Dominique Leuenberger (dimstar_suse) accepted request 821097 from Petr Gajdos (pgajdos) almost 4 years ago (revision 168)

- fix crash in mod_proxy_uwsgi for empty values of environment
  variables [bsc#1174052]
- added patches
  fix https://svn.apache.org/viewvc?view=revision
  + apache2-mod_proxy_uwsgi-fix-crash.patch

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 791205 from Petr Gajdos (pgajdos) about 4 years ago (revision 167)

- declare ap_sock_disable_nagle to fix loading mod_proxy_http2
  (thanks to mliska@suse.com)
- modified patches
  % httpd-visibility.patch (refreshed)

- version update to 2.4.43
  *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
  *) mod_proxy_http: Fix the forwarding of requests with content body when a
     balancer member is unavailable; the retry on the next member was issued
     with an empty body (regression introduced in 2.4.41). PR63891.
     [Yann Ylavic]
  *) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
     identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
     [Michael Kaufmann, Stefan Eissing]
  *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
     PR64140. [Renier Velazco <renier.velazco upr.edu>]
  *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
     PR64172.
  *) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
     to allow customization of the usertrack cookie. PR64077.
     [Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
  *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
     AJP13 authentication.  PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
  *) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
     [Eric Covener, Yann Ylavic]
  *) Add a config layout for OpenWRT. [Graham Leggett]
  *) Add support for cross compiling to apxs. If apxs is being executed from
     somewhere other than its target location, add that prefix to includes and
     library directories. Without this, apxs would fail to find config_vars.mk
     and exit. [Graham Leggett]

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 779357 from Petr Gajdos (pgajdos) about 4 years ago (revision 166)

- use r1874196 [SLE-7653]
- modified patches
  % apache2-load-private-keys-from-pkcs11.patch (upstream 2.4.x port)
- deleted patches
  - apache2-load-certificates-from-pkcs11.patch (merged to above)

- require just libbrotli-devel

- build mod_proxy_http2 extension

- fix build for older distributions

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 769465 from Petr Gajdos (pgajdos) over 4 years ago (revision 165)

- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache
  to honour net.core.somaxconn sysctl as the mandatory limit. 
  the old value of 511 was never used as until v5.4-rc6 it was 
  clamped to 128, in current kernels the default limit is 4096. 
  Cannot use the apr_socket_listen(.., -1) idiom because the function
  expects a positive integer argument. (forwarded request 769110 from elvigia)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 765787 from Petr Gajdos (pgajdos) over 4 years ago (revision 164)

- apache2-devel now provides httpd-devel [bsc#1160100]

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 757900 from Petr Gajdos (pgajdos) over 4 years ago (revision 163)

- add openssl call to DEFAULT_SUSE comment [bsc#1159480]
- modified sources
  % apache2-ssl-global.conf

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 746513 from Petr Gajdos (pgajdos) over 4 years ago (revision 162)

- use %license [bsc#1156171]

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 741682 from Petr Gajdos (pgajdos) over 4 years ago (revision 161)

- load private keys and certificates from pkcs11 token [SLE-7653]
- added patches
  load certificates from openssl engine
  + apache2-load-certificates-from-pkcs11.patch
  load private keys from openssl engine
  + apache2-load-private-keys-from-pkcs11.patch

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 735601 from Petr Gajdos (pgajdos) over 4 years ago (revision 160)

- Add custom log files to logrotate according to apache2-vhost.template

In apache2-vhost.template, we recommend users to create custom logs like `/var/log/apache2/dummy-host.example.com-access_log`. But these files are not processed by logrotate and will grow fast. So I add these files to logrotate configuration. (forwarded request 735419 from guoyunhe)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 726493 from Cristian Rodríguez (elvigia) over 4 years ago (revision 159)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 724999 from Petr Gajdos (pgajdos) over 4 years ago (revision 158)

update to 2.4.41 (forwarded request 723497 from stroeder)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 713174 from Factory Maintainer (factory-maintainer) almost 5 years ago (revision 157)

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 702763 from Petr Gajdos (pgajdos) almost 5 years ago (revision 156)

- revive apache-22-24-upgrade [bsc#1134294] (internal)
- added sources
  + apache-22-24-upgrade

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 690621 from Petr Gajdos (pgajdos) about 5 years ago (revision 155)

- version update to 2.4.39
  * mod_proxy/ssl: Cleanup per-request SSL configuration anytime a
    backend connection is recycled/reused to avoid a possible crash
    with some SSLProxy configurations in <Location> or <Proxy>
    context. PR 63256. [Yann Ylavic]
  * mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA
    failure. [Michael Kaufmann <mail michael-kaufmann.ch>]
  * mod_log_config: Support %{c}h for conn-hostname, %h for
    useragent_host PR 55348
  * mod_socache_redis: Support for Redis as socache storage
    provider.
  * core: new configuration option 'MergeSlashes on|off' that
    controls handling of multiple, consecutive slash ('/')
    characters in the path component of the request URL. [Eric
    Covener]
  * mod_http2: when SSL renegotiation is inhibited and a 403
    ErrorDocument is in play, the proper HTTP/2 stream reset did
    not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael
    Kaufmann]
  * mod_http2: new configuration directive: `H2Padding numbits` to
    control padding of HTTP/2 payload frames. 'numbits' is a number
    from 0-8, controlling the range of padding bytes added to a
    frame. The actual number added is chosen randomly per frame.
    This applies to HEADERS, DATA and PUSH_PROMISE frames equally.
    The default continues to be 0, e.g. no padding. [Stefan
    Eissing]
  * mod_http2: ripping out all the h2_req_engine internal features
    now that mod_proxy_http2 has no more need for it. Optional
    functions are still declared but no longer implemented. While
    previous mod_proxy_http2 will work with this, it is

• Files Changed
• Browse Source

Stephan Kulow (coolo) accepted request 679836 from Petr Gajdos (pgajdos) about 5 years ago (revision 154)

- added patches
  fix https://github.com/icing/mod_h2/issues/167 [bsc#1125965]
  + apache2-mod_http2-issue-167.patch

- Replace old $RPM_* shell vars. Avoid old tar syntax.
- Tag scriptlets as explicitly requiring bash.

• Files Changed
• Browse Source

Stephan Kulow (coolo) accepted request 667841 from Petr Gajdos (pgajdos) over 5 years ago (revision 153)

- updated to 2.4.38
  * mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
    PR 63052 [Joe Orton]
  * mod_negotiation: Treat LanguagePriority as case-insensitive to match
    AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
  * mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
    have been fixed. [Michael Kaufmann, Stefan Eissing]
  * mod_setenvif: We can have expressions that become true if a regex pattern
    in the expression does NOT match. In this case val is NULL
    and we should just set the value for the environment variable 
    like in the pattern case. [Ruediger Pluem]
  * mod_session: Always decode session attributes early. [Hank Ibell]
  * core: Incorrect values for environment variables are substituted when
    multiple environment variables are specified in a directive. [Hank Ibell]
  * mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
    this type of map is present in the configuration.  PR62311.  
    [Hank Ibell <hwibell gmail.com>]
  * mod_dav: Fix invalid Location header when a resource is created by
    passing an absolute URI on the request line [Jim Jagielski]
  * mod_session_cookie: avoid duplicate Set-Cookie header in the response.
    [Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
  * mod_ssl: clear *SSL errors before loading certificates and checking
    afterwards. Otherwise errors are reported when other SSL using modules
    are in play. Fixes PR 62880. [Michael Kaufmann]
  * mod_ssl: Fix the error code returned in an error path of
    'ssl_io_filter_handshake()'. This messes-up error handling performed
    in 'ssl_io_filter_error()' [Yann Ylavic]
  * mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
    authz provider so "Require ssl" works correctly in HTTP/2.
    PR 61519, 62654.  [Joe Orton, Stefan Eissing]
  * mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
    redirects, subsequent ProxyPassReverse statements, whether they are
    relative or absolute, may fail.  PR 60408.  [Peter Haworth <pmh1wheel gmail.com>]
  * mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1] (forwarded request 667015 from mmanu84)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 664057 from Petr Gajdos (pgajdos) over 5 years ago (revision 152)

- do not create sysconfig.d when already exists [bsc#1121086]

- use secure http sites by default in configs
- Switch to DEFAULT_SUSE Cipher suite

READ https://httpd.apache.org/docs/2.4/upgrading.html
  at https://httpd.apache.org/docs/2.4/new_features_2_4.html

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 645904 from Petr Gajdos (pgajdos) over 5 years ago (revision 151)

- the "event" MPM is fully supported since 2.4
- configure an OCSP stapling cache by default (still requires enabling
  SSLUseStapling in vhost) (forwarded request 644712 from adkorte)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 643962 from Cristian Rodríguez (elvigia) over 5 years ago (revision 150)

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 639405 from Petr Gajdos (pgajdos) over 5 years ago (revision 149)

- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation
  says (patch Juergen Gleiss)

- relink /usr/sbin/httpd after apache2-MPM uninstall [bsc#1107930c#1]
- simplify find_mpm function from script-helpers
- /usr/sbin/httpd is now created depending on preference hardcoded
  in find_mpm (script-helpers), not depending on alphabetical
  order of MPMs
- simplify spec file a bit

• Files Changed
• Browse Source