commit apache2 for openSUSE:Factory

Tue, 08 Dec 2020 04:23:10 -0800 

Hello community,

here is the log from the commit of package apache2 for openSUSE:Factory checked 
in at 2020-12-08 13:22:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
 and      /work/SRC/openSUSE:Factory/.apache2.new.5913 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2"

Tue Dec  8 13:22:52 2020 rev:175 rq:853601 version:2.4.46

Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes  2020-10-18 
16:18:44.996419485 +0200
+++ /work/SRC/openSUSE:Factory/.apache2.new.5913/apache2.changes        
2020-12-08 13:22:54.710291026 +0100
@@ -1,0 +2,103 @@
+Mon Dec  7 14:08:42 UTC 2020 - [email protected]
+
+- apache2 main package recommends apache2-utils
+
+-------------------------------------------------------------------
+Thu Dec  3 11:23:48 UTC 2020 - [email protected]
+
+- break some long lines in the spec as requested by review team
+
+-------------------------------------------------------------------
+Tue Dec  1 13:14:29 UTC 2020 - [email protected]
+
+- maybe make spec acceptable for factory bot
+- modified sources
+  % _multibuild
+
+-------------------------------------------------------------------
+Tue Dec  1 09:44:08 UTC 2020 - [email protected]
+
+- buildrequire netcfg for tests
+
+-------------------------------------------------------------------
+Sun Nov 29 13:45:39 UTC 2020 - Arjen de Korte <[email protected]>
+
+- remove Requires(post): firewalld hard dependency (this is already
+  handled by the %firewalld_reload macro)
+
+-------------------------------------------------------------------
+Thu Nov 26 12:10:52 UTC 2020 - [email protected]
+
+- package reworked trough [bsc#1178478]
+- modified patches
+  % apache2-mod_proxy_uwsgi-fix-crash.patch (refreshed)
+- modified sources
+  % apache2-loadmodule.conf
+  % apache2-manual.conf
+  % apache2-script-helpers
+  % [email protected]
+  % sysconfig.apache2
+- deleted patches
+  - deprecated-scripts-arch.patch (not needed)
+  - httpd-2.0.54-envvars.dif (not needed)
+  - httpd-2.1.3alpha-layout.dif
+    (renamed to apache2-system-dirs-layout.patch)
+  - httpd-2.2.0-apxs-a2enmod.dif (not needed)
+  - httpd-2.4.9-bnc690734.patch
+    (renamed to apache2-LimitRequestFieldSize-limits-headers.patch)
+  - httpd-2.4.x-fate317766-config-control-two-protocol-options.diff 
+    (renamed to apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch)
+  - httpd-2.x.x-logresolve.patch
+    (renamed to apache2-logresolve-tmp-security.patch)
+  - httpd-apachectl.patch
+    (renamed to apache2-apachectl.patch)
+  - httpd-implicit-pointer-decl.patch (not needed)
+  - httpd-visibility.patch (not needed)
+- deleted sources
+  - SUSE-NOTICE (outdated)
+  - a2enflag (renamed to apache2-a2enflag)
+  - a2enmod (renamed to apache2-a2enmod)
+  - apache-22-24-upgrade (outdated)
+  - apache2-README (outdated)
+  - apache2-README.QUICKSTART (outedated)
+  - apache2-find-directives (renamed to apache2-find_directives)
+  - apache2-init.logrotate (not needed)
+  - apache2.firewalld (renamed to firewalld.apache2)
+  - apache2.logrotate (renamed to logrotate.apache2)
+  - apache2.ssl.firewalld (renamed to firewalld-ssl.apache2)
+  - apache2.ssl.susefirewall (renamed to susefirewall.apache2)
+  - apache2.susefirewall (renamed to susefirewall-ssl.apache2)
+  - favicon.ico (not needed)
+  - rc.apache2 (not needed)
+  - robots.txt (not needed)
+  - sysconf_addword (not needed, in aaa_base)
+- added patches
+  fix PATCH:  https://marc.info/?l=apache-httpd-users&m=147448312531134&w=2
+  + apache-test-application-xml-type.patch
+  fix these variables from the test
+  + apache-test-turn-off-variables-in-ssl-var-lookup.patch
+  fix [fate317766] backport of an upstream commit
+  + apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
+  fix [bnc#690734] TODO, to be upstreamed
+  + apache2-LimitRequestFieldSize-limits-headers.patch
+  fix apachectl is frontend for start_apache2, suse specific
+  + apache2-apachectl.patch
+  fix [bnc#210904] perhaps to be upstreamed
+  + apache2-logresolve-tmp-security.patch
+  fix layout of system dirs configuration, may be upstreamed
+  + apache2-system-dirs-layout.patch
+- added sources
+  + _multibuild
+  + apache2-a2enflag
+  + apache2-a2enmod
+  + apache2-find_directives
+  + apache2-gensslcert
+  + apache2-mod_example.c
+  + apache2-start_apache2
+  + firewalld-ssl.apache2
+  + firewalld.apache2
+  + logrotate.apache2
+  + susefirewall-ssl.apache2
+  + susefirewall.apache2
+
+-------------------------------------------------------------------

Old:
----
  SUSE-NOTICE
  a2enflag
  a2enmod
  apache-22-24-upgrade
  apache-ssl-stuff.tar.bz2
  apache2-README
  apache2-README.QUICKSTART
  apache2-find-directives
  apache2-init.logrotate
  apache2.firewalld
  apache2.logrotate
  apache2.ssl.firewalld
  apache2.ssl.susefirewall
  apache2.susefirewall
  deprecated-scripts-arch.patch
  deprecated-scripts.tar.xz
  favicon.ico
  gensslcert
  httpd-2.0.54-envvars.dif
  httpd-2.1.3alpha-layout.dif
  httpd-2.2.0-apxs-a2enmod.dif
  httpd-2.4.9-bnc690734.patch
  httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
  httpd-2.x.x-logresolve.patch
  httpd-apachectl.patch
  httpd-implicit-pointer-decl.patch
  httpd-visibility.patch
  rc.apache2
  robots.txt
  start_apache2
  sysconf_addword

New:
----
  _multibuild
  apache-test-application-xml-type.patch
  apache-test-turn-off-variables-in-ssl-var-lookup.patch
  apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
  apache2-LimitRequestFieldSize-limits-headers.patch
  apache2-a2enflag
  apache2-a2enmod
  apache2-apachectl.patch
  apache2-find_directives
  apache2-gensslcert
  apache2-logresolve-tmp-security.patch
  apache2-mod_example.c
  apache2-ssl-dirs.tar.bz2
  apache2-start_apache2
  apache2-system-dirs-layout.patch
  firewalld-ssl.apache2
  firewalld.apache2
  httpd-framework-svn1878849.tar.bz2
  logrotate.apache2
  susefirewall-ssl.apache2
  susefirewall.apache2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2.spec ++++++
++++ 2126 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/apache2/apache2.spec
++++ and /work/SRC/openSUSE:Factory/.apache2.new.5913/apache2.spec

++++++ _multibuild ++++++
<multibuild>
  <package>event</package>
  <package>worker</package>
  <package>prefork</package>
  <package>utils</package>
  <package>devel</package>
  <package>manual</package>
  <package>test_event</package>
  <package>test_worker</package>
  <package>test_prefork</package>
  <package>test_devel</package>
  <package>test_main</package>
</multibuild>

++++++ apache-test-application-xml-type.patch ++++++
Index: httpd-framework/t/conf/extra.conf.in
===================================================================
--- a/httpd-framework/t/conf/extra.conf.in      2020-06-15 10:43:26.156701553 
+0200
+++ b/httpd-framework/t/conf/extra.conf.in      2020-06-15 10:46:16.141693081 
+0200
@@ -875,6 +875,7 @@ LimitRequestFields    32
        </IfModule>
    </Directory>
    <Directory @SERVERROOT@/htdocs/modules/filter/bytype>
+      AddType application/xml .xml
       <IfModule mod_deflate.c>
         AddOutputFilterByType DEFLATE application/xml
         AddOutputFilterByType DEFLATE text/xml
++++++ apache-test-turn-off-variables-in-ssl-var-lookup.patch ++++++
Index: httpd-framework/t/ssl/varlookup.t
===================================================================
--- a/httpd-framework/t/ssl/varlookup.t 2016-10-25 14:30:54.250707932 +0200
+++ b/httpd-framework/t/ssl/varlookup.t 2016-10-27 15:38:52.440667690 +0200
@@ -210,9 +210,7 @@ SSL_SERVER_S_DN_UID
 SSL_CLIENT_S_DN_Email        "$client_dn{$email_field}"
 SSL_SERVER_S_DN_Email        "$server_dn{$email_field}"
 SSL_CLIENT_SAN_Email_0       "$san_email"
-SSL_SERVER_SAN_DNS_0         "$san_dns"
 SSL_CLIENT_SAN_OTHER_msUPN_0 "$san_msupn"
-SSL_SERVER_SAN_OTHER_dnsSRV_0 "$san_dnssrv"
 
 SSL_CLIENT_I_DN              "$client_i_dn"
 SSL_SERVER_I_DN              "$server_i_dn"
++++++ apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch ++++++
From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <[email protected]>
Date: Mon, 30 Dec 2013 20:01:14 +0000
Subject: [PATCH] Add directives to control two protocol options:

 HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
 HttpExpectStrict - allow admin to control whether we must see "100-continue"

This is helpful when using Ceph's radosgw and httpd.

Inspired by: Yehuda Sadeh <[email protected]>
See https://github.com/ceph/apache2/commits/precise

* include/http_core.h
  (core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
  (ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
  explictly set.
* server/core.c
  (merge_core_server_configs): Add new fields.
  (set_cl_head_zero, set_expect_strict): New config helpers.
  (HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
  (ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
  (MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 
13f79535-47bb-0310-9956-ffa450edef68

Conflicts:
        CHANGES
        include/ap_mmn.h
        include/http_core.h
        server/core.c
---
 CHANGES                     |  3 +++
 include/ap_mmn.h            |  4 +++-
 include/http_core.h         |  9 +++++++++
 modules/http/http_filters.c | 10 +++++++++-
 server/core.c               | 36 ++++++++++++++++++++++++++++++++++++
 server/protocol.c           | 25 +++++++++++++++++--------
 6 files changed, 77 insertions(+), 10 deletions(-)

Index: httpd-2.4.46/modules/http/http_filters.c
===================================================================
--- httpd-2.4.46.orig/modules/http/http_filters.c       2020-07-08 
13:09:13.000000000 +0200
+++ httpd-2.4.46/modules/http/http_filters.c    2020-11-10 16:16:44.663449886 
+0100
@@ -1483,10 +1483,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
      * zero C-L to the client.  We can't just remove the C-L filter,
      * because well behaved 2.0 handlers will send their data down the stack,
      * and we will compute a real C-L for the head request. RBB
+     *
+     * Allow modification of this behavior through the
+     * HttpContentLengthHeadZero directive.
+     *
+     * The default (unset) behavior is to squelch the C-L in this case.
      */
+    core_server_config *conf = 
ap_get_core_module_config(r->server->module_config);
     if (r->header_only
         && (clheader = apr_table_get(r->headers_out, "Content-Length"))
-        && !strcmp(clheader, "0")) {
+        && !strcmp(clheader, "0")
+        && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
         apr_table_unset(r->headers_out, "Content-Length");
     }
 
Index: httpd-2.4.46/server/core.c
===================================================================
--- httpd-2.4.46.orig/server/core.c     2020-07-03 21:53:37.000000000 +0200
+++ httpd-2.4.46/server/core.c  2020-11-10 16:16:44.695450065 +0100
@@ -530,6 +530,12 @@ static void *merge_core_server_configs(a
     if (virt->http_methods != AP_HTTP_METHODS_UNSET)
         conf->http_methods = virt->http_methods;
 
+    if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+        conf->http_cl_head_zero = virt->http_cl_head_zero;
+
+    if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
+        conf->http_expect_strict = virt->http_expect_strict;
+
     /* no action for virt->accf_map, not allowed per-vhost */
 
     if (virt->protocol)
@@ -4034,6 +4040,32 @@ static const char *set_http_method(cmd_p
     return NULL;
 }
 
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (arg) {
+        conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
+    } else {
+        conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
+    }
+    return NULL;
+}
+
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (arg) {
+        conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
+    } else {
+        conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
+    }
+    return NULL;
+}
+
 static apr_hash_t *errorlog_hash;
 
 static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4567,6 +4599,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e
               "'on' (default), 'off' or 'extended' to trace request body 
content"),
 AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
               "merge request trailers into request headers or not"),
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
+             "whether to permit Content-Length of 0 responses to HEAD 
requests"),
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
+             "whether to return a 417 if a client doesn't send 100-Continue"),
 AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF,
                 "Controls which protocols are allowed"),
 AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, 
RSRC_CONF,
Index: httpd-2.4.46/server/protocol.c
===================================================================
--- httpd-2.4.46.orig/server/protocol.c 2020-07-08 13:09:13.000000000 +0200
+++ httpd-2.4.46/server/protocol.c      2020-11-10 16:16:44.695450065 +0100
@@ -1502,14 +1502,23 @@ request_rec *ap_read_request(conn_rec *c
             r->expecting_100 = 1;
         }
         else {
-            r->status = HTTP_EXPECTATION_FAILED;
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
-                          "client sent an unrecognized expectation value of "
-                          "Expect: %s", expect);
-            ap_send_error_response(r, 0);
-            ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
-            ap_run_log_transaction(r);
-            goto traceout;
+            core_server_config *conf;
+
+            conf = ap_get_core_module_config(r->server->module_config);
+            if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) {
+                r->status = HTTP_EXPECTATION_FAILED;
+                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
+                              "client sent an unrecognized expectation value "
+                              "of Expect: %s", expect);
+                ap_send_error_response(r, 0);
+                ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+                ap_run_log_transaction(r);
+                goto traceout;
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570)
+                              "client sent an unrecognized expectation value "
+                              "of Expect (not fatal): %s", expect);
+            }
         }
     }
 
Index: httpd-2.4.46/include/http_core.h
===================================================================
--- httpd-2.4.46.orig/include/http_core.h       2019-03-18 09:49:59.000000000 
+0100
+++ httpd-2.4.46/include/http_core.h    2020-11-10 16:16:44.695450065 +0100
@@ -723,6 +723,16 @@ typedef struct {
 #define AP_MERGE_TRAILERS_DISABLE  2
     int merge_trailers;
 
+#define AP_HTTP_CL_HEAD_ZERO_UNSET    0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE   1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE  2
+    int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET    0
+#define AP_HTTP_EXPECT_STRICT_ENABLE   1
+#define AP_HTTP_EXPECT_STRICT_DISABLE  2
+    int http_expect_strict;
+
     apr_array_header_t *protocols;
     int protocols_honor_order;
 
@@ -762,7 +772,6 @@ apr_status_t ap_core_input_filter(ap_fil
                                   apr_off_t readbytes);
 apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b);
 
-
 AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s);
 AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);
 
++++++ apache2-LimitRequestFieldSize-limits-headers.patch ++++++
Index: httpd-2.4.46/server/util_script.c
===================================================================
--- httpd-2.4.46.orig/server/util_script.c      2020-07-20 07:58:49.000000000 
+0200
+++ httpd-2.4.46/server/util_script.c   2020-11-10 16:10:54.525476516 +0100
@@ -468,11 +468,20 @@ AP_DECLARE(int) ap_scan_script_header_er
     apr_table_t *cookie_table;
     int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
     int first_header = 1;
+    int wlen;
 
     if (buffer) {
         *buffer = '\0';
     }
-    w = buffer ? buffer : x;
+
+    if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+        w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+        wlen = r->server->limit_req_fieldsize + 2;
+    } else {
+        w = buffer ? buffer : x;
+        wlen = MAX_STRING_LEN;
+    }
+
 
     /* temporary place to hold headers to merge in later */
     merge = apr_table_make(r->pool, 10);
@@ -488,7 +497,7 @@ AP_DECLARE(int) ap_scan_script_header_er
 
     while (1) {
 
-        int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+        int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
         if (rv == 0) {
             const char *msg = "Premature end of script headers";
             if (first_header)
@@ -603,10 +612,13 @@ AP_DECLARE(int) ap_scan_script_header_er
         if (!(l = strchr(w, ':'))) {
             if (!buffer) {
                 /* Soak up all the script output - may save an outright kill */
-                while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
+                while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
                     continue;
                 }
-            }
+            } else if (w != buffer) {
+               strncpy(buffer, w, MAX_STRING_LEN - 1);
+               buffer[MAX_STRING_LEN - 1] = 0;
+           }
 
             /* Intentional no APLOGNO */
             ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
++++++ apache2-a2enflag ++++++
#!/bin/bash

# Copyright 2005 Peter Poeml <[email protected]>. All Rights Reserved.

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.


function usage() {
        echo "$(basename $0): enable/disable a flag in $var in $sysconf"
        echo
        echo "usage: $(basename $0) [-d] flag"
        echo
        echo "HTTPD_INSTANCE=<instance_name> environment variable can be used 
to specify"
        echo "apache instance (see README-instances.txt); sysconfig file is 
expected" 
        echo "at /etc/sysconfig/apache2@<instance_name> ."
        exit 1
}

unset instance_suffix
if [ -n "$HTTPD_INSTANCE" ]; then
  instance_suffix="@$HTTPD_INSTANCE"
fi

sysconf=/etc/sysconfig/apache2$instance_suffix
var=APACHE_SERVER_FLAGS
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"

if [ $# -lt 1 ]; then
        usage
fi

action=enable
case "$1" in 
-d) action=disable; shift;;
-*) usage;; 
esac

case $(basename $0) in 
a2disflag) action=disable;;
esac

flag=$1


if [ $action = enable ]; then
        sysconf_addword $sysconf $var $flag
        exit $?
else
        sysconf_addword -r $sysconf $var $flag
        exit $?
fi

++++++ apache2-a2enmod ++++++
#!/bin/bash

# Copyright 2005 Peter Poeml <[email protected]>. All Rights Reserved.

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.


function usage() {
        echo "$(basename $0): enable/disable an apache module in $var in 
$sysconf"
        echo
        echo "usage: $(basename $0) [-d] module"
        echo "       $(basename $0) -l                    list modules"
        echo "       $(basename $0) -q module             query if module is 
installed"
        echo
        echo "HTTPD_INSTANCE=<instance_name> environment variable can be used 
to specify"
        echo "apache instance (see README-instances.txt); sysconfig file is 
expected" 
        echo "at /etc/sysconfig/apache2@<instance_name> ."
        exit 1
}

unset instance_suffix
if [ -n "$HTTPD_INSTANCE" ]; then
  instance_suffix="@$HTTPD_INSTANCE"
fi

sysconf=/etc/sysconfig/apache2$instance_suffix
var=APACHE_MODULES
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"

if [ $# -lt 1 ]; then
        usage
fi

action=enable
case "$1" in 
-d) action=disable; shift;;
-l) action=list; shift;;
-q) action=query; shift;;
-*) usage;; 
esac

case $(basename $0) in 
a2dismod) action=disable;;
esac

mod=$1


if [ $action = enable ]; then
        sysconf_addword $sysconf $var $mod
        exit $?
elif [ $action = disable ]; then
        sysconf_addword -r $sysconf $var $mod
        exit $?
elif [ $action = query ]; then
        if a2enmod -l | grep -q "\<$mod\>"; then
                exit 0
        else
                exit 1
        fi
else
        source $sysconf
        eval echo \$$var
fi

++++++ apache2-apachectl.patch ++++++

Index: httpd-2.4.46/support/apachectl.in
===================================================================
--- httpd-2.4.46.orig/support/apachectl.in      2012-02-01 04:47:28.000000000 
+0100
+++ httpd-2.4.46/support/apachectl.in   2020-11-09 15:29:52.479823800 +0100
@@ -42,7 +42,7 @@ ARGV="$@"
 # --------------------                              --------------------
 # 
 # the path to your httpd binary, including options if necessary
-HTTPD='@exp_sbindir@/@progname@'
+HTTPD='@exp_sbindir@/start_apache2'
 #
 # pick up any necessary environment variables
 if test -f @exp_sbindir@/envvars; then
@@ -52,7 +52,11 @@ fi
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
 # programs may work.  
-LYNX="@LYNX_PATH@ -dump"
+if [ -x "`which w3m`" ]; then
+        LYNX="w3m -dump -cols ${COLUMNS:-80}"
+elif [ -x "`which lynx`" ]; then
+        LYNX="lynx -dump -width=${COLUMNS:-80}"
+fi
 #
 # the URL to your server's mod_status status page.  If you do not
 # have one, then status and fullstatus will not work.
++++++ apache2-find_directives ++++++
#!/bin/bash

exit_code=1

function usage
{
  echo "Check for directives in apache configuration (including"
  echo "potentially reachable .htaccess files)"
  echo ""
  echo "Usage: $0 [options]"
  echo ""
  echo "       options: "
  echo "              -s string    system configuration root"
  echo "                           [default: $system_conf_root]"
  echo "              -d string    directives to search"
  echo "                           [default: $check_directives]"
  echo "              -n string    htaccess file name(s)"
  echo "                           [default: $htaccess_names]"
  echo "              -q           do not print where directive(s) was found"
  echo "              -v           as -v plus trace and matched lines"
  echo "              -h           this help"
  echo ""
  echo "Return Value:  0    at least one occurence found in apache config"
  echo "               1    no occurence found"
  echo "               2    wrong arguments"
  echo ""
  echo "Example: "
  echo "   $ $0 -s '/etc/apache2/default-server.conf' -n '.htaccess .htconfig' 
-d 'Require' -v"
  echo "   Checking /etc/apache2/default-server.conf .. FOUND"
  echo "   Checking /srv/www/htdocs/foo/.htaccess .. FOUND"
  echo "   Checking /etc/apache2/conf.d/gitweb.conf .. FOUND"
  echo "   $"
}


function find_directives_in_file
{
  file=$1

  pattern=$(echo $check_directives | 
    sed 's:\([^ \t]\+\):\\b\1\\b:g' |
    sed 's:\s\+:\\|:g')

  output=$(cat $file |  sed 's:#.*::' | grep -i "$pattern")
  if [ $? -eq 0 ]; then 
    [ $verbosity -ge 1 ] && echo "    Checking $file .. FOUND"
    [ $verbosity -ge 2 ] && echo "    Output: [$output]"
    exit_code=0
  else
    [ $verbosity -ge 2 ] && echo "    Checking $file .. NOT FOUND"
  fi
}

function check_conf_file
{
  conf_file=$1

  [ $verbosity -ge 2 ] && echo "CONFIG FILE: $conf_file"

  find_directives_in_file $conf_file

  # check all directories with AllowOverride not None 
  # for .htaccess files
  directories=$(grep -i '<directory' $conf_file | 
    sed 's:#.*::' | 
    sed 's:.*<directory\s*\([^ \t]*\)\s*>:\1:I' | 
    tr -d '"')

  find_names=$(echo $htaccess_names | 
    sed 's:^\s\+::' | 
    sed 's:\s\+$::' | 
    sed 's:\s\+: -o -name :g' | 
    sed 's:^:-name :')

  for dir in $directories; do
    [ $verbosity -ge 2 ] && echo "  Directory: $dir"

    allow_override=$(grep -i -Pzo "(?s)<directory[\s\"]*$dir.*?</directory>" 
$conf_file | 
      sed 's:#.*::'| 
      grep AllowOverride)

    [ $verbosity -ge 2 ] && echo "    override: $allow_override"

    shopt -s nocasematch
    if [[ ! $allow_override =~ allowoverride.*none ]]; then
      for htfile in $(find $dir $find_names); do
        find_directives_in_file $htfile
      done
    fi 
    shopt -u nocasematch
  done

  # check all Include or IncludeOptional files recursively
  include_files=$(grep '^\s*Include' $conf_file | 
    sed 's:#.*::' | 
    sed 's:Include[^ ]*\s\+::' | 
    tr '\n' ' ')
  [ $verbosity -ge 2 ] && echo "  Include Files: [$include_files]"

  for ifile in $include_files; do
    if [ -f $ifile ]; then
      check_conf_file $ifile
    fi
  done
}

system_conf_root="/etc/apache2/httpd.conf"
check_directives="allow deny order satisfy"
htaccess_names=".htaccess"
verbosity=1

while getopts ":hs:d:n:vq" opt; do
  case $opt in
    s)
      system_conf_root=$OPTARG
      ;;
    d)
      check_directives=$OPTARG 
      ;;
    n)
      htaccess_names=$OPTARG
      ;;
    q)
      verbosity=0
      ;;
    v)
      verbosity=2
      ;;
    h)
      usage
      exit 0
      ;;
    \?)
      echo "ERROR: Invalid option: -$OPTARG" >&2
      usage
      exit 2
      ;;
    :)
      echo "ERROR: Option -$OPTARG requires an argument." >&2
      usage
      exit 2
      ;;
  esac
done

check_conf_file $system_conf_root

exit $exit_code



++++++ apache2-gensslcert ++++++
#!/bin/bash
# Peter Poeml <[email protected]>
#
# Script to generate ssl keys for mod_ssl, without requiring user input
# most of it is copied from mkcert.sh of the mod_ssl distribution
#
# XXX This is just a hack, it won't be able to do anything you want!
#

function usage
{
        cat <<-EOF
        `basename $0` will generate a test certificate "the quick way", i.e. 
without interaction.
        You can change some defaults however.
        It will overwrite /root/.mkcert.cfg

        These options are recognized:           Default:

        -N      comment                         "$comment"
        -c      country (two letters, e.g. DE)  $C
        -s      state                           $ST
        -l      city                            $L
        -o      organisation                    "$O"
        -u      organisational unit             "$U"
        -n      fully qualified domain name     $CN (hostname -f)
        -e      email address of webmaster      webmaster@$CN
        -a      subject alternative name        $altName
        -y      days server cert is valid for   $srvdays
        -Y      days CA cert is valid for       $CAdays
        -d      run in debug mode                       
        -h      show usage
        EOF
}


test -t && { BRIGHT=''; RED=''; NORMAL=''; }
function myecho { echo $BRIGHT$@$NORMAL; }
function error { echo $RED$@$NORMAL; }
function myexit { error something ugly seems to have happened in line $1...; 
exit $2; }

hostname=/usr/bin/hostname
FQHOSTNAME=""
if [ -x $hostname ]; then
    FQHOSTNAME=`$hostname -f 2>/dev/null`
    # bsc#1035829
    fqlength=`echo -n $FQHOSTNAME|wc -c`
    if [ $fqlength -gt 64 ]; then
        FQHOSTNAME=`$hostname 2>/dev/null`
    fi
fi
# bsc#1057406
if [ -z $FQHOSTNAME ]; then
    FQHOSTNAME='localhost'
fi

# defaults
  comment="mod_ssl server certificate"
        C=XY
       ST=unknown
        L=unknown
        U="web server"
        O="SUSE Linux Web Server"
       CN=$FQHOSTNAME
    email=webmaster@$FQHOSTNAME
  altName=DNS:$CN
   CAdays=$((365 * 6))
  srvdays=$((365 * 2))

while getopts C:N:c:s:l:o:u:n:e:a:y:Y:dh OPT; do
    case $OPT in
        N) comment=$OPTARG;;
        c) C=$OPTARG;;
        s) ST=$OPTARG;;
        l) L=$OPTARG;;
        u) U=$OPTARG;;
        o) O=$OPTARG;;
        n) CN=$OPTARG;;
        e) email=$OPTARG;;
        a) altName=$OPTARG;;
        y) srvdays=$OPTARG;;
        Y) CAdays=$OPTARG;;
        d) set -x;;
        h) usage; exit 2;;
        *) echo unrecognized option: $OPT; usage; exit 2;;
    esac
done

GO_LEFT="\033[80D"
GO_MIDDLE="$GO_LEFT\033[15C"
for i in comment C ST L U O CN email altName srvdays CAdays; do 
        eval "echo -e $i\"$GO_MIDDLE\" \$$i;"
done


openssl=/usr/bin/openssl
sslcrtdir=/etc/apache2/ssl.crt
sslcsrdir=/etc/apache2/ssl.csr
sslkeydir=/etc/apache2/ssl.key
sslprmdir=/etc/apache2/ssl.prm

name="$CN-"

#
# CA
#
echo;myecho creating CA key ...
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}ca.key 
2048 || myexit $LINENO $?)

cat >/root/.mkcert.cfg <<EOT
[ req ]
default_bits           = 2048
default_keyfile        = keyfile.pem
distinguished_name     = req_distinguished_name
attributes             = req_attributes
prompt                 = no
output_password        = mypass

[ req_distinguished_name ]
C                      = $C
ST                     = $ST
L                      = $L
O                      = $O
OU                     = CA
CN                     = $CN
emailAddress           = $email

[ req_attributes ]
challengePassword              = $RANDOM$RANDOMA challenge password
EOT

echo;myecho creating CA request/certificate ...
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -x509 -days $CAdays 
-key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO 
$?)

cp -pv $sslcrtdir/${name}ca.crt /srv/www/htdocs/$(echo $name | tr 'a-z' 
'A-Z')CA.crt

#
# Server CERT
#
echo;myecho creating server key ...
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out 
$sslkeydir/${name}server.key 2048 || myexit $LINENO $?)

cat >/root/.mkcert.cfg <<EOT
[ req ]
default_bits           = 2048
default_keyfile        = keyfile.pem
distinguished_name     = req_distinguished_name
attributes             = req_attributes
prompt                 = no
output_password        = mypass
req_extensions         = x509v3

[ req_distinguished_name ]
C                      = $C
ST                     = $ST
L                      = $L
O                      = $O
OU                     = $U
CN                     = $CN
emailAddress           = $email

[ x509v3 ]
subjectAltName         = $altName
nsComment              = $comment
nsCertType             = server

[ req_attributes ]
challengePassword              = $RANDOM$RANDOMA challenge password
EOT

echo;myecho creating server request ...
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -key 
$sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit 
$LINENO $?)


cat >/root/.mkcert.cfg <<EOT
extensions = x509v3
[ x509v3 ]
subjectAltName   = $altName
nsComment        = $comment
nsCertType       = server
EOT


test -f /root/.mkcert.serial || echo 01 >/root/.mkcert.serial
myecho "creating server certificate ..."
(umask 0377 ; $openssl x509                                     \
        -extfile /root/.mkcert.cfg                      \
        -days $srvdays                          \
        -CAserial /root/.mkcert.serial          \
        -CA $sslcrtdir/${name}ca.crt            \
        -CAkey $sslkeydir/${name}ca.key         \
        -in $sslcsrdir/${name}server.csr -req   \
        -out $sslcrtdir/${name}server.crt || myexit $LINENO $?)

rm -f /root/.mkcert.cfg




echo;myecho "Verify: matching certificate & key modulus"
modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 
's;.*Modulus=;;' || myexit $LINENO $?`
modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 
's;.*Modulus=;;' || myexit $LINENO $?`

if [ ".$modcrt" != ".$modkey" ]; then
    error "gensslcert:Error: Failed to verify modulus on resulting X.509 
certificate" 1>&2
    myexit $LINENO $?
fi

echo;myecho Verify: matching certificate signature
    $openssl verify -CAfile $sslcrtdir/${name}ca.crt 
$sslcrtdir/${name}server.crt || myexit $LINENO $?
if [ $? -ne 0 ]; then
    error "gensslcert:Error: Failed to verify signature on resulting X.509 
certificate" 1>&2
    myexit $LINENO $?
fi

echo;myecho generating dhparams and appending it to the server certificate 
file...
openssl dhparam 2048  >> $sslcrtdir/${name}server.crt


exit 0

++++++ apache2-loadmodule.conf ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.410298663 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.414298674 +0100
@@ -1,24 +1,75 @@
-LoadModule actions_module                 
/usr/lib64/apache2-prefork/mod_actions.so
-LoadModule alias_module                   
/usr/lib64/apache2-prefork/mod_alias.so
-LoadModule auth_basic_module              
/usr/lib64/apache2-prefork/mod_auth_basic.so
-LoadModule authn_file_module              
/usr/lib64/apache2-prefork/mod_authn_file.so
-LoadModule authz_host_module              
/usr/lib64/apache2-prefork/mod_authz_host.so
-LoadModule authz_groupfile_module         
/usr/lib64/apache2-prefork/mod_authz_groupfile.so
-LoadModule authz_user_module              
/usr/lib64/apache2-prefork/mod_authz_user.so
-LoadModule autoindex_module               
/usr/lib64/apache2-prefork/mod_autoindex.so
-LoadModule cgi_module                     /usr/lib64/apache2-prefork/mod_cgi.so
-LoadModule dir_module                     /usr/lib64/apache2-prefork/mod_dir.so
-LoadModule env_module                     /usr/lib64/apache2-prefork/mod_env.so
-LoadModule expires_module                 
/usr/lib64/apache2-prefork/mod_expires.so
-LoadModule include_module                 
/usr/lib64/apache2-prefork/mod_include.so
-LoadModule log_config_module              
/usr/lib64/apache2-prefork/mod_log_config.so
-LoadModule mime_module                    
/usr/lib64/apache2-prefork/mod_mime.so
-LoadModule negotiation_module             
/usr/lib64/apache2-prefork/mod_negotiation.so
-LoadModule setenvif_module                
/usr/lib64/apache2-prefork/mod_setenvif.so
-LoadModule ssl_module                     /usr/lib64/apache2-prefork/mod_ssl.so
-LoadModule socache_shmcb_module           
/usr/lib64/apache2-prefork/mod_socache_shmcb.so
-LoadModule userdir_module                 
/usr/lib64/apache2-prefork/mod_userdir.so
-LoadModule reqtimeout_module              
/usr/lib64/apache2-prefork/mod_reqtimeout.so
-LoadModule authn_core_module              
/usr/lib64/apache2-prefork/mod_authn_core.so
-LoadModule authz_core_module              
/usr/lib64/apache2-prefork/mod_authz_core.so
-
+<IfModule prefork.c>
+    LoadModule actions_module                 
/usr/lib64/apache2-prefork/mod_actions.so
+    LoadModule alias_module                   
/usr/lib64/apache2-prefork/mod_alias.so
+    LoadModule auth_basic_module              
/usr/lib64/apache2-prefork/mod_auth_basic.so
+    LoadModule authn_file_module              
/usr/lib64/apache2-prefork/mod_authn_file.so
+    LoadModule authz_host_module              
/usr/lib64/apache2-prefork/mod_authz_host.so
+    LoadModule authz_groupfile_module         
/usr/lib64/apache2-prefork/mod_authz_groupfile.so
+    LoadModule authz_user_module              
/usr/lib64/apache2-prefork/mod_authz_user.so
+    LoadModule autoindex_module               
/usr/lib64/apache2-prefork/mod_autoindex.so
+    LoadModule cgi_module                     
/usr/lib64/apache2-prefork/mod_cgi.so
+    LoadModule dir_module                     
/usr/lib64/apache2-prefork/mod_dir.so
+    LoadModule env_module                     
/usr/lib64/apache2-prefork/mod_env.so
+    LoadModule expires_module                 
/usr/lib64/apache2-prefork/mod_expires.so
+    LoadModule include_module                 
/usr/lib64/apache2-prefork/mod_include.so
+    LoadModule log_config_module              
/usr/lib64/apache2-prefork/mod_log_config.so
+    LoadModule mime_module                    
/usr/lib64/apache2-prefork/mod_mime.so
+    LoadModule negotiation_module             
/usr/lib64/apache2-prefork/mod_negotiation.so
+    LoadModule setenvif_module                
/usr/lib64/apache2-prefork/mod_setenvif.so
+    LoadModule ssl_module                     
/usr/lib64/apache2-prefork/mod_ssl.so
+    LoadModule socache_shmcb_module           
/usr/lib64/apache2-prefork/mod_socache_shmcb.so
+    LoadModule userdir_module                 
/usr/lib64/apache2-prefork/mod_userdir.so
+    LoadModule reqtimeout_module              
/usr/lib64/apache2-prefork/mod_reqtimeout.so
+    LoadModule authn_core_module              
/usr/lib64/apache2-prefork/mod_authn_core.so
+    LoadModule authz_core_module              
/usr/lib64/apache2-prefork/mod_authz_core.so
+</IfModule>
+<IfModule worker.c>
+    LoadModule actions_module                 
/usr/lib64/apache2-worker/mod_actions.so
+    LoadModule alias_module                   
/usr/lib64/apache2-worker/mod_alias.so
+    LoadModule auth_basic_module              
/usr/lib64/apache2-worker/mod_auth_basic.so
+    LoadModule authn_file_module              
/usr/lib64/apache2-worker/mod_authn_file.so
+    LoadModule authz_host_module              
/usr/lib64/apache2-worker/mod_authz_host.so
+    LoadModule authz_groupfile_module         
/usr/lib64/apache2-worker/mod_authz_groupfile.so
+    LoadModule authz_user_module              
/usr/lib64/apache2-worker/mod_authz_user.so
+    LoadModule autoindex_module               
/usr/lib64/apache2-worker/mod_autoindex.so
+    LoadModule cgi_module                     
/usr/lib64/apache2-worker/mod_cgi.so
+    LoadModule dir_module                     
/usr/lib64/apache2-worker/mod_dir.so
+    LoadModule env_module                     
/usr/lib64/apache2-worker/mod_env.so
+    LoadModule expires_module                 
/usr/lib64/apache2-worker/mod_expires.so
+    LoadModule include_module                 
/usr/lib64/apache2-worker/mod_include.so
+    LoadModule log_config_module              
/usr/lib64/apache2-worker/mod_log_config.so
+    LoadModule mime_module                    
/usr/lib64/apache2-worker/mod_mime.so
+    LoadModule negotiation_module             
/usr/lib64/apache2-worker/mod_negotiation.so
+    LoadModule setenvif_module                
/usr/lib64/apache2-worker/mod_setenvif.so
+    LoadModule ssl_module                     
/usr/lib64/apache2-worker/mod_ssl.so
+    LoadModule socache_shmcb_module           
/usr/lib64/apache2-worker/mod_socache_shmcb.so
+    LoadModule userdir_module                 
/usr/lib64/apache2-worker/mod_userdir.so
+    LoadModule reqtimeout_module              
/usr/lib64/apache2-worker/mod_reqtimeout.so
+    LoadModule authn_core_module              
/usr/lib64/apache2-worker/mod_authn_core.so
+    LoadModule authz_core_module              
/usr/lib64/apache2-worker/mod_authz_core.so
+</IfModule>
+<IfModule event.c>
+    LoadModule actions_module                 
/usr/lib64/apache2-event/mod_actions.so
+    LoadModule alias_module                   
/usr/lib64/apache2-event/mod_alias.so
+    LoadModule auth_basic_module              
/usr/lib64/apache2-event/mod_auth_basic.so
+    LoadModule authn_file_module              
/usr/lib64/apache2-event/mod_authn_file.so
+    LoadModule authz_host_module              
/usr/lib64/apache2-event/mod_authz_host.so
+    LoadModule authz_groupfile_module         
/usr/lib64/apache2-event/mod_authz_groupfile.so
+    LoadModule authz_user_module              
/usr/lib64/apache2-event/mod_authz_user.so
+    LoadModule autoindex_module               
/usr/lib64/apache2-event/mod_autoindex.so
+    LoadModule cgi_module                     
/usr/lib64/apache2-event/mod_cgi.so
+    LoadModule dir_module                     
/usr/lib64/apache2-event/mod_dir.so
+    LoadModule env_module                     
/usr/lib64/apache2-event/mod_env.so
+    LoadModule expires_module                 
/usr/lib64/apache2-event/mod_expires.so
+    LoadModule include_module                 
/usr/lib64/apache2-event/mod_include.so
+    LoadModule log_config_module              
/usr/lib64/apache2-event/mod_log_config.so
+    LoadModule mime_module                    
/usr/lib64/apache2-event/mod_mime.so
+    LoadModule negotiation_module             
/usr/lib64/apache2-event/mod_negotiation.so
+    LoadModule setenvif_module                
/usr/lib64/apache2-event/mod_setenvif.so
+    LoadModule ssl_module                     
/usr/lib64/apache2-event/mod_ssl.so
+    LoadModule socache_shmcb_module           
/usr/lib64/apache2-event/mod_socache_shmcb.so
+    LoadModule userdir_module                 
/usr/lib64/apache2-event/mod_userdir.so
+    LoadModule reqtimeout_module              
/usr/lib64/apache2-event/mod_reqtimeout.so
+    LoadModule authn_core_module              
/usr/lib64/apache2-event/mod_authn_core.so
+    LoadModule authz_core_module              
/usr/lib64/apache2-event/mod_authz_core.so
+</IfModule>

++++++ apache2-logresolve-tmp-security.patch ++++++
--- httpd-2.4.6.orig/support/logresolve.pl.in
+++ httpd-2.4.6/support/logresolve.pl.in
@@ -57,6 +57,7 @@ $|=1;
 
 use FileHandle;
 use Socket;
+use File::Temp;
 
 use strict;
 no strict 'refs';
@@ -71,11 +72,13 @@ my $filename;
 my %hash = ();
 my $parent = $$;
 
+my $tempdir = File::Temp::tempdir("logresolve.pl.sockets.XXXXXX", CLEANUP => 
1);
+
 my @children = ();
 for (my $child = 1; $child <=$CHILDREN; $child++) {
        my $f = fork(); 
        if (!$f) {
-               $filename = "./.socket.$parent.$child";
+               $filename = "$tempdir/socket.$parent.$child";
                if (-e $filename) { unlink($filename) || warn "$filename .. 
$!\n";}
                &child($child);
                exit(0);
@@ -91,9 +94,9 @@ sub cleanup {
         # die kiddies, die
        kill(15, @children);
        for (my $child = 1; $child <=$CHILDREN; $child++) {
-               if (-e "./.socket.$parent.$child") {
-                       unlink("./.socket.$parent.$child")
-                               || warn ".socket.$parent.$child $!";
+               if (-e "$tempdir/socket.$parent.$child") {
+                       unlink("$tempdir/socket.$parent.$child")
+                               || warn "$tempdir/socket.$parent.$child $!";
                }
        }
 }
@@ -113,7 +116,7 @@ sub parent {
                if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, 
$PROTOCOL)) {
                        warn "parent socket to child failed $!";
                }
-               $filename = "./.socket.$parent.$child";
+               $filename = "$tempdir/socket.$parent.$child";
                my $response;
                do {
                        $response = connect($CHILDSOCK{$child}, 
sockaddr_un($filename));
@@ -176,7 +179,7 @@ sub child {
         # create a socket to communicate with parent
        socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
                || die "Error with Socket: !$\n";
-       $filename = "./.socket.$parent.$me";
+       $filename = "$tempdir/socket.$parent.$me";
        bind(INBOUND, sockaddr_un($filename))
                || die "Error Binding $filename: $!\n";
        listen(INBOUND, 5) || die "Error Listening: $!\n";
++++++ apache2-manual.conf ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.446298764 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.446298764 +0100
@@ -10,11 +10,12 @@
     Options Indexes
     AllowOverride None
     <IfModule !mod_access_compat.c>
-        Require all granted
+        Require local
     </IfModule>
     <IfModule mod_access_compat.c>
-        Order allow,deny
-        Allow from all
+        Order deny,allow
+        Deny from all
+        Allow from localhost 127.0.0.1
     </IfModule>
 
     <Files *.html>

++++++ apache2-mod_example.c ++++++
/* Include the required headers from httpd */
#include "httpd.h"
#include "http_core.h"
#include "http_protocol.h"
#include "http_request.h"

/* Define prototypes of our functions in this module */
static void register_hooks(apr_pool_t *pool);
static int example_handler(request_rec *r);

/* Define our module as an entity and assign a function for registering hooks  
*/

module AP_MODULE_DECLARE_DATA   example_module =
{
    STANDARD20_MODULE_STUFF,
    NULL,            // Per-directory configuration handler
    NULL,            // Merge handler for per-directory configurations
    NULL,            // Per-server configuration handler
    NULL,            // Merge handler for per-server configurations
    NULL,            // Any directives we may have for httpd
    register_hooks   // Our hook registering function
};


/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool) 
{
    
    /* Hook the request handler */
    ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST);
}

/* The handler function for our module.
 * This is where all the fun happens!
 */

static int example_handler(request_rec *r)
{
    /* First off, we need to check if this is a call for the "example" handler.
     * If it is, we accept it and do our things, it not, we simply return 
DECLINED,
     * and Apache will try somewhere else.
     */
    if (!r->handler || strcmp(r->handler, "example-handler")) return (DECLINED);
    
    // The first thing we will do is write a simple "Hello, world!" back to the 
client.
    ap_rputs("Hello, world!<br/>\n", r);
    return OK;
}
++++++ apache2-mod_proxy_uwsgi-fix-crash.patch ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.538299025 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.538299025 +0100
@@ -1,7 +1,7 @@
 Index: httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c
 ===================================================================
 --- httpd-2.4.46.orig/modules/proxy/mod_proxy_uwsgi.c  2020-07-24 
11:35:25.000000000 +0200
-+++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c       2020-08-07 
14:03:05.266134827 +0200
++++ httpd-2.4.46/modules/proxy/mod_proxy_uwsgi.c       2020-11-10 
16:38:14.507125446 +0100
 @@ -175,7 +175,7 @@ static int uwsgi_send_headers(request_re
      env = (apr_table_entry_t *) env_table->elts;
  

++++++ apache2-script-helpers ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.626299274 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.630299286 +0100
@@ -10,9 +10,9 @@
 function load_sysconfig
 {
   [ -n "$sysconfig_loaded" ] && return
-  [ ! -f "$SYSCONFIG_FILE" ] && return
+  [ ! -f "$HTTPD_SYSCONFIG_FILE" ] && return
 
-  . $SYSCONFIG_FILE
+  . $HTTPD_SYSCONFIG_FILE
 
   export ${!APACHE_*} sysconfig_loaded=true
 }
@@ -32,22 +32,10 @@
 
   # try to read from sysconfig's APACHE_MPM
   HTTPD_MPM="$APACHE_MPM"
-  # if empty, then choose one from installed
+  # if empty, then choose the one chosen by
+  # update alternatives
   if [ -z "$HTTPD_MPM" ]; then
-      installed_mpms=""
-      for i in $HTTPD_SBIN_BASE-*; do
-          test -f $i || continue
-          i=$(basename $i)
-          i=${i#*-}
-         installed_mpms="$installed_mpms $i"
-      done
-      # hardcoded preference here:
-      for mpm in event worker prefork; do
-        if [[ $installed_mpms =~ "$mpm" ]]; then
-         HTTPD_MPM=$mpm
-          break
-        fi
-      done
+     HTTPD_MPM=$(readlink $(readlink /usr/sbin/httpd) | sed 
"s:/usr/sbin/httpd-::")
   fi
 
   # in case no 

++++++ apache2-start_apache2 ++++++
#!/bin/sh
#
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002, 2003, (2004?) SuSE Linux AG
# Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH
#
# Authors: Rolf Haberrecker <[email protected]>, 2001
#          Peter Poeml <[email protected]>, 2002, 2003, 2004, 2005, 2006, 2007, 
#                                        2008, 2009, 2010
#
#

. /usr/share/apache2/script-helpers

#
# which instance should we will run, comes from
# apache2@ service file
#
unset instance_suffix
if [ -n "$START_APACHE_INSTANCE" ]; then 
  instance_suffix="@$START_APACHE_INSTANCE"
fi

#
# load sysconfig variables APACHE_* from instance sysconfig
# file; START_APACHE_SYSCONFIG_FILE can be used for change the system
# default (e. g. for testing purposes)
#
export 
HTTPD_SYSCONFIG_FILE=${START_APACHE_SYSCONFIG_FILE:-/etc/sysconfig/apache2${instance_suffix}}
load_sysconfig

#
# dir to locate pid file into; START_APACHE_RUN_DIR can be used
# to change the system default (e. g. for testing purposes)
#
run_dir="${START_APACHE_RUN_DIR:-/run}"

unset server_flags
#
# server_flags: -DSYSCONFIG
#
if [ -f "$HTTPD_SYSCONFIG_FILE" ]; then
  server_flags="$server_flags -DSYSCONFIG"
fi

#
# figure out correct apache2 binary (/usr/sbin/httpd-prefork,
# /usr/sbin/httpd-worker, etc.) and serverflags
#
find_mpm
if [ -n "$HTTPD_MPM" ]; then
    apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM"
    if ! [ -x $apache_bin ]; then
        echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary."
        echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2."
        exit 1
    fi
else
    # take /usr/sbin/httpd, which will
    # exist thanks to update alternatives
    apache_bin="$HTTPD_SBIN_BASE"
fi

# server flags from APACHE_SERVER_FLAGS
for i in $APACHE_SERVER_FLAGS; do
        case $i in 
        -D)     ;;
        -D*)    server_flags="$server_flags $i";;
        *)      server_flags="$server_flags -D$i";;
        esac
done

#
# head configuration file
#
httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf}

#
# where to write configuration depending on sysconfig variables
#
sysconfd_dir=$(dirname $httpd_conf)/sysconfig${instance_suffix}.d/

#
# set PidFile to this file name; PidFile should not
# be used in the configuration to change this, otherwise
# stopping will not work
#
pid_file=$run_dir/httpd${instance_suffix}.pid

#
# involve the sysconfig variables
#
[ -d ${sysconfd_dir} ] || mkdir -p ${sysconfd_dir} || exit 1
for c in global.conf include.conf loadmodule.conf; do
  echo "# File generated from $HTTPD_SYSCONFIG_FILE, do not edit. Edit the 
sysconfig file instead." > ${sysconfd_dir}/$c
done
# APACHE_ACCESS_LOG -> global.conf
if [ -n "$APACHE_ACCESS_LOG" ]; then
    echo "CustomLog $APACHE_ACCESS_LOG" | sed 's:,:\nCustomLog :' >> 
${sysconfd_dir}/global.conf
fi
# APACHE_CONF_INCLUDE_FILES -> include.conf
for file in $APACHE_CONF_INCLUDE_FILES; do
    test ${file:0:1} = / || file=/etc/apache2/$file
    if [ ! -e $file ]; then
      continue
    fi
    echo "Include $file" >> ${sysconfd_dir}/include.conf
done
# APACHE_CONF_INCLUDE_DIRS -> include.conf
for dir in $APACHE_CONF_INCLUDE_DIRS; do
    test ${dir:0:1} = / || dir=/etc/apache2/$dir
    if  ! ( [ -e $dir ] || [ -e ${dir%/*} ] ); then
      continue
    fi
    echo "Include $dir" >> ${sysconfd_dir}/include.conf
done
# APACHE_SERVERADMIN -> global.conf
if [ -n "$APACHE_SERVERADMIN" ]; then
    echo "ServerAdmin $APACHE_SERVERADMIN" >> ${sysconfd_dir}/global.conf
fi
# APACHE_SERVERNAME -> global.conf
if [ -n "$APACHE_SERVERNAME" ]; then
    echo "ServerName $APACHE_SERVERNAME" >> ${sysconfd_dir}/global.conf
fi
# APACHE_START_TIMEOUT
# not used nowadays
# APACHE_SERVERSIGNATURE -> global.conf
if [ -n "$APACHE_SERVERSIGNATURE" ]; then
    echo "ServerSignature $APACHE_SERVERSIGNATURE" >> 
${sysconfd_dir}/global.conf
fi
# APACHE_LOGLEVEL -> global.conf
if [ -n "$APACHE_LOGLEVEL" ]; then
    echo "LogLevel $APACHE_LOGLEVEL" >> ${sysconfd_dir}/global.conf
fi
# APACHE_USE_CANONICAL_NAME -> global.conf
if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then
    echo "UseCanonicalName $APACHE_USE_CANONICAL_NAME" >> 
${sysconfd_dir}/global.conf
fi
# APACHE_SERVERTOKENS -> global.conf
if [ -n "$APACHE_SERVERTOKENS" ]; then
    echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf
fi
# APACHE_EXTENDED_STATUS -> global.conf
if [ -n "$APACHE_EXTENDED_STATUS" ]; then
    echo "ExtendedStatus $APACHE_EXTENDED_STATUS" >> ${sysconfd_dir}/global.conf
fi
# APACHE_MODULES -> loadmodule.conf
get_module_list
module_ids=($HTTPD_MODULE_IDS)
module_paths=($HTTPD_MODULE_PATHS)
for i in "${!module_ids[@]}"; do
    echo "LoadModule ${module_ids[$i]} ${module_paths[$i]}" >> 
${sysconfd_dir}/loadmodule.conf
done

#
# a proper home should be set, otherwise the server might end up 
# with HOME=/root and some script might try to use that
#
HOME=/var/lib/apache2${instance_suffix}

#
# run Apache
#

exec $apache_bin $server_flags \
        -C "PidFile $pid_file" \
        -C "Include $sysconfd_dir/loadmodule.conf" \
        -C "Include $sysconfd_dir/global.conf" \
        -f $httpd_conf \
        -c "Include $sysconfd_dir/include.conf" \
        $@

exit 0

++++++ apache2-system-dirs-layout.patch ++++++
Index: httpd-2.4.46/config.layout
===================================================================
--- httpd-2.4.46.orig/config.layout     2020-11-11 11:02:08.957535301 +0100
+++ httpd-2.4.46/config.layout  2020-11-11 11:03:47.118083192 +0100
@@ -178,28 +178,52 @@
     proxycachedir: ${localstatedir}/proxy
 </Layout>
 
-#   SuSE 6.x layout
-<Layout SuSE>
-    prefix:        /usr
-    exec_prefix:   ${prefix}
-    bindir:        ${prefix}/bin
-    sbindir:       ${prefix}/sbin
-    libdir:        ${prefix}/lib
-    libexecdir:    ${prefix}/lib/apache
-    mandir:        ${prefix}/share/man
-    sysconfdir:    /etc/httpd
-    datadir:       /usr/local/httpd
-    installbuilddir: ${datadir}/build
-    errordir:      ${datadir}/error
-    iconsdir:      ${datadir}/icons
+#   SUSE (32 bit system)
+<Layout SUSE>
+    prefix:        /srv/www
+    exec_prefix:   /usr
+    bindir:        ${exec_prefix}/bin
+    sbindir:       ${exec_prefix}/sbin
+    libdir:        ${exec_prefix}/lib
+    libexecdir:    ${exec_prefix}/lib/apache2${MPM_SUFFIX}
+    mandir:        ${exec_prefix}/share/man
+    sysconfdir:    /etc/apache2
+    datadir:       ${prefix}
+    installbuilddir: ${exec_prefix}/share/apache2/build
+    errordir:      ${exec_prefix}/share/apache2/error
+    iconsdir:      ${exec_prefix}/share/apache2/icons
     htdocsdir:     ${datadir}/htdocs
-    manualdir:     ${datadir}/manual
+    manualdir:     ${exec_prefix}/share/apache2/manual
     cgidir:        ${datadir}/cgi-bin
-    includedir:    ${prefix}/include/apache
-    localstatedir: /var/lib/httpd
+    includedir:    ${exec_prefix}/include/apache2${MPM_SUFFIX}
+    localstatedir: /var/lib/apache2
     runtimedir:    /var/run
-    logfiledir:    /var/log/httpd
-    proxycachedir: /var/cache/httpd
+    logfiledir:    /var/log/apache2
+    proxycachedir: /var/cache/apache2
+</Layout>
+
+#   SUSE (64 bit system)
+<Layout SUSE_64>
+    prefix:        /srv/www
+    exec_prefix:   /usr
+    bindir:        ${exec_prefix}/bin
+    sbindir:       ${exec_prefix}/sbin
+    libdir:        ${exec_prefix}/lib64
+    libexecdir:    ${exec_prefix}/lib64/apache2${MPM_SUFFIX}
+    mandir:        ${exec_prefix}/share/man
+    sysconfdir:    /etc/apache2
+    datadir:       ${prefix}
+    installbuilddir: ${exec_prefix}/share/apache2/build
+    errordir:      ${exec_prefix}/share/apache2/error
+    iconsdir:      ${exec_prefix}/share/apache2/icons
+    htdocsdir:     ${datadir}/htdocs
+    manualdir:     ${exec_prefix}/share/apache2/manual
+    cgidir:        ${datadir}/cgi-bin
+    includedir:    ${exec_prefix}/include/apache2${MPM_SUFFIX}
+    localstatedir: /var/lib/apache2
+    runtimedir:    /var/run
+    logfiledir:    /var/log/apache2
+    proxycachedir: /var/cache/apache2
 </Layout>
 
 #   BSD/OS layout

++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.814299805 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.818299817 +0100
@@ -7,7 +7,7 @@
 [Service]
 Type=notify
 PrivateTmp=true
-Environment="HTTPD_INSTANCE=%i"
+Environment="START_APACHE_INSTANCE=%i"
 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start      
 ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
 ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop

++++++ firewalld-ssl.apache2 ++++++
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Secure WWW (HTTPS)</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security 
is important. Examples are sites that require logins like stores or web mail. 
This option is not required for viewing pages locally or developing Web pages. 
You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="443"/>
</service>
++++++ firewalld.apache2 ++++++
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>WWW (HTTP)</short>
  <description>HTTP is the protocol used to serve Web pages. If you plan to 
make your Web server publicly available, enable this option. This option is not 
required for viewing pages locally or developing Web pages.</description>
  <port protocol="tcp" port="80"/>
</service>


++++++ logrotate.apache2 ++++++
/var/log/apache2/access_log /var/log/apache2/*-access_log 
/var/log/apache2/ssl_request_log {
    compress
    dateext
    maxage 365
    rotate 99
    size=+4096k
    notifempty
    missingok
    create 644 root root
    sharedscripts    
    postrotate
     systemctl reload apache2.service
     sleep 60
    endscript
}

/var/log/apache2/error_log /var/log/apache2/*-error_log 
/var/log/apache2/suexec.log /var/log/apache2/ssl_engine_log 
/var/log/apache2/deflate.log {
    compress
    dateext
    maxage 365
    rotate 99
    size=+1024k
    notifempty
    missingok
    create 644 root root
    sharedscripts
    postrotate
     systemctl reload apache2.service
     sleep 60
    endscript
}
++++++ susefirewall-ssl.apache2 ++++++
## Name: HTTPS Server
## Description: Opens ports for Apache Web Server.

# space separated list of allowed TCP ports
TCP="https"

# space separated list of allowed UDP ports
UDP=""

# space separated list of allowed RPC services
RPC=""

# space separated list of allowed IP protocols
IP=""

# space separated list of allowed UDP broadcast ports
BROADCAST=""
++++++ susefirewall.apache2 ++++++
## Name: HTTP Server
## Description: Opens ports for Apache Web Server.

# space separated list of allowed TCP ports
TCP="http"

# space separated list of allowed UDP ports
UDP=""

# space separated list of allowed RPC services
RPC=""

# space separated list of allowed IP protocols
IP=""

# space separated list of allowed UDP broadcast ports
BROADCAST=""
++++++ sysconfig.apache2 ++++++
--- /var/tmp/diff_new_pack.mj2Mfm/_old  2020-12-08 13:22:57.934300145 +0100
+++ /var/tmp/diff_new_pack.mj2Mfm/_new  2020-12-08 13:22:57.934300145 +0100
@@ -125,13 +125,8 @@
 #
 # MPM (multi-processing module) to use.
 #
-# Needed to determine with which MPM apache will run, as well as
-# against which header files modules will be built. 
-#
-# If not set, the system will simply pick one of the installed MPMs.
-#
-# The implementation of the logic is in /usr/share/apache2/find_mpm,
-# a script which can be used standalone as well if needed.
+# Needed to determine with which MPM apache will run (when run
+# via systemd service). 
 #
 APACHE_MPM=""
 
_______________________________________________
openSUSE Commits mailing list -- [email protected]
To unsubscribe, email [email protected]
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: 
https://lists.opensuse.org/archives/list/[email protected]

Reply via email to