Hello community, here is the log from the commit of package apache-rex for openSUSE:Factory checked in at 2019-09-17 13:36:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-rex (Old) and /work/SRC/openSUSE:Factory/.apache-rex.new.7948 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-rex" Tue Sep 17 13:36:36 2019 rev:14 rq:730662 version:20190906 Changes: -------- --- /work/SRC/openSUSE:Factory/apache-rex/apache-rex.changes 2019-07-01 10:43:37.461403954 +0200 +++ /work/SRC/openSUSE:Factory/.apache-rex.new.7948/apache-rex.changes 2019-09-17 13:36:37.533850355 +0200 @@ -1,0 +2,15 @@ +Fri Sep 6 09:47:56 UTC 2019 - Petr Gajdos <pgaj...@suse.com> + +- version update to 20191006 + * mod_ssl-basic: show SSL protocol used by default + +------------------------------------------------------------------- +Wed Sep 4 11:22:16 UTC 2019 - pgaj...@suse.com + +- version update to 20191005 + * extended core-ranges-basic + * fix openssl_ocsp_responder_stop() + * more generic ssl error checking + * mysql_install_db --force required by older distros + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-rex.spec ++++++ --- /var/tmp/diff_new_pack.kAwLR1/_old 2019-09-17 13:36:38.329850228 +0200 +++ /var/tmp/diff_new_pack.kAwLR1/_new 2019-09-17 13:36:38.329850228 +0200 @@ -25,7 +25,7 @@ %define macros_file macros.apache-rex Name: apache-rex -Version: 20190628 +Version: 20190906 Release: 0 Summary: Script for Apache HTTPD Runnable Examples License: Apache-2.0 ++++++ apache-rex.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/.gitignore new/apache-rex/.gitignore --- old/apache-rex/.gitignore 2019-06-28 13:14:21.329924585 +0200 +++ new/apache-rex/.gitignore 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -*.swp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ranges-basic/DESCRIPTION new/apache-rex/core-ranges-basic/DESCRIPTION --- old/apache-rex/core-ranges-basic/DESCRIPTION 2019-06-28 13:14:21.329924585 +0200 +++ new/apache-rex/core-ranges-basic/DESCRIPTION 2019-09-06 11:45:01.111616344 +0200 @@ -1 +1 @@ -Demonstrate basic VirtualHost functionality. +Show Range: header usage. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ranges-basic/MODULES new/apache-rex/core-ranges-basic/MODULES --- old/apache-rex/core-ranges-basic/MODULES 2019-06-28 13:14:21.329924585 +0200 +++ new/apache-rex/core-ranges-basic/MODULES 2019-09-06 11:45:01.111616344 +0200 @@ -0,0 +1 @@ +setenvif version diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ranges-basic/example.conf.in new/apache-rex/core-ranges-basic/example.conf.in --- old/apache-rex/core-ranges-basic/example.conf.in 2019-06-28 13:14:21.329924585 +0200 +++ new/apache-rex/core-ranges-basic/example.conf.in 2019-09-06 11:45:01.111616344 +0200 @@ -6,3 +6,19 @@ MaxRanges none </Directory> +MaxRanges 1 +SetEnvIf Range "-$" unlimited_ranges +<Directory "@AREX_DOCUMENT_ROOT@/no-unlimited-ranges/"> + <IfVersion < 2.3.0> + Order Allow,Deny + Allow from all + Deny from env=unlimited_ranges + </IfVersion> + <IfVersion >= 2.3.0> + <RequireAll> + Require all granted + Require not env unlimited_ranges + </RequireAll> + </IfVersion> +</Directory> + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/core-ranges-basic/run.sh new/apache-rex/core-ranges-basic/run.sh --- old/apache-rex/core-ranges-basic/run.sh 2019-06-28 13:14:21.329924585 +0200 +++ new/apache-rex/core-ranges-basic/run.sh 2019-09-06 11:45:00.699613871 +0200 @@ -2,10 +2,12 @@ msg='Today, there will be raining whole day.' note='Otherwise the weather will be different.' -error='416 Requested Range Not Satisfiable' +error_416='416 Requested Range Not Satisfiable' echo $msg > $AREX_DOCUMENT_ROOT/weather-data.bufr mkdir -p $AREX_DOCUMENT_ROOT/no-ranges/ echo "$note" > $AREX_DOCUMENT_ROOT/no-ranges/note.txt +mkdir -p $AREX_DOCUMENT_ROOT/no-unlimited-ranges/ +echo "$msg $note" > $AREX_DOCUMENT_ROOT/no-unlimited-ranges/data.txt echo "[1] get document in 10-byte chunks" lbound=0 @@ -23,7 +25,7 @@ curl -s -r '5-15' http://localhost:$AREX_PORT/no-ranges/note.txt | grep "$note" || exit_code=2 echo "[3] the range not found as the document is shorter than lower bound" -curl -s -r '50-100' http://localhost:$AREX_PORT/weather-data.bufr | grep "$error" || exit_code=3 +curl -s -r '50-100' http://localhost:$AREX_PORT/weather-data.bufr | grep "$error_416" || exit_code=3 echo "[4] as demonstrated in [1] already, 16-<outofbounds> and 16- have the same result" part= @@ -31,7 +33,7 @@ curl -s -r '18-' http://localhost:$AREX_PORT/weather-data.bufr | grep "${msg:18}" || exit_code=4 echo "[5] interestingly, we get 416 even if MaxRanges none" -curl -s -r '50-100' http://localhost:$AREX_PORT/no-ranges/note.txt | grep "$error" || exit_code=5 +curl -s -r '50-100' http://localhost:$AREX_PORT/no-ranges/note.txt | grep "$error_416" || exit_code=5 echo "[6] use 'continue' feature of curl" curl -s -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather-data.bufr @@ -40,18 +42,32 @@ curl -v -C - -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep '^> Range:' cat $AREX_RUN_DIR/weather-data.txt | grep 'snowing' || exit_code=6 # request repeated on unchanged file -curl -v -C - -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep "$error" +curl -v -C - -o $AREX_RUN_DIR/weather-data.txt http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep "$error_416" echo "[7] use 'continue' feature of wget" cd $AREX_RUN_DIR -# ensure weather-data.bufr does not exist (essential for the test) -rm -f weather-data.bufr +# ensure weather-data.bufr does not exist 'locally' (essential for the test) +[ -e weather-data.bufr ] && rm weather-data.bufr wget -q http://localhost:$AREX_PORT/weather-data.bufr +# we get whole file now, just display it cat weather-data.bufr echo 'Today, there will be windy whole day.' >> $AREX_DOCUMENT_ROOT/weather-data.bufr wget --debug -c http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep '^Range:' || exit_code=7 cat weather-data.bufr | grep 'windy' || exit_code=7 -wget --debug -c http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep "$error" || exit_code=7 +wget --debug -c http://localhost:$AREX_PORT/weather-data.bufr 2>&1 | grep "$error_416" || exit_code=7 + +echo "[8] forbid unlimited ranges" +# last ten chars, this is allowed +curl -s -r '-10' http://localhost:$AREX_PORT/no-unlimited-ranges/data.txt | grep 'ifferent.' || exit_code=8 +# unlimited forbidden +curl -s -r '10-' http://localhost:$AREX_PORT/no-unlimited-ranges/data.txt | grep '403 Forbidden' || exit_code=8 + +echo "[9] use HEAD request to make correct limited range header, when unlimited forbidden" +curl -s --head http://localhost:$AREX_PORT/no-unlimited-ranges/data.txt | tee headers.txt | grep 'Content-Length' +length=$(grep 'Content-Length' headers.txt | sed 's@.*: @@') +curl -s -r '10-81' http://localhost:$AREX_PORT/no-unlimited-ranges/data.txt | + grep 're will be raining whole day. Otherwise the weather will be different.' || exit_code=9 +curl -s -r '81-81' http://localhost:$AREX_PORT/no-unlimited-ranges/data.txt 2>&1 | grep "$error_416" || exit_code=9 exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/lib/openssl new/apache-rex/lib/openssl --- old/apache-rex/lib/openssl 2019-06-28 13:14:22.005928288 +0200 +++ new/apache-rex/lib/openssl 2019-09-06 11:45:03.311629554 +0200 @@ -189,6 +189,7 @@ # stop OCSP responder function openssl_ocsp_responder_stop() { + dir=$1 pid=$(cat $dir/ocsp-responder.pid) return $(kill_pid_port $pid $AREX_OCSP_PORT) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_authn_dbd-mysql/pre-run.sh new/apache-rex/mod_authn_dbd-mysql/pre-run.sh --- old/apache-rex/mod_authn_dbd-mysql/pre-run.sh 2019-06-28 13:14:21.333924608 +0200 +++ new/apache-rex/mod_authn_dbd-mysql/pre-run.sh 2019-09-06 11:45:01.139616512 +0200 @@ -22,7 +22,8 @@ EOF echo '>>> Initializing databases' -mysql_install_db --defaults-file=$mysql_dir/my.cnf +# --force is required by at least 10.0.38 on SLE 12 change root +mysql_install_db --defaults-file=$mysql_dir/my.cnf --force echo '>>> Invoking mysqld' mysqld --defaults-file=$mysql_dir/my.cnf& diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-basic/example.conf.in new/apache-rex/mod_ssl-basic/example.conf.in --- old/apache-rex/mod_ssl-basic/example.conf.in 2019-06-28 13:14:22.017928354 +0200 +++ new/apache-rex/mod_ssl-basic/example.conf.in 2019-09-06 11:45:03.427630251 +0200 @@ -18,8 +18,13 @@ SSLRandomSeed startup builtin SSLRandomSeed connect builtin -SSLProtocol all -SSLv2 -SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA +SSLProtocol all +<IfVersion >= 2.3.0> +SSLCipherSuite DEFAULT +</IfVersion> +<IfVersion < 2.3.0> +SSLCipherSuite ALL +</IfVersion> SSLHonorCipherOrder on CustomLog @AREX_RUN_DIR@/test-server_log ssl_combined diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-basic/run.sh new/apache-rex/mod_ssl-basic/run.sh --- old/apache-rex/mod_ssl-basic/run.sh 2019-06-28 13:14:22.017928354 +0200 +++ new/apache-rex/mod_ssl-basic/run.sh 2019-09-06 11:45:03.427630251 +0200 @@ -14,4 +14,8 @@ curl -v -s --cacert $AREX_RUN_DIR/ca/my.crt --resolve "test.suse.cz:$AREX_PORT:127.0.0.1" https://test.suse.cz:$AREX_PORT/ \ 2>&1 | grep 'does not match target host name' || exit_code=3 +echo "[4] show protocol used by default" +curl -v -s --cacert $AREX_RUN_DIR/ca/my.crt --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" https://aserver.suse.cz:$AREX_PORT/ \ + 2>&1 | grep 'TLS handshake' || exit_code=4 + exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-verify-client/run.sh new/apache-rex/mod_ssl-verify-client/run.sh --- old/apache-rex/mod_ssl-verify-client/run.sh 2019-06-28 13:14:22.025928398 +0200 +++ new/apache-rex/mod_ssl-verify-client/run.sh 2019-09-06 11:45:03.531630876 +0200 @@ -4,7 +4,7 @@ echo "[1] access for not authentificated client disallowed" curl --cacert $AREX_RUN_DIR/ca/my.crt --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" https://aserver.suse.cz:$AREX_PORT/ 2>&1 \ - | grep 'handshake failure' || exit_code=1 + | grep 'error.*SSL' || exit_code=1 echo "[2] client correctly verified" curl -s --cacert $AREX_RUN_DIR/ca/my.crt \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-verify-client-OCSP/run.sh new/apache-rex/mod_ssl-verify-client-OCSP/run.sh --- old/apache-rex/mod_ssl-verify-client-OCSP/run.sh 2019-06-28 13:14:22.033928441 +0200 +++ new/apache-rex/mod_ssl-verify-client-OCSP/run.sh 2019-09-06 11:45:03.679631764 +0200 @@ -21,14 +21,14 @@ curl --cacert $AREX_RUN_DIR/ca/my.crt \ --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" \ https://aserver.suse.cz:$AREX_PORT/ 2>&1 \ - | grep 'handshake failure' || exit_code=1 + | grep 'error.*SSL' || exit_code=1 echo "[2] client's certificate was revoked, connection refused" curl --cacert $AREX_RUN_DIR/ca/my.crt \ --cert $AREX_RUN_DIR/aclient.suse.cz/my.crt \ --key $AREX_RUN_DIR/aclient.suse.cz/private.key \ --resolve "aserver.suse.cz:$AREX_PORT:127.0.0.1" https://aserver.suse.cz:$AREX_PORT/ 2>&1 \ - | grep 'certificate revoked' || exit_code=2 + | grep 'error.*SSL' || exit_code=2 grep 'certificate revoked' $AREX_RUN_DIR/error_log || exit_code=2 echo "[3] client correctly verified" @@ -41,6 +41,6 @@ echo echo -n 'Stopping OCSP responder ... ' -openssl_ocsp_responder_stop && echo 'done.' || echo 'FAILED.' +openssl_ocsp_responder_stop $AREX_RUN_DIR && echo 'done.' || echo 'FAILED.' exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-verify-server-OCSP/run.sh new/apache-rex/mod_ssl-verify-server-OCSP/run.sh --- old/apache-rex/mod_ssl-verify-server-OCSP/run.sh 2019-06-28 13:14:21.341924651 +0200 +++ new/apache-rex/mod_ssl-verify-server-OCSP/run.sh 2019-09-06 11:45:01.191616824 +0200 @@ -34,7 +34,7 @@ echo Restarting OCSP responder echo ------------------------- echo -n 'Stopping OCSP responder ... ' -openssl_ocsp_responder_stop && echo 'done.' || echo 'FAILED.' +openssl_ocsp_responder_stop $AREX_RUN_DIR && echo 'done.' || echo 'FAILED.' echo -n 'Starting OCSP responder daemon .. ' openssl_ocsp_responder_start $AREX_RUN_DIR ocspr_pid=$(get_pid_port $AREX_OCSP_PORT) @@ -52,6 +52,6 @@ echo echo -n 'Stopping OCSP responder ... ' -openssl_ocsp_responder_stop && echo 'done.' || echo 'FAILED.' +openssl_ocsp_responder_stop $AREX_RUN_DIR && echo 'done.' || echo 'FAILED.' exit $exit_code diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apache-rex/mod_ssl-verify-server-OCSPStapling/run.sh new/apache-rex/mod_ssl-verify-server-OCSPStapling/run.sh --- old/apache-rex/mod_ssl-verify-server-OCSPStapling/run.sh 2019-06-28 13:14:21.341924651 +0200 +++ new/apache-rex/mod_ssl-verify-server-OCSPStapling/run.sh 2019-09-06 11:45:01.223617017 +0200 @@ -33,7 +33,7 @@ echo Restarting OCSP responder echo ------------------------- echo -n 'Stopping OCSP responder ... ' -openssl_ocsp_responder_stop && echo 'done.' || echo 'FAILED.' +openssl_ocsp_responder_stop $AREX_RUN_DIR && echo 'done.' || echo 'FAILED.' echo -n 'Starting OCSP responder daemon .. ' openssl_ocsp_responder_start $AREX_RUN_DIR ocspr_pid=$(get_pid_port $AREX_OCSP_PORT) @@ -56,6 +56,6 @@ grep 'response has certificate status revoked' $AREX_RUN_DIR/error_log || exit_code=2 echo echo -n 'Stopping OCSP responder ... ' -openssl_ocsp_responder_stop && echo 'done.' || echo 'FAILED.' +openssl_ocsp_responder_stop $AREX_RUN_DIR && echo 'done.' || echo 'FAILED.' exit $exit_code