that are enabled.
/etc/apache2/ssl-global.conf: make SSLSessionCache shmcb...
conditional on IfModule socache_shmcb.
The same applies to SSLSessionCache dmb:* via module socache_dbm
in commented section of same file. [bnc#864185]
- /etc/sysconfig/apache2: remove reference to non-existing script
/usr/share/doc/packages/apache2/certificate.sh, which was only a
wrapper to mkcert.sh anyways. [bnc#864185]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=401
- update to apache 2.4.7, important changes:
* This release requires both apr and apr-util 1.5.x series
and therefore will no longer build in older released products
* mod_ssl: Improve handling of ephemeral DH and ECDH keys
(obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch)
* event MPM: Fix possible crashes
* mod_deflate: Improve error detection
* core: Add open_htaccess hook in conjunction with dirwalk_stat.
* mod_rewrite: Make rewrite websocket-aware to allow proxying.
* mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite)
* see CHANGES for more details
OBS-URL: https://build.opensuse.org/request/show/208347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=399
- mod_ssl: improve ephemeral key handling in particular, support DH params
with more than 1024 bits, and allow custom configuration.
This patch adjust DH parameters according to the relevant RFC
recommendations and permanently disables the usage of "export"
and "NULL" ciphers no matter what the user configuration is
(mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)
OBS-URL: https://build.opensuse.org/request/show/204244
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=394
- provide and obsolete mod_macro
- upgrade: some people complain that log_config module
is not enabled by default sometimes, fix that.
- upgrade : "SSLMutex" no longer exists.
- Toogle EnableSendfile on because now apache defaults to off
due to kernel bugs. that's a silly thing to do here
as kernel bugs have to be fixed at their source, not worked around
in applications.
OBS-URL: https://build.opensuse.org/request/show/184902
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=384
- Update to version 2.4.6
* SECURITY: CVE-2013-1896 (cve.mitre.org)
* SECURITY: CVE-2013-2249 (cve.mitre.org)
* Major updates to mod_lua
* Support for proxying websocket requests
* Higher performant shm-based cache implementation
* Addition of mod_macro for easier configuration management
* As well as several exciting fixes, especially those related to RFC edge
cases in mod_cache and mod_proxy.
- IMPORTANT : With the current packaging scheme, we can no longer
Include the ITK MPM, therefore it has been disabled. This is because
this MPM can now only be provided as a loadable module but we do
not currently build MPMs as shared modules but as independant
binaries and all helpers/startup scripts depend on that behaviour.
It will be fixed in the upcoming weeks/months.
OBS-URL: https://build.opensuse.org/request/show/184014
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=382
- remove After=mysql.service php-fpm.service postgresql.service
which were added in the previous change, those must be added
as Before=apache2.service in the respective services.
- Include mod_systemd for more complete integration with
systemd, turn the service to Typé=notify as required
- Disable SSL NPN patch for now, it is required for mod_spdy
but mod_spdy does not support apache 2.4
- apache 2.4.4
* fix for CVE-2012-3499
* fix for the CRIME attack (disable ssl compression by default)
* many other bugfies
* build access_compat amd unixd as static modules and solve
some other upgrade quirks (bnc#813705)
OBS-URL: https://build.opensuse.org/request/show/179374
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=379
binaries after package update more thoughtfully: If the binaries
have been replaced, then a dlopen(3) on the apache modules is
prone to fail. => Don't reload then, but complain and fail.
Especially important for logrotate!
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=350
* re-worked CVE-2011-3192 (byterange_filter.c) with a regression
fix. New config option: MaxRanges (PR 51748)
* multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs,
mod_alias, mod_rewrite. As always, see CHANGES file.
- added httpd-%{realver}.tar.bz2.asc to source, along with
60C5442D.key which the tarball was signed with.
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=337
- Update to version 2.2.20, fix CVE-2011-3192
mod_deflate D.o.S.
- Fix apache PR 45076
- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage
- Add 2 patches from the "low hanging fruit" warnings in apache
STATUS page.
* mod_deflate: Stop compressing HEAD requests
if there is not Content-Length header
* mod_reqtimeout: Disable keep-alive after read timeout
- Remove -fno-strict-aliasing from CFLAGS, no longer needed.
- Allow KeepAliveTimeout to be expressed in miliseconds
sometimes one second is too long, upstream r733557.
- When linux changes to version 3.x configure tests are gonna break.
remove version check, assuming kernel 2.2 or later.
OBS-URL: https://build.opensuse.org/request/show/80399
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=334
