Accepting request 316598 from Apache

1 OBS-URL: https://build.opensuse.org/request/show/316598 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=108
2015-07-14 15:20:52 +00:00 · 2015-07-14 15:20:52 +00:00 · b341ded83e
commit b341ded83e
parent f7723f51f9 de7dee913a
29 changed files with 652 additions and 949 deletions
--- a/24
+++ b/24
@ -8,20 +8,26 @@
 # (at your option) any later version.
 sysconf=/etc/sysconfig/apache2
 var=APACHE_SERVER_FLAGS
 PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
 debug=true
 function usage() {
-	echo "$(basename $0): enable/disable a flag in $var in $sysconf"
+        echo "$(basename $0): enable/disable a flag in $var in $sysconf"
-	echo
+        echo
        echo "usage: $(basename $0) [-d] flag"
-        #echo "       $(basename $0) -h runtests"
+        echo
        echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
        echo "apache instance (see README-instances.txt); sysconfig file is expected" 
        echo "at /etc/sysconfig/apache2@<instance_name> ."
        exit 1
 }
 unset instance_suffix
 if [ -n "$HTTPD_INSTANCE" ]; then
  instance_suffix="@$HTTPD_INSTANCE"
 fi
 sysconf=/etc/sysconfig/apache2$instance_suffix
 var=APACHE_SERVER_FLAGS
 PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
 if [ $# -lt 1 ]; then
        usage
 fi
--- a/24
+++ b/24
@ -8,22 +8,28 @@
 # (at your option) any later version.
 sysconf=/etc/sysconfig/apache2
 var=APACHE_MODULES
 PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
 debug=true
 function usage() {
-	echo "$(basename $0): enable/disable an apache module in $var in $sysconf"
+        echo "$(basename $0): enable/disable an apache module in $var in $sysconf"
-	echo
+        echo
        echo "usage: $(basename $0) [-d] module"
        echo "       $(basename $0) -l                    list modules"
        echo "       $(basename $0) -q module             query if module is installed"
-        #echo "       $(basename $0) -h runtests"
+        echo
        echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
        echo "apache instance (see README-instances.txt); sysconfig file is expected" 
        echo "at /etc/sysconfig/apache2@<instance_name> ."
        exit 1
 }
 unset instance_suffix
 if [ -n "$HTTPD_INSTANCE" ]; then
  instance_suffix="@$HTTPD_INSTANCE"
 fi
 sysconf=/etc/sysconfig/apache2$instance_suffix
 var=APACHE_MODULES
 PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
 if [ $# -lt 1 ]; then
        usage
 fi
--- a/apache2-README-instances.txt
+++ b/apache2-README-instances.txt
@ -0,0 +1,41 @@
 Dear System Administrator,
 SUSE Apache package comes with the possibility to run more instances
 of Apache process on one system.
 As always,
    sytemctl start apache2
 activates default instance of the server, which expects sysconfig setting
 in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF
 in there is not set, then it requires /etc/apache2/httpd.conf.
 Any other instance can be activated via
    systemctl start apache2@<instancename>
 for example
    systemctl start apache2@myweb.org
 This call tries to read /etc/sysconfig/apache2@<instancename> and if this 
 file is not present or APACHE_HTTPD_CONF is not set there, it requires
 /etc/apache2@<instancename>/httpd.conf.
 NOTES:
 * /etc/sysconfig/apache2@<instancename> can hold any sysconfig variable
  /etc/sysconfig/apache2 can, including module loading and MPM setting, 
 * default instance do not have to run when running other instances
 * a2enmod, a2dismod and apachectl operates over default instance if
  not specified otherwise via HTTPD_INSTANCE. For example,
    export HTTPD_INSTANCE=myweb.org
    a2enmod access_compat
    a2enmod status
    apachectl start
  will add access_compat and status modules to APACHE_MODULES 
  variable of /etc/sysconfig/apache2@myweb.org and then starts
  myweb.org instance.
--- a/apache2-README.default-vhost
+++ b/apache2-README.default-vhost
@ -1,27 +0,0 @@
 # provided by ChrisWi aka chris@computersalat.de
 This is a short introduction about how to use the delivered
 - default-vhost.conf
 - default-vhost-ssl.conf
 configuration files.
 When using virtual hosts (vhosts) with apache, you want to have a
 "default" config which points to your default hostname (FQDN).
 And when apache is reading its configs, then our "default" configs
 should be read "at first".
 To achieve this, you should adapt the/those config files and then
 add them to the /etc/sysconfig/apache2 config like the
 following example:
 # /etc/sysconfig/apache2
 ---- snip ----
 # This allows you to add e.g. VirtualHost statements without touching 
 # /etc/apache2/httpd.conf itself, which makes upgrading easier. 
 #
 APACHE_CONF_INCLUDE_FILES="default-vhost.conf default-vhost-ssl.conf"
 ---- snip ----
 This way our "default" config are read in before conf.d/* and vhosts.d/*
 Have fun :)
--- a/apache2-default-vhost-ssl.conf
+++ b/apache2-default-vhost-ssl.conf
@ -1,266 +0,0 @@
 #
 # This is the Apache server configuration file providing SSL support.
 # It contains the configuration directives to instruct the server how to
 # serve pages over an https connection. For detailing information about these 
 # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
 #
 # Do NOT simply read the instructions in here without understanding
 # what they do.  They're here only as hints or reminders.  If you are unsure
 # consult the online docs. You have been warned.  
 #
 <IfDefine SSL>
 <IfDefine !NOSSL>
 ##
 ## SSL Virtual Host Context
 ##
 <VirtualHost _default_:443>
    #  General setup for the virtual host
    ServerName dummy-host.example.com
    ServerAdmin webmaster@dummy-host.example.com
    ServerAlias example.com www.example.com
    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot "/srv/www/htdocs"
    #ServerName www.example.com:443
    #ServerAdmin webmaster@example.com
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log
    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on
    #   SSL Protocol support:
    # 4 possible values: All, SSLv2, SSLv3, TLSv1. Allow TLS and SSLv3:
    #   List the protocol versions which clients are allowed to
    #   connect with. Disable SSLv2 by default (cf. RFC 6176).
    SSLProtocol all -SSLv2
    #   SSL Cipher Suite:
    #   List the ciphers that the client is permitted to negotiate.
    #   See the mod_ssl documentation for a complete list.
    #
    #   Weak ciphers are disabled by default.
    #   Please see the documentation via the links above, and
    #   "openssl ciphers -v" for a complete list of ciphers that are
    #   available.
    #
    # The following default should work with openssl running in FIPS
    # mode.
    #    OPENSSL_FORCE_FIPS_MODE=1 rcapache2 restart
    # will start the web server with FIPS mode in openssl.
    # For more information, please have a look at
    # /usr/share/doc/packages/openssl/README-FIPS.txt from the openssl
    # package.
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    #   Speed-optimized SSL Cipher configuration:
    #   If speed is your main concern (on busy HTTPS servers e.g.),
    #   you might want to force clients to specific, performance
    #   optimized ciphers. In this case, prepend those ciphers
    #   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
    #   Caveat: by giving precedence to RC4-SHA and AES128-SHA
    #   (as in the example below), most connections will no longer
    #   have perfect forward secrecy - if the server's key is
    #   compromised, captures of past or future traffic must be
    #   considered compromised, too.
    #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
    #SSLHonorCipherOrder on 
    #   Server Certificate:
    #   Point SSLCertificateFile at a PEM encoded certificate.  If
    #   the certificate is encrypted, then you will be prompted for a
    #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
    #   in mind that if you have both an RSA and a DSA certificate you
    #   can configure both in parallel (to also allow the use of DSA
    #   ciphers, etc.)
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
    #   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
    #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCACertificatePath /etc/apache2/ssl.crt
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
    #   Certificate Revocation Lists (CRL):
    #   Set the CA revocation path where to find CA CRLs for client
    #   authentication or alternatively one huge file containing all
    #   of them (file must be PEM encoded)
    #   Note: Inside SSLCARevocationPath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCARevocationPath /etc/apache2/ssl.crl
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
    #   Client Authentication (Type):
    #   Client certificate verification type and depth.  Types are
    #   none, optional, require and optional_no_ca.  Depth is a
    #   number which specifies how deeply to verify the certificate
    #   issuer chain before deciding the certificate is not valid.
    #SSLVerifyClient require
    #SSLVerifyDepth  10
    #   Access Control:
    #   With SSLRequire you can do per-directory access control based
    #   on arbitrary complex boolean expressions containing server
    #   variable checks and other lookup directives.  The syntax is a
    #   mixture between C and Perl.  See the mod_ssl documentation
    #   for more details.
    #<Location />
    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
    #</Location>
    #   SSL Engine Options:
    #   Set various options for the SSL engine.
    #   o FakeBasicAuth:
    #     Translate the client X.509 into a Basic Authorisation.  This means that
    #     the standard Auth/DBMAuth methods can be used for access control.  The
    #     user name is the `one line' version of the client's X.509 certificate.
    #     Note that no password is obtained from the user. Every entry in the user
    #     file needs this password: `xxj31ZMTZzkVA'.
    #   o ExportCertData:
    #     This exports two additional environment variables: SSL_CLIENT_CERT and
    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
    #     server (always existing) and the client (only existing when client
    #     authentication is used). This can be used to import the certificates
    #     into CGI scripts.
    #   o StdEnvVars:
    #     This exports the standard SSL/TLS related `SSL_*' environment variables.
    #     Per default this exportation is switched off for performance reasons,
    #     because the extraction step is an expensive operation and is usually
    #     useless for serving static content. So one usually enables the
    #     exportation for CGI and SSI requests only.
    #   o StrictRequire:
    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
    #     under a "Satisfy any" situation, i.e. when it applies access is denied
    #     and no other module can change it.
    #   o OptRenegotiate:
    #     This enables optimized SSL connection renegotiation handling when SSL
    #     directives are used in per-directory context. 
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/srv/www/cgi-bin">
    SSLOptions +StdEnvVars
    </Directory>
    <Directory "/srv/www/htdocs">
 	AllowOverride None
 	#Options +Indexes +MultiViews +FollowSymLinks
 	Options -Indexes -MultiViews +FollowSymLinks
 	#IndexOptions FancyIndexing
 	#AuthName "Top Secret on dummy-host.example.com"
 	#AuthType Basic
 	#AuthUserFile /srv/www/passwd/default
 	#
 	# Controls who can get stuff from this server. The example gives access to:
 	# either a valid user, a user on the same system as the server, a system
 	# which name ends with .example.com and of which the reverse lookup of the
 	# IP address matches with the IP address that has been received by looking
 	# up that name in the DNS irrespective of any setting of HostnameLookups.
 	#
 	#<limit GET POST>
        #  <IfModule !mod_access_compat.c>
 	#    <RequireAny>
 	#      Require valid-user
 	#      Require local
 	#      Require host .example.com
 	#    </RequireAny>
 	#  </IfModule>
 	#  <IfModule mod_access_compat.c>
 	#    Require valid-user
 	#    Order Deny,Allow
 	#    Deny from All
 	#    Allow from 127.0.0.1
 	#    Allow from .example.com
 	#    Satisfy any
 	#  </IfModule>
 	#</limit>
    </Directory>
    #   SSL Protocol Adjustments:
    #   The safe and default but still SSL/TLS standard compliant shutdown
    #   approach is that mod_ssl sends the close notify alert but doesn't wait for
    #   the close notify alert from client. When you need a different shutdown
    #   approach you can use one of the following variables:
    #   o ssl-unclean-shutdown:
    #     This forces an unclean shutdown when the connection is closed, i.e. no
    #     SSL close notify alert is send or allowed to received.  This violates
    #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
    #     this when you receive I/O errors because of the standard approach where
    #     mod_ssl sends the close notify alert.
    #   o ssl-accurate-shutdown:
    #     This forces an accurate shutdown when the connection is closed, i.e. a
    #     SSL close notify alert is send and mod_ssl waits for the close notify
    #     alert of the client. This is 100% SSL/TLS standard compliant, but in
    #     practice often causes hanging connections with brain-dead browsers. Use
    #     this only for browsers where you know that their SSL implementation
    #     works correctly. 
    #   Notice: Most problems of broken clients are also related to the HTTP
    #   keep-alive facility, so you usually additionally want to disable
    #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
    #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
    #   "force-response-1.0" for this.
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    #   Per-Server Logging:
    #   The home of a custom SSL log file. Use this when you want a
    #   compact non-error SSL logfile on a virtual host basis.
    CustomLog /var/log/apache2/ssl_request_log   ssl_combined
    #
    # some Rewrite stuff for sharedssl
    #
    #RewriteEngine on
    ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
    ##RewriteLogLevel 3
    #RewriteCond %{HTTP_HOST}  ^webmail\..* [NC]
    #RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
    #RewriteRule ^/$ /roundcube [R]
 </VirtualHost>                                  
 </IfDefine>
 </IfDefine>
--- a/apache2-default-vhost.conf
+++ b/apache2-default-vhost.conf
@ -1,137 +0,0 @@
 #
 # Almost any Apache directive may go into a VirtualHost container.
 # The first VirtualHost section is used for requests without a known
 # server name.
 #
 <VirtualHost _default_:80>
    ServerName dummy-host.example.com
    ServerAdmin webmaster@dummy-host.example.com
    ServerAlias example.com www.example.com
    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot "/srv/www/htdocs"
    # if not specified, the global error log is used
    ErrorLog /var/log/apache2/dummy-host.example.com-error_log
    CustomLog /var/log/apache2/dummy-host.example.com-access_log combined
    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On
    # Optionally, include *.conf files from /etc/apache2/conf.d/
    #
    # For example, to allow execution of PHP scripts:
    #
    # Include /etc/apache2/conf.d/mod_php4.conf
    #
    # or, to include all configuration snippets added by packages:
    # Include /etc/apache2/conf.d/*.conf
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
    # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have one, and where ScriptAlias points to.
    #
    <Directory "/srv/www/cgi-bin">
 	AllowOverride None
 	Options +ExecCGI -Includes
 	<IfModule !mod_access_compat.c>
 	    Require all granted
 	</IfModule>
 	<IfModule mod_access_compat.c>
 	    Order allow,deny
 	    Allow from all
 	</IfModule>
    </Directory>
    # UserDir: The name of the directory that is appended onto a user's home
    # directory if a ~user request is received.
    #
    # To disable it, simply remove userdir from the list of modules in APACHE_MODULES
    # in /etc/sysconfig/apache2.
    #
    <IfModule mod_userdir.c>
 	# Note that the name of the user directory ("public_html") cannot simply be
 	# changed here, since it is a compile time setting. The apache package
 	# would have to be rebuilt. You could work around by deleting
 	# /usr/sbin/suexec, but then all scripts from the directories would be
 	# executed with the UID of the webserver.
 	UserDir public_html
 	# The actual configuration of the directory is in
 	# /etc/apache2/mod_userdir.conf.
 	Include /etc/apache2/mod_userdir.conf
 	# You can, however, change the ~ if you find it awkward, by mapping e.g.
 	# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
 	#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
    </IfModule>
    #
    # This should be changed to whatever you set DocumentRoot to.
    #
    <Directory "/srv/www/htdocs">
 	#
 	# Possible values for the Options directive are "None", "All",
 	# or any combination of:
 	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
 	#
 	# Note that "MultiViews" must be named *explicitly* --- "Options All"
 	# doesn't give it to you.
 	#
 	# The Options directive is both complicated and important.  Please see
 	# http://httpd.apache.org/docs/2.4/mod/core.html#options
 	# for more information.
 	#
 	Options +Indexes +MultiViews +FollowSymLinks
 	IndexOptions FancyIndexing
 	#
 	# AllowOverride controls what directives may be placed in .htaccess files.
 	# It can be "All", "None", or any combination of the keywords:
 	#   Options FileInfo AuthConfig Limit
 	#
 	AllowOverride None
 	#
 	# Controls who can get stuff from this server.
 	#
 	<IfModule !mod_access_compat.c>
 	    Require all granted
 	</IfModule>
 	<IfModule mod_access_compat.c>
 	    Order allow,deny
 	    Allow from all
 	</IfModule>
    </Directory>
    #
    # some Rewrite stuff for sharedssl
    #
    #RewriteEngine on
    ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite_log"
    ##RewriteLogLevel 3
    #RewriteCond %{HTTP_HOST} ^sharedssl\.* [OR]
    #RewriteRule ^/$ https://sharedssl.example.com/$1 [L,R]
 </VirtualHost>
--- a/0
+++ b/0
--- a/apache2-global.conf
+++ b/apache2-global.conf
@ -0,0 +1,6 @@
 ServerSignature off
 UseCanonicalName off
 ServerTokens ProductOnly
 LogLevel warn
 CustomLog /var/log/apache2/access_log combined
--- a/apache2-httpd.conf
+++ b/apache2-httpd.conf
@ -24,12 +24,14 @@
 #  | 
 #  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
 #  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
-#  |-- sysconfig.d/loadmodule.conf . . . . .  [*] load these modules
+#  |-- loadmodule.conf . . . . . . . . . . .  [*] load these modules
 #  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
 #  |-- mod_log_config.conf . . . . . . . . .  define logging formats
-#  |-- sysconfig.d/global.conf . . . . . . .  [*] server-wide general settings
+#  |-- global.conf . . . . . . . . . . . . .  [*] server-wide general settings
 #  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
 #  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
 #  |-- mod_reqtimeout.conf . . . . . . . . .  set timeout and minimum data rate for receiving requests
 #  |-- mod_cgid-timeout.conf . . . . . . . .  set CGIDScriptTimeout if mod_cgid is loaded/active
 #  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
 #  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
 #  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
@ -40,16 +42,13 @@
 #  |    |--mod_userdir.conf  . . . . . . . .  enable UserDir (if mod_userdir is loaded)
 #  |    `--conf.d/apache2-manual?conf  . . .  add the docs ('?' = if installed)
 #  |
 #  |-- sysconfig.d/include.conf  . . . . . .  [*] your include files 
 #  |                                             (for each file to be included here, put its name 
 #  |                                              into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
 #  |
 #  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
 #       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
 #
 #
-# Files marked [*] are created from sysconfig upon server restart: instead of
+# Files marked [*] are NOT read when server is started via systemd service. When server
-# these files, you edit /etc/sysconfig/apache2
+# is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
 #
@ -82,10 +81,8 @@
 #  |-- ssl.csr/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Signing Requests
 #  |-- ssl.key/  . . . . . . . . . . . . . .  PEM-encoded RSA Private Keys
 #  |-- ssl.prm/  . . . . . . . . . . . . . .  public DSA Parameter Files
-#  |-- sysconfig.d/  . . . . . . . . . . . .  files that are created from /etc/sysconfig/apache2
+#  |-- global.conf
-#  |   |-- global.conf
+#  |-- loadmodule.conf
 #  |   |-- include.conf
 #  |   `-- loadmodule.conf
 #  |-- uid.conf
 #  `-- vhosts.d/ . . . . . . . . . . . . . .  put your virtual host configuration (*.conf) here
 #      |-- vhost-ssl.template
@ -112,8 +109,10 @@ Include /etc/apache2/server-tuning.conf
 # container, that host's errors will be logged there and not here.
 ErrorLog /var/log/apache2/error_log
-# generated from APACHE_MODULES in /etc/sysconfig/apache2
+# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2
-Include /etc/apache2/sysconfig.d/loadmodule.conf
+<IfDefine !SYSCONFIG>
  Include /etc/apache2/loadmodule.conf
 </IfDefine>
 # IP addresses / ports to listen on
 Include /etc/apache2/listen.conf
@ -121,13 +120,29 @@ Include /etc/apache2/listen.conf
 # predefined logging formats
 Include /etc/apache2/mod_log_config.conf
-# generated from global settings in /etc/sysconfig/apache2
+# generated from default values of global settings in /etc/sysconfig/apache2
-Include /etc/apache2/sysconfig.d/global.conf
+<IfDefine !SYSCONFIG>
  Include /etc/apache2/global.conf
 </IfDefine>
 # optional mod_status, mod_info
 Include /etc/apache2/mod_status.conf
 Include /etc/apache2/mod_info.conf
 # mod_reqtimeout protects the server from the so-called "slowloris"
 # attack: The server is not swamped with requests in fast succession,
 # but with slowly transmitted request headers and body, thereby filling up
 # the request slots until the server runs out of them.
 # mod_reqtimeout is lightweight and should deliver good results
 # with the configured default values. You shouldn't notice it at all.
 Include /etc/apache2/mod_reqtimeout.conf
 # Fix for CVE-2014-0231 introduces new configuration parameter 
 # CGIDScriptTimeout. This directive and its effect prevent request 
 # workers to be eaten until starvation if cgi programs do not send 
 # output back to the server within the timout set by CGIDScriptTimeout.
 Include /etc/apache2/mod_cgid-timeout.conf
 # optional cookie-based user tracking
 # read the documentation before using it!!
 Include /etc/apache2/mod_usertrack.conf
@ -189,14 +204,6 @@ DirectoryIndex index.html index.html.var
 Include /etc/apache2/default-server.conf
 # Another way to include your own files
 #
 # The file below is generated from /etc/sysconfig/apache2,
 # include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
 # APACHE_CONF_INCLUDE_DIRS
 Include /etc/apache2/sysconfig.d/include.conf
 ### Virtual server configuration ############################################
 #
 # VirtualHost: If you want to maintain multiple domains/hostnames on your
--- a/apache2-loadmodule.conf
+++ b/apache2-loadmodule.conf
@ -0,0 +1,24 @@
 LoadModule actions_module                 /usr/lib64/apache2-prefork/mod_actions.so
 LoadModule alias_module                   /usr/lib64/apache2-prefork/mod_alias.so
 LoadModule auth_basic_module              /usr/lib64/apache2-prefork/mod_auth_basic.so
 LoadModule authn_file_module              /usr/lib64/apache2-prefork/mod_authn_file.so
 LoadModule authz_host_module              /usr/lib64/apache2-prefork/mod_authz_host.so
 LoadModule authz_groupfile_module         /usr/lib64/apache2-prefork/mod_authz_groupfile.so
 LoadModule authz_user_module              /usr/lib64/apache2-prefork/mod_authz_user.so
 LoadModule autoindex_module               /usr/lib64/apache2-prefork/mod_autoindex.so
 LoadModule cgi_module                     /usr/lib64/apache2-prefork/mod_cgi.so
 LoadModule dir_module                     /usr/lib64/apache2-prefork/mod_dir.so
 LoadModule env_module                     /usr/lib64/apache2-prefork/mod_env.so
 LoadModule expires_module                 /usr/lib64/apache2-prefork/mod_expires.so
 LoadModule include_module                 /usr/lib64/apache2-prefork/mod_include.so
 LoadModule log_config_module              /usr/lib64/apache2-prefork/mod_log_config.so
 LoadModule mime_module                    /usr/lib64/apache2-prefork/mod_mime.so
 LoadModule negotiation_module             /usr/lib64/apache2-prefork/mod_negotiation.so
 LoadModule setenvif_module                /usr/lib64/apache2-prefork/mod_setenvif.so
 LoadModule ssl_module                     /usr/lib64/apache2-prefork/mod_ssl.so
 LoadModule socache_shmcb_module           /usr/lib64/apache2-prefork/mod_socache_shmcb.so
 LoadModule userdir_module                 /usr/lib64/apache2-prefork/mod_userdir.so
 LoadModule reqtimeout_module              /usr/lib64/apache2-prefork/mod_reqtimeout.so
 LoadModule authn_core_module              /usr/lib64/apache2-prefork/mod_authn_core.so
 LoadModule authz_core_module              /usr/lib64/apache2-prefork/mod_authz_core.so
--- a/apache2-mod_cgid-timeout.conf
+++ b/apache2-mod_cgid-timeout.conf
@ -0,0 +1,15 @@
 #
 # The length of time in seconds to wait for more output
 # from a CGI program.
 #
 # This will prevent a DoS if too many CGI's don't send their output quickly
 # enough.
 # The value for CGIDScriptTimeout defaults to the value of Timeout.
 # CGIDScriptTimeout is used by mod_cgid only!
 #
 <IfModule mod_cgid.c>
  CGIDScriptTimeout 60
 </IfModule>
--- a/115
+++ b/115
@ -0,0 +1,115 @@
 #!/bin/bash
 HTTPD_SBIN_BASE="/usr/sbin/httpd"
 #
 # loads sysconfig variables into environment
 # 
 # return value in: APACHE_*
 #
 function load_sysconfig
 {
  [ -n "$sysconfig_loaded" ] && return
  [ ! -f "$SYSCONFIG_FILE" ] && return
  . $SYSCONFIG_FILE
  export ${!APACHE_*} sysconfig_loaded=true
 }
 #
 # finds prefered multiprocessing module
 #
 # return value in: HTTPD_MPM 
 #
 function find_mpm
 {
  [ -n "$mpm_found" ] && return
  # load sysconfig variables if they weren't yet
  load_sysconfig
  # try to read from sysconfig's APACHE_MPM
  HTTPD_MPM=$APACHE_MPM
  # if empty, then choose one from installed
  if [ -z "$HTTPD_MPM" ]; then
      # guess
      for i in $HTTPD_SBIN_BASE-*; do
          test -f $i || continue
          i=$(basename $i)
          i=${i#*-}
          installed_mpms=(${installed_mpms[*]} $i)
      done
      if [ -z "${installed_mpms[*]}" ]; then
          HTTPD_MPM=""
          return
      elif [ ${#installed_mpms[*]} = 1 ]; then
          HTTPD_MPM=${installed_mpms[*]}
      else
          case ${installed_mpms[*]} in
              *prefork*)      HTTPD_MPM=prefork;;
              *worker*)       HTTPD_MPM=worker;;
              *event*)        HTTPD_MPM=event;;
          esac
      fi
  fi
  export HTTPD_MPM mpm_found=true
 }
 #
 # search for paths for wanted modules (declared in
 # APACHE_MODULES)
 #
 # return value in: HTTPD_MODULE_IDS
 #                  HTTPD_MODULE_PATHS
 #
 function get_module_list
 {
  load_sysconfig
  find_mpm
  for module in $APACHE_MODULES; do
      # special case
      # remove or add 'd' on in cgi module name
      case $module in mod_cgid|cgid) 
          case $HTTPD_MPM in prefork) module=${module%d};; esac;; 
      esac
      case $module in mod_cgi|cgi)   
          case $HTTPD_MPM in event|worker) module=${module}d;; esac;; 
      esac
      module_id=${module#mod_}_module
      # special case
      case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
      unset module_path
      for libdir in /usr/lib64 /usr/lib; do
          for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \
                          $libdir/apache2-$HTTPD_MPM/$module.so \
                          $libdir/apache2/mod_$module.so \
                          $libdir/apache2/$module.so; do
              if [ -f $filepath ]; then
                  module_path=$filepath
                  break 
              fi
          done 
          if [ -n "$module_path" ]; then
            break
          fi
      done
      if [ -n "$module_path" ]; then
        HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id"
        HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path"
      fi
  done
  export HTTPD_MODULE_IDS
  export HTTPD_MODULE_PATHS
 }
--- a/apache2-ssl-global.conf
+++ b/apache2-ssl-global.conf
@ -77,7 +77,15 @@
 	#   SSL Cipher Suite:
 	#   List the ciphers that the client is permitted to negotiate.
 	#   See the mod_ssl documentation for a complete list.
-	SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+        #   https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
 	SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
 	#   SSLHonorCipherOrder
 	#   If SSLHonorCipherOrder is disabled, then the client's preferences
 	#   for chosing the cipher during the TLS handshake are used.
 	#   If set to on, then the above SSLCipherSuite is used, in the order
 	#   given, with the first supported match on both ends.
 	SSLHonorCipherOrder on
 	#   Server Certificate:
 	#   Point SSLCertificateFile at a PEM encoded certificate.  If
--- a/apache2.changes
+++ b/apache2.changes
@ -1,3 +1,122 @@
 -------------------------------------------------------------------
 Tue Jul 14 07:32:00 UTC 2015 - pgajdos@suse.com
 - access_compat shared also for 11sp3
 -------------------------------------------------------------------
 Mon Jul 13 15:14:20 UTC 2015 - pgajdos@suse.com
 - apache2-implicit-pointer-decl.patch renamed to 
  httpd-implicit-pointer-decl.patch to align with other
  patches names
 -------------------------------------------------------------------
 Mon Jul 13 15:12:29 UTC 2015 - pgajdos@suse.com
 - apachectl is now wrapper to start_apache2; therefore, it honors 
  HTTPD_INSTANCE variable, see README-instances.txt for details 
  + httpd-apachectl.patch
  - httpd-2.4.10-apachectl.patch
 -------------------------------------------------------------------
 Mon Jul 13 13:37:53 UTC 2015 - pgajdos@suse.com
 - a2enmod/a2dismod and a2enflag/a2disflag now respect 
  HTTPD_INSTANCE=<instance_name> environment variable, which can be 
  used to specify apache instance name; sysconfig file is expected 
  at /etc/sysconfig/apache2@<instance_name> 
 (see README-instances.txt for details)
 -------------------------------------------------------------------
 Mon Jul 13 11:21:43 UTC 2015 - pgajdos@suse.com
 - provides suse_maintenance_mmn symbol [bnc#915666] (internal)
 -------------------------------------------------------------------
 Mon Jul 13 10:05:17 UTC 2015 - pgajdos@suse.com
 - credits to Roman Drahtmueller:
  * add reference to /etc/permissions.local to output of %post if
    setting the permissions of suexec2 fails
  * do not enable mod_php5 by default any longer
  * httpd-2.0.49-log_server_status.dif obsoleted
  * apache2-mod_ssl_npn.patch removed because not used
  * include mod_reqtimeout.conf in httpd.conf
  * added cgid-timeout.conf, include
    it in httpd.conf
 - fix default value APACHE_MODULES in sysconfig file
 - %service_* macros for apache2@.service
 -------------------------------------------------------------------
 Mon Jul 13 09:52:21 UTC 2015 - pgajdos@suse.com
 - reenable 690734.patch, it should be upstreamed by the author 
  (Adrian Schroeter) though
   + httpd-2.4.9-bnc690734.patch
   - httpd-2.2.x-bnc690734.patch
 -------------------------------------------------------------------
 Mon Jul 13 09:51:34 UTC 2015 - pgajdos@suse.com
 - drop startssl from start_apache2
 -------------------------------------------------------------------
 Wed Jul  1 09:41:31 UTC 2015 - pgajdos@suse.com
 - allow to run multiple instances of Apache on one system
  [fate#317786] (internal)
  * distributed httpd.conf no longer includes sysconfig.d, nor this 
    directory is shipped. httpd.conf includes loadmodule.conf and 
    global.conf which are former sysconfig.d/loadmodule.conf and 
    sysconfig.d/global.conf for default /etc/sysconfig/apache2
    global.conf and loadmodule.conf are not included when
    sysconfig variables could have been read by start_apache2
    startup script (run with systemd services). Therefore, when
    starting server via /usr/sbin/httpd, sysconfig variables
    are not taken into account.
  * some not-maintained scripts are moved from
    /usr/share/apache2 to /usr/share/apache2/deprecated-scripts
  * all modules comment in sysconfig file is not generated 
    anymore
  * added README-instances.txt
  * removed Sources:
    load_configuration
    find_mpm
    get_module_list
    get_includes
    find_httpd_includes
    apache-find-directives
  * added Sources:
    deprecated-scripts.tar.xz
    apache2-README-instances.txt
    apache2-loadmodule.conf
    apache2-global.conf
    apache2-find-directives
    apache2@.service
    apache2-script-helpers
 -------------------------------------------------------------------
 Thu Jun 25 15:52:14 UTC 2015 - kstreitova@suse.com
 - add SSLHonorCipherOrder directive to apache2-ssl-global.conf
 - adopt SSLCipherSuite directive value from SLE12
 - remove default-vhost-ssl.conf and default-vhost.conf from
  /etc/apache2. These two files are not (!) read by the 
  configuration framework, but are named *.conf, which is
  misleading. The files are almost identical with the vhost 
  templates in /etc/apache2/vhosts.d/. The two templates there do
  it right because they are not named *.conf and are not sourced
  either. apache's response with no explicit (eg. default, vanilla) 
  configuration is contained in /etc/apache2/default-server.conf.
  * remove apache2-README.default-vhost as there are no 
    default-vhost* files anymore.
 -------------------------------------------------------------------
 Thu Jun 25 03:52:01 UTC 2015 - crrodriguez@opensuse.org
 - apache2.service: We have to use KillMode=mixed for the
  graceful stop, restart to work properly.
 -------------------------------------------------------------------
 Thu Jun 11 09:09:05 UTC 2015 - pgajdos@suse.com
--- a/apache2.service
+++ b/apache2.service
@ -6,11 +6,12 @@ Before=getty@tty1.service plymouth-quit.service xdm.service
 [Service]
 Type=notify
 PrivateTmp=true
-EnvironmentFile=/etc/sysconfig/apache2
+ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
-ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k start
+ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
-ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful
+ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
-ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful-stop
+KillMode=mixed
 [Install]
 WantedBy=multi-user.target
 Alias=httpd.service apache.service
--- a/apache2.spec
+++ b/apache2.spec
@ -17,6 +17,7 @@
 %define apache_mmn	%(test -s %{SOURCE0} && { echo -n apache_mmn_; bzcat %{SOURCE0} | awk '/^#define MODULE_MAGIC_NUMBER_MAJOR/ {printf "%d", $3}'; })
 %define suse_maintenance_mmn  0
 %define	default_mpm	prefork
 %{!?prefork:%define prefork 1}
 %{!?worker:%define worker 1}
@ -46,7 +47,7 @@
 %define mods_static unixd systemd
 %else
 %define runtimedir	%{_localstatedir}/run
-%define mods_static access_compat unixd
+%define mods_static unixd
 %endif
 Name:           apache2
 Version:        2.4.12
@ -66,17 +67,13 @@ Source18:       robots.txt
 Source20:       favicon.ico
 Source22:       apache2-README
 Source23:       apache2-README.QUICKSTART
 Source24:       apache2-README.default-vhost
 Source25:       gensslcert
 Source26:       apache2-README-access_compat.txt
 Source27:       %{name}.logrotate
 Source28:       permissions.%{name}
 Source29:       apache-ssl-stuff.tar.bz2
-Source40:       load_configuration
+Source30:       deprecated-scripts.tar.xz
-Source41:       find_mpm
+Source31:       apache2-README-instances.txt
 Source42:       get_module_list
 Source43:       get_includes
 Source44:       find_httpd_includes
 # sysconf_addword is part of aaa_base.rpm starting with openSUSE 11.0
 # we bring our own copy for the cases where it is not available
 Source45:       sysconf_addword
@ -100,27 +97,26 @@ Source111:      apache2-server-tuning.conf
 Source113:      apache2-ssl-global.conf
 Source114:      apache2-mod_usertrack.conf
 Source115:      apache2-mod_reqtimeout.conf
 Source116:      apache2-loadmodule.conf
 Source117:      apache2-global.conf
 Source118:      apache2-mod_cgid-timeout.conf
 Source130:      apache2-vhost.template
 Source131:      apache2-vhost-ssl.template
 Source132:      apache2-default-vhost.conf
 Source133:      apache2-default-vhost-ssl.conf
 Source140:      apache2-check_forensic
 Source141:      apache-22-24-upgrade
 Source142:      start_apache2
 Source143:      apache2-systemd-ask-pass
 Source144:      apache2.service
-Source145:      apache-find-directives
+Source145:      apache2-find-directives
 Source146:      apache2@.service
 Source147:      apache2-script-helpers
 Patch2:         httpd-2.1.3alpha-layout.dif
-Patch23:        httpd-2.4.10-apachectl.patch
+Patch23:        httpd-apachectl.patch
 #Patch65:        httpd-2.0.49-log_server_status.dif
 Patch66:        httpd-2.0.54-envvars.dif
 Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.x.x-logresolve.patch
-Patch69:        httpd-2.2.x-bnc690734.patch
+Patch69:        httpd-2.4.9-bnc690734.patch
-Patch70:        apache2-implicit-pointer-decl.patch
+Patch70:        httpd-implicit-pointer-decl.patch
 # PATCH-FEATURE-UPSTREAM apache2-mod_ssl_npn.patch dimstar@opensuse.org -- Add npn support to mod_ssl (needed for spdy)
 #Patch108:       apache2-mod_ssl_npn.patch
 #Provides:       apache2(mod_ssl+npn)
 # PATCH-FEATURE-UPSTREAM httpd-2.4.3-mod_systemd.patch crrodriguez@opensuse.org simple module provides systemd integration.
 Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
@ -153,6 +149,7 @@ Requires(post): sed
 Requires(post): textutils
 Recommends:     apache2-%{default_mpm}
 Provides:       %{apache_mmn}
 Provides:       suse_maintenance_mmn = %{suse_maintenance_mmn}
 Provides:       http_daemon
 Provides:       httpd
 Provides:       suse_help_viewer
@ -189,7 +186,7 @@ Summary:        Apache 2 worker MPM (Multi-Processing Module)
 Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}
 Provides:       %{name}-MPM
-# the post scriptlet executes /usr/share/apache2/get_module_list
+# the post scriptlet sources /usr/share/apache2/script-helpers
 Requires(post): %{name} = %{version}
 %endif
@ -200,7 +197,7 @@ Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}
 Provides:       %{name}-MPM
 Provides:       apache:%{_sbindir}/httpd
-# the post scriptlet executes /usr/share/apache2/get_module_list
+# the post scriptlet sources /usr/share/apache2/script-helpers
 Requires(post): %{name} = %{version}
 %endif
@ -210,7 +207,7 @@ Summary:        Apache 2 event MPM (Multi-Processing Module)
 Group:          Productivity/Networking/Web/Servers
 Requires:       %{name} = %{version}
 Provides:       %{name}-MPM
-# the post scriptlet executes /usr/share/apache2/get_module_list
+# the post scriptlet sources /usr/share/apache2/script-helpers
 Requires(post): %{name} = %{version}
 %endif
@ -294,16 +291,14 @@ Utilities provided by the Apache 2 Web Server project which are useful
 to administrators of web servers in general.
 %prep
-%setup -q -n httpd-%{version}
+%setup -q -n httpd-%{version} -a30
 %patch2 -p1
-%patch23 -p1
+%patch23
 #%patch65 -p1
 %patch66 -p1
 %patch67 -p1
 %patch68 -p1
-#%patch69
+%patch69
 %patch70 -p1
 #%patch108 -p1
 # Systemd module enabling patch                                                
 %if 0%{?suse_version} >= 1210 
 %patch109 -p1
@ -317,8 +312,8 @@ a=$(basename %{SOURCE22})
 cp %{SOURCE22} ./${a##%{name}-}
 b=$(basename %{SOURCE23})
 cp %{SOURCE23} ./${b##%{name}-}
-c=$(basename %{SOURCE24})
+c=$(basename %{SOURCE31})
-cp %{SOURCE24} ./${c##%{name}-}
+cp %{SOURCE31} ./${c##%{name}-}
 d=$(basename %{SOURCE26})
 cp %{SOURCE26} ./${d##%{name}-}
@ -518,7 +513,7 @@ install -m 755 support/logresolve.pl 		%{buildroot}/%{_sbindir}/
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic %{buildroot}/%{_bindir}/check_forensic
-install -m 755 $RPM_SOURCE_DIR/apache-find-directives %{buildroot}/%{_bindir}/
+install -m 755 $RPM_SOURCE_DIR/apache2-find-directives %{buildroot}/%{_bindir}/
 #
 # xml stuff
 install -d %{buildroot}%{_datadir}/omc/svcinfo.d/
@ -529,25 +524,21 @@ install -m 755 %{SOURCE25} %{buildroot}/%{_bindir}/
 tar xjf %{SOURCE29} -C %{buildroot}/%{sysconfdir}
 #
 # init script and friends
-install -m 700 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/
+install -m 644 $RPM_SOURCE_DIR/apache2-script-helpers %{buildroot}/%{_datadir}/%{name}/script-helpers
 install -m 744 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/
 %if 0%{?suse_version} >= 1210
 mkdir -p %{buildroot}%{_unitdir}/
 install -m 700 $RPM_SOURCE_DIR/apache2-systemd-ask-pass %{buildroot}%{_sbindir}/
 install -m 644 $RPM_SOURCE_DIR/apache2.service %{buildroot}%{_unitdir}/
 install -m 644 $RPM_SOURCE_DIR/apache2@.service %{buildroot}%{_unitdir}/
 ln -sf service %{buildroot}/%{_sbindir}/rcapache2
 %else
 mkdir -p %{buildroot}%{_sysconfdir}/init.d
 install -m 744 $RPM_SOURCE_DIR/rc.%{name} %{buildroot}%{_initddir}/%{name}
 ln -sf ../..%{_initddir}/%{name} %{buildroot}/%{_sbindir}/rcapache2
 %endif
-install -m 755 $RPM_SOURCE_DIR/load_configuration %{buildroot}/%{_datadir}/%{name}/
+cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/
 install -m 755 $RPM_SOURCE_DIR/find_mpm           %{buildroot}/%{_datadir}/%{name}/
 install -m 755 $RPM_SOURCE_DIR/get_includes       %{buildroot}/%{_datadir}/%{name}/
 install -m 755 $RPM_SOURCE_DIR/find_httpd_includes %{buildroot}/%{_datadir}/%{name}/
 install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/
 sed 's+%{_prefix}/lib+%{_libdir}+' $RPM_SOURCE_DIR/get_module_list \
 	> %{buildroot}/%{_datadir}/%{name}/get_module_list
 chmod 755 %{buildroot}/%{_datadir}/%{name}/get_module_list
 install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/
 install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir}
 ln -s a2enflag %{buildroot}/%{_sbindir}/a2disflag
@ -555,28 +546,21 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod %{buildroot}/%{_sbindir}
 ln -s a2enmod %{buildroot}/%{_sbindir}/a2dismod
 #
 # directories for files from other packages and other configuration
-for i in vhosts.d sysconfig.d; do
+mkdir -p %{buildroot}/%{sysconfdir}/vhosts.d
 	mkdir -p %{buildroot}/%{sysconfdir}/$i
 done
 #
-# make list of all modules, and install sysconfig template
+# install sysconfig template
-for i in $(find %{buildroot}/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
+install -m 644 $RPM_SOURCE_DIR/sysconfig.%{name} \
-	modname=${i#*mod_}; modname=${modname%.so}
+	%{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name}
 	modname=${modname##*lib}
 	all_modules="$all_modules $modname"
 done
 all_modules=$(echo $all_modules | fmt | sed 's/\(.*\)/#    \1\\/')
 sed "s+@@all_modules@@+$all_modules +" $RPM_SOURCE_DIR/sysconfig.%{name} \
 	> %{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name}
 #
 # install configuration files:
 mkdir -p %{buildroot}/%{runtimedir}
 touch %{buildroot}/%{sysconfdir}/sysconfig.d/include.conf
 mkdir -p %{buildroot}/%{sysconfdir}/conf.d
 for i in default-server.conf \
 	 errors.conf \
 	 global.conf \
 	 httpd.conf \
 	 listen.conf \
 	 loadmodule.conf \
 	 mod_autoindex-defaults.conf \
 	 mod_info.conf \
 	 mod_log_config.conf \
@ -585,6 +569,8 @@ for i in default-server.conf \
 	 mod_userdir.conf \
 	 mod_usertrack.conf \
 	 server-tuning.conf \
 	 mod_reqtimeout.conf \
         mod_cgid-timeout.conf \
 	 ssl-global.conf
 do
 	install -m 644 $RPM_SOURCE_DIR/apache2-$i %{buildroot}/%{sysconfdir}/$i
@ -608,11 +594,6 @@ done
 install -m 644 %{SOURCE130} %{buildroot}/%{sysconfdir}/vhosts.d/vhost.template
 install -m 644 %{SOURCE131} %{buildroot}/%{sysconfdir}/vhosts.d/vhost-ssl.template
 install -m 644 %{SOURCE104} %{buildroot}/%{sysconfdir}/conf.d/manual.conf
 # install default vhost
 dvh=$(basename %{SOURCE132})
 install -m 644 %{SOURCE132} %{buildroot}/%{sysconfdir}/${dvh##%{name}-}
 dvhs=$(basename %{SOURCE133})
 install -m 644 %{SOURCE133} %{buildroot}/%{sysconfdir}/${dvhs##%{name}-}
 # for mod_auth_ldap
 install -m 644 docs/conf/charset.conv %{buildroot}/%{sysconfdir}/
@ -727,7 +708,11 @@ rm -r %{buildroot}/%{sysconfdir}/extra 		# it is already in the documentation di
 # and validate httpd.conf file
 #
 pushd %{buildroot}/%{sysconfdir}
-for i in *.conf; do cp $i $i.test; done
+for i in *.conf; do 
  # loadmodule.conf.test will be created later
  [ "$i" == loadmodule.conf ] && continue    
  cp $i $i.test; 
 done
 sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
    -e 's+%{_localstatedir}/run+'%{buildroot}'%{_localstatedir}/run+' \
    -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
@ -737,24 +722,24 @@ sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
 		httpd.conf > httpd.conf.test
 sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
 		default-server.conf > default-server.conf.test
-touch sysconfig.d/global.conf.test
+sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \
-touch sysconfig.d/include.conf.test
+		global.conf.test
 popd
 pushd %{buildroot}
 for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
 	mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module
 	mod_path=
-	echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/sysconfig.d/loadmodule.conf.test
+	echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test
 done
 # auth_ldap_module needs to be loaded after ldap_module
-echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test
+echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test
 popd
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
 %{buildroot}/%{_sbindir}/httpd-%{default_mpm} \
 	-e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1
 rm %{buildroot}/%{sysconfdir}/*.test
 rm %{buildroot}/%{sysconfdir}/sysconfig.d/*
 mv %{buildroot}/%{sysconfdir}/original .
 %files -f filelist
@ -771,8 +756,6 @@ mv %{buildroot}/%{sysconfdir}/original .
 %doc robots.txt
 %doc printenv
 %doc test-cgi
 #%doc httpd-std.conf-*
 #%doc ssl-std.conf
 %doc httpd.conf.default
 %doc original
 %attr(750,root,root) %dir %{logfiledir}
@ -792,11 +775,11 @@ mv %{buildroot}/%{sysconfdir}/original .
 %{sysconfdir}/ssl.*/README*
 %dir %{sysconfdir}/conf.d
 %dir %{sysconfdir}/vhosts.d
 %dir %{sysconfdir}/sysconfig.d
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %{_datadir}/omc/svcinfo.d/apache2.xml
 %if 0%{?suse_version} >= 1210
 %{_unitdir}/apache2.service
 %{_unitdir}/apache2@.service
 %{_sbindir}/apache2-systemd-ask-pass
 %else
 %{_initddir}/%{name}
@ -823,11 +806,8 @@ mv %{buildroot}/%{sysconfdir}/original .
 %dir %{installbuilddir}
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/apache-22-24-upgrade
-%{_datadir}/%{name}/get_module_list
+%{_datadir}/%{name}/deprecated-scripts
-%{_datadir}/%{name}/get_includes
+%{_datadir}/%{name}/script-helpers
 %{_datadir}/%{name}/find_httpd_includes
 %{_datadir}/%{name}/find_mpm
 %{_datadir}/%{name}/load_configuration
 %{_datadir}/%{name}/sysconf_addword
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
@ -1240,7 +1220,7 @@ mv %{buildroot}/%{sysconfdir}/original .
 %{_bindir}/check_forensic2
 %{_bindir}/dbmmanage
 %{_bindir}/dbmmanage2
-%{_bindir}/apache-find-directives
+%{_bindir}/apache2-find-directives
 %{_bindir}/gensslcert
 %{_bindir}/htdbm
 %{_bindir}/htdbm2
@ -1264,30 +1244,41 @@ mv %{buildroot}/%{sysconfdir}/original .
 %if %{prefork}
 %post prefork
-%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
+# install /usr/sbin/httpd
 . /usr/share/apache2/script-helpers
 find_mpm
 ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
 exit 0
 %endif
 %if %{worker}
 %post worker
-%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
+# install /usr/sbin/httpd
 . /usr/share/apache2/script-helpers
 find_mpm
 ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
 exit 0
 %endif
 %if %{event}
 %post event
-%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
+# install /usr/sbin/httpd
 . /usr/share/apache2/script-helpers
 find_mpm
 ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
 exit 0
 %endif
 %pre
 %if 0%{?suse_version} >= 1210
 %service_add_pre apache2.service
 %service_add_pre apache2@.service
 %endif
 %preun
 %if 0%{?suse_version} >= 1210
 %service_del_preun apache2.service
 %service_del_preun apache2@.service
 %endif
 for i in %{_sbindir}/httpd \
 	 %{installbuilddir}/config_vars.mk
@ -1299,6 +1290,7 @@ exit 0
 %postun
 %if 0%{?suse_version} >= 1210
 %service_del_postun apache2.service
 %service_del_postun apache2@.service
 %else
 %insserv_cleanup
 %endif
@ -1307,7 +1299,7 @@ exit 0
 %if 0%{?suse_version} <= 1130
 %run_permissions
 %else
-%set_permissions %{_sbindir}/suexec
+%set_permissions %{_sbindir}/suexec || echo "Please check /etc/permissions.local for settings of /usr/sbin/suexec2 ."
 %endif
 # wwwadmin group existed in past remove after openSUSE-13.2 out of support scope
 if grep -q "^wwwadmin:" %{_sysconfdir}/group; then
@ -1324,6 +1316,7 @@ fi
 %{fillup_only apache2}
 %if 0%{?suse_version} >= 1210
 %service_add_post apache2.service
 %service_add_post apache2@.service
 %else
 %{fillup_and_insserv apache2}
 %endif
@ -1354,7 +1347,6 @@ if [ $1 -gt 1 ] ; then
 fi
 rm -rf $tmpdir
 %{_datadir}/%{name}/get_module_list >/dev/null 2>&1
 exit 0
 %posttrans
--- a/apache2@.service
+++ b/apache2@.service
@ -0,0 +1,18 @@
 [Unit]
 Description=The Apache Webserver %I
 After=network.target nss-lookup.target time-sync.target
 Before=getty@tty1.service plymouth-quit.service xdm.service
 [Service]
 Type=notify
 PrivateTmp=true
 Environment="HTTPD_INSTANCE=%i"
 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start	
 ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
 ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
 KillMode=mixed
 [Install]
 WantedBy=multi-user.target
 Alias=httpd@.service apache@.service
--- a/deprecated-scripts.tar.xz
+++ b/deprecated-scripts.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0089226f95d2caac8a06128aaa45170aaf84c79101c2ea7a64f9422b4176766a
 size 3252
--- a/31
+++ b/31
@ -1,31 +0,0 @@
 #!/bin/bash
 # Read the configuration (recursing through all include files)
 . /usr/share/apache2/load_configuration
 : ${sysconfdir:=/etc/apache2}
 httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
 find_include_files () {
 	local found i
 	found=$(awk '/^[[:space:]]*Include/ { print $2 }' $1 2>/dev/null)
 	for i in $found; do 
 		case $i in 
 		*\**) 
 			# filter filenames that are unexpanded, in the lack of a match,
 			# like /etc/apache2/conf.d/*.conf
 			;;
 		*) 
 			conffiles="$conffiles $i"
 			find_include_files $i
 			;;
 		esac
 	done
 }
 find_include_files $httpd_conf
 #echo $httpd_conf $conffiles
 echo $conffiles
 exit 0
--- a/48
+++ b/48
@ -1,48 +0,0 @@
 #!/bin/bash
 : ${apache_link:=/usr/sbin/httpd}
 . /usr/share/apache2/load_configuration
 if ! ${mpm_set:=false}; then 
 	if [ -z "$APACHE_MPM" ]; then 
 		# guess
 		for i in $r/$apache_link-*; do 
 			test -f $i || continue
 			i=$(basename $i)
 			i=${i#*-}
 			installed_mpms=(${installed_mpms[*]} $i)
 		done
 		if [ -z "${installed_mpms[*]}" ]; then
 			echo >&2 ${warn}Apache binary ${apache_link#*-} not found. No MPM package installed? $norm
 			echo >&2 Hint: install the apache2-prefork package, and try again.
 		fi
 		if [ ${#installed_mpms[*]} = 1 ]; then
 			APACHE_MPM=${installed_mpms[*]}
 		else
 			case ${installed_mpms[*]} in
 			*prefork*)	APACHE_MPM=prefork;;
 			*worker*)	APACHE_MPM=worker;;
 			*event*)	APACHE_MPM=event;;
 			*leader*)	APACHE_MPM=leader;;
 			*metuxmpm*)	APACHE_MPM=metuxmpm;;
 			*threadpool*)	APACHE_MPM=threadpool;;
 			*itk*)          APACHE_MPM=itk;;
 			esac
 		fi
 	fi
 	if [ -x $apache_link-$APACHE_MPM ]; then
 		ln -sf $apache_link-$APACHE_MPM $apache_link
 		ln -sf $apache_link-$APACHE_MPM ${apache_link}2
 		echo $apache_link-$APACHE_MPM
 	else
 		echo >&2 ${warn}$apache_link-$APACHE_MPM is not a valid httpd binary. 
 		echo >&2 Check your APACHE_MPM setting.$norm
 		exit 1
 	fi
 	export APACHE_MPM mpm_set=true
 fi
--- a/45
+++ b/45
@ -1,45 +0,0 @@
 #!/bin/bash
 pname=apache2
 : ${sysconfdir:=/etc/$pname}
 : ${sysconfig_apache:=/etc/sysconfig/$pname}
 test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration
 apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
 APACHE_MPM=${apache_bin##*-}
 if [ -z "$APACHE_MPM" ]; then 
 	echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM.
 fi
 #echo -n writing sysconfig.d/include.conf
 exec 3>$sysconfdir/sysconfig.d/include.conf
 echo >&3 "#
 # This file is created at apache start time by /usr/sbin/rc$pname. Do not edit it!
 #
 # as listed in APACHE_INCLUDE_* ($sysconfig_apache)
 " 
 for file in $APACHE_CONF_INCLUDE_FILES; do
 	test ${file:0:1} = / || file=$sysconfdir/$file
 	if [ -e $file ]; then
 		echo >&3 Include $file
 	else
 		echo >&2 File $file from APACHE_CONF_INCLUDE_FILES not found. Ignored. 
 	fi
 done
 # here, we do not want to use globbing. apache will do it 
 set -o noglob
 for dir in $APACHE_CONF_INCLUDE_DIRS; do
 	test ${dir:0:1} = / || dir=$sysconfdir/$dir
 	if [ -d $dir -o -d /$(dirname $dir) ]; then
 		echo >&3 Include $dir
 	else
 		echo >&2 Directory $dir from APACHE_CONF_INCLUDE_DIRS not found. Ignored. 
 	fi
 done
 set +o noglob
 echo >&3 -e "#\n"
 exec 3<&-
 #echo -n ". "
--- a/163
+++ b/163
@ -1,163 +0,0 @@
 #!/bin/bash
 pname=apache2
 : ${sysconfdir:=/etc/$pname}
 : ${sysconfig_apache:=/etc/sysconfig/$pname}
 default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs
 test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration
 apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
 APACHE_MPM=${apache_bin##*-}
 if [ -z "$APACHE_MPM" ]; then 
 	echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM.
 fi
 if [ "$1" = -q ]; then
 	quiet=true
 else
 	quiet=false
 fi
 #echo -n writing sysconfig.d/loadmodule.conf
 TMPFILE=`/bin/mktemp /tmp/$pname.XXXXXXXXXXXX`
 if [ -z "$TMPFILE" ]; then
 	 echo >&2 Error: could not create temporary file for writing loadmodules.conf.
 	 exit 1
 fi
 exec 3>$TMPFILE
 echo >&3 "#
 # Files in this directory are created at apache start time by /usr/sbin/rc$pname 
 # Do not edit them!
 #
 # as listed in APACHE_MODULES ($sysconfig_apache)
 " 
 test -z "$APACHE_MODULES" && APACHE_MODULES=$LOADMODULES
 # see whether APACHE_MODULES is declared as array (it was so, in the past)
 # if it is not an array, we convert it to one.
 if [[ -z ${APACHE_MODULES[1]} ]]; then
 	# strip leading and trailing parens... since it might erroneously be written as
 	# APACHE_MODULES="(asdf 1234)"
 	APACHE_MODULES=${APACHE_MODULES/(}; APACHE_MODULES=${APACHE_MODULES/)}
 	APACHE_MODULES=($APACHE_MODULES)
 fi
 for i in ${APACHE_MODULES[*]}; do
 	unset module_path module_id
 	case $i in mod_cgid|cgid) case $APACHE_MPM in prefork|leader|itk)  i=${i%d};; esac;; esac
 	case $i in mod_cgi|cgi)   case $APACHE_MPM in event|worker) i=${i}d;; esac;; esac
 	module_id=${i##*/}
 	module_id=${module_id#mod_}
 	module_id=${module_id#lib}
 	module_id=${module_id%.so}_module
 	# special case
 	case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
 	case $i in 
 	    /*)
 		module_path=$i
 		;;
 	    *)
 		for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \
 			 /usr/lib/$pname-$APACHE_MPM/$i.so \
 			 /usr/lib/$pname-$APACHE_MPM/mod_$i \
 			 /usr/lib/$pname-$APACHE_MPM/$i \
 			 /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \
 			 /usr/lib/$pname-$APACHE_MPM/${i/mod_} \
 			 /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \
 			 /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \
 			 /usr/lib/$pname-$APACHE_MPM/lib$i.so \
 			 /usr/lib/$pname-$APACHE_MPM/lib$i \
 			 /usr/lib/$pname/mod_$i.so \
 			 /usr/lib/$pname/$i.so \
 			 /usr/lib/$pname/mod_$i \
 			 /usr/lib/$pname/$i \
 			 /usr/lib/$pname/${i/mod_}.so \
 			 /usr/lib/$pname/${i/mod_} \
 			 /usr/lib/$pname/lib${i/mod_}.so \
 			 /usr/lib/$pname/lib${i/mod_} \
 			 /usr/lib/$pname/lib$i.so \
 			 /usr/lib/$pname/lib$i
 		do
 			if [ -f $j ]; then
 				module_path=$j 
 				break
 			fi
 		done
 		;;
 	esac
 	if [[ -f $module_path ]]; then
 		printf "LoadModule %-30s %s\n" $module_id $module_path >&3	
 	else
 		# print a warning?
 		# php modules are in the list by default, so we don't warn about it [#66729]
                if ! $quiet && [ $i != "php4" -a $i != "php5" ]; then
                        echo >&2 "Module \"$i\" is not installed, ignoring."
                        echo >&2 "Check the APACHE_MODULES setting in /etc/sysconfig/$pname."
                fi
 	fi
 done 
 echo >&3 -e "#\n"
 exec 3<&-
 chmod 644 $TMPFILE
 if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then
  mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf
  if selinuxenabled; then
    restorecon $sysconfdir/sysconfig.d/loadmodule.conf
  fi
 fi
 #echo -n ". "
 #echo -n writing sysconfig.d/global.conf
 exec 3>$sysconfdir/sysconfig.d/global.conf
 echo >&3 "#
 # Files in this directory are created at apache start time by /usr/sbin/rc$pname 
 # Do not edit them!
 #
 # see $sysconfig_apache
 " 
 if [[ -n $APACHE_DOCUMENT_ROOT ]]; then
 	echo >&3 "DocumentRoot $APACHE_DOCUMENT_ROOT"
 # else
 # 	if ! grep -q "^DocumentRoot" $sysconfdir/httpd.conf 2>/dev/null; then 
 # 		echo >&3 "DocumentRoot $default_APACHE_DOCUMENT_ROOT"
 # 	fi
 fi
 [[ -n $APACHE_TIMEOUT ]]		&& echo >&3 "Timeout $APACHE_TIMEOUT"
 if [[ -n $APACHE_SERVERSIGNATURE ]]; then
 	case $APACHE_SERVERSIGNATURE in 
 	no) APACHE_SERVERSIGNATURE=off;;
 	yes) APACHE_SERVERSIGNATURE=on;;
 	esac
 	echo >&3 "ServerSignature $APACHE_SERVERSIGNATURE"
 fi
 [[ -n $APACHE_SERVERADMIN ]]		&& echo >&3 "ServerAdmin $APACHE_SERVERADMIN"
 [[ -n $APACHE_SERVERNAME ]]		&& echo >&3 "ServerName $APACHE_SERVERNAME"
 [[ -n $APACHE_USE_CANONICAL_NAME ]]	&& echo >&3 "UseCanonicalName $APACHE_USE_CANONICAL_NAME"
 [[ -n $APACHE_SERVERTOKENS ]]		&& echo >&3 "ServerTokens $APACHE_SERVERTOKENS"
 [[ $APACHE_EXTENDED_STATUS = on ]]	&& echo -e >&3 "<IfModule mod_status.c>\n    ExtendedStatus on\n</IfModule>"
 [[ $APACHE_BUFFERED_LOGS = on ]]	&& echo >&3 "BufferedLogs on"
 [[ -n $APACHE_LOGLEVEL ]]		&& echo >&3 "LogLevel $APACHE_LOGLEVEL"
 if [[ -n $APACHE_ACCESS_LOG ]]; then
 	# split multiple entries
 	APACHE_ACCESS_LOG=($APACHE_ACCESS_LOG)
 	for ((i=0; $i<${#APACHE_ACCESS_LOG[*]}; i=i+2)); do
 		filename=${APACHE_ACCESS_LOG[$i]}
 		format=${APACHE_ACCESS_LOG[$i+1]}
 		echo >&3 "CustomLog $filename ${format/%,}"
 	done
 fi
 exec 3<&-
 #echo -n ". "
--- a/httpd-2.4.10-apachectl.patch
+++ b/httpd-2.4.10-apachectl.patch
@ -1,56 +0,0 @@
 diff -Ndurp httpd-2.4.10/support/apachectl.in httpd-2.4.10-apachectl/support/apachectl.in
 --- httpd-2.4.10/support/apachectl.in	2012-02-01 05:47:28.000000000 +0200
 +++ httpd-2.4.10-apachectl/support/apachectl.in	2014-10-18 19:18:51.203692588 +0300
@@ -42,17 +42,32 @@ ARGV="$@"
 # --------------------                              --------------------
 # 
 # the path to your httpd binary, including options if necessary
 -HTTPD='@exp_sbindir@/@progname@'
 +HTTPD='@exp_sbindir@/httpd'
 #
 # pick up any necessary environment variables
 if test -f @exp_sbindir@/envvars; then
   . @exp_sbindir@/envvars
 fi
 +
 +pname=apache2
 +sysconfig_apache=/etc/sysconfig/$pname
 +sysconfdir=/etc/$pname
 +
 +test -s $sysconfig_apache && . $sysconfig_apache
 +httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
 +
 #
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
 # programs may work.  
 -LYNX="@LYNX_PATH@ -dump"
 +
 +if [ -x "`which w3m`" ]; then
 +        LYNX="w3m -dump -cols ${COLUMNS:-80}"
 +elif [ -x "`which lynx`" ]; then
 +        LYNX="lynx -dump -width=${COLUMNS:-80}"
 +fi
 +
 +
 #
 # the URL to your server's mod_status status page.  If you do not
 # have one, then status and fullstatus will not work.
@@ -78,7 +93,7 @@ fi
 case $ACMD in
 start|stop|restart|graceful|graceful-stop)
 -    $HTTPD -k $ARGV
 +    $HTTPD ${httpd_conf+-f $httpd_conf} -k $ARGV
     ERROR=$?
     ;;
 startssl|sslstart|start-SSL)
@@ -88,7 +103,7 @@ startssl|sslstart|start-SSL)
     ERROR=2
     ;;
 configtest)
 -    $HTTPD -t
 +    $HTTPD ${httpd_conf+-f $httpd_conf} -t
     ERROR=$?
     ;;
 status)
--- a/httpd-2.4.9-bnc690734.patch
+++ b/httpd-2.4.9-bnc690734.patch
@ -1,14 +1,13 @@
--- server/util_script.c.orig
+Index: server/util_script.c
-+++ server/util_script.c
+===================================================================
-@@ -415,6 +415,7 @@ AP_DECLARE(int) ap_scan_script_header_er
+--- server/util_script.c.orig	2015-06-25 09:15:54.539638460 +0200
- {
+++ server/util_script.c	2015-06-25 09:20:48.554424220 +0200
-     char x[MAX_STRING_LEN];
+@@ -422,11 +422,20 @@
-     char *w, *l;
+     apr_table_t *cookie_table;
     int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
     int first_header = 1;
 +    int wlen;
-     int p;
+ 
     int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
@@ -425,7 +426,14 @@ AP_DECLARE(int) ap_scan_script_header_er
     if (buffer) {
         *buffer = '\0';
     }
@ -21,10 +20,11 @@
 +        w = buffer ? buffer : x;
 +        wlen = MAX_STRING_LEN;
 +    }
 +
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
-@@ -441,7 +449,7 @@ AP_DECLARE(int) ap_scan_script_header_er
+@@ -442,7 +451,7 @@
     while (1) {
@ -33,17 +33,19 @@
         if (rv == 0) {
             const char *msg = "Premature end of script headers";
             if (first_header)
-@@ -553,9 +561,12 @@ AP_DECLARE(int) ap_scan_script_header_er
+@@ -555,10 +564,13 @@
         if (!(l = strchr(w, ':'))) {
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
+-                while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
 +                while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
                     continue;
                 }
-+	    } else if (w != buffer) {
+-            }
 +            } else if (w != buffer) {
 +		strncpy(buffer, w, MAX_STRING_LEN - 1);
 +		buffer[MAX_STRING_LEN - 1] = 0;
-             }
+	    }
             ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
                           "malformed header from script '%s': Bad header: %.30s",
--- a/httpd-apachectl.patch
+++ b/httpd-apachectl.patch
@ -0,0 +1,27 @@
 Index: support/apachectl.in
 ===================================================================
 --- support/apachectl.in.orig	2012-02-01 04:47:28.000000000 +0100
 +++ support/apachectl.in	2015-07-13 17:09:06.651280087 +0200
@@ -42,7 +42,7 @@
 # --------------------                              --------------------
 # 
 # the path to your httpd binary, including options if necessary
 -HTTPD='@exp_sbindir@/@progname@'
 +HTTPD='@exp_sbindir@/start_apache2'
 #
 # pick up any necessary environment variables
 if test -f @exp_sbindir@/envvars; then
@@ -52,7 +52,11 @@
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
 # programs may work.  
 -LYNX="@LYNX_PATH@ -dump"
 +if [ -x "`which w3m`" ]; then
 +        LYNX="w3m -dump -cols ${COLUMNS:-80}"
 +elif [ -x "`which lynx`" ]; then
 +        LYNX="lynx -dump -width=${COLUMNS:-80}"
 +fi
 #
 # the URL to your server's mod_status status page.  If you do not
 # have one, then status and fullstatus will not work.
--- a/apache2-implicit-pointer-decl.patch
+++ b/apache2-implicit-pointer-decl.patch
--- a/10
+++ b/10
@ -1,10 +0,0 @@
 #!/bin/bash
 : ${sysconfig_apache:=/etc/sysconfig/apache2}
 #
 # load the configuration, but only if it hasn't been done already
 #
 if [ -z "$APACHE_MODULES" ]; then 
 	. $sysconfig_apache
 fi
--- a/148
+++ b/148
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #
 # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
 # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
@ -10,33 +10,52 @@
 #                                        2008, 2009, 2010
 #
 #
 pname=apache2
 . /usr/share/$pname/load_configuration
-export ${!APACHE_*}
+. /usr/share/apache2/script-helpers
-apache_link=/usr/sbin/httpd
+#
-apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
+# which instance should we will run
-httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2/httpd.conf}
+#
-test -L $apache_link && apache_bin=$(readlink $apache_link)
+unset instance_suffix
-
+if [ -n "$HTTPD_INSTANCE" ]; then 
-if [ -z "$APACHE_MPM" ]; then 
+  instance_suffix="@$HTTPD_INSTANCE"
 	APACHE_MPM=${apache_bin##*-}
 fi
-if ! [ -x $apache_bin ]; then
+#
-	echo >&2 $apache_bin-$APACHE_MPM is not a valid httpd binary. 
+# load sysconfig variables APACHE_* from instance sysconfig
-	echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname.
+# file
-	exit 5
+#
-fi
+export SYSCONFIG_FILE=/etc/sysconfig/apache2${instance_suffix}
-
+load_sysconfig
 # a proper home should be set, otherwise the server might end up 
 # with HOME=/root and some script might try to use that
 HOME=/var/lib/apache2
 unset server_flags
-case "$action" in startssl) server_flags="-DSSL";; esac
+#
 # server_flags: -DSYSCONFIG
 #
 if [ -f "$SYSCONFIG_FILE" ]; then
  server_flags="$server_flags -DSYSCONFIG"
 fi
 #
 # figure out correct apache2 binary (/usr/sbin/httpd-prefork,
 # /usr/sbin/httpd-worker, etc.) and serverflags
 #
 find_mpm
 if [ -n "$HTTPD_MPM" ]; then
    apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM"
    if ! [ -x $apache_bin ]; then
        echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary."
 	echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2."
 	exit 1
    fi
 else
  echo >&2 "${warn}No Apache binary found. No MPM package installed? $norm"
  echo >&2 "Hint: install the apache2-prefork package, and try again."
  exit 1
 fi
 # server flags from APACHE_SERVER_FLAGS
 for i in $APACHE_SERVER_FLAGS; do
 	case $i in 
 	-D)	;;
@ -44,8 +63,87 @@ for i in $APACHE_SERVER_FLAGS; do
 	*)	server_flags="$server_flags -D$i";;
 	esac
 done
 ${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true
 ${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true
-export -n ${!APACHE_*}
+#
-exec $apache_bin -f $httpd_conf $server_flags $@
+# head configuration file
 #
 httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf}
 #
 # set PidFile to this file name; PidFile should not
 # be used in the configuration to change this, otherwise
 # stopping will not work
 #
 pid_file=/var/run/httpd${instance_suffix}.pid
 unset sysconfig_setting
 #
 # involve the sysconfig variables
 #
 # APACHE_ACCESS_LOG 
 if [ -n "$APACHE_ACCESS_LOG" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "CustomLog $APACHE_ACCESS_LOG")
 fi
 # APACHE_CONF_INCLUDE_FILES
 for file in $APACHE_CONF_INCLUDE_FILES; do
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $file")
 done
 # APACHE_CONF_INCLUDE_DIRS
 for dir in $APACHE_CONF_INCLUDE_DIRS; do
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $dir")
 done
 # APACHE_SERVERADMIN
 if [ -n "$APACHE_SERVERADMIN" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerAdmin $APACHE_SERVERADMIN")
 fi
 # APACHE_SERVERNAME
 if [ -n "$APACHE_SERVERNAME" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerName $APACHE_SERVERNAME")
 fi
 # APACHE_START_TIMEOUT
 # not used nowadays
 # APACHE_SERVERSIGNATURE
 if [ -n "$APACHE_SERVERSIGNATURE" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerSignature $APACHE_SERVERSIGNATURE")
 fi
 # APACHE_LOGLEVEL
 if [ -n "$APACHE_LOGLEVEL" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LogLevel $APACHE_LOGLEVEL")
 fi
 # APACHE_USE_CANONICAL_NAME
 if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "UseCanonicalName $APACHE_USE_CANONICAL_NAME")
 fi
 # APACHE_SERVERTOKENS
 if [ -n "$APACHE_SERVERTOKENS" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerTokens $APACHE_SERVERTOKENS")
 fi
 # APACHE_EXTENDED_STATUS
 if [ -n "$APACHE_EXTENDED_STATUS" ]; then
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ExtendedStatus $APACHE_EXTENDED_STATUS")
 fi
 # APACHE_MODULES
 get_module_list
 module_ids=($HTTPD_MODULE_IDS)
 module_paths=($HTTPD_MODULE_PATHS)
 for i in "${!module_ids[@]}"; do
    sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LoadModule ${module_ids[$i]} ${module_paths[$i]}")
 done
 #
 # a proper home should be set, otherwise the server might end up 
 # with HOME=/root and some script might try to use that
 #
 HOME=/var/lib/apache2${instance_suffix}
 #
 # run Apache
 #
 exec $apache_bin -f $httpd_conf $server_flags \
        -C "PidFile $pid_file" \
        "${sysconfig_setting[@]}" \
        $@
 exit 0
--- a/sysconfig.apache2
+++ b/sysconfig.apache2
@ -30,7 +30,7 @@ APACHE_CONF_INCLUDE_FILES=""
 APACHE_CONF_INCLUDE_DIRS=""
 ## Type:	string
-## Default:	"actions alias auth_basic authz_host authn_file authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5"
+## Default:	"actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
 ## ServiceRestart: apache2
 #
 # [It might look silly to not simply edit httpd.conf for the LoadModule statements.
@ -38,9 +38,7 @@ APACHE_CONF_INCLUDE_DIRS=""
 # switching between MPMs can be quite a hassle. It's easier to just give the names here.]
 #
 # * list of all modules shipped with the base distribution: 
-#
+#   see /usr/lib64/apache2-$MPM
@@all_modules@@
 #
 #   see http://httpd.apache.org/docs/2.4/mod/ !
 #
 # * It pays to use IfDefine statements... like
@ -79,7 +77,7 @@ APACHE_CONF_INCLUDE_DIRS=""
 # apache's default installation
 # APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
 # your settings
-APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir php5 reqtimeout"
+APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
 ## Type:	string