Hello community,
here is the log from the commit of package apache2
checked in at Sat Jun 10 12:01:39 CEST 2006.
--------
--- apache2/apache2.changes 2006-04-25 18:11:25.000000000 +0200
+++ apache2/apache2.changes 2006-06-09 23:12:06.000000000 +0200
@@ -1,0 +2,102 @@
+Fri Jun 9 23:11:45 CEST 2006 - poeml@suse.de
+
+- upstream 2.2.2
+ | SECURITY: CVE-2005-3357 (cve.mitre.org)
+ | mod_ssl: Fix a possible crash during access control checks
+ | if a non-SSL request is processed for an SSL vhost (such as
+ | the "HTTP request received on SSL port" error message when
+ | an 400 ErrorDocument is configured, or if using "SSLEngine
+ | optional"). PR 37791.
+ | SECURITY: CVE-2005-3352 (cve.mitre.org)
+ | mod_imagemap: Escape untrusted referer header before
+ | outputting in HTML to avoid potential cross-site scripting.
+ | Change also made to ap_escape_html so we escape quotes.
+ | Reported by JPCERT.
+ | mod_cache:
+ | - Make caching of reverse proxies possible again. PR 38017.
+ | mod_disk_cache:
+ | - Return the correct error codes from bucket read failures,
+ | instead of APR_EGENERAL.
+ | mod_dbd:
+ | - Update defaults, improve error reporting.
+ | - Create own pool and mutex to avoid problem use of process
+ | pool in request processing.
+ | mod_deflate:
+ | - work correctly in an internal redirect
+ | mod_proxy:
+ | - don't reuse a connection that may be to the wrong backend PR 39253
+ | - Do not release connections from connection pool twice. PR 38793.
+ | - Fix KeepAlives not being allowed and set to backend servers. PR 38602.
+ | - Fix incorrect usage of local and shared worker init. PR 38403.
+ | - If we get an error reading the upstream response, close the
+ | connection.
+ | mod_proxy_balancer:
+ | - Initialize members of a balancer correctly. PR 38227.
+ | mod_proxy_ajp:
+ | - Flushing of the output after each AJP chunk is now
+ | configurable at runtime via the 'flushpackets' and 'flushwait'
+ | worker params. Minor MMN bump.
+ | - Crosscheck the length of the body chunk with the length of the
+ | ajp message to prevent mod_proxy_ajp from reading beyond the
+ | buffer boundaries and thus revealing possibly sensitive memory
+ | contents to the client.
+ | - Support common headers of the AJP protocol in responses. PR 38340.
+ | mod_proxy_http:
+ | - Do send keep-alive header if the client sent connection:
+ | keep-alive and do not close backend connection if the client
+ | sent connection: close. PR 38524.
+ | mod_proxy_balancer:
+ | - Do not overwrite the status of initialized workers and respect
+ | the configured status of uninitilized workers when creating a
+ | new child process.
+ | - Fix off-by-one error in proxy_balancer. PR 37753.
+ | mod_speling:
+ | - Stop crashing with certain non-file requests.
+ | mod_ssl:
+ | - Fix possible crashes in shmcb with gcc 4 on platforms
+ | requiring word-aligned pointers. PR 38838.
+ | miscellaneous:
+ | - core: Prevent reading uninitialized memory while reading a line of
+ | protocol input. PR 39282.
+ | - core: Reject invalid Expect header immediately. PR 38123.
+ | - Default handler: Don't return output filter apr_status_t values.
+ | PR 31759.
+ | - Add APR/APR-Util Compiled and Runtime Version numbers to the
+ | output of 'httpd -V'.
+ | - http: If a connection is aborted while waiting for a chunked line,
+ | flag the connection as errored out.
+ | - Don't hang on error return from post_read_request. PR 37790.
+ | - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
+ | - Fix recursive ErrorDocument handling. PR 36090.
+ | - Ensure that the proper status line is written to the client, fixing
+ | incorrect status lines caused by filters which modify r->status without
+ | resetting r->status_line, such as the built-in byterange filter.
+ | - HTML-escape the Expect error message. Not classed as security as
+ | an attacker has no way to influence the Expect header a victim will
+ | send to a target site.
+ | - Chunk filter: Fix chunk filter to create correct chunks in the case that
+ | a flush bucket is surrounded by data buckets.
+ | - Avoid Server-driven negotiation when a script has emitted an
+ | explicit Status: header. PR 38070.
+ | - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
+ | - htdbm: Warn the user when adding a plaintext password on a platform
+ | where it wouldn't work with the server (i.e., anywhere that has
+ | crypt()).
+- adapted httpd-2.1.3alpha-autoconf-2.59.dif
+- other user visible changes:
+ * use a2enmod, a2enflag in apache2-README.QUICKSTART.*
+ * add README.QUICKSTART link to httpd.conf
+- when installing/updating, avoid irritating message in
+ /var/log/messages ("group is unknown - group=wwwadmin") [#183071]
+- build system changes:
+ * clean up old cruft tight to suse_version macros
+ * don't run buildconf, and thus don't need python.
+ * don't ship uid.conf as source file, but create it dynamically
+ instead, according to user/group defined via rpm macro
+ * create wwwrun:www user on non-SUSE builds
+ * work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
+ * add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
+ * make sure that the rpm macro sles_version is defined
+ * remove obsolete VENDOR UnitedLinux macro
+
+-------------------------------------------------------------------
Old:
----
apache2-uid.conf
httpd-2.2.0.tar.bz2
New:
----
httpd-2.2.2.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.1AZrf4/_old 2006-06-10 11:59:53.000000000 +0200
+++ /var/tmp/diff_new_pack.1AZrf4/_new 2006-06-10 11:59:53.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package apache2 (Version 2.2.0)
+# spec file for package apache2 (Version 2.2.2)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,7 +11,16 @@
# norootforbuild
Name: apache2
-BuildRequires: bc db-devel ed krb5 libapr-util1-devel libapr1-devel openldap2 openldap2-devel pcre-devel python
+BuildRequires: db-devel ed libapr-util1-devel libapr1-devel openldap2 openldap2-devel openssl-devel pcre-devel
+%if %{?suse_version:1}0
+%define httpduser wwwrun
+%define httpdgroup www
+%else
+%define httpduser apache
+%define httpdgroup apache
+BuildRequires: expat-devel
+%endif
+#
%define pname apache2
%define vers 2
%define httpd httpd2
@@ -22,13 +31,7 @@
%{!?event:%define event 1}
%define mpms_to_build %(test %prefork = 1 && printf prefork) %(test %worker = 1 && printf worker) %(test %event = 1 && printf event)
# dir names
-# make sure that suse_version is not empty. I have seen it unset by certain ISPs preinstallations
-%{!?suse_version:%define suse_version 1010}
-%if %suse_version > 800
%define datadir /srv/www
-%else
-%define datadir /usr/local/httpd
-%endif
%define htdocsdir %{datadir}/htdocs
%define manualdir %{_prefix}/share/%{pname}/manual
%define errordir %{_prefix}/share/%{pname}/error
@@ -44,19 +47,13 @@
%define installbuilddir %{_prefix}/share/%{pname}/build
%define userdir public_html
# "Server:" header
-%if %ul_version >= 1
-%define VENDOR UnitedLinux
-%define platform_string %VENDOR
-%else
%define VENDOR SUSE
%define platform_string Linux/%VENDOR
-%endif
-
License: Apache
Group: Productivity/Networking/Web/Servers
-%define realver 2.2.0
-Version: 2.2.0
-Release: 17
+%define realver 2.2.2
+Version: 2.2.2
+Release: 1
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
Source10: SUSE-NOTICE
@@ -94,7 +91,6 @@
Source109: apache2-mod_status.conf
Source110: apache2-mod_userdir.conf
Source111: apache2-server-tuning.conf
-Source112: apache2-uid.conf
Source113: apache2-ssl-global.conf
Source114: apache2-mod_usertrack.conf
Source130: apache2-vhost.template
@@ -116,10 +112,11 @@
Requires: logrotate
Requires: libapr1 >= 1.0
Requires: libapr1 < 2.0
-%if %suse_version > 800
-PreReq: %insserv_prereq %fillup_prereq fileutils textutils grep sed shadow permissions
+PreReq: fileutils textutils grep sed
+%if %{?suse_version:1}0
+PreReq: %insserv_prereq %fillup_prereq permissions shadow
%endif
-%if %suse_version >= 901 && %sles_version != 9
+%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
Provides: apache
Obsoletes: apache < 1.3.29
Obsoletes: mod_ssl < 2.8.16
@@ -176,7 +173,7 @@
Summary: Apache 2 "prefork" MPM (Multi-Processing Module)
Group: Productivity/Networking/Web/Servers
Provides: %{pname}-MPM
-%if %suse_version >= 901 && %sles_version != 9
+%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
Provides: apache:/usr/sbin/httpd
%endif
Requires: %{name} = %{version}
@@ -256,7 +253,7 @@
%package doc
Summary: Additional Package Documentation.
Group: Documentation/Other
-%if %suse_version >= 901 && %sles_version != 9
+%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
Provides: apache-doc
Obsoletes: apache-doc
%endif
@@ -270,7 +267,7 @@
%package example-pages
Summary: Example Pages for the Apache 2 Web Server
Group: Productivity/Networking/Web/Servers
-%if %suse_version >= 901 && %sles_version != 9
+%if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9
Provides: apache-example-pages
Obsoletes: apache-example-pages
%endif
@@ -312,10 +309,7 @@
# now configure Apache
#
aclocal
-%if %suse_version > 720
- autoreconf --force --install
-%endif
-./buildconf
+autoreconf --force --install
%build
#
@@ -340,7 +334,7 @@
%endif
%endif
\
-%if %suse_version > 930
+%if %{?suse_version:%suse_version}%{?!suse_version:9999} > 930
--with-pcre \
--enable-pie \
%endif
@@ -381,7 +375,7 @@
\
--enable-suexec \
--with-suexec-bin=%{_sbindir}/suexec%{vers} \
- --with-suexec-caller=wwwrun \
+ --with-suexec-caller=%httpduser \
--with-suexec-docroot=%{datadir} \
--with-suexec-logfile=%{logfiledir}/suexec.log \
--with-suexec-userdir=%{userdir} \
@@ -520,7 +514,7 @@
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 644 $RPM_SOURCE_DIR/%{pname}.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/%{pname}
# since 10.0, the permission files are maintained centrally
-%if %suse_version < 1000
+%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000
mkdir -p $RPM_BUILD_ROOT/etc/permissions.d
install -m 644 $RPM_SOURCE_DIR/permissions.%{pname} $RPM_BUILD_ROOT/etc/permissions.d/%{pname}
%endif
@@ -586,11 +580,15 @@
mod_userdir.conf \
mod_usertrack.conf \
server-tuning.conf \
- uid.conf \
ssl-global.conf
do
install -m 644 $RPM_SOURCE_DIR/apache2-$i $RPM_BUILD_ROOT/%{sysconfdir}/$i
done
+cat > $RPM_BUILD_ROOT/%{sysconfdir}/uid.conf <<-EOF
+ User %httpduser
+ Group %httpdgroup
+EOF
+
# remove configuration for mpms which have not been built
mpm_confs="$(awk '/IfModule .*\.c/ {print $2}' $RPM_BUILD_ROOT/%{sysconfdir}/server-tuning.conf | cut -d. -f1 | tr '\n' ' ')"
for mpm_conf in $mpm_confs; do
@@ -693,12 +691,17 @@
#
pushd $RPM_BUILD_ROOT/%{sysconfdir}
for i in *.conf; do cp $i $i.test; done
-%if %suse_version < 810
- echo -e "User wwwrun \nGroup nogroup" > uid.conf.test
+%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 810
+ echo -e "User %httpduser \nGroup nogroup" > uid.conf.test
sed 's+/srv/www+/usr/local/httpd+' default-server.conf > t
mv t default-server.conf
mkdir -p /usr/local/httpd/htdocs
%endif
+# for Fedora
+%if %{?suse_version:0}%{!?suse_version:1}
+ echo -e "User nobody \nGroup nobody" > uid.conf.test
+ mkdir -p $RPM_BUILD_ROOT/%{htdocsdir}
+%endif
sed -e 's+/usr/%_lib+'$RPM_BUILD_ROOT'/usr/%_lib+' \
-e 's+/var/run+'$RPM_BUILD_ROOT'/var/run+' \
-e 's+%{sysconfdir}+'$RPM_BUILD_ROOT'%{sysconfdir}+' \
@@ -720,9 +723,15 @@
echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test
popd
+%if %{?suse_version:1}%{!?suse_version:0}
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \
$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \
-e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || exit 1
+%else
+LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} \
+$RPM_BUILD_ROOT/%{_sbindir}/httpd%{vers}-%{default_mpm} \
+ -e debug -t -f $RPM_BUILD_ROOT/%{sysconfdir}/httpd.conf.test || :
+%endif
rm $RPM_BUILD_ROOT/%{sysconfdir}/*.test
rm $RPM_BUILD_ROOT/%{sysconfdir}/sysconfig.d/*
mv $RPM_BUILD_ROOT/%{sysconfdir}/original .
@@ -757,8 +766,8 @@
%doc httpd.conf.default
%doc original
%attr(750,root,root) %dir %{logfiledir}
-%attr(750,wwwrun,root) %dir %{proxycachedir}
-%attr(750,wwwrun,root) %dir %{localstatedir}
+%attr(750,%httpduser,root) %dir %{proxycachedir}
+%attr(750,%httpduser,root) %dir %{localstatedir}
%dir %{sysconfdir}
%config %{sysconfdir}/magic
%config %{sysconfdir}/mime.types
@@ -782,7 +791,7 @@
%dir %{sysconfdir}/vhosts.d
%dir %{sysconfdir}/sysconfig.d
%config(noreplace) /etc/logrotate.d/%{pname}
-%if %suse_version < 1000
+%if %{?suse_version:%suse_version}%{?!suse_version:9999} < 1000
%config(noreplace) /etc/permissions.d/%{pname}
%endif
%config /etc/init.d/%{pname}
@@ -890,6 +899,13 @@
/usr/share/%{pname}/get_module_list &>/dev/null
exit 0
%endif
+%if %{?suse_version:0}%{!?suse_version:1}
+
+%pre
+# on Fedora, add the "apache" user
+/usr/sbin/useradd -c "Apache" -u 48 \
+ -s /sbin/nologin -r -d %{localstatedir} apache 2> /dev/null || :
+%endif
%preun
#
@@ -915,9 +931,14 @@
%post
%run_permissions
-groupmod -n www wwwadmin 2>/dev/null ||:
-usermod -g www wwwrun 2>/dev/null ||:
-usermod -s /bin/false wwwrun 2>/dev/null ||:
+%if 0%{?suse_version}
+# a group wwwadmin has existed in the distant past, and it was renamed to www
+if grep -q "^wwwadmin:" /etc/group; then
+ groupmod -n www wwwadmin 2>/dev/null ||:
+fi
+%endif
+usermod -g %httpdgroup %httpduser 2>/dev/null ||:
+usermod -s /bin/false %httpduser 2>/dev/null ||:
tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
tmpfile=$tmpdir/tmpfile
RC_CONFIG=etc/rc.config
@@ -979,6 +1000,105 @@
fi
%changelog -n apache2
+* Fri Jun 09 2006 - poeml@suse.de
+- upstream 2.2.2
+ | SECURITY: CVE-2005-3357 (cve.mitre.org)
+ | mod_ssl: Fix a possible crash during access control checks
+ | if a non-SSL request is processed for an SSL vhost (such as
+ | the "HTTP request received on SSL port" error message when
+ | an 400 ErrorDocument is configured, or if using "SSLEngine
+ | optional"). PR 37791.
+ | SECURITY: CVE-2005-3352 (cve.mitre.org)
+ | mod_imagemap: Escape untrusted referer header before
+ | outputting in HTML to avoid potential cross-site scripting.
+ | Change also made to ap_escape_html so we escape quotes.
+ | Reported by JPCERT.
+ | mod_cache:
+ | - Make caching of reverse proxies possible again. PR 38017.
+ | mod_disk_cache:
+ | - Return the correct error codes from bucket read failures,
+ | instead of APR_EGENERAL.
+ | mod_dbd:
+ | - Update defaults, improve error reporting.
+ | - Create own pool and mutex to avoid problem use of process
+ | pool in request processing.
+ | mod_deflate:
+ | - work correctly in an internal redirect
+ | mod_proxy:
+ | - don't reuse a connection that may be to the wrong backend PR 39253
+ | - Do not release connections from connection pool twice. PR 38793.
+ | - Fix KeepAlives not being allowed and set to backend servers. PR 38602.
+ | - Fix incorrect usage of local and shared worker init. PR 38403.
+ | - If we get an error reading the upstream response, close the
+ | connection.
+ | mod_proxy_balancer:
+ | - Initialize members of a balancer correctly. PR 38227.
+ | mod_proxy_ajp:
+ | - Flushing of the output after each AJP chunk is now
+ | configurable at runtime via the 'flushpackets' and 'flushwait'
+ | worker params. Minor MMN bump.
+ | - Crosscheck the length of the body chunk with the length of the
+ | ajp message to prevent mod_proxy_ajp from reading beyond the
+ | buffer boundaries and thus revealing possibly sensitive memory
+ | contents to the client.
+ | - Support common headers of the AJP protocol in responses. PR 38340.
+ | mod_proxy_http:
+ | - Do send keep-alive header if the client sent connection:
+ | keep-alive and do not close backend connection if the client
+ | sent connection: close. PR 38524.
+ | mod_proxy_balancer:
+ | - Do not overwrite the status of initialized workers and respect
+ | the configured status of uninitilized workers when creating a
+ | new child process.
+ | - Fix off-by-one error in proxy_balancer. PR 37753.
+ | mod_speling:
+ | - Stop crashing with certain non-file requests.
+ | mod_ssl:
+ | - Fix possible crashes in shmcb with gcc 4 on platforms
+ | requiring word-aligned pointers. PR 38838.
+ | miscellaneous:
+ | - core: Prevent reading uninitialized memory while reading a line of
+ | protocol input. PR 39282.
+ | - core: Reject invalid Expect header immediately. PR 38123.
+ | - Default handler: Don't return output filter apr_status_t values.
+ | PR 31759.
+ | - Add APR/APR-Util Compiled and Runtime Version numbers to the
+ | output of 'httpd -V'.
+ | - http: If a connection is aborted while waiting for a chunked line,
+ | flag the connection as errored out.
+ | - Don't hang on error return from post_read_request. PR 37790.
+ | - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
+ | - Fix recursive ErrorDocument handling. PR 36090.
+ | - Ensure that the proper status line is written to the client, fixing
+ | incorrect status lines caused by filters which modify r->status without
+ | resetting r->status_line, such as the built-in byterange filter.
+ | - HTML-escape the Expect error message. Not classed as security as
+ | an attacker has no way to influence the Expect header a victim will
+ | send to a target site.
+ | - Chunk filter: Fix chunk filter to create correct chunks in the case that
+ | a flush bucket is surrounded by data buckets.
+ | - Avoid Server-driven negotiation when a script has emitted an
+ | explicit Status: header. PR 38070.
+ | - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
+ | - htdbm: Warn the user when adding a plaintext password on a platform
+ | where it wouldn't work with the server (i.e., anywhere that has
+ | crypt()).
+- adapted httpd-2.1.3alpha-autoconf-2.59.dif
+- other user visible changes:
+ * use a2enmod, a2enflag in apache2-README.QUICKSTART.*
+ * add README.QUICKSTART link to httpd.conf
+- when installing/updating, avoid irritating message in
+ /var/log/messages ("group is unknown - group=wwwadmin") [#183071]
+- build system changes:
+ * clean up old cruft tight to suse_version macros
+ * don't run buildconf, and thus don't need python.
+ * don't ship uid.conf as source file, but create it dynamically
+ instead, according to user/group defined via rpm macro
+ * create wwwrun:www user on non-SUSE builds
+ * work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
+ * add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
+ * make sure that the rpm macro sles_version is defined
+ * remove obsolete VENDOR UnitedLinux macro
* Tue Apr 25 2006 - poeml@suse.de
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
except SLES9 and old SL releases)
++++++ apache2-README.QUICKSTART ++++++
--- apache2/apache2-README.QUICKSTART 2005-12-07 13:03:14.000000000 +0100
+++ apache2/apache2-README.QUICKSTART 2006-06-08 15:29:49.000000000 +0200
@@ -30,6 +30,11 @@
o go through /etc/sysconfig/apache2:
- check loaded modules (APACHE_MODULES="...").
- add "php4", "perl", or other needed modules to APACHE_MODULES al gusto.
+ - modules can be enabled/disabled in a simple (Debian-compatible ;) way from
+ the command line like this:
+ a2enmod php5
+ a2dismod php5
+ - there is also a command a2enflag, to change APACHE_SERVER_FLAGS
- restart the server ('rcapache2 restart')
o where to add your own configuration:
++++++ apache2-README.QUICKSTART.SSL ++++++
--- apache2/apache2-README.QUICKSTART.SSL 2005-12-07 13:03:26.000000000 +0100
+++ apache2/apache2-README.QUICKSTART.SSL 2006-06-08 15:24:59.000000000 +0200
@@ -6,12 +6,12 @@
o make sure that apache starts with mod_ssl loaded
- - vi /etc/sysconfig/apache2 '+/^APACHE_MODULES'
- and add "ssl" (unless already there)
+ - a2enmod ssl
+ It adapts /etc/sysconfig/apache2:APACHE_MODULES.
o make sure that the SSL configuration is active
- - vi /etc/sysconfig/apache2 +/APACHE_SERVER_FLAGS
- and add "SSL"
+ - a2enflag SSL
+ It adapts /etc/sysconfig/apache2:APACHE_SERVER_FLAGS.
- the reason why the flag SSL is also needed is because it's enclosed in
<IfDefine> statements. This way it can be dormant until the necessary
prerequisite are present (keys) and you want to use it. In addition, it
++++++ apache2-README.QUICKSTART.WebDAV ++++++
--- apache2/apache2-README.QUICKSTART.WebDAV 2005-12-07 13:03:34.000000000 +0100
+++ apache2/apache2-README.QUICKSTART.WebDAV 2006-06-08 15:27:01.000000000 +0200
@@ -3,6 +3,10 @@
# Example (using Digest Authentication)
#
+# enable needed apache modules:
+/usr/sbin/a2enmod dav
+/usr/sbin/a2enmod dav_fs
+
# Define directory to be accesed:
davdir="editme"
# Define a location where the credentials are stored:
++++++ apache2-httpd.conf ++++++
--- apache2/apache2-httpd.conf 2005-12-07 13:03:48.000000000 +0100
+++ apache2/apache2-httpd.conf 2006-05-24 17:18:15.000000000 +0200
@@ -14,6 +14,9 @@
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.
+# Quickstart guide:
+# /usr/share/doc/packages/apache2/README.QUICKSTART
+
# Overview of include files, chronologically:
#
++++++ httpd-2.1.3alpha-autoconf-2.59.dif ++++++
--- /var/tmp/diff_new_pack.1AZrf4/_old 2006-06-10 11:59:59.000000000 +0200
+++ /var/tmp/diff_new_pack.1AZrf4/_new 2006-06-10 11:59:59.000000000 +0200
@@ -289,15 +289,6 @@
[changequote(<<,>>)dnl
dnl The name to #define
define(<