Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2019-01-15 13:16:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2 (Old) and /work/SRC/openSUSE:Factory/.apache2.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2" Tue Jan 15 13:16:19 2019 rev:152 rq:664057 version:2.4.37 Changes: -------- --- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2018-11-06 15:34:39.335678254 +0100 +++ /work/SRC/openSUSE:Factory/.apache2.new.28833/apache2.changes 2019-01-15 13:16:21.532358537 +0100 @@ -1,0 +2,11 @@ +Wed Jan 9 10:26:46 UTC 2019 - Petr Gajdos <[email protected]> + +- do not create sysconfig.d when already exists [bsc#1121086] + +------------------------------------------------------------------- +Sun Jan 6 15:14:43 UTC 2019 - Dirk Mueller <[email protected]> + +- use secure http sites by default in configs +- Switch to DEFAULT_SUSE Cipher suite + +------------------------------------------------------------------- @@ -1763 +1774 @@ -READ http://httpd.apache.org/docs/2.4/upgrading.html +READ https://httpd.apache.org/docs/2.4/upgrading.html @@ -1768 +1779 @@ - at http://httpd.apache.org/docs/2.4/new_features_2_4.html + at https://httpd.apache.org/docs/2.4/new_features_2_4.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2-default-server.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.156357258 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.156357258 +0100 @@ -17,7 +17,7 @@ # doesn't give it to you. # # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options + # https://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # NOTE: For directories where RewriteRule is used, FollowSymLinks # or SymLinksIfOwnerMatch needs to be set in Options directive. ++++++ apache2-httpd.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.208357217 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.212357214 +0100 @@ -3,7 +3,7 @@ # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information about +# See <URL:https://httpd.apache.org/docs/2.4/> for detailed information about # the directives. # Based upon the default apache configuration file that ships with apache, @@ -15,7 +15,7 @@ # configuration of your virtual hosts. # Quickstart guide: -# http://en.opensuse.org/SDB:Apache_installation +# https://en.opensuse.org/SDB:Apache_installation # Overview of include files, chronologically: @@ -218,7 +218,7 @@ # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.4/vhosts/> +# <URL:https://httpd.apache.org/docs/2.4/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host ++++++ apache2-listen.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.240357192 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.240357192 +0100 @@ -1,7 +1,7 @@ # Listen: Allows you to bind Apache to specific IP addresses and/or # ports. See also the <VirtualHost> directive. # -# http://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen +# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) ++++++ apache2-mod_autoindex-defaults.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.280357161 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.280357161 +0100 @@ -1,7 +1,7 @@ # # Directives controlling the display of server-generated directory listings. # -# see http://httpd.apache.org/docs/2.4/mod/mod_autoindex.html +# see https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html # <IfModule mod_autoindex.c> ++++++ apache2-mod_info.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.312357135 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.312357135 +0100 @@ -2,7 +2,7 @@ # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # -# see http://httpd.apache.org/docs/2.4/mod/mod_info.html +# see https://httpd.apache.org/docs/2.4/mod/mod_info.html # <IfModule mod_info.c> <Location /server-info> ++++++ apache2-mod_log_config.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.332357120 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.336357117 +0100 @@ -2,7 +2,7 @@ # The following directives define some format nicknames for use with # a CustomLog directive. # -# http://httpd.apache.org/docs/2.4/mod/mod_log_config.html +# https://httpd.apache.org/docs/2.4/mod/mod_log_config.html # # ++++++ apache2-mod_mime-defaults.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.356357100 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.356357100 +0100 @@ -2,7 +2,7 @@ # mod_mime configuration: # associate various bits of "meta information" with files by their filename extensions # -# see http://httpd.apache.org/docs/2.4/mod/mod_mime.html +# see https://httpd.apache.org/docs/2.4/mod/mod_mime.html # # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) @@ -152,7 +152,7 @@ # Guess the MIME type of a file by looking at a few bytes of its contents -# http://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html +# https://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html <IfModule mod_mime_magic.c> MIMEMagicFile /etc/apache2/magic </IfModule> ++++++ apache2-mod_status.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.384357078 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.388357076 +0100 @@ -2,7 +2,7 @@ # Allow server status reports generated by mod_status, # with the URL of http://servername/server-status # -# see http://httpd.apache.org/docs/2.4/mod/mod_status.html +# see https://httpd.apache.org/docs/2.4/mod/mod_status.html # <IfModule mod_status.c> <Location /server-status> ++++++ apache2-server-tuning.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.448357029 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.452357025 +0100 @@ -10,47 +10,47 @@ # prefork MPM <IfModule prefork.c> # number of server processes to start - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers StartServers 5 # minimum number of server processes which are kept spare - # http://httpd.apache.org/docs/2.4/mod/prefork.html#minspareservers + # https://httpd.apache.org/docs/2.4/mod/prefork.html#minspareservers MinSpareServers 5 # maximum number of server processes which are kept spare - # http://httpd.apache.org/docs/2.4/mod/prefork.html#maxspareservers + # https://httpd.apache.org/docs/2.4/mod/prefork.html#maxspareservers MaxSpareServers 10 # highest possible MaxRequestWorkers setting for the lifetime of the Apache process. - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit ServerLimit 150 # maximum number of server processes allowed to start (formerly MaxClients) - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers MaxRequestWorkers 150 # maximum number of requests a server process serves - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild MaxRequestsPerChild 10000 </IfModule> # worker MPM <IfModule worker.c> # initial number of server processes to start - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers StartServers 3 # minimum number of worker threads which are kept spare - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads MinSpareThreads 25 # maximum number of worker threads which are kept spare - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads MaxSpareThreads 75 # upper limit on the configurable number of threads per child process - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit ThreadLimit 64 # maximum number of simultaneous client connections (formerly MaxClients) - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers MaxRequestWorkers 150 # number of worker threads created by each child process - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild ThreadsPerChild 25 # maximum number of requests a server process serves - # http://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild + # https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestsperchild MaxRequestsPerChild 10000 </IfModule> @@ -86,7 +86,7 @@ # The default is on; turn this off if you serve from NFS-mounted # filesystems. On some systems, turning it off (regardless of # filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.4/mod/core.html#enablemmap +# https://httpd.apache.org/docs/2.4/mod/core.html#enablemmap # #EnableMMAP off @@ -95,7 +95,7 @@ # used to deliver files (assuming that the OS supports it). # The default is on; turn this off if you serve from NFS-mounted # filesystems. Please see -# http://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile +# https://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile # EnableSendfile on ++++++ apache2-ssl-global.conf ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.476357006 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.476357006 +0100 @@ -7,7 +7,7 @@ # These are the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> +# directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure @@ -93,7 +93,9 @@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + # The magic string "DEFAULT_SUSE" expands to an openssl defined + # secure list of default ciphers. + SSLCipherSuite DEFAULT_SUSE # SSLHonorCipherOrder # If SSLHonorCipherOrder is disabled, then the client's preferences ++++++ start_apache2 ++++++ --- /var/tmp/diff_new_pack.RxWsXp/_old 2019-01-15 13:16:23.676356849 +0100 +++ /var/tmp/diff_new_pack.RxWsXp/_new 2019-01-15 13:16:23.680356846 +0100 @@ -85,7 +85,7 @@ # # involve the sysconfig variables # -mkdir -p ${sysconfd_dir} || exit 1 +[ -d ${sysconfd_dir} ] || mkdir -p ${sysconfd_dir} || exit 1 for c in global.conf include.conf loadmodule.conf; do echo "# File generated from $SYSCONFIG_FILE, do not edit. Edit the sysconfig file instead." > ${sysconfd_dir}/$c done
