Accepting request 82181 from Apache

- Update to 2.2.21. News therein:
  * re-worked CVE-2011-3192 (byterange_filter.c) with a regression
    fix. New config option: MaxRanges (PR 51748)
  * multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs,
    mod_alias, mod_rewrite. As always, see CHANGES file.
- added httpd-%{realver}.tar.bz2.asc to source, along with
  60C5442D.key which the tarball was signed with.

- need to add %ghost /lib/systemd to satisfy distributions that
  have no systemd yet.

- Add apache2-systemd-ask-pass / apache2.service / start_apache2
  and modify apache2-ssl-global.conf for systemd support
  (bnc#697137).

- Update to version 2.2.20, fix CVE-2011-3192 
  mod_deflate D.o.S.

-  Fix apache PR 45076 

- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage

- Add 2 patches from the "low hanging fruit" warnings in apache
  STATUS page.
 * mod_deflate: Stop compressing HEAD requests 
  if there is not Content-Length header 
 * mod_reqtimeout: Disable keep-alive after read timeout

- Remove -fno-strict-aliasing from CFLAGS, no longer needed.

OBS-URL: https://build.opensuse.org/request/show/82181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=51

.gitattributes

@@ -22,4 +22,5 @@
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
 ## Specific LFS patterns
+60C5442D.key filter=lfs diff=lfs merge=lfs -text
 Apache.xpm filter=lfs diff=lfs merge=lfs -text

60C5442D.key

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2d0f272a697be2b07f52f676817d8a07fb1715d0a1402ed4cff60cb3bb1ba907
+size 64309

apache2-ssl-global.conf

@@ -29,7 +29,12 @@
 	#   Configure the pass phrase gathering process.
 	#   The filtering dialog program (`builtin' is a internal
 	#   terminal dialog) has to provide the pass phrase on stdout.
+	<IfDefine SYSTEMD>
+	SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass
+	</IfDefine>
+	<IfDefine !SYSTEMD>
 	SSLPassPhraseDialog  builtin
+	</IfDefine>
 
 	#   Inter-Process Session Cache:
 	#   Configure the SSL Session Cache: First the mechanism 

apache2-systemd-ask-pass

@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2): "

apache2-vhost-ssl.template

@@ -182,7 +182,7 @@
 	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 	#   "force-response-1.0" for this.
-	SetEnvIf User-Agent ".*MSIE.*" \
+	SetEnvIf User-Agent ".*MSIE [1-5].*" \
 		 nokeepalive ssl-unclean-shutdown \
 		 downgrade-1.0 force-response-1.0
 

apache2.2-mpm-itk-20090414-00.patch

@@ -1,22 +1,20 @@
 unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/Makefile.in	2009-03-17 21:38:54.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in	2009-03-17 21:39:03.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/Makefile.in
 @@ -0,0 +1,5 @@
 +
 +LTLIBRARY_NAME    = libitk.la
 +LTLIBRARY_SOURCES = itk.c
 +
 +include $(top_srcdir)/build/ltlib.mk
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/config.m4	2009-03-17 21:38:53.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/config.m4	2009-03-17 21:39:03.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/config.m4
 @@ -0,0 +1,3 @@
 +if test "$MPM_NAME" = "itk" ; then
-+    APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++    APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
 +fi
-diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/experimental/itk/itk.c
---- httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-04-14 23:29:16.000000000 +0200
-+++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-04-14 23:31:05.000000000 +0200
+--- /dev/null
++++ server/mpm/experimental/itk/itk.c
 @@ -0,0 +1,1740 @@
 +/* Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
@@ -1758,9 +1756,8 @@ diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/e
 +    itk_cmds,                   /* command apr_table_t */
 +    itk_hooks,                  /* register hooks */
 +};
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/mpm.h	2009-03-17 21:39:03.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h	2009-03-21 13:02:33.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/mpm.h
 @@ -0,0 +1,68 @@
 +/* Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
@@ -1830,9 +1827,8 @@ unchanged:
 +extern server_rec *ap_server_conf;
 +#endif /* APACHE_MPM_ITK_H */
 +/** @} */
-unchanged:
---- httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h	2009-03-17 21:39:03.000000000 +0100
-+++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h	2009-03-21 13:02:33.000000000 +0100
+--- /dev/null
++++ server/mpm/experimental/itk/mpm_default.h
 @@ -0,0 +1,80 @@
 +/* Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
@@ -1914,19 +1910,18 @@ unchanged:
 +
 +#endif /* AP_MPM_DEFAULT_H */
 +/** @} */
-unchanged:
---- apache2.2.orig/server/mpm/config.m4	2007-01-29 21:30:26.000000000 +0100
-+++ apache2.2/server/mpm/config.m4	2007-01-29 21:30:35.000000000 +0100
+--- server/mpm/config.m4.orig
++++ server/mpm/config.m4
 @@ -1,7 +1,7 @@
  AC_MSG_CHECKING(which MPM to use)
  AC_ARG_WITH(mpm,
  APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use.
--                          MPM={beos|event|worker|prefork|mpmt_os2}),[
-+                          MPM={beos|event|worker|prefork|mpmt_os2|itk}),[
+-                          MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[
++                          MPM={beos|event|worker|prefork|mpmt_os2|winnt|itk}),[
    APACHE_MPM=$withval
  ],[
    if test "x$APACHE_MPM" = "x"; then
-@@ -23,7 +23,7 @@
+@@ -23,7 +23,7 @@ ap_mpm_is_threaded ()
  
  ap_mpm_is_experimental ()
  {
@@ -1935,17 +1930,20 @@ unchanged:
          return 0
      else
          return 1
-unchanged:
---- apache2.2.orig/server/mpm/experimental/itk/config.m4	2007-01-29 21:03:51.000000000 +0100
-+++ apache2.2/server/mpm/experimental/itk/config.m4	2007-01-29 21:03:57.000000000 +0100
-@@ -1,3 +1,3 @@
- if test "$MPM_NAME" = "itk" ; then
--    APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
-+    APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
+@@ -66,6 +66,11 @@ if ap_mpm_is_experimental; then
+ else
+   MPM_SUBDIR_NAME=$MPM_NAME
  fi
-unchanged:
---- httpd-2.2.11/include/http_request.h	2009-03-21 13:03:31.000000000 +0100
-+++ httpd-2.2.11/include/http_request.h	2009-03-21 13:03:41.000000000 +0100
++
++if test "$apache_cv_mpm" = "itk" ; then
++  AC_CHECK_LIB(cap, cap_init)
++fi
++
+ MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
+ MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
+ 
+--- include/http_request.h.orig
++++ include/http_request.h
 @@ -12,6 +12,12 @@
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
@@ -1959,7 +1957,7 @@ unchanged:
   */
  
  /**
-@@ -350,6 +356,15 @@
+@@ -350,6 +356,15 @@ AP_DECLARE_HOOK(int,auth_checker,(reques
   */
  AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
  
@@ -1975,9 +1973,8 @@ unchanged:
  AP_DECLARE(int) ap_location_walk(request_rec *r);
  AP_DECLARE(int) ap_directory_walk(request_rec *r);
  AP_DECLARE(int) ap_file_walk(request_rec *r);
-unchanged:
---- httpd-2.2.11/server/request.c	2009-03-21 13:03:13.000000000 +0100
-+++ httpd-2.2.11/server/request.c	2009-03-21 13:03:41.000000000 +0100
+--- server/request.c.orig
++++ server/request.c
 @@ -12,6 +12,12 @@
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
@@ -1991,7 +1988,7 @@ unchanged:
   */
  
  /*
-@@ -61,6 +67,7 @@
+@@ -61,6 +67,7 @@ APR_HOOK_STRUCT(
      APR_HOOK_LINK(auth_checker)
      APR_HOOK_LINK(insert_filter)
      APR_HOOK_LINK(create_request)
@@ -1999,7 +1996,7 @@ unchanged:
  )
  
  AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
-@@ -80,6 +87,8 @@
+@@ -80,6 +87,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,auth_che
  AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
  AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
                            (request_rec *r), (r), OK, DECLINED)
@@ -2008,7 +2005,7 @@ unchanged:
  
  
  static int decl_die(int status, char *phase, request_rec *r)
-@@ -158,6 +167,13 @@
+@@ -158,6 +167,13 @@ AP_DECLARE(int) ap_process_request_inter
          return access_status;
      }
  
@@ -2022,18 +2019,3 @@ unchanged:
      /* Only on the main request! */
      if (r->main == NULL) {
          if ((access_status = ap_run_header_parser(r))) {
-unchanged:
---- httpd-2.2.11.orig/server/mpm/config.m4	2009-04-14 23:26:41.000000000 +0200
-+++ httpd-2.2.11/server/mpm/config.m4	2009-04-14 23:28:03.000000000 +0200
-@@ -66,6 +66,11 @@
- else
-   MPM_SUBDIR_NAME=$MPM_NAME
- fi
-+
-+if test "$apache_cv_mpm" = "itk" ; then
-+  AC_CHECK_LIB(cap, cap_init)
-+fi
-+
- MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
- MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
- 

apache2.changes

@@ -1,3 +1,104 @@
+-------------------------------------------------------------------
+Wed Sep 14 01:11:55 CEST 2011 - draht@suse.de
+
+- Update to 2.2.21. News therein:
+  * re-worked CVE-2011-3192 (byterange_filter.c) with a regression
+    fix. New config option: MaxRanges (PR 51748)
+  * multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs,
+    mod_alias, mod_rewrite. As always, see CHANGES file.
+- added httpd-%{realver}.tar.bz2.asc to source, along with
+  60C5442D.key which the tarball was signed with.
+
+-------------------------------------------------------------------
+Tue Sep 13 10:37:37 CEST 2011 - draht@suse.de
+
+- need to add %ghost /lib/systemd to satisfy distributions that
+  have no systemd yet.
+
+-------------------------------------------------------------------
+Thu Sep  1 09:43:49 UTC 2011 - fcrozat@suse.com
+
+- Add apache2-systemd-ask-pass / apache2.service / start_apache2
+  and modify apache2-ssl-global.conf for systemd support
+  (bnc#697137).
+
+-------------------------------------------------------------------
+Wed Aug 31 12:52:22 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to version 2.2.20, fix CVE-2011-3192 
+  mod_deflate D.o.S.
+
+
+-------------------------------------------------------------------
+Fri Aug  5 06:02:35 UTC 2011 - crrodriguez@opensuse.org
+
+-  Fix apache PR 45076 
+
+-------------------------------------------------------------------
+Sun Jul 17 19:49:55 UTC 2011 - crrodriguez@opensuse.org
+
+- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage
+
+-------------------------------------------------------------------
+Wed Jun 22 16:12:10 UTC 2011 - crrodriguez@opensuse.org
+
+- Add 2 patches from the "low hanging fruit" warnings in apache
+  STATUS page.
+ * mod_deflate: Stop compressing HEAD requests 
+  if there is not Content-Length header 
+ * mod_reqtimeout: Disable keep-alive after read timeout
+
+-------------------------------------------------------------------
+Fri Jun 10 00:59:53 UTC 2011 - crrodriguez@opensuse.org
+
+- Remove -fno-strict-aliasing from CFLAGS, no longer needed.
+
+-------------------------------------------------------------------
+Wed Jun  8 19:10:41 UTC 2011 - crrodriguez@opensuse.org
+
+- Allow KeepAliveTimeout to be expressed in miliseconds
+  sometimes one second is too long, upstream r733557.
+
+-------------------------------------------------------------------
+Mon Jun  6 18:16:05 UTC 2011 - crrodriguez@opensuse.org
+
+- When linux changes to version 3.x configure tests are gonna break.
+  remove version check, assuming kernel 2.2 or later.
+
+-------------------------------------------------------------------
+Thu May 26 03:35:05 UTC 2011 - crrodriguez@opensuse.org
+
+- Update to 2.2.19, only one bugfix.
+*) Revert ABI breakage in 2.2.18 caused by the function signature change
+     of ap_unescape_url_keep2f().  This release restores the signature from
+     2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
+     [Eric Covener] 
+
+-------------------------------------------------------------------
+Fri May 20 19:28:03 UTC 2011 - crrodriguez@opensuse.org
+
+- Remove SSLv2 disabled patch, already in upstream.
+- Update to version 2.2.18
+*  mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+* core: Treat timeout reading request as 408 error, not 400.
+* core: Only log a 408 if it is no keepalive timeout.
+*  mod_rewrite: Allow to unset environment variables. 
+* prefork: Update MPM state in children during a graceful restart.
+* Other fixes in mod_cache,mod_dav,mod_proxy se NEWS for detail.
+
+-------------------------------------------------------------------
+Wed Apr 20 23:24:26 UTC 2011 - crrodriguez@opensuse.org
+
+- Fix regular expression in vhost ssl template IE workaround
+  it is obsolete see https://issues.apache.org/bugzilla/show_bug.cgi?id=49484
+  You should apply this update to fix painfully slow SSL
+  connections when using IE.
+
+-------------------------------------------------------------------
+Mon Apr 11 16:19:14 UTC 2011 - crrodriguez@opensuse.org
+
+- Allow usage of an openSSL library compiled without SSlv2 
+
 -------------------------------------------------------------------
 Fri Apr  8 13:41:48 UTC 2011 - lnussel@suse.de
 

apache2.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=apache
+After=syslog.target network.target
+Before=getty@tty1.service
+
+[Service]
+Type=forking
+PIDFile=/var/run/httpd2.pid
+EnvironmentFile=/etc/sysconfig/apache2
+ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start
+ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -t
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/usr/sbin/httpd2 -D SYSTEMD -k stop
+
+[Install]
+WantedBy=multi-user.target

apache2.spec

@@ -67,13 +67,15 @@ BuildRequires:  expat-devel
 %define platform_string	Linux/%VENDOR
 License:        ASLv..
 Group:          Productivity/Networking/Web/Servers
-%define realver 2.2.17
-Version:        2.2.17
-Release:        6
+%define realver 2.2.21
+Version:        2.2.21
+Release:        1
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
 # Add file to take mtime from it in prep section
 Source1:        apache2.changes
+Source5:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2.asc
+Source6:        60C5442D.key
 Source10:       SUSE-NOTICE
 Source11:       rc.%{pname}
 Source13:       sysconfig.%{pname}
@@ -116,6 +118,9 @@ Source130:      apache2-vhost.template
 Source131:      apache2-vhost-ssl.template
 Source140:      apache2-check_forensic
 Source141:      apache-20-22-upgrade
+Source142:      start_apache2
+Source143:      apache2-systemd-ask-pass
+Source144:      apache2.service
 Patch2:         httpd-2.1.3alpha-layout.dif
 Patch23:        httpd-2.1.9-apachectl.dif
 Patch65:        httpd-2.0.49-log_server_status.dif
@@ -123,6 +128,10 @@ Patch66:        httpd-2.0.54-envvars.dif
 Patch67:        httpd-2.2.0-apxs-a2enmod.dif
 Patch68:        httpd-2.x.x-logresolve.patch
 Patch100:       apache2.2-mpm-itk-20090414-00.patch
+Patch101:       httpd-2.2.19-linux3.patch
+Patch102:       httpd-keepalivetimeout-millisecs.patch
+Patch104:       httpd-mod_deflate_head.patch
+Patch105:       ssl-mode-release-buffers.patch
 Url:            http://httpd.apache.org/
 Icon:           Apache.xpm
 Summary:        The Apache Web Server Version 2.0
@@ -339,7 +348,11 @@ to administrators of web servers in general.
 %patch66 -p1
 %patch67 -p1
 %patch68 -p1
-%patch100 -p1
+%patch100
+%patch101
+%patch102
+%patch104
+%patch105
 #
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 #
@@ -354,8 +367,7 @@ sed -i -e "s/__DATE__ \" \" __TIME__;/\"$CHANGES\";/" server/buildmark.c
 # now configure Apache 
 #
 %if 0%{?suse_version} > 910
-aclocal
-autoreconf --force --install
+autoreconf -fiv
 %else
 rm -rf aclocal.m4 autom4te*.cache
 autoheader
@@ -368,7 +380,7 @@ autoconf
 #  /O |_)|_|||(_|
 #
 function configure {
-	CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
+	CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -DLDAP_DEPRECATED" \
 	CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
 	./configure \
 		--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
@@ -455,7 +467,6 @@ for mpm in %{mpms_to_build}; do
 	mv include/ap_config_auto.h.new include/ap_config_auto.h
 
 	make CFLAGS="$RPM_OPT_FLAGS -fPIC \
-		-fno-strict-aliasing \
 		-Wall \
 		-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
 		-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
@@ -589,7 +600,11 @@ tar xjf %{SOURCE29} -C $RPM_BUILD_ROOT/%{sysconfdir}
 #
 # init script and friends
 mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/etc/init.d $RPM_BUILD_ROOT/lib/systemd/system/
 install -m 744 $RPM_SOURCE_DIR/rc.%{pname} $RPM_BUILD_ROOT/etc/init.d/%{pname}
+install -m 744 $RPM_SOURCE_DIR/start_apache2 $RPM_BUILD_ROOT/usr/sbin/start_apache2
+install -m 744 $RPM_SOURCE_DIR/apache2-systemd-ask-pass $RPM_BUILD_ROOT/usr/sbin/apache2-systemd-ask-pass
+install -m 744 $RPM_SOURCE_DIR/apache2.service $RPM_BUILD_ROOT/lib/systemd/system/apache2.service
 ln -sf ../../etc/init.d/%{pname} $RPM_BUILD_ROOT/%{_sbindir}/rc%{pname}
 install -m 755 $RPM_SOURCE_DIR/load_configuration $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
 install -m 755 $RPM_SOURCE_DIR/find_mpm           $RPM_BUILD_ROOT/%{_prefix}/share/%{pname}/
@@ -847,6 +862,7 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %config(noreplace) /etc/permissions.d/%{pname}
 %endif
 %config /etc/init.d/%{pname}
+/lib/systemd/system/%{pname}.service
 #
 %{_sbindir}/rc%{pname}
 %{_sbindir}/apache%{vers}ctl
@@ -857,6 +873,8 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %{_sbindir}/a2enmod
 %{_sbindir}/a2disflag
 %{_sbindir}/a2dismod
+%{_sbindir}/start_apache2
+%{_sbindir}/apache2-systemd-ask-pass
 %{_bindir}/log_server_status%{vers}
 %{iconsdir}
 %{errordir}
@@ -875,6 +893,9 @@ mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
 %{_prefix}/share/%{pname}/sysconf_addword
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
+%ghost /lib/systemd
+%ghost /lib/systemd/system
+
 %if %prefork
 
 %files prefork

httpd-2.2.17.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
-size 4951247

httpd-2.2.19-linux3.patch

@@ -0,0 +1,17 @@
+--- configure.in.orig
++++ configure.in
+@@ -274,13 +274,7 @@ case $host in
+       APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+       ;;
+   *-linux-*)
+-      case `uname -r` in
+-        2.[[2-9]]* ) 
+-            APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+-            ;;
+-        * )
+-            ;;
+-      esac
++			APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])
+       ;;
+   *486-*-bsdi* | *-netbsd* | *-freebsd* | *-apple-darwin* | *-dec-osf* | *-qnx)
+       APR_SETVAR(SINGLE_LISTEN_UNSERIALIZED_ACCEPT, [1])

httpd-2.2.21.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:18d5591fe48cfbac44fc20316036ffe17456df60bc3a2aaad238d56c6445577f
+size 5324905

httpd-2.2.21.tar.bz2.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAABAgAGBQJOaiQfAAoJEFWTvKlgxUQtWu4P/j/xCzXtpb2h1H4gNQtakXjp
+KFhfccvzlOGFpkUjauQ0so5Jj+wVVAgiElr7L0+YvmtXoUyNjCgToqqJTqT/3fwG
+uxKDFfqB5ujbCstKbJ4yKhMy92aDjX1+uWWr8J/1WX//SOWY/uUl/GhJnhEFAB6p
+YExuqqrQfrZcAfC6ME35Gbam6+I8OfHVIeT0m6hLOw6UaHaPXdoRj0CAKNy4NFEf
+ckyw2ddlz83ivek9naGxVFg4v/jN8CoSw3zVfto1QaQ7P+FMA5CrYoCPiEI0A6KA
+534L8xcXf02mN6Y2lgl3C6PYQYcGO198Zmd9xU3RCXsfaFgaOrV4D/fD9TVq1hLK
+OSHPU3AOf7IdFiq99qo7EsXNYrxS0xurv67HaodKXvNNRg8D8TBxDNWO1NpbGp3A
+/zDLm3wxpV2qSOSaZbIbyH8PhX2i4UurSo6y2AVrLENUmV4/bD51qJlitCL23YOo
+5vnK99CnPsWHe36p/GyMMJW2d2fn2tUroLTo/ebCdICZlQJhhWYI7+GHNQNkhqMt
+hp5m8so9Goabs+cKtdxiyARR6+AsyLh+2aRc35dgHpa95Tn3SkuAJ1KTM3ecbzgj
+BxJbA0M3snO9RmNo2h88HELzaA5WaB0Z1kVgYW6gjYELnWRpu+iGMJxFpgXQ6guQ
+CUiByAFuIQukRlpIU/qx
+=AWI2
+-----END PGP SIGNATURE-----

httpd-keepalivetimeout-millisecs.patch

@@ -0,0 +1,20 @@
+--- modules/http/http_core.c.orig
++++ modules/http/http_core.c
+@@ -47,12 +47,15 @@ static int ap_process_http_connection(co
+ static const char *set_keep_alive_timeout(cmd_parms *cmd, void *dummy,
+                                           const char *arg)
+ {
++    apr_interval_time_t timeout;
+     const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+     if (err != NULL) {
+         return err;
+     }
+-
+-    cmd->server->keep_alive_timeout = apr_time_from_sec(atoi(arg));
++    /* Stolen from mod_proxy.c */
++    if (ap_timeout_parameter_parse(arg, &timeout, "s") != APR_SUCCESS)
++        return "KeepAliveTimeout has wrong format";
++    cmd->server->keep_alive_timeout = timeout;
+     return NULL;
+ }
+ 

httpd-mod_deflate_head.patch

@@ -0,0 +1,23 @@
+--- modules/filters/mod_deflate.c.orig
++++ modules/filters/mod_deflate.c
+@@ -582,6 +582,20 @@ static apr_status_t deflate_out_filter(a
+         apr_bucket *b;
+         apr_size_t len;
+ 
++        /*
++         * Optimization: If we are a HEAD request and bytes_sent is not zero
++         * it means that we have passed the content-length filter once and
++         * have more data to sent. This means that the content-length filter
++         * could not determine our content-length for the response to the
++         * HEAD request anyway (the associated GET request would deliver the
++         * body in chunked encoding) and we can stop compressing.
++         */
++        if (r->header_only && r->bytes_sent) {
++            ap_remove_output_filter(f);
++            return ap_pass_brigade(f->next, bb);
++        }
++
++
+         e = APR_BRIGADE_FIRST(bb);
+ 
+         if (APR_BUCKET_IS_EOS(e)) {

ssl-mode-release-buffers.patch

@@ -0,0 +1,13 @@
+--- modules/ssl/ssl_engine_init.c.orig
++++ modules/ssl/ssl_engine_init.c
+@@ -482,7 +482,9 @@ static void ssl_init_ctx_protocol(server
+     }
+ 
+     mctx->ssl_ctx = ctx;
+-
++#ifdef SSL_MODE_RELEASE_BUFFERS
++    SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
++#endif
+     SSL_CTX_set_options(ctx, SSL_OP_ALL);
+ 
+     if (!(protocol & SSL_PROTOCOL_SSLV2)) {

start_apache2

@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
+# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
+# Copyright (c) 2002, 2003, (2004?) SuSE Linux AG
+# Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH
+#
+# Authors: Rolf Haberrecker <apache@suse.de>, 2001
+#          Peter Poeml <apache@suse.de>, 2002, 2003, 2004, 2005, 2006, 2007, 
+#                                        2008, 2009, 2010
+#
+#
+pname=apache2
+. /usr/share/$pname/load_configuration
+
+export ${!APACHE_*}
+
+apache_link=/usr/sbin/httpd2
+apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
+httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2/httpd.conf}
+
+test -L $apache_link && apache_bin=$(readlink $apache_link)
+
+if [ -z "$APACHE_MPM" ]; then 
+	APACHE_MPM=${apache_bin##*-}
+fi
+
+if ! [ -x $apache_bin ]; then
+	echo >&2 $apache_bin-$APACHE_MPM is not a valid httpd2 binary. 
+	echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname.
+	exit 5
+fi
+
+# a proper home should be set, otherwise the server might end up 
+# with HOME=/root and some script might try to use that
+HOME=/var/lib/apache2
+
+unset server_flags
+case "$action" in startssl) server_flags="-DSSL";; esac
+for i in $APACHE_SERVER_FLAGS; do
+	case $i in 
+	-D)	;;
+	-D*)	server_flags="$server_flags $i";;
+	*)	server_flags="$server_flags -D$i";;
+	esac
+done
+${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true
+${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true
+
+export -n ${!APACHE_*}
+exec $apache_bin -f $httpd_conf $server_flags $@