File apache2.changes of Package apache2 (Revision 55)
Currently displaying revision 55, show latest
1
-------------------------------------------------------------------
2
Thu Dec 03 17:25:00 CET 2009 - cs@linux-administrator.com
3
4
- update to release 2.2.14
5
6
-------------------------------------------------------------------
7
Fri Nov 21 12:01:00 CET 2008 - skh@suse.de
8
9
- apache2-server-tuning.conf:
10
Enclose module-specific configuration in IfModule tags [bnc#440584]
11
12
-------------------------------------------------------------------
13
Fri Nov 14 09:40:05 CET 2008 - poeml@suse.de
14
15
- apply Dirks fix for [bnc#444878], making the packaging of per-mpm
16
modules more deterministic. They'll reliably put into the
17
subpackage or main package now, which varied in a ping-pong way
18
from build to build in the past.
19
20
-------------------------------------------------------------------
21
Wed Oct 29 18:38:17 CET 2008 - poeml@suse.de
22
23
- update year of copyright in rc.apache2
24
25
-------------------------------------------------------------------
26
Wed Oct 29 00:13:58 CET 2008 - poeml@suse.de
27
28
- update to 2.2.10:
29
SECURITY: CVE-2008-2939 (cve.mitre.org)
30
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
31
the FTP URL. Discovered by Marc Bevand of Rapid7.
32
core:
33
- Support chroot on Unix-family platforms. PR 43596
34
mod_authn_alias:
35
- Detect during startup when AuthDigestProvider is configured to
36
use an incompatible provider via AuthnProviderAlias. PR 45196
37
mod_cgid:
38
- Pass along empty command line arguments from an ISINDEX query
39
that has consecutive '+' characters in the QUERY_STRING,
40
matching the behavior of mod_cgi.
41
mod_charset_lite:
42
- Avoid dropping error responses by handling meta buckets
43
correctly. PR 45687
44
mod_dav_fs:
45
- Retrieve minimal system information about directory entries
46
when walking a DAV fs, resolving a performance degradation on
47
Windows. PR 45464.
48
mod_headers:
49
- Prevent Header edit from processing only the first header of
50
possibly multiple headers with the same name and deleting the
51
remaining ones. PR 45333.
52
mod_proxy:
53
- Allow for smax to be 0 for balancer members so that all idle
54
connections are able to be dropped should they exceed ttl. PR 43371
55
- Add 'scolonpathdelim' parameter to allow for ';' to also be
56
used as a session path separator/delim PR 45158.
57
- Add connectiontimeout parameter for proxy workers in order to
58
be able to set the timeout for connecting to the backend separately.
59
PR 45445.
60
mod_proxy_http:
61
- Don't trigger a retry by the client if a failure to
62
read the response line was the result of a timeout.
63
- Introduce environment variable proxy-initial-not-pooled to
64
avoid reusing pooled connections if the client connection is an initial
65
connection. PR 37770.
66
- Do not forward requests with 'Expect: 100-continue' to
67
known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
68
mod_proxy_balancer:
69
- Move nonce field in the balancer manager page inside
70
the html form where it belongs. PR 45578.
71
- Add 'bybusyness' load balance method.
72
mod_rewrite:
73
- Allow Cookie option to set secure and HttpOnly flags. PR 44799
74
- Preserve the query string when [proxy,noescape]. PR 45247.
75
mod_ssl:
76
- implement dynamic mutex callbacks for the benefit of OpenSSL.
77
- Rewrite shmcb to avoid memory alignment issues. PR 42101.
78
- drop obsolete patch httpd-2.2.x-CVE-2008-2939.patch
79
80
-------------------------------------------------------------------
81
Fri Oct 24 13:23:41 CEST 2008 - skh@suse.de
82
83
- apache2.firewall, apache2.ssl-firewall
84
Use unique name tags "HTTP Server" and "HTTPS Server" in for
85
SuSEFirewall2 configuration [bnc#414962]
86
87
-------------------------------------------------------------------
88
Fri Sep 19 16:18:39 CEST 2008 - skh@suse.de
89
90
- add httpd-2.x.x-logresolve.patch again [bnc#210904]
91
- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]:
92
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
93
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
94
[Ruediger Pluem]
95
96
-------------------------------------------------------------------
97
Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
98
99
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
100
- don't use fillup_insserv options which have been removed lately
101
102
-------------------------------------------------------------------
103
Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
104
105
- fix init script LSB headers
106
107
-------------------------------------------------------------------
108
Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
109
110
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
111
how to set ulimits when starting the server
112
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
113
sysconfig template. They still work but I think it is good to
114
keep this stuff out of the beginner's config, first because both
115
features are sophisticated enough to not being tweaked in most
116
cases, second because it only confuses people I guess, and makes
117
the sysconfig file larger than necessary.
118
119
-------------------------------------------------------------------
120
Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
121
122
- update to 2.2.9:
123
SECURITY: CVE-2008-2364 (cve.mitre.org)
124
mod_proxy_http: Better handling of excessive interim responses
125
from origin server to prevent potential denial of service and
126
high memory usage. Reported by Ryujiro Shibuya.
127
SECURITY: CVE-2007-6420 (cve.mitre.org)
128
mod_proxy_balancer: Prevent CSRF attacks against the
129
balancer-manager interface.
130
- htpasswd: Fix salt generation weakness. PR 31440
131
worker/event MPM:
132
- Fix race condition in pool recycling that leads to
133
segmentation faults under load. PR 44402
134
core:
135
- Fix address-in-use startup failure on some platforms caused by
136
creating an IPv4 listener which overlaps with an existing IPv6
137
listener.
138
- Add the filename of the configuration file to the warning
139
message about the useless use of AllowOverride. PR 39992.
140
- Do not allow Options ALL if not all options are allowed to be
141
overwritten. PR 44262
142
- reinstate location walk to fix config for subrequests PR 41960
143
- Fix garbled TRACE response on EBCDIC platforms.
144
- gen_test_char: add double-quote to the list of
145
T_HTTP_TOKEN_STOP. PR 9727
146
http_filters:
147
- Don't return 100-continue on redirects. PR 43711
148
- Don't return 100-continue on client error PR 43711
149
- Don't spin if get an error when reading the next chunk. PR 44381
150
- Don't add bogus duplicate Content-Language entries
151
suexec:
152
- When group is given as a numeric gid, validate it by looking up
153
the actual group name such that the name can be used in log entries.
154
PR 7862
155
mod_authn_dbd:
156
- Disambiguate and tidy database authentication error messages. PR 43210.
157
mod_cache:
158
- Handle If-Range correctly if the cached resource was stale. PR 44579
159
- Revalidate cache entities which have Cache-Control: no-cache
160
set in their response headers. PR 44511
161
mod_cgid:
162
- Explicitly set permissions of the socket (ScriptSock) shared
163
by mod_cgid and request processing threads, for OS'es such as
164
HPUX and AIX that do not use umask for AF_UNIX socket permissions.
165
- Don't try to restart the daemon if it fails to initialize the socket.
166
mod_charset_lite:
167
- Add TranslateAllMimeTypes sub-option to CharsetOptions,
168
allowing the administrator to skip the mimetype checking that
169
precedes translation.
170
mod_dav:
171
- Return "method not allowed" if the destination URI of a WebDAV
172
copy / move operation is no DAV resource. PR 44734
173
mod_headers:
174
- Add 'merge' option to avoid duplicate values within the same header.
175
mod_include:
176
- Correctly handle SSI directives split over multiple filter
177
mod_log_config:
178
- Add format options for %p so that the actual local or remote
179
port can be logged. PR 43415.
180
mod_logio:
181
- Provide optional function to allow modules to adjust the
182
bytes_in count
183
mod_proxy:
184
- Make all proxy modules nocanon aware and do not add the
185
query string again in this case. PR 44803.
186
- scoreboard: Remove unused proxy load balancer elements from scoreboard
187
image (not scoreboard memory itself).
188
- Support environment variable interpolation in reverse
189
proxying directives.
190
- Do not try a direct connection if the connection via a
191
remote proxy failed before and the request has a request body.
192
- ProxyPassReverse is now balancer aware.
193
- Lower memory consumption for short lived connections.
194
PR 44026.
195
- Keep connections to the backend persistent in the HTTPS case.
196
mod_proxy_ajp:
197
- Do not retry request in the case that we either failed to
198
sent a part of the request body or if the request is not idempotent.
199
PR 44334
200
mod_proxy_ftp:
201
- Fix base for directory listings. PR 27834
202
mod_proxy_http:
203
- Fix processing of chunked responses if Connection:
204
Transfer-Encoding is set in the response of the proxied
205
system. PR 44311
206
- Return HTTP status codes instead of apr_status_t values for
207
errors encountered while forwarding the request body PR 44165
208
mod_rewrite:
209
- Initialize hash needed by ap_register_rewrite_mapfunc early
210
enough. PR 44641
211
- Check all files used by DBM maps for freshness, mod_rewrite
212
didn't pick up on updated sdbm maps due to this. PR41190
213
- Don't canonicalise URLs with [P,NE] PR 43319
214
mod_speling:
215
- remove regression from 1.3/2.0 behavior and drop dependency
216
between mod_speling and AcceptPathInfo.
217
mod_ssl:
218
- Fix a memory leak with connections that have zlib compression
219
turned on. PR 44975
220
mod_substitute:
221
- The default is now flattening the buckets after each
222
substitution. The newly added 'q' flag allows for the quicker,
223
more efficient bucket-splitting if the user so
224
mod_unique_id:
225
- Fix timestamp value in UNIQUE_ID. PR 37064
226
ab (apache benchmark):
227
- Include <limits.h> earlier if available since we may need
228
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
229
- Improve client performance by clearing connection pool instead
230
- Don't stop sending a request if EAGAIN is returned, which
231
will only happen if both the write and subsequent wait are
232
returning EAGAIN, and count posted bytes correctly when the initial
233
write of a request is not complete. PR 10038, 38861, 39679
234
- Overhaul stats collection and reporting to avoid integer
235
truncation and time divisions within the test loop, retain
236
native time resolution until output, remove unused data,
237
consistently round milliseconds, and generally avoid losing
238
accuracy of calculation due to type casts. PR 44878, 44931.
239
- Add -r option to continue after socket receive errors.
240
- Do not try to read non existing response bodies of HEAD requests.
241
- Use a 64 bit unsigned int instead of a signed long to count the
242
rotatelogs:
243
- Log the current file size and error code/description when
244
failing to write to the log file.
245
- Added '-f' option to force rotatelogs to create the logfile as
246
soon as started, and not wait until it reads the first entry.
247
- Don't leak memory when reopening the logfile. PR 40183
248
- Improve atomicity when using -l and cleaup code. PR 44004
249
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
250
httpd-2.2.x-CVE-2008-1678.patch
251
- don't run autoreconf on SLES9
252
- remove the addition of -g to the CFLAGS, since the build service
253
handles debuginfo packages now
254
255
-------------------------------------------------------------------
256
Mon Jun 9 17:18:03 CEST 2008 - poeml@suse.de
257
258
- build service supports the debuginfo flag in metadata now; remove
259
debug_package macro from the specfile therefore.
260
261
-------------------------------------------------------------------
262
Mon May 26 16:55:37 CEST 2008 - skh@suse.de
263
264
- CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
265
Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
266
per-connection memory leak which occurs if the client indicates
267
support for a compression algorithm in the initial handshake, and
268
mod_ssl is linked against OpenSSL >= 0.9.8f. [bnc#392096]
269
httpd-2.2.x-CVE-2008-1678.patch
270
271
-------------------------------------------------------------------
272
Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
273
274
- fix build on Mandriva 2007, by escaping commented %build macro
275
- make filelist of man pages independant of the compression method
276
(gz, bz2, lzma)
277
278
-------------------------------------------------------------------
279
Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
280
281
- fix from Factory:
282
- remove dir /usr/share/omc/svcinfo.d as it is provided now
283
by filesystem
284
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
285
used since quite some time since the issue is resolved.
286
287
-------------------------------------------------------------------
288
Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
289
290
- new implementation of sysconf_addword, using sed instead of ed.
291
Moving it from the -utils subpackage into the parent package,
292
where it's actually needed. If sysconf_addword is already present
293
in the system, it is preferred (by PATH). That's because the tool
294
has been integrated into aaa_base.rpm with openSUSE 11.0.
295
Removing the requires on the ed package. [bnc#377131]
296
297
-------------------------------------------------------------------
298
Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
299
300
- require ed package, since ed is needed by sysconf_addword, which
301
in turn is used by a2enmod/a2enflag
302
303
-------------------------------------------------------------------
304
Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
305
306
- better documentation how to enable SSL in /etc/sysconfig/apache2
307
- quickstart readme: the link to the openSUSE wiki is about to move
308
309
-------------------------------------------------------------------
310
Tue Feb 19 13:14:45 CET 2008 - poeml@suse.de
311
312
- add "127.0.0.1" to the local access list in mod_status.conf,
313
because on some systems "localhost" seems to resolve only to IPv6
314
localhost
315
316
-------------------------------------------------------------------
317
Sat Feb 2 05:37:34 CET 2008 - crrodriguez@suse.de
318
319
- upstream 2.2.8
320
SECURITY: CVE-2007-6421 (cve.mitre.org)
321
mod_proxy_balancer: Correctly escape the worker route and the worker
322
redirect string in the HTML output of the balancer manager.
323
Reported by SecurityReason.
324
SECURITY: CVE-2007-6422 (cve.mitre.org)
325
Prevent crash in balancer manager if invalid balancer name is passed
326
as parameter. Reported by SecurityReason.
327
SECURITY: CVE-2007-6388 (cve.mitre.org)
328
mod_status: Ensure refresh parameter is numeric to prevent
329
a possible XSS attack caused by redirecting to other URLs.
330
Reported by SecurityReason.
331
SECURITY: CVE-2007-5000 (cve.mitre.org)
332
mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.
333
SECURITY: CVE-2008-0005 (cve.mitre.org)
334
Introduce the ProxyFtpDirCharset directive, allowing the administrator
335
to identify a default, or specific servers or paths which list their
336
contents in other-than ISO-8859-1 charset (e.g. utf-8).
337
mod_autoindex:
338
- Generate valid XHTML output by adding the xhtml namespace. PR 43649
339
mod_charset_lite:
340
- Don't crash when the request has no associated filename.
341
mod_dav:
342
- Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034
343
- Adjust etag generation to produce identical results on 32-bit
344
and 64-bit platforms and avoid a regression with conditional PUT's on lock
345
and etag. PR 44152.
346
mod_deflate:
347
- initialise inflate-out filter correctly when the first brigade
348
contains no data buckets. PR 43512
349
mod_disk_cache:
350
- Delete temporary files if they cannot be renamed to their final
351
name.
352
mod_filter:
353
- Don't segfault on (unsupported) chained FilterProvider usage. PR 43956
354
mod_include:
355
- Add an "if" directive syntax to test whether an URL is
356
accessible, and if so, conditionally display content. This
357
allows a webmaster to hide a link to a private page when the
358
user has no access to that page.
359
mod_ldap:
360
- Try to establish a new backend LDAP connection when the
361
Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
362
after the LDAP server has closed the connection due to a
363
timeout. PR 39095
364
- Give callers a reference to data copied into the request pool
365
instead of references directly into the cache PR 43786
366
- Stop passing a reference to pconf around for (limited) use
367
during request processing, avoiding possible memory corruption
368
and crashes.
369
mod_proxy:
370
- Canonicalisation improvements. Add "nocanon" keyword to
371
ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
372
don't escape/unescape forward-proxied URLs. PR 41798, 42592
373
- Don't by default violate RFC2616 by setting Max-Forwards when
374
the client didn't send it to us. Leave that as a
375
configuration option. PR 16137
376
- Fix persistent backend connections. PR 43472
377
- escape error-notes correctly PR 40952
378
- check ProxyBlock for all blocked addresses PR 36987
379
- Don't lose bytes when a response line arrives in small chunks.
380
PR 40894
381
mod_proxy_ajp:
382
- Use 64K as maximum AJP packet size. This is the maximum length
383
we can squeeze inside the AJP message packet.
384
- Ignore any ajp13 flush packets received before we send the
385
response headers. See Tomcat PR 43478.
386
- Differentiate within AJP between GET and HEAD requests. PR 43060
387
mod_proxy_balancer:
388
- Do not reset lbstatus, lbfactor and lbset when starting a new
389
child. PR 39907
390
mod_proxy_http:
391
- Remove Warning headers with wrong date PR 16138
392
- Correctly parse all Connection headers in proxy. PR 43509
393
- add Via header correctly (if enabled) to response, even where
394
other Via headers exist. PR 19439
395
- Correctly forward unexpected interim (HTTP 1xx) responses from
396
the backend according to RFC2616. But make it configurable in
397
case something breaks on it. PR 16518
398
- strip hop-by-hop response headers PR 43455
399
- Propagate Proxy-Authorization header correctly. PR 25947
400
- Don't segfault on bad line in FTP listing PR 40733
401
mod_rewrite:
402
- Add option to suppress URL unescaping PR 34602
403
- Add the novary flag to RewriteCond.
404
mod_substitute:
405
- Added a new output filter, which performs inline response
406
content pattern matching (including regex) and substitution.
407
mod_ssl:
408
- Fix handling of the buffered request body during a per-location
409
renegotiation, when an internal redirect occurs. PR 43738.
410
- Fix SSL client certificate extensions parsing bug. PR 44073.
411
- Prevent memory corruption of version string. PR 43865, 43334
412
mod_status:
413
- Add SeeRequestTail directive, which determines if
414
ExtendedStatus displays the 1st 63 characters of the request
415
or the last 63. Useful for those requests with large string
416
lengths and which only vary with the last several characters.
417
event MPM:
418
- Add support for running under mod_ssl, by reverting to the
419
Worker MPM behaviors, when run under an input filter that buffers
420
its own data.
421
core:
422
- Fix regression in 2.2.7 in chunk filtering with massively
423
chunked requests.
424
- Lower memory consumption of ap_r* functions by reusing the
425
brigade instead of recreating it during each filter pass.
426
- Lower memory consumption in case that flush buckets are passed
427
thru the chunk filter as last bucket of a brigade. PR 23567.
428
- Fix broken chunk filtering that causes all non blocking reads
429
to be converted into blocking reads. PR 19954, 41056.
430
- Change etag generation to produce identical results on 32-bit
431
and 64-bit platforms. PR 40064.
432
- Handle unrecognised transfer-encodings. PR 43882
433
- Avoid some unexpected connection closes by telling the client
434
that the connection is not persistent if the MPM process
435
handling the request is already exiting when the response
436
header is built.
437
- fix possible crash at startup in case of nonexistent
438
DocumentRoot. PR 39722
439
- http_core: OPTIONS * no longer maps to local storage or URI
440
space. Note that unlike previous versions, OPTIONS * no longer
441
returns an Allow: header. PR 43519
442
- scoreboard: improve error message on apr_shm_create failure PR
443
40037
444
- Don't send spurious "100 Continue" response lines. PR 38014
445
- http_protocol:
446
- Escape request method in 413 error reporting. Determined to
447
be not generally exploitable, but a flaw in any case. PR
448
44014
449
- Add "DefaultType none" option. PR 13986 and PR 16139
450
- Escape request method in 405 error reporting. This has no
451
security impact since the browser cannot be tricked into
452
sending arbitrary method strings.
453
- Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
454
- Add explicit charset to the output of various modules to work
455
around possible cross-site scripting flaws affecting web
456
browsers that do not derive the response character set as
457
required by RFC2616. One of these reported by SecurityReason
458
- rotatelogs: Change command-line parsing to report more types
459
of errors. Allow local timestamps to be used when rotating based
460
on file size.
461
462
-------------------------------------------------------------------
463
Wed Sep 12 20:11:37 CEST 2007 - poeml@suse.de
464
465
- fix graceful-restart. Wait until the pidfile is gone, but don't
466
wait for the parent to disappear. It stays there, after closing
467
the listen ports.
468
469
-------------------------------------------------------------------
470
Wed Sep 12 15:49:15 CEST 2007 - poeml@suse.de
471
472
- use debug_package macro only on suse, because it breaks the build
473
on Mandriva
474
475
-------------------------------------------------------------------
476
Wed Sep 12 13:41:16 CEST 2007 - poeml@suse.de
477
478
- don't configure in maintainer-mode. It not only enables compile
479
time warnings, but also adds AP_DEBUG into the mix which causes
480
enablement of debug code which is not wanted in production
481
builds.
482
483
-------------------------------------------------------------------
484
Mon Sep 10 17:32:56 CEST 2007 - poeml@suse.de
485
486
- upstream 2.2.6
487
SECURITY: CVE-2007-3847 (cve.mitre.org)
488
mod_proxy: Prevent reading past the end of a buffer when parsing
489
date-related headers. PR 41144.
490
SECURITY: CVE-2007-1863 (cve.mitre.org)
491
mod_cache: Prevent a segmentation fault if attributes are listed in a
492
Cache-Control header without any value.
493
SECURITY: CVE-2007-3304 (cve.mitre.org)
494
prefork, worker, event MPMs: Ensure that the parent process cannot
495
be forced to kill processes outside its process group.
496
SECURITY: CVE-2006-5752 (cve.mitre.org)
497
mod_status: Fix a possible XSS attack against a site with a public
498
server-status page and ExtendedStatus enabled, for browsers which
499
perform charset "detection". Reported by Stefan Esser.
500
SECURITY: CVE-2007-1862 (cve.mitre.org)
501
mod_mem_cache: Copy headers into longer lived storage; header names and
502
values could previously point to cleaned up storage. PR 41551.
503
mod_alias:
504
- Accept path components (URL part) in Redirects. PR 35314.
505
mod_authnz_ldap:
506
- Don't return HTTP_UNAUTHORIZED during authorization when
507
LDAP authentication is configured but we haven't seen any
508
'Require ldap-*' directives, allowing authorization to be passed to lower
509
level modules (e.g. Require valid-user) PR 43281
510
mod_autoindex:
511
- Add in Type and Charset options to IndexOptions
512
directive. This allows the admin to explicitly set the
513
content-type and charset of the generated page and is therefore
514
a viable workaround for buggy browsers affected by CVE-2007-4465
515
mod_cache:
516
- Remove expired content from cache that cannot be revalidated.
517
PR 30370.
518
- Do not set Date or Expires when they are missing from the
519
original response or are invalid.
520
- Correctly handle HEAD requests on expired cache content. PR
521
41230.
522
- Let Cache-Control max-age set the expiration of the cached
523
representation if Expires is not set.
524
- Allow caching of requests with query arguments when
525
Cache-Control max-age is explicitly specified.
526
- Use the same cache key throughout the whole request processing
527
to handle escaped URLs correctly. PR 41475.
528
- Add CacheIgnoreQueryString directive. PR 41484.
529
- While serving a cached entity ensure that filters that have
530
been applied to this cached entity before saving it to the
531
cache are not applied again. PR 40090.
532
- Correctly cache objects whose URL query string has been
533
modified by mod_rewrite. PR 40805.
534
mod_cgi, mod_cgid:
535
- Fix use of CGI scripts as ErrorDocuments. PR 39710.
536
mod_dbd:
537
- Introduce configuration groups to allow inheritance by virtual
538
hosts of database configurations from the main server.
539
Determine the minimal set of distinct configurations and share
540
connection pools whenever possible. Allow virtual hosts to
541
override inherited SQL statements. PR 41302.
542
- Create memory sub-pools for each DB connection and close DB
543
connections in a pool cleanup function. Ensure prepared
544
statements are destroyed before DB connection is closed. When
545
using reslists, prevent segfaults when child processes exit,
546
and stop memory leakage of ap_dbd_t structures. Avoid use of
547
global s->process->pool, which isn't destroyed by exiting
548
child processes in most multi-process MPMs. PR 39985.
549
- Handle error conditions in dbd_construct() properly. Simplify
550
ap_dbd_open() and use correct arguments to apr_dbd_error()
551
when non-threaded. Register correct cleanup data in
552
non-threaded ap_dbd_acquire() and ap_dbd_cacquire(). Clean up
553
configuration data and merge function. Use ap_log_error()
554
wherever possible.
555
- Stash DBD connections in request_config of initial request
556
only, or else sub-requests and internal redirections may cause
557
entire DBD pool to be stashed in a single HTTP request.
558
mod_deflate:
559
- don't try to process metadata buckets as data. what should
560
have been a 413 error was logged as a 500 and a blank screen
561
appeared at the browser.
562
- fix protocol handling in deflate input filter PR 23287
563
mod_disk_cache:
564
- Allow Vary'd responses to be refreshed properly.
565
mod_dumpio:
566
- Fix for correct dumping of traffic on EBCDIC hosts Data had
567
been incorrectly converted twice, resulting in garbled log
568
output.
569
mod_expires:
570
- don't crash on bad configuration data PR 43213
571
mod_filter:
572
- fix integer comparisons in dispatch rules PR 41835
573
- fix merging of ! and = in FilterChain PR 42186
574
mod_headers:
575
- Allow % at the end of a Header value. PR 36609.
576
mod_info:
577
- mod_info outputs invalid XHTML 1.0 transitional. PR 42847
578
mod_ldap:
579
- Avoid possible crashes, hangs, and busy loops due to improper
580
merging of the cache lock in vhost config PR 43164
581
mod_ldap:
582
- Remove the hardcoded size limit parameter for
583
ldap_search_ext_s and replace it with an APR_ defined value
584
that is set according to the LDAP SDK being used.
585
mod_mem_cache:
586
- Increase the minimum and default value for MCacheMinObjectSize
587
from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
588
and leads to a division by zero. PR 40576.
589
mod_negotiation:
590
- preserve Query String in resolving a type map PR 33112
591
mod_proxy:
592
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
593
synonymous. PR 43183
594
- Ensure that at least scheme://hostname[:port] matches between
595
worker and URL when searching for the best fitting worker for
596
a given URL. PR 40910
597
- Improve network performance by setting APR_TCP_NODELAY
598
(disable Nagle algorithm) on sockets if implemented. PR 42871
599
- Add a missing assignment in an error checking code path. PR 40865
600
- don't URLencode tilde in path component PR 38448
601
- enable Ignore Errors option on ProxyPass Status. PR 43167
602
- Allow to use different values for sessionid in url encoded id
603
and cookies. PR 41897.
604
- Fix the 503 returned when session route does not match any of
605
the balancer members.
606
- Added ProxyPassMatch directive, which is similar to ProxyPass
607
but takes a regex local path prefix.
608
- Print the correct error message for erroneous configured
609
ProxyPass directives. PR 40439.
610
- Fix some proxy setting inheritance problems (eg:
611
ProxyTimeout). PR 11540.
612
- proxy/ajp_header.c: Fixed header token string comparisons
613
Matching of header tokens failed to include the trailing NIL
614
byte and could misinterpret a longer header token for a
615
shorter. Additionally, a "Content-Type" comparison was made
616
case insensitive.
617
- proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
618
On EBCDIC machines, the status_line string was incorrectly
619
converted twice.
620
mod_proxy_connect:
621
- avoid segfault on DNS lookup failure. PR 40756
622
mod_proxy_http:
623
- HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
624
alone. Only processing of error responses (4xx, 5xx) will be
625
altered. PR 39245.
626
- Don't try to read body of a HEAD request before responding. PR 41644
627
- Handle request bodies larger than 2 GB by converting the
628
Content-Length header of the request correctly. PR 40883.
629
mod_ssl:
630
- Fix spurious hostname mismatch warning for valid wildcard
631
certificates. PR 37911.
632
- Version reporting update; displays 'compiled against' Apache
633
and build-time SSL Library versions at loglevel [info], while
634
reporting the run-time SSL Library version in the server info
635
tags. Helps to identify a mod_ssl built against one flavor of
636
OpenSSL but running against another (also adds SSL-C version
637
number reporting.)
638
- initialize thread locks before initializing the hardware
639
acceleration library, so the latter can make use of the
640
former. PR 20951.
641
core:
642
- Do not replace a Date header set by a proxied backend server. PR 40232
643
- log core: ensure we use a special pool for stderr logging, so that
644
the stderr channel remains valid from the time plog is destroyed,
645
until the time the open_logs hook is called again.
646
- main core: Emit errors during the initial apr_app_initialize()
647
or apr_pool_create() (when apr-based error reporting is not ready).
648
- log core: fix the new piped logger case where we couldn't connect
649
the replacement stderr logger's stderr to the NULL stdout stream.
650
Continue in this case, since the previous alternative of no error
651
logging at all (/dev/null) is far worse.
652
- Correct a regression since 2.0.x in the handling of AllowOverride
653
Options. PR 41829.
654
- Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
655
can work after that terminating signal.
656
- mod_so: Provide more helpful LoadModule feedback when an error occurs.
657
misc:
658
- mime.types: Many updates to sync with IANA registry and common
659
unregistered types that the owners refuse to register. Admins
660
are encouraged to update their installed mime.types file. PR:
661
35550, 37798, 39317, 31483
662
- mime.types: add Registered Javascript/ECMAScript MIME types
663
(RFC4329) PR 40299
664
- htdbm: Enable crypt support on platforms with crypt() but not
665
<crypt.h>, such as z/OS.
666
- ab.c: Correct behavior of HTTP request headers sent by ab in
667
presence of -H command-line overrides. PR 31268, 26554.
668
- ab.c: The apr_port_t type is unsigned, but ab was using a
669
signed format code in its reports. PR 42070.
670
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
671
apache2-mod_status-CVE-2006-5752.patch
672
httpd-2.2.4-mod_autoindex-charset-r570962.patch
673
mod_dbd.c-issue18989-autoconnect.dif
674
mod_dbd.c-r571441
675
676
-------------------------------------------------------------------
677
Mon Sep 3 13:43:22 CEST 2007 - skh@suse.de
678
679
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
680
681
-------------------------------------------------------------------
682
Sat Sep 1 01:49:37 CEST 2007 - poeml@suse.de
683
684
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
685
686
-------------------------------------------------------------------
687
Fri Aug 31 14:21:27 CEST 2007 - poeml@suse.de
688
689
- update mod_dbd to trunk version (r571441)
690
* apr_dbd_check_conn() just returns APR_SUCCESS or
691
APR_EGENERAL, so we don't actually have a driver-specific value
692
to pass to apr_dbd_error(), but that's OK because most/all
693
drivers just ignore this value anyway
694
695
-------------------------------------------------------------------
696
Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de
697
698
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
699
solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
700
(backport from 2.2.6)
701
* Merge r570532, r570535, r570558 from trunk:
702
IndexOptions ContentType=text/html Charset=UTF-8 magic.
703
http://svn.apache.org/viewvc?rev=570962&view=rev
704
http://issues.apache.org/bugzilla/show_bug.cgi?id=42105
705
This means that the AddDirectoryIndexCharset is no longer
706
available. Instead, IndexOptions Charset=xyz can be used.
707
708
-------------------------------------------------------------------
709
Fri Aug 31 11:42:58 CEST 2007 - poeml@suse.de
710
711
- remove libexpat-devel in the build service version of the package
712
- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the
713
buildservice package
714
- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it
715
patches only modules/database/mod_dbd.c which is replaced with
716
trunk version anyway
717
718
-------------------------------------------------------------------
719
Thu Aug 23 11:27:19 CEST 2007 - mskibbe@suse.de
720
721
- Bug 289996 - VUL-0: mod_status XSS in public server status page
722
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
723
724
-------------------------------------------------------------------
725
Wed Jul 18 16:04:05 CEST 2007 - skh@suse.de
726
727
- split off apache2-utils subpackage, containing all helper tools that
728
are useful for system administrators in general (b.n.c. #272292 and
729
FATE #302059)
730
731
-------------------------------------------------------------------
732
Thu Mar 29 19:14:16 CEST 2007 - dmueller@suse.de
733
734
- add zlib-devel to BuildRequires
735
736
-------------------------------------------------------------------
737
Fri Mar 23 08:55:47 CET 2007 - poeml@suse.de
738
739
- add mod_dbd.c from trunk (r512038), the version we run ourselves
740
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?view=log
741
- add mod_dbd.c-issue18989-autoconnect.dif, but disabled. It
742
applies to 2.2.4 mod_dbd.c but not to the trunk version
743
- build mod_version
744
- fix documentation link in apache2-httpd.conf
745
746
-------------------------------------------------------------------
747
Tue Mar 20 10:47:18 CET 2007 - mskibbe@suse.de
748
749
- add firewall file for ssl (#246929)
750
751
-------------------------------------------------------------------
752
Mon Mar 19 12:44:22 CET 2007 - mskibbe@suse.de
753
754
- Apache - Support for FATE #300687: Ports for SuSEfirewall added
755
via packages (#246929)
756
757
-------------------------------------------------------------------
758
Fri Jan 26 12:44:04 CET 2007 - poeml@suse.de
759
760
- the QUICKSTART Readmes have been moved to
761
http://www.opensuse.org/Apache
762
763
-------------------------------------------------------------------
764
Mon Jan 22 11:24:32 CET 2007 - poeml@suse.de
765
766
- point out better in README.QUICKSTART.SSL that a vhost needs to
767
be created
768
- fixes to README.QUICKSTART.WebDAV
769
- updated email addresses (now there is apache@suse.de)
770
771
-------------------------------------------------------------------
772
Sat Jan 20 17:16:20 CET 2007 - poeml@suse.de
773
774
- add httpd-2.2.x.doublefree.patch, backport of
775
http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
776
See http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
777
778
-------------------------------------------------------------------
779
Thu Jan 18 22:00:48 CET 2007 - poeml@suse.de
780
781
- create debuginfo package in the buildservice
782
783
-------------------------------------------------------------------
784
Fri Jan 12 14:25:51 CET 2007 - mskibbe@suse.de
785
786
- change path to service cml document (fate #301708)
787
788
-------------------------------------------------------------------
789
Tue Jan 9 15:59:42 CET 2007 - poeml@suse.de
790
791
- upstream 2.2.4
792
mod_authnz_ldap:
793
- Add an AuthLDAPRemoteUserAttribute directive. If set,
794
REMOTE_USER will be set to this attribute, rather than the
795
username supplied by the user. Useful for example when you
796
want users to log in using an email address, but need to
797
supply a userid instead to the backend.
798
mod_cache:
799
- From RFC3986 (section 6.2.3.) if a URI contains an authority
800
component and an empty path, the empty path is to be
801
equivalent to "/". It explicitly cites the following four URIs
802
as equivalents:
803
http://example.com
804
http://example.com/
805
http://example.com:/
806
http://example.com:80/
807
- Eliminate a bogus error in the log when a filter returns
808
AP_FILTER_ERROR.
809
- Don't cache requests with a expires date in the past;
810
otherwise mod_cache will always try to cache the URL. This bug
811
might lead to numerous rename() errors on win32 if the URL was
812
previously cached.
813
mod_cgi and mod_cgid:
814
- Don't use apr_status_t error return from input filters as HTTP
815
return value from the handler. PR 31579.
816
mod_dbd:
817
- share per-request database handles across subrequests and
818
internal redirects
819
- key connection pools to virtual hosts correctly even when
820
ServerName is unset/unavailable
821
mod_deflate:
822
- Rework inflate output and deflate output filter to fix several
823
issues: Incorrect handling of flush buckets, potential memory
824
leaks, excessive memory usage in inflate output filter for
825
large compressed content. PR 39854.
826
mod_disk_cache:
827
- Make sure that only positive integers are accepted for the
828
CacheMaxFileSize and CacheMinFileSize parameters in the config
829
file. PR39380.
830
mod_dumpio:
831
- Allow mod_dumpio to log at other than DEBUG levels via the new
832
DumpIOLogLevel directive.
833
mod_echo:
834
- Fix precedence problem in if statement. PR 40658.
835
mod_ext_filter:
836
- Handle filter names which include capital letters. PR 40323.
837
mod_headers:
838
- Support regexp-based editing of HTTP headers.
839
mod_mime_magic:
840
- Fix precedence problem in if statement. PR 40656.
841
mod_mem_cache:
842
- Memory leak fix: Unconditionally free the buffer.
843
- Convert mod_mem_cache to use APR memory pool functions by
844
creating a root pool for object persistence across requests.
845
This also eliminates the need for custom serialization code.
846
mod_proxy:
847
- Don't try to use dead backend connection. PR 37770.
848
- Add explicit flushing feature. When Servlet container sends
849
AJP body message with size 0, this means that Servlet
850
container has asked for an explicit flush. Create flush bucket
851
in that case. This feature has been added to the recent Tomcat
852
versions without breaking the AJP protocol.
853
mod_proxy_ajp:
854
- Close connection to backend if reading of request body fails.
855
PR 40310.
856
- Added cping/cpong support for the AJP protocol. A new worker
857
directive ping=timeout will cause CPING packet to be send
858
expecting CPONG packet within defined timeout. In case the
859
backend is too busy this will fail instead sending the full
860
header.
861
mod_proxy_balancer:
862
- Workers can now be defined as part of a balancer cluster "set"
863
in which members of a lower-numbered set are preferred over
864
higher numbered ones.
865
- Workers can now be defined as "hot standby" which will only be
866
used if all other workers are unusable (eg: in error or
867
disabled). Also, the balancer-manager displays the election
868
count and I/O counts of all workers.
869
- Retry worker chosen by route / redirect worker if it is in
870
error state before sending "Service Temporarily Unavailable".
871
PR 38962.
872
- Extract stickysession routing information contained as
873
parameter in the URL correctly. PR 40400.
874
- Set the new environment variable BALANCER_ROUTE_CHANGED if a
875
worker with a route different from the one supplied by the
876
client had been chosen or if the client supplied no routing
877
information for a balancer with sticky sessions.
878
- Add information about the route, the sticky session and the
879
worker used during a request as environment variables. PR
880
39806.
881
core:
882
- Fix issue which could cause piped loggers to be orphaned and
883
never terminate after a graceful restart. PR 40651.
884
- Fix address-in-use startup failure caused by corruption of the
885
list of listen sockets in some configurations with multiple
886
generic Listen directives.
887
- Fix NONBLOCK status of listening sockets on restart/graceful
888
PR 37680.
889
- Deal with the widespread use of apr_status_t return values as
890
HTTP status codes, as documented in PR#31759 (a bug shared by
891
the default handler, mod_cgi, mod_cgid, mod_proxy, and
892
probably others). PR31759.
893
- The full server version information is now included in the
894
error log at startup as well as server status reports,
895
irrespective of the setting of the ServerTokens directive.
896
ap_get_server_version() is now deprecated, and is replaced by
897
ap_get_server_banner() and ap_get_server_description().
898
misc:
899
- Allow htcacheclean, httxt2dbm, and fcgistarter to link
900
apr/apr-util statically like the older support programs.
901
- Better detection and clean up of ldap connection that has been
902
terminated by the ldap server. PR 40878.
903
- rotatelogs: Improve error message for open failures. PR
904
39487.
905
906
-------------------------------------------------------------------
907
Mon Jan 8 11:57:04 CET 2007 - mskibbe@suse.de
908
909
- Apache XML Service Description Document (fate #301708)
910
911
-------------------------------------------------------------------
912
Thu Dec 21 10:36:14 CET 2006 - poeml@suse.de
913
914
- add patch to add charset=utf-8 to directory listings generated by
915
mod_autoindex, and add a directive to allow overriding the
916
charset (testing, needs to be discussed with upstream) [#153557]
917
httpd-2.2.3-AddDirectoryIndexCharset.patch
918
919
-------------------------------------------------------------------
920
Wed Dec 20 15:58:35 CET 2006 - poeml@suse.de
921
922
- set a proper HOME (/var/lib/apache2), otherwise the server might
923
end up HOME=/root and some script might try to use that [#132769]
924
- add two notes to the QUICKSTART readmes
925
- don't install /etc/apache2/extra configuration since this is only
926
serving as an example and installed with the documentation anyway
927
928
-------------------------------------------------------------------
929
Tue Sep 26 11:13:52 CEST 2006 - poeml@suse.de
930
931
- add rpm macro for suexec_safepath
932
- use _bindir/_sbindir in a few places [#202355]
933
- remove unused /sbin/conf.d directory from build root
934
935
-------------------------------------------------------------------
936
Thu Aug 31 15:26:54 CEST 2006 - poeml@suse.de
937
938
- Enable fatal exception hook for use by diagnostic modules.
939
940
-------------------------------------------------------------------
941
Tue Aug 29 16:33:59 CEST 2006 - poeml@suse.de
942
943
- move some binaries, where calling by users makes sense (dbmmanage
944
htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133]
945
946
-------------------------------------------------------------------
947
Wed Aug 9 16:13:07 CEST 2006 - poeml@suse.de
948
949
- upstream 2.2.3
950
|SECURITY: CVE-2006-3747 (cve.mitre.org)
951
| mod_rewrite: Fix an off-by-one security problem in the ldap scheme
952
| handling. For some RewriteRules this could lead to a pointer being
953
| written out of bounds. Reported by Mark Dowd of McAfee.
954
| mod_authn_alias: Add a check to make sure that the base provider and the
955
| alias names are different and also that the alias has not been registered
956
| before. PR 40051.
957
| mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
958
| client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
959
| mod_autoindex: Fix filename escaping with FancyIndexing disabled.
960
| PR 38910.
961
| mod_cache:
962
| - Make caching of reverse SSL proxies possible again. PR 39593.
963
| - Do not overwrite the Content-Type in the cache, for
964
| successfully revalidated cached objects. PR 39647.
965
| mod_charset_lite: Bypass translation when the source and dest charsets
966
| are the same.
967
| mod_dbd: Fix dependence on virtualhost configuration in
968
| defining prepared statements (possible segfault at startup
969
| in user modules such as mod_authn_dbd).
970
| mod_mem_cache: Set content type correctly when delivering data from
971
| cache. PR 39266.
972
| mod_speling: Add directive to deal with case corrections only
973
| and ignore other misspellings
974
| miscellaneous:
975
| - Add optional 'scheme://' prefix to ServerName directive,
976
| allowing correct determination of the canonical server URL
977
| for use behind a proxy or offload device handling SSL;
978
| fixing redirect generation in those cases. PR 33398.
979
| - Added server_scheme field to server_rec for above. Minor MMN bump.
980
| - Worker MPM: On graceless shutdown or restart, send signals
981
| to each worker thread to wake them up if they're polling on
982
| a Keep-Alive connection. PR 38737.
983
| - worker and event MPMs: fix excessive forking if fork() or
984
| child_init take a long time. PR 39275.
985
| - Respect GracefulShutdownTimeout in the worker and event MPMs.
986
| - configure: Add "--with-included-apr" flag to force use of
987
| the bundled version of APR at build time.
988
989
-------------------------------------------------------------------
990
Tue Jul 4 12:20:54 CEST 2006 - poeml@suse.de
991
992
- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is
993
found
994
995
-------------------------------------------------------------------
996
Fri Jun 23 09:52:17 CEST 2006 - poeml@suse.de
997
998
- fix typo in apache-20-22-upgrade script: mod_image_map ->
999
mod_imagemap
1000
1001
-------------------------------------------------------------------
1002
Mon Jun 12 11:28:59 CEST 2006 - poeml@suse.de
1003
1004
- enable logresolve processing of lines longer than 1024 characters
1005
by compiling with MAXLINE=4096 [#162806]
1006
1007
-------------------------------------------------------------------
1008
Fri Jun 9 23:11:45 CEST 2006 - poeml@suse.de
1009
1010
- upstream 2.2.2
1011
| SECURITY: CVE-2005-3357 (cve.mitre.org)
1012
| mod_ssl: Fix a possible crash during access control checks
1013
| if a non-SSL request is processed for an SSL vhost (such as
1014
| the "HTTP request received on SSL port" error message when
1015
| an 400 ErrorDocument is configured, or if using "SSLEngine
1016
| optional"). PR 37791.
1017
| SECURITY: CVE-2005-3352 (cve.mitre.org)
1018
| mod_imagemap: Escape untrusted referer header before
1019
| outputting in HTML to avoid potential cross-site scripting.
1020
| Change also made to ap_escape_html so we escape quotes.
1021
| Reported by JPCERT.
1022
| mod_cache:
1023
| - Make caching of reverse proxies possible again. PR 38017.
1024
| mod_disk_cache:
1025
| - Return the correct error codes from bucket read failures,
1026
| instead of APR_EGENERAL.
1027
| mod_dbd:
1028
| - Update defaults, improve error reporting.
1029
| - Create own pool and mutex to avoid problem use of process
1030
| pool in request processing.
1031
| mod_deflate:
1032
| - work correctly in an internal redirect
1033
| mod_proxy:
1034
| - don't reuse a connection that may be to the wrong backend PR 39253
1035
| - Do not release connections from connection pool twice. PR 38793.
1036
| - Fix KeepAlives not being allowed and set to backend servers. PR 38602.
1037
| - Fix incorrect usage of local and shared worker init. PR 38403.
1038
| - If we get an error reading the upstream response, close the
1039
| connection.
1040
| mod_proxy_balancer:
1041
| - Initialize members of a balancer correctly. PR 38227.
1042
| mod_proxy_ajp:
1043
| - Flushing of the output after each AJP chunk is now
1044
| configurable at runtime via the 'flushpackets' and 'flushwait'
1045
| worker params. Minor MMN bump.
1046
| - Crosscheck the length of the body chunk with the length of the
1047
| ajp message to prevent mod_proxy_ajp from reading beyond the
1048
| buffer boundaries and thus revealing possibly sensitive memory
1049
| contents to the client.
1050
| - Support common headers of the AJP protocol in responses. PR 38340.
1051
| mod_proxy_http:
1052
| - Do send keep-alive header if the client sent connection:
1053
| keep-alive and do not close backend connection if the client
1054
| sent connection: close. PR 38524.
1055
| mod_proxy_balancer:
1056
| - Do not overwrite the status of initialized workers and respect
1057
| the configured status of uninitilized workers when creating a
1058
| new child process.
1059
| - Fix off-by-one error in proxy_balancer. PR 37753.
1060
| mod_speling:
1061
| - Stop crashing with certain non-file requests.
1062
| mod_ssl:
1063
| - Fix possible crashes in shmcb with gcc 4 on platforms
1064
| requiring word-aligned pointers. PR 38838.
1065
| miscellaneous:
1066
| - core: Prevent reading uninitialized memory while reading a line of
1067
| protocol input. PR 39282.
1068
| - core: Reject invalid Expect header immediately. PR 38123.
1069
| - Default handler: Don't return output filter apr_status_t values.
1070
| PR 31759.
1071
| - Add APR/APR-Util Compiled and Runtime Version numbers to the
1072
| output of 'httpd -V'.
1073
| - http: If a connection is aborted while waiting for a chunked line,
1074
| flag the connection as errored out.
1075
| - Don't hang on error return from post_read_request. PR 37790.
1076
| - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
1077
| - Fix recursive ErrorDocument handling. PR 36090.
1078
| - Ensure that the proper status line is written to the client, fixing
1079
| incorrect status lines caused by filters which modify r->status without
1080
| resetting r->status_line, such as the built-in byterange filter.
1081
| - HTML-escape the Expect error message. Not classed as security as
1082
| an attacker has no way to influence the Expect header a victim will
1083
| send to a target site.
1084
| - Chunk filter: Fix chunk filter to create correct chunks in the case that
1085
| a flush bucket is surrounded by data buckets.
1086
| - Avoid Server-driven negotiation when a script has emitted an
1087
| explicit Status: header. PR 38070.
1088
| - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
1089
| - htdbm: Warn the user when adding a plaintext password on a platform
1090
| where it wouldn't work with the server (i.e., anywhere that has
1091
| crypt()).
1092
- adapted httpd-2.1.3alpha-autoconf-2.59.dif
1093
- other user visible changes:
1094
* use a2enmod, a2enflag in apache2-README.QUICKSTART.*
1095
* add README.QUICKSTART link to httpd.conf
1096
- when installing/updating, avoid irritating message in
1097
/var/log/messages ("group is unknown - group=wwwadmin") [#183071]
1098
- build system changes:
1099
* clean up old cruft tight to suse_version macros
1100
* don't run buildconf, and thus don't need python.
1101
* don't ship uid.conf as source file, but create it dynamically
1102
instead, according to user/group defined via rpm macro
1103
* create wwwrun:www user on non-SUSE builds
1104
* work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
1105
* add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
1106
* make sure that the rpm macro sles_version is defined
1107
* remove obsolete VENDOR UnitedLinux macro
1108
1109
-------------------------------------------------------------------
1110
Tue Apr 25 18:10:28 CEST 2006 - poeml@suse.de
1111
1112
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
1113
except SLES9 and old SL releases)
1114
1115
-------------------------------------------------------------------
1116
Wed Mar 29 11:54:00 CEST 2006 - poeml@suse.de
1117
1118
- remove php4 from default modules [#155333]
1119
- fix comment in /etc/init.d/apache2 [#148559]
1120
1121
-------------------------------------------------------------------
1122
Mon Feb 20 13:49:07 CET 2006 - poeml@suse.de
1123
1124
- fixed comment in init script which indicated wrong version [#148559]
1125
1126
-------------------------------------------------------------------
1127
Mon Jan 30 12:41:20 CET 2006 - poeml@suse.de
1128
1129
- added Requires: libapr-util1-devel to apache2-devel package [#146496]
1130
1131
-------------------------------------------------------------------
1132
Fri Jan 27 15:10:15 CET 2006 - poeml@suse.de
1133
1134
- add a note about NameVirtualHost statements to the vhost template
1135
files [#145000]
1136
1137
-------------------------------------------------------------------
1138
Wed Jan 25 21:34:16 CET 2006 - mls@suse.de
1139
1140
- converted neededforbuild to BuildRequires
1141
1142
-------------------------------------------------------------------
1143
Fri Jan 20 13:20:04 CET 2006 - poeml@suse.de
1144
1145
- cleanup: remove obsolete metuxmpm patch
1146
- improve informational text in apache-20-22-upgrade
1147
1148
-------------------------------------------------------------------
1149
Wed Jan 18 10:11:12 CET 2006 - poeml@suse.de
1150
1151
- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to
1152
increase it anymore (fixes [#143536])
1153
1154
-------------------------------------------------------------------
1155
Mon Dec 19 13:25:20 CET 2005 - poeml@suse.de
1156
1157
- update to 2.2.0
1158
- enable all new modules
1159
- replaced modules "auth auth_dbm access" in default configuration
1160
by "auth_basic authn_file authn_dbm authz_host authz_default
1161
authz_user""
1162
- /usr/share/apache2/apache-20-22-upgrade will fix the module list
1163
on upgrade
1164
- fix bug in sysconf_addword (used by a2enmod) to respect word
1165
boundaries when removing a word (but don't count slashes as word
1166
boundary)
1167
- remove perchild mpm subpackage, add experimemtal event mpm
1168
- remove obsolete tool apache2-reconfigure-mpm
1169
- remove obsolete perchild config from apache2-server-tuning.conf
1170
- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild
1171
- build against system pcre
1172
- build with --enable-pie
1173
- don't modify which libraries are linked in
1174
- adjust IndexIgnore setting to upstream default. Previously, the
1175
parent directory (..) was being ignored
1176
- package the symlinks in ssl.crt
1177
1178
-------------------------------------------------------------------
1179
Wed Dec 7 11:07:21 CET 2005 - poeml@suse.de
1180
1181
- patch apxs to use the new a2enmod tool, when called with -a
1182
- add -l option to a2enmod, which gives a list of active modules
1183
- adjust feedback address in the readmes
1184
- update README.QUICKSTART.SSL (mention TinyCA)
1185
- add more documentation in server-tuning.conf, and adjust defaults
1186
- do not document the restart-hup action of the init script. It
1187
should not be used
1188
- don't install the tool checkgid -- it is only usable during
1189
installation
1190
1191
-------------------------------------------------------------------
1192
Fri Nov 18 13:22:21 CET 2005 - poeml@suse.de
1193
1194
- fix duplicated Source45 tag
1195
1196
-------------------------------------------------------------------
1197
Mon Oct 24 14:17:08 CEST 2005 - poeml@suse.de
1198
1199
- update to 2.0.55. Relevant changes:
1200
| SECURITY: CAN-2005-2700 (cve.mitre.org)
1201
| mod_ssl: Fix a security issue where "SSLVerifyClient" was
1202
| not enforced in per-location context if "SSLVerifyClient
1203
| optional" was configured in the vhost configuration.
1204
| SECURITY: CAN-2005-2491 (cve.mitre.org):
1205
| Fix integer overflows in PCRE in quantifier parsing which
1206
| could be triggered by a local user through use of a
1207
| carefully-crafted regex in an .htaccess file.
1208
| SECURITY: CAN-2005-2088 (cve.mitre.org)
1209
| proxy: Correctly handle the Transfer-Encoding and
1210
| Content-Length headers. Discard the request Content-Length
1211
| whenever T-E: chunked is used, always passing one of either
1212
| C-L or T-E: chunked whenever the request includes a request
1213
| body. Resolves an entire class of proxy HTTP Request
1214
| Splitting/Spoofing attacks.
1215
| SECURITY: CAN-2005-2728 (cve.mitre.org)
1216
| Fix cases where the byterange filter would buffer responses
1217
| into memory. PR 29962.
1218
| SECURITY: CAN-2005-2088 (cve.mitre.org)
1219
| core: If a request contains both Transfer-Encoding and
1220
| Content-Length headers, remove the Content-Length,
1221
| mitigating some HTTP Request Splitting/Spoofing attacks.
1222
| SECURITY: CAN-2005-1268 (cve.mitre.org)
1223
| mod_ssl: Fix off-by-one overflow whilst printing CRL
1224
| information at "LogLevel debug" which could be triggered if
1225
| configured to use a "malicious" CRL. PR 35081.
1226
| miscellaneous:
1227
| - worker MPM: Fix a memory leak which can occur after an
1228
| aborted connection in some limited circumstances.
1229
| - worker mpm: don't take down the whole server for a transient
1230
| thread creation failure. PR 34514
1231
| - Added TraceEnable [on|off|extended] per-server directive to
1232
| alter the behavior of the TRACE method. This addresses a
1233
| flaw in proxy conformance to RFC 2616 - previously the proxy
1234
| server would accept a TRACE request body although the RFC
1235
| prohibited it. The default remains 'TraceEnable on'.
1236
| - Add ap_log_cerror() for logging messages associated with
1237
| particular client connections.
1238
| - Support the suppress-error-charset setting, as with Apache
1239
| 1.3.x. PR 31274.
1240
| - Fix bad globbing comparison which could result in getting a
1241
| directory listing when a file was requested. PR 34512.
1242
| - Fix a file descriptor leak when starting piped loggers. PR
1243
| 33748.
1244
| - Prevent hangs of child processes when writing to piped
1245
| loggers at the time of graceful restart. PR 26467.
1246
| mod_cgid:
1247
| - Correct mod_cgid's argv[0] so that the full path can be
1248
| delved by the invoked cgi application, to conform to the
1249
| behavior of mod_cgi.
1250
| mod_include:
1251
| - Fix possible environment variable corruption when using
1252
| nested includes. PR 12655.
1253
| mod_ldap:
1254
| - Fix PR 36563. Keep track of the number of attributes
1255
| retrieved from LDAP so that all of the values can be
1256
| properly cached even if the value is NULL.
1257
| - Fix core dump if mod_auth_ldap's
1258
| mod_auth_ldap_auth_checker() was called even if
1259
| mod_auth_ldap_check_user_id() was not (or if it didn't
1260
| succeed) for non-authoritative cases.
1261
| - Avoid segfaults when opening connections if using a version
1262
| of OpenLDAP older than 2.2.21. PR 34618.
1263
| - Fix various shared memory cache handling bugs. PR 34209.
1264
| mod_proxy:
1265
| - Fix over-eager handling of '%' for reverse proxies. PR
1266
| 15207.
1267
| - proxy HTTP: If a response contains both Transfer-Encoding
1268
| and a Content-Length, remove the Content-Length and don't
1269
| reuse the connection, mitigating some HTTP Response
1270
| Splitting attacks.
1271
| - proxy HTTP: Rework the handling of request bodies to handle
1272
| chunked input and input filters which modify content length,
1273
| and avoid spooling arbitrary-sized request bodies in memory.
1274
| PR 15859.
1275
| mod_ssl:
1276
| - Fix build with OpenSSL 0.9.8. PR 35757.
1277
| mod_rewrite:
1278
| - use buffered I/O to improve performance with large
1279
| RewriteMap txt: files.
1280
| mod_userdir:
1281
| - Fix possible memory corruption issue. PR 34588.
1282
- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif
1283
httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif
1284
apache2-bundled-pcre-5.0-CAN-2005-2491.dif
1285
httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff
1286
httpd-2.0.54-ap_byterange-CAN-2005-2728.diff
1287
- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55)
1288
1289
-------------------------------------------------------------------
1290
Thu Oct 20 15:50:35 CEST 2005 - poeml@suse.de
1291
1292
- rc.apache2: when stopping the server, wait for the actual binary
1293
of the parent process to disappear. Waiting for the pid file to
1294
disappear is not sufficient, because not all cleanup might be
1295
finished at the time of its removal. [#96492], [#85539]
1296
1297
-------------------------------------------------------------------
1298
Wed Oct 12 15:42:47 CEST 2005 - poeml@suse.de
1299
1300
- fix security hole by wrongly initializing LD_LIBRARY_PATH in
1301
/usr/sbin/envvars (used by apache2ctl only) [#118188]
1302
1303
-------------------------------------------------------------------
1304
Fri Sep 30 09:47:20 CEST 2005 - poeml@suse.de
1305
1306
- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch)
1307
1308
-------------------------------------------------------------------
1309
Mon Sep 26 01:24:18 CEST 2005 - ro@suse.de
1310
1311
- define LDAP_DEPRECATED in CFLAGS
1312
1313
-------------------------------------------------------------------
1314
Fri Sep 2 12:55:08 CEST 2005 - poeml@suse.de
1315
1316
- security fix [CAN-2005-2728 (cve.mitre.org)]:
1317
fix memory consumption bug in byterange handling
1318
- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701]
1319
if "SSLVerifyClient optional" has been configured at the vhost
1320
context then "SSLVerifyClient require" is not enforced in a
1321
location context within that vhost; effectively allowing clients
1322
to bypass client-cert authentication checks. [#114701]
1323
1324
-------------------------------------------------------------------
1325
Wed Aug 31 15:39:38 CEST 2005 - poeml@suse.de
1326
1327
- Security fix: fix integer overflows in PCRE in quantifier parsing which
1328
could be triggered by a local user through use of a carefully-crafted
1329
regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209]
1330
1331
-------------------------------------------------------------------
1332
Tue Aug 30 17:41:46 CEST 2005 - lmuelle@suse.de
1333
1334
- Escape also any forward slash while removing a word with sysconf_addword.
1335
1336
-------------------------------------------------------------------
1337
Fri Aug 26 14:33:34 CEST 2005 - lmuelle@suse.de
1338
1339
- Escape any forward slash in the word argument of sysconf_addword.
1340
1341
-------------------------------------------------------------------
1342
Sun Aug 14 00:20:26 CEST 2005 - ro@suse.de
1343
1344
- alingn suexec2 permissions with permissions.secure
1345
1346
-------------------------------------------------------------------
1347
Thu Aug 11 11:09:49 CEST 2005 - poeml@suse.de
1348
1349
- the permissions files are now maintained centrally and packaged
1350
in the permissions package. Package suexec2 with mode 0750. [#66304]
1351
1352
-------------------------------------------------------------------
1353
Fri Aug 5 13:10:21 CEST 2005 - poeml@suse.de
1354
1355
- change SSLMutex "default" so APR always picks the best on the
1356
platform
1357
- fix Source42 tag which was present twice
1358
- add a2enmod/a2enflag to add/remove modules/flags conveniently
1359
- add charset.conv table for mod_auth_ldap
1360
- make sure that suse_version is defined (it might be unset by e.g.
1361
ISPs preinstallations)
1362
1363
-------------------------------------------------------------------
1364
Tue Jul 12 23:49:29 CEST 2005 - poeml@suse.de
1365
1366
- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request
1367
contains both Transfer-Encoding and a Content-Length, remove the
1368
Content-Length, stopping some HTTP Request smuggling attacks.
1369
mod_proxy: Reject chunked requests. [#95709]
1370
- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix
1371
off-by-one overflow whilst printing CRL information at "LogLevel
1372
debug" which could be triggered if configured to use a
1373
"malicious" CRL. PR 35081. [#95709]
1374
1375
-------------------------------------------------------------------
1376
Mon Jun 20 12:57:17 CEST 2005 - poeml@suse.de
1377
1378
- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with
1379
-fpie and link with -pie
1380
1381
-------------------------------------------------------------------
1382
Wed May 18 16:46:22 CEST 2005 - poeml@suse.de
1383
1384
- update to 2.0.54. Relevant changes:
1385
| mod_cache:
1386
| - Add CacheIgnoreHeaders directive. PR 30399.
1387
| mod_dav:
1388
| - Correctly export all public functions.
1389
| mod_ldap:
1390
| - Added the directive LDAPConnectionTimeout to configure the
1391
| ldap socket connection timeout value.
1392
| mod_ssl:
1393
| - If SSLUsername is used, set r->user earlier. PR 31418.
1394
| miscellaneous:
1395
| - Unix MPMs: Shut down the server more quickly when child
1396
| processes are slow to exit.
1397
| - worker MPM: Fix a problem which could cause httpd processes
1398
| to remain active after shutdown.
1399
| - Remove formatting characters from ap_log_error() calls.
1400
| These were escaped as fallout from CAN-2003-0020.
1401
| - core_input_filter: Move buckets to a persistent brigade
1402
| instead of creating a new brigade. This stop a memory leak
1403
| when proxying a Streaming Media Server. PR 33382.
1404
| - htdigest: Fix permissions of created files. PR 33765.
1405
1406
-------------------------------------------------------------------
1407
Mon Mar 14 17:13:27 CET 2005 - poeml@suse.de
1408
1409
- revise README
1410
1411
-------------------------------------------------------------------
1412
Mon Mar 7 17:14:16 CET 2005 - poeml@suse.de
1413
1414
- when building the suexec binary, set the "docroot" compile time
1415
option to the datadir (/srv/www) instead of the htdocsdir
1416
(/srv/www/htdocs), so it can be used with virtual hosts placed
1417
e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper.
1418
- add php5 to APACHE_MODULES by default, so it can be used simply
1419
by installing the package. Suppress warning about not-found
1420
module in the php4/php5 case. [#66729]
1421
- remove a redundant get_module_list call from the init script
1422
- add hints about vhost setup to README.QUICKSTART
1423
- after a change of APACHE_MPM, apache2-reconfigure-mpm is no
1424
longer needed since SuSEconfig.apache2 is gone. Leave it for
1425
compatibility, because /etc/sysconfig/apache2 is probably not
1426
updated and yast may still use it.
1427
- move the 4 most important variables in sysconfig.apache2 to the
1428
top of the file
1429
- add note about the old monolithic configuration file and how to
1430
use it
1431
- drop patch httpd-2.0.40-openssl-version.dif (we don't even have
1432
openssl-0.9.6e anywhere, any longer)
1433
1434
-------------------------------------------------------------------
1435
Wed Mar 2 12:38:55 CET 2005 - poeml@suse.de
1436
1437
- fix TLS upgrade patch: with SSLEngine set to Optional, an
1438
additional token in an Upgrade: header before "TLS/1.0" could
1439
result into an infinite loop [#67126]
1440
1441
-------------------------------------------------------------------
1442
Tue Feb 22 16:23:33 CET 2005 - poeml@suse.de
1443
1444
- run /usr/share/apache2/get_module_list post install, which will
1445
also create the symlink to the httpd2 binary, which might be
1446
necessary during package building when apache has been installed
1447
but never been run.
1448
1449
-------------------------------------------------------------------
1450
Mon Feb 21 16:16:16 CET 2005 - poeml@suse.de
1451
1452
- remove SuSEconfig.apache2
1453
1454
-------------------------------------------------------------------
1455
Fri Feb 11 15:14:14 CET 2005 - poeml@suse.de
1456
1457
- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all
1458
available modules plus 9 perl modules was beginning to fail
1459
1460
-------------------------------------------------------------------
1461
Wed Feb 9 11:46:37 CET 2005 - poeml@suse.de
1462
1463
- update to 2.0.53. Relevant changes:
1464
| SECURITY: CAN-2004-0942 (cve.mitre.org)
1465
| Fix for memory consumption DoS in handling of MIME folded request
1466
| headers.
1467
| SECURITY: CAN-2004-0885 (cve.mitre.org)
1468
| mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
1469
| bypassed during an SSL renegotiation. PR 31505.
1470
| mod_dumpio:
1471
| - new I/O logging/dumping module, added to the
1472
| modules/expermimental subdirectory.
1473
| mod_ssl:
1474
| - fail quickly if SSL connection is aborted rather than making
1475
| many doomed ap_pass_brigade calls. PR 32699.
1476
| - Fail at startup rather than segfault at runtime if a client cert
1477
| is configured with an encrypted private key. PR 24030.
1478
| mod_include:
1479
| - Fix bug which could truncate variable expansions of N*64
1480
| characters by one byte. PR 32985.
1481
| mod_status:
1482
| - Start keeping track of time-taken-to-process-request again if
1483
| ExtendedStatus is enabled.
1484
| util_ldap:
1485
| - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so
1486
| that ldap authorization only modules have access to the
1487
| util_ldap user cache without having to require ldap
1488
| authentication as well. PR 31898.
1489
| mod_ldap:
1490
| - Fix format strings to use %APR_PID_T_FMT instead of %d.
1491
| - prevent the possiblity of an infinite loop in the LDAP
1492
| statistics display. PR 29216.
1493
| - fix a bogus error message to tell the user which file is causing
1494
| a potential problem with the LDAP shared memory cache. PR 31431
1495
| - Fix the re-linking issue when purging elements from the LDAP
1496
| cache PR 24801.
1497
| mod_auth_ldap:
1498
| - Added the directive "Requires ldap-attribute" that allows the
1499
| module to only authorize a user if the attribute value specified
1500
| matches the value of the user object. PR 31913
1501
| - Handle the inconsistent way in which the MS LDAP library handles
1502
| special characters. PR 24437.
1503
| mod_proxy:
1504
| - Fix ProxyRemoteMatch directive. PR 33170.
1505
| - Respect errors reported by pre_connection hooks.
1506
| - Handle client-aborted connections correctly. PR 32443.
1507
| mod_cache:
1508
| - CacheDisable will only disable the URLs it was meant to disable,
1509
| not all caching. PR 31128.
1510
| - Try to correctly follow RFC 2616 13.3 on validating stale cache
1511
| responses.
1512
| - Fix Expires handling.
1513
| mod_disk_cache:
1514
| - Do not store aborted content. PR 21492.
1515
| - Correctly store cached content type. PR 30278.
1516
| - Do not store hop-by-hop headers.
1517
| - Fix races in saving responses.
1518
| mod_expires:
1519
| - Alter mod_expires to run at a different filter priority to allow
1520
| proper Expires storage by mod_cache.
1521
| mod_rewrite:
1522
| - Handle per-location rules when r->filename is unset. Previously
1523
| this would segfault or simply not match as expected, depending
1524
| on the platform.
1525
| - Fix 0 bytes write into random memory position. PR 31036.
1526
| miscellaneous:
1527
| - Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
1528
| - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
1529
| - Allow for the use of --with-module=foo:bar where the ./modules/foo
1530
| directory is local only. Assumes, of course, that the required
1531
| files are in ./modules/foo, but makes it easier to statically
1532
| build/log "external" modules.
1533
| - --with-module can now take more than one module to be statically
1534
| linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
1535
| If the <modtype>-subdirectory doesn't exist it will be created and
1536
| populated with a standard Makefile.in.
1537
| - Fix handling of files >2Gb on all platforms (or builds) where
1538
| apr_off_t is larger than apr_size_t. PR 28898.
1539
| - Remove compiled-in upper limit on LimitRequestFieldSize.
1540
| - Correct handling of certain bucket types in ap_save_brigade, fixing
1541
| possible segfaults in mod_cgi with #include virtual. PR 31247.
1542
| - conf: Remove AddDefaultCharset from the default configuration
1543
| because setting a site-wide default does more harm than good. PR
1544
| 23421.
1545
| - Add charset to example CGI scripts.
1546
- merge tls-upgrade.patch
1547
- remove obsolete httpd-2.0.47-headtail.dif
1548
httpd-2.0.52-util_ldap_cache_mgr.c.dif
1549
httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif
1550
httpd-2.0.52-ssl-incomplete-keypair.dif
1551
httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif
1552
httpd-2.0.52.21492.diff
1553
httpd-2.0.52.30278.diff
1554
httpd-2.0.52.30399.diff
1555
httpd-2.0.52.30419.diff
1556
httpd-2.0.52.31385.diff
1557
- sync configuration with upstream changes
1558
* Remove AddDefaultCharset (see upstream changelog above)
1559
* LanguagePriority for error documents updated
1560
1561
-------------------------------------------------------------------
1562
Sat Jan 15 20:46:53 CET 2005 - schwab@suse.de
1563
1564
- Use <owner>:<group> in permissions file.
1565
1566
-------------------------------------------------------------------
1567
Tue Jan 11 14:08:35 CET 2005 - schwab@suse.de
1568
1569
- Fix /etc/init.d/apache2 to use readlink instead of linkto or file.
1570
1571
-------------------------------------------------------------------
1572
Mon Nov 29 14:42:40 CET 2004 - hvogel@suse.de
1573
1574
- fix permission handling
1575
1576
-------------------------------------------------------------------
1577
Thu Nov 11 13:06:22 CET 2004 - poeml@suse.de
1578
1579
- fix /etc/init.d/apache2 to correctly handle the start of multiple
1580
instances of the same binary (using startproc -f plus prior check
1581
for running instance) [#48153]
1582
- fix helper scripts to allow overriding of $sysconfig_file and
1583
other useful values
1584
- remove unused 'rundir' variable from /etc/init.d/apache2
1585
- removed backward compatibility code for pre-8.0
1586
- add documentation to the vhost template files and
1587
README.QUICKSTART
1588
1589
-------------------------------------------------------------------
1590
Mon Nov 8 16:14:23 CET 2004 - poeml@suse.de
1591
1592
- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory
1593
consumption DoS [#47967]
1594
1595
-------------------------------------------------------------------
1596
Thu Nov 4 16:47:59 CET 2004 - poeml@suse.de
1597
1598
- remove heimdal-devel from #neededforbuild, it is not needed
1599
1600
-------------------------------------------------------------------
1601
Fri Oct 15 07:44:20 CEST 2004 - poeml@suse.de
1602
1603
- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117]
1604
- update the TLS upgrade patch [#47207]
1605
- mod_ssl returned invalid method on TLS upgraded connections
1606
- additional checks for httpd_method and default_port hooks
1607
- fixed typo in upgrade header
1608
- add patches from Ruediger Pluem for the experimental modules
1609
mod_disk_cache, mod_cache
1610
PR 21492: mod_disk_cache: Do not store aborted content.
1611
PR 30278: mod_disk_cache: Correctly store cached content type.
1612
PR 30399: make storing of Set-Cookie headers optional
1613
PR 30419: weird caching behaviour of mod_cache and old Cookies
1614
PR 31385: skipping start of file if recaching already cached file
1615
- patch from 2.0.53: Fail to configure when an SSL proxy is
1616
configured with incomplete client cert keypair, rather than
1617
segfaulting at runtime. PR 24030
1618
http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
1619
1620
-------------------------------------------------------------------
1621
Mon Oct 11 14:31:42 CEST 2004 - poeml@suse.de
1622
1623
- add patch fixing re-linking issue when purging elements from the
1624
LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801
1625
http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch
1626
1627
-------------------------------------------------------------------
1628
Mon Oct 11 14:07:33 CEST 2004 - poeml@suse.de
1629
1630
- sync update configuration with upstream changes (2.0.52)
1631
(mostly comments; configuration for spanish manual added)
1632
- add mime type for shortcut icons (favicon.ico)
1633
1634
-------------------------------------------------------------------
1635
Fri Oct 8 18:36:21 CEST 2004 - poeml@suse.de
1636
1637
- update to 2.0.52. Relevant changes:
1638
| SECURITY: CAN-2004-0811 (cve.mitre.org)
1639
| Fix merging of the Satisfy directive, which was applied to
1640
| the surrounding context and could allow access despite configured
1641
| authentication. PR 31315.
1642
| util_ldap:
1643
| Fix a segfault in the LDAP cache when it is configured switched off.
1644
| mod_mem_cache:
1645
| Fixed race condition causing segfault because of memory being
1646
| freed twice, or reused after being freed.
1647
| mod_log_config:
1648
| Fix a bug which prevented request completion time from being
1649
| logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
1650
| processing. PR 29696.
1651
| miscellaneous:
1652
| - Use HTML 2.0 <hr> for error pages. PR 30732
1653
| - Fix the handling of URIs containing %2F when
1654
| AllowEncodedSlashes is enabled. Previously, such urls would
1655
| still be rejected.
1656
| - Fix the global mutex crash when the global mutex is never
1657
| allocated due to disabled/empty caches.
1658
| - Add -l option to rotatelogs to let it use local time rather
1659
| than UTC. PR 24417.
1660
- changes from 2.0.51:
1661
| SECURITY: CAN-2004-0786 (cve.mitre.org)
1662
| Fix an input validation issue in apr-util which could be
1663
| triggered by malformed IPv6 literal addresses.
1664
| SECURITY: CAN-2004-0747 (cve.mitre.org)
1665
| Fix buffer overflow in expansion of environment variables in
1666
| configuration file parsing.
1667
| SECURITY: CAN-2004-0809 (cve.mitre.org)
1668
| mod_dav_fs: Fix a segfault in the handling of an indirect lock
1669
| refresh. PR 31183.
1670
| SECURITY: CAN-2004-0751 (cve.mitre.org)
1671
| mod_ssl: Fix a segfault in the SSL input filter which could be
1672
| triggered if using "speculative" mode, for instance by a proxy
1673
| request to an SSL server. PR 30134.
1674
| SECURITY: CAN-2004-0748 (cve.mitre.org)
1675
| mod_ssl: Fix a potential infinite loop. PR 29964.
1676
| mod_include:
1677
| no longer checks for recursion, because that's done in the core.
1678
| This allows for careful usage of recursive SSI.
1679
| mod_rewrite:
1680
| - Fix memory leak in the cache handlingof mod_rewrite. PR 27862.
1681
| - Add %{SSL:...} and %{HTTPS} variable lookups. PR 30464.
1682
| - mod_rewrite now officially supports RewriteRules in <Proxy>
1683
| sections. PR 27985.
1684
| - no longer confuse the RewriteMap caches if different maps
1685
| defined in different virtual hosts use the same map name. PR 26462.
1686
| mod_ssl:
1687
| - Add new 'ssl_is_https' optional function.
1688
| - Add "SSLUserName" directive to set r->user based on a chosen SSL
1689
| environment variable. PR 20957.
1690
| - Avoid startup failure after unclean shutdown if using shmcb. PR 18989.
1691
| mod_autoindex:
1692
| - Don't truncate the directory listing if a stat() call fails (for
1693
| instance on a >2Gb file). PR 17357.
1694
| mod_cache, mod_disk_cache, mod_mem_cache:
1695
| - Refactor cache modules, and switch to the provider API instead
1696
| of hooks.
1697
| mod_disk_cache:
1698
| - Implement binary format for on-disk header files.
1699
| - Optimize network performance of disk cache subsystem by allowing
1700
| zero-copy (sendfile) writes and other miscellaneous fixes.
1701
| mod_userdir:
1702
| - Ensure that the userdir identity is used for suexec userdir
1703
| access in a virtual host which has suexec configured. PR 18156.
1704
| mod_setenvif:
1705
| - Remove "support" for Remote_User variable which never worked at
1706
| all. PR 25725.
1707
| - Extend the SetEnvIf directive to capture subexpressions of the
1708
| matched value.
1709
| mod_headers:
1710
| - Backport from 2.1 / Regression from 1.3: mod_headers now knows
1711
| again the functionality of the ErrorHeader directive. But
1712
| instead using this misnomer additional flags to the Header
1713
| directive were introduced ("always" and "onsuccess", defaulting
1714
| to the latter). PR 28657.
1715
| mod_usertrack:
1716
| - Escape the cookie name before pasting into the regexp.
1717
| mod_dir:
1718
| - the trailing-slash behaviour is now configurable using the
1719
| DirectorySlash directive.
1720
| util_ldap:
1721
| - Switched the lock types on the shared memory cache from thread
1722
| reader/writer locks to global mutexes in order to provide cross
1723
| process cache protection.
1724
| - Reworked the cache locking scheme to eliminate duplicate cache
1725
| entries in the credentials cache due to race conditions.
1726
| - Enhanced the util_ldap cache-info display to show more detail
1727
| about the contents and current state of the cache.
1728
| mod_ldap:
1729
| - Enable the option to support anonymous shared memory in
1730
| mod_ldap. This makes the cache work on Linux again.
1731
| miscellaneous:
1732
| - Include directives no longer refuse to process symlinks on
1733
| directories. Instead there's now a maximum nesting level of
1734
| included directories (128 as distributed). This is configurable
1735
| at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR
1736
| 28492, PR 28370.
1737
| - Prevent CGI script output which includes a Content-Range header
1738
| from being passed through the byterange filter.
1739
| - Satisfy directives now can be influenced by a surrounding
1740
| <Limit> container. PR 14726.
1741
| - Makefile fix: httpd is linked against LIBS given to the 'make'
1742
| invocation. PR 7882.
1743
| - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
1744
| - apachectl: Fix a problem finding envvars if sbindir != bindir.
1745
| PR 30723.
1746
| - Use the higher performing 'httpready' Accept Filter on all
1747
| platforms except FreeBSD < 4.1.1.
1748
| - Allow proxying of resources that are invoked via DirectoryIndex.
1749
| PR 14648, 15112, 29961.
1750
| - Small fix to allow reverse proxying to an ftp server. Previously
1751
| an attempt to do this would try and connect to 0.0.0.0,
1752
| regardless of the server specified. PR 24922
1753
| - Enable special ErrorDocument value 'default' which restores the
1754
| canned server response for the scope of the directive.
1755
| - work around MSIE Digest auth bug - if
1756
| AuthDigestEnableQueryStringHack is set in r->subprocess_env
1757
| allow mismatched query strings to pass. PR 27758.
1758
| - Accept URLs for the ServerAdmin directive. If the supplied
1759
| argument is not recognized as an URL, assume it's a mail
1760
| address. PR 28174.
1761
| - initialize server arrays prior to calling
1762
| ap_setup_prelinked_modules so that static modules can push
1763
| Defines values when registering hooks just like DSO modules can
1764
- drop obsolete security fixes
1765
httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif
1766
httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif
1767
httpd-2.0.50-CAN-2004-0747-ENVVAR.dif
1768
httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif
1769
httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif
1770
- httpd-2.0.45-anon-mmap.dif included upstream
1771
1772
-------------------------------------------------------------------
1773
Tue Sep 14 12:11:58 CEST 2004 - poeml@suse.de
1774
1775
- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in
1776
mod_dav by remotely triggerable null-pointer dereference
1777
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231]
1778
- fix hint about vhost checking in the SSL readme
1779
1780
-------------------------------------------------------------------
1781
Wed Sep 8 14:24:19 CEST 2004 - poeml@suse.de
1782
1783
- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability
1784
in the apr-util library (lacking input validation on IPv6 literal
1785
addresses in the apr_uri_parse function [#44736]
1786
- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer
1787
overflow that can occur when expanding ${ENVVAR} constructs in
1788
.htaccess or httpd.conf files. [#44736]
1789
1790
-------------------------------------------------------------------
1791
Mon Sep 6 12:48:21 CEST 2004 - poeml@suse.de
1792
1793
- rename check_forensic script to avoid clash with apache 1.3.x
1794
package
1795
1796
-------------------------------------------------------------------
1797
Fri Aug 27 16:18:41 CEST 2004 - poeml@suse.de
1798
1799
- implement action "startssl" in the init script. [#42365]
1800
- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs.
1801
- disable building of leader and metuxmpm MPMs.
1802
1803
-------------------------------------------------------------------
1804
Wed Aug 25 12:58:20 CEST 2004 - poeml@suse.de
1805
1806
- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential
1807
infinite loop in the SSL input filter which can be triggered by
1808
an aborted connection
1809
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103]
1810
- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential
1811
segfault in the SSL input filter which can be triggered by the
1812
response to request which is proxied to a remote SSL server
1813
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103]
1814
- remove the obsolete notify message on package update
1815
1816
-------------------------------------------------------------------
1817
Thu Jul 8 14:17:13 CEST 2004 - poeml@suse.de
1818
1819
- update to 2.0.50. Relevant changes:
1820
| SECURITY: CAN-2004-0493 (cve.mitre.org)
1821
| Close a denial of service vulnerability identified by Georgi
1822
| Guninski which could lead to memory exhaustion with certain
1823
| input data.
1824
| SECURITY: CAN-2004-0488 (cve.mitre.org)
1825
| mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for
1826
| a (trusted) client certificate subject DN which exceeds 6K in
1827
| length.
1828
| mod_alias:
1829
| now emits a warning if it detects overlapping *Alias* directives.
1830
| mod_cgi: Handle output on stderr during script execution on Unix
1831
| platforms; preventing deadlock when stderr output fills pipe
1832
| buffer. Also fixes case where stderr from nph- scripts could be
1833
| lost. PR 22030, 18348.
1834
| mod_dav:
1835
| - Fix a problem that could cause crashes when manipulating locks
1836
| on some platforms.
1837
| mod_dav_fs:
1838
| - Fix MKCOL response for missing parent collections, which caused
1839
| issues for the Eclipse WebDAV extension. PR 29034.
1840
| mod_deflate:
1841
| - Fix memory consumption (which was proportional to the response
1842
| size). PR 29318.
1843
| mod_expires:
1844
| - Fix segfault which occured under certain circumstances. PR 28047.
1845
| mod_headers:
1846
| - no longer crashes if an empty header value should be added.
1847
| mod_log_forensic:
1848
| - new module.
1849
| mod_logio:
1850
| - no longer removes the EOS bucket. PR 27928.
1851
| mod_proxy:
1852
| - Fix handling of IPv6 numeric strings.
1853
| mod_rewrite:
1854
| no longer turns forward proxy requests into reverse proxy
1855
| requests. PR 28125
1856
| mod_ssl:
1857
| - Log the errors returned on failure to load or initialize a
1858
| crypto accelerator engine.
1859
| - Fix a potential segfault in the 'shmcb' session cache for small
1860
| cache sizes. PR 27751.
1861
| - Fix memory leak in session cache handling. PR 26562
1862
| - Fix potential segfaults when performing SSL shutdown from a pool
1863
| cleanup. PR 27945.
1864
| mod_auth_ldap/util_ldap:
1865
| - allow relative paths for LDAPTrustedCA to be resolved against
1866
| ServerRoot PR#26602
1867
| - Throw an error message if an attempt is made to use the
1868
| LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost.
1869
| PR 26390
1870
| - Fix a potential segfault if the bind password in the LDAP cache
1871
| is NULL. PR 28250.
1872
| - Overhaul handling of LDAP error conditions, so that the
1873
| util_ldap_* functions leave the connections in a sane state
1874
| after errors have occurred. PR 27748, 17274, 17599, 18661,
1875
| 21787, 24595, 24683, 27134, 27271
1876
| - mod_ldap calls ldap_simple_bind_s() to validate the user
1877
| credentials. If the bind fails, the connection is left in an
1878
| unbound state. Make sure that the ldap connection record is
1879
| updated to show that the connection is no longer bound.
1880
| - Update the bind credentials for the cached LDAP connection to
1881
| reflect the last bind. This prevents util_ldap from creating
1882
| unnecessary connections rather than reusing cached connections.
1883
| - Quotes cannot be used around require group and require dn
1884
| directives, update the documentation to reflect this. Also add
1885
| quotes around the dn and group within debug messages, to make it
1886
| more obvious why authentication is failing if quotes are used in
1887
| error. PR 19304.
1888
| miscellaneous:
1889
| - Allow RequestHeader directives to be conditional. PR 27951.
1890
| - Allow LimitRequestBody to be reset to unlimited. PR 29106
1891
| - <VirtualHost myhost> now applies to all IP addresses for myhost
1892
| instead of just the first one reported by the resolver. This
1893
| corrects a regression since 1.3.
1894
| - Fix a bunch of cases where the return code of the regex compiler
1895
| was not checked properly. This affects: mod_setenvif,
1896
| mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218.
1897
| - Remove 2Gb log file size restriction on some 32-bit platforms.
1898
| PR 13511.
1899
| - htpasswd no longer refuses to process files that contain empty
1900
| lines.
1901
| - Regression from 1.3: At startup, suexec now will be checked for
1902
| availability, the setuid bit and user root. The works only if
1903
| httpd is compiled with the shipped APR version (0.9.5). PR
1904
| 28287.
1905
| - Unix MPMs: Stop dropping connections when the file descriptor is
1906
| at least FD_SETSIZE.
1907
| - Fix a segfault when requests for shared memory fails and returns
1908
| NULL. Fix a segfault caused by a lack of bounds checking on the
1909
| cache. PR 24801.
1910
| - Ensure that lines in the request which are too long are properly
1911
| terminated before logging.
1912
| - htpasswd: use apr_temp_dir_get() and general cleanup
1913
| - logresolve: Allow size of log line buffer to be overridden at
1914
| build time (MAXLINE). PR 27793.
1915
| - Fix the comment delimiter in htdbm so that it correctly parses
1916
| the username comment. Also add a terminate function to allow
1917
| NetWare to pause the output before the screen is destroyed.
1918
| - Fix crash when Apache was started with no Listen directives.
1919
| - core_output_filter: Fix bug that could result in sending garbage
1920
| over the network when module handlers construct bucket brigades
1921
| containing multiple file buckets all referencing the same open
1922
| file descriptor.
1923
| - Fix memory corruption problem with ap_custom_response()
1924
| function. The core per-dir config would later point to request
1925
| pool data that would be reused for different purposes on
1926
| different requests.
1927
- drop obsolete patches
1928
- change vendor string SuSE -> SUSE
1929
1930
-------------------------------------------------------------------
1931
Tue Jun 29 11:35:24 CEST 2004 - poeml@suse.de
1932
1933
- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of
1934
Service vulnaribility which could lead to memory exhaustion with
1935
certain input data. [#42566]
1936
1937
-------------------------------------------------------------------
1938
Fri Jun 18 11:39:53 CEST 2004 - poeml@suse.de
1939
1940
- package forgotten CHANGES file
1941
- package apr and apr-util documentation files
1942
- fix log_server_status2 to use perl's Socket module
1943
1944
-------------------------------------------------------------------
1945
Wed May 19 13:38:41 CEST 2004 - poeml@suse.de
1946
1947
- security fix for mod_ssl: fix buffer overflow in
1948
ssl_util_uuencode() [#40791]
1949
1950
-------------------------------------------------------------------
1951
Wed Apr 28 14:04:34 CEST 2004 - poeml@suse.de
1952
1953
- add TLS upgrade patch [#39449]
1954
- add patch to allow writing log files larger than 2>GB [#39453]
1955
- obsolete apache and mod_ssl versions only when older than what is
1956
shipped with 9.1
1957
- don't provide mod_ssl
1958
1959
-------------------------------------------------------------------
1960
Fri Apr 2 15:56:30 CEST 2004 - cschum@suse.de
1961
1962
- Add "suse_help_viewer" provides [#37932]
1963
1964
-------------------------------------------------------------------
1965
Mon Mar 29 17:57:46 CEST 2004 - poeml@suse.de
1966
1967
- provide and obsolete packages apache, mod_ssl, apache-doc and
1968
apache-example-pages [#37084]
1969
1970
-------------------------------------------------------------------
1971
Mon Mar 22 18:37:27 CET 2004 - poeml@suse.de
1972
1973
- disable large file support by not building with _FILE_OFFSET_BITS=64,
1974
in favour of retaining a binary compatible module API.
1975
Therefore, do not change the module magic number. LFS can be
1976
enabled by building via rpmbuild --define 'build_with_LFS 1'
1977
1978
-------------------------------------------------------------------
1979
Thu Mar 18 20:35:06 CET 2004 - poeml@suse.de
1980
1981
- update to proposed 2.0.49 tarball
1982
- mod_cgid: Fix storage corruption caused by use of incorrect pool.
1983
- docs update
1984
- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635]
1985
- fix a comment in default-server.conf
1986
- remove obsolete ssl_scache_cleanup support script and ftok helper
1987
1988
-------------------------------------------------------------------
1989
Tue Mar 16 00:41:07 CET 2004 - poeml@suse.de
1990
1991
- change mmn in header file as well, for modules that include it
1992
from there
1993
1994
-------------------------------------------------------------------
1995
Mon Mar 15 17:36:07 CET 2004 - poeml@suse.de
1996
1997
- update to 2.0.49-rc2. Relevant changes:
1998
| The whole codebase was relicensed and is now available under the
1999
| Apache License, Version 2.0 (http://www.apache.org/licenses).
2000
| [Apache Software Foundation]
2001
| Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory
2002
| leak in plain-HTTP-on-SSL-port handling. PR 27106.
2003
| Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data
2004
| before writing into the errorlog. Unescaped errorlogs are still
2005
| possible using the compile time switch
2006
| "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
2007
| mod_ssl:
2008
| - Send the Close Alert message to the peer before closing the
2009
| SSL session. PR 27428.
2010
| - Fix bug in passphrase handling which could cause spurious
2011
| failures in SSL functions later. PR 21160.
2012
| - Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057.
2013
| - Fix streaming output from an nph- CGI script. PR 21944
2014
| - Advertise SSL library version as determined at run-time rather
2015
| than at compile-time. PR 23956.
2016
| - Fix segfault on a non-SSL request if the 'c' log format code
2017
| is used. PR 22741.
2018
| - Fix segfaults at startup if other modules which use OpenSSL
2019
| are also loaded.
2020
| - Use human-readable OpenSSL error strings in logs; use
2021
| thread-safe interface for retrieving error strings.
2022
| mod_cache:
2023
| - Fixed cache-removal order in mod_mem_cache.
2024
| - Fix segfault in mod_mem_cache cache_insert() due to cache size
2025
| becoming negative. PR: 21285, 21287
2026
| - Modified the cache code to be header-location agnostic. Also
2027
| fixed a number of other cache code bugs related to PR 15852.
2028
| Includes a patch submitted by Sushma Rai <rsushma novell.com>.
2029
| This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
2030
| closing the PR since that is what they are using.
2031
| mod_dav:
2032
| - Reject requests which include an unescaped fragment in the
2033
| Request-URI. PR 21779.
2034
| - Use bucket brigades when reading PUT data. This avoids
2035
| problems if the data stream is modified by an input filter. PR
2036
| 22104.
2037
| - Return a WWW-auth header for MOVE/COPY requests where the
2038
| destination resource gives a 401. PR 15571.
2039
| - Fix a problem with namespace mappings being dropped in
2040
| mod_dav_fs; if any property values were set which defined
2041
| namespaces these came out mangled in the PROPFIND response.
2042
| PR 11637.
2043
| mod_expires:
2044
| - Initialize ExpiresDefault to NULL instead of "" to avoid
2045
| reporting an Internal Server error if it is used without
2046
| having been set in the httpd.conf file. PR: 23748, 24459
2047
| - Add support for IMT minor-type wildcards (e.g., text/*) to
2048
| ExpiresByType. PR#7991
2049
| mod_log_config / logging:
2050
| - Fix some piped log problems: bogus "piped log program '(null)'
2051
| failed" messages during restart and problem with the logger
2052
| respawning again after Apache is stopped. PR 21648, PR 24805.
2053
| - mod_log_config: Fix corruption of buffered logs with threaded
2054
| MPMs. PR 25520.
2055
| - mod_log_config: Log the minutes component of the timezone correctly.
2056
| PR 23642.
2057
| mod_proxy*:
2058
| - proxy_http fix: mod_proxy hangs when both KeepAlive and
2059
| ProxyErrorOverride are enabled, and a non-200 response without a
2060
| body is generated by the backend server. (e.g.: a client makes a
2061
| request containing the "If-Modified-Since" and "If-None-Match"
2062
| headers, to which the backend server respond with status 304.)
2063
| - Fix memory leak in handling of request bodies during reverse
2064
| proxy operations. PR 24991.
2065
| - mod_proxy: Fix cases where an invalid status-line could be sent
2066
| to the client. PR 23998.
2067
| mod_rewrite:
2068
| - Catch an edge case, where strange subsequent RewriteRules
2069
| could lead to a 400 (Bad Request) response.
2070
| - Make REMOTE_PORT variable available in mod_rewrite. PR 25772.
2071
| - In external rewrite maps lookup keys containing
2072
| a newline now cause a lookup failure. PR 14453.
2073
| - Fix RewriteBase directive to not add double slashes.
2074
| mod_usertrack:
2075
| - Fix bug in mod_usertrack when no CookieName is set.
2076
| - mod_usertrack no longer inspects the Cookie2 header for
2077
| the cookie name. PR 11475.
2078
| - mod_usertrack no longer overwrites other cookies.
2079
| PR 26002.
2080
| mod_include, filters:
2081
| - Backport major overhaul of mod_include's filter parser from 2.1.
2082
| The new parser code is expected to be more robust and should
2083
| catch all of the edge cases that were not handled by the previous one.
2084
| The 2.1 external API changes were hidden by a wrapper which is
2085
| expected to keep the API backwards compatible.
2086
| - Add a hook (insert_error_filter) to allow filters to re-insert
2087
| themselves during processing of error responses. Enable mod_expires
2088
| to use the new hook to include Expires headers in valid error
2089
| responses. This addresses an RFC violation. It fixes PRs 19794,
2090
| 24884, and 25123.
2091
| - complain via error_log when mod_include's INCLUDES filter is
2092
| enabled, but the relevant Options flag allowing the filter to run
2093
| for the specific resource wasn't set, so that the filter won't
2094
| silently get skipped. next remove itself, so the warning will be
2095
| logged only once
2096
| - Fix mod_include's expression parser to recognize strings correctly
2097
| even if they start with an escaped token.
2098
| - Fix a problem with the display of empty variables ("SetEnv foo") in
2099
| mod_include. PR 24734
2100
| - mod_include no longer allows an ETag header on 304 responses.
2101
| PR 19355.
2102
| mod_autoindex:
2103
| - Don't omit the <tr> start tag if the SuppressIcon option is
2104
| set. PR 21668.
2105
| - Restore the ability to add a description for directories that
2106
| don't contain an index file. (Broken in 2.0.48)
2107
| - mod_autoindex / core: Don't fail to show filenames containing
2108
| special characters like '%'. PR 13598.
2109
| - Add 'XHTML' option in order to allow switching between HTML
2110
| 3.2 and XHTML 1.0 output. PR 23747.
2111
| mod_status:
2112
| - Add mod_status hook to allow modules to add to the mod_status
2113
| report.
2114
| - Report total CPU time accurately when using a threaded MPM.
2115
| PR 23795.
2116
| mod_info:
2117
| - Fix mod_info to use the real config file name, not the default
2118
| config file name.
2119
| - HTML escape configuration information so it displays
2120
| correctly. PR 24232.
2121
| mod_auth_digest:
2122
| - Allow mod_auth_digest to work with sub-requests with different
2123
| methods than the original request. PR 25040.
2124
| mod_auth_ldap:
2125
| - Fix some segfaults in the cache logic. PR 18756.
2126
| mod_cgid:
2127
| - Restart the cgid daemon if it crashes. PR 19849
2128
| mod_setenvif:
2129
| - Fix the regex optimizer, which under circumstances
2130
| treated the supplied regex as literal string. PR 24219.
2131
| miscellaneous:
2132
| - core.c: If large file support is enabled, allow any file that is
2133
| greater than AP_MAX_SENDFILE to be split into multiple buckets.
2134
| This allows Apache to send files that are greater than 2gig.
2135
| Otherwise we run into 32/64 bit type mismatches in the file size.
2136
| - Fixed file extensions for real media files and removed rpm extension
2137
| from mime.types. PR 26079.
2138
| - Remove compile-time length limit on request strings. Length is
2139
| now enforced solely with the LimitRequestLine config directive.
2140
| - Set the scoreboard state to indicate logging prior to running
2141
| logging hooks so that server-status will show 'L' for hung loggers
2142
| instead of 'W'.
2143
| - Fix the inability to log errors like exec failure in
2144
| mod_ext_filter/mod_cgi script children. This was broken after
2145
| such children stopped inheriting the error log handle.
2146
| - fix "Expected </Foo>> but saw </Foo>" errors in nested,
2147
| argumentless containers.
2148
| - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
2149
| instead of mmn.
2150
| - Add Polish translation of error messages. PR 25101.
2151
| - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query.
2152
| - Fix htdbm to generate comment fields in DBM files correctly.
2153
| - Correct UseCanonicalName Off to properly check incoming port number.
2154
| - Fix slow graceful restarts with prefork MPM.
2155
| - Keep focus of ITERATE and ITERATE2 on the current module when
2156
| the module chooses to return DECLINE_CMD for the directive.
2157
| PR 22299.
2158
| - Build array of allowed methods with proper dimensions, fixing
2159
| possible memory corruption.
2160
| - worker MPM: fix stack overlay bug that could cause the parent
2161
| process to crash.
2162
| - Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
2163
| - Fix build with parallel make. PR 24643.
2164
| - Add fatal exception hook for use by diagnostic modules. The hook
2165
| is only available if the --enable-exception-hook configure parm
2166
| is used and the EnableExceptionHook directive has been set to
2167
| "on".
2168
| - Improve 'configure --help' output for some modules.
2169
- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is
2170
fixed)
2171
- disable automatic restarts, because they do not work properly
2172
[#35408]
2173
- change MMN to prevent loading of incompatible modules (modules
2174
that are not built with `apxs -q CFLAGS` and therefore miss
2175
_FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in
2176
addition.
2177
- use CPPFLAGS for passing preprocessor flags because they are
2178
removed from CFLAGS
2179
- Stop dropping connections when the file descriptor
2180
is at least FD_SETSIZE. This isn't a problem on Linux because
2181
poll() is used instead of select() by APR. Assert HAVE_POLL.
2182
[#34178]
2183
- add modifications to the code to the NOTICE file as required by
2184
the new license
2185
2186
-------------------------------------------------------------------
2187
Fri Feb 27 17:42:24 CET 2004 - poeml@suse.de
2188
2189
- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware
2190
crypto accelerators
2191
- compile with -DMAX_SERVER_LIMIT=200000
2192
- if an SSL passphrase is not entered within the timeout, fall back
2193
to start apache without SSL (with -D NOSSL). This could/should be
2194
made configurable.
2195
- clean up output of SuSEconfig.apache2
2196
- add pre-defined LogFormat "vhost_combined"
2197
- configure /var/lib/apache2 for WebDAV locks
2198
- add a readme about configuring WebDAV with digest authentication
2199
- add default configuration for mod_usertrack (this is the current
2200
workaround for the problem in the 1.3.29/2.0.48 release that
2201
occurs if no CookieName is configured)
2202
- in vhost.template, enclose all virtual host configuration in the
2203
VirtualHost container
2204
- update metuxmpm patch to r7
2205
- fix test run as non-root
2206
2207
-------------------------------------------------------------------
2208
Tue Jan 13 16:38:05 CET 2004 - schwab@suse.de
2209
2210
- Fix quoting in autoconf macros.
2211
2212
-------------------------------------------------------------------
2213
Sat Dec 13 17:28:48 CET 2003 - poeml@suse.de
2214
2215
- add changes to gensslcert from Volker Kuhlmann [#31803]
2216
- revert default character set from UTF-8 to ISO-8859-1, and revert
2217
the misleading comment that talked about filenames while it is
2218
all about content of the files
2219
2220
-------------------------------------------------------------------
2221
Tue Nov 18 14:14:39 CET 2003 - poeml@suse.de
2222
2223
- add a ServerLimit directive to server-tuning.conf, so it's
2224
already in the right place if someone needs to tweak it [#32852]
2225
2226
-------------------------------------------------------------------
2227
Fri Nov 7 13:00:07 CET 2003 - poeml@suse.de
2228
2229
- mark apache2-manual.conf in %files doc as %config
2230
- wrap directives specific to the mod_negotiation module into an
2231
<IfModule> block [#32848]
2232
2233
-------------------------------------------------------------------
2234
Thu Oct 30 11:41:19 CET 2003 - poeml@suse.de
2235
2236
- update to 2.0.48. Relevant / user visible changes are:
2237
Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX
2238
socket used to communicate with the cgid daemon and the CGI
2239
script.
2240
Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and
2241
mod_rewrite which occurred if one configured a regular
2242
expression with more than 9 captures.
2243
mod_rewrite:
2244
- Don't die silently when failing to open RewriteLogs. PR 23416
2245
- Fix support of the [P] option to send rewritten request using
2246
"proxy:". The code was adding multiple "proxy:" fields in the
2247
rewritten URI. PR: 13946.
2248
- Ignore RewriteRules in .htaccess files if the directory
2249
containing the .htaccess file is requested without a trailing
2250
slash. PR 20195.
2251
mod_include:
2252
- Fix a trio of bugs that would cause various unusual sequences
2253
of parsed bytes to omit portions of the output stream. PR 21095
2254
- fix segfault which occured if the filename was not set, for
2255
example, when processing some error conditions.
2256
mod_cgid: fix a hash table corruption problem which could
2257
result in the wrong script being cleaned up at the end of a
2258
request.
2259
mod_ssl: Fix segfaults after renegotiation failure. PR 21370
2260
- Fix a problem setting variables that represent the client
2261
certificate chain. PR 21371
2262
- Fix FakeBasicAuth for subrequest. Log an error when an
2263
identity spoof is encountered.
2264
- Assure that we block properly when reading input bodies with
2265
SSL. PR 19242.
2266
mod_autoindex: If a directory contains a file listed in the
2267
DirectoryIndex directive, the folder icon is no longer replaced
2268
by the icon of that file. PR 9587.
2269
mod_usertrack: do not get false positive matches on the
2270
user-tracking cookie's name. PR 16661.
2271
mod_cache:
2272
- Fix the cache code so that responses can be cached if they
2273
have an Expires header but no Etag or Last-Modified headers.
2274
PR 23130. cache_util: Fix ap_check_cache_freshness to check
2275
max_age, smax_age, and expires as directed in RFC 2616.
2276
mod_deflate:
2277
- fix to not call deflate() without checking first whether it
2278
has something to deflate. (Currently this causes deflate to
2279
generate a fatal error according to the zlib spec.) PR 22259.
2280
- Don't attempt to hold all of the response until we're done.
2281
- Fix a bug, where mod_deflate sometimes unconditionally
2282
compressed the content if the Accept-Encoding header
2283
contained only other tokens than "gzip" (such as "deflate").
2284
PR 21523.
2285
mod_proxy: Don't respect the Server header field as set by
2286
modules and CGIs. As with 1.3, for proxy requests any such
2287
field is from the origin server; otherwise it will have our
2288
server info as controlled by the ServerTokens directive.
2289
mod_log_config: Fix %b log format to write really "-" when 0
2290
bytes were sent (e.g. with 304 or 204 response codes).
2291
mod_ext_filter: Set additional environment variables for use by
2292
the external filter. PR 20944.
2293
core:
2294
- allow <Foo>..</Foo> containers (no arguments in the opening
2295
tag), as in 1.3. Needed by mod_perl <Perl> sections
2296
- Fix a misleading message from the some of the threaded MPMs
2297
when MaxClients has to be lowered due to the setting of
2298
ServerLimit.
2299
- Avoid an infinite recursion, which occured if the name of an
2300
included config file or directory contained a wildcard
2301
character. PR 22194.
2302
- MPMs: The bucket brigades subsystem now honors the MaxMemFree
2303
setting.
2304
- Lower the severity of the "listener thread didn't exit"
2305
message to debug, as it is of interest only to developers.
2306
miscellaneous:
2307
- Update the header token parsing code to allow LWS between the
2308
token word and the ':' seperator. [PR 16520]
2309
- Remember an authenticated user during internal redirects if
2310
the redirection target is not access protected and pass it to
2311
scripts using the REDIRECT_REMOTE_USER environment variable.
2312
PR 10678, 11602.
2313
- Update mime.types to include latest IANA and W3C types.
2314
- Modify ap_get_client_block() to note if it has seen EOS.
2315
ab:
2316
- Overlong credentials given via command line no longer clobber
2317
the buffer.
2318
- Work over non-loopback on Unix again. PR 21495.
2319
- Fix NULL-pointer issue in ab when parsing an incomplete or
2320
non-HTTP response. PR 21085.
2321
- add another example to apache2-listen.conf
2322
- update apache2-mod_mime-defaults.conf according to 2.0.48 changes
2323
(be clearer in describing the connection between AddType and
2324
AddEncoding for defining the meaning of compressed file
2325
extensions.)
2326
- use a better example domain name in apache2-vhost-ssl.template
2327
- the "define version_perl" was nowhere needed
2328
2329
-------------------------------------------------------------------
2330
Mon Sep 22 17:49:40 CEST 2003 - mls@suse.de
2331
2332
- don't provide httpddoc in apache2-doc
2333
2334
-------------------------------------------------------------------
2335
Thu Sep 18 18:48:33 CEST 2003 - poeml@suse.de
2336
2337
- add mod_php4 to the default list of APACHE_MODULES, and change
2338
get_module_list to ignore non-existant modules (warnings will
2339
be issued when it is run from SuSEconfig, but not from the init
2340
script). How to enable the PHP4 module has been the most
2341
frequently asked questions in user feedback [cf to #29735].
2342
This bug is tracked in [#31306]
2343
- include conf.d/*.conf by default, as it was the case until
2344
recently. User feedback showed that for many people the
2345
separation of configuration includes into individual virtual
2346
hosts is overkill, and it complicates the setup too much. More
2347
finegrained control can be achieved by commenting out the
2348
respective line in the default server config. [#30866], [#29735]
2349
- remove the FIXME at the end of httpd.conf (obsoleted by the above
2350
change), and place a strategical comment there about .local files
2351
- add <IfDefine SSL> container around configuration in ssl template
2352
2353
-------------------------------------------------------------------
2354
Tue Sep 9 12:50:47 CEST 2003 - poeml@suse.de
2355
2356
- change comment in sysconfig template to work around a fillup bug
2357
[#30279]
2358
2359
-------------------------------------------------------------------
2360
Mon Sep 8 18:28:12 CEST 2003 - poeml@suse.de
2361
2362
- fix wrong variable name in a comment of the sysconfig template
2363
- update README.QUICKSTART
2364
- add README.QUICKSTART.SSL
2365
2366
-------------------------------------------------------------------
2367
Mon Sep 8 10:09:53 CEST 2003 - poeml@suse.de
2368
2369
- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template
2370
2371
-------------------------------------------------------------------
2372
Fri Sep 5 16:44:07 CEST 2003 - poeml@suse.de
2373
2374
- disallow UserDir for user root
2375
- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as
2376
they were set on SuSE Linux 8.1
2377
- add more documentation to README.QUICKSTART, also mentioning what
2378
might be too obvious: the document root [#29674]
2379
- in %post, diff to httpd.conf.default only when .rpmnew is present
2380
- improve message sent on update
2381
2382
-------------------------------------------------------------------
2383
Fri Aug 29 23:22:31 CEST 2003 - poeml@suse.de
2384
2385
- improve documentation on configuration
2386
- compile with -Wall
2387
- do not obsolete httpddoc, which is provided by apache-doc package
2388
from apache1
2389
- add conflict apache2-example-pages <-> apache-example-pages
2390
- fix building on older distros
2391
2392
-------------------------------------------------------------------
2393
Tue Aug 19 02:19:18 CEST 2003 - poeml@suse.de
2394
2395
- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me
2396
- don't force setting of a DocumentRoot, because the configuration
2397
of the default vhost already contains it
2398
- when testing on SL 8.0, the www group has to be created as well
2399
- when testing on even older systems, don't add buildroot to
2400
DocumentRoot in default-server.conf
2401
2402
-------------------------------------------------------------------
2403
Fri Aug 15 21:40:46 CEST 2003 - poeml@suse.de
2404
2405
- revamped configuration
2406
- add some CustomLog formats
2407
- AddDefaultCharset UTF-8 [#22427]
2408
- add activation metadata to sysconfig template [#28834]
2409
- default APACHE_MODULES: add mod_ssl, remove mod_status
2410
- new sysconfig variables: APACHE_USE_CANONICAL_NAME,
2411
APACHE_DOCUMENT_ROOT
2412
- get rid of the "suse_" prefix in generated config snippets, and
2413
place them below /etc/apache2/sysconfig.d/. On update, convert
2414
the Include statements in httpd.conf for the new locations
2415
- add /etc/apache2/vhosts.d and virtual host templates
2416
- the configuration for the manual is now seperate and installed
2417
together with apache2-doc (conf.d/apache2-manual.conf)
2418
- add distilled wisdom in form of README.QUICKSTART
2419
- change group of wwwrun user: nogroup -> www [#21782]
2420
- proxycachedir and localstatedir should not be world readable
2421
- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to
2422
configure the PidFile directive
2423
- add -fno-strict-aliasing, due to warnings about code where
2424
dereferencing type-punned pointers will break strict aliasing
2425
- clean the RPM_BUILD_ROOT, but not in the build system
2426
- new macros for stop/restart of services on rpm update/removal,
2427
and improved try-restart section in rc.apache2
2428
- get rid of "modules" subdir, and remove dead code from
2429
SuSEconfig.apache2
2430
- add some tools: get_includes, find_httpd2_includes,
2431
apache2-reconfigure-mpm
2432
- rename README.SuSE to README.{SuSE,UnitedLinux}
2433
- include directories in filelists of MPM subpackages
2434
- enclose package descriptions of MPMs in %ifdef
2435
- add a dependency of the MPM subpackages on the version of the
2436
main package
2437
- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff)
2438
2439
-------------------------------------------------------------------
2440
Mon Jul 28 18:23:28 CEST 2003 - poeml@suse.de
2441
2442
- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG,
2443
and remove the respective directives from httpd.conf.dist
2444
- merge the ssl.conf.dif and httpd.conf.dif into one patch
2445
2446
-------------------------------------------------------------------
2447
Sun Jul 27 12:22:29 CEST 2003 - poeml@suse.de
2448
2449
- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel
2450
supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES
2451
(which is unconditionally off, otherwise). Keep
2452
-D_LARGEFILE_SOURCE since some modules might need it.
2453
- make sure the package can be built as ordinary user
2454
- special case mod_auth_mysql since its module_id is reversed
2455
- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious)
2456
- don't explicitely strip binaries since RPM handles it, and may
2457
keep the stripped information somewhere
2458
- reformat the header of the spec file
2459
- allow to pass a number-of-jobs parameter into spec file via rpm
2460
--define 'jobs N'
2461
2462
-------------------------------------------------------------------
2463
Thu Jul 10 16:49:50 CEST 2003 - poeml@suse.de
2464
2465
- update to 2.0.47. relevant / user visible changes:
2466
Security [CAN-2003-0192]: Fixed a bug whereby certain sequences
2467
of per-directory renegotiations and the SSLCipherSuite
2468
directive being used to upgrade from a weak ciphersuite to a
2469
strong one could result in the weak ciphersuite being used in
2470
place of the strong one.
2471
Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing
2472
temporary denial of service when accept() on a rarely accessed
2473
port returns certain errors.
2474
Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
2475
of service when target host is IPv6 but proxy server can't
2476
create IPv6 socket. Fixed by the reporter.
2477
Security [VU#379828]: Prevent the server from crashing when entering
2478
infinite loops. The new LimitInternalRecursion directive
2479
configures limits of subsequent internal redirects and nested
2480
subrequests, after which the request will be aborted. PR 19753+
2481
core:
2482
core_output_filter: don't split the brigade after a FLUSH
2483
bucket if it's the last bucket. This prevents creating
2484
unneccessary empty brigades which may not be destroyed until
2485
the end of a keepalive connection.
2486
mod_cgid:
2487
Eliminate a double-close of a socket. This resolves various
2488
operational problems in a threaded MPM, since on the second
2489
attempt to close the socket, the same descriptor was often
2490
already in use by another thread for another purpose.
2491
mod_negotiation:
2492
Introduce "prefer-language" environment variable, which allows
2493
to influence the negotiation process on request basis to prefer
2494
a certain language.
2495
mod_expire:
2496
Make ExpiresByType directive work properly, including for
2497
dynamically-generated documents.
2498
- apr bugfixes
2499
- more fixes of deprecated head/tail -1 calls
2500
2501
-------------------------------------------------------------------
2502
Wed May 28 20:40:24 CEST 2003 - poeml@suse.de
2503
2504
- update to 2.0.46. relevant / user visible changes:
2505
Security [CAN-2003-0245]: Fixed a bug that could be triggered
2506
remotely through mod_dav
2507
Security [CAN-2003-0189]: Fixed a denial-of-service
2508
vulnerability affecting basic authentication
2509
Security: forward port of buffer overflow fixes for htdigest.
2510
mod_ssl:
2511
- SSL session caching(shmht) : Fix a SEGV problem with SHMHT
2512
session caching.
2513
mod_deflate:
2514
- Add another check for already compressed content
2515
- Check also err_headers_out for an already set
2516
Content-Encoding: gzip header. This prevents gzip compressed
2517
content from a CGI script from being compressed once more.
2518
mod_mime_magic:
2519
- If mod_mime_magic does not know the content-type, do not
2520
attempt to guess.
2521
mod_rewrite:
2522
- Fix handling of absolute URIs.
2523
mod_log_config:
2524
- Add the ability to log the id of the thread processing the
2525
request via new %P formats.
2526
mod_auth_ldap:
2527
- Use generic whitespace character class when parsing "require"
2528
directives, instead of literal spaces only.
2529
mod_proxy:
2530
- Fixed a segfault when multiple ProxyBlock directives were used.
2531
- Added AllowEncodedSlashes directive to permit control of
2532
whether the server will accept encoded slashes ('%2f') in the
2533
URI path. Default condition is off (the historical behaviour).
2534
- If Apache is started as root and you code CoreDumpDirectory,
2535
coredumps are enabled via the prctl() syscall.
2536
- htpasswd: Check the processed file on validity; add a delete flag.
2537
- httpd-2.0.45-libtool-1.5.dif is obsolete
2538
- mark suse_include.conf as %ghost
2539
- note the rebirth of the httpd and apachectl man pages (thanks to
2540
RPMv4 :)
2541
- let the module RPM packages only depend on the _major_ module
2542
magic number, not on the minor
2543
- fix some paths in config_vars.mk, which facilitates building of
2544
certain modules
2545
2546
-------------------------------------------------------------------
2547
Wed May 14 14:12:56 CEST 2003 - poeml@suse.de
2548
2549
- use mmap() via MAP_ANON as shared memory allocation method, to
2550
prevent restart problems with stale (or in use) files that are
2551
associated with shared memory
2552
- package forgotten files, and remove hack in %clean
2553
- remove files from the build root that are not packaged
2554
- remove suse_include.conf from filelist
2555
2556
-------------------------------------------------------------------
2557
Fri May 9 14:47:54 CEST 2003 - poeml@suse.de
2558
2559
- update to 2.0.45. relevant / user visible changes:
2560
Security: Eliminated leaks of several file descriptors to
2561
child processes, such as CGI scripts. This fix depends on the
2562
latest APR library release 0.9.2, which is distributed with the
2563
httpd source tarball for Apache 2.0.45. PR 17206
2564
Security [CAN-2003-0132]: Close a Denial of Service
2565
vulnerability identified by David Endler <DEndler@iDefense.com>
2566
on all platforms.
2567
General:
2568
- Fix segfault which occurred when a section in an included
2569
configuration file was not closed. PR 17093.
2570
- Fix a nasty segfault in mmap_bucket_setaside() caused by
2571
passing an incompatible pointer type to mmap_bucket_destroy(void*).
2572
- prevent filters (such as mod_deflate) from adding garbage to
2573
the response. PR 14451.
2574
- Simpler, faster code path for request header scanning
2575
- Try to log an error if a piped log program fails. Try to
2576
restart a piped log program in more failure situations.
2577
- Fix bug where 'Satisfy Any' without an AuthType lost all MIME
2578
information (and more). Related to PR 9076.
2579
- Fix If header parsing when a non-mod_dav lock token is passed to it.
2580
- Fix apxs to insert LoadModule directives only outside of
2581
sections.
2582
- apxs: Include any special APR ld flags when linking the DSO.
2583
suexec: Be more pedantic when cleaning environment. Clean it
2584
immediately after startup. PR 2790, 10449. Use saner default
2585
config values for suexec. PR 15713.
2586
mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
2587
be started on Unix because of such problems as bad permissions,
2588
bad shebang line, etc. Fix possible segfaults under obscure
2589
error conditions within the cgid daemon.
2590
mod_deflate:
2591
- you can now specify the compression level.
2592
- Extend the DeflateFilterNote directive to allow accurate
2593
logging of the filter's in- and outstream.
2594
- Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
2595
mod_ssl:
2596
Allow SSLMutex to select/use the full range of APR locking
2597
mechanisms available to it. Also, fix the bug that SSLMutex
2598
uses APR_LOCK_DEFAULT no matter what. PR 8122
2599
mod_autoindex no longer forgets output format and enabled version
2600
sort in linked column headers.
2601
mod_rewrite:
2602
- Prevent endless loops of internal redirects in mod_rewrite by
2603
aborting after exceeding a limit of internal redirects. The
2604
limit defaults to 10 and can be changed using the
2605
RewriteOptions directive. PR 17462.
2606
- Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
2607
(or SymlinksIfOwnermatch) is set. PR 12395.
2608
mod_ldap:
2609
- Updated mod_ldap and mod_auth_ldap to support the Novell LDAP
2610
SDK SSL and standardized the LDAP SSL support across the
2611
various LDAP SDKs. Isolated the SSL functionality to
2612
mod_ldap rather than speading it across mod_auth_ldap and
2613
mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType
2614
directives to mod_ldap to allow for a more common method of
2615
specifying the SSL certificate.
2616
- fix fault when caching was disabled, and some memory leaks
2617
- Fix mod_ldap to open an existing shared memory file should
2618
one already exist. PR 12757.
2619
- Added character set support to mod_auth_LDAP to allow it to
2620
convert extended characters used in the user ID to UTF-8
2621
before authenticating against the LDAP directory. The new
2622
directive AuthLDAPCharsetConfig is used to specify the config
2623
file that contains the character set conversion table.
2624
mod_ssl:
2625
- Fixed mod_ssl's SSLCertificateChain initialization to no
2626
longer skip the first cert of the chain by default. This
2627
misbehavior was introduced in 2.0.34. PR 14560
2628
- Fix 64-bit problem in mod_ssl input logic.
2629
mod_proxy:
2630
- Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
2631
mod_rewrite proxied URLs will not be escaped accidentally by
2632
mod_proxy's fixup. PR 16368
2633
- Don't remove the Content-Length from responses in mod_proxy PR: 8677
2634
mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
2635
not specified. Now it assumes "/" as already documented. PR 16937.
2636
mod_file_cache: fix segfaults
2637
- improve the start/restart section of the init script, and add a
2638
ssl_scache_cleanup script
2639
- understand a syntax like -DSTATUS, as described in the sysconfig
2640
file help text (bug noted in #25404]
2641
- don't package the *.exp files, as they are needed only on AIX
2642
- fix filelist for usage of %dir for files
2643
- fix the cosmetical but irritating "Inappropriate ioctl for
2644
device" error message, when rcapache2 is called from within YaST
2645
- remove the unused /etc/apache2/modules directory from the package
2646
- remove the now unused --enable-experimental-libtool
2647
- fix to build with libtool-1.5
2648
2649
-------------------------------------------------------------------
2650
Wed Apr 9 02:00:20 CEST 2003 - ro@suse.de
2651
2652
- fix deprecated head/tail call syntax "-1"
2653
2654
-------------------------------------------------------------------
2655
Mon Mar 17 11:59:36 CET 2003 - kukuk@suse.de
2656
2657
- Remove suse_help_viewer from provides [Bug #25436]
2658
2659
-------------------------------------------------------------------
2660
Thu Mar 13 12:54:59 CET 2003 - poeml@suse.de
2661
2662
- security fix: do not write the startup log file to a world
2663
writable directory, reversing the change of Jan 23 (wasn't in any
2664
released package) [#25239]
2665
2666
-------------------------------------------------------------------
2667
Mon Mar 10 17:36:00 CET 2003 - poeml@suse.de
2668
2669
- change permissions of /var/log/apache2 from wwwrun:root mode 770
2670
to root:root mode 750 [#24951]
2671
- fix wrong list() in sysconfig.apache2 [#24719], and add a missing
2672
default value
2673
2674
-------------------------------------------------------------------
2675
Mon Mar 3 17:41:56 CET 2003 - kukuk@suse.de
2676
2677
- Remove ghost entry for pid file [Bug #24566]
2678
2679
-------------------------------------------------------------------
2680
Thu Feb 27 14:43:01 CET 2003 - poeml@suse.de
2681
2682
- use the official MIME types, which are more complete [#23988]
2683
2684
-------------------------------------------------------------------
2685
Mon Feb 24 18:17:02 CET 2003 - poeml@suse.de
2686
2687
- don't include log files into the package, and don't touch them in
2688
%post; it's not needed
2689
- fix comment in httpd.conf talking about SuSEconfig
2690
- adjust some variable types in the sysconfig template
2691
2692
-------------------------------------------------------------------
2693
Tue Feb 18 11:39:18 CET 2003 - poeml@suse.de
2694
2695
- apache2 Makefiles do support DESTDIR now, so let's use that
2696
instead of the explicit paths (fixes a wrong path in
2697
config_vars.mk [#23699]). Some files (*.exp, libapr*) are
2698
automatically installed in the right location now.
2699
2700
-------------------------------------------------------------------
2701
Fri Feb 14 16:39:40 CET 2003 - poeml@suse.de
2702
2703
- fix configuration script to find apache modules on 64 bit archs
2704
- mark ssl.conf (noreplace)
2705
2706
-------------------------------------------------------------------
2707
Mon Feb 10 18:35:15 CET 2003 - poeml@suse.de
2708
2709
- add mod_ldap, mod_auth_ldap, but link only them against the LDAP
2710
libs. Likewise, do not link everything against ssl libs. This way
2711
we can avoid RPM package (and build) requirements on a lot of
2712
libs for subversion and other packages that build on apache.
2713
- move more code from SuSEconfig into rcapache2 (actually into
2714
support scripts below /usr/share/apache2/, so apache2 can be
2715
configured without starting it)
2716
- improve full-server-status once again
2717
- remove suse_loadmodule.conf from filelist
2718
- remove obsolete README.modules
2719
- rename LOADMODULES -> APACHE_MODULES
2720
- add APACHE_BUFFERED_LOGS
2721
- update README.SuSE
2722
2723
-------------------------------------------------------------------
2724
Tue Jan 28 13:32:04 CET 2003 - poeml@suse.de
2725
2726
- rc.apache2
2727
- add extreme-configtest (trying to run server as nobody, which
2728
detects _all_ config errors)
2729
- evaluate LOADMODULES from sysconfig.apache2 on-the-fly from
2730
rcapache2 instead of SuSEconfig
2731
- when restarting, do something useful instead of 'sleep 3': wait
2732
just as long until the server has terminated all children
2733
2734
-------------------------------------------------------------------
2735
Sun Jan 26 21:27:31 CET 2003 - poeml@suse.de
2736
2737
- build mod_logio, mod_case_filter, mod_case_filter_in
2738
- rename apr subpackage to libapr0 (the library is called libapr-0
2739
meanwhile). add compatibility links named (libapr{,util}.so.0)
2740
- configure SSL session caching with shm circular buffer
2741
SSLSessionCache shm:/var/lib/httpd/ssl_scache
2742
SSLSessionCacheTimeout 600
2743
SSLMutex sem
2744
- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing
2745
- strip objects
2746
- rename gensslcert2 to gensslcert
2747
- show a list all available modules in /etc/sysconfig/apache2
2748
- nicer output of apache2ctl
2749
- reorder Requires
2750
2751
-------------------------------------------------------------------
2752
Thu Jan 23 12:05:59 CET 2003 - poeml@suse.de
2753
2754
- update to 2.0.44
2755
- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif
2756
- the apachectl and httpd man pages have been dropped upstreams
2757
- add robots.txt to the example-pages subpackage that blocks spiders
2758
- disable the perchild MPM
2759
- disable httpd-2.0.36-64bit.dif
2760
- rename apachectl2 to apache2ctl
2761
- write the startup log to /var/tmp instead of /var/log/apache2
2762
2763
-------------------------------------------------------------------
2764
Sun Jan 12 22:52:50 CET 2003 - poeml@suse.de
2765
2766
- fix last fix (rpm macro before hash wasn't expanded)
2767
2768
-------------------------------------------------------------------
2769
Fri Jan 10 02:35:58 CET 2003 - poeml@suse.de
2770
2771
- fix lib64 path in SuSEconfig
2772
2773
-------------------------------------------------------------------
2774
Fri Jan 3 23:01:14 CET 2003 - poeml@suse.de
2775
2776
- fix typo in spec file, preventing replacement of @userdir@ in
2777
httpd.conf-std.in
2778
2779
-------------------------------------------------------------------
2780
Wed Dec 18 15:11:53 CET 2002 - poeml@suse.de
2781
2782
- sysconfig.apache2:
2783
- add APACHE_SERVER_FLAGS variable
2784
- change default: APACHE_SERVERSIGNATURE=on to match apache deflt
2785
- add APACHE_CONF_INCLUDE_DIRS
2786
- drop bogus APACHE_ACCESS_SERVERINFO variable
2787
- adapt to our new sysconfig template
2788
- SuSEconfig.apache2:
2789
- understand LOADMODULES also if it is not an array [#21816]
2790
- be very flexible with regard to LOADMODULE input (e.g., say
2791
mod_php4 and it will find libphp4.so with ID php4_module)
2792
- also ignore *,v files
2793
- include APACHE_CONF_INCLUDE_DIRS
2794
- dump some files: suse_define.conf (not needed) & suse_text.conf
2795
(too much overhead)
2796
- rc.apache2:
2797
- implement most of apachectl's commands (graceful, configtest)
2798
- use server_flags from sysconfig.apache2
2799
- pass server flags like -DSTATUS from the command line through
2800
to httpd2
2801
- add commmands to show the server status
2802
- don't quit silently when no apache MPM is installed
2803
- handle ServerSignature and other stuff on the command line
2804
(save modifications to httpd.conf)
2805
- fix the /manual Alias that points to the documentation
2806
- configure /cgi-bin for cgi execution
2807
- configure /home/*/public_html for mod_userdir -- if it is loaded
2808
- configure internationalized error responses
2809
- fix apachectl2
2810
- add /etc/apache2/{,modules} to the filelist
2811
- add /etc/apache2/conf.d as drop-in directory for packages
2812
- hard code some more default paths into the executable
2813
- finally, run a test!
2814
2815
-------------------------------------------------------------------
2816
Thu Dec 5 13:55:06 CET 2002 - poeml@suse.de
2817
2818
- move ap{r,u}-config* into the apr package, as well
2819
- add generic ap{r,u}-config
2820
- add %includedir to filelist
2821
2822
-------------------------------------------------------------------
2823
Thu Dec 5 00:26:22 CET 2002 - poeml@suse.de
2824
2825
- more checks and warnings to SuSEconfig.apache2
2826
- shift APR files into the the apr package
2827
- try 1.136 revision of perchild.c
2828
2829
-------------------------------------------------------------------
2830
Tue Dec 3 16:27:35 CET 2002 - poeml@suse.de
2831
2832
- add forgotten ssl.conf to the filelist (thanks, Robert)
2833
- add httpd-2.0.43-mod_ssl-memory-leak.dif
2834
2835
-------------------------------------------------------------------
2836
Mon Oct 14 19:34:38 CEST 2002 - poeml@suse.de
2837
2838
- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE:
2839
CAN-2002-0840)
2840
2841
-------------------------------------------------------------------
2842
Mon Oct 7 09:39:45 CEST 2002 - poeml@suse.de
2843
2844
- do not append a '2' suffix to the scripts included with the
2845
documentation
2846
- move error, icons and manual dir to /usr/share/apache2
2847
- fix nested array in SuSEconfig.apache2
2848
- let SuSEconfig pick one MPM that is installed. Do not default to
2849
"worker". [#20724]
2850
2851
-------------------------------------------------------------------
2852
Thu Oct 3 14:50:20 CEST 2002 - poeml@suse.de
2853
2854
- update to 2.0.42 (primarily a bug-fix release, including updates
2855
to the experimental caching module, the removal of several memory
2856
leaks, and fixes for several segfaults, one of which could have
2857
been used as a denial-of-service against mod_dav (VU#406121).)
2858
- increase flexibility of the spec file: build any set of MPMs,
2859
depending on RPM %defines. Improve the mechanism that merges the
2860
modules so it works with any number of MPMs.
2861
- use a "Server:" header that fits the product apache is built for
2862
- add an RPM dependency on the module magic number to the MPM
2863
subpackages
2864
- build the "leader/follower" MPM. On i686, enable nonportable but
2865
faster atomics for it.
2866
- use filelists for more flexibility. APRVARS ceased to exist.
2867
Don't add README* twice.
2868
- perchild: use AcceptMutex fcntl to prevent permission conflict as
2869
suggested in Apache Bugzilla #7921
2870
- remove mod_rewrite and mod_proxy from the default modules
2871
- build the mod_auth_digest module
2872
2873
-------------------------------------------------------------------
2874
Mon Sep 9 15:30:34 CEST 2002 - poeml@suse.de
2875
2876
- add patch that changes PLATFORM (as seen in the HTTP Server
2877
header) from "Unix" to "SuSE/Linux" [#18543]
2878
- add README.SuSE, explaining how to build modules with apxs2
2879
- fixed some paths in README.modules, put it into docdir and mark
2880
it as %doc
2881
2882
-------------------------------------------------------------------
2883
Wed Aug 28 16:39:59 CEST 2002 - poeml@suse.de
2884
2885
- new package, now building all three MPMs and putting all specific
2886
modules in specific directories. Branch a subpackage for each
2887
MPM, containing the server and MPM-specific modules.
2888
- branch apr package off, so apache2 doesn't need to be installed
2889
to have the libs. (apr is not released yet, that's why we build
2890
it here)
2891
- allow coexistence of apache1 by using directories named apache2
2892
or suffixed with "2"
2893
- allow building modules via apxs2 (for all server MPMs) --- or via
2894
apxs2-{worker,perchild,prefork} for a specific server MPM
2895
- add permissions.apache2 setting /usr/sbin/suexec2 to 4755
2896
- rewrite SuSEconfig.apache2 for apache 2.
2897
- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in
2898
mod_proxy when given an invalid URL
2899
- branch apache2-example-pages off (docroot contents)
2900
2901
-------------------------------------------------------------------
2902
Mon Aug 19 16:43:37 CEST 2002 - poeml@suse.de
2903
2904
- actually use the new SuSE81 layout, and add SuSE81_64 layout
2905
- cleaned up httpd-2.0.36-conf.dif
2906
- fixed comment in SuSEconfig.apache
2907
- drop SuSEconfig subpackage
2908
- split main package and -devel package in three packages, one for
2909
each MPM...
2910
apache2 -> apache2-{worker,perchild,prefork}
2911
apache2-devel -> apache2-{worker,perchild,prefork}-devel
2912
2913
-------------------------------------------------------------------
2914
Mon Aug 12 17:47:08 CEST 2002 - poeml@suse.de
2915
2916
- bugfix update to 2.0.40
2917
- fix Requires of -devel subpackage
2918
- add variable to sysconfig.apache to switch off SuSEconfig.apache
2919
- add new layout SUSE81 to config.layout due to the moved server
2920
root (so the old SuSE6.1 can be kept for building on older
2921
distributions)
2922
- one of the lib64 path fixes could be removed, now included
2923
upstream
2924
2925
-------------------------------------------------------------------
2926
Wed Aug 7 18:47:33 CEST 2002 - poeml@suse.de
2927
2928
- put PreReq in an if-statement to allow building on older distris
2929
- relax the Requires
2930
- the apache_mmn macro had to be moved down in the spec file to be
2931
evaluated
2932
- libmm is not needed for building (and it is not threadsafe)
2933
- fix config.layout for the moved server root
2934
2935
-------------------------------------------------------------------
2936
Fri Aug 2 23:44:31 CEST 2002 - poeml@suse.de
2937
2938
- fix libdir in config.layout for lib64
2939
2940
-------------------------------------------------------------------
2941
Fri Aug 2 12:22:33 CEST 2002 - poeml@suse.de
2942
2943
- fix RPM Requires
2944
2945
-------------------------------------------------------------------
2946
Thu Aug 1 17:50:53 CEST 2002 - poeml@suse.de
2947
2948
- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www
2949
- drop obsolete README.SuSE
2950
2951
-------------------------------------------------------------------
2952
Thu Aug 1 01:01:32 CEST 2002 - poeml@suse.de
2953
2954
- spec file: use PreReq
2955
- don't delete SuSEconfig's md5 files in %post, that's no good
2956
- add apache.logrotate
2957
- provide the magic module number as executable script
2958
(/usr/lib/apache/MMN) and as RPM Provides, indicating API changes
2959
- mark httpd.conf noreplace
2960
- fix installbuilddir in config.layout, needed for apxs
2961
2962
-------------------------------------------------------------------
2963
Sun Jul 14 15:27:24 CEST 2002 - poeml@suse.de
2964
2965
- update to 2.0.39
2966
- drop obsolete moduledir and apxs patches
2967
- rc.apache INIT section: use X-UnitedLinux-Should-Start
2968
2969
-------------------------------------------------------------------
2970
Wed Jul 3 01:53:35 CEST 2002 - ro@suse.de
2971
2972
- rename to "apache2" again
2973
2974
-------------------------------------------------------------------
2975
Tue Jun 11 17:02:47 CEST 2002 - ro@suse.de
2976
2977
- get apxs to work:
2978
include needed files in devel package
2979
adapt some pathes in apxs
2980
2981
-------------------------------------------------------------------
2982
Wed May 29 18:16:00 CEST 2002 - poeml@suse.de
2983
2984
- update to 2.0.36
2985
- drop mod_ssl subpackage; mod_ssl is part of the apache bsae
2986
distribution now
2987
- RPM can be built as user now
2988
- SuSEconfig.apache: understand relative and absolute pathnames
2989
- disable experimental auth_digest_module
2990
2991