Hello community, here is the log from the commit of package apache2 checked in at Tue Aug 29 18:11:33 CEST 2006. -------- --- apache2/apache2.changes 2006-07-04 12:21:24.000000000 +0200 +++ apache2/apache2.changes 2006-08-29 16:34:08.000000000 +0200 @@ -1,0 +2,49 @@ +Tue Aug 29 16:33:59 CEST 2006 - poeml@suse.de + +- move some binaries, where calling by users makes sense (dbmmanage + htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133] + +------------------------------------------------------------------- +Wed Aug 9 16:13:07 CEST 2006 - poeml@suse.de + +- upstream 2.2.3 + |SECURITY: CVE-2006-3747 (cve.mitre.org) + | mod_rewrite: Fix an off-by-one security problem in the ldap scheme + | handling. For some RewriteRules this could lead to a pointer being + | written out of bounds. Reported by Mark Dowd of McAfee. + | mod_authn_alias: Add a check to make sure that the base provider and the + | alias names are different and also that the alias has not been registered + | before. PR 40051. + | mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP + | client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529. + | mod_autoindex: Fix filename escaping with FancyIndexing disabled. + | PR 38910. + | mod_cache: + | - Make caching of reverse SSL proxies possible again. PR 39593. + | - Do not overwrite the Content-Type in the cache, for + | successfully revalidated cached objects. PR 39647. + | mod_charset_lite: Bypass translation when the source and dest charsets + | are the same. + | mod_dbd: Fix dependence on virtualhost configuration in + | defining prepared statements (possible segfault at startup + | in user modules such as mod_authn_dbd). + | mod_mem_cache: Set content type correctly when delivering data from + | cache. PR 39266. + | mod_speling: Add directive to deal with case corrections only + | and ignore other misspellings + | miscellaneous: + | - Add optional 'scheme://' prefix to ServerName directive, + | allowing correct determination of the canonical server URL + | for use behind a proxy or offload device handling SSL; + | fixing redirect generation in those cases. PR 33398. + | - Added server_scheme field to server_rec for above. Minor MMN bump. + | - Worker MPM: On graceless shutdown or restart, send signals + | to each worker thread to wake them up if they're polling on + | a Keep-Alive connection. PR 38737. + | - worker and event MPMs: fix excessive forking if fork() or + | child_init take a long time. PR 39275. + | - Respect GracefulShutdownTimeout in the worker and event MPMs. + | - configure: Add "--with-included-apr" flag to force use of + | the bundled version of APR at build time. + +------------------------------------------------------------------- Old: ---- httpd-2.2.2.tar.bz2 New: ---- httpd-2.2.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.iiaWII/_old 2006-08-29 18:10:47.000000000 +0200 +++ /var/tmp/diff_new_pack.iiaWII/_new 2006-08-29 18:10:47.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package apache2 (Version 2.2.2) +# spec file for package apache2 (Version 2.2.3) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -51,9 +51,9 @@ %define platform_string Linux/%VENDOR License: Apache Group: Productivity/Networking/Web/Servers -%define realver 2.2.2 -Version: 2.2.2 -Release: 4 +%define realver 2.2.3 +Version: 2.2.3 +Release: 1 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 Source10: SUSE-NOTICE @@ -630,6 +630,9 @@ mv $i ${i}%{vers} || true done mv apachectl apachectl.tmp; mv apachectl.tmp apache%{vers}ctl + for i in dbmmanage htdbm htdigest htpasswd; do + mv ${i}%{vers} ../bin/ + done popd # fix up apxs pushd $RPM_BUILD_ROOT/%{_sbindir} @@ -800,12 +803,8 @@ %{_sbindir}/rc%{pname} %{_sbindir}/ab%{vers} %{_sbindir}/apache%{vers}ctl -%{_sbindir}/dbmmanage%{vers} %{_sbindir}/envvars %{_sbindir}/envvars-std -%{_sbindir}/htdbm%{vers} -%{_sbindir}/htdigest%{vers} -%{_sbindir}/htpasswd%{vers} %{_sbindir}/htcacheclean %{_sbindir}/httxt2dbm %{_sbindir}/logresolve%{vers} @@ -820,6 +819,10 @@ %{_bindir}/split-logfile%{vers} %{_bindir}/gensslcert %{_bindir}/check_forensic%{vers} +%{_bindir}/dbmmanage%{vers} +%{_bindir}/htdbm%{vers} +%{_bindir}/htdigest%{vers} +%{_bindir}/htpasswd%{vers} %verify(not mode) %attr(0755,root,root) %_sbindir/suexec2 %{iconsdir} %{errordir} @@ -1000,6 +1003,49 @@ fi %changelog -n apache2 +* Tue Aug 29 2006 - poeml@suse.de +- move some binaries, where calling by users makes sense (dbmmanage + htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133] +* Wed Aug 09 2006 - poeml@suse.de +- upstream 2.2.3 + |SECURITY: CVE-2006-3747 (cve.mitre.org) + | mod_rewrite: Fix an off-by-one security problem in the ldap scheme + | handling. For some RewriteRules this could lead to a pointer being + | written out of bounds. Reported by Mark Dowd of McAfee. + | mod_authn_alias: Add a check to make sure that the base provider and the + | alias names are different and also that the alias has not been registered + | before. PR 40051. + | mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP + | client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529. + | mod_autoindex: Fix filename escaping with FancyIndexing disabled. + | PR 38910. + | mod_cache: + | - Make caching of reverse SSL proxies possible again. PR 39593. + | - Do not overwrite the Content-Type in the cache, for + | successfully revalidated cached objects. PR 39647. + | mod_charset_lite: Bypass translation when the source and dest charsets + | are the same. + | mod_dbd: Fix dependence on virtualhost configuration in + | defining prepared statements (possible segfault at startup + | in user modules such as mod_authn_dbd). + | mod_mem_cache: Set content type correctly when delivering data from + | cache. PR 39266. + | mod_speling: Add directive to deal with case corrections only + | and ignore other misspellings + | miscellaneous: + | - Add optional 'scheme://' prefix to ServerName directive, + | allowing correct determination of the canonical server URL + | for use behind a proxy or offload device handling SSL; + | fixing redirect generation in those cases. PR 33398. + | - Added server_scheme field to server_rec for above. Minor MMN bump. + | - Worker MPM: On graceless shutdown or restart, send signals + | to each worker thread to wake them up if they're polling on + | a Keep-Alive connection. PR 38737. + | - worker and event MPMs: fix excessive forking if fork() or + | child_init take a long time. PR 39275. + | - Respect GracefulShutdownTimeout in the worker and event MPMs. + | - configure: Add "--with-included-apr" flag to force use of + | the bundled version of APR at build time. * Tue Jul 04 2006 - poeml@suse.de - a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is found ++++++ httpd-2.2.2.tar.bz2 -> httpd-2.2.3.tar.bz2 ++++++ ++++ 23124 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org