October 2020 - openSUSE Commits - openSUSE Mailing Lists

commit cross-epiphany-binutils.14766 for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package cross-epiphany-binutils.14766 for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/cross-epiphany-binutils.14766 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.cross-epiphany-binutils.14766.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cross-epiphany-binutils.14766" Sat Oct 31 14:22:21 2020 rev:1 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _link ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ <link package="binutils.14766" cicount="copy"/>

1 0

commit cross-avr-binutils for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package cross-avr-binutils for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/cross-avr-binutils (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.cross-avr-binutils.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cross-avr-binutils" Sat Oct 31 14:22:20 2020 rev:3 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.Z2s2fF/_old 2020-10-31 14:22:20.769152617 +0100 +++ /var/tmp/diff_new_pack.Z2s2fF/_new 2020-10-31 14:22:20.769152617 +0100 @@ -1 +1 @@ -<link package='cross-avr-binutils.12008' cicount='copy' /> +<link package='cross-avr-binutils.14766' cicount='copy' />

1 0

commit cross-arm-binutils for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package cross-arm-binutils for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/cross-arm-binutils (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.cross-arm-binutils.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cross-arm-binutils" Sat Oct 31 14:22:18 2020 rev:3 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.0LNGkr/_old 2020-10-31 14:22:19.021150448 +0100 +++ /var/tmp/diff_new_pack.0LNGkr/_new 2020-10-31 14:22:19.021150448 +0100 @@ -1 +1 @@ -<link package='cross-arm-binutils.12008' cicount='copy' /> +<link package='cross-arm-binutils.14766' cicount='copy' />

1 0

commit cross-aarch64-binutils for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package cross-aarch64-binutils for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/cross-aarch64-binutils (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.cross-aarch64-binutils.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cross-aarch64-binutils" Sat Oct 31 14:22:16 2020 rev:3 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.ua0dEG/_old 2020-10-31 14:22:18.353149619 +0100 +++ /var/tmp/diff_new_pack.ua0dEG/_new 2020-10-31 14:22:18.353149619 +0100 @@ -1 +1 @@ -<link package='cross-aarch64-binutils.12008' cicount='copy' /> +<link package='cross-aarch64-binutils.14766' cicount='copy' />

1 0

commit cross-aarch64-binutils.14766 for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package cross-aarch64-binutils.14766 for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/cross-aarch64-binutils.14766 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.cross-aarch64-binutils.14766.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "cross-aarch64-binutils.14766" Sat Oct 31 14:22:16 2020 rev:1 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _link ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ <link package="binutils.14766" cicount="copy"/>

1 0

commit binutils for openSUSE:Leap:15.1:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package binutils for openSUSE:Leap:15.1:Update checked in at 2020-10-31 14:22:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/binutils (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.binutils.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "binutils" Sat Oct 31 14:22:14 2020 rev:3 rq:844536 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.Z4WjRh/_old 2020-10-31 14:22:15.985146679 +0100 +++ /var/tmp/diff_new_pack.Z4WjRh/_new 2020-10-31 14:22:15.989146684 +0100 @@ -1 +1 @@ -<link package='binutils.12008' cicount='copy' /> +<link package='binutils.14766' cicount='copy' />

1 0

commit apache2 for openSUSE:Leap:15.2:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package apache2 for openSUSE:Leap:15.2:Update checked in at 2020-10-31 12:22:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/apache2 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.apache2.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apache2" Sat Oct 31 12:22:11 2020 rev:2 rq:844511 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _link ++++++ --- /var/tmp/diff_new_pack.KY5ofK/_old 2020-10-31 12:22:16.188015127 +0100 +++ /var/tmp/diff_new_pack.KY5ofK/_new 2020-10-31 12:22:16.188015127 +0100 @@ -1 +1 @@ -<link package='apache2.13775' cicount='copy' /> +<link package='apache2.14761' cicount='copy' />

1 0

commit apache2.14761 for openSUSE:Leap:15.2:Update
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package apache2.14761 for openSUSE:Leap:15.2:Update checked in at 2020-10-31 12:22:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/apache2.14761 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.apache2.14761.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "apache2.14761" Sat Oct 31 12:22:09 2020 rev:1 rq:844511 version:2.4.43 Changes: -------- New Changes file: --- /dev/null 2020-10-22 01:51:33.322291705 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.apache2.14761.new.3463/apache2.changes 2020-10-31 12:22:11.340010049 +0100 @@ -0,0 +1,5947 @@ +------------------------------------------------------------------- +Mon Aug 31 17:05:47 UTC 2020 - Jacek Tomasiak <jtomasiak(a)suse.com> + +- gensslcert: add -a argument to override default SAN value + +------------------------------------------------------------------- +Tue Aug 11 14:47:05 UTC 2020 - pgajdos(a)suse.com + +- security update +- added patches + fix CVE-2020-11984 [bsc#1175074], mod_proxy_uwsgi info disclosure and possible RCE + + apache2-CVE-2020-11984.patch + fix CVE-2020-11993 [bsc#1175070], CVE-2020-9490 [bsc#1175071] + + apache2-mod_http2-1.15.14.patch + +------------------------------------------------------------------- +Wed Jul 15 09:09:39 UTC 2020 - pgajdos(a)suse.com + +- fix crash in mod_proxy_uwsgi for empty values of environment + variables [bsc#1174052] +- added patches + fix https://svn.apache.org/viewvc?view=revision + + apache2-mod_proxy_uwsgi-fix-crash.patch + +------------------------------------------------------------------- +Fri Apr 3 13:57:04 UTC 2020 - pgajdos(a)suse.com + +- declare ap_sock_disable_nagle to fix loading mod_proxy_http2 + (thanks to mliska(a)suse.com) +- modified patches + % httpd-visibility.patch (refreshed) + +------------------------------------------------------------------- +Thu Apr 2 08:56:48 UTC 2020 - pgajdos(a)suse.com + +- version update to 2.4.43 + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic] + *) mod_proxy_http: Fix the forwarding of requests with content body when a + balancer member is unavailable; the retry on the next member was issued + with an empty body (regression introduced in 2.4.41). PR63891. + [Yann Ylavic] + *) mod_http2: Fixes issue where mod_unique_id would generate non-unique request + identifier under load, see <https://github.com/icing/mod_h2/issues/195>. + [Michael Kaufmann, Stefan Eissing] + *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}. + PR64140. [Renier Velazco <renier.velazco upr.edu>] + *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info". + PR64172. + *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure + to allow customization of the usertrack cookie. PR64077. + [Prashant Keshvani <prashant2400 gmail.com>, Eric Covener] + *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy + AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>] + *) mpm_event: avoid possible KeepAliveTimeout off by -100 ms. + [Eric Covener, Yann Ylavic] + *) Add a config layout for OpenWRT. [Graham Leggett] + *) Add support for cross compiling to apxs. If apxs is being executed from + somewhere other than its target location, add that prefix to includes and + library directories. Without this, apxs would fail to find config_vars.mk + and exit. [Graham Leggett] + *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github + issue mod_md#172 (https://github.com/icing/mod_md/issues/172) + [Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing] + *) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+. + [Graham Leggett] + *) mod_ssl: Support use of private keys and certificates from an + OpenSSL ENGINE via PKCS#11 URIs in SSLCertificateFile/KeyFile. + [Anderson Sasaki <ansasaki redhat.com>, Joe Orton] + *) mod_md: + - Prefer MDContactEmail directive to ServerAdmin for registration. New directive + thanks to Timothe Litt (@tlhackque). + - protocol check for pre-configured "tls-alpn-01" challenge has been improved. It will now + check all matching virtual hosts for protocol support. Thanks to @mkauf. + - Corrected a check when OCSP stapling was configured for hosts + where the responsible MDomain is not clear, by Michal Karm Babacek (@Karm). + - Softening the restrictions where mod_md configuration directives may appear. This should + allow for use in <If> and <Macro> sections. If all possible variations lead to the configuration + you wanted in the first place, is another matter. + [Michael Kaufmann <mail michael-kaufmann.ch>, Timothe Litt (@tlhackque), + Michal Karm Babacek (@Karm), Stefan Eissing (@icing)] + *) test: Added continuous testing with Travis CI. + This tests various scenarios on Ubuntu with the full test suite. + Architectures tested: amd64, s390x, ppc64le, arm64 + The tests pass successfully. + [Luca Toscano, Joe Orton, Mike Rumph, and others] + *) core: Be stricter in parsing of Transfer-Encoding headers. + [ZeddYu <zeddyu.lu gmail.com>, Eric Covener] + *) mod_ssl: negotiate the TLS protocol version per name based vhost + configuration, when linked with OpenSSL-1.1.1 or later. The base vhost's + SSLProtocol (from the first vhost declared on the IP:port) is now only + relevant if no SSLProtocol is declared for the vhost or globally, + otherwise the vhost or global value apply. [Yann Ylavic] + *) mod_cgi, mod_cgid: Fix a memory leak in some error cases with large script + output. PR 64096. [Joe Orton] + *) config: Speed up graceful restarts by using pre-hashed command table. PR 64066. + [Giovanni Bechis <giovanni paclan.it>, Jim Jagielski] + *) mod_systemd: New module providing integration with systemd. [Jan Kaluza] + *) mod_lua: Add r:headers_in_table, r:headers_out_table, r:err_headers_out_table, + r:notes_table, r:subprocess_env_table as read-only native table alternatives + that can be iterated over. [Eric Covener] + *) mod_http2: Fixed rare cases where a h2 worker could deadlock the main connection. + [Yann Ylavic, Stefan Eissing] + *) mod_lua: Accept nil assignments to the exposed tables (r.subprocess_env, + r.headers_out, etc) to remove the key from the table. PR63971. + [Eric Covener] + *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the + ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct` + always `on`, regardless of configuration. Found and reported by + <Armin.Abfalterer(a)united-security-providers.ch> and + <Marcial.Rion(a)united-security-providers.ch>. [Stefan Eissing] + *) mod_http2: Multiple field length violations in the same request no longer cause + several log entries to be written. [@mkauf] + *) mod_ssl: OCSP does not apply to proxy mode. PR 63679. + [Lubos Uhliarik <luhliari redhat.com>, Yann Ylavic] + *) mod_proxy_html, mod_xml2enc: Fix build issues with macOS due to r1864469 + [Jim Jagielski] + *) mod_authn_socache: Increase the maximum length of strings that can be cached by + the module from 100 to 256. PR 62149 [<thorsten.meinl knime.com>] + *) mod_proxy: Fix crash by resolving pool concurrency problems. PR 63503 + [Ruediger Pluem, Eric Covener] + *) core: On Windows, fix a start-up crash if <IfFile ...> is used with a path that is not + valid (For example, testing for a file on a flash drive that is not mounted) + [Christophe Jaillet] + *) mod_deflate, mod_brotli: honor "Accept-Encoding: foo;q=0" as per RFC 7231; which + means 'foo' is "not acceptable". PR 58158 [Chistophe Jaillet] + *) mod_md v2.2.3: + - Configuring MDCAChallenges replaces any previous existing challenge configuration. It + had been additive before which was not the intended behaviour. [@mkauf] + - Fixing order of ACME challenges used when nothing else configured. Code now behaves as + documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this. + - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik]. + - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted + "transfer-encoding" to POST requests. This failed in directy communication with + Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing] + *) mod_md: Adding the several new features. + The module offers an implementation of OCSP Stapling that can replace fully or + for a limited set of domains the existing one from mod_ssl. OCSP handling + is part of mod_md's monitoring and message notifications. If can be used + for sites that do not have ACME certificates. + The url for a CTLog Monitor can be configured. It is used in the server-status + to link to the external status page of a certicate. + The MDMessageCmd is called with argument "installed" when a new certificate + has been activated on server restart/reload. This allows for processing of + the new certificate, for example to applications that require it in different + locations or formats. + [Stefan Eissing] + *) mod_proxy_balancer: Fix case-sensitive referer check related to CSRF/XSS + protection. PR 63688. [Armin Abfalterer <a.abfalterer gmail.com>] +- deleted patches + - apache2-load-private-keys-from-pkcs11.patch (upstreamed) + - httpd-2.4.3-mod_systemd.patch (upstreamed) + +------------------------------------------------------------------- +Wed Feb 26 10:33:47 UTC 2020 - pgajdos(a)suse.com + +- use r1874196 [SLE-7472] [bsc#1164820c#6] +- modified patches + % apache2-load-private-keys-from-pkcs11.patch (upstream 2.4.x port) +- deleted patches + - apache2-load-certificates-from-pkcs11.patch (merged to above) + +------------------------------------------------------------------- +Tue Feb 18 12:49:55 UTC 2020 - pgajdos(a)suse.com + +- require just libbrotli-devel + +------------------------------------------------------------------- +Thu Feb 13 18:38:57 UTC 2020 - pgajdos(a)suse.com + +- build mod_proxy_http2 extension + +------------------------------------------------------------------- +Wed Feb 12 13:13:05 UTC 2020 - pgajdos(a)suse.com + +- fix build for older distributions + +------------------------------------------------------------------- +Fri Jan 31 18:22:09 UTC 2020 - Cristian Rodríguez <crrodriguez(a)opensuse.org> + +- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache + to honour net.core.somaxconn sysctl as the mandatory limit. + the old value of 511 was never used as until v5.4-rc6 it was + clamped to 128, in current kernels the default limit is 4096. + Cannot use the apr_socket_listen(.., -1) idiom because the function + expects a positive integer argument. + +------------------------------------------------------------------- +Mon Jan 20 13:04:23 UTC 2020 - pgajdos(a)suse.com + +- apache2-devel now provides httpd-devel [bsc#1160100] + +------------------------------------------------------------------- +Wed Dec 18 16:36:08 UTC 2019 - pgajdos(a)suse.com + +- add openssl call to DEFAULT_SUSE comment [bsc#1159480] +- modified sources + % apache2-ssl-global.conf ++++ 5750 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.apache2.14761.new.3463/apache2.changes New: ---- SUSE-NOTICE a2enflag a2enmod apache-22-24-upgrade apache-ssl-stuff.tar.bz2 apache2-CVE-2020-11984.patch apache2-README apache2-README-access_compat.txt apache2-README-instances.txt apache2-README.QUICKSTART apache2-check_forensic apache2-default-server.conf apache2-errors.conf apache2-find-directives apache2-global.conf apache2-httpd.conf apache2-init.logrotate apache2-listen.conf apache2-loadmodule.conf apache2-manual.conf apache2-mod_autoindex-defaults.conf apache2-mod_cgid-timeout.conf apache2-mod_http2-1.15.14.patch apache2-mod_info.conf apache2-mod_log_config.conf apache2-mod_mime-defaults.conf apache2-mod_proxy_uwsgi-fix-crash.patch apache2-mod_reqtimeout.conf apache2-mod_status.conf apache2-mod_userdir.conf apache2-mod_usertrack.conf apache2-protocols.conf apache2-script-helpers apache2-server-tuning.conf apache2-ssl-global.conf apache2-systemd-ask-pass apache2-vhost-ssl.template apache2-vhost.template apache2.changes apache2.firewalld apache2.keyring apache2.logrotate apache2.service apache2.spec apache2.ssl.firewalld apache2.ssl.susefirewall apache2.susefirewall apache2.target apache2@.service deprecated-scripts-arch.patch deprecated-scripts.tar.xz favicon.ico gensslcert httpd-2.0.54-envvars.dif httpd-2.1.3alpha-layout.dif httpd-2.2.0-apxs-a2enmod.dif httpd-2.4.43.tar.bz2 httpd-2.4.43.tar.bz2.asc httpd-2.4.9-bnc690734.patch httpd-2.4.x-fate317766-config-control-two-protocol-options.diff httpd-2.x.x-logresolve.patch httpd-apachectl.patch httpd-implicit-pointer-decl.patch httpd-visibility.patch permissions.apache2 rc.apache2 robots.txt start_apache2 sysconf_addword sysconfig.apache2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ ++++ 1485 lines (skipped) ++++++ SUSE-NOTICE ++++++ The SUSE build of apache2 contains the following modifications: * assert HAVE_POLL during compilation (safety measure) * small fixes in apachectl to make it work with multiple MPMs, and use w3m alternatively to lynx * avoid error if compiled with openssl 0.9.6e * added patch to experimental caching module that fixes segfault for 'GET https://whatever.html HTTP/1.0' request on HTTP Port (/modules/experimental/cache_util.c) * RFC 2817 TLS upgrade backported from 2.1 * fixed log_server_status to use Socket.pm and match our configuration * fixed check_forensic script (adjusted for GNU tools, use safe tmpdir) * http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mg… ++++++ a2enflag ++++++ #!/bin/bash # Copyright 2005 Peter Poeml <apache(a)suse.de>. All Rights Reserved. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. function usage() { echo "$(basename $0): enable/disable a flag in $var in $sysconf" echo echo "usage: $(basename $0) [-d] flag" echo echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify" echo "apache instance (see README-instances.txt); sysconfig file is expected" echo "at /etc/sysconfig/apache2@<instance_name> ." exit 1 } unset instance_suffix if [ -n "$HTTPD_INSTANCE" ]; then instance_suffix="@$HTTPD_INSTANCE" fi sysconf=/etc/sysconfig/apache2$instance_suffix var=APACHE_SERVER_FLAGS PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2" if [ $# -lt 1 ]; then usage fi action=enable case "$1" in -d) action=disable; shift;; -*) usage;; esac case $(basename $0) in a2disflag) action=disable;; esac flag=$1 if [ $action = enable ]; then sysconf_addword $sysconf $var $flag exit $? else sysconf_addword -r $sysconf $var $flag exit $? fi ++++++ a2enmod ++++++ #!/bin/bash # Copyright 2005 Peter Poeml <apache(a)suse.de>. All Rights Reserved. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. function usage() { echo "$(basename $0): enable/disable an apache module in $var in $sysconf" echo echo "usage: $(basename $0) [-d] module" echo " $(basename $0) -l list modules" echo " $(basename $0) -q module query if module is installed" echo echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify" echo "apache instance (see README-instances.txt); sysconfig file is expected" echo "at /etc/sysconfig/apache2@<instance_name> ." exit 1 } unset instance_suffix if [ -n "$HTTPD_INSTANCE" ]; then instance_suffix="@$HTTPD_INSTANCE" fi sysconf=/etc/sysconfig/apache2$instance_suffix var=APACHE_MODULES PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2" if [ $# -lt 1 ]; then usage fi action=enable case "$1" in -d) action=disable; shift;; -l) action=list; shift;; -q) action=query; shift;; -*) usage;; esac case $(basename $0) in a2dismod) action=disable;; esac mod=$1 if [ $action = enable ]; then sysconf_addword $sysconf $var $mod exit $? elif [ $action = disable ]; then sysconf_addword -r $sysconf $var $mod exit $? elif [ $action = query ]; then if a2enmod -l | grep -q "\<$mod\>"; then exit 0 else exit 1 fi else source $sysconf eval echo \$$var fi ++++++ apache-22-24-upgrade ++++++ #!/bin/bash # obsolete 2.2 modules -> 2.4 modules for module in mod_authn_default mod_authz_default mod_mem_cache authz_default authn_default mem_cache; do if /usr/sbin/a2enmod -q "$module"; then echo "!!ATTENTION! $module was removed from apache version 2.4 or later, CHECK YOUR CONFIGURATION!!!" /usr/sbin/a2dismod "$module" fi done if ! /usr/sbin/a2enmod -q authn_core; then /usr/sbin/a2enmod authn_core fi if ! /usr/sbin/a2enmod -q authz_core; then /usr/sbin/a2enmod authz_core fi if ! /usr/sbin/a2enmod -q log_config; then /usr/sbin/a2enmod log_config fi ++++++ apache2-CVE-2020-11984.patch ++++++ Index: httpd-2.4.43/modules/proxy/mod_proxy_uwsgi.c =================================================================== --- httpd-2.4.43.orig/modules/proxy/mod_proxy_uwsgi.c 2020-08-11 14:07:22.739468880 +0200 +++ httpd-2.4.43/modules/proxy/mod_proxy_uwsgi.c 2020-08-11 14:07:22.747468933 +0200 @@ -136,7 +136,7 @@ static int uwsgi_send_headers(request_re int j; apr_size_t headerlen = 4; - apr_uint16_t pktsize, keylen, vallen; + apr_size_t pktsize, keylen, vallen; const char *script_name; const char *path_info; const char *auth; @@ -178,6 +178,15 @@ static int uwsgi_send_headers(request_re headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0); } + pktsize = headerlen - 4; + if (pktsize > APR_UINT16_MAX) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10259) + "can't send headers to %s:%u: packet size too " + "large (%" APR_SIZE_T_FMT ")", + conn->hostname, conn->port, pktsize); + return HTTP_INTERNAL_SERVER_ERROR; + } + ptr = buf = apr_palloc(r->pool, headerlen); ptr += 4; @@ -198,8 +207,6 @@ static int uwsgi_send_headers(request_re ptr += vallen; } - pktsize = headerlen - 4; - buf[0] = 0; buf[1] = (apr_byte_t) (pktsize & 0xff); buf[2] = (apr_byte_t) ((pktsize >> 8) & 0xff); ++++++ apache2-README ++++++ README.SuSE for Apache 2 For The Impatient ================= o There are several MPM packages (MPM = multiprocessing module, which implements the threads/processes model). The MPM packages contain the actual apache binary. At least one MPM package must be installed. o The apache v1 and v2 packages can be installed and run side by side :) o Some commands have a "2" suffix, and are thus easily confused with Apache 1 commands -- if you have an old apache (1.3) installation around. o Edit /etc/sysconfig/apache2 to configure the list of modules to load, and other things. It is no longer required to run SuSEconfig after such changes. (In fact, the SuSEconfig.apache2 does no longer exist.) o For building apache modules, there are 4 apxs commands (all come with the apache2-devel package): apxs2 builds a common module for all MPMs and installs to /usr/lib/apache2 apxs2-prefork builds for prefork and installs to /usr/lib/apache2-prefork apxs2-worker builds for worker and installs to /usr/lib/apache2-worker If you build apache modules, the configure script might not find apxs, and you'll need an option like --with-apxs=apxs2[-worker, ...], or of course you can set a symlink to apxs2. o The Apache Runtime (APR) is in the "libapr0" package (this package was named "apr" in the past (8.1)) Choosing the right MPM for your application =========================================== apache2-prefork is implemented with a prefork regime, while apache2-worker uses a hybrid threaded/preforked model. Which one to use? The short answer is: - if in doubt, simply use prefork - use prefork if you use mod_php4 - use worker if you need maximal performance with (possibly) less resources (smaller memory footprint of threade compared to the same number as processes) The following nice article has a more in depth answer: http://www.onlamp.com/pub/a/apache/2004/06/17/apacheckbk.html See http://httpd.apache.org/docs/2.4/mpm.html and http://httpd.apache.org/docs/2.4/misc/perf-tuning.html#compiletime for more technical details. In general, using a threaded MPM (worker) requires that all libraries that are loaded into apache (and libraries loaded by them in turn) be threadsafe as well. See http://httpd.apache.org/docs/2.4/developer/thread_safety.html for a status on some libraries. Upgrading from apache 1.3 ========================= For a smooth transition from apache 1.3, apache 2 is installable alongside apache 1.3. There are a few modules for apache 1 that have not been ported or enough tested for apache 2, but most important modules are available by now. The mechanism of specifying modules to load into the server has been cleaned up so a reasonable default set of modules is loaded. (It is not useful to load all available modules by default, it would make the server quite big and slow. This is important given as the number of modules in the apache base distribution is rising and rising (about 50 at this time). In previous apache packages (1.3), modules were activated by setting a APACHE_MOD_XYZ variable to "yes" and running SuSEconfig. Nowadays, modules are activated by adding them to a the APACHE_MODULES variable in /etc/sysconfig/apache2, and simply restarting apache. Building modules for apache 2 ============================= Therefore, the different MPMs will be needed and a mechanism to build the modules spesific to them. This can now be done with the apxs2, apxs2-worker or apxs2-prefork script. For a module's configure script, you would typically use --which-apxs=/usr/sbin/apxs2-prefork In RPM spec files, you can use %define apxs apxs2 %define apache_libexecdir %(%{apxs} -q libexecdir) to build modules, or use apxs2-prefork (for instance) to build a module specifically for the prefork MPM. To further the example, apxs2-prefork will install a module below /usr/lib/apache2-prefork/, while "apxs2" will install it below /usr/lib/apache2/. -a adds the module to APACHE_MODULES in /etc/sysconfig/apache2, which in turn takes care of loading the module. Thus, usually you will only have to call apxs2 -cia my_module.c and all is fine. -- Suggestions or bug reports (via http://bugzilla.novell.com/) are most welcome. Mar 14 2005, Peter Poeml ++++++ apache2-README-access_compat.txt ++++++ Dear System Administrator, with apache 2.4, some changes have been introduced that affect apache's access control scheme. Previously, the directives "Allow", "Deny" and "Order" have determined if access to a resource has been granted with apache 2.2. Example (from /etc/apache2/httpd.conf, the main apache configuration file): <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> With 2.4, these directives have been replaced by the "Require" directive, which is contained in the mod_authz_core module, and enhanced by the mod_authz_host module. "Require" understands several regulative groups, such as env access granted if an apache environment variable is set method access granted only for given HTTP methods (GET, POST, ...) expr access granted if the expression following expr evaluates to true user access granted if the named users can access the resource group analogous to user for groups valid-user access granted if a valid user requests it ip access granted if the client's IP address matches all granted unconditionally accepted/granted all denied unconditionally denied access By consequence, the set of 2.2 directives Order deny,allow Deny from all can be translated to the apache 2.4 Require directive Require all denied The SUSE Linux Enterprise 12 package set for apache comes with a compatibility module called mod_access_compat, which, if loaded, causes apache to understand the 2.2 "Allow/Deny" directives. Unfortunately, the mixed usage of the 2.2 "Allow/Deny" and the 2.4 "Require" directive will lead to either unexpected or inconclusive results. By consequence, one should decide if the 2.2 or the 2.4 access control mimics shall be used. Fortunately, it is easy to switch from the new back to the old scheme: a2enmod access_compat will enable the 2.2 scheme, a2enmod -d access_compat will disable the old scheme again, thereby enabling the new scheme. Of course, an apache restart is needed: systemctl restart apache2 The SUSE apache configuration framework can work with both the new and the old scheme, conditional if the access_compat apache module is loaded. Additional pointers about the access controls new in apache 2.4 and about the access_compat module can be found here: http://httpd.apache.org/docs/current/mod/mod_authz_core.html http://httpd.apache.org/docs/current/mod/mod_authz_host.html http://httpd.apache.org/docs/current/mod/mod_access_compat.html ++++++ apache2-README-instances.txt ++++++ Dear System Administrator, SUSE Apache package comes with the possibility to run more instances of Apache process on one system. As always, sytemctl start apache2 activates default instance of the server, which expects sysconfig setting in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF in there is not set, then it requires /etc/apache2/httpd.conf. Any other instance can be activated via systemctl start apache2@<instancename> where <instancename> is ASCII identifier of the instance. For example systemctl start apache2(a)myweb.org This call tries to read /etc/sysconfig/apache2@<instancename> and if this file is not present or APACHE_HTTPD_CONF is not set there, it requires /etc/apache2@<instancename>/httpd.conf. NOTES: * /etc/sysconfig/apache2@<instancename> can hold any sysconfig variable /etc/sysconfig/apache2 can, including module loading and MPM setting, * default instance does not have to run when running other instances * a2enmod, a2dismod and apachectl operates over default instance if not specified otherwise via HTTPD_INSTANCE. For example, export HTTPD_INSTANCE=myweb.org a2enmod access_compat a2enmod status apachectl start will add access_compat and status modules to APACHE_MODULES variable of /etc/sysconfig/apache2(a)myweb.org and then starts myweb.org instance. * /usr/sbin/httpd link is created according to setup of default instance (/etc/sysconfig/apache2:APACHE_MPM) ++++++ apache2-README.QUICKSTART ++++++ This README is now online: http://en.opensuse.org/SDB:Apache_installation ++++++ apache2-check_forensic ++++++ #!/bin/sh # check_forensic <forensic log file> # Author: Peter Poeml <apache(a)suse.de> # check the forensic log for requests that did not complete # output the request log for each one # This script is based on Ben Laurie's check_forensic, but is adjusted for GNU # tools (as used on Linux) and it works in a safe tmpdir directory. # todo: rewrite in a form that allows running on more operating systems. F=${1:?give filename as argument. cannot read from stdin.} tmpprefix=${TMPDIR:-/tmp}/check_forensic.XXXXXX tdir=$(mktemp -d $tmpprefix); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; } cut -f 1 -d '|' $F > $tdir/fc-all.$$ grep ^+ < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-in.$$ grep -- ^- < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-out.$$ join -v 1 $tdir/fc-in.$$ $tdir/fc-out.$$ | xargs -ixx egrep "^\\+xx" $F rm $tdir/fc-all.$$ $tdir/fc-in.$$ $tdir/fc-out.$$ rmdir $tdir ++++++ apache2-default-server.conf ++++++ # # Global configuration that will be applicable for all virtual hosts, unless # deleted here, or overriden elswhere. # DocumentRoot "/srv/www/htdocs" # # Configure the DocumentRoot # <Directory "/srv/www/htdocs"> # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # https://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # NOTE: For directories where RewriteRule is used, FollowSymLinks # or SymLinksIfOwnerMatch needs to be set in Options directive. Options None # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride None # Controls who can get stuff from this server. <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> # Aliases: aliases can be added as needed (with no limit). The format is # Alias fakename realname # # Note that if you include a trailing / on fakename then the server will # require it to be present in the URL. So "/icons" isn't aliased in this # example, only "/icons/". If the fakename is slash-terminated, then the # realname must also be slash terminated, and if the fakename omits the # trailing slash, the realname must also omit it. # # We include the /icons/ alias for FancyIndexed directory listings. If you # do not use FancyIndexing, you may comment this out. # Alias /icons/ "/usr/share/apache2/icons/" <Directory "/usr/share/apache2/icons"> Options Indexes MultiViews AllowOverride None <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the realname directory are treated as applications and # run by the server when requested rather than as documents sent to the client. # The same rules about trailing "/" apply to ScriptAlias directives as to # Alias. # ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/" # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory "/srv/www/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # To disable it, simply remove userdir from the list of modules in APACHE_MODULES # in /etc/sysconfig/apache2. # <IfModule mod_userdir.c> # Note that the name of the user directory ("public_html") cannot simply be # changed here, since it is a compile time setting. The apache package # would have to be rebuilt. You could work around by deleting # /usr/sbin/suexec, but then all scripts from the directories would be # executed with the UID of the webserver. UserDir public_html # The actual configuration of the directory is in # /etc/apache2/mod_userdir.conf. Include /etc/apache2/mod_userdir.conf # You can, however, change the ~ if you find it awkward, by mapping e.g. # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2 </IfModule> # Include all *.conf files from /etc/apache2/conf.d/. # # This is mostly meant as a place for other RPM packages to drop in their # configuration snippet. # # You can comment this out here if you want those bits include only in a # certain virtual host, but not here. # IncludeOptional /etc/apache2/conf.d/*.conf # The manual... if it is installed ('?' means it won't complain) IncludeOptional /etc/apache2/conf.d/apache2-manual?conf ++++++ apache2-errors.conf ++++++ # # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # # Some examples: #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html # # # Putting this all together, we can internationalize error responses. # # We use Alias to redirect any /error/HTTP_<error>.html.var response to # our collection of by-error message multi-language collections. We use # includes to substitute the appropriate text. # # You can modify the messages' appearance without changing any of the # default HTTP_<error>.html.var files by adding the line: # # Alias /error/include/ "/your/include/path/" # # which allows you to create your own set of files by starting with the # /usr/share/apache2/error/include/ files and copying them to /your/include/path/, # even on a per-VirtualHost basis. The default include files will display # your Apache version number and your ServerAdmin email address regardless # of the setting of ServerSignature. # # The internationalized error documents require mod_alias, mod_include # and mod_negotiation. To activate them, uncomment the following 30 lines. Alias /error/ "/usr/share/apache2/error/" <IfModule mod_negotiation.c> <IfModule mod_include.c> <Directory "/usr/share/apache2/error"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr ForceLanguagePriority Prefer Fallback </Directory> ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var ErrorDocument 410 /error/HTTP_GONE.html.var ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var </IfModule> </IfModule> ++++++ apache2-find-directives ++++++ #!/bin/bash exit_code=1 function usage { echo "Check for directives in apache configuration (including" echo "potentially reachable .htaccess files)" echo "" echo "Usage: $0 [options]" echo "" echo " options: " echo " -s string system configuration root" echo " [default: $system_conf_root]" echo " -d string directives to search" echo " [default: $check_directives]" echo " -n string htaccess file name(s)" echo " [default: $htaccess_names]" echo " -q do not print where directive(s) was found" echo " -v as -v plus trace and matched lines" echo " -h this help" echo "" echo "Return Value: 0 at least one occurence found in apache config" echo " 1 no occurence found" echo " 2 wrong arguments" echo "" echo "Example: " echo " $ $0 -s '/etc/apache2/default-server.conf' -n '.htaccess .htconfig' -d 'Require' -v" echo " Checking /etc/apache2/default-server.conf .. FOUND" echo " Checking /srv/www/htdocs/foo/.htaccess .. FOUND" echo " Checking /etc/apache2/conf.d/gitweb.conf .. FOUND" echo " $" } function find_directives_in_file { file=$1 pattern=$(echo $check_directives | sed 's:$[^ \t]\+$:\\b\1\\b:g' | sed 's:\s\+:\\|:g') output=$(cat $file | sed 's:#.*::' | grep -i "$pattern") if [ $? -eq 0 ]; then [ $verbosity -ge 1 ] && echo " Checking $file .. FOUND" [ $verbosity -ge 2 ] && echo " Output: [$output]" exit_code=0 else [ $verbosity -ge 2 ] && echo " Checking $file .. NOT FOUND" fi } function check_conf_file { conf_file=$1 [ $verbosity -ge 2 ] && echo "CONFIG FILE: $conf_file" find_directives_in_file $conf_file # check all directories with AllowOverride not None # for .htaccess files directories=$(grep -i '<directory' $conf_file | sed 's:#.*::' | sed 's:.*<directory\s*$[^ \t]*$\s*>:\1:I' | tr -d '"') find_names=$(echo $htaccess_names | sed 's:^\s\+::' | sed 's:\s\+$::' | sed 's:\s\+: -o -name :g' | sed 's:^:-name :') for dir in $directories; do [ $verbosity -ge 2 ] && echo " Directory: $dir" allow_override=$(grep -i -Pzo "(?s)<directory[\s\"]*$dir.*?</directory>" $conf_file | sed 's:#.*::'| grep AllowOverride) [ $verbosity -ge 2 ] && echo " override: $allow_override" shopt -s nocasematch if [[ ! $allow_override =~ allowoverride.*none ]]; then for htfile in $(find $dir $find_names); do find_directives_in_file $htfile done fi shopt -u nocasematch done # check all Include or IncludeOptional files recursively include_files=$(grep '^\s*Include' $conf_file | sed 's:#.*::' | sed 's:Include[^ ]*\s\+::' | tr '\n' ' ') [ $verbosity -ge 2 ] && echo " Include Files: [$include_files]" for ifile in $include_files; do if [ -f $ifile ]; then check_conf_file $ifile fi done } system_conf_root="/etc/apache2/httpd.conf" check_directives="allow deny order satisfy" htaccess_names=".htaccess" verbosity=1 while getopts ":hs:d:n:vq" opt; do case $opt in s) system_conf_root=$OPTARG ;; d) check_directives=$OPTARG ;; n) htaccess_names=$OPTARG ;; q) verbosity=0 ;; v) verbosity=2 ;; h) usage exit 0 ;; \?) echo "ERROR: Invalid option: -$OPTARG" >&2 usage exit 2 ;; :) echo "ERROR: Option -$OPTARG requires an argument." >&2 usage exit 2 ;; esac done check_conf_file $system_conf_root exit $exit_code ++++++ apache2-global.conf ++++++ ServerSignature off UseCanonicalName off ServerTokens ProductOnly LogLevel warn CustomLog /var/log/apache2/access_log combined ++++++ apache2-httpd.conf ++++++ # # /etc/apache2/httpd.conf # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:https://httpd.apache.org/docs/2.4/> for detailed information about # the directives. # Based upon the default apache configuration file that ships with apache, # which is based upon the NCSA server configuration files originally by Rob # McCool. This file was knocked together by Peter Poeml <poeml+apache(a)suse.de>. # If possible, avoid changes to this file. It does mainly contain Include # statements and global settings that can/should be overridden in the # configuration of your virtual hosts. # Quickstart guide: # https://en.opensuse.org/SDB:Apache_installation # Overview of include files, chronologically: # # httpd.conf # | # |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under # |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) # |-- loadmodule.conf . . . . . . . . . . . [*] load these modules # |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on # |-- mod_log_config.conf . . . . . . . . . define logging formats # |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings # |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) # |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info # |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests # |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active # |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking # |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings # |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration # |-- errors.conf . . . . . . . . . . . . . customize error responses # |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts # |-- protocols.conf . . . . . . . . . . . Protocol settings that applies to default server _and all_ virtual hosts # | # |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests # | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) # | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) # | # `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here # `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) # # # Files marked [*] are NOT read when server is started via systemd service. When server # is started via service, defaults from /etc/sysconfig/apache2 are taken into account. # # Filesystem layout: # # /etc/apache2/ # |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap # |-- conf.d/ # | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc # | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 # | `-- ... . . . . . . . . . . . . . . . other configuration added by packages # |-- default-server.conf # |-- errors.conf # |-- httpd.conf . . . . . . . . . . . . . top level configuration file # |-- listen.conf # |-- magic # |-- mime.types -> ../mime.types # |-- mod_autoindex-defaults.conf # |-- mod_info.conf # |-- mod_log_config.conf # |-- mod_mime-defaults.conf # |-- mod_perl-startup.pl # |-- mod_status.conf # |-- mod_userdir.conf # |-- mod_usertrack.conf # |-- server-tuning.conf # |-- ssl-global.conf # |-- protocols.conf # |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) # |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates # |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests # |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys # |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files # |-- global.conf # |-- loadmodule.conf # |-- uid.conf # `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here # |-- vhost-ssl.template # `-- vhost.template ### Global Environment ###################################################### # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests. # run under this user/group id Include /etc/apache2/uid.conf # - how many server processes to start (server pool regulation) # - usage of KeepAlive Include /etc/apache2/server-tuning.conf # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. ErrorLog /var/log/apache2/error_log # generated from default value of APACHE_MODULES in /etc/sysconfig/apache2 <IfDefine !SYSCONFIG> Include /etc/apache2/loadmodule.conf </IfDefine> # IP addresses / ports to listen on Include /etc/apache2/listen.conf # predefined logging formats Include /etc/apache2/mod_log_config.conf # generated from default values of global settings in /etc/sysconfig/apache2 <IfDefine !SYSCONFIG> Include /etc/apache2/global.conf </IfDefine> # optional mod_status, mod_info Include /etc/apache2/mod_status.conf Include /etc/apache2/mod_info.conf # mod_reqtimeout protects the server from the so-called "slowloris" # attack: The server is not swamped with requests in fast succession, # but with slowly transmitted request headers and body, thereby filling up # the request slots until the server runs out of them. # mod_reqtimeout is lightweight and should deliver good results # with the configured default values. You shouldn't notice it at all. Include /etc/apache2/mod_reqtimeout.conf # Fix for CVE-2014-0231 introduces new configuration parameter # CGIDScriptTimeout. This directive and its effect prevent request # workers to be eaten until starvation if cgi programs do not send # output back to the server within the timout set by CGIDScriptTimeout. Include /etc/apache2/mod_cgid-timeout.conf # optional cookie-based user tracking # read the documentation before using it!! Include /etc/apache2/mod_usertrack.conf # configuration of server-generated directory listings Include /etc/apache2/mod_autoindex-defaults.conf # associate MIME types with filename extensions TypesConfig /etc/apache2/mime.types Include /etc/apache2/mod_mime-defaults.conf # set up (customizable) error responses Include /etc/apache2/errors.conf # global (server-wide) SSL configuration, that is not specific to # any virtual host Include /etc/apache2/ssl-global.conf # global (server-wide) protocol configuration, that is not specific # to any virtual host Include /etc/apache2/protocols.conf # forbid access to the entire filesystem by default <Directory /> Options None AllowOverride None <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all </IfModule> </Directory> # use .htaccess files for overriding, AccessFileName .htaccess # and never show them <Files ~ "^\.ht"> <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order allow,deny Deny from all </IfModule> </Files> # List of resources to look for when the client requests a directory DirectoryIndex index.html index.html.var ### 'Main' server configuration ############################################# # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # Include /etc/apache2/default-server.conf ### Virtual server configuration ############################################ # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:https://httpd.apache.org/docs/2.4/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # IncludeOptional /etc/apache2/vhosts.d/*.conf # Note: instead of adding your own configuration here, consider # adding it in your own file (/etc/apache2/httpd.conf.local) # putting its name into APACHE_CONF_INCLUDE_FILES in # /etc/sysconfig/apache2 -- this will make system updates # easier :) ++++++ apache2-init.logrotate ++++++ /var/log/apache2/access_log { compress dateext maxage 365 rotate 99 size=+4096k notifempty missingok create 644 root root prerotate /etc/init.d/apache2 check-reload endscript postrotate /etc/init.d/apache2 reload endscript } /var/log/apache2/error_log { compress dateext maxage 365 rotate 99 size=+1024k notifempty missingok create 644 root root prerotate /etc/init.d/apache2 check-reload endscript postrotate /etc/init.d/apache2 reload endscript } /var/log/apache2/suexec.log { compress dateext maxage 365 rotate 99 size=+1024k notifempty missingok create 644 root root prerotate /etc/init.d/apache2 check-reload endscript postrotate /etc/init.d/apache2 reload endscript } /var/log/apache2/ssl_request_log { compress dateext maxage 365 rotate 99 size=+4096k notifempty missingok create 644 root root prerotate /etc/init.d/apache2 check-reload endscript postrotate /etc/init.d/apache2 reload endscript } /var/log/apache2/ssl_engine_log { compress dateext maxage 365 rotate 99 size=+1024k notifempty missingok create 644 root root prerotate /etc/init.d/apache2 check-reload endscript postrotate /etc/init.d/apache2 reload endscript } ++++++ apache2-listen.conf ++++++ # Listen: Allows you to bind Apache to specific IP addresses and/or # ports. See also the <VirtualHost> directive. # # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two # Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" # #Listen 12.34.56.78:80 #Listen 80 #Listen 443 Listen 80 <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> Listen 443 </IfModule> </IfDefine> </IfDefine> ++++++ apache2-loadmodule.conf ++++++ LoadModule actions_module /usr/lib64/apache2-prefork/mod_actions.so LoadModule alias_module /usr/lib64/apache2-prefork/mod_alias.so LoadModule auth_basic_module /usr/lib64/apache2-prefork/mod_auth_basic.so LoadModule authn_file_module /usr/lib64/apache2-prefork/mod_authn_file.so LoadModule authz_host_module /usr/lib64/apache2-prefork/mod_authz_host.so LoadModule authz_groupfile_module /usr/lib64/apache2-prefork/mod_authz_groupfile.so LoadModule authz_user_module /usr/lib64/apache2-prefork/mod_authz_user.so LoadModule autoindex_module /usr/lib64/apache2-prefork/mod_autoindex.so LoadModule cgi_module /usr/lib64/apache2-prefork/mod_cgi.so LoadModule dir_module /usr/lib64/apache2-prefork/mod_dir.so LoadModule env_module /usr/lib64/apache2-prefork/mod_env.so LoadModule expires_module /usr/lib64/apache2-prefork/mod_expires.so LoadModule include_module /usr/lib64/apache2-prefork/mod_include.so LoadModule log_config_module /usr/lib64/apache2-prefork/mod_log_config.so LoadModule mime_module /usr/lib64/apache2-prefork/mod_mime.so LoadModule negotiation_module /usr/lib64/apache2-prefork/mod_negotiation.so LoadModule setenvif_module /usr/lib64/apache2-prefork/mod_setenvif.so LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so LoadModule socache_shmcb_module /usr/lib64/apache2-prefork/mod_socache_shmcb.so LoadModule userdir_module /usr/lib64/apache2-prefork/mod_userdir.so LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so LoadModule authn_core_module /usr/lib64/apache2-prefork/mod_authn_core.so LoadModule authz_core_module /usr/lib64/apache2-prefork/mod_authz_core.so ++++++ apache2-manual.conf ++++++ # # This configuration file belongs to the apache2-doc package. # # The alias provides the manual, even if you choose to move your DocumentRoot. # Comment this out if you do not care for the documentation. # AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/apache2/manual$1" <Directory "/usr/share/apache2/manual"> Options Indexes AllowOverride None <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> <Files *.html> SetHandler type-map </Files> SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 </Directory> ++++++ apache2-mod_autoindex-defaults.conf ++++++ # # Directives controlling the display of server-generated directory listings. # # see https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html # <IfModule mod_autoindex.c> IndexOptions FancyIndexing VersionSort NameWidth=* # Add Last-Modified and ETag values for the listed directory in the HTTP header, # based on files' modification dates #IndexOptions +TrackModified AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t </IfModule> ++++++ apache2-mod_cgid-timeout.conf ++++++ # # The length of time in seconds to wait for more output # from a CGI program. # # This will prevent a DoS if too many CGI's don't send their output quickly # enough. # The value for CGIDScriptTimeout defaults to the value of Timeout. # CGIDScriptTimeout is used by mod_cgid only! # <IfModule mod_cgid.c> CGIDScriptTimeout 60 </IfModule> ++++++ apache2-mod_http2-1.15.14.patch ++++++ ++++ 2928 lines (skipped) ++++++ apache2-mod_info.conf ++++++ # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # # see https://httpd.apache.org/docs/2.4/mod/mod_info.html # <IfModule mod_info.c> <Location /server-info> SetHandler server-info <IfModule !mod_access_compat.c> Require local </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all Allow from localhost </IfModule> </Location> </IfModule> ++++++ apache2-mod_log_config.conf ++++++ # # The following directives define some format nicknames for use with # a CustomLog directive. # # https://httpd.apache.org/docs/2.4/mod/mod_log_config.html # # # Format string: Nickname: # LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%h %l %u %t \"%r\" %>s %b \ \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%v %h %l %u %t \"%r\" %>s %b \ \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined # To use %I and %O, you need to enable mod_logio <IfModule mod_logio.c> LogFormat "%h %l %u %t \"%r\" %>s %b \ \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # Use one of these when you want a compact non-error SSL logfile on a virtual # host basis: <IfModule mod_ssl.c> Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ \"%r\" %b" ssl_common Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined </IfModule> ++++++ apache2-mod_mime-defaults.conf ++++++ # # mod_mime configuration: # associate various bits of "meta information" with files by their filename extensions # # see https://httpd.apache.org/docs/2.4/mod/mod_mime.html # # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) # Norwegian (no) - Polish (pl) - Portugese (pt) # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) # AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw # # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change this. # <IfModule mod_negotiation.c> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW # # ForceLanguagePriority allows you to serve a result page rather than # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) # [in case no accepted languages matched the available variants] # ForceLanguagePriority Prefer Fallback </IfModule> # # Commonly used filename extensions to character sets. You probably # want to avoid clashes with the language extensions, unless you # are good at carefully testing your setup after each change. # See http://www.iana.org/assignments/character-sets for the # official list of charset names and their respective RFCs. # AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5 .Big5 .big5 # For russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-8 .utf8 # The set below does not map to a specific (iso) standard # but works on a fairly wide range of browsers. Note that # capitalization actually matters (it should not, but it # does for some browsers). # # See http://www.iana.org/assignments/character-sets # for a list of sorts. But browsers support few. # AddCharset GB2312 .gb2312 .gb AddCharset utf-7 .utf7 AddCharset utf-8 .utf8 AddCharset big5 .big5 .b5 AddCharset EUC-TW .euc-tw AddCharset EUC-JP .euc-jp AddCharset EUC-KR .euc-kr AddCharset shift_jis .sjis # # AddType allows you to add to or override the MIME configuration # file mime.types for specific file types. # #AddType application/x-tar .tgz # # AddEncoding allows you to have certain browsers uncompress # information on the fly. Note: Not all browsers support this. # Despite the name similarity, the following Add* directives have nothing # to do with the FancyIndexing customization directives above. # #AddEncoding x-compress .Z #AddEncoding x-gzip .gz .tgz # # If the AddEncoding directives above are commented-out, then you # probably should define those extensions to indicate media types: # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # Shortcut icons don't seem to be registered by IANA yet, but they # are so commonly used that we add them here. Addtype image/x-icon .ico # Zipped SVG files (.svgz) are not registered by IANA yet, and we should hint # clients about their encoding AddType image/svg+xml .svg .svgz AddEncoding gzip .svgz # # For type maps (negotiated resources): # (This is enabled by default to allow the Apache "It Worked" page # to be distributed in multiple languages.) # AddHandler type-map var # # Filters allow you to process content before it is sent to the client. # # To parse .shtml files for server-side includes (SSI): # (You will also need to add "Includes" to the "Options" directive.) # #AddType text/html .shtml #AddOutputFilter INCLUDES .shtml # Guess the MIME type of a file by looking at a few bytes of its contents # https://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html <IfModule mod_mime_magic.c> MIMEMagicFile /etc/apache2/magic </IfModule> ++++++ apache2-mod_proxy_uwsgi-fix-crash.patch ++++++ --- a/modules/proxy/mod_proxy_uwsgi.c 2020/07/15 07:48:38 1879877 +++ b/modules/proxy/mod_proxy_uwsgi.c 2020/07/15 08:24:13 1879878 @@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re env = (apr_table_entry_t *) env_table->elts; for (j = 0; j < env_table->nelts; ++j) { - headerlen += 2 + strlen(env[j].key) + 2 + strlen(env[j].val); + headerlen += 2 + strlen(env[j].key) + 2 + (env[j].val ? strlen(env[j].val) : 0); } ptr = buf = apr_palloc(r->pool, headerlen); @@ -189,10 +189,12 @@ static int uwsgi_send_headers(request_re memcpy(ptr, env[j].key, keylen); ptr += keylen; - vallen = strlen(env[j].val); + vallen = env[j].val ? strlen(env[j].val) : 0; *ptr++ = (apr_byte_t) (vallen & 0xff); *ptr++ = (apr_byte_t) ((vallen >> 8) & 0xff); - memcpy(ptr, env[j].val, vallen); + if (env[j].val) { + memcpy(ptr, env[j].val, vallen); + } ptr += vallen; } ++++++ apache2-mod_reqtimeout.conf ++++++ # # Set timeout and minimum data rate for receiving requests to limit # the effects of denial of service attacks that connect, but let the # server wait for the completion of the request, thereby allocating # resources. The most commonly name for this attack method is # slowloris. # # mod_reqtimeout.c must be loaded. # # see https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html # or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en # # Note: # the RequestReadTimeout directive can also be placed into a # virtual host context. # # Play around with variations of the below values if you are # under attack from slowloris or a similar tool. <IfModule mod_reqtimeout.c> # allow 10s timeout for the headers and allow 1s more until 20s upon # receipt of 1000 bytes. # almost the same with the body, except that it is tricky to # limit the request timeout within the body at all - it may take # time to generate the body. RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000 </IfModule> ++++++ apache2-mod_status.conf ++++++ # # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # # see https://httpd.apache.org/docs/2.4/mod/mod_status.html # <IfModule mod_status.c> <Location /server-status> SetHandler server-status <IfModule !mod_access_compat.c> Require local </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all Allow from localhost </IfModule> </Location> </IfModule> ++++++ apache2-mod_userdir.conf ++++++ # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # <IfModule mod_userdir.c> # Note that the name of the user directory ("public_html") cannot easily be # changed here, since it is a compile time setting. The apache package # would have to be rebuilt. You could work around by deleting # /usr/sbin/suexec, but then all scripts from the directories would be # executed with the UID of the webserver. # # To rebuild apache with another setting you need to change the # %userdir define in the spec file. # not every user's directory should be visible: UserDir disabled root # to enable UserDir only for a certain set of users, use this instead: #UserDir disabled #UserDir enabled user1 user2 # the UserDir directive is actually used inside the virtual hosts, to # have more control #UserDir public_html <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Limit> <LimitExcept GET POST OPTIONS PROPFIND> <IfModule !mod_access_compat.c> Require all denied </IfModule> <IfModule mod_access_compat.c> Order deny,allow Deny from all </IfModule> </LimitExcept> </Directory> </IfModule> ++++++ apache2-mod_usertrack.conf ++++++ <IfModule mod_usertrack.c> # This is the default. CookieName Apache </IfModule> ++++++ apache2-protocols.conf ++++++ ## ## Protocol Global Context ## ## All Protocol related configuration in this context applies both to ## the main server and all virtual hosts. ## # These are the configuration directives to instruct the server how to # serve pages over an http2 connection. For detailing information about these # directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_http2.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # This global SSL configuration is ignored if "HTTP2" is not defined. <IfDefine HTTP2> <IfModule mod_http2.c> Protocols h2 h2c http/1.1 </IfModule> </IfDefine> ++++++ apache2-script-helpers ++++++ #!/bin/bash HTTPD_SBIN_BASE="/usr/sbin/httpd" # # loads sysconfig variables into environment # # return value in: APACHE_* # function load_sysconfig { [ -n "$sysconfig_loaded" ] && return [ ! -f "$SYSCONFIG_FILE" ] && return . $SYSCONFIG_FILE export ${!APACHE_*} sysconfig_loaded=true } # # finds prefered multiprocessing module # # return value in: HTTPD_MPM # function find_mpm { # load sysconfig variables if they weren't yet; # this has no effect when find_mpm is not called # from start_apache2 load_sysconfig # try to read from sysconfig's APACHE_MPM HTTPD_MPM="$APACHE_MPM" # if empty, then choose one from installed if [ -z "$HTTPD_MPM" ]; then installed_mpms="" for i in $HTTPD_SBIN_BASE-*; do test -f $i || continue i=$(basename $i) i=${i#*-} installed_mpms="$installed_mpms $i" done # hardcoded preference here: for mpm in event worker prefork; do if [[ $installed_mpms =~ "$mpm" ]]; then HTTPD_MPM=$mpm break fi done fi # in case no export HTTPD_MPM } # # search for paths for wanted modules (declared in # APACHE_MODULES) # # return value in: HTTPD_MODULE_IDS # HTTPD_MODULE_PATHS # function get_module_list { load_sysconfig find_mpm for module in $APACHE_MODULES; do # special case # remove or add 'd' on in cgi module name case $module in mod_cgid|cgid) case $HTTPD_MPM in prefork) module=${module%d};; esac;; esac case $module in mod_cgi|cgi) case $HTTPD_MPM in event|worker) module=${module}d;; esac;; esac module_id=${module#mod_}_module # special case case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac unset module_path for libdir in /usr/lib64 /usr/lib; do for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \ $libdir/apache2-$HTTPD_MPM/$module.so \ $libdir/apache2/mod_$module.so \ $libdir/apache2/$module.so; do if [ -f $filepath ]; then module_path=$filepath break fi done if [ -n "$module_path" ]; then break fi done if [ -n "$module_path" ]; then HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id" HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path" fi done export HTTPD_MODULE_IDS export HTTPD_MODULE_PATHS } ++++++ apache2-server-tuning.conf ++++++ ## ## Server-Pool Size Regulation (MPM specific) ## # the MPM (multiprocessing module) is not a dynamically loadable module in the # sense of other modules. It is a compile time decision which one is used. We # provide different apache2 MPM packages, containing different httpd binaries # compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2. # prefork MPM <IfModule prefork.c> # number of server processes to start # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers StartServers 5 # minimum number of server processes which are kept spare # https://httpd.apache.org/docs/2.4/mod/prefork.html#minspareservers MinSpareServers 5 # maximum number of server processes which are kept spare # https://httpd.apache.org/docs/2.4/mod/prefork.html#maxspareservers MaxSpareServers 10 # highest possible MaxRequestWorkers setting for the lifetime of the Apache process. # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit ServerLimit 150 # maximum number of server processes allowed to start (formerly MaxClients) # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers MaxRequestWorkers 150 # maximum number of requests a server process serves # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild MaxRequestsPerChild 10000 </IfModule> # worker MPM <IfModule worker.c> # initial number of server processes to start # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers StartServers 3 # minimum number of worker threads which are kept spare # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads MinSpareThreads 25 # maximum number of worker threads which are kept spare # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads MaxSpareThreads 75 # upper limit on the configurable number of threads per child process # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit ThreadLimit 64 # maximum number of simultaneous client connections (formerly MaxClients) # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers MaxRequestWorkers 150 # number of worker threads created by each child process # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild ThreadsPerChild 25 # maximum number of requests a server process serves # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild MaxRequestsPerChild 10000 </IfModule> # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 15 # # MaxRanges: Maximum number of Ranges in a request before # returning the entire resource, or one of the special # values 'default', 'none' or 'unlimited'. # Default setting is to accept 200 Ranges. #MaxRanges unlimited # # EnableMMAP: Control whether memory-mapping is used to deliver # files (assuming that the underlying OS supports it). # The default is on; turn this off if you serve from NFS-mounted # filesystems. On some systems, turning it off (regardless of # filesystem) can improve performance; for details, please see # https://httpd.apache.org/docs/2.4/mod/core.html#enablemmap # #EnableMMAP off # # EnableSendfile: Control whether the sendfile kernel support is # used to deliver files (assuming that the OS supports it). # The default is on; turn this off if you serve from NFS-mounted # filesystems. Please see # https://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile # EnableSendfile on <IfModule mod_setenvif.c> # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully </IfModule> ++++++ apache2-ssl-global.conf ++++++ ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # These are the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # This global SSL configuration is ignored if # "SSL" is not defined, or if "NOSSL" is defined. <IfDefine SSL> <IfDefine !NOSSL> <IfModule mod_ssl.c> # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. <IfDefine SYSTEMD> SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass </IfDefine> <IfDefine !SYSTEMD> SSLPassPhraseDialog builtin </IfDefine> # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). # Note that on most platforms shared memory segments are not allowed to be on # network-mounted drives, so in that case you need to use the dbm method. #SSLSessionCache none #<IfModule mod_socache_dbm.c> #SSLSessionCache dbm:/var/lib/apache2/ssl_scache #</IfModule> <IfModule mod_socache_shmcb.c> SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000) </IfModule> SSLSessionCacheTimeout 300 # Configures the cache used to store OCSP responses which get included in # the TLS handshake if SSLUseStapling is enabled. Configuration of a cache # is mandatory for OCSP stapling. With the exception of none and nonenotnull, # the same storage types are supported as with SSLSessionCache. #<IfModule mod_socache_dbm.c> #SSLStaplingCache dbm:/var/lib/apache2/ssl_stapling #</IfModule> <IfModule mod_socache_shmcb.c> SSLStaplingCache shmcb:/var/lib/apache2/ssl_stapling(64000) </IfModule> SSLStaplingStandardCacheTimeout 86400 SSLStaplingErrorCacheTimeout 300 SSLStaplingReturnResponderErrors Off # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/urandom 512 # SSL protocols # Allow TLS version 1.2 or higher, which is a recommended default # these days by international information security standards. SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. # The magic string "DEFAULT_SUSE" expands to an openssl defined # secure list of default ciphers (openssl ciphers -v DEFAULT_SUSE). SSLCipherSuite DEFAULT_SUSE # SSLHonorCipherOrder # If SSLHonorCipherOrder is disabled, then the client's preferences # for chosing the cipher during the TLS handshake are used. # If set to on, then the above SSLCipherSuite is used, in the order # given, with the first supported match on both ends. SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) #SSLCertificateFile /etc/apache2/ssl.crt/server.crt #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) #SSLCertificateKeyFile /etc/apache2/ssl.key/server.key #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded intermediate CA # certificates which form the certificate chain for the # server certificate. Alternatively the referenced file # can be the same as SSLCertificateFile when the CA # certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/chain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/apache2/ssl.crt #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl </IfModule> </IfDefine> </IfDefine> ++++++ apache2-systemd-ask-pass ++++++ #!/bin/sh exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2): " ++++++ apache2-vhost-ssl.template ++++++ # Template for a VirtualHost with SSL # Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf. # Files must have the .conf suffix to be loaded. # # See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints # about virtual hosts. # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # <IfDefine SSL> <IfDefine !NOSSL> ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot "/srv/www/htdocs" #ServerName www.example.com:443 #ServerAdmin webmaster(a)example.com ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # OCSP Stapling: # Enable/Disable OCSP for this virtual host. SSLUseStapling on # You can use per vhost certificates if SNI is supported. SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key #SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine> ++++++ apache2-vhost.template ++++++ # # VirtualHost template # Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf. # Files must have the .conf suffix to be loaded. # # See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints # about virtual hosts. # # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # <VirtualHost *:80> ServerAdmin webmaster(a)dummy-host.example.com ServerName dummy-host.example.com # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. DocumentRoot /srv/www/vhosts/dummy-host.example.com # if not specified, the global error log is used ErrorLog /var/log/apache2/dummy-host.example.com-error_log CustomLog /var/log/apache2/dummy-host.example.com-access_log combined # don't loose time with IP address lookups HostnameLookups Off # needed for named virtual hosts UseCanonicalName Off # configures the footer on server-generated documents ServerSignature On # Optionally, include *.conf files from /etc/apache2/conf.d/ # # For example, to allow execution of PHP scripts: # # Include /etc/apache2/conf.d/php5.conf # # or, to include all configuration snippets added by packages: # Include /etc/apache2/conf.d/*.conf # ScriptAlias: This controls which directories contain server scripts. # ScriptAliases are essentially the same as Aliases, except that # documents in the realname directory are treated as applications and # run by the server when requested rather than as documents sent to the client. # The same rules about trailing "/" apply to ScriptAlias directives as to # Alias. # ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/" # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have one, and where ScriptAlias points to. # <Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin"> AllowOverride None Options +ExecCGI -Includes <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. # # To disable it, simply remove userdir from the list of modules in APACHE_MODULES # in /etc/sysconfig/apache2. # <IfModule mod_userdir.c> # Note that the name of the user directory ("public_html") cannot simply be # changed here, since it is a compile time setting. The apache package # would have to be rebuilt. You could work around by deleting # /usr/sbin/suexec, but then all scripts from the directories would be # executed with the UID of the webserver. UserDir public_html # The actual configuration of the directory is in # /etc/apache2/mod_userdir.conf. Include /etc/apache2/mod_userdir.conf # You can, however, change the ~ if you find it awkward, by mapping e.g. # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2 </IfModule> # # This should be changed to whatever you set DocumentRoot to. # <Directory "/srv/www/vhosts/dummy-host.example.com"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # <IfModule !mod_access_compat.c> Require all granted </IfModule> <IfModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> </VirtualHost> ++++++ apache2.firewalld ++++++ <?xml version="1.0" encoding="utf-8"?> <service> <short>WWW (HTTP)</short> <description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description> <port protocol="tcp" port="80"/> </service> ++++++ apache2.logrotate ++++++ /var/log/apache2/access_log /var/log/apache2/*-access_log /var/log/apache2/ssl_request_log { compress dateext maxage 365 rotate 99 size=+4096k notifempty missingok create 644 root root sharedscripts postrotate systemctl reload apache2.service sleep 60 endscript } /var/log/apache2/error_log /var/log/apache2/*-error_log /var/log/apache2/suexec.log /var/log/apache2/ssl_engine_log /var/log/apache2/deflate.log { compress dateext maxage 365 rotate 99 size=+1024k notifempty missingok create 644 root root sharedscripts postrotate systemctl reload apache2.service sleep 60 endscript } ++++++ apache2.service ++++++ [Unit] Description=The Apache Webserver After=network.target nss-lookup.target time-sync.target remote-fs.target Before=getty(a)tty1.service plymouth-quit.service xdm.service PartOf=apache2.target [Service] Type=notify PrivateTmp=true ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop KillMode=mixed TasksMax=infinity NotifyAccess=all [Install] WantedBy=multi-user.target Alias=httpd.service apache.service ++++++ apache2.ssl.firewalld ++++++ <?xml version="1.0" encoding="utf-8"?> <service> <short>Secure WWW (HTTPS)</short> <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description> <port protocol="tcp" port="443"/> </service> ++++++ apache2.ssl.susefirewall ++++++ ## Name: HTTPS Server ## Description: Opens ports for Apache Web Server. # space separated list of allowed TCP ports TCP="https" # space separated list of allowed UDP ports UDP="" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" ++++++ apache2.susefirewall ++++++ ## Name: HTTP Server ## Description: Opens ports for Apache Web Server. # space separated list of allowed TCP ports TCP="http" # space separated list of allowed UDP ports UDP="" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" ++++++ apache2.target ++++++ [Unit] Description=Apache target allowing to control multi setup ++++++ apache2@.service ++++++ [Unit] Description=The Apache Webserver %I After=network.target nss-lookup.target time-sync.target remote-fs.target Before=getty(a)tty1.service plymouth-quit.service xdm.service PartOf=apache2.target [Service] Type=notify PrivateTmp=true Environment="HTTPD_INSTANCE=%i" ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop KillMode=mixed TasksMax=infinity NotifyAccess=all [Install] WantedBy=multi-user.target ++++++ deprecated-scripts-arch.patch ++++++ --- deprecated-scripts/get_module_list | 56 +++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 26 deletions(-) Index: httpd-2.4.27/deprecated-scripts/get_module_list =================================================================== --- httpd-2.4.27.orig/deprecated-scripts/get_module_list +++ httpd-2.4.27/deprecated-scripts/get_module_list @@ -4,6 +4,10 @@ pname=apache2 : ${sysconfdir:=/etc/$pname} : ${sysconfig_apache:=/etc/sysconfig/$pname} default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs +modpath=/usr/lib +if [ `/bin/arch` == "x86_64" ]; then + modpath=/usr/lib64 +fi test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) @@ -61,26 +65,26 @@ for i in ${APACHE_MODULES[*]}; do module_path=$i ;; *) - for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \ - /usr/lib/$pname-$APACHE_MPM/$i.so \ - /usr/lib/$pname-$APACHE_MPM/mod_$i \ - /usr/lib/$pname-$APACHE_MPM/$i \ - /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \ - /usr/lib/$pname-$APACHE_MPM/${i/mod_} \ - /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \ - /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \ - /usr/lib/$pname-$APACHE_MPM/lib$i.so \ - /usr/lib/$pname-$APACHE_MPM/lib$i \ - /usr/lib/$pname/mod_$i.so \ - /usr/lib/$pname/$i.so \ - /usr/lib/$pname/mod_$i \ - /usr/lib/$pname/$i \ - /usr/lib/$pname/${i/mod_}.so \ - /usr/lib/$pname/${i/mod_} \ - /usr/lib/$pname/lib${i/mod_}.so \ - /usr/lib/$pname/lib${i/mod_} \ - /usr/lib/$pname/lib$i.so \ - /usr/lib/$pname/lib$i + for j in $modpath/$pname-$APACHE_MPM/mod_$i.so \ + $modpath/$pname-$APACHE_MPM/$i.so \ + $modpath/$pname-$APACHE_MPM/mod_$i \ + $modpath/$pname-$APACHE_MPM/$i \ + $modpath/$pname-$APACHE_MPM/${i/mod_}.so \ + $modpath/$pname-$APACHE_MPM/${i/mod_} \ + $modpath/$pname-$APACHE_MPM/lib${i/mod_}.so \ + $modpath/$pname-$APACHE_MPM/lib${i/mod_} \ + $modpath/$pname-$APACHE_MPM/lib$i.so \ + $modpath/$pname-$APACHE_MPM/lib$i \ + $modpath/$pname/mod_$i.so \ + $modpath/$pname/$i.so \ + $modpath/$pname/mod_$i \ + $modpath/$pname/$i \ + $modpath/$pname/${i/mod_}.so \ + $modpath/$pname/${i/mod_} \ + $modpath/$pname/lib${i/mod_}.so \ + $modpath/$pname/lib${i/mod_} \ + $modpath/$pname/lib$i.so \ + $modpath/$pname/lib$i do if [ -f $j ]; then module_path=$j @@ -105,12 +109,12 @@ done echo >&3 -e "#\n" exec 3<&- chmod 644 $TMPFILE -if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then - mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf - if selinuxenabled; then - restorecon $sysconfdir/sysconfig.d/loadmodule.conf - fi -fi +if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then + mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf +# if selinuxenabled; then +# restorecon $sysconfdir/sysconfig.d/loadmodule.conf +# fi +fi #echo -n ". " ++++++ gensslcert ++++++ #!/bin/bash # Peter Poeml <apache(a)suse.de> # # Script to generate ssl keys for mod_ssl, without requiring user input # most of it is copied from mkcert.sh of the mod_ssl distribution # # XXX This is just a hack, it won't be able to do anything you want! # function usage { cat <<-EOF `basename $0` will generate a test certificate "the quick way", i.e. without interaction. You can change some defaults however. It will overwrite /root/.mkcert.cfg These options are recognized: Default: -N comment "$comment" -c country (two letters, e.g. DE) $C -s state $ST -l city $L -o organisation "$O" -u organisational unit "$U" -n fully qualified domain name $CN (hostname -f) -e email address of webmaster webmaster@$CN -a subject alternative name $altName -y days server cert is valid for $srvdays -Y days CA cert is valid for $CAdays -d run in debug mode -h show usage EOF } test -t && { BRIGHT='[01m'; RED='[31m'; NORMAL='[00m'; } function myecho { echo $BRIGHT$@$NORMAL; } function error { echo $RED$@$NORMAL; } function myexit { error something ugly seems to have happened in line $1...; exit $2; } hostname=/usr/bin/hostname FQHOSTNAME="" if [ -x $hostname ]; then FQHOSTNAME=`$hostname -f 2>/dev/null` # bsc#1035829 fqlength=`echo -n $FQHOSTNAME|wc -c` if [ $fqlength -gt 64 ]; then FQHOSTNAME=`$hostname 2>/dev/null` fi fi # bsc#1057406 if [ -z $FQHOSTNAME ]; then FQHOSTNAME='localhost' fi # defaults comment="mod_ssl server certificate" C=XY ST=unknown L=unknown U="web server" O="SUSE Linux Web Server" CN=$FQHOSTNAME email=webmaster@$FQHOSTNAME altName=DNS:$CN CAdays=$((365 * 6)) srvdays=$((365 * 2)) while getopts C:N:c:s:l:o:u:n:e:a:y:Y:dh OPT; do case $OPT in N) comment=$OPTARG;; c) C=$OPTARG;; s) ST=$OPTARG;; l) L=$OPTARG;; u) U=$OPTARG;; o) O=$OPTARG;; n) CN=$OPTARG;; e) email=$OPTARG;; a) altName=$OPTARG;; y) srvdays=$OPTARG;; Y) CAdays=$OPTARG;; d) set -x;; h) usage; exit 2;; *) echo unrecognized option: $OPT; usage; exit 2;; esac done GO_LEFT="\033[80D" GO_MIDDLE="$GO_LEFT\033[15C" for i in comment C ST L U O CN email altName srvdays CAdays; do eval "echo -e $i\"$GO_MIDDLE\" \$$i;" done openssl=/usr/bin/openssl sslcrtdir=/etc/apache2/ssl.crt sslcsrdir=/etc/apache2/ssl.csr sslkeydir=/etc/apache2/ssl.key sslprmdir=/etc/apache2/ssl.prm name="$CN-" # # CA # echo;myecho creating CA key ... (umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?) cat >/root/.mkcert.cfg <<EOT [ req ] default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass [ req_distinguished_name ] C = $C ST = $ST L = $L O = $O OU = CA CN = $CN emailAddress = $email [ req_attributes ] challengePassword = $RANDOM$RANDOMA challenge password EOT echo;myecho creating CA request/certificate ... (umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?) cp -pv $sslcrtdir/${name}ca.crt /srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt # # Server CERT # echo;myecho creating server key ... (umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}server.key 2048 || myexit $LINENO $?) cat >/root/.mkcert.cfg <<EOT [ req ] default_bits = 2048 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = mypass req_extensions = x509v3 [ req_distinguished_name ] C = $C ST = $ST L = $L O = $O OU = $U CN = $CN emailAddress = $email [ x509v3 ] subjectAltName = $altName nsComment = $comment nsCertType = server [ req_attributes ] challengePassword = $RANDOM$RANDOMA challenge password EOT echo;myecho creating server request ... (umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?) cat >/root/.mkcert.cfg <<EOT extensions = x509v3 [ x509v3 ] subjectAltName = $altName nsComment = $comment nsCertType = server EOT test -f /root/.mkcert.serial || echo 01 >/root/.mkcert.serial myecho "creating server certificate ..." (umask 0377 ; $openssl x509 \ -extfile /root/.mkcert.cfg \ -days $srvdays \ -CAserial /root/.mkcert.serial \ -CA $sslcrtdir/${name}ca.crt \ -CAkey $sslkeydir/${name}ca.key \ -in $sslcsrdir/${name}server.csr -req \ -out $sslcrtdir/${name}server.crt || myexit $LINENO $?) rm -f /root/.mkcert.cfg echo;myecho "Verify: matching certificate & key modulus" modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?` if [ ".$modcrt" != ".$modkey" ]; then error "gensslcert:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi echo;myecho Verify: matching certificate signature $openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $? if [ $? -ne 0 ]; then error "gensslcert:Error: Failed to verify signature on resulting X.509 certificate" 1>&2 myexit $LINENO $? fi echo;myecho generating dhparams and appending it to the server certificate file... openssl dhparam 2048 >> $sslcrtdir/${name}server.crt exit 0 ++++++ httpd-2.0.54-envvars.dif ++++++ --- httpd-2.4.6.orig/support/envvars-std.in +++ httpd-2.4.6/support/envvars-std.in @@ -18,11 +18,9 @@ # # This file is generated from envvars-std.in # -if test "x$@SHLIBPATH_VAR@" != "x" ; then - @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@" -else - @SHLIBPATH_VAR@="@exp_libdir@" -fi + +@SHLIBPATH_VAR@="@exp_libdir@${@SHLIBPATH_VAR@+:$@SHLIBPATH_VAR@}" + export @SHLIBPATH_VAR@ # @OS_SPECIFIC_VARS@ ++++++ httpd-2.1.3alpha-layout.dif ++++++ --- httpd-2.4.6.orig/config.layout +++ httpd-2.4.6/config.layout @@ -178,6 +178,54 @@ proxycachedir: /var/cache/httpd </Layout> +# SuSE >= 8.1 layout (32 bit system) +<Layout SuSE81> + prefix: /srv/www + exec_prefix: /usr + bindir: ${exec_prefix}/bin + sbindir: ${exec_prefix}/sbin + libdir: ${exec_prefix}/lib + libexecdir: ${exec_prefix}/lib/apache2${mpm_suffix} + mandir: ${exec_prefix}/share/man + sysconfdir: /etc/apache2 + datadir: ${prefix} + installbuilddir: ${exec_prefix}/share/apache2/build + errordir: ${exec_prefix}/share/apache2/error + iconsdir: ${exec_prefix}/share/apache2/icons + htdocsdir: ${datadir}/htdocs + manualdir: ${exec_prefix}/share/apache2/manual + cgidir: ${datadir}/cgi-bin + includedir: ${exec_prefix}/include/apache2${mpm_suffix} + localstatedir: /var/lib/apache2 + runtimedir: /var/run + logfiledir: /var/log/apache2 + proxycachedir: /var/cache/apache2 +</Layout> + +# SuSE >= 8.1 layout (64 bit system) +<Layout SuSE81_64> + prefix: /srv/www + exec_prefix: /usr + bindir: ${exec_prefix}/bin + sbindir: ${exec_prefix}/sbin + libdir: ${exec_prefix}/lib64 + libexecdir: ${exec_prefix}/lib64/apache2${mpm_suffix} + mandir: ${exec_prefix}/share/man + sysconfdir: /etc/apache2 + datadir: ${prefix} + installbuilddir: ${exec_prefix}/share/apache2/build + errordir: ${exec_prefix}/share/apache2/error + iconsdir: ${exec_prefix}/share/apache2/icons + htdocsdir: ${datadir}/htdocs + manualdir: ${exec_prefix}/share/apache2/manual + cgidir: ${datadir}/cgi-bin + includedir: ${exec_prefix}/include/apache2${mpm_suffix} + localstatedir: /var/lib/apache2 + runtimedir: /var/run + logfiledir: /var/log/apache2 + proxycachedir: /var/cache/apache2 +</Layout> + # BSD/OS layout <Layout BSDI> prefix: /var/www ++++++ httpd-2.2.0-apxs-a2enmod.dif ++++++ --- httpd-2.4.6.orig/support/apxs.in +++ httpd-2.4.6/support/apxs.in @@ -550,108 +550,14 @@ if ($opt_i or $opt_e) { # activate module via LoadModule/AddModule directive if ($opt_a or $opt_A) { - if (not -f "$CFG_SYSCONFDIR/$CFG_TARGET.conf") { - error("Config file $CFG_SYSCONFDIR/$CFG_TARGET.conf not found"); - exit(1); - } - - open(FP, "<$CFG_SYSCONFDIR/$CFG_TARGET.conf") || die; - my $content = join('', <FP>); - close(FP); - - if ($content !~ m|\n#?\s*LoadModule\s+|) { - error("Activation failed for custom $CFG_SYSCONFDIR/$CFG_TARGET.conf file."); - error("At least one `LoadModule' directive already has to exist."); - exit(1); - } my $lmd; my $c = ''; $c = '#' if ($opt_A); foreach $lmd (@lmd) { - my $what = $opt_A ? "preparing" : "activating"; - my $lmd_re = $lmd; - $lmd_re =~ s/\s+/\\s+/g; - - if ($content !~ m|\n#?\s*$lmd_re|) { - # check for open <containers>, so that the new LoadModule - # directive always appears *outside* of an <container>. - - my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0]; - - # the '()=' trick forces list context and the scalar - # assignment counts the number of list members (aka number - # of matches) then - my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg); - my $cntclose = () = ($before =~ m|^\s*</.*$|mg); - - if ($cntopen == $cntclose) { - # fine. Last LoadModule is contextless. - $content =~ s|^(.*\n#?\s*LoadModule\s+[^\n]+\n)|$1$c$lmd\n|s; - } - elsif ($cntopen < $cntclose) { - error('Configuration file is not valid. There are sections' - . ' closed before opened.'); - exit(1); - } - else { - # put our cmd after the section containing the last - # LoadModule. - my $found = - $content =~ s!\A ( # string and capture start - (?:(?: - ^\s* # start of conf line with a - (?:[^<]|<[^/]) # directive which does not - # start with '</' - - .*(?:$)\n # rest of the line. - # the '$' is in parentheses - # to avoid misinterpreting - # the string "$\" as - # perl variable. - - )* # catch as much as possible - # of such lines. (including - # zero) - - ^\s*</.*(?:$)\n? # after the above, we - # expect a config line with - # a closing container (</) - - ) {$cntopen} # the whole pattern (bunch - # of lines that end up with - # a closing directive) must - # be repeated $cntopen - # times. That's it. - # Simple, eh? ;-) - - ) # capture end - !$1$c$lmd\n!mx; - - unless ($found) { - error('Configuration file is not valid. There are ' - . 'sections opened and not closed.'); - exit(1); - } - } - } else { - # replace already existing LoadModule line - $content =~ s|^(.*\n)#?\s*$lmd_re[^\n]*\n|$1$c$lmd\n|s; - } - $lmd =~ m|LoadModule\s+(.+?)_module.*|; - notice("[$what module `$1' in $CFG_SYSCONFDIR/$CFG_TARGET.conf]"); + print "activating " . $name . "\n"; + system("a2enmod " . $name); } - if (@lmd) { - if (open(FP, ">$CFG_SYSCONFDIR/$CFG_TARGET.conf.new")) { - print FP $content; - close(FP); - system("cp $CFG_SYSCONFDIR/$CFG_TARGET.conf $CFG_SYSCONFDIR/$CFG_TARGET.conf.bak && " . - "cp $CFG_SYSCONFDIR/$CFG_TARGET.conf.new $CFG_SYSCONFDIR/$CFG_TARGET.conf && " . - "rm $CFG_SYSCONFDIR/$CFG_TARGET.conf.new"); - } else { - notice("unable to open configuration file"); - } - } } } ++++++ httpd-2.4.9-bnc690734.patch ++++++ Index: server/util_script.c =================================================================== --- server/util_script.c.orig +++ server/util_script.c @@ -448,11 +448,20 @@ AP_DECLARE(int) ap_scan_script_header_er apr_table_t *cookie_table; int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1); int first_header = 1; + int wlen; if (buffer) { *buffer = '\0'; } - w = buffer ? buffer : x; + + if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) { + w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2); + wlen = r->server->limit_req_fieldsize + 2; + } else { + w = buffer ? buffer : x; + wlen = MAX_STRING_LEN; + } + /* temporary place to hold headers to merge in later */ merge = apr_table_make(r->pool, 10); @@ -468,7 +477,7 @@ AP_DECLARE(int) ap_scan_script_header_er while (1) { - int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data); + int rv = (*getsfunc) (w, wlen - 1, getsfunc_data); if (rv == 0) { const char *msg = "Premature end of script headers"; if (first_header) @@ -583,10 +592,13 @@ AP_DECLARE(int) ap_scan_script_header_er if (!(l = strchr(w, ':'))) { if (!buffer) { /* Soak up all the script output - may save an outright kill */ - while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) { + while ((*getsfunc) (w, wlen - 1, getsfunc_data)) { continue; } - } + } else if (w != buffer) { + strncpy(buffer, w, MAX_STRING_LEN - 1); + buffer[MAX_STRING_LEN - 1] = 0; + } /* Intentional no APLOGNO */ ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, ++++++ httpd-2.4.x-fate317766-config-control-two-protocol-options.diff ++++++ >From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001 From: Justin Erenkrantz <jerenkrantz(a)apache.org> Date: Mon, 30 Dec 2013 20:01:14 +0000 Subject: [PATCH] Add directives to control two protocol options: HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD HttpExpectStrict - allow admin to control whether we must see "100-continue" This is helpful when using Ceph's radosgw and httpd. Inspired by: Yehuda Sadeh <yehuda(a)inktank.com> See https://github.com/ceph/apache2/commits/precise * include/http_core.h (core_server_config): Add http_cl_head_zero and http_expect_strict fields. * modules/http/http_filters.c (ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not explictly set. * server/core.c (merge_core_server_configs): Add new fields. (set_cl_head_zero, set_expect_strict): New config helpers. (HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives. * server/protocol.c (ap_read_request): Allow http_expect_strict to control if we return 417. * include/ap_mmn.h (MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump. * CHANGES: Add a brief description. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68 Conflicts: CHANGES include/ap_mmn.h include/http_core.h server/core.c --- CHANGES | 3 +++ include/ap_mmn.h | 4 +++- include/http_core.h | 9 +++++++++ modules/http/http_filters.c | 10 +++++++++- server/core.c | 36 ++++++++++++++++++++++++++++++++++++ server/protocol.c | 25 +++++++++++++++++-------- 6 files changed, 77 insertions(+), 10 deletions(-) Index: httpd-2.4.26/modules/http/http_filters.c =================================================================== --- httpd-2.4.26.orig/modules/http/http_filters.c 2017-01-09 22:17:08.000000000 +0100 +++ httpd-2.4.26/modules/http/http_filters.c 2017-06-19 13:02:30.698399025 +0200 @@ -1472,10 +1472,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ * zero C-L to the client. We can't just remove the C-L filter, * because well behaved 2.0 handlers will send their data down the stack, * and we will compute a real C-L for the head request. RBB + * + * Allow modification of this behavior through the + * HttpContentLengthHeadZero directive. + * + * The default (unset) behavior is to squelch the C-L in this case. */ + core_server_config *conf = ap_get_core_module_config(r->server->module_config); if (r->header_only && (clheader = apr_table_get(r->headers_out, "Content-Length")) - && !strcmp(clheader, "0")) { + && !strcmp(clheader, "0") + && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) { apr_table_unset(r->headers_out, "Content-Length"); } Index: httpd-2.4.26/server/core.c =================================================================== --- httpd-2.4.26.orig/server/core.c 2016-12-05 15:34:29.000000000 +0100 +++ httpd-2.4.26/server/core.c 2017-06-19 12:54:26.353988343 +0200 @@ -528,6 +528,12 @@ static void *merge_core_server_configs(a if (virt->http_methods != AP_HTTP_METHODS_UNSET) conf->http_methods = virt->http_methods; + if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET) + conf->http_cl_head_zero = virt->http_cl_head_zero; + + if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET) + conf->http_expect_strict = virt->http_expect_strict; + /* no action for virt->accf_map, not allowed per-vhost */ if (virt->protocol) @@ -3955,6 +3961,32 @@ static const char *set_http_method(cmd_p return NULL; } +static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + + if (arg) { + conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE; + } else { + conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE; + } + return NULL; +} + +static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + + if (arg) { + conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE; + } else { + conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE; + } + return NULL; +} + static apr_hash_t *errorlog_hash; static int log_constant_item(const ap_errorlog_info *info, const char *arg, @@ -4474,6 +4506,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e "'on' (default), 'off' or 'extended' to trace request body content"), AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF, "merge request trailers into request headers or not"), +AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS, + "whether to permit Content-Length of 0 responses to HEAD requests"), +AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS, + "whether to return a 417 if a client doesn't send 100-Continue"), AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF, "Controls which protocols are allowed"), AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF, Index: httpd-2.4.26/server/protocol.c =================================================================== --- httpd-2.4.26.orig/server/protocol.c 2017-05-30 14:27:41.000000000 +0200 +++ httpd-2.4.26/server/protocol.c 2017-06-19 12:54:26.353988343 +0200 @@ -1416,14 +1416,23 @@ request_rec *ap_read_request(conn_rec *c r->expecting_100 = 1; } else { - r->status = HTTP_EXPECTATION_FAILED; - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) - "client sent an unrecognized expectation value of " - "Expect: %s", expect); - ap_send_error_response(r, 0); - ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); - ap_run_log_transaction(r); - goto traceout; + core_server_config *conf; + + conf = ap_get_core_module_config(r->server->module_config); + if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) { + r->status = HTTP_EXPECTATION_FAILED; + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) + "client sent an unrecognized expectation value " + "of Expect: %s", expect); + ap_send_error_response(r, 0); + ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); + ap_run_log_transaction(r); + goto traceout; + } else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570) + "client sent an unrecognized expectation value " + "of Expect (not fatal): %s", expect); + } } } Index: httpd-2.4.26/include/http_core.h =================================================================== --- httpd-2.4.26.orig/include/http_core.h 2016-12-05 15:34:29.000000000 +0100 +++ httpd-2.4.26/include/http_core.h 2017-06-19 12:54:26.353988343 +0200 @@ -723,6 +723,16 @@ typedef struct { #define AP_MERGE_TRAILERS_DISABLE 2 int merge_trailers; +#define AP_HTTP_CL_HEAD_ZERO_UNSET 0 +#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1 +#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2 + int http_cl_head_zero; + +#define AP_HTTP_EXPECT_STRICT_UNSET 0 +#define AP_HTTP_EXPECT_STRICT_ENABLE 1 +#define AP_HTTP_EXPECT_STRICT_DISABLE 2 + int http_expect_strict; + apr_array_header_t *protocols; int protocols_honor_order; @@ -762,7 +772,6 @@ apr_status_t ap_core_input_filter(ap_fil apr_off_t readbytes); apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b); - AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s); AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto); ++++++ httpd-2.x.x-logresolve.patch ++++++ --- httpd-2.4.6.orig/support/logresolve.pl.in +++ httpd-2.4.6/support/logresolve.pl.in @@ -57,6 +57,7 @@ $|=1; use FileHandle; use Socket; +use File::Temp; use strict; no strict 'refs'; @@ -71,11 +72,13 @@ my $filename; my %hash = (); my $parent = $$; +my $tempdir = File::Temp::tempdir("logresolve.pl.sockets.XXXXXX", CLEANUP => 1); + my @children = (); for (my $child = 1; $child <=$CHILDREN; $child++) { my $f = fork(); if (!$f) { - $filename = "./.socket.$parent.$child"; + $filename = "$tempdir/socket.$parent.$child"; if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";} &child($child); exit(0); @@ -91,9 +94,9 @@ sub cleanup { # die kiddies, die kill(15, @children); for (my $child = 1; $child <=$CHILDREN; $child++) { - if (-e "./.socket.$parent.$child") { - unlink("./.socket.$parent.$child") - || warn ".socket.$parent.$child $!"; + if (-e "$tempdir/socket.$parent.$child") { + unlink("$tempdir/socket.$parent.$child") + || warn "$tempdir/socket.$parent.$child $!"; } } } @@ -113,7 +116,7 @@ sub parent { if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) { warn "parent socket to child failed $!"; } - $filename = "./.socket.$parent.$child"; + $filename = "$tempdir/socket.$parent.$child"; my $response; do { $response = connect($CHILDSOCK{$child}, sockaddr_un($filename)); @@ -176,7 +179,7 @@ sub child { # create a socket to communicate with parent socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL) || die "Error with Socket: !$\n"; - $filename = "./.socket.$parent.$me"; + $filename = "$tempdir/socket.$parent.$me"; bind(INBOUND, sockaddr_un($filename)) || die "Error Binding $filename: $!\n"; listen(INBOUND, 5) || die "Error Listening: $!\n"; ++++++ httpd-apachectl.patch ++++++ Index: support/apachectl.in =================================================================== --- support/apachectl.in.orig 2012-02-01 04:47:28.000000000 +0100 +++ support/apachectl.in 2015-07-13 17:09:06.651280087 +0200 @@ -42,7 +42,7 @@ # -------------------- -------------------- # # the path to your httpd binary, including options if necessary -HTTPD='@exp_sbindir@/@progname@' +HTTPD='@exp_sbindir@/start_apache2' # # pick up any necessary environment variables if test -f @exp_sbindir@/envvars; then @@ -52,7 +52,11 @@ # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other # programs may work. -LYNX="@LYNX_PATH@ -dump" +if [ -x "`which w3m`" ]; then + LYNX="w3m -dump -cols ${COLUMNS:-80}" +elif [ -x "`which lynx`" ]; then + LYNX="lynx -dump -width=${COLUMNS:-80}" +fi # # the URL to your server's mod_status status page. If you do not # have one, then status and fullstatus will not work. ++++++ httpd-implicit-pointer-decl.patch ++++++ --- httpd-2.4.6.orig/server/request.c +++ httpd-2.4.6/server/request.c @@ -46,10 +46,13 @@ #include "util_script.h" #include "ap_expr.h" #include "mod_request.h" - +#include "http_connection.h" #include "mod_core.h" #include "mod_auth.h" +#include <unistd.h> +#include <sys/types.h> + #if APR_HAVE_STDARG_H #include <stdarg.h> #endif --- httpd-2.4.6.orig/server/config.c +++ httpd-2.4.6/server/config.c @@ -48,10 +48,14 @@ #include "http_request.h" /* for default_handler (see invoke_handler) */ #include "http_main.h" #include "http_vhost.h" +#include "http_connection.h" #include "util_cfgtree.h" #include "util_varbuf.h" #include "mpm_common.h" +#include <unistd.h> +#include <sys/types.h> + #define APLOG_UNSET (APLOG_NO_MODULE - 1) /* we know core's module_index is 0 */ #undef APLOG_MODULE_INDEX ++++++ httpd-visibility.patch ++++++ Index: httpd-2.4.43/include/ap_config.h =================================================================== --- httpd-2.4.43.orig/include/ap_config.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/include/ap_config.h 2020-04-03 13:38:05.477749175 +0200 @@ -64,7 +64,7 @@ * AP_DECLARE(rettype) ap_func(args) * @endcode */ -#define AP_DECLARE(type) type +#define AP_DECLARE(type) __attribute__ ((visibility ("default"))) type /** * Apache Core dso variable argument and hook functions are declared with @@ -74,7 +74,7 @@ * AP_DECLARE_NONSTD(rettype) ap_func(args [...]) * @endcode */ -#define AP_DECLARE_NONSTD(type) type +#define AP_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type /** * Apache Core dso variables are declared with AP_MODULE_DECLARE_DATA. @@ -86,7 +86,7 @@ * AP_DECLARE_DATA type apr_variable * @endcode */ -#define AP_DECLARE_DATA +#define AP_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(AP_DECLARE_STATIC) #define AP_DECLARE(type) type __stdcall @@ -115,10 +115,10 @@ #if defined(WIN32) #define AP_MODULE_DECLARE(type) type __stdcall #else -#define AP_MODULE_DECLARE(type) type +#define AP_MODULE_DECLARE(type) __attribute__ ((visibility ("default"))) type #endif -#define AP_MODULE_DECLARE_NONSTD(type) type -#define AP_MODULE_DECLARE_DATA +#define AP_MODULE_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define AP_MODULE_DECLARE_DATA __attribute__ ((visibility ("default"))) #else /** * AP_MODULE_DECLARE_EXPORT is a no-op. Unless contradicted by the Index: httpd-2.4.43/modules/cache/mod_cache.h =================================================================== --- httpd-2.4.43.orig/modules/cache/mod_cache.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/cache/mod_cache.h 2020-04-03 13:38:05.545749508 +0200 @@ -37,9 +37,9 @@ * CACHE_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define CACHE_DECLARE(type) type -#define CACHE_DECLARE_NONSTD(type) type -#define CACHE_DECLARE_DATA +#define CACHE_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define CACHE_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define CACHE_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(CACHE_DECLARE_STATIC) #define CACHE_DECLARE(type) type __stdcall #define CACHE_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/proxy/mod_proxy.h =================================================================== --- httpd-2.4.43.orig/modules/proxy/mod_proxy.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/proxy/mod_proxy.h 2020-04-03 13:38:05.545749508 +0200 @@ -573,9 +573,9 @@ struct proxy_balancer_method { * PROXY_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define PROXY_DECLARE(type) type -#define PROXY_DECLARE_NONSTD(type) type -#define PROXY_DECLARE_DATA +#define PROXY_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define PROXY_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define PROXY_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(PROXY_DECLARE_STATIC) #define PROXY_DECLARE(type) type __stdcall #define PROXY_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/lua/mod_lua.h =================================================================== --- httpd-2.4.43.orig/modules/lua/mod_lua.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/lua/mod_lua.h 2020-04-03 13:38:05.545749508 +0200 @@ -62,9 +62,9 @@ * AP_LUA_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define AP_LUA_DECLARE(type) type -#define AP_LUA_DECLARE_NONSTD(type) type -#define AP_LUA_DECLARE_DATA +#define AP_LUA_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define AP_LUA_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define AP_LUA_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(AP_LUA_DECLARE_STATIC) #define AP_LUA_DECLARE(type) type __stdcall #define AP_LUA_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/core/mod_watchdog.h =================================================================== --- httpd-2.4.43.orig/modules/core/mod_watchdog.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/core/mod_watchdog.h 2020-04-03 13:38:05.545749508 +0200 @@ -83,9 +83,9 @@ typedef struct ap_watchdog_t ap_watchdog */ #if !defined(AP_WD_DECLARE) #if !defined(WIN32) -#define AP_WD_DECLARE(type) type -#define AP_WD_DECLARE_NONSTD(type) type -#define AP_WD_DECLARE_DATA +#define AP_WD_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define AP_WD_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define AP_WD_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(AP_WD_DECLARE_STATIC) #define AP_WD_DECLARE(type) type __stdcall #define AP_WD_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/generators/mod_status.h =================================================================== --- httpd-2.4.43.orig/modules/generators/mod_status.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/generators/mod_status.h 2020-04-03 13:38:05.545749508 +0200 @@ -34,9 +34,9 @@ #define AP_STATUS_EXTENDED (0x4) /* detailed report */ #if !defined(WIN32) -#define STATUS_DECLARE(type) type -#define STATUS_DECLARE_NONSTD(type) type -#define STATUS_DECLARE_DATA +#define STATUS_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define STATUS_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define STATUS_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(STATUS_DECLARE_STATIC) #define STATUS_DECLARE(type) type __stdcall #define STATUS_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/dav/main/mod_dav.h =================================================================== --- httpd-2.4.43.orig/modules/dav/main/mod_dav.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/dav/main/mod_dav.h 2020-04-03 13:38:05.549749528 +0200 @@ -82,9 +82,9 @@ extern "C" { * DAV_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define DAV_DECLARE(type) type -#define DAV_DECLARE_NONSTD(type) type -#define DAV_DECLARE_DATA +#define DAV_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define DAV_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define DAV_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(DAV_DECLARE_STATIC) #define DAV_DECLARE(type) type __stdcall #define DAV_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/session/mod_session.h =================================================================== --- httpd-2.4.43.orig/modules/session/mod_session.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/session/mod_session.h 2020-04-03 13:38:05.549749528 +0200 @@ -21,9 +21,9 @@ * SESSION_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define SESSION_DECLARE(type) type -#define SESSION_DECLARE_NONSTD(type) type -#define SESSION_DECLARE_DATA +#define SESSION_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define SESSION_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define SESSION_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(SESSION_DECLARE_STATIC) #define SESSION_DECLARE(type) type __stdcall #define SESSION_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/database/mod_dbd.h =================================================================== --- httpd-2.4.43.orig/modules/database/mod_dbd.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/database/mod_dbd.h 2020-04-03 13:38:05.549749528 +0200 @@ -35,9 +35,9 @@ * DBD_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define DBD_DECLARE(type) type -#define DBD_DECLARE_NONSTD(type) type -#define DBD_DECLARE_DATA +#define DBD_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define DBD_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define DBD_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(DBD_DECLARE_STATIC) #define DBD_DECLARE(type) type __stdcall #define DBD_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/filters/mod_xml2enc.h =================================================================== --- httpd-2.4.43.orig/modules/filters/mod_xml2enc.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/filters/mod_xml2enc.h 2020-04-03 13:38:05.549749528 +0200 @@ -25,9 +25,9 @@ /* declarations to deal with WIN32 compile-flag-in-source-code crap */ #if !defined(WIN32) -#define XML2ENC_DECLARE(type) type -#define XML2ENC_DECLARE_NONSTD(type) type -#define XML2ENC_DECLARE_DATA +#define XML2ENC_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define XML2ENC_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define XML2ENC_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(XML2ENC_DECLARE_STATIC) #define XML2ENC_DECLARE(type) type __stdcall #define XML2ENC_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/filters/mod_ratelimit.h =================================================================== --- httpd-2.4.43.orig/modules/filters/mod_ratelimit.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/filters/mod_ratelimit.h 2020-04-03 13:38:05.549749528 +0200 @@ -21,9 +21,9 @@ * AP_RL_DECLARE_DATA with appropriate export and import tags for the platform */ #if !defined(WIN32) -#define AP_RL_DECLARE(type) type -#define AP_RL_DECLARE_NONSTD(type) type -#define AP_RL_DECLARE_DATA +#define AP_RL_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define AP_RL_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define AP_RL_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(AP_RL_DECLARE_STATIC) #define AP_RL_DECLARE(type) type __stdcall #define AP_RL_DECLARE_NONSTD(type) type Index: httpd-2.4.43/modules/aaa/mod_authz_dbd.h =================================================================== --- httpd-2.4.43.orig/modules/aaa/mod_authz_dbd.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/modules/aaa/mod_authz_dbd.h 2020-04-03 13:38:05.549749528 +0200 @@ -22,9 +22,9 @@ * AUTHZ_DBD_DECLARE_DATA with appropriate export and import tags */ #if !defined(WIN32) -#define AUTHZ_DBD_DECLARE(type) type -#define AUTHZ_DBD_DECLARE_NONSTD(type) type -#define AUTHZ_DBD_DECLARE_DATA +#define AUTHZ_DBD_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define AUTHZ_DBD_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define AUTHZ_DBD_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(AUTHZ_DBD_DECLARE_STATIC) #define AUTHZ_DBD_DECLARE(type) type __stdcall #define AUTHZ_DBD_DECLARE_NONSTD(type) type Index: httpd-2.4.43/include/httpd.h =================================================================== --- httpd-2.4.43.orig/include/httpd.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/include/httpd.h 2020-04-03 13:38:05.549749528 +0200 @@ -345,7 +345,7 @@ extern "C" { * by modules. Its purpose is to allow us to add attributes that * particular platforms or compilers require to every exported function. */ -# define AP_DECLARE(type) type +# define AP_DECLARE(type) __attribute__ ((visibility ("default"))) type #endif #ifndef AP_DECLARE_NONSTD @@ -356,20 +356,20 @@ extern "C" { * which use varargs or are used via indirect function call. This * is to accommodate the two calling conventions in windows dlls. */ -# define AP_DECLARE_NONSTD(type) type +# define AP_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type #endif #ifndef AP_DECLARE_DATA -# define AP_DECLARE_DATA +# define AP_DECLARE_DATA __attribute__ ((visibility ("default"))) #endif #ifndef AP_MODULE_DECLARE -# define AP_MODULE_DECLARE(type) type +# define AP_MODULE_DECLARE(type) __attribute__ ((visibility ("default"))) type #endif #ifndef AP_MODULE_DECLARE_NONSTD -# define AP_MODULE_DECLARE_NONSTD(type) type +# define AP_MODULE_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type #endif #ifndef AP_MODULE_DECLARE_DATA -# define AP_MODULE_DECLARE_DATA +# define AP_MODULE_DECLARE_DATA __attribute__ ((visibility ("default"))) #endif /** Index: httpd-2.4.43/include/util_ldap.h =================================================================== --- httpd-2.4.43.orig/include/util_ldap.h 2020-04-03 13:38:03.445739206 +0200 +++ httpd-2.4.43/include/util_ldap.h 2020-04-03 13:38:05.549749528 +0200 @@ -66,9 +66,9 @@ * and import tags for the platform */ #if !defined(WIN32) -#define LDAP_DECLARE(type) type -#define LDAP_DECLARE_NONSTD(type) type -#define LDAP_DECLARE_DATA +#define LDAP_DECLARE(type) __attribute__ ((visibility ("default"))) type +#define LDAP_DECLARE_NONSTD(type) __attribute__ ((visibility ("default"))) type +#define LDAP_DECLARE_DATA __attribute__ ((visibility ("default"))) #elif defined(LDAP_DECLARE_STATIC) #define LDAP_DECLARE(type) type __stdcall #define LDAP_DECLARE_NONSTD(type) type Index: httpd-2.4.43/include/mpm_common.h =================================================================== --- httpd-2.4.43.orig/include/mpm_common.h 2018-08-14 22:56:54.000000000 +0200 +++ httpd-2.4.43/include/mpm_common.h 2020-04-03 13:40:10.698363488 +0200 @@ -195,7 +195,7 @@ AP_DECLARE(void) ap_wait_or_timeout(apr_ * Nagle's algorithm that have severe performance penalties. * @param s The socket to disable nagle for. */ -void ap_sock_disable_nagle(apr_socket_t *s); +AP_DECLARE(void) ap_sock_disable_nagle(apr_socket_t *s); #else #define ap_sock_disable_nagle(s) /* NOOP */ #endif ++++++ permissions.apache2 ++++++ /usr/sbin/suexec root:root 4755 /usr/sbin/suexec2 root:root 4755 ++++++ rc.apache2 ++++++ #!/bin/sh # # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003, (2004?) SuSE Linux AG # Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH # # Authors: Rolf Haberrecker <apache(a)suse.de>, 2001 # Peter Poeml <apache(a)suse.de>, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011. # Roman Drahtmueller <draht(a)suse.de>, 2010, 2011, 2012. # # # /etc/init.d/apache2 # ### BEGIN INIT INFO # Provides: apache apache2 httpd # Required-Start: $local_fs $remote_fs $network # Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd # Should-Stop: $named $time postgresql sendmail mysql ypclient dhcp radiusd # Required-Stop: $local_fs $remote_fs $network # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # X-Interactive: true # Short-Description: Apache 2 HTTP Server # Description: Start the Apache HTTP daemon ### END INIT INFO pname=apache2 : ${sysconfdir:=/etc/$pname} : ${apache_link:=/usr/sbin/httpd} : ${sysconfig_apache:=/etc/sysconfig/$pname} : ${pidfile:=/var/run/httpd.pid} : ${logdir:=/var/log/$pname} : ${homedir:=/var/lib/$pname} # # load the configuration # # # Note about ulimits: # if you want to set ulimits, e.g. to increase the max number of open file handle, # or to allow core files, you can do so by editing /etc/sysconfig/apache2 and # simply write the ulimit commands into that file. # Example: # ulimit -n 16384 # ulimit -H -n 16384 # ulimit -c unlimited # See the output of "help ulimit" in the bash, or "man 1 ulimit". # test -s /etc/rc.status && . /etc/rc.status && rc_reset . /usr/share/$pname/load_configuration export ${!APACHE_*} httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf} apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) test -L $apache_link && apache_bin=$(readlink $apache_link) if [ -z "$APACHE_MPM" ]; then APACHE_MPM=${apache_bin##*-} fi if ! [ -x $apache_bin ]; then echo >&2 ${warn}$apache_bin-$APACHE_MPM is not a valid httpd binary. echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname. $norm rc_failed 5 rc_status -v1 rc_exit fi # a proper home should be set, otherwise the server might end up # with HOME=/root and some script might try to use that HOME=$homedir get_server_flags() { unset server_flags case "$action" in startssl) server_flags="-DSSL";; esac for i in $APACHE_SERVER_FLAGS; do case $i in -D) ;; -D*) server_flags="$server_flags $i";; *) server_flags="$server_flags -D$i";; esac done server_flags="$server_flags -DSYSCONFIG -C 'Include /etc/apache2/sysconfig.d/'" } action="$1" case "$action" in stop|try-restart|*status*|probe) ;; *) shift; get_server_flags ${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true ${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true ;; esac # # main part # case "$action" in start*) if [ -e $pidfile ]; then $0 status &>/dev/null ret=$? if [ $ret = 1 ]; then echo "Warning: found stale pidfile (unclean shutdown?)" elif [ $ret = 0 ]; then echo "Apache is already running ($pidfile)" rc_failed $ret rc_status -v1 rc_exit fi fi echo -n "Starting httpd (${APACHE_MPM:-${apache_bin#*-}}) " cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") if eval $cmdline -t > $logdir/rc$pname.out 2>&1 ; then export -n ${!APACHE_*} eval startproc -f -t ${APACHE_START_TIMEOUT:-2} $cmdline ret=$? if test -t 1 && stty -a 2>/dev/null | grep -q -- -echo\ ; then # this means that apache was still waiting for a passphrase to be entered stty echo 2>/dev/null echo;echo echo >&2 An SSL passphrase has not been entered within ${APACHE_START_TIMEOUT:-<not set>} seconds. echo >&2 To increase this timeout, adjust APACHE_START_TIMEOUT in $sysconfig_apache . # this surely means that apache won't start, despite it looked good to startproc killall $apache_bin echo >&2 "Trying to start the server without SSL (-D NOSSL)." $0 start "$@" -D NOSSL # rc_failed 1 # rc_status -v1 # rc_exit else rc_failed $ret rc_status -v fi else if [ "$link" = "$base" ] ; then cat $logdir/rc$pname.out echo >&2 echo >&2 The command line was: echo >&2 $cmdline echo >&2 else echo -e -n "\nsee $logdir/rc$pname.out for details\n"; fi rc_failed 1 rc_status -v1 fi ;; stop) echo -n "Shutting down httpd " if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi if ! [ -f $pidfile ]; then echo -n "(not running)" else pid=$(<$pidfile) # re-read exe symlink, it could be (deleted) in the meanwhile. apache_bin=$(readlink /proc/$pid/exe 2>/dev/null) kill -TERM $pid 2>/dev/null case $? in 1) echo -n "(not running)";; 0) # wait until the processes are gone (the parent is the last one) echo -n "(waiting for all children to terminate) " for ((wait=0; wait<120; wait++)); do if test -f $pidfile; then usleep 500000 continue fi if ! test -f /proc/$pid/exe; then break fi if test "$(readlink /proc/$pid/exe 2>/dev/null)" = "$apache_bin"; then usleep 500000 else break fi done ;; esac fi rc_status -v ;; stop-graceful) echo "Shutting down httpd gracefully (SIGWINCH)" if ! [ -f $pidfile ]; then echo -n "(not running)" else pid=$(<$pidfile) kill -WINCH $pid 2>/dev/null case $? in 1) echo -n "(not running)";; 0) # wait until the pidfile is gone. The parent stays there, but closes the listen ports. echo -n "(waiting for parent to close listen ports and remove pidfile) " for ((wait=0; wait<120; wait++)); do if test -f $pidfile; then usleep 500000 continue else break fi done ;; esac fi rc_status -v ;; try-restart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) $0 configtest "$@" || { rc_failed $?; rc_exit; } if $0 status &>/dev/null; then $0 stop fi $0 start "$@" # Remember status and be quiet rc_status ;; restart-hup) $0 configtest "$@" || { rc_failed $?; rc_exit; } if $0 status &>/dev/null; then echo -n "Restarting httpd (SIGHUP)" kill -HUP $(<$pidfile) || return=$rc_failed else $0 start "$@" fi # Remember status and be quiet rc_status -v ;; restart-graceful) $0 configtest "$@" || { rc_failed $?; rc_exit; } if $0 status &>/dev/null; then $0 stop-graceful "$@" $0 start "$@" else $0 start "$@" fi # Remember status and be quiet rc_status ;; reload|force-reload|graceful) # check if there is a deleted binary. If there is, then logrotate # or other occasions will fail to reload, as dlopen(3) of apache # modules is prone to fail due to symbol mismatches. # in this case, we only complain and fail. if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi executable=$( readlink /proc/$(cat $pidfile)/exe 2> /dev/null ) case "$executable" in *httpd*delete*) echo -n "Reload httpd after package update: ignoring request. Please do a manual restart explicitly! " rc_failed 1 rc_status -v rc_exit ;; *) ;; esac echo -n "Reload httpd (graceful restart)" cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") if eval $cmdline -t &> $logdir/rc$pname.out; then killproc -USR1 $apache_bin || return=$rc_failed rc_status -v else if [ "$link" = "$base" ] ; then echo -e -n "\n\n" cat $logdir/rc$pname.out echo >&2 echo >&2 The command line was: echo >&2 $cmdline echo >&2 else echo -e -n "\nsee $logdir/rc$pname.out for details\n"; fi rc_failed 6 rc_status -v1 fi ;; status) if [ ! -f $pidfile -a -f $pidfile.rpmsave ]; then mv $pidfile.rpmsave $pidfile; fi echo -n "Checking for httpd: " # we don't use checkproc here since it is confused when we exchange the binaries if ! [ -f $pidfile ]; then # not running rc_failed 3 elif [ -s $pidfile -a -d /proc/$(<$pidfile) ]; then # running : else # stale pid file rc_failed 1 #rm -f $pidfile fi rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. for i in $httpd_conf \ $APACHE_CONF_INCLUDE_FILES \ $APACHE_CONF_INCLUDE_DIRS do if [ $i -nt $pidfile ]; then echo reload break fi done ;; conf*|test|syntax|check) cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") eval $cmdline -t rc_failed $? rc_exit ;; extr*) cmdline=$(echo $apache_bin -f $httpd_conf $server_flags "$@") out=$(su - nobody -c "$cmdline" 2>&1) case $out in *make_sock:\ could\ not\ bind\ to\ address*) echo Syntax: OK; rc_failed=0;; *) echo Syntax: NOT OK:; echo $out; rc_failed=1;; esac rc_exit ;; server-status) apachectl status ;; full-server-status|fullstatus) apachectl fullstatus ;; *) cat >&2 <<-EOF Usage: $0 <command> <server flags> where <command> is one of: start - start httpd startssl - start httpd with -DSSL stop - stop httpd (sending SIGTERM to parent) try-restart - stop httpd and if this succeeds (i.e. if it was running before), start it again. status - check whether httpd is running restart - stop httpd if running; start httpd restart-graceful - stop httpd gracefully if running; start httpd reload|graceful - do a graceful restart by sending a SIGUSR1, or start if not running stop-graceful - stop httpd (sending SIGWINCH to parent) configtest - do a configuration syntax test extreme-configtest - try to run httpd as nobody (detects more errors by actually loading the configuration, but cannot read SSL certificates) probe - probe for the necessity of a reload, give out the argument which is required for a reload. (by comparing conf files with pidfile timestamp) full-server-status - dump a full status screen; requires lynx or w3m and mod_status enabled server-status - dump a short status screen; requires lynx or w3m and mod_status enabled help - this screen optional server flags are passed through to httpd. EOF exit 1 esac # Inform the caller not only verbosely and set an exit status. rc_exit ++++++ robots.txt ++++++ # exclude help system from robots User-agent: * Disallow: /manual/ Disallow: /doc/ Disallow: /gif/ # but allow htdig to index our doc-tree User-agent: susedig Disallow: # disallow stress test user-agent: stress-agent Disallow: / ++++++ start_apache2 ++++++ #!/bin/sh # # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH # Copyright (c) 2002, 2003, (2004?) SuSE Linux AG # Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH # # Authors: Rolf Haberrecker <apache(a)suse.de>, 2001 # Peter Poeml <apache(a)suse.de>, 2002, 2003, 2004, 2005, 2006, 2007, # 2008, 2009, 2010 # # . /usr/share/apache2/script-helpers # # which instance should we will run # unset instance_suffix if [ -n "$HTTPD_INSTANCE" ]; then instance_suffix="@$HTTPD_INSTANCE" fi # # load sysconfig variables APACHE_* from instance sysconfig # file # export SYSCONFIG_FILE=/etc/sysconfig/apache2${instance_suffix} load_sysconfig unset server_flags # # server_flags: -DSYSCONFIG # if [ -f "$SYSCONFIG_FILE" ]; then server_flags="$server_flags -DSYSCONFIG" fi # # figure out correct apache2 binary (/usr/sbin/httpd-prefork, # /usr/sbin/httpd-worker, etc.) and serverflags # find_mpm if [ -n "$HTTPD_MPM" ]; then apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM" if ! [ -x $apache_bin ]; then echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary." echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2." exit 1 fi else echo >&2 "${warn}No Apache binary found. No MPM package installed? $norm" echo >&2 "Hint: install the apache2-prefork package, and try again." exit 1 fi # server flags from APACHE_SERVER_FLAGS for i in $APACHE_SERVER_FLAGS; do case $i in -D) ;; -D*) server_flags="$server_flags $i";; *) server_flags="$server_flags -D$i";; esac done # # head configuration file # httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf} # # where to write configuration depending on sysconfig variables # sysconfd_dir=$(dirname $httpd_conf)/sysconfig${instance_suffix}.d/ # # set PidFile to this file name; PidFile should not # be used in the configuration to change this, otherwise # stopping will not work # pid_file=/var/run/httpd${instance_suffix}.pid unset sysconfig_setting # # involve the sysconfig variables # [ -d ${sysconfd_dir} ] || mkdir -p ${sysconfd_dir} || exit 1 for c in global.conf include.conf loadmodule.conf; do echo "# File generated from $SYSCONFIG_FILE, do not edit. Edit the sysconfig file instead." > ${sysconfd_dir}/$c done # APACHE_ACCESS_LOG -> global.conf if [ -n "$APACHE_ACCESS_LOG" ]; then echo "CustomLog $APACHE_ACCESS_LOG" | sed 's:,:\nCustomLog :' >> ${sysconfd_dir}/global.conf fi # APACHE_CONF_INCLUDE_FILES -> include.conf for file in $APACHE_CONF_INCLUDE_FILES; do test ${file:0:1} = / || file=/etc/apache2/$file if [ ! -e $file ]; then continue fi echo "Include $file" >> ${sysconfd_dir}/include.conf done # APACHE_CONF_INCLUDE_DIRS -> include.conf for dir in $APACHE_CONF_INCLUDE_DIRS; do test ${dir:0:1} = / || dir=/etc/apache2/$dir if ! ( [ -e $dir ] || [ -e ${dir%/*} ] ); then continue fi echo "Include $dir" >> ${sysconfd_dir}/include.conf done # APACHE_SERVERADMIN -> global.conf if [ -n "$APACHE_SERVERADMIN" ]; then echo "ServerAdmin $APACHE_SERVERADMIN" >> ${sysconfd_dir}/global.conf fi # APACHE_SERVERNAME -> global.conf if [ -n "$APACHE_SERVERNAME" ]; then echo "ServerName $APACHE_SERVERNAME" >> ${sysconfd_dir}/global.conf fi # APACHE_START_TIMEOUT # not used nowadays # APACHE_SERVERSIGNATURE -> global.conf if [ -n "$APACHE_SERVERSIGNATURE" ]; then echo "ServerSignature $APACHE_SERVERSIGNATURE" >> ${sysconfd_dir}/global.conf fi # APACHE_LOGLEVEL -> global.conf if [ -n "$APACHE_LOGLEVEL" ]; then echo "LogLevel $APACHE_LOGLEVEL" >> ${sysconfd_dir}/global.conf fi # APACHE_USE_CANONICAL_NAME -> global.conf if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then echo "UseCanonicalName $APACHE_USE_CANONICAL_NAME" >> ${sysconfd_dir}/global.conf fi # APACHE_SERVERTOKENS -> global.conf if [ -n "$APACHE_SERVERTOKENS" ]; then echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf fi # APACHE_EXTENDED_STATUS -> global.conf if [ -n "$APACHE_EXTENDED_STATUS" ]; then echo "ExtendedStatus $APACHE_EXTENDED_STATUS" >> ${sysconfd_dir}/global.conf fi # APACHE_MODULES -> loadmodule.conf get_module_list module_ids=($HTTPD_MODULE_IDS) module_paths=($HTTPD_MODULE_PATHS) for i in "${!module_ids[@]}"; do echo "LoadModule ${module_ids[$i]} ${module_paths[$i]}" >> ${sysconfd_dir}/loadmodule.conf done # # a proper home should be set, otherwise the server might end up # with HOME=/root and some script might try to use that # HOME=/var/lib/apache2${instance_suffix} # # run Apache # exec $apache_bin $server_flags \ -C "PidFile $pid_file" \ -C "Include $sysconfd_dir/loadmodule.conf" \ -C "Include $sysconfd_dir/global.conf" \ -f $httpd_conf \ -c "Include $sysconfd_dir/include.conf" \ "${sysconfig_setting[@]}" \ $@ exit 0 ++++++ sysconf_addword ++++++ #!/bin/bash # Copyright 2005 Peter Poeml <apache(a)suse.de>. All Rights Reserved. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. debug=false function usage() { cat <<-EOF usage: $(basename $0) [-r] FILE VAR WORD Add word WORD to variable VAR in file FILE, or remove it if the -r option is given. Example: $(basename $0) /etc/sysconfig/apache2 APACHE_SERVER_FLAGS asdf leads to the change: -APACHE_SERVER_FLAGS="SSL STATUS ruby" +APACHE_SERVER_FLAGS="SSL STATUS ruby asdf" If multiple lines matching ^VAR= are found (which happens to be a habit of mine), only the last one is manipulated. It does not work for WORD starting with characters like a dash which prevent word boundary matching. EOF } function find_last_occurrence () { # takes two arguments, FILE and VAR # and return the number of the last line where # VAR occurs in FILE (not commented) grep -n -- "^[[:space:]]*$1" $2 | tail -n 1 | cut -d: -f1 } function word_present () { . $file case " ${!var} " in *" $word "*) true;; *) false;; esac } function add_word() { local word=$1 local word_quoted=$2 if ! word_present; then $debug && cp $file $tmpf sed -i -e "${lineno} { s/^[[:space:]]*$$var=\".*$$\".*$/\1 $word_quoted\2/; s/=\" /=\"/ }" $file $debug && diff -u $tmpf $file else echo \"$word\" already present fi # some balancing for vim"s syntax highlighting } function remove_word() { local word=$1 local word_quoted=$2 if word_present; then $debug && cp $file $tmpf sed -i -e "${lineno} { s/$['\" ]$$word_quoted$['\" ]$/\1 \2/g s/ / /g }" $file $debug && diff -u $tmpf $file else echo \"$word\" not present fi # some balancing for vim"s syntax highlighting } # poor man's option parsing case "$1" in -h) usage; exit 0;; esac if [ $# -lt 3 ]; then echo not enough arguments echo usage; exit 1 fi action=add case "$1" in -r) action=remove; shift;; esac file=$1; shift var=$1; shift word=$1 word_quoted=${1//\//\\\/} if $debug; then echo FILE: $file echo VAR: $var echo WORD: $word echo current content: grep "^$var=" $file | tail -n 1 echo fi if ! [ -r $file ]; then echo ${0##*/}: file $file is not a readable file exit 1 fi lineno=$(find_last_occurrence $var $file) if [ -z $lineno ]; then echo ${0##*/}: variable $var does not occur in $file exit 1 fi $debug && tmpf=$(mktemp /tmp/$(basename $0).XXXXXX) if [ $action = add ]; then add_word $word $word_quoted $lineno else remove_word $word $word_quoted $lineno fi $debug && rm -f $tmpf exit 0 ++++++ sysconfig.apache2 ++++++ ## Path: Network/WWW/Apache2 ## Description: Configuration for Apache 2 ## Type: string ## Default: "" ## ServiceRestart: apache2 # # Here you can name files, separated by spaces, that should be Include'd from # httpd.conf. # # This allows you to add e.g. VirtualHost statements without touching # /etc/apache2/httpd.conf itself, which makes upgrading easier. # APACHE_CONF_INCLUDE_FILES="" ## Type: string ## Default: "" ## ServiceRestart: apache2 # # Here you can name directories, separated by spaces, that should be Include'd # from httpd.conf. # # All files contained in these directories will be recursively included by apache. # If a pattern like *.conf is appended, apache will use it. # # Examples: "/etc/apache2/my_conf/" # "/etc/apache2/virtual_hosts/*.conf" # "local/*.conf /srv/www/virtual/" # APACHE_CONF_INCLUDE_DIRS="" ## Type: string ## Default: "actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout" ## ServiceRestart: apache2 # # [It might look silly to not simply edit httpd.conf for the LoadModule statements. # However, since the LoadModule statements might need an absolute path to the modules, # switching between MPMs can be quite a hassle. It's easier to just give the names here.] # # * list of all modules shipped with the base distribution: # see /usr/lib64/apache2-$MPM # see http://httpd.apache.org/docs/2.4/mod/ ! # # * It pays to use IfDefine statements... like # <IfModule mod_xyz.c> # .... # </IfModule> # # * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax. # You may also name an absolute path if you like. # # * NOTES ON SSL: # 1. Before you can use mod_ssl, you need a server certificate. # A test certificate can be created by entering e. g. # # $ gensslcert -n a.com # # See gensslcert -h for or gensslcert script itself for details. # 2. Also, you need to set the ServerName inside the <VirtualHost _default_:443> # block to the fully qualified domain name (see /etc/HOSTNAME). # 3. If your server certificate is protected by a passphrase you should increase the # APACHE_START_TIMEOUT (see above) # 4. Consider to load also socache_shmcb module, see # http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache # for details. # 5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS # below. # # * modules listed here will be ignored if they are not installed # # # EXAMPLES: # # fairly minimal # APACHE_MODULES="authz_host alias auth dir log_config mime setenvif" # # apache's default installation # APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir" # your settings APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout" ## Type: string ## Default: "" ## ServiceRestart: apache2 # # Additional server flags: # # Put here any server flags ("Defines") that you want to hand over to # httpd at start time, or other command line flags. # # Background: Any directives within an <IfDefine flag>...</IfDefine> # section are only processed if the flag is defined. # This allows to write configuration which is active only in a # special cases, like during server maintenance, or for testing # something temporarily. # # Notably, to enable ssl support, 'SSL' needs to be added here. # To enable the server-status, 'STATUS' needs to be added here. # # It does not matter if you write flag1, -D flag1 or -Dflag1. # Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2". # # Specifying such flags here is equivalent to giving them on the commandline. # (e.g. via rcapache2 start -DReverseProxy) # # Example: # "SSL HTTP2 STATUS AWSTATS SVN_VIEWCVS no_subversion_today" # APACHE_SERVER_FLAGS="" ## Type: string ## Default: "" ## ServiceRestart: apache2 # # Which config file do you want to use? # (if not set, /etc/apache2/httpd.conf is used.) # It is unusual to need to use this setting. # APACHE_HTTPD_CONF="" ## Type: list(prefork,worker,event,itk) ## Default: "" ## ServiceRestart: apache2 # # MPM (multi-processing module) to use. # # Needed to determine with which MPM apache will run, as well as # against which header files modules will be built. # # If not set, the system will simply pick one of the installed MPMs. # # The implementation of the logic is in /usr/share/apache2/find_mpm, # a script which can be used standalone as well if needed. # APACHE_MPM="" ## Type: string ## Default: "" ## ServiceReload: apache2 # # email address of the server administrator (ServerAdmin directive) # This address is added to the server's responses if APACHE_SERVERSIGNATURE # is set to "email". # # If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is # taken from /etc/HOSTNAME. # # Note that ServerAdmin directives inside VirtualHost statements are not # changed, even not the one in the stock SSL virtual host block. # APACHE_SERVERADMIN="" ## Type: string ## Default: "" ## ServiceReload: apache2 # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If this is not set to valid DNS name for your host, server-generated # redirections will not work. See also the UseCanonicalName directive. # # If your host doesn't have a registered DNS name, enter its IP address here. # You will have to access it by its address anyway, and this will make # redirections work in a sensible way. # APACHE_SERVERNAME="" ## Type: integer ## Default: 2 # # timeout during server startup (seconds) # after this time, the start script decides wether the httpd process started without error. # # Increase it, if you use mod_ssl and your certificate is passphrase protected! # APACHE_START_TIMEOUT="2" ## Type: list(on,off,email) ## Default: "on" ## ServiceReload: apache2 # # Configures the footer on server-generated documents # This correlates to the ServerSignature directive. # APACHE_SERVERSIGNATURE="off" ## Type: list(debug,info,notice,warn,error,crit,alert,emerg) ## Default: "warn" ## ServiceReload: apache2 # # LogLevel: Control the number of messages logged to the error_log. # APACHE_LOGLEVEL="warn" ## Type: string ## Default: "/var/log/apache2/access_log combined" ## ServiceRestart: apache2 # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrarywise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # # Simply set it to empty, if you configure it yourself somewhere else. # # Examples: # # If you would like to have agent and referer logfiles: # # setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent" # corresponds to # CustomLog /var/log/apache2/referer_log referer # CustomLog /var/log/apache2/agent_log agent # # If you prefer a single logfile with access, agent, and referer information # (Combined Logfile Format): # # setting it to "/var/log/apache2/access_log combined" # corresponds to # CustomLog /var/log/apache2/access_log combined # APACHE_ACCESS_LOG="/var/log/apache2/access_log combined" ## Type: list(On,Off,DNS) ## Default: "Off" ## ServiceReload: apache2 # # UseCanonicalName: Determines how Apache constructs self-referencing # URLs and the SERVER_NAME and SERVER_PORT variables. # When set "Off", Apache will use the Hostname and Port supplied # by the client. When set "On", Apache will use the value of the # ServerName directive. # APACHE_USE_CANONICAL_NAME="off" ## Type: list(Major,Minor,Minimal,ProductOnly,OS,Full) ## Default: "OS" ## ServiceReload: apache2 # # How much information the server response header field contains about the server. # (installed modules, versions, etc.) # see http://httpd.apache.org/docs/2.4/mod/core.html#servertokens # APACHE_SERVERTOKENS="ProductOnly" ## Type: list(on,off) ## Default: "off" ## ServiceReload: apache2 # # If mod_status is used, include extended information about the server, like # CPU usage, in the status report. It is a server-wide setting, and it can cost # some performance! # APACHE_EXTENDED_STATUS="off"

1 0

commit 00Meta for openSUSE:Leap:15.1:Images
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package 00Meta for openSUSE:Leap:15.1:Images checked in at 2020-10-31 11:15:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Images/00Meta (Old) and /work/SRC/openSUSE:Leap:15.1:Images/.00Meta.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "00Meta" Sat Oct 31 11:15:33 2020 rev:549 rq: version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ version_totest ++++++ --- /var/tmp/diff_new_pack.5wZB9d/_old 2020-10-31 11:15:35.472847676 +0100 +++ /var/tmp/diff_new_pack.5wZB9d/_new 2020-10-31 11:15:35.472847676 +0100 @@ -1 +1 @@ -8.12.156 \ No newline at end of file +8.12.157 \ No newline at end of file

1 0

commit openldap2 for openSUSE:Factory
by root 31 Oct '20

31 Oct '20

Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2020-10-31 10:50:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openldap2" Sat Oct 31 10:50:47 2020 rev:160 rq: version:unknown Changes: -------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.CJfnBD/_old 2020-10-31 10:50:50.279845426 +0100 +++ /var/tmp/diff_new_pack.CJfnBD/_new 2020-10-31 10:50:50.283845428 +0100 @@ -82,7 +82,7 @@ %if %{suse_version} < 1500 %{?systemd_requires} %endif -Requires: gawk +Requires: /usr/bin/gawk Requires: libldap-2_4-2 = %{version_main} Recommends: cyrus-sasl Conflicts: openldap

1 0