17 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_libdir}/%{name}/mod_*.so
%dir %{installbuilddir}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/apache-22-24-upgrade
%{_datadir}/%{name}/deprecated-scripts
%{_datadir}/%{name}/script-helpers
%{_datadir}/%{name}/sysconf_addword
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
%if 0%{?suse_version} == 1110
/usr/share/apache2/find_mpm
/usr/share/apache2/get_includes
/usr/share/apache2/get_module_list
/usr/share/apache2/load_configuration
%endif
%if %{prefork}
%files prefork
@ -1243,8 +1269,6 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_mandir}/man?/logresolve2.?.*
%{_mandir}/man?/rotatelogs.?.*
%{_mandir}/man?/rotatelogs2.?.*
%{_mandir}/man?/suexec.?.*
%{_mandir}/man?/suexec2.?.*
%{_sbindir}/fcgistarter
%{_mandir}/man8/fcgistarter.8.*
%{_bindir}/check_forensic
@ -1270,8 +1294,6 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_bindir}/logresolve2
%{_sbindir}/rotatelogs
%{_sbindir}/rotatelogs2
%verify(not mode) %attr(0755,root,root) %{_sbindir}/suexec
%{_sbindir}/suexec2
%if %{prefork}
#
@ -1421,10 +1443,9 @@ fi
exit 0
%posttrans
%{_datadir}/%{name}/apache-22-24-upgrade
%apache_restart_if_needed
%verifyscript
%verify_permissions -e %{_sbindir}/suexec
%apache_restart_if_needed
%changelog

85
deprecated-scripts-arch.patch Normal file
View File

@ -0,0 +1,85 @@
---
deprecated-scripts/get_module_list | 56 +++++++++++++++++++------------------
1 file changed, 30 insertions(+), 26 deletions(-)
Index: httpd-2.4.27/deprecated-scripts/get_module_list
===================================================================
--- httpd-2.4.27.orig/deprecated-scripts/get_module_list
+++ httpd-2.4.27/deprecated-scripts/get_module_list
@@ -4,6 +4,10 @@ pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs
+modpath=/usr/lib
+if [ `/bin/arch` == "x86_64" ]; then
+ modpath=/usr/lib64
+fi
test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration
apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
@@ -61,26 +65,26 @@ for i in ${APACHE_MODULES[*]}; do
module_path=$i
;;
*)
- for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \
- /usr/lib/$pname-$APACHE_MPM/$i.so \
- /usr/lib/$pname-$APACHE_MPM/mod_$i \
- /usr/lib/$pname-$APACHE_MPM/$i \
- /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \
- /usr/lib/$pname-$APACHE_MPM/${i/mod_} \
- /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \
- /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \
- /usr/lib/$pname-$APACHE_MPM/lib$i.so \
- /usr/lib/$pname-$APACHE_MPM/lib$i \
- /usr/lib/$pname/mod_$i.so \
- /usr/lib/$pname/$i.so \
- /usr/lib/$pname/mod_$i \
- /usr/lib/$pname/$i \
- /usr/lib/$pname/${i/mod_}.so \
- /usr/lib/$pname/${i/mod_} \
- /usr/lib/$pname/lib${i/mod_}.so \
- /usr/lib/$pname/lib${i/mod_} \
- /usr/lib/$pname/lib$i.so \
- /usr/lib/$pname/lib$i
+ for j in $modpath/$pname-$APACHE_MPM/mod_$i.so \
+ $modpath/$pname-$APACHE_MPM/$i.so \
+ $modpath/$pname-$APACHE_MPM/mod_$i \
+ $modpath/$pname-$APACHE_MPM/$i \
+ $modpath/$pname-$APACHE_MPM/${i/mod_}.so \
+ $modpath/$pname-$APACHE_MPM/${i/mod_} \
+ $modpath/$pname-$APACHE_MPM/lib${i/mod_}.so \
+ $modpath/$pname-$APACHE_MPM/lib${i/mod_} \
+ $modpath/$pname-$APACHE_MPM/lib$i.so \
+ $modpath/$pname-$APACHE_MPM/lib$i \
+ $modpath/$pname/mod_$i.so \
+ $modpath/$pname/$i.so \
+ $modpath/$pname/mod_$i \
+ $modpath/$pname/$i \
+ $modpath/$pname/${i/mod_}.so \
+ $modpath/$pname/${i/mod_} \
+ $modpath/$pname/lib${i/mod_}.so \
+ $modpath/$pname/lib${i/mod_} \
+ $modpath/$pname/lib$i.so \
+ $modpath/$pname/lib$i
do
if [ -f $j ]; then
module_path=$j
@@ -105,12 +109,12 @@ done
echo >&3 -e "#\n"
exec 3<&-
chmod 644 $TMPFILE
-if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then
- mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf
- if selinuxenabled; then
- restorecon $sysconfdir/sysconfig.d/loadmodule.conf
- fi
-fi
+if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then
+ mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf
+# if selinuxenabled; then
+# restorecon $sysconfdir/sysconfig.d/loadmodule.conf
+# fi
+fi
#echo -n ". "

3
httpd-2.4.27.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
size 6527394

16
httpd-2.4.27.tar.bz2.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIVAwUAWV51rTTqduZ5FIWoAQpSYQ//dq6ZWySYFWcTvHW3dgvgrKHZYyrX+Sd1
tk4lprsTEBIcx3DnCGp6DUJ5vpTW20biPjMfOqRgjX3YEJvzyPasebiSPlsb3Kfm
AMSkRhd73rjzrJ34qsN9JBeenupUxcDWPjJxaXB1miys4S1GXgb9gH9lkVpq9w5I
hXsyP9xh5y7ZWguaNmKpezmLK+D90pglhD+/6D7nR9r1MVCyVL/30ARAsryaevjA
cGbDm0ZJ2SjWD9oCY7vVIYFTyTx6tTg0+vHsOsAyKyq82wEVr8NvNwzdWv2KygOB
vx+vpJC6o1Lz5WaU7vVDndZJzJAZq9S1yH/D0mkQ35qTUDEB/4qGvChWnEvqCoeq
sLQA2111fot/PpgiWFFpx47gZrytkG6vqE6YnDr5zYT2IYCsq4saCAxj5uIahios
D70kE4RHyUN7ohAYMbCLqyCN/2IIIrFPzXDUOS3j7HkTM3j9ZtltlMtaQeFOo+u3
uYsDxbKhlTFparj2wDFf8wl+M2/0sfeVzFNkUkVzYhnHQQ4ydaCVIk+CEhvCD/FZ
oXRNALOnCkmMOK9pptaIe/Y/kmlAPGK2OLAjEuQsYI16SGv81FYmr3Cd/5lK80IJ
IrLK7CP5jgoBhFzmbC2VfoCsEiewOD9bOggFMDiAewlVxF5007aK1acQdoMueN/s
rB0+dG7ENno=
=9qyb
-----END PGP SIGNATURE-----

3
httpd-2.4.28.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666
size 6553163

16
httpd-2.4.28.tar.bz2.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIVAwUAWcjw5zTqduZ5FIWoAQr5EQ/7BXT4HjCD3eUJK9OymmpchCYZL1l4uZNy
4oywYvn5THhWy4i9+sOxgju4LFQJCUlu/Cmqeh5bZgZIfdCAnxNANiNmtIaL0gum
in0ZmLYeiJHLT1qkUYUhmUgRXoUTG5GBeHEhKaQUG36aywYlJK/OVRxEA/tqaLPX
SyaUCHao98E0UjarDvSLwpH1/7KAA8GyknEaZnTXhnyFboEFGRiI2xpkeRM8NhNh
ASIq0YfndBlneG4uHlsPoWLcFp5HttQ9YdpBo39sbSVLKFlUg9XYK/3n0mh3Xx5Z
xowVOs2/5gP2sPjmC92ycx3LRlwK7ygw1/Dx/dImuhTtTAL7OG6i1/qFNY1utNCh
LAddU/on5YQz5beV1LjZip9ef4yBikqBsRUtyu/fQG+EqiszzpxxHf+JfaWXl+hu
NoFIALVtSEBf8LHT0cvIRWY3Id05nYDpknGiuNxuDIpYc4qdY7yDOa6lPeS3kGzC
iPFh63B6nhzNudNWCT0YH2mLKGs6szDM4Hwh13Kotva3vus7UWv4O8jFAiSPvO8h
aNpfy2IMcvjuXBu4oWbuu/X6l0FLZo/LKGzvUDZiG62Z1RCH/zg9f5OiBVIlEIWM
INe6IsivQOM3DMNJX6U3VZUyx2hN4J5O31bkP4qMoNnHOzA7PD9JX4owirpxy4eZ
Y2Ywbc9jeBk=
=kUfO
-----END PGP SIGNATURE-----

1
rc.apache2
View File

@ -86,6 +86,7 @@ get_server_flags()
*) server_flags="$server_flags -D$i";;
esac
done
server_flags="$server_flags -DSYSCONFIG -C 'Include /etc/apache2/sysconfig.d/'"
}
action="$1"