Hello community,
here is the log from the commit of package apache2
checked in at Fri Sep 12 22:47:18 CEST 2008.
--------
--- apache2/apache2.changes 2008-08-28 01:16:47.000000000 +0200
+++ apache2/apache2.changes 2008-08-26 23:01:24.000000000 +0200
@@ -2 +2 @@
-Thu Aug 28 01:16:28 CEST 2008 - ro@suse.de
+Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
@@ -4 +4,2 @@
-- remove deprecated options from fillup and insserv call
+- drop rc.config handling (was removed in or after SuSE Linux 8.0)
+- don't use fillup_insserv options which have been removed lately
@@ -7 +8 @@
-Mon Aug 25 01:20:45 CEST 2008 - ro@suse.de
+Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
@@ -9 +10,155 @@
-- initscript: copy Should-Start to Should-Stop to fix build
+- fix init script LSB headers
+
+-------------------------------------------------------------------
+Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
+
+- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
+ how to set ulimits when starting the server
+- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
+ sysconfig template. They still work but I think it is good to
+ keep this stuff out of the beginner's config, first because both
+ features are sophisticated enough to not being tweaked in most
+ cases, second because it only confuses people I guess, and makes
+ the sysconfig file larger than necessary.
+
+-------------------------------------------------------------------
+Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
+
+- update to 2.2.9:
+ SECURITY: CVE-2008-2364 (cve.mitre.org)
+ mod_proxy_http: Better handling of excessive interim responses
+ from origin server to prevent potential denial of service and
+ high memory usage. Reported by Ryujiro Shibuya.
+ SECURITY: CVE-2007-6420 (cve.mitre.org)
+ mod_proxy_balancer: Prevent CSRF attacks against the
+ balancer-manager interface.
+ - htpasswd: Fix salt generation weakness. PR 31440
+ worker/event MPM:
+ - Fix race condition in pool recycling that leads to
+ segmentation faults under load. PR 44402
+ core:
+ - Fix address-in-use startup failure on some platforms caused by
+ creating an IPv4 listener which overlaps with an existing IPv6
+ listener.
+ - Add the filename of the configuration file to the warning
+ message about the useless use of AllowOverride. PR 39992.
+ - Do not allow Options ALL if not all options are allowed to be
+ overwritten. PR 44262
+ - reinstate location walk to fix config for subrequests PR 41960
+ - Fix garbled TRACE response on EBCDIC platforms.
+ - gen_test_char: add double-quote to the list of
+ T_HTTP_TOKEN_STOP. PR 9727
+ http_filters:
+ - Don't return 100-continue on redirects. PR 43711
+ - Don't return 100-continue on client error PR 43711
+ - Don't spin if get an error when reading the next chunk. PR 44381
+ - Don't add bogus duplicate Content-Language entries
+ suexec:
+ - When group is given as a numeric gid, validate it by looking up
+ the actual group name such that the name can be used in log entries.
+ PR 7862
+ mod_authn_dbd:
+ - Disambiguate and tidy database authentication error messages. PR 43210.
+ mod_cache:
+ - Handle If-Range correctly if the cached resource was stale. PR 44579
+ - Revalidate cache entities which have Cache-Control: no-cache
+ set in their response headers. PR 44511
+ mod_cgid:
+ - Explicitly set permissions of the socket (ScriptSock) shared
+ by mod_cgid and request processing threads, for OS'es such as
+ HPUX and AIX that do not use umask for AF_UNIX socket permissions.
+ - Don't try to restart the daemon if it fails to initialize the socket.
+ mod_charset_lite:
+ - Add TranslateAllMimeTypes sub-option to CharsetOptions,
+ allowing the administrator to skip the mimetype checking that
+ precedes translation.
+ mod_dav:
+ - Return "method not allowed" if the destination URI of a WebDAV
+ copy / move operation is no DAV resource. PR 44734
+ mod_headers:
+ - Add 'merge' option to avoid duplicate values within the same header.
+ mod_include:
+ - Correctly handle SSI directives split over multiple filter
+ mod_log_config:
+ - Add format options for %p so that the actual local or remote
+ port can be logged. PR 43415.
+ mod_logio:
+ - Provide optional function to allow modules to adjust the
+ bytes_in count
+ mod_proxy:
+ - Make all proxy modules nocanon aware and do not add the
+ query string again in this case. PR 44803.
+ - scoreboard: Remove unused proxy load balancer elements from scoreboard
+ image (not scoreboard memory itself).
+ - Support environment variable interpolation in reverse
+ proxying directives.
+ - Do not try a direct connection if the connection via a
+ remote proxy failed before and the request has a request body.
+ - ProxyPassReverse is now balancer aware.
+ - Lower memory consumption for short lived connections.
+ PR 44026.
+ - Keep connections to the backend persistent in the HTTPS case.
+ mod_proxy_ajp:
+ - Do not retry request in the case that we either failed to
+ sent a part of the request body or if the request is not idempotent.
+ PR 44334
+ mod_proxy_ftp:
+ - Fix base for directory listings. PR 27834
+ mod_proxy_http:
+ - Fix processing of chunked responses if Connection:
+ Transfer-Encoding is set in the response of the proxied
+ system. PR 44311
+ - Return HTTP status codes instead of apr_status_t values for
+ errors encountered while forwarding the request body PR 44165
+ mod_rewrite:
+ - Initialize hash needed by ap_register_rewrite_mapfunc early
+ enough. PR 44641
+ - Check all files used by DBM maps for freshness, mod_rewrite
+ didn't pick up on updated sdbm maps due to this. PR41190
+ - Don't canonicalise URLs with [P,NE] PR 43319
+ mod_speling:
+ - remove regression from 1.3/2.0 behavior and drop dependency
+ between mod_speling and AcceptPathInfo.
+ mod_ssl:
+ - Fix a memory leak with connections that have zlib compression
+ turned on. PR 44975
+ mod_substitute:
+ - The default is now flattening the buckets after each
+ substitution. The newly added 'q' flag allows for the quicker,
+ more efficient bucket-splitting if the user so
+ mod_unique_id:
+ - Fix timestamp value in UNIQUE_ID. PR 37064
+ ab (apache benchmark):
+ - Include earlier if available since we may need
+ INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
+ - Improve client performance by clearing connection pool instead
+ - Don't stop sending a request if EAGAIN is returned, which
+ will only happen if both the write and subsequent wait are
+ returning EAGAIN, and count posted bytes correctly when the initial
+ write of a request is not complete. PR 10038, 38861, 39679
+ - Overhaul stats collection and reporting to avoid integer
+ truncation and time divisions within the test loop, retain
+ native time resolution until output, remove unused data,
+ consistently round milliseconds, and generally avoid losing
+ accuracy of calculation due to type casts. PR 44878, 44931.
+ - Add -r option to continue after socket receive errors.
+ - Do not try to read non existing response bodies of HEAD requests.
+ - Use a 64 bit unsigned int instead of a signed long to count the
+ rotatelogs:
+ - Log the current file size and error code/description when
+ failing to write to the log file.
+ - Added '-f' option to force rotatelogs to create the logfile as
+ soon as started, and not wait until it reads the first entry.
+ - Don't leak memory when reopening the logfile. PR 40183
+ - Improve atomicity when using -l and cleaup code. PR 44004
+- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
+ httpd-2.2.x-CVE-2008-1678.patch
+- don't run autoreconf on SLES9
+- remove the addition of -g to the CFLAGS, since the build service
+ handles debuginfo packages now
+
+-------------------------------------------------------------------
+Mon Jun 9 17:18:03 CEST 2008 - poeml@suse.de
+
+- build service supports the debuginfo flag in metadata now; remove
+ debug_package macro from the specfile therefore.
@@ -22 +177,17 @@
-Fri Apr 18 14:17:31 CEST 2008 - poeml@suse.de
+Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
+
+- fix build on Mandriva 2007, by escaping commented %build macro
+- make filelist of man pages independant of the compression method
+ (gz, bz2, lzma)
+
+-------------------------------------------------------------------
+Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
+
+- fix from Factory:
+ - remove dir /usr/share/omc/svcinfo.d as it is provided now
+ by filesystem
+- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
+ used since quite some time since the issue is resolved.
+
+-------------------------------------------------------------------
+Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
@@ -24 +194,0 @@
-- sync up with changes from Build Service:
@@ -30,0 +201,10 @@
+
+-------------------------------------------------------------------
+Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
+
+- require ed package, since ed is needed by sysconf_addword, which
+ in turn is used by a2enmod/a2enflag
+
+-------------------------------------------------------------------
+Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
++++ 399 more lines (skipped)
++++ between apache2/apache2.changes
++++ and apache2/apache2.changes
Old:
----
httpd-2.1.3alpha-autoconf-2.59.dif
httpd-2.2.8.tar.bz2
httpd-2.2.x-CVE-2008-1678.patch
New:
----
httpd-2.2.9.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.g26042/_old 2008-09-12 22:45:27.000000000 +0200
+++ /var/tmp/diff_new_pack.g26042/_new 2008-09-12 22:45:27.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package apache2 (Version 2.2.8)
+# spec file for package apache2 (Version 2.2.9)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -61,9 +61,9 @@
%define platform_string Linux/%VENDOR
License: The Apache Software License
Group: Productivity/Networking/Web/Servers
-%define realver 2.2.8
-Version: 2.2.8
-Release: 50
+%define realver 2.2.9
+Version: 2.2.9
+Release: 1
#Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2
Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
Source10: SUSE-NOTICE
@@ -111,12 +111,10 @@
Source140: apache2-check_forensic
Source141: apache-20-22-upgrade
Patch2: httpd-2.1.3alpha-layout.dif
-Patch10: httpd-2.1.3alpha-autoconf-2.59.dif
Patch23: httpd-2.1.9-apachectl.dif
Patch65: httpd-2.0.49-log_server_status.dif
Patch66: httpd-2.0.54-envvars.dif
Patch67: httpd-2.2.0-apxs-a2enmod.dif
-Patch68: httpd-2.2.x-CVE-2008-1678.patch
Url: http://httpd.apache.org/
Icon: Apache.xpm
Summary: The Apache Web Server Version 2.0
@@ -322,9 +320,6 @@
--------
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
-%if 0%{?opensuse_bs}
-%endif
-
%prep
#
# O/ ._ .__ ._
@@ -333,12 +328,10 @@
#
%setup -q -n httpd-%{realver}
%patch2 -p1
-%patch10 -p1
%patch23 -p1
%patch65 -p1
%patch66 -p1
%patch67 -p1
-%patch68 -p3
#
cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
#
@@ -351,8 +344,14 @@
#
# now configure Apache
#
+%if 0%{?suse_version} > 910
aclocal
autoreconf --force --install
+%else
+rm -rf aclocal.m4 autom4te*.cache
+autoheader
+autoconf
+%endif
%build
#
@@ -361,9 +360,6 @@
#
function configure {
CFLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing -DLDAP_DEPRECATED" \
-%if 0%{?opensuse_bs}
- CFLAGS="$CFLAGS -g"
-%endif
CPPFLAGS="-DSSL_EXPERIMENTAL_ENGINE -DMAX_SERVER_LIMIT=200000 -DLDAP_DEPRECATED -DMAXLINE=4096" \
./configure \
--enable-layout=SuSE81%(test "%_lib" = lib64 && echo -n _64) \
@@ -450,9 +446,6 @@
make CFLAGS="$RPM_OPT_FLAGS -fPIC \
-fno-strict-aliasing \
-Wall \
-%if 0%{?opensuse_bs}
- -g \
-%endif
-DDEFAULT_PIDLOG='\"%{runtimedir}/%{httpd}.pid\"' \
-DDEFAULT_ERRORLOG='\"%{logfiledir}/error_log\"' " \
%{?jobs:-j%jobs}
@@ -532,7 +525,7 @@
# /O || |_> |_(_|||
#
#
-# (most installation (to build root) has already been done in %build)
+# (most installation (to build root) has already been done in %%build)
#
# save MODULE_MAGIC_NUMBER
cat > $RPM_BUILD_ROOT/%{_libdir}/%{pname}_MMN <<-EOF
@@ -787,10 +780,10 @@
%doc support/SHA1
%doc %attr(755,root,root) certificate.sh
%doc %attr(755,root,root) mkcert.sh
-%doc %{_mandir}/man8/apachectl%{vers}.8.gz
-%doc %{_mandir}/man8/htcacheclean%{vers}.8.gz
-%doc %{_mandir}/man8/%{httpd}.8.gz
-%doc %{_mandir}/man8/apxs%{vers}.8.gz
+%doc %{_mandir}/man8/apachectl%{vers}.8.*
+%doc %{_mandir}/man8/htcacheclean%{vers}.8.*
+%doc %{_mandir}/man8/%{httpd}.8.*
+%doc %{_mandir}/man8/apxs%{vers}.8.*
%doc robots.txt
%doc printenv
%doc test-cgi
@@ -906,14 +899,14 @@
%files utils
%defattr(-,root,root)
-%doc %{_mandir}/man8/ab%{vers}.8.gz
-%doc %{_mandir}/man1/dbmmanage%{vers}.1.gz
-%doc %{_mandir}/man1/htdbm%{vers}.1.gz
-%doc %{_mandir}/man1/htdigest%{vers}.1.gz
-%doc %{_mandir}/man1/htpasswd%{vers}.1.gz
-%doc %{_mandir}/man8/logresolve%{vers}.8.gz
-%doc %{_mandir}/man8/rotatelogs%{vers}.8.gz
-%doc %{_mandir}/man8/suexec%{vers}.8.gz
+%doc %{_mandir}/man8/ab%{vers}.8.*
+%doc %{_mandir}/man1/dbmmanage%{vers}.1.*
+%doc %{_mandir}/man1/htdbm%{vers}.1.*
+%doc %{_mandir}/man1/htdigest%{vers}.1.*
+%doc %{_mandir}/man1/htpasswd%{vers}.1.*
+%doc %{_mandir}/man8/logresolve%{vers}.8.*
+%doc %{_mandir}/man8/rotatelogs%{vers}.8.*
+%doc %{_mandir}/man8/suexec%{vers}.8.*
%{_bindir}/check_forensic%{vers}
%{_bindir}/dbmmanage%{vers}
%{_bindir}/gensslcert
@@ -987,23 +980,11 @@
usermod -s /bin/false %httpduser 2>/dev/null ||:
tmpdir=$(mktemp -d etc/%{pname}/%{pname}-post.XXXXXX); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
tmpfile=$tmpdir/tmpfile
-RC_CONFIG=etc/rc.config
-if [ -e $RC_CONFIG ]; then
- . $RC_CONFIG
- if [ "$START_HTTPD" = no -a "$START_HTTPSD" = yes ]; then
- echo -n "removing obsolete START_HTTPSD from etc/rc.config ..."
- sed -e 's+START_HTTPD=.*+START_HTTPD=yes+' \
- -e 's+START_HTTPSD=.*++' $RC_CONFIG > $tmpfile \
- && cp $tmpfile $RC_CONFIG
- echo "done"
- fi
-fi
if test -s etc/sysconfig/%{pname} && grep -q "^LOADMODULES" etc/sysconfig/%{pname}; then
sed "s/LOADMODULES/APACHE_MODULES/" etc/sysconfig/%{pname} >| $tmpfile \
&& cp $tmpfile etc/sysconfig/%{pname}
fi
-%{fillup_and_insserv -n apache2 apache2}
-%{fillup_only -ans apache2 apache2}
+%{fillup_and_insserv apache2}
# Update ?
if [ ${FIRST_ARG:-0} -gt 1 ]; then
# update from package with the old near-monolithic conf file?
++++++ httpd-2.2.8.tar.bz2 -> httpd-2.2.9.tar.bz2 ++++++
++++ 256430 lines of diff (skipped)
++++++ rc.apache2 ++++++
--- apache2/rc.apache2 2008-08-25 01:20:43.000000000 +0200
+++ apache2/rc.apache2 2008-08-15 11:38:38.000000000 +0200
@@ -12,15 +12,15 @@
# /etc/init.d/apache2
#
### BEGIN INIT INFO
-# Provides: apache2 httpd2
+# Provides: apache apache2 httpd
# Required-Start: $local_fs $remote_fs $network
# Should-Start: $named $time postgresql sendmail mysql ypclient dhcp radiusd
-# Required-Stop: $local_fs $remote_fs $network
# Should-Stop: $named $time postgresql sendmail mysql ypclient dhcp radiusd
+# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
-# Short-Description: Apache 2.2 httpd
-# Description: Start the httpd daemon Apache
+# Short-Description: Apache 2.2 HTTP Server
+# Description: Start the Apache HTTP daemon
### END INIT INFO
pname=apache2
@@ -34,6 +34,18 @@
#
# load the configuration
#
+
+#
+# Note about ulimits:
+# if you want to set ulimits, e.g. to increase the max number of open file handle,
+# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
+# simply write the ulimit commands into that file.
+# Example:
+# ulimit -n 16384
+# ulimit -H -n 16384
+# ulimit -c unlimited
+# See the output of "help ulimit" in the bash, or "man 1 ulimit".
+#
test -s /etc/rc.status && . /etc/rc.status && rc_reset
. /usr/share/$pname/load_configuration
++++++ sysconfig.apache2 ++++++
--- apache2/sysconfig.apache2 2008-04-18 14:27:58.000000000 +0200
+++ apache2/sysconfig.apache2 2008-06-25 14:38:24.000000000 +0200
@@ -112,6 +112,16 @@
# (if not set, /etc/apache2/httpd.conf is used.)
# It is unusual to need to use this setting.
#
+# Note about ulimits:
+# if you want to set ulimits, e.g. to increase the max number of open file handle,
+# or to allow core files, you can do so by editing /etc/sysconfig/apache2 and
+# simply write the ulimit commands into that file.
+# Example:
+# ulimit -n 16384
+# ulimit -H -n 16384
+# ulimit -c unlimited
+# See the output of "help ulimit" in the bash, or "man 1 ulimit".
+#
APACHE_HTTPD_CONF=""
## Type: list(prefork,worker)
@@ -252,20 +262,4 @@
#
APACHE_EXTENDED_STATUS="off"
-## Type: list(on,off)
-## Default: "off"
-## ServiceRestart: apache2
-#
-# Enable buffered logging
-#
-APACHE_BUFFERED_LOGS="off"
-
-## Type: integer
-## Default: 300
-## ServiceReload: apache2
-#
-# Timeout: The number of seconds before receives and sends time out.
-# It is a server wide setting.
-#
-APACHE_TIMEOUT="300"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org