Logoj0ke.net Open Build Service > Projects > Apache > apache2 > apache2.changes
Sign Up | Log In

File apache2.changes of Package apache2 (Revision 62)

Currently displaying revision 62, show latest

 
1
-------------------------------------------------------------------
2
Thu Jun 16 09:39:58 UTC 2011 - cs@linux-administrator.com
3
4
- update to release 2.2.19 
5
6
-------------------------------------------------------------------
7
Wed Feb  9 20:08:55 UTC 2011 - cs@linux-administrator.com
8
9
- update to release 2.2.17 
10
11
-------------------------------------------------------------------
12
Fri Oct  8 09:03:49 UTC 2010 - cs@linux-administrator.com
13
14
- update to release 2.2.16 
15
16
-------------------------------------------------------------------
17
Tue Apr 09 10:58:00 CET 2010 - cs@linux-administrator.com
18
19
- update to release 2.2.15
20
21
-------------------------------------------------------------------
22
Thu Dec 03 17:25:00 CET 2009 - cs@linux-administrator.com
23
24
- update to release 2.2.14
25
26
-------------------------------------------------------------------
27
Fri Nov 21 12:01:00 CET 2008 - skh@suse.de
28
29
- apache2-server-tuning.conf:
30
  Enclose module-specific configuration in IfModule tags [bnc#440584]
31
32
-------------------------------------------------------------------
33
Fri Nov 14 09:40:05 CET 2008 - poeml@suse.de
34
35
- apply Dirks fix for [bnc#444878], making the packaging of per-mpm
36
  modules more deterministic. They'll reliably put into the
37
  subpackage or main package now, which varied in a ping-pong way
38
  from build to build in the past.
39
40
-------------------------------------------------------------------
41
Wed Oct 29 18:38:17 CET 2008 - poeml@suse.de
42
43
- update year of copyright in rc.apache2
44
45
-------------------------------------------------------------------
46
Wed Oct 29 00:13:58 CET 2008 - poeml@suse.de
47
48
- update to 2.2.10:
49
  SECURITY: CVE-2008-2939 (cve.mitre.org)
50
     mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
51
     the FTP URL. Discovered by Marc Bevand of Rapid7. 
52
  core:
53
   - Support chroot on Unix-family platforms. PR 43596 
54
  mod_authn_alias: 
55
   - Detect during startup when AuthDigestProvider is configured to
56
     use an incompatible provider via AuthnProviderAlias.  PR 45196 
57
  mod_cgid: 
58
   - Pass along empty command line arguments from an ISINDEX query
59
     that has consecutive '+' characters in the QUERY_STRING,
60
     matching the behavior of mod_cgi.
61
  mod_charset_lite: 
62
   - Avoid dropping error responses by handling meta buckets
63
     correctly. PR 45687 
64
  mod_dav_fs: 
65
   - Retrieve minimal system information about directory entries
66
     when walking a DAV fs, resolving a performance degradation on
67
     Windows.  PR 45464.  
68
  mod_headers: 
69
   - Prevent Header edit from processing only the first header of
70
     possibly multiple headers with the same name and deleting the
71
     remaining ones. PR 45333.  
72
  mod_proxy:
73
   - Allow for smax to be 0 for balancer members so that all idle
74
     connections are able to be dropped should they exceed ttl. PR 43371 
75
   - Add 'scolonpathdelim' parameter to allow for ';' to also be
76
     used as a session path separator/delim  PR 45158. 
77
   - Add connectiontimeout parameter for proxy workers in order to
78
     be able to set the timeout for connecting to the backend separately.
79
     PR 45445. 
80
  mod_proxy_http: 
81
   - Don't trigger a retry by the client if a failure to
82
     read the response line was the result of a timeout.
83
   - Introduce environment variable proxy-initial-not-pooled to
84
     avoid reusing pooled connections if the client connection is an initial
85
     connection. PR 37770. 
86
   - Do not forward requests with 'Expect: 100-continue' to
87
     known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
88
  mod_proxy_balancer: 
89
   - Move nonce field in the balancer manager page inside
90
     the html form where it belongs. PR 45578. 
91
   - Add 'bybusyness' load balance method.
92
  mod_rewrite: 
93
   - Allow Cookie option to set secure and HttpOnly flags.  PR 44799 
94
   - Preserve the query string when [proxy,noescape]. PR 45247.
95
  mod_ssl: 
96
   - implement dynamic mutex callbacks for the benefit of OpenSSL.  
97
   - Rewrite shmcb to avoid memory alignment issues.  PR 42101.
98
- drop obsolete patch httpd-2.2.x-CVE-2008-2939.patch
99
100
-------------------------------------------------------------------
101
Fri Oct 24 13:23:41 CEST 2008 - skh@suse.de
102
103
- apache2.firewall, apache2.ssl-firewall
104
  Use unique name tags "HTTP Server" and "HTTPS Server" in for
105
  SuSEFirewall2 configuration [bnc#414962]
106
107
-------------------------------------------------------------------
108
Fri Sep 19 16:18:39 CEST 2008 - skh@suse.de
109
110
- add httpd-2.x.x-logresolve.patch again [bnc#210904]
111
- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]:
112
  mod_proxy_ftp: Prevent XSS attacks when using wildcards in
113
  the path of the FTP URL. Discovered by Marc Bevand of Rapid7. 
114
  [Ruediger Pluem]
115
116
-------------------------------------------------------------------
117
Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de
118
119
- drop rc.config handling (was removed in or after SuSE Linux 8.0)
120
- don't use fillup_insserv options which have been removed lately
121
122
-------------------------------------------------------------------
123
Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de
124
125
- fix init script LSB headers
126
127
-------------------------------------------------------------------
128
Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de
129
130
- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about
131
  how to set ulimits when starting the server
132
- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the
133
  sysconfig template. They still work but I think it is good to
134
  keep this stuff out of the beginner's config, first because both
135
  features are sophisticated enough to not being tweaked in most
136
  cases, second because it only confuses people I guess, and makes
137
  the sysconfig file larger than necessary.
138
139
-------------------------------------------------------------------
140
Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de
141
142
- update to 2.2.9:
143
  SECURITY: CVE-2008-2364 (cve.mitre.org)
144
     mod_proxy_http: Better handling of excessive interim responses
145
     from origin server to prevent potential denial of service and
146
     high memory usage. Reported by Ryujiro Shibuya. 
147
  SECURITY: CVE-2007-6420 (cve.mitre.org)
148
     mod_proxy_balancer: Prevent CSRF attacks against the
149
     balancer-manager interface.  
150
   - htpasswd: Fix salt generation weakness. PR 31440
151
  worker/event MPM:
152
   - Fix race condition in pool recycling that leads to
153
     segmentation faults under load.  PR 44402
154
  core:
155
   - Fix address-in-use startup failure on some platforms caused by
156
     creating an IPv4 listener which overlaps with an existing IPv6
157
     listener.  
158
   - Add the filename of the configuration file to the warning
159
     message about the useless use of AllowOverride. PR 39992.
160
   - Do not allow Options ALL if not all options are allowed to be
161
     overwritten. PR 44262 
162
   - reinstate location walk to fix config for subrequests PR 41960 
163
   - Fix garbled TRACE response on EBCDIC platforms.
164
   - gen_test_char: add double-quote to the list of
165
     T_HTTP_TOKEN_STOP.  PR 9727 
166
  http_filters:
167
   - Don't return 100-continue on redirects. PR 43711
168
   - Don't return 100-continue on client error PR 43711 
169
   - Don't spin if get an error when reading the next chunk. PR 44381 
170
   - Don't add bogus duplicate Content-Language entries
171
  suexec:
172
   - When group is given as a numeric gid, validate it by looking up
173
     the actual group name such that the name can be used in log entries.
174
     PR 7862 
175
  mod_authn_dbd:
176
   - Disambiguate and tidy database authentication error messages.  PR 43210.  
177
  mod_cache:
178
   - Handle If-Range correctly if the cached resource was stale.  PR 44579 
179
   - Revalidate cache entities which have Cache-Control: no-cache
180
     set in their response headers. PR 44511 
181
  mod_cgid:
182
   - Explicitly set permissions of the socket (ScriptSock) shared
183
     by mod_cgid and request processing threads, for OS'es such as
184
     HPUX and AIX that do not use umask for AF_UNIX socket permissions.
185
   - Don't try to restart the daemon if it fails to initialize the socket.  
186
  mod_charset_lite:
187
   - Add TranslateAllMimeTypes sub-option to CharsetOptions,
188
     allowing the administrator to skip the mimetype checking that
189
     precedes translation.
190
  mod_dav:
191
   - Return "method not allowed" if the destination URI of a WebDAV
192
     copy / move operation is no DAV resource. PR 44734 
193
  mod_headers:
194
   - Add 'merge' option to avoid duplicate values within the same header. 
195
  mod_include:
196
   - Correctly handle SSI directives split over multiple filter
197
  mod_log_config:
198
   - Add format options for %p so that the actual local or remote
199
     port can be logged.  PR 43415.  
200
  mod_logio:
201
   - Provide optional function to allow modules to adjust the 
202
     bytes_in count
203
  mod_proxy:
204
   - Make all proxy modules nocanon aware and do not add the
205
     query string again in this case. PR 44803.
206
   - scoreboard: Remove unused proxy load balancer elements from scoreboard
207
     image (not scoreboard memory itself).  
208
   - Support environment variable interpolation in reverse
209
     proxying directives. 
210
   - Do not try a direct connection if the connection via a
211
     remote proxy failed before and the request has a request body.
212
   - ProxyPassReverse is now balancer aware. 
213
   - Lower memory consumption for short lived connections.
214
     PR 44026. 
215
   - Keep connections to the backend persistent in the HTTPS case.
216
  mod_proxy_ajp:
217
   - Do not retry request in the case that we either failed to
218
     sent a part of the request body or if the request is not idempotent.
219
     PR 44334 
220
  mod_proxy_ftp:
221
   - Fix base for directory listings.  PR 27834 
222
  mod_proxy_http:
223
   - Fix processing of chunked responses if Connection:
224
     Transfer-Encoding is set in the response of the proxied
225
     system. PR 44311 
226
   - Return HTTP status codes instead of apr_status_t values for
227
     errors encountered while forwarding the request body PR 44165 
228
  mod_rewrite: 
229
   - Initialize hash needed by ap_register_rewrite_mapfunc early
230
     enough. PR 44641 
231
   - Check all files used by DBM maps for freshness, mod_rewrite
232
     didn't pick up on updated sdbm maps due to this.  PR41190 
233
   - Don't canonicalise URLs with [P,NE] PR 43319 
234
  mod_speling:
235
   - remove regression from 1.3/2.0 behavior and drop dependency
236
     between mod_speling and AcceptPathInfo.
237
  mod_ssl:
238
   - Fix a memory leak with connections that have zlib compression
239
     turned on. PR 44975 
240
  mod_substitute:
241
   - The default is now flattening the buckets after each
242
     substitution. The newly added 'q' flag allows for the quicker,
243
     more efficient bucket-splitting if the user so
244
  mod_unique_id:
245
   - Fix timestamp value in UNIQUE_ID.  PR 37064 
246
  ab (apache benchmark):
247
   - Include <limits.h> earlier if available since we may need
248
     INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
249
   - Improve client performance by clearing connection pool instead
250
   - Don't stop sending a request if EAGAIN is returned, which
251
     will only happen if both the write and subsequent wait are
252
     returning EAGAIN, and count posted bytes correctly when the initial
253
     write of a request is not complete. PR 10038, 38861, 39679
254
   - Overhaul stats collection and reporting to avoid integer
255
     truncation and time divisions within the test loop, retain
256
     native time resolution until output, remove unused data,
257
     consistently round milliseconds, and generally avoid losing
258
     accuracy of calculation due to type casts. PR 44878, 44931.
259
   - Add -r option to continue after socket receive errors.
260
   - Do not try to read non existing response bodies of HEAD requests.
261
   - Use a 64 bit unsigned int instead of a signed long to count the
262
  rotatelogs:
263
   - Log the current file size and error code/description when
264
     failing to write to the log file.  
265
   - Added '-f' option to force rotatelogs to create the logfile as
266
     soon as started, and not wait until it reads the first entry. 
267
   - Don't leak memory when reopening the logfile.  PR 40183 
268
   - Improve atomicity when using -l and cleaup code.  PR 44004 
269
- drop obsolete patches httpd-2.1.3alpha-autoconf-2.59.dif
270
                        httpd-2.2.x-CVE-2008-1678.patch
271
- don't run autoreconf on SLES9
272
- remove the addition of -g to the CFLAGS, since the build service
273
  handles debuginfo packages now
274
275
-------------------------------------------------------------------
276
Mon Jun  9 17:18:03 CEST 2008 - poeml@suse.de
277
278
- build service supports the debuginfo flag in metadata now; remove
279
  debug_package macro from the specfile therefore.
280
281
-------------------------------------------------------------------
282
Mon May 26 16:55:37 CEST 2008 - skh@suse.de
283
284
- CVE-2008-1678: modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): 
285
  Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a 
286
  per-connection memory leak which occurs if the client indicates 
287
  support for a compression algorithm in the initial handshake, and 
288
  mod_ssl is linked against OpenSSL >= 0.9.8f.  [bnc#392096]
289
  httpd-2.2.x-CVE-2008-1678.patch
290
291
-------------------------------------------------------------------
292
Thu May 15 01:58:08 CEST 2008 - poeml@suse.de
293
294
- fix build on Mandriva 2007, by escaping commented %build macro
295
- make filelist of man pages independant of the compression method
296
  (gz, bz2, lzma)
297
298
-------------------------------------------------------------------
299
Fri Apr 18 11:55:14 CEST 2008 - poeml@suse.de
300
301
- fix from Factory:
302
  - remove dir /usr/share/omc/svcinfo.d as it is provided now
303
    by filesystem 
304
- remove obsolete httpd-2.2.x.doublefree.patch file, which isn't
305
  used since quite some time since the issue is resolved.
306
307
-------------------------------------------------------------------
308
Thu Apr 17 17:58:02 CEST 2008 - poeml@suse.de
309
310
- new implementation of sysconf_addword, using sed instead of ed.
311
  Moving it from the -utils subpackage into the parent package,
312
  where it's actually needed. If sysconf_addword is already present
313
  in the system, it is preferred (by PATH). That's because the tool
314
  has been integrated into aaa_base.rpm with openSUSE 11.0.
315
  Removing the requires on the ed package. [bnc#377131]
316
317
-------------------------------------------------------------------
318
Wed Mar 12 14:29:04 CET 2008 - poeml@suse.de
319
320
- require ed package, since ed is needed by sysconf_addword, which
321
  in turn is used by a2enmod/a2enflag
322
323
-------------------------------------------------------------------
324
Fri Feb 29 14:06:52 CET 2008 - poeml@suse.de
325
326
- better documentation how to enable SSL in /etc/sysconfig/apache2
327
- quickstart readme: the link to the openSUSE wiki is about to move
328
329
-------------------------------------------------------------------
330
Tue Feb 19 13:14:45 CET 2008 - poeml@suse.de
331
332
- add "127.0.0.1" to the local access list in mod_status.conf,
333
  because on some systems "localhost" seems to resolve only to IPv6
334
  localhost
335
336
-------------------------------------------------------------------
337
Sat Feb  2 05:37:34 CET 2008 - crrodriguez@suse.de
338
339
- upstream 2.2.8
340
  SECURITY: CVE-2007-6421 (cve.mitre.org)
341
     mod_proxy_balancer: Correctly escape the worker route and the worker
342
     redirect string in the HTML output of the balancer manager.
343
     Reported by SecurityReason.
344
  SECURITY: CVE-2007-6422 (cve.mitre.org)
345
     Prevent crash in balancer manager if invalid balancer name is passed
346
     as parameter. Reported by SecurityReason.
347
  SECURITY: CVE-2007-6388 (cve.mitre.org)
348
     mod_status: Ensure refresh parameter is numeric to prevent
349
     a possible XSS attack caused by redirecting to other URLs.
350
     Reported by SecurityReason.
351
  SECURITY: CVE-2007-5000 (cve.mitre.org)
352
     mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
353
  SECURITY: CVE-2008-0005 (cve.mitre.org)
354
     Introduce the ProxyFtpDirCharset directive, allowing the administrator
355
     to identify a default, or specific servers or paths which list their
356
     contents in other-than ISO-8859-1 charset (e.g. utf-8).
357
  mod_autoindex: 
358
   - Generate valid XHTML output by adding the xhtml namespace. PR 43649
359
  mod_charset_lite: 
360
   - Don't crash when the request has no associated filename.
361
  mod_dav: 
362
   - Fix evaluation of If-Match * and If-None-Match * conditionals.  PR 38034
363
   - Adjust etag generation to produce identical results on 32-bit
364
     and 64-bit platforms and avoid a regression with conditional PUT's on lock
365
     and etag. PR 44152.
366
  mod_deflate: 
367
   - initialise inflate-out filter correctly when the first brigade
368
     contains no data buckets.  PR 43512
369
  mod_disk_cache: 
370
  - Delete temporary files if they cannot be renamed to their final
371
    name.
372
  mod_filter: 
373
   - Don't segfault on (unsupported) chained FilterProvider usage.  PR 43956
374
  mod_include: 
375
   - Add an "if" directive syntax to test whether an URL is
376
     accessible, and if so, conditionally display content. This
377
     allows a webmaster to hide a link to a private page when the
378
     user has no access to that page.
379
  mod_ldap: 
380
   - Try to establish a new backend LDAP connection when the
381
     Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g.
382
     after the LDAP server has closed the connection due to a
383
     timeout.  PR 39095
384
   - Give callers a reference to data copied into the request pool
385
     instead of references directly into the cache PR 43786
386
   - Stop passing a reference to pconf around for (limited) use
387
     during request processing, avoiding possible memory corruption
388
     and crashes.
389
  mod_proxy: 
390
   - Canonicalisation improvements. Add "nocanon" keyword to
391
     ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also,
392
     don't escape/unescape forward-proxied URLs.  PR 41798, 42592
393
   - Don't by default violate RFC2616 by setting Max-Forwards when
394
     the client didn't send it to us.  Leave that as a
395
     configuration option.  PR 16137
396
   - Fix persistent backend connections.  PR 43472
397
   - escape error-notes correctly PR 40952
398
   - check ProxyBlock for all blocked addresses PR 36987
399
   - Don't lose bytes when a response line arrives in small chunks.
400
     PR 40894
401
  mod_proxy_ajp: 
402
   - Use 64K as maximum AJP packet size. This is the maximum length
403
     we can squeeze inside the AJP message packet.
404
   - Ignore any ajp13 flush packets received before we send the
405
     response headers. See Tomcat PR 43478.
406
   - Differentiate within AJP between GET and HEAD requests. PR 43060
407
  mod_proxy_balancer: 
408
   - Do not reset lbstatus, lbfactor and lbset when starting a new
409
     child.  PR 39907
410
  mod_proxy_http: 
411
   - Remove Warning headers with wrong date PR 16138
412
   - Correctly parse all Connection headers in proxy.  PR 43509
413
   - add Via header correctly (if enabled) to response, even where
414
     other Via headers exist.  PR 19439
415
   - Correctly forward unexpected interim (HTTP 1xx) responses from
416
     the backend according to RFC2616.  But make it configurable in
417
     case something breaks on it.  PR 16518
418
   - strip hop-by-hop response headers PR 43455
419
   - Propagate Proxy-Authorization header correctly.  PR 25947
420
   - Don't segfault on bad line in FTP listing PR 40733
421
  mod_rewrite: 
422
   - Add option to suppress URL unescaping PR 34602
423
   - Add the novary flag to RewriteCond.
424
  mod_substitute: 
425
   - Added a new output filter, which performs inline response
426
     content pattern matching (including regex) and substitution.
427
  mod_ssl: 
428
   - Fix handling of the buffered request body during a per-location
429
     renegotiation, when an internal redirect occurs.  PR 43738.
430
   - Fix SSL client certificate extensions parsing bug. PR 44073.
431
   - Prevent memory corruption of version string.  PR 43865, 43334
432
  mod_status: 
433
   - Add SeeRequestTail directive, which determines if
434
     ExtendedStatus displays the 1st 63 characters of the request
435
     or the last 63. Useful for those requests with large string
436
     lengths and which only vary with the last several characters.
437
  event MPM: 
438
   - Add support for running under mod_ssl, by reverting to the
439
     Worker MPM behaviors, when run under an input filter that buffers
440
     its own data.
441
  core: 
442
   - Fix regression in 2.2.7 in chunk filtering with massively
443
     chunked requests.
444
   - Lower memory consumption of ap_r* functions by reusing the
445
     brigade instead of recreating it during each filter pass.
446
   - Lower memory consumption in case that flush buckets are passed
447
     thru the chunk filter as last bucket of a brigade. PR 23567.
448
   - Fix broken chunk filtering that causes all non blocking reads
449
     to be converted into blocking reads.  PR 19954, 41056.
450
   - Change etag generation to produce identical results on 32-bit
451
     and 64-bit platforms.  PR 40064.
452
   - Handle unrecognised transfer-encodings.  PR 43882
453
   - Avoid some unexpected connection closes by telling the client
454
     that the connection is not persistent if the MPM process
455
     handling the request is already exiting when the response
456
     header is built.
457
   - fix possible crash at startup in case of nonexistent
458
     DocumentRoot.  PR 39722
459
   - http_core: OPTIONS * no longer maps to local storage or URI
460
     space. Note that unlike previous versions, OPTIONS * no longer
461
     returns an Allow: header. PR 43519
462
   - scoreboard: improve error message on apr_shm_create failure PR
463
     40037
464
   - Don't send spurious "100 Continue" response lines.  PR 38014
465
   - http_protocol: 
466
     - Escape request method in 413 error reporting.  Determined to
467
       be not generally exploitable, but a flaw in any case.  PR
468
       44014
469
     - Add "DefaultType none" option.  PR 13986 and PR 16139
470
     - Escape request method in 405 error reporting.  This has no
471
       security impact since the browser cannot be tricked into
472
       sending arbitrary method strings.
473
  - Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009
474
  - Add explicit charset to the output of various modules to work
475
    around possible cross-site scripting flaws affecting web
476
    browsers that do not derive the response character set as
477
    required by  RFC2616.  One of these reported by SecurityReason
478
  - rotatelogs: Change command-line parsing to report more types
479
     of errors.  Allow local timestamps to be used when rotating based
480
     on file size.
481
482
-------------------------------------------------------------------
483
Wed Sep 12 20:11:37 CEST 2007 - poeml@suse.de
484
485
- fix graceful-restart. Wait until the pidfile is gone, but don't
486
  wait for the parent to disappear. It stays there, after closing
487
  the listen ports.
488
489
-------------------------------------------------------------------
490
Wed Sep 12 15:49:15 CEST 2007 - poeml@suse.de
491
492
- use debug_package macro only on suse, because it breaks the build
493
  on Mandriva
494
495
-------------------------------------------------------------------
496
Wed Sep 12 13:41:16 CEST 2007 - poeml@suse.de
497
498
- don't configure in maintainer-mode. It not only enables compile
499
  time warnings, but also adds AP_DEBUG into the mix which causes
500
  enablement of debug code which is not wanted in production
501
  builds.
502
503
-------------------------------------------------------------------
504
Mon Sep 10 17:32:56 CEST 2007 - poeml@suse.de
505
506
- upstream 2.2.6
507
  SECURITY: CVE-2007-3847 (cve.mitre.org)
508
     mod_proxy: Prevent reading past the end of a buffer when parsing
509
     date-related headers.  PR 41144.
510
  SECURITY: CVE-2007-1863 (cve.mitre.org)
511
     mod_cache: Prevent a segmentation fault if attributes are listed in a 
512
     Cache-Control header without any value. 
513
  SECURITY: CVE-2007-3304 (cve.mitre.org)
514
     prefork, worker, event MPMs: Ensure that the parent process cannot
515
     be forced to kill processes outside its process group. 
516
  SECURITY: CVE-2006-5752 (cve.mitre.org)
517
     mod_status: Fix a possible XSS attack against a site with a public
518
     server-status page and ExtendedStatus enabled, for browsers which
519
     perform charset "detection".  Reported by Stefan Esser.
520
  SECURITY: CVE-2007-1862 (cve.mitre.org)
521
     mod_mem_cache: Copy headers into longer lived storage; header names and
522
     values could previously point to cleaned up storage.  PR 41551.
523
  mod_alias: 
524
   - Accept path components (URL part) in Redirects. PR 35314.
525
  mod_authnz_ldap: 
526
   - Don't return HTTP_UNAUTHORIZED during authorization when
527
     LDAP authentication is configured but we haven't seen any 
528
     'Require ldap-*' directives, allowing authorization to be passed to lower 
529
     level modules (e.g. Require valid-user) PR 43281 
530
  mod_autoindex: 
531
   - Add in Type and Charset options to IndexOptions
532
     directive. This allows the admin to explicitly set the 
533
     content-type and charset of the generated page and is therefore
534
     a viable workaround for buggy browsers affected by CVE-2007-4465
535
  mod_cache:
536
   - Remove expired content from cache that cannot be revalidated.
537
     PR 30370. 
538
   - Do not set Date or Expires when they are missing from the
539
     original response or are invalid.  
540
   - Correctly handle HEAD requests on expired cache content.  PR
541
     41230.  
542
   - Let Cache-Control max-age set the expiration of the cached
543
     representation if Expires is not set.  
544
   - Allow caching of requests with query arguments when
545
     Cache-Control max-age is explicitly specified.  
546
   - Use the same cache key throughout the whole request processing
547
     to handle escaped URLs correctly.  PR 41475.  
548
   - Add CacheIgnoreQueryString directive. PR 41484.
549
   - While serving a cached entity ensure that filters that have
550
     been applied to this cached entity before saving it to the
551
     cache are not applied again. PR 40090.  
552
   - Correctly cache objects whose URL query string has been
553
     modified by mod_rewrite. PR 40805.  
554
  mod_cgi, mod_cgid: 
555
   - Fix use of CGI scripts as ErrorDocuments.  PR 39710.  
556
  mod_dbd: 
557
   - Introduce configuration groups to allow inheritance by virtual
558
     hosts of database configurations from the main server.
559
     Determine the minimal set of distinct configurations and share
560
     connection pools whenever possible.  Allow virtual hosts to
561
     override inherited SQL statements.  PR 41302.  
562
   - Create memory sub-pools for each DB connection and close DB
563
     connections in a pool cleanup function.  Ensure prepared
564
     statements are destroyed before DB connection is closed.  When
565
     using reslists, prevent segfaults when child processes exit,
566
     and stop memory leakage of ap_dbd_t structures.  Avoid use of
567
     global s->process->pool, which isn't destroyed by exiting
568
     child processes in most multi-process MPMs.  PR 39985.  
569
   - Handle error conditions in dbd_construct() properly.  Simplify
570
     ap_dbd_open() and use correct arguments to apr_dbd_error()
571
     when non-threaded.  Register correct cleanup data in
572
     non-threaded ap_dbd_acquire() and ap_dbd_cacquire().  Clean up
573
     configuration data and merge function.  Use ap_log_error()
574
     wherever possible.
575
   - Stash DBD connections in request_config of initial request
576
     only, or else sub-requests and internal redirections may cause
577
     entire DBD pool to be stashed in a single HTTP request.  
578
  mod_deflate: 
579
   - don't try to process metadata buckets as data.  what should
580
     have been a 413 error was logged as a 500 and a blank screen
581
     appeared at the browser.
582
   - fix protocol handling in deflate input filter PR 23287 
583
  mod_disk_cache: 
584
   - Allow Vary'd responses to be refreshed properly.
585
  mod_dumpio: 
586
   - Fix for correct dumping of traffic on EBCDIC hosts Data had
587
     been incorrectly converted twice, resulting in garbled log
588
     output. 
589
  mod_expires: 
590
   - don't crash on bad configuration data PR 43213 
591
  mod_filter: 
592
   - fix integer comparisons in dispatch rules PR 41835 
593
   - fix merging of ! and = in FilterChain PR 42186 
594
  mod_headers: 
595
   - Allow % at the end of a Header value. PR 36609.
596
  mod_info: 
597
   - mod_info outputs invalid XHTML 1.0 transitional.  PR 42847 
598
  mod_ldap: 
599
   - Avoid possible crashes, hangs, and busy loops due to improper
600
     merging of the cache lock in vhost config PR 43164 
601
  mod_ldap: 
602
   - Remove the hardcoded size limit parameter for
603
     ldap_search_ext_s and replace it with an APR_ defined value
604
     that is set according to the LDAP SDK being used.
605
  mod_mem_cache: 
606
   - Increase the minimum and default value for MCacheMinObjectSize
607
     from 0 to 1, as a MCacheMinObjectSize of 0 does not make sense
608
     and leads to a division by zero.  PR 40576.
609
  mod_negotiation: 
610
   - preserve Query String in resolving a type map PR 33112 
611
  mod_proxy:
612
   -  mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as
613
      synonymous.  PR 43183 
614
   -  Ensure that at least scheme://hostname[:port] matches between
615
      worker and URL when searching for the best fitting worker for
616
      a given URL.  PR 40910 
617
   -  Improve network performance by setting APR_TCP_NODELAY
618
      (disable Nagle algorithm) on sockets if implemented.  PR 42871 
619
   -  Add a missing assignment in an error checking code path.  PR 40865 
620
   -  don't URLencode tilde in path component PR 38448 
621
   -  enable Ignore Errors option on ProxyPass Status.  PR 43167 
622
   - Allow to use different values for sessionid in url encoded id
623
     and cookies. PR 41897. 
624
   - Fix the 503 returned when session route does not match any of
625
     the balancer members. 
626
   - Added ProxyPassMatch directive, which is similar to ProxyPass
627
     but takes a regex local path prefix. 
628
   - Print the correct error message for erroneous configured
629
     ProxyPass directives. PR 40439.  
630
   - Fix some proxy setting inheritance problems (eg:
631
     ProxyTimeout). PR 11540.  
632
   - proxy/ajp_header.c: Fixed header token string comparisons
633
     Matching of header tokens failed to include the trailing NIL
634
     byte and could misinterpret a longer header token for a
635
     shorter.  Additionally, a "Content-Type" comparison was made
636
     case insensitive.
637
   - proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC
638
     On EBCDIC machines, the status_line string was incorrectly
639
     converted twice. 
640
  mod_proxy_connect: 
641
   - avoid segfault on DNS lookup failure.  PR 40756 
642
  mod_proxy_http:
643
   - HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses
644
     alone.  Only processing of error responses (4xx, 5xx) will be
645
     altered. PR 39245.
646
   - Don't try to read body of a HEAD request before responding. PR 41644 
647
   - Handle request bodies larger than 2 GB by converting the
648
     Content-Length header of the request correctly. PR 40883.
649
  mod_ssl: 
650
   - Fix spurious hostname mismatch warning for valid wildcard
651
     certificates.  PR 37911.  
652
   - Version reporting update; displays 'compiled against' Apache
653
     and build-time SSL Library versions at loglevel [info], while
654
     reporting the run-time SSL Library version in the server info
655
     tags.  Helps to identify a mod_ssl built against one flavor of
656
     OpenSSL but running against another (also adds SSL-C version
657
     number reporting.)  
658
   - initialize thread locks before initializing the hardware
659
     acceleration library, so the latter can make use of the
660
     former.  PR 20951.  
661
  core:
662
   - Do not replace a Date header set by a proxied backend server. PR 40232 
663
   - log core: ensure we use a special pool for stderr logging, so that
664
     the stderr channel remains valid from the time plog is destroyed,
665
     until the time the open_logs hook is called again.
666
   - main core: Emit errors during the initial apr_app_initialize()
667
     or apr_pool_create() (when apr-based error reporting is not ready).
668
   - log core: fix the new piped logger case where we couldn't connect 
669
     the replacement stderr logger's stderr to the NULL stdout stream.  
670
     Continue in this case, since the previous alternative of no error 
671
     logging at all (/dev/null) is far worse. 
672
   - Correct a regression since 2.0.x in the handling of AllowOverride 
673
     Options. PR 41829.  
674
   - Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
675
     can work after that terminating signal.
676
   -  mod_so: Provide more helpful LoadModule feedback when an error occurs.
677
  misc:
678
   - mime.types: Many updates to sync with IANA registry and common
679
     unregistered types that the owners refuse to register.  Admins
680
     are encouraged to update their installed mime.types file.  PR:
681
     35550, 37798, 39317, 31483 
682
   - mime.types: add Registered Javascript/ECMAScript MIME types
683
     (RFC4329) PR 40299 
684
   - htdbm: Enable crypt support on platforms with crypt() but not
685
     <crypt.h>, such as z/OS.  
686
   - ab.c: Correct behavior of HTTP request headers sent by ab in
687
     presence of -H command-line overrides. PR 31268, 26554.
688
   - ab.c: The apr_port_t type is unsigned, but ab was using a
689
     signed format code in its reports. PR 42070.
690
- drop obsolete patches apache2-mod_cache-CVE-2007-1863.patch
691
                        apache2-mod_status-CVE-2006-5752.patch
692
                        httpd-2.2.4-mod_autoindex-charset-r570962.patch
693
                        mod_dbd.c-issue18989-autoconnect.dif
694
                        mod_dbd.c-r571441
695
696
-------------------------------------------------------------------
697
Mon Sep  3 13:43:22 CEST 2007 - skh@suse.de
698
699
- get_module_list: replace loadmodule.conf atomically [bnc #214863]
700
701
-------------------------------------------------------------------
702
Sat Sep  1 01:49:37 CEST 2007 - poeml@suse.de
703
704
- /etc/init.d/apache2: implement restart-graceful, stop-graceful
705
706
-------------------------------------------------------------------
707
Fri Aug 31 14:21:27 CEST 2007 - poeml@suse.de
708
709
- update mod_dbd to trunk version (r571441)
710
  * apr_dbd_check_conn() just returns APR_SUCCESS or
711
    APR_EGENERAL, so we don't actually have a driver-specific value
712
    to pass to apr_dbd_error(), but that's OK because most/all
713
    drivers just ignore this value anyway
714
715
-------------------------------------------------------------------
716
Fri Aug 31 12:37:27 CEST 2007 - poeml@suse.de
717
718
- replace httpd-2.2.3-AddDirectoryIndexCharset.patch with the upstream
719
  solution, httpd-2.2.4-mod_autoindex-charset-r570962.patch [#153557]
720
  (backport from 2.2.6)
721
  * Merge r570532, r570535, r570558 from trunk:
722
    IndexOptions ContentType=text/html Charset=UTF-8 magic.
723
    http://svn.apache.org/viewvc?rev=570962&view=rev
724
    http://issues.apache.org/bugzilla/show_bug.cgi?id=42105
725
  This means that the AddDirectoryIndexCharset is no longer
726
  available. Instead, IndexOptions Charset=xyz can be used.
727
728
-------------------------------------------------------------------
729
Fri Aug 31 11:42:58 CEST 2007 - poeml@suse.de
730
731
- remove libexpat-devel in the build service version of the package
732
- apply apache2-mod_cache-CVE-2007-1863.patch (patch 152) in the
733
  buildservice package
734
- don't apply mod_dbd.c-issue18989-autoconnect.dif, since it
735
  patches only modules/database/mod_dbd.c which is replaced with
736
  trunk version anyway
737
738
-------------------------------------------------------------------
739
Thu Aug 23 11:27:19 CEST 2007 - mskibbe@suse.de
740
741
- Bug 289996 - VUL-0: mod_status XSS in public server status page 
742
- Bug 289997 - VUL-0: apache2: mod_cache remote denial of service
743
744
-------------------------------------------------------------------
745
Wed Jul 18 16:04:05 CEST 2007 - skh@suse.de
746
747
- split off apache2-utils subpackage, containing all helper tools that
748
  are useful for system administrators in general (b.n.c. #272292 and
749
  FATE #302059)
750
751
-------------------------------------------------------------------
752
Thu Mar 29 19:14:16 CEST 2007 - dmueller@suse.de
753
754
- add zlib-devel to BuildRequires
755
756
-------------------------------------------------------------------
757
Fri Mar 23 08:55:47 CET 2007 - poeml@suse.de
758
759
- add mod_dbd.c from trunk (r512038), the version we run ourselves
760
  http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/database/mod_dbd.c?view=log
761
- add mod_dbd.c-issue18989-autoconnect.dif, but disabled. It
762
  applies to 2.2.4 mod_dbd.c but not to the trunk version
763
- build mod_version
764
- fix documentation link in apache2-httpd.conf
765
766
-------------------------------------------------------------------
767
Tue Mar 20 10:47:18 CET 2007 - mskibbe@suse.de
768
769
- add firewall file for ssl (#246929) 
770
771
-------------------------------------------------------------------
772
Mon Mar 19 12:44:22 CET 2007 - mskibbe@suse.de
773
774
- Apache - Support for FATE #300687: Ports for SuSEfirewall added
775
  via packages (#246929)
776
777
-------------------------------------------------------------------
778
Fri Jan 26 12:44:04 CET 2007 - poeml@suse.de
779
780
- the QUICKSTART Readmes have been moved to 
781
  http://www.opensuse.org/Apache
782
783
-------------------------------------------------------------------
784
Mon Jan 22 11:24:32 CET 2007 - poeml@suse.de
785
786
- point out better in README.QUICKSTART.SSL that a vhost needs to
787
  be created
788
- fixes to README.QUICKSTART.WebDAV
789
- updated email addresses (now there is apache@suse.de)
790
791
-------------------------------------------------------------------
792
Sat Jan 20 17:16:20 CET 2007 - poeml@suse.de
793
794
- add httpd-2.2.x.doublefree.patch, backport of 
795
  http://svn.apache.org/viewvc?diff_format=h&view=rev&revision=496831
796
  See http://issues.apache.org/bugzilla/show_bug.cgi?id=39985
797
798
-------------------------------------------------------------------
799
Thu Jan 18 22:00:48 CET 2007 - poeml@suse.de
800
801
- create debuginfo package in the buildservice
802
803
-------------------------------------------------------------------
804
Fri Jan 12 14:25:51 CET 2007 - mskibbe@suse.de
805
806
- change path to service cml document (fate #301708) 
807
808
-------------------------------------------------------------------
809
Tue Jan  9 15:59:42 CET 2007 - poeml@suse.de
810
811
- upstream 2.2.4
812
  mod_authnz_ldap: 
813
   - Add an AuthLDAPRemoteUserAttribute directive. If set,
814
     REMOTE_USER will be set to this attribute, rather than the
815
     username supplied by the user. Useful for example when you
816
     want users to log in using an email address, but need to
817
     supply a userid instead to the backend.
818
  mod_cache: 
819
   - From RFC3986 (section 6.2.3.) if a URI contains an authority
820
     component and an empty path, the empty path is to be
821
     equivalent to "/". It explicitly cites the following four URIs
822
     as equivalents:
823
       http://example.com
824
       http://example.com/
825
       http://example.com:/
826
       http://example.com:80/
827
   - Eliminate a bogus error in the log when a filter returns
828
     AP_FILTER_ERROR.
829
   - Don't cache requests with a expires date in the past;
830
     otherwise mod_cache will always try to cache the URL. This bug
831
     might lead to numerous rename() errors on win32 if the URL was
832
     previously cached.
833
  mod_cgi and mod_cgid:
834
   - Don't use apr_status_t error return from input filters as HTTP
835
     return value from the handler.  PR 31579.
836
  mod_dbd: 
837
   - share per-request database handles across subrequests and
838
     internal redirects
839
   - key connection pools to virtual hosts correctly even when
840
     ServerName is unset/unavailable
841
  mod_deflate: 
842
   - Rework inflate output and deflate output filter to fix several
843
     issues: Incorrect handling of flush buckets, potential memory
844
     leaks, excessive memory usage in inflate output filter for
845
     large compressed content. PR 39854.
846
  mod_disk_cache: 
847
   - Make sure that only positive integers are accepted for the
848
     CacheMaxFileSize and CacheMinFileSize parameters in the config
849
     file. PR39380.
850
  mod_dumpio:
851
   - Allow mod_dumpio to log at other than DEBUG levels via the new
852
     DumpIOLogLevel directive.
853
  mod_echo: 
854
   - Fix precedence problem in if statement. PR 40658.
855
  mod_ext_filter: 
856
   - Handle filter names which include capital letters.  PR 40323.
857
  mod_headers: 
858
   - Support regexp-based editing of HTTP headers.
859
  mod_mime_magic: 
860
   - Fix precedence problem in if statement. PR 40656.
861
  mod_mem_cache: 
862
   - Memory leak fix: Unconditionally free the buffer.
863
   - Convert mod_mem_cache to use APR memory pool functions by
864
     creating a root pool for object persistence across requests.
865
     This also eliminates the need for custom serialization code.
866
  mod_proxy: 
867
   - Don't try to use dead backend connection. PR 37770.
868
   - Add explicit flushing feature. When Servlet container sends
869
     AJP body message with size 0, this means that Servlet
870
     container has asked for an explicit flush. Create flush bucket
871
     in that case. This feature has been added to the recent Tomcat
872
     versions without breaking the AJP protocol.
873
  mod_proxy_ajp: 
874
   - Close connection to backend if reading of request body fails.
875
     PR 40310.
876
   - Added cping/cpong support for the AJP protocol.  A new worker
877
     directive ping=timeout will cause CPING packet to be send
878
     expecting CPONG packet within defined timeout.  In case the
879
     backend is too busy this will fail instead sending the full
880
     header.
881
  mod_proxy_balancer: 
882
   - Workers can now be defined as part of a balancer cluster "set"
883
     in which members of a lower-numbered set are preferred over
884
     higher numbered ones.
885
   - Workers can now be defined as "hot standby" which will only be
886
     used if all other workers are unusable (eg: in error or
887
     disabled). Also, the balancer-manager displays the election
888
     count and I/O counts of all workers.
889
   - Retry worker chosen by route / redirect worker if it is in
890
     error state before sending "Service Temporarily Unavailable".
891
     PR 38962.
892
   - Extract stickysession routing information contained as
893
     parameter in the URL correctly. PR 40400.
894
   - Set the new environment variable BALANCER_ROUTE_CHANGED if a
895
     worker with a route different from the one supplied by the
896
     client had been chosen or if the client supplied no routing
897
     information for a balancer with sticky sessions.
898
   - Add information about the route, the sticky session and the
899
     worker used during a request as environment variables. PR
900
     39806.
901
  core:
902
   - Fix issue which could cause piped loggers to be orphaned and
903
     never terminate after a graceful restart.  PR 40651.
904
   - Fix address-in-use startup failure caused by corruption of the
905
     list of listen sockets in some configurations with multiple
906
     generic Listen directives.
907
   - Fix NONBLOCK status of listening sockets on restart/graceful
908
     PR 37680.
909
   - Deal with the widespread use of apr_status_t return values as
910
     HTTP status codes, as documented in PR#31759 (a bug shared by
911
     the default handler, mod_cgi, mod_cgid, mod_proxy, and
912
     probably others). PR31759.
913
   - The full server version information is now included in the
914
     error log at startup as well as server status reports,
915
     irrespective of the setting of the ServerTokens directive.
916
     ap_get_server_version() is now deprecated, and is replaced by
917
     ap_get_server_banner() and ap_get_server_description().
918
  misc:
919
   - Allow htcacheclean, httxt2dbm, and fcgistarter to link
920
     apr/apr-util statically like the older support programs.
921
   - Better detection and clean up of ldap connection that has been
922
     terminated by the ldap server.  PR 40878.
923
   - rotatelogs: Improve error message for open failures.  PR
924
     39487.
925
926
-------------------------------------------------------------------
927
Mon Jan  8 11:57:04 CET 2007 - mskibbe@suse.de
928
929
- Apache XML Service Description Document (fate #301708) 
930
931
-------------------------------------------------------------------
932
Thu Dec 21 10:36:14 CET 2006 - poeml@suse.de
933
934
- add patch to add charset=utf-8 to directory listings generated by
935
  mod_autoindex, and add a directive to allow overriding the
936
  charset (testing, needs to be discussed with upstream) [#153557]
937
  httpd-2.2.3-AddDirectoryIndexCharset.patch 
938
939
-------------------------------------------------------------------
940
Wed Dec 20 15:58:35 CET 2006 - poeml@suse.de
941
942
- set a proper HOME (/var/lib/apache2), otherwise the server might
943
  end up HOME=/root and some script might try to use that [#132769]
944
- add two notes to the QUICKSTART readmes
945
- don't install /etc/apache2/extra configuration since this is only
946
  serving as an example and installed with the documentation anyway
947
948
-------------------------------------------------------------------
949
Tue Sep 26 11:13:52 CEST 2006 - poeml@suse.de
950
951
- add rpm macro for suexec_safepath
952
- use _bindir/_sbindir in a few places [#202355]
953
- remove unused /sbin/conf.d directory from build root
954
955
-------------------------------------------------------------------
956
Thu Aug 31 15:26:54 CEST 2006 - poeml@suse.de
957
958
- Enable fatal exception hook for use by diagnostic modules.
959
960
-------------------------------------------------------------------
961
Tue Aug 29 16:33:59 CEST 2006 - poeml@suse.de
962
963
- move some binaries, where calling by users makes sense (dbmmanage
964
  htdbm htdigest htpasswd), from /usr/sbin to /usr/bin [#140133]
965
966
-------------------------------------------------------------------
967
Wed Aug  9 16:13:07 CEST 2006 - poeml@suse.de
968
969
- upstream 2.2.3
970
  |SECURITY: CVE-2006-3747 (cve.mitre.org)
971
  |  mod_rewrite: Fix an off-by-one security problem in the ldap scheme
972
  |  handling.  For some RewriteRules this could lead to a pointer being
973
  |  written out of bounds.  Reported by Mark Dowd of McAfee.
974
  | mod_authn_alias: Add a check to make sure that the base provider and the
975
  |  alias names are different and also that the alias has not been registered
976
  |  before. PR 40051.
977
  | mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
978
  |  client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
979
  | mod_autoindex: Fix filename escaping with FancyIndexing disabled.
980
  |  PR 38910.
981
  | mod_cache: 
982
  | - Make caching of reverse SSL proxies possible again. PR 39593.
983
  | - Do not overwrite the Content-Type in the cache, for
984
  |   successfully revalidated cached objects. PR 39647.
985
  | mod_charset_lite: Bypass translation when the source and dest charsets
986
  |  are the same.
987
  | mod_dbd: Fix dependence on virtualhost configuration in
988
  |  defining prepared statements (possible segfault at startup
989
  |  in user modules such as mod_authn_dbd).
990
  | mod_mem_cache: Set content type correctly when delivering data from
991
  |  cache. PR 39266.
992
  | mod_speling: Add directive to deal with case corrections only
993
  |  and ignore other misspellings
994
  | miscellaneous:
995
  |  - Add optional 'scheme://' prefix to ServerName directive,
996
  |    allowing correct determination of the canonical server URL
997
  |    for use behind a proxy or offload device handling SSL;
998
  |    fixing redirect generation in those cases. PR 33398.
999
  |  - Added server_scheme field to server_rec for above. Minor MMN bump.
1000
  |  - Worker MPM: On graceless shutdown or restart, send signals
1001
  |    to each worker thread to wake them up if they're polling on
1002
  |    a Keep-Alive connection.  PR 38737.
1003
  |  - worker and event MPMs: fix excessive forking if fork() or
1004
  |    child_init take a long time.  PR 39275.
1005
  |  - Respect GracefulShutdownTimeout in the worker and event MPMs.
1006
  |  - configure: Add "--with-included-apr" flag to force use of
1007
  |    the bundled version of APR at build time.
1008
1009
-------------------------------------------------------------------
1010
Tue Jul  4 12:20:54 CEST 2006 - poeml@suse.de
1011
1012
- a2enmod, a2enflag: add /usr/sbin to PATH so sysconf_addword is
1013
  found
1014
1015
-------------------------------------------------------------------
1016
Fri Jun 23 09:52:17 CEST 2006 - poeml@suse.de
1017
1018
- fix typo in apache-20-22-upgrade script: mod_image_map ->
1019
  mod_imagemap
1020
1021
-------------------------------------------------------------------
1022
Mon Jun 12 11:28:59 CEST 2006 - poeml@suse.de
1023
1024
- enable logresolve processing of lines longer than 1024 characters
1025
  by compiling with MAXLINE=4096 [#162806]
1026
1027
-------------------------------------------------------------------
1028
Fri Jun  9 23:11:45 CEST 2006 - poeml@suse.de
1029
1030
- upstream 2.2.2
1031
  | SECURITY: CVE-2005-3357 (cve.mitre.org)
1032
  |   mod_ssl: Fix a possible crash during access control checks
1033
  |   if a non-SSL request is processed for an SSL vhost (such as
1034
  |   the "HTTP request received on SSL port" error message when
1035
  |   an 400 ErrorDocument is configured, or if using "SSLEngine
1036
  |   optional").  PR 37791.
1037
  | SECURITY: CVE-2005-3352 (cve.mitre.org)
1038
  |   mod_imagemap: Escape untrusted referer header before
1039
  |   outputting in HTML to avoid potential cross-site scripting.
1040
  |   Change also made to ap_escape_html so we escape quotes.
1041
  |   Reported by JPCERT.
1042
  | mod_cache: 
1043
  |  - Make caching of reverse proxies possible again. PR 38017.
1044
  | mod_disk_cache: 
1045
  |  - Return the correct error codes from bucket read failures,
1046
  |    instead of APR_EGENERAL.
1047
  | mod_dbd:
1048
  |  - Update defaults, improve error reporting.
1049
  |  - Create own pool and mutex to avoid problem use of process
1050
  |    pool in request processing.
1051
  | mod_deflate: 
1052
  |  - work correctly in an internal redirect
1053
  | mod_proxy:
1054
  |  - don't reuse a connection that may be to the wrong backend PR 39253
1055
  |  - Do not release connections from connection pool twice.  PR 38793.
1056
  |  - Fix KeepAlives not being allowed and set to backend servers.  PR 38602.
1057
  |  - Fix incorrect usage of local and shared worker init.  PR 38403.
1058
  |  - If we get an error reading the upstream response, close the
1059
  |    connection.
1060
  | mod_proxy_balancer: 
1061
  |  - Initialize members of a balancer correctly.  PR 38227.
1062
  | mod_proxy_ajp: 
1063
  |  - Flushing of the output after each AJP chunk is now
1064
  |    configurable at runtime via the 'flushpackets' and 'flushwait'
1065
  |    worker params. Minor MMN bump.
1066
  |  - Crosscheck the length of the body chunk with the length of the
1067
  |    ajp message to prevent mod_proxy_ajp from reading beyond the
1068
  |    buffer boundaries and thus revealing possibly sensitive memory
1069
  |    contents to the client.
1070
  |  - Support common headers of the AJP protocol in responses.  PR 38340.
1071
  | mod_proxy_http: 
1072
  |  - Do send keep-alive header if the client sent connection:
1073
  |    keep-alive and do not close backend connection if the client
1074
  |    sent connection: close. PR 38524.
1075
  | mod_proxy_balancer: 
1076
  |  - Do not overwrite the status of initialized workers and respect
1077
  |    the configured status of uninitilized workers when creating a
1078
  |    new child process.
1079
  |  - Fix off-by-one error in proxy_balancer.  PR 37753.
1080
  | mod_speling: 
1081
  |  - Stop crashing with certain non-file requests.
1082
  | mod_ssl: 
1083
  |  - Fix possible crashes in shmcb with gcc 4 on platforms
1084
  |    requiring word-aligned pointers.  PR 38838.
1085
  | miscellaneous:
1086
  |  - core: Prevent reading uninitialized memory while reading a line of
1087
  |    protocol input.  PR 39282.
1088
  |  - core: Reject invalid Expect header immediately. PR 38123.
1089
  |  - Default handler: Don't return output filter apr_status_t values.
1090
  |    PR 31759.
1091
  |  - Add APR/APR-Util Compiled and Runtime Version numbers to the
1092
  |    output of 'httpd -V'.
1093
  |  - http: If a connection is aborted while waiting for a chunked line,
1094
  |    flag the connection as errored out.
1095
  |  - Don't hang on error return from post_read_request.  PR 37790.
1096
  |  - Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
1097
  |  - Fix recursive ErrorDocument handling.  PR 36090.
1098
  |  - Ensure that the proper status line is written to the client, fixing
1099
  |    incorrect status lines caused by filters which modify r->status without
1100
  |    resetting r->status_line, such as the built-in byterange filter.
1101
  |  - HTML-escape the Expect error message.  Not classed as security as
1102
  |    an attacker has no way to influence the Expect header a victim will
1103
  |    send to a target site.
1104
  |  - Chunk filter: Fix chunk filter to create correct chunks in the case that
1105
  |    a flush bucket is surrounded by data buckets.
1106
  |  - Avoid Server-driven negotiation when a script has emitted an
1107
  |    explicit Status: header.  PR 38070.
1108
  |  - htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
1109
  |  - htdbm: Warn the user when adding a plaintext password on a platform
1110
  |    where it wouldn't work with the server (i.e., anywhere that has
1111
  |    crypt()).
1112
- adapted httpd-2.1.3alpha-autoconf-2.59.dif
1113
- other user visible changes:
1114
  * use a2enmod, a2enflag in apache2-README.QUICKSTART.*
1115
  * add README.QUICKSTART link to httpd.conf
1116
- when installing/updating, avoid irritating message in
1117
  /var/log/messages ("group is unknown - group=wwwadmin") [#183071]
1118
- build system changes:
1119
  * clean up old cruft tight to suse_version macros
1120
  * don't run buildconf, and thus don't need python.
1121
  * don't ship uid.conf as source file, but create it dynamically
1122
    instead, according to user/group defined via rpm macro
1123
  * create wwwrun:www user on non-SUSE builds
1124
  * work around missimg macros insserv_prereq and fillup_prereq on non-SUSE builds
1125
  * add openssl-devel and expat-devel to Buildrequires for non-SUSE builds
1126
  * make sure that the rpm macro sles_version is defined
1127
  * remove obsolete VENDOR UnitedLinux macro
1128
1129
-------------------------------------------------------------------
1130
Tue Apr 25 18:10:28 CEST 2006 - poeml@suse.de
1131
1132
- obsolete 'apache' package on SLES10 (obsolete it on all platforms
1133
  except SLES9 and old SL releases)
1134
1135
-------------------------------------------------------------------
1136
Wed Mar 29 11:54:00 CEST 2006 - poeml@suse.de
1137
1138
- remove php4 from default modules [#155333]
1139
- fix comment in /etc/init.d/apache2 [#148559]
1140
1141
-------------------------------------------------------------------
1142
Mon Feb 20 13:49:07 CET 2006 - poeml@suse.de
1143
1144
- fixed comment in init script which indicated wrong version [#148559]
1145
1146
-------------------------------------------------------------------
1147
Mon Jan 30 12:41:20 CET 2006 - poeml@suse.de
1148
1149
- added Requires: libapr-util1-devel to apache2-devel package [#146496] 
1150
1151
-------------------------------------------------------------------
1152
Fri Jan 27 15:10:15 CET 2006 - poeml@suse.de
1153
1154
- add a note about NameVirtualHost statements to the vhost template
1155
  files [#145000]
1156
1157
-------------------------------------------------------------------
1158
Wed Jan 25 21:34:16 CET 2006 - mls@suse.de
1159
1160
- converted neededforbuild to BuildRequires
1161
1162
-------------------------------------------------------------------
1163
Fri Jan 20 13:20:04 CET 2006 - poeml@suse.de
1164
1165
- cleanup: remove obsolete metuxmpm patch
1166
- improve informational text in apache-20-22-upgrade
1167
1168
-------------------------------------------------------------------
1169
Wed Jan 18 10:11:12 CET 2006 - poeml@suse.de
1170
1171
- the new DYNAMIC_MODULE_LIMIT default in 2.2 is 128, so no need to
1172
  increase it anymore (fixes [#143536])
1173
1174
-------------------------------------------------------------------
1175
Mon Dec 19 13:25:20 CET 2005 - poeml@suse.de
1176
1177
- update to 2.2.0
1178
- enable all new modules
1179
- replaced modules "auth auth_dbm access" in default configuration 
1180
  by "auth_basic authn_file authn_dbm authz_host authz_default
1181
  authz_user""
1182
- /usr/share/apache2/apache-20-22-upgrade will fix the module list
1183
  on upgrade
1184
- fix bug in sysconf_addword (used by a2enmod) to respect word
1185
  boundaries when removing a word (but don't count slashes as word
1186
  boundary)
1187
- remove perchild mpm subpackage, add experimemtal event mpm
1188
- remove obsolete tool apache2-reconfigure-mpm
1189
- remove obsolete perchild config from apache2-server-tuning.conf
1190
- remove libapr0 subpackage; add libapr1 and libapr-util1 to #neededforbuild
1191
- build against system pcre
1192
- build with --enable-pie
1193
- don't modify which libraries are linked in
1194
- adjust IndexIgnore setting to upstream default. Previously, the
1195
  parent directory (..) was being ignored
1196
- package the symlinks in ssl.crt
1197
1198
-------------------------------------------------------------------
1199
Wed Dec  7 11:07:21 CET 2005 - poeml@suse.de
1200
1201
- patch apxs to use the new a2enmod tool, when called with -a
1202
- add -l option to a2enmod, which gives a list of active modules
1203
- adjust feedback address in the readmes
1204
- update README.QUICKSTART.SSL (mention TinyCA)
1205
- add more documentation in server-tuning.conf, and adjust defaults
1206
- do not document the restart-hup action of the init script. It
1207
  should not be used
1208
- don't install the tool checkgid -- it is only usable during
1209
  installation
1210
1211
-------------------------------------------------------------------
1212
Fri Nov 18 13:22:21 CET 2005 - poeml@suse.de
1213
1214
- fix duplicated Source45 tag
1215
1216
-------------------------------------------------------------------
1217
Mon Oct 24 14:17:08 CEST 2005 - poeml@suse.de
1218
1219
- update to 2.0.55. Relevant changes:
1220
  | SECURITY: CAN-2005-2700 (cve.mitre.org)
1221
  |    mod_ssl: Fix a security issue where "SSLVerifyClient" was
1222
  |    not enforced in per-location context if "SSLVerifyClient
1223
  |    optional" was configured in the vhost configuration.
1224
  | SECURITY: CAN-2005-2491 (cve.mitre.org): 
1225
  |    Fix integer overflows in PCRE in quantifier parsing which
1226
  |    could be triggered by a local user through use of a
1227
  |    carefully-crafted regex in an .htaccess file.
1228
  | SECURITY: CAN-2005-2088 (cve.mitre.org)
1229
  |    proxy: Correctly handle the Transfer-Encoding and
1230
  |    Content-Length headers.  Discard the request Content-Length
1231
  |    whenever T-E: chunked is used, always passing one of either
1232
  |    C-L or T-E: chunked whenever the request includes a request
1233
  |    body.  Resolves an entire class of proxy HTTP Request
1234
  |    Splitting/Spoofing attacks.
1235
  | SECURITY: CAN-2005-2728 (cve.mitre.org)
1236
  |    Fix cases where the byterange filter would buffer responses
1237
  |    into memory.  PR 29962.
1238
  | SECURITY: CAN-2005-2088 (cve.mitre.org)
1239
  |    core: If a request contains both Transfer-Encoding and
1240
  |    Content-Length headers, remove the Content-Length,
1241
  |    mitigating some HTTP Request Splitting/Spoofing attacks.
1242
  | SECURITY: CAN-2005-1268 (cve.mitre.org)
1243
  |    mod_ssl: Fix off-by-one overflow whilst printing CRL
1244
  |    information at "LogLevel debug" which could be triggered if
1245
  |    configured to use a "malicious" CRL.  PR 35081.
1246
  | miscellaneous:
1247
  |  - worker MPM: Fix a memory leak which can occur after an
1248
  |    aborted connection in some limited circumstances.
1249
  |  - worker mpm: don't take down the whole server for a transient
1250
  |    thread creation failure. PR 34514
1251
  |  - Added TraceEnable [on|off|extended] per-server directive to
1252
  |    alter the behavior of the TRACE method.  This addresses a
1253
  |    flaw in proxy conformance to RFC 2616 - previously the proxy
1254
  |    server would accept a TRACE request body although the RFC
1255
  |    prohibited it.  The default remains 'TraceEnable on'. 
1256
  |  - Add ap_log_cerror() for logging messages associated with
1257
  |    particular client connections.
1258
  |  - Support the suppress-error-charset setting, as with Apache
1259
  |    1.3.x.  PR 31274.
1260
  |  - Fix bad globbing comparison which could result in getting a
1261
  |    directory listing when a file was requested. PR 34512.
1262
  |  - Fix a file descriptor leak when starting piped loggers.  PR
1263
  |    33748. 
1264
  |  - Prevent hangs of child processes when writing to piped
1265
  |    loggers at the time of graceful restart.  PR 26467.
1266
  | mod_cgid:
1267
  |  - Correct mod_cgid's argv[0] so that the full path can be
1268
  |    delved by the invoked cgi application, to conform to the
1269
  |    behavior of mod_cgi.
1270
  | mod_include:
1271
  |  - Fix possible environment variable corruption when using
1272
  |    nested includes.  PR 12655.
1273
  | mod_ldap:
1274
  |  - Fix PR 36563. Keep track of the number of attributes
1275
  |    retrieved from LDAP so that all of the values can be
1276
  |    properly cached even if the value is NULL. 
1277
  |  - Fix core dump if mod_auth_ldap's
1278
  |    mod_auth_ldap_auth_checker() was called even if
1279
  |    mod_auth_ldap_check_user_id() was not (or if it didn't
1280
  |    succeed) for non-authoritative cases.
1281
  |  - Avoid segfaults when opening connections if using a version
1282
  |    of OpenLDAP older than 2.2.21.  PR 34618.
1283
  |  - Fix various shared memory cache handling bugs.  PR 34209.
1284
  | mod_proxy:
1285
  |  - Fix over-eager handling of '%' for reverse proxies.  PR
1286
  |    15207.
1287
  |  - proxy HTTP: If a response contains both Transfer-Encoding
1288
  |    and a Content-Length, remove the Content-Length and don't
1289
  |    reuse the connection, mitigating some HTTP Response
1290
  |    Splitting attacks.
1291
  |  - proxy HTTP: Rework the handling of request bodies to handle
1292
  |    chunked input and input filters which modify content length,
1293
  |    and avoid spooling arbitrary-sized request bodies in memory.
1294
  |    PR 15859.
1295
  | mod_ssl:
1296
  |  - Fix build with OpenSSL 0.9.8.  PR 35757.
1297
  | mod_rewrite:
1298
  |  - use buffered I/O to improve performance with large
1299
  |    RewriteMap txt: files.
1300
  | mod_userdir:
1301
  |  - Fix possible memory corruption issue.  PR 34588.
1302
- drop obsolete patches httpd-2.0.54-openssl-0.9.8.dif 
1303
                        httpd-2.0.54-CAN-2005-1268-mod_ssl-crl.dif 
1304
                        apache2-bundled-pcre-5.0-CAN-2005-2491.dif 
1305
                        httpd-2.0.54-SSLVerifyClient-CAN-2005-2700.diff 
1306
                        httpd-2.0.54-ap_byterange-CAN-2005-2728.diff
1307
- add httpd-2.0.55-37145_2.0.x.diff (broken mod_proxy in 2.0.55)
1308
1309
-------------------------------------------------------------------
1310
Thu Oct 20 15:50:35 CEST 2005 - poeml@suse.de
1311
1312
- rc.apache2: when stopping the server, wait for the actual binary
1313
  of the parent process to disappear. Waiting for the pid file to
1314
  disappear is not sufficient, because not all cleanup might be
1315
  finished at the time of its removal. [#96492], [#85539]
1316
1317
-------------------------------------------------------------------
1318
Wed Oct 12 15:42:47 CEST 2005 - poeml@suse.de
1319
1320
- fix security hole by wrongly initializing LD_LIBRARY_PATH in
1321
  /usr/sbin/envvars (used by apache2ctl only) [#118188]
1322
1323
-------------------------------------------------------------------
1324
Fri Sep 30 09:47:20 CEST 2005 - poeml@suse.de
1325
1326
- accomodate API changes to OpenSSL 0.9.8 (r209468 from 2.0.x branch)
1327
1328
-------------------------------------------------------------------
1329
Mon Sep 26 01:24:18 CEST 2005 - ro@suse.de
1330
1331
- define LDAP_DEPRECATED in CFLAGS 
1332
1333
-------------------------------------------------------------------
1334
Fri Sep  2 12:55:08 CEST 2005 - poeml@suse.de
1335
1336
- security fix [CAN-2005-2728 (cve.mitre.org)]:
1337
  fix memory consumption bug in byterange handling
1338
- security fix [CAN-2005-2700 (cve.mitre.org)]: [#114701]
1339
  if "SSLVerifyClient optional" has been configured at the vhost
1340
  context then "SSLVerifyClient require" is not enforced in a
1341
  location context within that vhost; effectively allowing clients
1342
  to bypass client-cert authentication checks. [#114701]
1343
1344
-------------------------------------------------------------------
1345
Wed Aug 31 15:39:38 CEST 2005 - poeml@suse.de
1346
1347
- Security fix: fix integer overflows in PCRE in quantifier parsing which
1348
  could be triggered by a local user through use of a carefully-crafted
1349
  regex in an .htaccess file. CAN-2005-2491 [#112651] [#106209]
1350
1351
-------------------------------------------------------------------
1352
Tue Aug 30 17:41:46 CEST 2005 - lmuelle@suse.de
1353
1354
- Escape also any forward slash while removing a word with sysconf_addword.
1355
1356
-------------------------------------------------------------------
1357
Fri Aug 26 14:33:34 CEST 2005 - lmuelle@suse.de
1358
1359
- Escape any forward slash in the word argument of sysconf_addword.
1360
1361
-------------------------------------------------------------------
1362
Sun Aug 14 00:20:26 CEST 2005 - ro@suse.de
1363
1364
- alingn suexec2 permissions with permissions.secure 
1365
1366
-------------------------------------------------------------------
1367
Thu Aug 11 11:09:49 CEST 2005 - poeml@suse.de
1368
1369
- the permissions files are now maintained centrally and packaged
1370
  in the permissions package. Package suexec2 with mode 0750. [#66304]
1371
1372
-------------------------------------------------------------------
1373
Fri Aug  5 13:10:21 CEST 2005 - poeml@suse.de
1374
1375
- change SSLMutex "default" so APR always picks the best on the
1376
  platform
1377
- fix Source42 tag which was present twice
1378
- add a2enmod/a2enflag to add/remove modules/flags conveniently
1379
- add charset.conv table for mod_auth_ldap
1380
- make sure that suse_version is defined (it might be unset by e.g.
1381
  ISPs preinstallations)
1382
1383
-------------------------------------------------------------------
1384
Tue Jul 12 23:49:29 CEST 2005 - poeml@suse.de
1385
1386
- security fix [CAN-2005-2088 (cve.mitre.org)]: core: If a request
1387
  contains both Transfer-Encoding and a Content-Length, remove the
1388
  Content-Length, stopping some HTTP Request smuggling attacks.
1389
  mod_proxy: Reject chunked requests. [#95709]
1390
- security fix [CAN-2005-1268 (cve.mitre.org)]: mod_ssl: fix
1391
  off-by-one overflow whilst printing CRL information at "LogLevel
1392
  debug" which could be triggered if configured to use a
1393
  "malicious" CRL.  PR 35081. [#95709]
1394
1395
-------------------------------------------------------------------
1396
Mon Jun 20 12:57:17 CEST 2005 - poeml@suse.de
1397
1398
- add httpd-2.0.47-pie.patch from from 2.1.3-dev to compile with
1399
  -fpie and link with -pie
1400
1401
-------------------------------------------------------------------
1402
Wed May 18 16:46:22 CEST 2005 - poeml@suse.de
1403
1404
- update to 2.0.54. Relevant changes:
1405
  | mod_cache: 
1406
  |  - Add CacheIgnoreHeaders directive.  PR 30399.
1407
  | mod_dav:
1408
  | - Correctly export all public functions.
1409
  | mod_ldap:
1410
  | - Added the directive LDAPConnectionTimeout to configure the
1411
  |   ldap socket connection timeout value.
1412
  | mod_ssl: 
1413
  | - If SSLUsername is used, set r->user earlier.  PR 31418.
1414
  | miscellaneous:
1415
  | - Unix MPMs: Shut down the server more quickly when child
1416
  |   processes are slow to exit.
1417
  | - worker MPM: Fix a problem which could cause httpd processes
1418
  |   to remain active after shutdown.
1419
  | - Remove formatting characters from ap_log_error() calls.
1420
  |   These were escaped as fallout from CAN-2003-0020.
1421
  | - core_input_filter: Move buckets to a persistent brigade
1422
  |   instead of creating a new brigade. This stop a memory leak
1423
  |   when proxying a Streaming Media Server. PR 33382.
1424
  | - htdigest: Fix permissions of created files.  PR 33765.
1425
1426
-------------------------------------------------------------------
1427
Mon Mar 14 17:13:27 CET 2005 - poeml@suse.de
1428
1429
- revise README
1430
1431
-------------------------------------------------------------------
1432
Mon Mar  7 17:14:16 CET 2005 - poeml@suse.de
1433
1434
- when building the suexec binary, set the "docroot" compile time
1435
  option to the datadir (/srv/www) instead of the htdocsdir
1436
  (/srv/www/htdocs), so it can be used with virtual hosts placed
1437
  e.g. in /srv/www/vhosts [#63845] Suggested by Winfried Kuiper.
1438
- add php5 to APACHE_MODULES by default, so it can be used simply
1439
  by installing the package. Suppress warning about not-found
1440
  module in the php4/php5 case. [#66729]
1441
- remove a redundant get_module_list call from the init script
1442
- add hints about vhost setup to README.QUICKSTART
1443
- after a change of APACHE_MPM, apache2-reconfigure-mpm is no
1444
  longer needed since SuSEconfig.apache2 is gone. Leave it for
1445
  compatibility, because /etc/sysconfig/apache2 is probably not
1446
  updated and yast may still use it.
1447
- move the 4 most important variables in sysconfig.apache2 to the
1448
  top of the file
1449
- add note about the old monolithic configuration file and how to
1450
  use it
1451
- drop patch httpd-2.0.40-openssl-version.dif (we don't even have
1452
  openssl-0.9.6e anywhere, any longer)
1453
1454
-------------------------------------------------------------------
1455
Wed Mar  2 12:38:55 CET 2005 - poeml@suse.de
1456
1457
- fix TLS upgrade patch: with SSLEngine set to Optional, an
1458
  additional token in an Upgrade: header before "TLS/1.0" could
1459
  result into an infinite loop [#67126]
1460
1461
-------------------------------------------------------------------
1462
Tue Feb 22 16:23:33 CET 2005 - poeml@suse.de
1463
1464
- run /usr/share/apache2/get_module_list post install, which will
1465
  also create the symlink to the httpd2 binary, which might be
1466
  necessary during package building when apache has been installed
1467
  but never been run.
1468
1469
-------------------------------------------------------------------
1470
Mon Feb 21 16:16:16 CET 2005 - poeml@suse.de
1471
1472
- remove SuSEconfig.apache2
1473
1474
-------------------------------------------------------------------
1475
Fri Feb 11 15:14:14 CET 2005 - poeml@suse.de
1476
1477
- raise DYNAMIC_MODULE_LIMIT to 80. The test suite loading all
1478
  available modules plus 9 perl modules was beginning to fail
1479
1480
-------------------------------------------------------------------
1481
Wed Feb  9 11:46:37 CET 2005 - poeml@suse.de
1482
1483
- update to 2.0.53. Relevant changes:
1484
  | SECURITY: CAN-2004-0942 (cve.mitre.org)
1485
  |   Fix for memory consumption DoS in handling of MIME folded request
1486
  |   headers.
1487
  | SECURITY: CAN-2004-0885 (cve.mitre.org)
1488
  |   mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
1489
  |   bypassed during an SSL renegotiation.  PR 31505.
1490
  | mod_dumpio: 
1491
  |  - new I/O logging/dumping module, added to the
1492
  |    modules/expermimental subdirectory.
1493
  | mod_ssl:
1494
  |  - fail quickly if SSL connection is aborted rather than making
1495
  |    many doomed ap_pass_brigade calls.  PR 32699.
1496
  |  - Fail at startup rather than segfault at runtime if a client cert
1497
  |    is configured with an encrypted private key.  PR 24030.
1498
  | mod_include:
1499
  |  - Fix bug which could truncate variable expansions of N*64
1500
  |    characters by one byte.  PR 32985.
1501
  | mod_status:
1502
  |  - Start keeping track of time-taken-to-process-request again if
1503
  |    ExtendedStatus is enabled.
1504
  | util_ldap:
1505
  |  - Util_ldap: Implemented the util_ldap_cache_getuserdn() API so
1506
  |    that ldap authorization only modules have access to the
1507
  |    util_ldap user cache without having to require ldap
1508
  |    authentication as well.  PR 31898.
1509
  | mod_ldap:
1510
  |  - Fix format strings to use %APR_PID_T_FMT instead of %d.
1511
  |  - prevent the possiblity of an infinite loop in the LDAP
1512
  |    statistics display. PR 29216.
1513
  |  - fix a bogus error message to tell the user which file is causing
1514
  |    a potential problem with the LDAP shared memory cache.  PR 31431
1515
  |  - Fix the re-linking issue when purging elements from the LDAP
1516
  |    cache PR 24801.
1517
  | mod_auth_ldap:
1518
  |  - Added the directive "Requires ldap-attribute" that allows the
1519
  |    module to only authorize a user if the attribute value specified
1520
  |    matches the value of the user object. PR 31913
1521
  |  - Handle the inconsistent way in which the MS LDAP library handles
1522
  |    special characters.  PR 24437.
1523
  | mod_proxy:
1524
  |  - Fix ProxyRemoteMatch directive.  PR 33170.
1525
  |  - Respect errors reported by pre_connection hooks.
1526
  |  - Handle client-aborted connections correctly.  PR 32443.
1527
  | mod_cache:
1528
  |  - CacheDisable will only disable the URLs it was meant to disable,
1529
  |    not all caching. PR 31128.
1530
  |  - Try to correctly follow RFC 2616 13.3 on validating stale cache
1531
  |    responses.
1532
  |  - Fix Expires handling.
1533
  | mod_disk_cache:
1534
  |  - Do not store aborted content.  PR 21492.
1535
  |  - Correctly store cached content type.  PR 30278.
1536
  |  - Do not store hop-by-hop headers.
1537
  |  - Fix races in saving responses.
1538
  | mod_expires:
1539
  |  - Alter mod_expires to run at a different filter priority to allow
1540
  |    proper Expires storage by mod_cache.
1541
  | mod_rewrite:
1542
  |  - Handle per-location rules when r->filename is unset.  Previously
1543
  |    this would segfault or simply not match as expected, depending
1544
  |    on the platform.
1545
  |  - Fix 0 bytes write into random memory position.  PR 31036.
1546
  | miscellaneous:
1547
  |  - Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
1548
  |  - apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
1549
  |  - Allow for the use of --with-module=foo:bar where the ./modules/foo
1550
  |    directory is local only. Assumes, of course, that the required
1551
  |    files are in ./modules/foo, but makes it easier to statically
1552
  |    build/log "external" modules.
1553
  |  - --with-module can now take more than one module to be statically
1554
  |    linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
1555
  |    If the <modtype>-subdirectory doesn't exist it will be created and
1556
  |    populated with a standard Makefile.in.
1557
  |  - Fix handling of files >2Gb on all platforms (or builds) where
1558
  |    apr_off_t is larger than apr_size_t.  PR 28898.
1559
  |  - Remove compiled-in upper limit on LimitRequestFieldSize.
1560
  |  - Correct handling of certain bucket types in ap_save_brigade, fixing
1561
  |    possible segfaults in mod_cgi with #include virtual.  PR 31247.
1562
  |  - conf: Remove AddDefaultCharset from the default configuration
1563
  |    because setting a site-wide default does more harm than good. PR
1564
  |    23421.
1565
  |  - Add charset to example CGI scripts.
1566
- merge tls-upgrade.patch
1567
- remove obsolete httpd-2.0.47-headtail.dif
1568
          httpd-2.0.52-util_ldap_cache_mgr.c.dif
1569
          httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.dif
1570
          httpd-2.0.52-ssl-incomplete-keypair.dif
1571
          httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.dif
1572
          httpd-2.0.52.21492.diff
1573
          httpd-2.0.52.30278.diff
1574
          httpd-2.0.52.30399.diff
1575
          httpd-2.0.52.30419.diff
1576
          httpd-2.0.52.31385.diff
1577
- sync configuration with upstream changes
1578
  * Remove AddDefaultCharset (see upstream changelog above)
1579
  * LanguagePriority for error documents updated
1580
1581
-------------------------------------------------------------------
1582
Sat Jan 15 20:46:53 CET 2005 - schwab@suse.de
1583
1584
- Use <owner>:<group> in permissions file.
1585
1586
-------------------------------------------------------------------
1587
Tue Jan 11 14:08:35 CET 2005 - schwab@suse.de
1588
1589
- Fix /etc/init.d/apache2 to use readlink instead of linkto or file.
1590
1591
-------------------------------------------------------------------
1592
Mon Nov 29 14:42:40 CET 2004 - hvogel@suse.de
1593
1594
- fix permission handling
1595
1596
-------------------------------------------------------------------
1597
Thu Nov 11 13:06:22 CET 2004 - poeml@suse.de
1598
1599
- fix /etc/init.d/apache2 to correctly handle the start of multiple
1600
  instances of the same binary (using startproc -f plus prior check
1601
  for running instance) [#48153]
1602
- fix helper scripts to allow overriding of $sysconfig_file and
1603
  other useful values
1604
- remove unused 'rundir' variable from /etc/init.d/apache2
1605
- removed backward compatibility code for pre-8.0
1606
- add documentation to the vhost template files and
1607
  README.QUICKSTART
1608
1609
-------------------------------------------------------------------
1610
Mon Nov  8 16:14:23 CET 2004 - poeml@suse.de
1611
1612
- security fix [CAN-2004-0942 (cve.mitre.org)]: Fix for memory
1613
  consumption DoS [#47967]
1614
1615
-------------------------------------------------------------------
1616
Thu Nov  4 16:47:59 CET 2004 - poeml@suse.de
1617
1618
- remove heimdal-devel from #neededforbuild, it is not needed
1619
1620
-------------------------------------------------------------------
1621
Fri Oct 15 07:44:20 CEST 2004 - poeml@suse.de
1622
1623
- fix SSLCipherSuite bypass CAN-2004-0885 (cve.mitre.org) [#47117]
1624
- update the TLS upgrade patch [#47207]
1625
  - mod_ssl returned invalid method on TLS upgraded connections
1626
  - additional checks for httpd_method and default_port hooks
1627
  - fixed typo in upgrade header
1628
- add patches from Ruediger Pluem for the experimental modules
1629
  mod_disk_cache, mod_cache
1630
   PR 21492: mod_disk_cache: Do not store aborted content.
1631
   PR 30278: mod_disk_cache: Correctly store cached content type.
1632
   PR 30399: make storing of Set-Cookie headers optional
1633
   PR 30419: weird caching behaviour of mod_cache and old Cookies
1634
   PR 31385: skipping start of file if recaching already cached file
1635
- patch from 2.0.53: Fail to configure when an SSL proxy is
1636
  configured with incomplete client cert keypair, rather than
1637
  segfaulting at runtime. PR 24030
1638
  http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
1639
1640
-------------------------------------------------------------------
1641
Mon Oct 11 14:31:42 CEST 2004 - poeml@suse.de
1642
1643
- add patch fixing re-linking issue when purging elements from the
1644
  LDAP cache. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24801
1645
  http://www.apache.org/dist/httpd/patches/apply_to_2.0.52/util_ldap_cache_mgr.c.patch
1646
1647
-------------------------------------------------------------------
1648
Mon Oct 11 14:07:33 CEST 2004 - poeml@suse.de
1649
1650
- sync update configuration with upstream changes (2.0.52)
1651
  (mostly comments; configuration for spanish manual added)
1652
- add mime type for shortcut icons (favicon.ico)
1653
1654
-------------------------------------------------------------------
1655
Fri Oct  8 18:36:21 CEST 2004 - poeml@suse.de
1656
1657
- update to 2.0.52. Relevant changes:
1658
  | SECURITY: CAN-2004-0811 (cve.mitre.org)
1659
  |   Fix merging of the Satisfy directive, which was applied to
1660
  |   the surrounding context and could allow access despite configured
1661
  |   authentication.  PR 31315.
1662
  | util_ldap:
1663
  |   Fix a segfault in the LDAP cache when it is configured switched off.
1664
  | mod_mem_cache: 
1665
  |   Fixed race condition causing segfault because of memory being
1666
  |   freed twice, or reused after being freed.
1667
  | mod_log_config: 
1668
  |   Fix a bug which prevented request completion time from being
1669
  |   logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
1670
  |   processing.  PR 29696.
1671
  | miscellaneous:
1672
  |   - Use HTML 2.0 <hr> for error pages. PR 30732
1673
  |   - Fix the handling of URIs containing %2F when
1674
  |     AllowEncodedSlashes is enabled.  Previously, such urls would
1675
  |     still be rejected.
1676
  |   - Fix the global mutex crash when the global mutex is never
1677
  |     allocated due to disabled/empty caches.
1678
  |   - Add -l option to rotatelogs to let it use local time rather
1679
  |     than UTC.  PR 24417.  
1680
- changes from 2.0.51:
1681
  | SECURITY: CAN-2004-0786 (cve.mitre.org)
1682
  |   Fix an input validation issue in apr-util which could be
1683
  |   triggered by malformed IPv6 literal addresses.
1684
  | SECURITY: CAN-2004-0747 (cve.mitre.org)
1685
  |   Fix buffer overflow in expansion of environment variables in
1686
  |   configuration file parsing.
1687
  | SECURITY: CAN-2004-0809 (cve.mitre.org)
1688
  |   mod_dav_fs: Fix a segfault in the handling of an indirect lock
1689
  |   refresh.  PR 31183.
1690
  | SECURITY: CAN-2004-0751 (cve.mitre.org)
1691
  |   mod_ssl: Fix a segfault in the SSL input filter which could be
1692
  |   triggered if using "speculative" mode, for instance by a proxy
1693
  |   request to an SSL server.  PR 30134.
1694
  | SECURITY: CAN-2004-0748 (cve.mitre.org)
1695
  |   mod_ssl: Fix a potential infinite loop.  PR 29964.
1696
  | mod_include:
1697
  |   no longer checks for recursion, because that's done in the core.
1698
  |   This allows for careful usage of recursive SSI.
1699
  | mod_rewrite:
1700
  |  - Fix memory leak in the cache handlingof mod_rewrite. PR 27862.
1701
  |  - Add %{SSL:...} and %{HTTPS} variable lookups.  PR 30464.
1702
  |  - mod_rewrite now officially supports RewriteRules in <Proxy>
1703
  |    sections.  PR 27985.
1704
  |  - no longer confuse the RewriteMap caches if different maps
1705
  |    defined in different virtual hosts use the same map name. PR 26462.
1706
  | mod_ssl: 
1707
  |  - Add new 'ssl_is_https' optional function.
1708
  |  - Add "SSLUserName" directive to set r->user based on a chosen SSL
1709
  |    environment variable.  PR 20957.
1710
  |  - Avoid startup failure after unclean shutdown if using shmcb.  PR 18989.
1711
  | mod_autoindex: 
1712
  |  - Don't truncate the directory listing if a stat() call fails (for
1713
  |    instance on a >2Gb file).  PR 17357.
1714
  | mod_cache, mod_disk_cache, mod_mem_cache:
1715
  |  - Refactor cache modules, and switch to the provider API instead
1716
  |    of hooks.
1717
  | mod_disk_cache:
1718
  |  - Implement binary format for on-disk header files.
1719
  |  - Optimize network performance of disk cache subsystem by allowing
1720
  |    zero-copy (sendfile) writes and other miscellaneous fixes.
1721
  | mod_userdir: 
1722
  |  - Ensure that the userdir identity is used for suexec userdir
1723
  |    access in a virtual host which has suexec configured.  PR 18156.
1724
  | mod_setenvif: 
1725
  |  - Remove "support" for Remote_User variable which never worked at
1726
  |    all. PR 25725.
1727
  |  - Extend the SetEnvIf directive to capture subexpressions of the
1728
  |    matched value.
1729
  | mod_headers:
1730
  |  - Backport from 2.1 / Regression from 1.3: mod_headers now knows
1731
  |    again the functionality of the ErrorHeader directive. But
1732
  |    instead using this misnomer additional flags to the Header
1733
  |    directive were introduced ("always" and "onsuccess", defaulting
1734
  |    to the latter).  PR 28657.
1735
  | mod_usertrack:
1736
  |  - Escape the cookie name before pasting into the regexp.
1737
  | mod_dir:
1738
  |  - the trailing-slash behaviour is now configurable using the
1739
  |    DirectorySlash directive.
1740
  | util_ldap:
1741
  |  - Switched the lock types on the shared memory cache from thread
1742
  |    reader/writer locks to global mutexes in order to provide cross
1743
  |    process cache protection.
1744
  |  - Reworked the cache locking scheme to eliminate duplicate cache
1745
  |    entries in the credentials cache due to race conditions.
1746
  |  - Enhanced the util_ldap cache-info display to show more detail
1747
  |    about the contents and current state of the cache.
1748
  | mod_ldap:
1749
  |  - Enable the option to support anonymous shared memory in
1750
  |    mod_ldap.  This makes the cache work on Linux again.
1751
  | miscellaneous:
1752
  |  - Include directives no longer refuse to process symlinks on
1753
  |    directories. Instead there's now a maximum nesting level of
1754
  |    included directories (128 as distributed). This is configurable
1755
  |    at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.  PR
1756
  |    28492, PR 28370.
1757
  |  - Prevent CGI script output which includes a Content-Range header
1758
  |    from being passed through the byterange filter.
1759
  |  - Satisfy directives now can be influenced by a surrounding
1760
  |    <Limit> container.  PR 14726.
1761
  |  - Makefile fix: httpd is linked against LIBS given to the 'make'
1762
  |    invocation.  PR 7882.
1763
  |  - suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
1764
  |  - apachectl: Fix a problem finding envvars if sbindir != bindir.
1765
  |    PR 30723.
1766
  |  - Use the higher performing 'httpready' Accept Filter on all
1767
  |    platforms except FreeBSD < 4.1.1.
1768
  |  - Allow proxying of resources that are invoked via DirectoryIndex.
1769
  |    PR 14648, 15112, 29961.
1770
  |  - Small fix to allow reverse proxying to an ftp server. Previously
1771
  |    an attempt to do this would try and connect to 0.0.0.0,
1772
  |    regardless of the server specified. PR 24922
1773
  |  - Enable special ErrorDocument value 'default' which restores the
1774
  |    canned server response for the scope of the directive.
1775
  |  - work around MSIE Digest auth bug - if
1776
  |    AuthDigestEnableQueryStringHack is set in r->subprocess_env
1777
  |    allow mismatched query strings to pass.  PR 27758.
1778
  |  - Accept URLs for the ServerAdmin directive. If the supplied
1779
  |    argument is not recognized as an URL, assume it's a mail
1780
  |    address.  PR 28174.
1781
  |  - initialize server arrays prior to calling
1782
  |    ap_setup_prelinked_modules so that static modules can push
1783
  |    Defines values when registering hooks just like DSO modules can 
1784
- drop obsolete security fixes
1785
    httpd-2.0.50-CAN-2004-0751-mod_ssl-proxied-request-segfault.dif
1786
    httpd-2.0.50-CAN-2004-0748-mod_ssl-input-filter-infinite-loop.dif
1787
    httpd-2.0.50-CAN-2004-0747-ENVVAR.dif
1788
    httpd-2.0.50-CAN-2004-0786-apr_uri_parse-IPv6-address-validation.dif
1789
    httpd-2.0.50-CAN-2004-0809-mod_dav-crash.dif
1790
- httpd-2.0.45-anon-mmap.dif included upstream
1791
1792
-------------------------------------------------------------------
1793
Tue Sep 14 12:11:58 CEST 2004 - poeml@suse.de
1794
1795
- security fix [CAN-2004-0809 (cve.mitre.org)]: fix possible DoS in
1796
  mod_dav by remotely triggerable null-pointer dereference
1797
  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183 [#45231]
1798
- fix hint about vhost checking in the SSL readme
1799
1800
-------------------------------------------------------------------
1801
Wed Sep  8 14:24:19 CEST 2004 - poeml@suse.de
1802
1803
- security fix [CAN-2004-0786 (cve.mitre.org)]: fix a vulnerability
1804
  in the apr-util library (lacking input validation on IPv6 literal
1805
  addresses in the apr_uri_parse function [#44736]
1806
- security fix [CAN-2004-0747 (cve.mitre.org)]: fix a buffer
1807
  overflow that can occur when expanding ${ENVVAR} constructs in
1808
  .htaccess or httpd.conf files. [#44736]
1809
1810
-------------------------------------------------------------------
1811
Mon Sep  6 12:48:21 CEST 2004 - poeml@suse.de
1812
1813
- rename check_forensic script to avoid clash with apache 1.3.x
1814
  package
1815
1816
-------------------------------------------------------------------
1817
Fri Aug 27 16:18:41 CEST 2004 - poeml@suse.de
1818
1819
- implement action "startssl" in the init script. [#42365]
1820
- add /usr/bin/check_forensic script to evaluate mod_log_forensic logs.
1821
- disable building of leader and metuxmpm MPMs.
1822
1823
-------------------------------------------------------------------
1824
Wed Aug 25 12:58:20 CEST 2004 - poeml@suse.de
1825
1826
- security fix [CAN-2004-0748 (cve.mitre.org)]: fix a potential
1827
  infinite loop in the SSL input filter which can be triggered by
1828
  an aborted connection
1829
  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29964 [#44103]
1830
- security fix [CAN-2004-0751 (cve.mitre.org)]: fix a potential
1831
  segfault in the SSL input filter which can be triggered by the
1832
  response to request which is proxied to a remote SSL server
1833
  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30134 [#44103]
1834
- remove the obsolete notify message on package update
1835
1836
-------------------------------------------------------------------
1837
Thu Jul  8 14:17:13 CEST 2004 - poeml@suse.de
1838
1839
- update to 2.0.50. Relevant changes:
1840
  | SECURITY: CAN-2004-0493 (cve.mitre.org)
1841
  |   Close a denial of service vulnerability identified by Georgi
1842
  |   Guninski which could lead to memory exhaustion with certain
1843
  |   input data.
1844
  | SECURITY: CAN-2004-0488 (cve.mitre.org)
1845
  |   mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for
1846
  |   a (trusted) client certificate subject DN which exceeds 6K in
1847
  |   length.
1848
  | mod_alias:
1849
  |   now emits a warning if it detects overlapping *Alias* directives.
1850
  | mod_cgi: Handle output on stderr during script execution on Unix
1851
  |   platforms; preventing deadlock when stderr output fills pipe
1852
  |   buffer.  Also fixes case where stderr from nph- scripts could be
1853
  |   lost.  PR 22030, 18348.
1854
  | mod_dav: 
1855
  |  - Fix a problem that could cause crashes when manipulating locks
1856
  |    on some platforms.
1857
  | mod_dav_fs: 
1858
  |  - Fix MKCOL response for missing parent collections, which caused
1859
  |    issues for the Eclipse WebDAV extension.  PR 29034.
1860
  | mod_deflate: 
1861
  |  - Fix memory consumption (which was proportional to the response
1862
  |    size).  PR 29318.
1863
  | mod_expires:
1864
  |  - Fix segfault which occured under certain circumstances. PR 28047.
1865
  | mod_headers:
1866
  |  - no longer crashes if an empty header value should be added.
1867
  | mod_log_forensic:
1868
  |  - new module.
1869
  | mod_logio:
1870
  |  - no longer removes the EOS bucket. PR 27928.
1871
  | mod_proxy:
1872
  |  - Fix handling of IPv6 numeric strings.
1873
  | mod_rewrite: 
1874
  |   no longer turns forward proxy requests into reverse proxy
1875
  |   requests. PR 28125
1876
  | mod_ssl: 
1877
  |  - Log the errors returned on failure to load or initialize a
1878
  |    crypto accelerator engine.
1879
  |  - Fix a potential segfault in the 'shmcb' session cache for small
1880
  |    cache sizes.  PR 27751.
1881
  |  - Fix memory leak in session cache handling.  PR 26562
1882
  |  - Fix potential segfaults when performing SSL shutdown from a pool
1883
  |    cleanup.  PR 27945.
1884
  | mod_auth_ldap/util_ldap:
1885
  |  - allow relative paths for LDAPTrustedCA to be resolved against
1886
  |    ServerRoot PR#26602
1887
  |  - Throw an error message if an attempt is made to use the
1888
  |    LDAPTrustedCA or LDAPTrustedCAType directives in a VirtualHost.
1889
  |    PR 26390
1890
  |  - Fix a potential segfault if the bind password in the LDAP cache
1891
  |    is NULL.  PR 28250.
1892
  |  - Overhaul handling of LDAP error conditions, so that the
1893
  |    util_ldap_* functions leave the connections in a sane state
1894
  |    after errors have occurred. PR 27748, 17274, 17599, 18661,
1895
  |    21787, 24595, 24683, 27134, 27271
1896
  |  - mod_ldap calls ldap_simple_bind_s() to validate the user
1897
  |    credentials.  If the bind fails, the connection is left in an
1898
  |    unbound state.  Make sure that the ldap connection record is
1899
  |    updated to show that the connection is no longer bound.
1900
  |  - Update the bind credentials for the cached LDAP connection to
1901
  |    reflect the last bind.  This prevents util_ldap from creating
1902
  |    unnecessary connections rather than reusing cached connections.
1903
  |  - Quotes cannot be used around require group and require dn
1904
  |    directives, update the documentation to reflect this. Also add
1905
  |    quotes around the dn and group within debug messages, to make it
1906
  |    more obvious why authentication is failing if quotes are used in
1907
  |    error.  PR 19304.
1908
  | miscellaneous:
1909
  |  - Allow RequestHeader directives to be conditional. PR 27951.
1910
  |  - Allow LimitRequestBody to be reset to unlimited. PR 29106
1911
  |  - <VirtualHost myhost> now applies to all IP addresses for myhost
1912
  |    instead of just the first one reported by the resolver.  This
1913
  |    corrects a regression since 1.3.
1914
  |  - Fix a bunch of cases where the return code of the regex compiler
1915
  |    was not checked properly. This affects: mod_setenvif,
1916
  |    mod_usertrack, mod_proxy, mod_proxy_ftp and core. PR 28218.
1917
  |  - Remove 2Gb log file size restriction on some 32-bit platforms.
1918
  |    PR 13511.
1919
  |  - htpasswd no longer refuses to process files that contain empty
1920
  |    lines.
1921
  |  - Regression from 1.3: At startup, suexec now will be checked for
1922
  |    availability, the setuid bit and user root. The works only if
1923
  |    httpd is compiled with the shipped APR version (0.9.5).  PR
1924
  |    28287.
1925
  |  - Unix MPMs: Stop dropping connections when the file descriptor is
1926
  |    at least FD_SETSIZE.
1927
  |  - Fix a segfault when requests for shared memory fails and returns
1928
  |    NULL. Fix a segfault caused by a lack of bounds checking on the
1929
  |    cache.  PR 24801.
1930
  |  - Ensure that lines in the request which are too long are properly
1931
  |    terminated before logging.
1932
  |  - htpasswd: use apr_temp_dir_get() and general cleanup
1933
  |  - logresolve: Allow size of log line buffer to be overridden at
1934
  |    build time (MAXLINE).  PR 27793.
1935
  |  - Fix the comment delimiter in htdbm so that it correctly parses
1936
  |    the username comment.  Also add a terminate function to allow
1937
  |    NetWare to pause the output before the screen is destroyed.
1938
  |  - Fix crash when Apache was started with no Listen directives.
1939
  |  - core_output_filter: Fix bug that could result in sending garbage
1940
  |    over the network when module handlers construct bucket brigades
1941
  |    containing multiple file buckets all referencing the same open
1942
  |    file descriptor.
1943
  |  - Fix memory corruption problem with ap_custom_response()
1944
  |    function.  The core per-dir config would later point to request
1945
  |    pool data that would be reused for different purposes on
1946
  |    different requests.
1947
- drop obsolete patches
1948
- change vendor string SuSE -> SUSE
1949
1950
-------------------------------------------------------------------
1951
Tue Jun 29 11:35:24 CEST 2004 - poeml@suse.de
1952
1953
- security fix [CAN-2004-0493 (cve.mitre.org)]: fix Denial of
1954
  Service vulnaribility which could lead to memory exhaustion with
1955
  certain input data. [#42566]
1956
1957
-------------------------------------------------------------------
1958
Fri Jun 18 11:39:53 CEST 2004 - poeml@suse.de
1959
1960
- package forgotten CHANGES file
1961
- package apr and apr-util documentation files
1962
- fix log_server_status2 to use perl's Socket module
1963
1964
-------------------------------------------------------------------
1965
Wed May 19 13:38:41 CEST 2004 - poeml@suse.de
1966
1967
- security fix for mod_ssl: fix buffer overflow in
1968
  ssl_util_uuencode() [#40791]
1969
1970
-------------------------------------------------------------------
1971
Wed Apr 28 14:04:34 CEST 2004 - poeml@suse.de
1972
1973
- add TLS upgrade patch [#39449]
1974
- add patch to allow writing log files larger than 2>GB [#39453]
1975
- obsolete apache and mod_ssl versions only when older than what is
1976
  shipped with 9.1
1977
- don't provide mod_ssl
1978
1979
-------------------------------------------------------------------
1980
Fri Apr  2 15:56:30 CEST 2004 - cschum@suse.de
1981
1982
- Add "suse_help_viewer" provides [#37932]
1983
1984
-------------------------------------------------------------------
1985
Mon Mar 29 17:57:46 CEST 2004 - poeml@suse.de
1986
1987
- provide and obsolete packages apache, mod_ssl, apache-doc and
1988
  apache-example-pages [#37084]
1989
1990
-------------------------------------------------------------------
1991
Mon Mar 22 18:37:27 CET 2004 - poeml@suse.de
1992
1993
- disable large file support by not building with _FILE_OFFSET_BITS=64,
1994
  in favour of retaining a binary compatible module API.
1995
  Therefore, do not change the module magic number. LFS can be
1996
  enabled by building via rpmbuild --define 'build_with_LFS 1'
1997
1998
-------------------------------------------------------------------
1999
Thu Mar 18 20:35:06 CET 2004 - poeml@suse.de
2000
2001
- update to proposed 2.0.49 tarball
2002
  - mod_cgid: Fix storage corruption caused by use of incorrect pool.
2003
  - docs update
2004
- remove APACHE_DOCUMENT_ROOT from sysconfig.apache2 [#32635]
2005
- fix a comment in default-server.conf
2006
- remove obsolete ssl_scache_cleanup support script and ftok helper
2007
2008
-------------------------------------------------------------------
2009
Tue Mar 16 00:41:07 CET 2004 - poeml@suse.de
2010
2011
- change mmn in header file as well, for modules that include it
2012
  from there
2013
2014
-------------------------------------------------------------------
2015
Mon Mar 15 17:36:07 CET 2004 - poeml@suse.de
2016
2017
- update to 2.0.49-rc2. Relevant changes:
2018
  | The whole codebase was relicensed and is now available under the
2019
  |   Apache License, Version 2.0 (http://www.apache.org/licenses).
2020
  |   [Apache Software Foundation]
2021
  | Security [CAN-2004-0113 (cve.mitre.org)]: mod_ssl: Fix a memory
2022
  |   leak in plain-HTTP-on-SSL-port handling.  PR 27106.
2023
  | Security [CAN-2003-0020 (cve.mitre.org)]: Escape arbitrary data
2024
  |   before writing into the errorlog. Unescaped errorlogs are still
2025
  |   possible using the compile time switch
2026
  |   "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
2027
  | mod_ssl:
2028
  |  - Send the Close Alert message to the peer before closing the
2029
  |    SSL session.  PR 27428.
2030
  |  - Fix bug in passphrase handling which could cause spurious
2031
  |    failures in SSL functions later.  PR 21160.
2032
  |  - Fix potential segfault on lookup of SSL_SESSION_ID.  PR 15057.
2033
  |  - Fix streaming output from an nph- CGI script. PR 21944
2034
  |  - Advertise SSL library version as determined at run-time rather
2035
  |    than at compile-time.  PR 23956.
2036
  |  - Fix segfault on a non-SSL request if the 'c' log format code
2037
  |    is used.  PR 22741.
2038
  |  - Fix segfaults at startup if other modules which use OpenSSL
2039
  |    are also loaded.
2040
  |  - Use human-readable OpenSSL error strings in logs; use
2041
  |    thread-safe interface for retrieving error strings.
2042
  | mod_cache:
2043
  |  - Fixed cache-removal order in mod_mem_cache.
2044
  |  - Fix segfault in mod_mem_cache cache_insert() due to cache size
2045
  |    becoming negative.  PR: 21285, 21287
2046
  |  - Modified the cache code to be header-location agnostic. Also
2047
  |    fixed a number of other cache code bugs related to PR 15852.
2048
  |    Includes a patch submitted by Sushma Rai <rsushma novell.com>.
2049
  |    This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
2050
  |    closing the PR since that is what they are using.
2051
  | mod_dav:
2052
  |  - Reject requests which include an unescaped fragment in the
2053
  |    Request-URI.  PR 21779.
2054
  |  - Use bucket brigades when reading PUT data. This avoids
2055
  |    problems if the data stream is modified by an input filter. PR
2056
  |    22104.
2057
  |  - Return a WWW-auth header for MOVE/COPY requests where the
2058
  |    destination resource gives a 401.  PR 15571.
2059
  |  - Fix a problem with namespace mappings being dropped in
2060
  |    mod_dav_fs; if any property values were set which defined
2061
  |    namespaces these came out mangled in the PROPFIND response.
2062
  |    PR 11637.
2063
  | mod_expires:
2064
  |  - Initialize ExpiresDefault to NULL instead of "" to avoid
2065
  |    reporting an Internal Server error if it is used without
2066
  |    having been set in the httpd.conf file. PR: 23748, 24459
2067
  |  - Add support for IMT minor-type wildcards (e.g., text/*) to
2068
  |    ExpiresByType.  PR#7991
2069
  | mod_log_config / logging:
2070
  |  - Fix some piped log problems: bogus "piped log program '(null)'
2071
  |    failed" messages during restart and problem with the logger
2072
  |    respawning again after Apache is stopped.  PR 21648, PR 24805.
2073
  |  - mod_log_config: Fix corruption of buffered logs with threaded
2074
  |    MPMs.  PR 25520.
2075
  |  - mod_log_config: Log the minutes component of the timezone correctly.
2076
  |    PR 23642.
2077
  | mod_proxy*:
2078
  |  - proxy_http fix: mod_proxy hangs when both KeepAlive and
2079
  |    ProxyErrorOverride are enabled, and a non-200 response without a
2080
  |    body is generated by the backend server. (e.g.: a client makes a
2081
  |    request containing the "If-Modified-Since" and "If-None-Match"
2082
  |    headers, to which the backend server respond with status 304.)
2083
  |  - Fix memory leak in handling of request bodies during reverse
2084
  |    proxy operations.  PR 24991.
2085
  |  - mod_proxy: Fix cases where an invalid status-line could be sent 
2086
  |    to the client.  PR 23998.
2087
  | mod_rewrite:
2088
  |  - Catch an edge case, where strange subsequent RewriteRules
2089
  |    could lead to a 400 (Bad Request) response.
2090
  |  - Make REMOTE_PORT variable available in mod_rewrite.  PR 25772.
2091
  |  - In external rewrite maps lookup keys containing
2092
  |    a newline now cause a lookup failure. PR 14453.
2093
  |  - Fix RewriteBase directive to not add double slashes.
2094
  | mod_usertrack:
2095
  |  - Fix bug in mod_usertrack when no CookieName is set.
2096
  |  - mod_usertrack no longer inspects the Cookie2 header for
2097
  |    the cookie name. PR 11475.
2098
  |  - mod_usertrack no longer overwrites other cookies.
2099
  |    PR 26002.
2100
  | mod_include, filters:
2101
  |  - Backport major overhaul of mod_include's filter parser from 2.1.
2102
  |    The new parser code is expected to be more robust and should
2103
  |    catch all of the edge cases that were not handled by the previous one.
2104
  |    The 2.1 external API changes were hidden by a wrapper which is
2105
  |    expected to keep the API backwards compatible.
2106
  |  - Add a hook (insert_error_filter) to allow filters to re-insert
2107
  |    themselves during processing of error responses. Enable mod_expires
2108
  |    to use the new hook to include Expires headers in valid error
2109
  |    responses. This addresses an RFC violation. It fixes PRs 19794,
2110
  |    24884, and 25123.
2111
  |  - complain via error_log when mod_include's INCLUDES filter is
2112
  |    enabled, but the relevant Options flag allowing the filter to run
2113
  |    for the specific resource wasn't set, so that the filter won't
2114
  |    silently get skipped. next remove itself, so the warning will be
2115
  |    logged only once
2116
  |  - Fix mod_include's expression parser to recognize strings correctly
2117
  |    even if they start with an escaped token.
2118
  |  - Fix a problem with the display of empty variables ("SetEnv foo") in
2119
  |    mod_include.  PR 24734
2120
  |  - mod_include no longer allows an ETag header on 304 responses.
2121
  |    PR 19355.
2122
  | mod_autoindex:
2123
  |  - Don't omit the <tr> start tag if the SuppressIcon option is
2124
  |    set. PR 21668.
2125
  |  - Restore the ability to add a description for directories that
2126
  |    don't contain an index file.  (Broken in 2.0.48)
2127
  |  - mod_autoindex / core: Don't fail to show filenames containing
2128
  |    special characters like '%'. PR 13598.
2129
  |  - Add 'XHTML' option in order to allow switching between HTML
2130
  |    3.2 and XHTML 1.0 output. PR 23747.
2131
  | mod_status:
2132
  |  - Add mod_status hook to allow modules to add to the mod_status
2133
  |    report.
2134
  |  - Report total CPU time accurately when using a threaded MPM.
2135
  |    PR 23795.
2136
  | mod_info:
2137
  |  - Fix mod_info to use the real config file name, not the default
2138
  |    config file name.
2139
  |  - HTML escape configuration information so it displays
2140
  |    correctly. PR 24232.
2141
  | mod_auth_digest:
2142
  |  - Allow mod_auth_digest to work with sub-requests with different
2143
  |    methods than the original request.  PR 25040.
2144
  | mod_auth_ldap:
2145
  |  - Fix some segfaults in the cache logic.  PR 18756.
2146
  | mod_cgid:
2147
  |  - Restart the cgid daemon if it crashes.  PR 19849
2148
  | mod_setenvif:
2149
  |  - Fix the regex optimizer, which under circumstances
2150
  |    treated the supplied regex as literal string. PR 24219.
2151
  | miscellaneous:
2152
  |  - core.c: If large file support is enabled, allow any file that is
2153
  |    greater than AP_MAX_SENDFILE to be split into multiple buckets.
2154
  |    This allows Apache to send files that are greater than 2gig.
2155
  |    Otherwise we run into 32/64 bit type mismatches in the file size.
2156
  |  - Fixed file extensions for real media files and removed rpm extension
2157
  |    from mime.types. PR 26079.
2158
  |  - Remove compile-time length limit on request strings. Length is
2159
  |    now enforced solely with the LimitRequestLine config directive.
2160
  |  - Set the scoreboard state to indicate logging prior to running 
2161
  |    logging hooks so that server-status will show 'L' for hung loggers
2162
  |    instead of 'W'.
2163
  |  - Fix the inability to log errors like exec failure in
2164
  |    mod_ext_filter/mod_cgi script children.  This was broken after 
2165
  |    such children stopped inheriting the error log handle.  
2166
  |  - fix "Expected </Foo>> but saw </Foo>" errors in nested,
2167
  |    argumentless containers.
2168
  |  - ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
2169
  |    instead of mmn.
2170
  |  - Add Polish translation of error messages.  PR 25101.
2171
  |  - Add AP_MPMQ_MPM_STATE function code for ap_mpm_query.
2172
  |  - Fix htdbm to generate comment fields in DBM files correctly.
2173
  |  - Correct UseCanonicalName Off to properly check incoming port number.
2174
  |  - Fix slow graceful restarts with prefork MPM.
2175
  |  - Keep focus of ITERATE and ITERATE2 on the current module when
2176
  |    the module chooses to return DECLINE_CMD for the directive.
2177
  |    PR 22299.
2178
  |  - Build array of allowed methods with proper dimensions, fixing
2179
  |    possible memory corruption.
2180
  |  - worker MPM: fix stack overlay bug that could cause the parent
2181
  |    process to crash.
2182
  |  - Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
2183
  |  - Fix build with parallel make.  PR 24643.
2184
  |  - Add fatal exception hook for use by diagnostic modules.  The hook
2185
  |    is only available if the --enable-exception-hook configure parm 
2186
  |    is used and the EnableExceptionHook directive has been set to 
2187
  |    "on".
2188
  |  - Improve 'configure --help' output for some modules.
2189
- drop two hunks from httpd-2.0.47-headtail.dif (buildcheck.sh is
2190
  fixed)
2191
- disable automatic restarts, because they do not work properly
2192
  [#35408]
2193
- change MMN to prevent loading of incompatible modules (modules
2194
  that are not built with `apxs -q CFLAGS` and therefore miss
2195
  _FILE_OFFSET_BITS=64). Provide our old apache_mmn_20020903 in
2196
  addition.
2197
- use CPPFLAGS for passing preprocessor flags because they are
2198
  removed from CFLAGS
2199
- Stop dropping connections when the file descriptor
2200
  is at least FD_SETSIZE. This isn't a problem on Linux because
2201
  poll() is used instead of select() by APR. Assert HAVE_POLL.
2202
  [#34178]
2203
- add modifications to the code to the NOTICE file as required by
2204
  the new license
2205
2206
-------------------------------------------------------------------
2207
Fri Feb 27 17:42:24 CET 2004 - poeml@suse.de
2208
2209
- compile with -DSSL_EXPERIMENTAL_ENGINE to allow usage of hardware
2210
  crypto accelerators
2211
- compile with -DMAX_SERVER_LIMIT=200000
2212
- if an SSL passphrase is not entered within the timeout, fall back
2213
  to start apache without SSL (with -D NOSSL). This could/should be
2214
  made configurable.
2215
- clean up output of SuSEconfig.apache2
2216
- add pre-defined LogFormat "vhost_combined"
2217
- configure /var/lib/apache2 for WebDAV locks
2218
- add a readme about configuring WebDAV with digest authentication
2219
- add default configuration for mod_usertrack (this is the current
2220
  workaround for the problem in the 1.3.29/2.0.48 release that
2221
  occurs if no CookieName is configured)
2222
- in vhost.template, enclose all virtual host configuration in the
2223
  VirtualHost container
2224
- update metuxmpm patch to r7
2225
- fix test run as non-root
2226
2227
-------------------------------------------------------------------
2228
Tue Jan 13 16:38:05 CET 2004 - schwab@suse.de
2229
2230
- Fix quoting in autoconf macros.
2231
2232
-------------------------------------------------------------------
2233
Sat Dec 13 17:28:48 CET 2003 - poeml@suse.de
2234
2235
- add changes to gensslcert from Volker Kuhlmann [#31803]
2236
- revert default character set from UTF-8 to ISO-8859-1, and revert
2237
  the misleading comment that talked about filenames while it is
2238
  all about content of the files
2239
2240
-------------------------------------------------------------------
2241
Tue Nov 18 14:14:39 CET 2003 - poeml@suse.de
2242
2243
- add a ServerLimit directive to server-tuning.conf, so it's
2244
  already in the right place if someone needs to tweak it [#32852]
2245
2246
-------------------------------------------------------------------
2247
Fri Nov  7 13:00:07 CET 2003 - poeml@suse.de
2248
2249
- mark apache2-manual.conf in %files doc as %config
2250
- wrap directives specific to the mod_negotiation module into an
2251
  <IfModule> block [#32848]
2252
2253
-------------------------------------------------------------------
2254
Thu Oct 30 11:41:19 CET 2003 - poeml@suse.de
2255
2256
- update to 2.0.48. Relevant / user visible changes are:
2257
  Security [CAN-2003-0789]: Resolve some mishandling of the AF_UNIX
2258
    socket used to communicate with the cgid daemon and the CGI
2259
    script.
2260
  Security [CAN-2003-0542]: Fix buffer overflows in mod_alias and
2261
    mod_rewrite which occurred if one configured a regular
2262
    expression with more than 9 captures.
2263
  mod_rewrite: 
2264
    - Don't die silently when failing to open RewriteLogs. PR 23416
2265
    - Fix support of the [P] option to send rewritten request using
2266
      "proxy:". The code was adding multiple "proxy:" fields in the
2267
      rewritten URI. PR: 13946.
2268
    - Ignore RewriteRules in .htaccess files if the directory
2269
      containing the .htaccess file is requested without a trailing
2270
      slash.  PR 20195.
2271
  mod_include: 
2272
    - Fix a trio of bugs that would cause various unusual sequences
2273
      of parsed bytes to omit portions of the output stream. PR 21095
2274
    - fix segfault which occured if the filename was not set, for
2275
      example, when processing some error conditions.
2276
  mod_cgid: fix a hash table corruption problem which could
2277
    result in the wrong script being cleaned up at the end of a
2278
    request.
2279
  mod_ssl: Fix segfaults after renegotiation failure. PR 21370
2280
    - Fix a problem setting variables that represent the client
2281
      certificate chain.  PR 21371
2282
    - Fix FakeBasicAuth for subrequest.  Log an error when an
2283
      identity spoof is encountered.
2284
    - Assure that we block properly when reading input bodies with
2285
      SSL.  PR 19242.
2286
  mod_autoindex: If a directory contains a file listed in the
2287
    DirectoryIndex directive, the folder icon is no longer replaced
2288
    by the icon of that file. PR 9587.
2289
  mod_usertrack: do not get false positive matches on the
2290
    user-tracking cookie's name. PR 16661.
2291
  mod_cache: 
2292
    - Fix the cache code so that responses can be cached if they
2293
      have an Expires header but no Etag or Last-Modified headers.
2294
      PR 23130.  cache_util: Fix ap_check_cache_freshness to check
2295
      max_age, smax_age, and expires as directed in RFC 2616.
2296
  mod_deflate: 
2297
    - fix to not call deflate() without checking first whether it
2298
      has something to deflate. (Currently this causes deflate to
2299
      generate a fatal error according to the zlib spec.) PR 22259.
2300
    - Don't attempt to hold all of the response until we're done.
2301
    - Fix a bug, where mod_deflate sometimes unconditionally
2302
      compressed the content if the Accept-Encoding header
2303
      contained only other tokens than "gzip" (such as "deflate").
2304
      PR 21523.
2305
  mod_proxy: Don't respect the Server header field as set by
2306
    modules and CGIs.  As with 1.3, for proxy requests any such
2307
    field is from the origin server; otherwise it will have our
2308
    server info as controlled by the ServerTokens directive.
2309
  mod_log_config: Fix %b log format to write really "-" when 0
2310
    bytes were sent (e.g. with 304 or 204 response codes).
2311
  mod_ext_filter: Set additional environment variables for use by
2312
    the external filter.  PR 20944.
2313
  core: 
2314
    - allow <Foo>..</Foo> containers (no arguments in the opening
2315
      tag), as in 1.3. Needed by mod_perl <Perl> sections
2316
    - Fix a misleading message from the some of the threaded MPMs
2317
      when MaxClients has to be lowered due to the setting of
2318
      ServerLimit.  
2319
    - Avoid an infinite recursion, which occured if the name of an
2320
      included config file or directory contained a wildcard
2321
      character. PR 22194.
2322
    - MPMs: The bucket brigades subsystem now honors the MaxMemFree
2323
      setting.
2324
    - Lower the severity of the "listener thread didn't exit"
2325
      message to debug, as it is of interest only to developers.
2326
  miscellaneous:
2327
    - Update the header token parsing code to allow LWS between the
2328
      token word and the ':' seperator.  [PR 16520]
2329
    - Remember an authenticated user during internal redirects if
2330
      the redirection target is not access protected and pass it to
2331
      scripts using the REDIRECT_REMOTE_USER environment variable.
2332
      PR 10678, 11602.
2333
    - Update mime.types to include latest IANA and W3C types.
2334
    - Modify ap_get_client_block() to note if it has seen EOS.
2335
  ab: 
2336
    - Overlong credentials given via command line no longer clobber
2337
      the buffer.
2338
    - Work over non-loopback on Unix again. PR 21495.
2339
    - Fix NULL-pointer issue in ab when parsing an incomplete or
2340
      non-HTTP response. PR 21085.
2341
- add another example to apache2-listen.conf
2342
- update apache2-mod_mime-defaults.conf according to 2.0.48 changes
2343
  (be clearer in describing the connection between AddType and
2344
  AddEncoding for defining the meaning of compressed file
2345
  extensions.)
2346
- use a better example domain name in apache2-vhost-ssl.template
2347
- the "define version_perl" was nowhere needed
2348
2349
-------------------------------------------------------------------
2350
Mon Sep 22 17:49:40 CEST 2003 - mls@suse.de
2351
2352
- don't provide httpddoc in apache2-doc
2353
2354
-------------------------------------------------------------------
2355
Thu Sep 18 18:48:33 CEST 2003 - poeml@suse.de
2356
2357
- add mod_php4 to the default list of APACHE_MODULES, and change
2358
  get_module_list to ignore non-existant modules (warnings will
2359
  be issued when it is run from SuSEconfig, but not from the init
2360
  script). How to enable the PHP4 module has been the most
2361
  frequently asked questions in user feedback [cf to #29735].
2362
  This bug is tracked in [#31306]
2363
- include conf.d/*.conf by default, as it was the case until
2364
  recently. User feedback showed that for many people the
2365
  separation of configuration includes into individual virtual
2366
  hosts is overkill, and it complicates the setup too much. More
2367
  finegrained control can be achieved by commenting out the
2368
  respective line in the default server config. [#30866], [#29735]
2369
- remove the FIXME at the end of httpd.conf (obsoleted by the above
2370
  change), and place a strategical comment there about .local files
2371
- add <IfDefine SSL> container around configuration in ssl template
2372
2373
-------------------------------------------------------------------
2374
Tue Sep  9 12:50:47 CEST 2003 - poeml@suse.de
2375
2376
- change comment in sysconfig template to work around a fillup bug
2377
  [#30279]
2378
2379
-------------------------------------------------------------------
2380
Mon Sep  8 18:28:12 CEST 2003 - poeml@suse.de
2381
2382
- fix wrong variable name in a comment of the sysconfig template
2383
- update README.QUICKSTART
2384
- add README.QUICKSTART.SSL
2385
2386
-------------------------------------------------------------------
2387
Mon Sep  8 10:09:53 CEST 2003 - poeml@suse.de
2388
2389
- remove unused ENABLE_SUSECONFIG_APACHE from sysconfig template
2390
2391
-------------------------------------------------------------------
2392
Fri Sep  5 16:44:07 CEST 2003 - poeml@suse.de
2393
2394
- disallow UserDir for user root
2395
- cope with "no" or "yes" as values for APACHE_SERVERSIGNATURE, as
2396
  they were set on SuSE Linux 8.1
2397
- add more documentation to README.QUICKSTART, also mentioning what
2398
  might be too obvious: the document root [#29674]
2399
- in %post, diff to httpd.conf.default only when .rpmnew is present
2400
- improve message sent on update
2401
2402
-------------------------------------------------------------------
2403
Fri Aug 29 23:22:31 CEST 2003 - poeml@suse.de
2404
2405
- improve documentation on configuration
2406
- compile with -Wall
2407
- do not obsolete httpddoc, which is provided by apache-doc package
2408
  from apache1
2409
- add conflict apache2-example-pages <-> apache-example-pages
2410
- fix building on older distros
2411
2412
-------------------------------------------------------------------
2413
Tue Aug 19 02:19:18 CEST 2003 - poeml@suse.de
2414
2415
- use httpd-2.0.47-metuxmpm-r6.diff, previous one was broken by me
2416
- don't force setting of a DocumentRoot, because the configuration
2417
  of the default vhost already contains it
2418
- when testing on SL 8.0, the www group has to be created as well
2419
- when testing on even older systems, don't add buildroot to
2420
  DocumentRoot in default-server.conf
2421
2422
-------------------------------------------------------------------
2423
Fri Aug 15 21:40:46 CEST 2003 - poeml@suse.de
2424
2425
- revamped configuration
2426
  - add some CustomLog formats
2427
  - AddDefaultCharset UTF-8 [#22427]
2428
  - add activation metadata to sysconfig template [#28834]
2429
  - default APACHE_MODULES: add mod_ssl, remove mod_status
2430
  - new sysconfig variables: APACHE_USE_CANONICAL_NAME,
2431
    APACHE_DOCUMENT_ROOT
2432
  - get rid of the "suse_" prefix in generated config snippets, and
2433
    place them below /etc/apache2/sysconfig.d/. On update, convert
2434
    the Include statements in httpd.conf for the new locations
2435
  - add /etc/apache2/vhosts.d and virtual host templates
2436
  - the configuration for the manual is now seperate and installed
2437
    together with apache2-doc (conf.d/apache2-manual.conf)
2438
- add distilled wisdom in form of README.QUICKSTART
2439
- change group of wwwrun user: nogroup -> www [#21782]
2440
- proxycachedir and localstatedir should not be world readable
2441
- set DEFAULT_PIDLOG to /var/run/httpd2.pid, so we don't need to
2442
  configure the PidFile directive 
2443
- add -fno-strict-aliasing, due to warnings about code where
2444
  dereferencing type-punned pointers will break strict aliasing
2445
- clean the RPM_BUILD_ROOT, but not in the build system
2446
- new macros for stop/restart of services on rpm update/removal,
2447
  and improved try-restart section in rc.apache2
2448
- get rid of "modules" subdir, and remove dead code from
2449
  SuSEconfig.apache2
2450
- add some tools: get_includes, find_httpd2_includes,
2451
  apache2-reconfigure-mpm
2452
- rename README.SuSE to README.{SuSE,UnitedLinux}
2453
- include directories in filelists of MPM subpackages
2454
- enclose package descriptions of MPMs in %ifdef
2455
- add a dependency of the MPM subpackages on the version of the
2456
  main package
2457
- build a new MPM: metuxmpm (httpd-2.0.47-metuxmpm.diff)
2458
2459
-------------------------------------------------------------------
2460
Mon Jul 28 18:23:28 CEST 2003 - poeml@suse.de
2461
2462
- add new sysconfig variables: APACHE_LOGLEVEL, APACHE_ACCESS_LOG,
2463
  and remove the respective directives from httpd.conf.dist
2464
- merge the ssl.conf.dif and httpd.conf.dif into one patch
2465
2466
-------------------------------------------------------------------
2467
Sun Jul 27 12:22:29 CEST 2003 - poeml@suse.de
2468
2469
- build with -D_FILE_OFFSET_BITS=64 when presumably the kernel
2470
  supports sendfile64 [#22191, #22018]. Define APR_HAS_LARGE_FILES
2471
  (which is unconditionally off, otherwise). Keep
2472
  -D_LARGEFILE_SOURCE since some modules might need it.
2473
- make sure the package can be built as ordinary user
2474
- special case mod_auth_mysql since its module_id is reversed
2475
- don't increase DYNAMIC_MODULE_LIMIT (64 should be copious)
2476
- don't explicitely strip binaries since RPM handles it, and may
2477
  keep the stripped information somewhere
2478
- reformat the header of the spec file
2479
- allow to pass a number-of-jobs parameter into spec file via rpm
2480
  --define 'jobs N'
2481
2482
-------------------------------------------------------------------
2483
Thu Jul 10 16:49:50 CEST 2003 - poeml@suse.de
2484
2485
- update to 2.0.47. relevant / user visible changes:
2486
  Security [CAN-2003-0192]: Fixed a bug whereby certain sequences
2487
    of per-directory renegotiations and the SSLCipherSuite
2488
    directive being used to upgrade from a weak ciphersuite to a
2489
    strong one could result in the weak ciphersuite being used in
2490
    place of the strong one.
2491
  Security [CAN-2003-0253]: Fixed a bug in prefork MPM causing
2492
    temporary denial of service when accept() on a rarely accessed
2493
    port returns certain errors. 
2494
  Security [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
2495
    of service when target host is IPv6 but proxy server can't
2496
    create IPv6 socket.  Fixed by the reporter. 
2497
  Security [VU#379828]: Prevent the server from crashing when entering
2498
    infinite loops. The new LimitInternalRecursion directive
2499
    configures limits of subsequent internal redirects and nested
2500
    subrequests, after which the request will be aborted.  PR 19753+
2501
  core:
2502
    core_output_filter: don't split the brigade after a FLUSH
2503
    bucket if it's the last bucket.  This prevents creating
2504
    unneccessary empty brigades which may not be destroyed until
2505
    the end of a keepalive connection.
2506
  mod_cgid: 
2507
    Eliminate a double-close of a socket.  This resolves various
2508
    operational problems in a threaded MPM, since on the second
2509
    attempt to close the socket, the same descriptor was often
2510
    already in use by another thread for another purpose.
2511
  mod_negotiation: 
2512
    Introduce "prefer-language" environment variable, which allows
2513
    to influence the negotiation process on request basis to prefer
2514
    a certain language.
2515
  mod_expire:
2516
    Make ExpiresByType directive work properly, including for
2517
    dynamically-generated documents.
2518
- apr bugfixes
2519
- more fixes of deprecated head/tail -1 calls
2520
2521
-------------------------------------------------------------------
2522
Wed May 28 20:40:24 CEST 2003 - poeml@suse.de
2523
2524
- update to 2.0.46. relevant / user visible changes:
2525
  Security [CAN-2003-0245]: Fixed a bug that could be triggered
2526
    remotely through mod_dav
2527
  Security [CAN-2003-0189]: Fixed a denial-of-service
2528
    vulnerability affecting basic authentication
2529
  Security: forward port of buffer overflow fixes for htdigest.
2530
  mod_ssl:
2531
    - SSL session caching(shmht) : Fix a SEGV problem with SHMHT
2532
      session caching.
2533
  mod_deflate: 
2534
    - Add another check for already compressed content
2535
    - Check also err_headers_out for an already set
2536
      Content-Encoding: gzip header. This prevents gzip compressed
2537
      content from a CGI script from being compressed once more.
2538
  mod_mime_magic:
2539
    - If mod_mime_magic does not know the content-type, do not
2540
      attempt to guess.
2541
  mod_rewrite: 
2542
    - Fix handling of absolute URIs.
2543
  mod_log_config: 
2544
    - Add the ability to log the id of the thread processing the
2545
      request via new %P formats.
2546
  mod_auth_ldap: 
2547
    - Use generic whitespace character class when parsing "require"
2548
      directives, instead of literal spaces only.
2549
  mod_proxy:
2550
    - Fixed a segfault when multiple ProxyBlock directives were used.
2551
  - Added AllowEncodedSlashes directive to permit control of
2552
    whether the server will accept encoded slashes ('%2f') in the
2553
    URI path.  Default condition is off (the historical behaviour).
2554
  - If Apache is started as root and you code CoreDumpDirectory,
2555
    coredumps are enabled via the prctl() syscall.
2556
  - htpasswd: Check the processed file on validity; add a delete flag.
2557
- httpd-2.0.45-libtool-1.5.dif is obsolete
2558
- mark suse_include.conf as %ghost
2559
- note the rebirth of the httpd and apachectl man pages (thanks to
2560
  RPMv4 :)
2561
- let the module RPM packages only depend on the _major_ module
2562
  magic number, not on the minor 
2563
- fix some paths in config_vars.mk, which facilitates building of
2564
  certain modules 
2565
2566
-------------------------------------------------------------------
2567
Wed May 14 14:12:56 CEST 2003 - poeml@suse.de
2568
2569
- use mmap() via MAP_ANON as shared memory allocation method, to
2570
  prevent restart problems with stale (or in use) files that are
2571
  associated with shared memory
2572
- package forgotten files, and remove hack in %clean
2573
- remove files from the build root that are not packaged
2574
- remove suse_include.conf from filelist
2575
2576
-------------------------------------------------------------------
2577
Fri May  9 14:47:54 CEST 2003 - poeml@suse.de
2578
2579
- update to 2.0.45. relevant / user visible changes:
2580
  Security:  Eliminated leaks of several file descriptors to
2581
    child processes, such as CGI scripts.  This fix depends on the
2582
    latest APR library release 0.9.2, which is distributed with the
2583
    httpd source tarball for Apache 2.0.45.  PR 17206
2584
  Security [CAN-2003-0132]: Close a Denial of Service
2585
    vulnerability identified by David Endler <DEndler@iDefense.com>
2586
    on all platforms.
2587
  General:
2588
    - Fix segfault which occurred when a section in an included
2589
      configuration file was not closed. PR 17093.
2590
    - Fix a nasty segfault in mmap_bucket_setaside() caused by
2591
      passing an incompatible pointer type to mmap_bucket_destroy(void*).
2592
    - prevent filters (such as mod_deflate) from adding garbage to
2593
      the response. PR 14451.
2594
    - Simpler, faster code path for request header scanning
2595
    - Try to log an error if a piped log program fails.  Try to
2596
      restart a piped log program in more failure situations. 
2597
    - Fix bug where 'Satisfy Any' without an AuthType lost all MIME
2598
      information (and more). Related to PR 9076.
2599
    - Fix If header parsing when a non-mod_dav lock token is passed to it.
2600
    - Fix apxs to insert LoadModule directives only outside of
2601
      sections.
2602
    - apxs: Include any special APR ld flags when linking the DSO.
2603
  suexec: Be more pedantic when cleaning environment. Clean it
2604
    immediately after startup. PR 2790, 10449. Use saner default
2605
    config values for suexec. PR 15713.
2606
  mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
2607
    be started on Unix because of such problems as bad permissions,
2608
    bad shebang line, etc. Fix possible segfaults under obscure
2609
    error conditions within the cgid daemon.
2610
  mod_deflate:
2611
    - you can now specify the compression level. 
2612
    - Extend the DeflateFilterNote directive to allow accurate
2613
      logging of the filter's in- and outstream.
2614
    - Fix potential memory leaks in mod_deflate on malformed data.  PR 16046.
2615
  mod_ssl:
2616
    Allow SSLMutex to select/use the full range of APR locking
2617
    mechanisms available to it. Also, fix the bug that SSLMutex
2618
    uses APR_LOCK_DEFAULT no matter what.  PR 8122
2619
  mod_autoindex no longer forgets output format and enabled version
2620
    sort in linked column headers.
2621
  mod_rewrite:
2622
    - Prevent endless loops of internal redirects in mod_rewrite by
2623
      aborting after exceeding a limit of internal redirects. The
2624
      limit defaults to 10 and can be changed using the
2625
      RewriteOptions directive. PR 17462.
2626
    - Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
2627
      (or SymlinksIfOwnermatch) is set. PR 12395.
2628
  mod_ldap:
2629
    - Updated mod_ldap and mod_auth_ldap to support the Novell LDAP
2630
      SDK SSL and standardized the LDAP SSL support across the
2631
      various LDAP SDKs.  Isolated the SSL functionality to
2632
      mod_ldap rather than speading it across mod_auth_ldap and
2633
      mod_ldap.  Also added LDAPTrustedCA and LDAPTrustedCAType
2634
      directives to mod_ldap to allow for a more common method of
2635
      specifying the SSL certificate.
2636
    - fix fault when caching was disabled, and some memory leaks
2637
    - Fix mod_ldap to open an existing shared memory file should
2638
      one already exist. PR 12757.
2639
    - Added character set support to mod_auth_LDAP to allow it to
2640
      convert extended characters used in the user ID to UTF-8
2641
      before authenticating against the LDAP directory. The new
2642
      directive AuthLDAPCharsetConfig is used to specify the config
2643
      file that contains the character set conversion table.
2644
  mod_ssl:
2645
    - Fixed mod_ssl's SSLCertificateChain initialization to no
2646
      longer skip the first cert of the chain by default.  This
2647
      misbehavior was introduced in 2.0.34.  PR 14560
2648
    - Fix 64-bit problem in mod_ssl input logic.
2649
  mod_proxy:
2650
    - Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
2651
      mod_rewrite proxied URLs will not be escaped accidentally by
2652
      mod_proxy's fixup. PR 16368
2653
    - Don't remove the Content-Length from responses in mod_proxy PR: 8677
2654
  mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
2655
     not specified. Now it assumes "/" as already documented. PR 16937.
2656
  mod_file_cache: fix segfaults 
2657
- improve the start/restart section of the init script, and add a
2658
  ssl_scache_cleanup script
2659
- understand a syntax like -DSTATUS, as described in the sysconfig
2660
  file help text (bug noted in #25404]
2661
- don't package the *.exp files, as they are needed only on AIX
2662
- fix filelist for usage of %dir for files
2663
- fix the cosmetical but irritating "Inappropriate ioctl for
2664
  device" error message, when rcapache2 is called from within YaST
2665
- remove the unused /etc/apache2/modules directory from the package
2666
- remove the now unused --enable-experimental-libtool
2667
- fix to build with libtool-1.5
2668
2669
-------------------------------------------------------------------
2670
Wed Apr  9 02:00:20 CEST 2003 - ro@suse.de
2671
2672
- fix deprecated head/tail call syntax "-1" 
2673
2674
-------------------------------------------------------------------
2675
Mon Mar 17 11:59:36 CET 2003 - kukuk@suse.de
2676
2677
- Remove suse_help_viewer from provides [Bug #25436]
2678
2679
-------------------------------------------------------------------
2680
Thu Mar 13 12:54:59 CET 2003 - poeml@suse.de
2681
2682
- security fix: do not write the startup log file to a world
2683
  writable directory, reversing the change of Jan 23 (wasn't in any
2684
  released package) [#25239]
2685
2686
-------------------------------------------------------------------
2687
Mon Mar 10 17:36:00 CET 2003 - poeml@suse.de
2688
2689
- change permissions of /var/log/apache2 from wwwrun:root mode 770
2690
  to root:root mode 750 [#24951]
2691
- fix wrong list() in sysconfig.apache2 [#24719], and add a missing
2692
  default value
2693
2694
-------------------------------------------------------------------
2695
Mon Mar  3 17:41:56 CET 2003 - kukuk@suse.de
2696
2697
- Remove ghost entry for pid file [Bug #24566]
2698
2699
-------------------------------------------------------------------
2700
Thu Feb 27 14:43:01 CET 2003 - poeml@suse.de
2701
2702
- use the official MIME types, which are more complete [#23988]
2703
2704
-------------------------------------------------------------------
2705
Mon Feb 24 18:17:02 CET 2003 - poeml@suse.de
2706
2707
- don't include log files into the package, and don't touch them in
2708
  %post; it's not needed
2709
- fix comment in httpd.conf talking about SuSEconfig
2710
- adjust some variable types in the sysconfig template
2711
2712
-------------------------------------------------------------------
2713
Tue Feb 18 11:39:18 CET 2003 - poeml@suse.de
2714
2715
- apache2 Makefiles do support DESTDIR now, so let's use that
2716
  instead of the explicit paths (fixes a wrong path in
2717
  config_vars.mk [#23699]).  Some files (*.exp, libapr*) are
2718
  automatically installed in the right location now.
2719
2720
-------------------------------------------------------------------
2721
Fri Feb 14 16:39:40 CET 2003 - poeml@suse.de
2722
2723
- fix configuration script to find apache modules on 64 bit archs 
2724
- mark ssl.conf (noreplace)
2725
2726
-------------------------------------------------------------------
2727
Mon Feb 10 18:35:15 CET 2003 - poeml@suse.de
2728
2729
- add mod_ldap, mod_auth_ldap, but link only them against the LDAP
2730
  libs. Likewise, do not link everything against ssl libs. This way
2731
  we can avoid RPM package (and build) requirements on a lot of
2732
  libs for subversion and other packages that build on apache.
2733
- move more code from SuSEconfig into rcapache2 (actually into
2734
  support scripts below /usr/share/apache2/, so apache2 can be
2735
  configured without starting it)
2736
- improve full-server-status once again
2737
- remove suse_loadmodule.conf from filelist
2738
- remove obsolete README.modules
2739
- rename LOADMODULES -> APACHE_MODULES
2740
- add APACHE_BUFFERED_LOGS
2741
- update README.SuSE
2742
2743
-------------------------------------------------------------------
2744
Tue Jan 28 13:32:04 CET 2003 - poeml@suse.de
2745
2746
- rc.apache2
2747
  - add extreme-configtest (trying to run server as nobody, which
2748
    detects _all_ config errors)
2749
  - evaluate LOADMODULES from sysconfig.apache2 on-the-fly from
2750
    rcapache2 instead of SuSEconfig
2751
  - when restarting, do something useful instead of 'sleep 3': wait
2752
    just as long until the server has terminated all children
2753
2754
-------------------------------------------------------------------
2755
Sun Jan 26 21:27:31 CET 2003 - poeml@suse.de
2756
2757
- build mod_logio, mod_case_filter, mod_case_filter_in
2758
- rename apr subpackage to libapr0 (the library is called libapr-0
2759
  meanwhile). add compatibility links named (libapr{,util}.so.0)
2760
- configure SSL session caching with shm circular buffer
2761
    SSLSessionCache         shm:/var/lib/httpd/ssl_scache
2762
    SSLSessionCacheTimeout  600
2763
    SSLMutex  sem
2764
- SuSEconfig.apache2: prefer prefork MPM over worker, if guessing
2765
- strip objects
2766
- rename gensslcert2 to gensslcert
2767
- show a list all available modules in /etc/sysconfig/apache2
2768
- nicer output of apache2ctl
2769
- reorder Requires
2770
2771
-------------------------------------------------------------------
2772
Thu Jan 23 12:05:59 CET 2003 - poeml@suse.de
2773
2774
- update to 2.0.44
2775
- obsoletes patch httpd-2.0.43-mod_ssl-memory-leak.dif
2776
- the apachectl and httpd man pages have been dropped upstreams
2777
- add robots.txt to the example-pages subpackage that blocks spiders
2778
- disable the perchild MPM
2779
- disable httpd-2.0.36-64bit.dif
2780
- rename apachectl2 to apache2ctl
2781
- write the startup log to /var/tmp instead of /var/log/apache2
2782
2783
-------------------------------------------------------------------
2784
Sun Jan 12 22:52:50 CET 2003 - poeml@suse.de
2785
2786
- fix last fix (rpm macro before hash wasn't expanded)
2787
2788
-------------------------------------------------------------------
2789
Fri Jan 10 02:35:58 CET 2003 - poeml@suse.de
2790
2791
- fix lib64 path in SuSEconfig
2792
2793
-------------------------------------------------------------------
2794
Fri Jan  3 23:01:14 CET 2003 - poeml@suse.de
2795
2796
- fix typo in spec file, preventing replacement of @userdir@ in
2797
  httpd.conf-std.in
2798
2799
-------------------------------------------------------------------
2800
Wed Dec 18 15:11:53 CET 2002 - poeml@suse.de
2801
2802
- sysconfig.apache2:
2803
  - add APACHE_SERVER_FLAGS variable
2804
  - change default: APACHE_SERVERSIGNATURE=on to match apache deflt
2805
  - add APACHE_CONF_INCLUDE_DIRS
2806
  - drop bogus APACHE_ACCESS_SERVERINFO variable
2807
  - adapt to our new sysconfig template
2808
- SuSEconfig.apache2:
2809
  - understand LOADMODULES also if it is not an array [#21816]
2810
  - be very flexible with regard to LOADMODULE input (e.g., say
2811
    mod_php4 and it will find libphp4.so with ID php4_module)
2812
  - also ignore *,v files
2813
  - include APACHE_CONF_INCLUDE_DIRS
2814
  - dump some files: suse_define.conf (not needed) & suse_text.conf
2815
    (too much overhead) 
2816
- rc.apache2: 
2817
  - implement most of apachectl's commands (graceful, configtest)
2818
  - use server_flags from sysconfig.apache2
2819
  - pass server flags like -DSTATUS from the command line through
2820
    to httpd2
2821
  - add commmands to show the server status 
2822
  - don't quit silently when no apache MPM is installed
2823
  - handle ServerSignature and other stuff on the command line
2824
    (save modifications to httpd.conf)
2825
- fix the /manual Alias that points to the documentation
2826
- configure /cgi-bin for cgi execution
2827
- configure /home/*/public_html for mod_userdir -- if it is loaded
2828
- configure internationalized error responses
2829
- fix apachectl2
2830
- add /etc/apache2/{,modules} to the filelist
2831
- add /etc/apache2/conf.d as drop-in directory for packages
2832
- hard code some more default paths into the executable
2833
- finally, run a test! 
2834
2835
-------------------------------------------------------------------
2836
Thu Dec  5 13:55:06 CET 2002 - poeml@suse.de
2837
2838
- move ap{r,u}-config* into the apr package, as well
2839
- add generic ap{r,u}-config
2840
- add %includedir to filelist
2841
2842
-------------------------------------------------------------------
2843
Thu Dec  5 00:26:22 CET 2002 - poeml@suse.de
2844
2845
- more checks and warnings to SuSEconfig.apache2
2846
- shift APR files into the the apr package
2847
- try 1.136 revision of perchild.c 
2848
2849
-------------------------------------------------------------------
2850
Tue Dec  3 16:27:35 CET 2002 - poeml@suse.de
2851
2852
- add forgotten ssl.conf to the filelist (thanks, Robert)
2853
- add httpd-2.0.43-mod_ssl-memory-leak.dif
2854
2855
-------------------------------------------------------------------
2856
Mon Oct 14 19:34:38 CEST 2002 - poeml@suse.de
2857
2858
- update to 2.0.43, that fixes a Cross-Site Scripting bug (CVE:
2859
  CAN-2002-0840)
2860
2861
-------------------------------------------------------------------
2862
Mon Oct  7 09:39:45 CEST 2002 - poeml@suse.de
2863
2864
- do not append a '2' suffix to the scripts included with the
2865
  documentation
2866
- move error, icons and manual dir to /usr/share/apache2
2867
- fix nested array in SuSEconfig.apache2
2868
- let SuSEconfig pick one MPM that is installed. Do not default to
2869
  "worker". [#20724]
2870
2871
-------------------------------------------------------------------
2872
Thu Oct  3 14:50:20 CEST 2002 - poeml@suse.de
2873
2874
- update to 2.0.42 (primarily a bug-fix release, including updates
2875
  to the experimental caching module, the removal of several memory
2876
  leaks, and fixes for several segfaults, one of which could have
2877
  been used as a denial-of-service against mod_dav (VU#406121).)
2878
- increase flexibility of the spec file: build any set of MPMs,
2879
  depending on RPM %defines. Improve the mechanism that merges the
2880
  modules so it works with any number of MPMs.
2881
- use a "Server:" header that fits the product apache is built for
2882
- add an RPM dependency on the module magic number to the MPM
2883
  subpackages
2884
- build the "leader/follower" MPM. On i686, enable nonportable but
2885
  faster atomics for it.
2886
- use filelists for more flexibility. APRVARS ceased to exist.
2887
  Don't add README* twice. 
2888
- perchild: use AcceptMutex fcntl to prevent permission conflict as
2889
  suggested in Apache Bugzilla #7921
2890
- remove mod_rewrite and mod_proxy from the default modules
2891
- build the mod_auth_digest module
2892
2893
-------------------------------------------------------------------
2894
Mon Sep  9 15:30:34 CEST 2002 - poeml@suse.de
2895
2896
- add patch that changes PLATFORM (as seen in the HTTP Server
2897
  header) from "Unix" to "SuSE/Linux" [#18543]
2898
- add README.SuSE, explaining how to build modules with apxs2
2899
- fixed some paths in README.modules, put it into docdir and mark
2900
  it as %doc
2901
2902
-------------------------------------------------------------------
2903
Wed Aug 28 16:39:59 CEST 2002 - poeml@suse.de
2904
2905
- new package, now building all three MPMs and putting all specific
2906
  modules in specific directories. Branch a subpackage for each
2907
  MPM, containing the server and MPM-specific modules.
2908
- branch apr package off, so apache2 doesn't need to be installed
2909
  to have the libs. (apr is not released yet, that's why we build
2910
  it here)
2911
- allow coexistence of apache1 by using directories named apache2
2912
  or suffixed with "2"
2913
- allow building modules via apxs2 (for all server MPMs) --- or via
2914
  apxs2-{worker,perchild,prefork} for a specific server MPM
2915
- add permissions.apache2 setting /usr/sbin/suexec2 to 4755
2916
- rewrite SuSEconfig.apache2 for apache 2. 
2917
- add httpd-2.0.40-cache_util.c.diff that prevents a segfault in
2918
  mod_proxy when given an invalid URL
2919
- branch apache2-example-pages off (docroot contents)
2920
2921
-------------------------------------------------------------------
2922
Mon Aug 19 16:43:37 CEST 2002 - poeml@suse.de
2923
2924
- actually use the new SuSE81 layout, and add SuSE81_64 layout
2925
- cleaned up httpd-2.0.36-conf.dif
2926
- fixed comment in SuSEconfig.apache
2927
- drop SuSEconfig subpackage
2928
- split main package and -devel package in three packages, one for
2929
  each MPM... 
2930
  apache2       -> apache2-{worker,perchild,prefork}
2931
  apache2-devel -> apache2-{worker,perchild,prefork}-devel
2932
2933
-------------------------------------------------------------------
2934
Mon Aug 12 17:47:08 CEST 2002 - poeml@suse.de
2935
2936
- bugfix update to 2.0.40
2937
- fix Requires of -devel subpackage
2938
- add variable to sysconfig.apache to switch off SuSEconfig.apache
2939
- add new layout SUSE81 to config.layout due to the moved server
2940
  root (so the old SuSE6.1 can be kept for building on older
2941
  distributions)
2942
- one of the lib64 path fixes could be removed, now included
2943
  upstream
2944
2945
-------------------------------------------------------------------
2946
Wed Aug  7 18:47:33 CEST 2002 - poeml@suse.de
2947
2948
- put PreReq in an if-statement to allow building on older distris
2949
- relax the Requires
2950
- the apache_mmn macro had to be moved down in the spec file to be
2951
  evaluated
2952
- libmm is not needed for building (and it is not threadsafe)
2953
- fix config.layout for the moved server root
2954
2955
-------------------------------------------------------------------
2956
Fri Aug  2 23:44:31 CEST 2002 - poeml@suse.de
2957
2958
- fix libdir in config.layout for lib64
2959
2960
-------------------------------------------------------------------
2961
Fri Aug  2 12:22:33 CEST 2002 - poeml@suse.de
2962
2963
- fix RPM Requires
2964
2965
-------------------------------------------------------------------
2966
Thu Aug  1 17:50:53 CEST 2002 - poeml@suse.de
2967
2968
- move datadir (i.e., ServerRoot) from /usr/local/httpd to /srv/www
2969
- drop obsolete README.SuSE
2970
2971
-------------------------------------------------------------------
2972
Thu Aug  1 01:01:32 CEST 2002 - poeml@suse.de
2973
2974
- spec file: use PreReq
2975
- don't delete SuSEconfig's md5 files in %post, that's no good
2976
- add apache.logrotate
2977
- provide the magic module number as executable script
2978
  (/usr/lib/apache/MMN) and as RPM Provides, indicating API changes
2979
- mark httpd.conf noreplace
2980
- fix installbuilddir in config.layout, needed for apxs
2981
2982
-------------------------------------------------------------------
2983
Sun Jul 14 15:27:24 CEST 2002 - poeml@suse.de
2984
2985
- update to 2.0.39
2986
- drop obsolete moduledir and apxs patches
2987
- rc.apache INIT section: use X-UnitedLinux-Should-Start
2988
2989
-------------------------------------------------------------------
2990
Wed Jul  3 01:53:35 CEST 2002 - ro@suse.de
2991
2992
- rename to "apache2" again
2993
2994
-------------------------------------------------------------------
2995
Tue Jun 11 17:02:47 CEST 2002 - ro@suse.de
2996
2997
- get apxs to work:
2998
    include needed files in devel package
2999
    adapt some pathes in apxs
3000
3001
-------------------------------------------------------------------
3002
Wed May 29 18:16:00 CEST 2002 - poeml@suse.de
3003
3004
- update to 2.0.36
3005
- drop mod_ssl subpackage; mod_ssl is part of the apache bsae
3006
  distribution now
3007
- RPM can be built as user now
3008
- SuSEconfig.apache: understand relative and absolute pathnames
3009
- disable experimental auth_digest_module 
3010
3011