apache2-doc-2.4.23-49.1<>,\[/=„Q.Hc0C8eԙ/خxp.o!i((Kp<1|±E 'vImZO6 #Mn/rU׸xg4CϿ)i i^;-1 u]YfNܡ kFGOeտd r&4喇k5K8=hE] (^'Y2$i ZO-$(O=v><?d  ; !'0bb |b $@b 5b b ,bٴbbb,Xh(89:)BFGbH"xbI4bX8dY8pZ8[8\8b]J$b^b5cd}eflubv$0wbxDbzCapache2-doc2.4.2349.1Additional Package DocumentationThis package contains optional documentation provided in addition to this package's base documentation.\[lamb23?@openSUSE Leap 42.3openSUSEApache-2.0http://bugs.opensuse.orgDocumentation/Otherhttp://httpd.apache.org/linuxnoarch0f,^:6:Q8+!9)I@DJCG6.Ia7qAO54843-k8xw}:{9y42|9/>~t"b{{;UE04{D5:2LnV\wAUAyyW9fhmD+;#?@$!y?;qB4xcOSj.21l4,0,4~8PsvcN^el+v}ojO2^yR]5 h(37X:+C7Mnse^lxWDy"1@4,C8>H k < X.  e=-+7;j   Lw9"U$ #J% $y% A"$#!bfbUnmNn513x47*4{>[sv|`L14P]M03E+iq0Ist2`j ؽjTEJ;N=Jͤk1̈́^eY'XgY_]}V/Y}WGqzyb52@4[90c'q[$E ?"#&P!<NU#@6DOVPA[FI<??B=_A25Y3+- 01)~J]QjsNl+/4HFN>25((*&"4m7,.3+  K#%X>$DBdOSH>:H*K>+]-E)I ON=@-/P0 * G<@8sTGLQF5$&($[#8&f(x)b]e pxe{cgX}W^MAt\D2%'5(&-/z+&.;J,*.*aB7EH;H?MZKA<EU9)|78cgM%&t-/}4'"(*%<;TD\Nm5 qܲ9<5;12]%dPU 213u .! |!8EFe')2i8H8!4c(*E(W$G)e;w>A,BEAT[NYv%_&{t/֧ j;zUJWaJG')n$)4"68;X(GN?}.1!e9=\ e!"U_]-05$&&&K:\.0638FzKgcj]TZUDX O!c#s%5;;@0;_v2!#T+ ,3(F/2;-%18q?DnCCB[V|=<?A?*4a+8U.)&p8,h0D>]HJb:BACE IQE%2(QDiuys_?VX ,h,!##w/ >jyuTy,~ZoHN0Ou,/f&q4^wLSE|VwK48G,:95\7C&kT~;Tp\Mxow!^g27m/3cG.0/m(0feaizgZiB^F%8'7+TTW#١Yb^/[ KDIM6OE:M5 3ujIB  :rC~-_|m[xgoof'LoHRNK`h*}Fce#%&)#!%H [#*va4k37",98wFKQJ[CSBtG\EEAA큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤A큤AA큤A큤\L\4\4\,MJAN`W@{,W%W.W@{,W@{,W@{,N`W%W.W@{,N`W@{,W%W.W@{,W@{,W@{,N`W%W.W@{,W@{,W@{,W@{,N`W%ȝW@{,W.W@{,W@{,W@{,\N`W%N`VRZVVN`W%N`W%ȝRZVVO W%N`W%W@{,N`W%N`W%ȝN`W%N`W%N`W%W.W@{,W@{,W@{,N`W%W.W@{,W@{,W@{,N`W%W.W@{,W@{,W@{,N`WCWJ\WR*WbҴWrXWR*WbҴWbҴN`W%W@{,W.VVW@{,Rq3W%W.N`VVW@{,VVVVRZW%W@{,W.W@{,W@{,W@{,W@{,\PԢFW%W.N`W%W.W@{,W@{,W@{,N`W%W.W@{,W@{,N`W%ȝW/=W@{,W@{,W@{,WrXWrXRZW Wj7VjVVN`WHWJW@{,W@{,W@{,VjJWHN`W%ȝW/=W@{,W@{,\AV͝V͝V͝OIOIOIC F#iHv'F#iAVVVF#iHv'AAAAF#iHv'ARAF#iAF#iAV͝OeOPetr Gajdos jcejka@suse.comPetr Gajdos pgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compsimons@suse.comkstreitova@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.comschwab@suse.dekstreitova@suse.compgajdos@suse.comkstreitova@suse.comi@marguerite.supgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comkstreitova@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgpgajdos@suse.compgajdos@suse.comhguo@suse.comkstreitova@suse.comkstreitova@suse.comkstreitova@suse.compgajdos@suse.compgajdos@suse.comdimstar@opensuse.orgjsegitz@novell.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comtchvatal@suse.comkstreitova@suse.compgajdos@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgbruno@ioda-net.chschwab@linux-m68k.orgpgajdos@suse.comkstreitova@suse.comkstreitova@suse.compgajdos@suse.comLed pgajdos@suse.comLed kstreitova@suse.comcrrodriguez@opensuse.orgLed pgajdos@suse.compgajdos@suse.compgajdos@suse.comkstreitova@suse.compgajdos@suse.comoholecek@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comcrrodriguez@opensuse.orgmc@suse.comlnussel@suse.decrrodriguez@opensuse.orgdraht@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgfreek@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgaj@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmeissner@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmlin@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgmhrusecky@suse.czcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgsaschpe@suse.demeissner@suse.commeissner@suse.comdimstar@opensuse.orgadrian@suse.depoeml@cmdline.netcoolo@suse.comdraht@suse.dechris@computersalat.demeissner@suse.decoolo@suse.comdraht@suse.dedraht@suse.defcrozat@suse.comfcrozat@suse.comdraht@suse.dedraht@suse.dedraht@suse.defcrozat@suse.comcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orglnussel@suse.dewerner@suse.delnussel@suse.depoeml@cmdline.netcristian.rodriguez@opensuse.orgpoeml@cmdline.netpoeml@cmdline.netlars@linux-schulserver.deaj@suse.depoeml@cmdline.netpoeml@cmdline.netcoolo@novell.comjengelh@medozas.depoeml@cmdline.netpoeml@cmdline.netpoeml@suse.depoeml@suse.dehvogel@suse.depoeml@suse.depoeml@suse.depoeml@suse.depoeml@suse.depoeml@suse.decrrodriguez@suse.depoeml@suse.de- security update - added patches CVE-2019-0220 [bsc#1131241] + apache2-CVE-2019-0220.patch CVE-2019-0217 [bsc#1131239] + apache2-CVE-2019-0217.patch CVE-2019-0211 [bsc#1131233] (thanks to Simotek) + apache2-CVE-2019-0211.patch CVE-2019-0197 [bsc#1131245], CVE-2019-0196 [bsc#1131237] + apache2-mod_http2-1.14.1.patch CVE-2019-0211 [bsc#1131233] * apache2-CVE-2019-0211.patch- added patches fix https://github.com/icing/mod_h2/issues/167 [bsc#1125965] + apache2-mod_http2-issue-167.patch- security update * CVE-2018-17189 [bsc#1122838] + apache2-mod_http2-1.11.4.patch * CVE-2018-17199 [bsc#1122839] + apache2-CVE-2018-17199.patch- do not create sysconfig.d when already exists [bsc#1121086]- Fix for SG#52358, bsc#1108989: * ap_reclaim_child_processes-Implement-terminate-immed.patch: Fix full scoreboard error.- security update: * CVE-2018-11763 [bsc#1109961] + apache2-mod_http2-1.11.0.patch- security update: * CVE-2018-1333 [bsc#1101689] + apache2-CVE-2018-1333.patch- security update: * CVE-2018-1283 [bsc#1086814] + apache2-CVE-2018-1283.patch * CVE-2018-1301 [bsc#1086817] + apache2-CVE-2018-1301.patch * CVE-2018-1303 [bsc#1086813] + apache2-CVE-2018-1303.patch * CVE-2017-15715 [bsc#1086774] + apache2-CVE-2017-15715.patch * CVE-2018-1312 [bsc#1086775] + apache2-CVE-2018-1312.patch * CVE-2017-15710 [bsc#1086776] + apache2-CVE-2017-15710.patch * CVE-2018-1302 [bsc#1086820] + apache2-CVE-2018-1302.patch- update mod_http2 to 1.10.12 (from apache 2.4.29) fixes: CVE-2017-9789 [bsc#1048575], CVE-2017-7659 [bsc#1045160] + apache2-mod_http2-1.10.12.patch- gensslcert: fall back to 'localhost' as hostname [bsc#1057406]- full path to a2{en,dis}mod in apache-22-24-upgrade [bsc#1042037]- security update * CVE-2017-9798 [bsc#1058058] + apache2-CVE-2017-9798.patch- start_apache2: include individual sysconfig.d files instead of sysconfig.d dir, include sysconfig.d/include.conf after httpd.conf is processed [bsc#1023616], [bsc#1043055]- security update * CVE-2017-9788 [bsc#1048576] + apache2-CVE-2017-9788.patch- security update * CVE-2017-7679 [bsc#1045060] + apache2-CVE-2017-7679.patch * CVE-2017-3169 [bsc#1045062] + apache2-CVE-2017-3169.patch * CVE-2017-3167 [bsc#1045065] + apache2-CVE-2017-3167.patch- remove /usr/bin/http2 symlink only during apache2 package uninstall, not upgrade [bsc#1041830]- gensslcert: use hostname when fqdn is too long [bsc#1035829]- security update * CVE-2016-8743 [bsc#1016715], CVE-2016-4975 [bsc#1104826] + apache2-CVE-2016-8743.patch + apache2-CVE-2016-8743-1.patch + apache2-CVE-2016-8743-2.patch * CVE-2016-0736 [bsc#1016712] + apache2-CVE-2016-0736.patch * CVE-2016-2161 [bsc#1016714] + apache2-CVE-2016-2161.patch - add missing copy of hcuri and hcexpr ftom the worker to the health check worker [bsc#1019380]- security update: CVE-2016-8740 [bsc#1013648] * apache2-CVE-2016-8740.patch- add NotifyAccess=all to service files [bsc#980663]- readd the support of multiple entries in APACHE_ACCESS_LOG [bsc#991032]- Add apache2-cve-2016-5387.patch to fix CVE-2016-5387. Prior to this patch, Apache would translate every header "Foo: ..." received in the HTTP request into an environment variable called $HTTP_FOO="...". While useful in general, this feature could be abused by sending specially crafted "Proxy" headers, which would result in server code running in an environment where $HTTP_PROXY points to an arbitrary, potentially hostile location. This update modifies Apache to ignore the non-standard "Proxy" header entirely so that HTTP_PROXY is never set by the server. [bnc#988488]- update to 2.4.23 to fix CVE-2016-4979 [bsc#987365] - mod_proxy_fdpass needs explicit configure line now - mod_proxy_hcheck was missing due to upstream bug - removed note about ulimits in sysconfig file [bsc#976711] - enable authnz_fcgi module- remove Alias= from [Install] of the template service [bsc#981541c#10]- updated to 2.4.20 to fix CVE-2016-1546 [bsc#980370] - removed httpd-2.4.18-missing-semicolon.patch (upstreamed) - removed httpd-2.4.17-debug-crash.patch (httpd -X does not crash anymore)- start apache services after remote-fs [bsc#978543]- backport of HttpContentLengthHeadZero and HttpExpectStrict + httpd-2.4.x-fate317766-config-control-two-protocol-options.diff (needed to be refreshed against 2.4.18)- fix build for SLE_11_SP4: + httpd-2.4.18-missing-semicolon.patch- Update to version 2.4.18 * drop 2.4.17-protocols.patch in upstream. - Change list too long to mention here see: http://www.apache.org/dist/httpd/CHANGES_2.4.18 for details.- systemd: Set TasksMax=infinity for current systemd releases. The default limit of 512 is too small and prevents the creation of new server processes. Apache has its own runtime/harcoded limits.- fix crash when for -X + httpd-2.4.17-debug-crash.patch- add a note: FollowSymLinks or SymLinksIfOwnerMatch is neccessary for RewriteRule in given dir [bnc#955701]- restart apache once after the rpm or zypper transaction [bnc#893659] - drop some old compat code from %post- 2.4.17-protocols.patch from upstream http2 module: * master conn_rec* addition to conn_rec * improved ALPN and Upgrade handling * allowing requests for servers whose TLS configuration is compatible to the SNI server ones * disabling TLS renegotiation for slave connections- LogLevel directive into correct config file, thanks Michael Calmer for the fix [bsc#953329]- do not build mod_http2 for older distros than 13.2 for now (nghttp2 does not build there)- Include directives really into /etc/apache2/sysconfig.d/include.conf, fix from Erik Wegner [bsc#951901]- gensslcert: CN now defaults to `hostname -f` [bnc#949766] (internal), fix help [bnc#949771] (internal)- Update to 2.4.17 - Enable mod_http2/ BuildRequire nghttp2 - MPMs: Support SO_REUSEPORT to create multiple duplicated listener records for scalability - mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3 - For more changes see: http://www.apache.org/dist/httpd/CHANGES_2.4.17- start_apache2: reintroduce sysconfig.d, include it on command line (not in httpd.conf) instead of individual directives [bnc#949434] (internal), [bnc#941331]- Fixup libdir in installed files- fix Logjam vulnerability: change SSLCipherSuite cipherstring to disable export cipher suites and deploy Ephemeral Elliptic-Curve Diffie-Hellman (ECDHE) ciphers. Adjust 'gensslcert' script to generate a strong and unique Diffie Hellman Group and append it to the server certificate file [bnc#931723], [CVE-2015-4000]- add reference upstream bug#58188 along httpd-2.4.12-lua-5.2.patch- update to 2.4.16 * changes http://www.apache.org/dist/httpd/CHANGES_2.4.16 * remove the following patches (fixed in 2.4.16) * httpd-2.4.x-mod_lua_websocket_DoS.patch * httpd-2.4.12-CVE-2015-0253.patch * update httpd-2.4.12-lua-5.2.patch- add patch: httpd-2.4.12-lua-5.2.patch * lua_dump introduced a new strip option in 5.3, set it to 0 to get the old behavior * luaL_register was deprecated in 5.2, use luaL_setfuncs and luaL_newlib instead * luaL_optint was deprecated in 5.3, use luaL_optinteger instead * lua_strlen and lua_objlen wad deprecated in 5.2, use lua_rawlen instead- change Provides: from suse_maintenance_mmn = # to suse_maintenance_mmn_#- apache2 Suggests:, not Recommends: apache2-prefork; that means for example, that `zypper in apache2-worker` will not pull apache2-prefork also - installing /usr/sbin/httpd link: * do not try to install it in '%post ' when apache2 (which includes /usr/share/apache2/script-helpers) is not installed yet (fixes installation on 11sp3) * install it in '%post' if apache2 is installed after apache2- to be sure it is there- access_compat shared also for 11sp3- apache2-implicit-pointer-decl.patch renamed to httpd-implicit-pointer-decl.patch to align with other patches names- apachectl is now wrapper to start_apache2; therefore, it honors HTTPD_INSTANCE variable, see README-instances.txt for details + httpd-apachectl.patch - httpd-2.4.10-apachectl.patch- a2enmod/a2dismod and a2enflag/a2disflag now respect HTTPD_INSTANCE= environment variable, which can be used to specify apache instance name; sysconfig file is expected at /etc/sysconfig/apache2@ (see README-instances.txt for details)- provides suse_maintenance_mmn symbol [bnc#915666] (internal)- credits to Roman Drahtmueller: * add reference to /etc/permissions.local to output of %post if setting the permissions of suexec2 fails * do not enable mod_php5 by default any longer * httpd-2.0.49-log_server_status.dif obsoleted * apache2-mod_ssl_npn.patch removed because not used * include mod_reqtimeout.conf in httpd.conf * added cgid-timeout.conf, include it in httpd.conf - fix default value APACHE_MODULES in sysconfig file - %service_* macros for apache2@.service- reenable 690734.patch, it should be upstreamed by the author (Adrian Schroeter) though + httpd-2.4.9-bnc690734.patch - httpd-2.2.x-bnc690734.patch- drop startssl from start_apache2- allow to run multiple instances of Apache on one system [fate#317786] (internal) * distributed httpd.conf no longer includes sysconfig.d, nor this directory is shipped. httpd.conf includes loadmodule.conf and global.conf which are former sysconfig.d/loadmodule.conf and sysconfig.d/global.conf for default /etc/sysconfig/apache2 global.conf and loadmodule.conf are not included when sysconfig variables could have been read by start_apache2 startup script (run with systemd services). Therefore, when starting server via /usr/sbin/httpd, sysconfig variables are not taken into account. * some not-maintained scripts are moved from /usr/share/apache2 to /usr/share/apache2/deprecated-scripts * all modules comment in sysconfig file is not generated anymore * added README-instances.txt * removed Sources: load_configuration find_mpm get_module_list get_includes find_httpd_includes apache-find-directives * added Sources: deprecated-scripts.tar.xz apache2-README-instances.txt apache2-loadmodule.conf apache2-global.conf apache2-find-directives apache2@.service apache2-script-helpers- add SSLHonorCipherOrder directive to apache2-ssl-global.conf - adopt SSLCipherSuite directive value from SLE12 - remove default-vhost-ssl.conf and default-vhost.conf from /etc/apache2. These two files are not (!) read by the configuration framework, but are named *.conf, which is misleading. The files are almost identical with the vhost templates in /etc/apache2/vhosts.d/. The two templates there do it right because they are not named *.conf and are not sourced either. apache's response with no explicit (eg. default, vanilla) configuration is contained in /etc/apache2/default-server.conf. * remove apache2-README.default-vhost as there are no default-vhost* files anymore.- apache2.service: We have to use KillMode=mixed for the graceful stop, restart to work properly.- dropped 2.0 -> 2.2 modules transition during upgrade * apache-20-22-upgrade renamed to apache-22-24-upgrade - apache-*-upgrade script is called in %posttrans now [bnc#927223]- fix find_mpm to echo mpm binary- apache2.service: Only order us after network.target and nss-lookup.target but not pull the units in. - apache2.service: SSL requires correct system time to work properly, order after time-sync.target- align filenames with upstream names (and add compat symlinks) - find_httpd2_includes renamed to find_httpd_includes- access_compat now built as shared and disabled by default - amend config to use also old syntax when access_compat is loaded - added apache2-README-access_compat.txt - added apache-find-directive script - see [bnc#896083] and its duplicates- add httpd-2.4.12-CVE-2015-0253.patch to fix SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531. [Yann Ylavic]- simplify apache2.logrotate, use sharedscripts [bnc#713581]- remove curly brackets around format sequence "%y" in `stat --format="%{y}" %{SOURCE1}` that caused an incorrect evaluation. Add escaping to proper spec-cleaner processing in the future- remove 'exit 0' from the %post section in the specfile that was placed here incorrectly and caused that the rest of the %post section couldn't be executed.- /etc/init.d/apache2 reload -> systemctl reload apache2.service in apache2.logrotate [bnc#926523]- authz_default -> authz_core in sysconfig.apache2/APACHE_MODULES [bnc#922236]- Add Requires(post) apache2 to the subpackage -worker, -event and - prefork: their respective post scriptlets execute /usr/share/apache2/get_module_list, which is shipped as part of the main package. This script has the side-effect to call find_mpm, which in turn creates the corresponding /usr/sbin/httpd2 symlink.- Patched get_module_list to ensure proper SELinux context for sysconfig.d/loadmodule.conf- Pname -> name variable reduction - Try to fix sle11 build- Version bumpt o 2.4.12: * ) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for internationalization. [William Rowe] * ) mpm_winnt: Normalize the error and status messages emitted by service.c, the service control interface for Windows. [William Rowe] * ) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824. [ olli hauer , Yann Ylavic ]- Exit cleanly on end of the post and cleanup the update detection - Remove Apache.xpm as it ain't used- Cleanup init/unit decision making and provide just systemd service on systemd systems- Deprecate realver define as it is equal to version. - Explicitely state MPM mods to ensure we don't lose some bnc#444878- Pass over spec-cleaner, there should be no actual technical change in this just reduction of lines in the spec- add httpd-2.4.x-mod_lua_websocket_DoS.patch to fix mod_lua bug where a maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash [CVE-2015-0228], [bnc#918352].- httpd2.pid in rc.apache2 was wrong [bnc#898193]- httpd-2.4.3-mod_systemd.patch find libsystemd-daemon with pkg-config, this is the only correct way, in current versions sd_notify is in libsystemd and in old products in libsystemd-daemon.- remove obsolete patches * httpd-2.4.10-check_null_pointer_dereference.patch * httpd-event-deadlock.patch * httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch * httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch- Apache 2.4.11 * ) SECURITY: CVE-2014-3583 (cve.mitre.org) mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. [Yann Ylavic, Jeff Trawick] * ) SECURITY: CVE-2014-3581 (cve.mitre.org) mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924. [Mark Montague , Jan Kaluza] * ) SECURITY: CVE-2014-8109 (cve.mitre.org) mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204 [Edward Lu ] * ) SECURITY: CVE-2013-5704 (cve.mitre.org) core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] * ) mod_ssl: New directive SSLSessionTickets (On|Off). The directive controls the use of TLS session tickets (RFC 5077), default value is "On" (unchanged behavior). Session ticket creation uses a random key created during web server startup and recreated during restarts. No other key recreation mechanism is available currently. Therefore using session tickets without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy. [Rainer Jung] * ) mod_proxy_fcgi: Provide some basic alternate options for specifying how PATH_INFO is passed to FastCGI backends by adding significance to the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener] * ) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule to opt-in to connection reuse and other Proxy options via explicitly declared "proxy workers" (] * ) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME passed to fastcgi backends. [Eric Covener] * ) core: Configuration files with long lines and continuation characters are not read properly. PR 55910. [Manuel Mausz ] * ) mod_include: the 'env' function was incorrectly handled as 'getenv' if the leading 'e' was written in upper case in statements. [Christophe Jaillet] * ) split-logfile: Fix perl error: 'Can't use string ("example.org:80") as a symbol ref while "strict refs"'. PR 56329. [Holger Mauermann ] * ) mod_proxy: Prevent ProxyPassReverse from doing a substitution when the URL parameter interpolates to an empty string. PR 56603. [] * ) core: Fix -D[efined] or [d] variables lifetime accross restarts. PR 57328. [Armin Abfalterer , Yann Ylavic]. * ) mod_proxy: Preserve original request headers even if they differ from the ones to be forwarded to the backend. PR 45387. [Yann Ylavic] * ) mod_ssl: dump SSL IO/state for the write side of the connection(s), like reads (level TRACE4). [Yann Ylavic] * ) mod_proxy_fcgi: Ignore body data from backend for 304 responses. PR 57198. [Jan Kaluza] * ) mod_ssl: Do not crash when looking up SSL related variables during expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem] * ) mod_proxy_ajp: Fix handling of the default port (8009) in the ProxyPass and configurations. PR 57259. [Yann Ylavic] * ) mpm_event: Avoid a possible use after free when notifying the end of connection during lingering close. PR 57268. [Eric Covener, Yann Ylavic] * ) mod_ssl: Fix recognition of OCSP stapling responses that are encoded improperly or too large. [Jeff Trawick] * ) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers. [Jeff Trawick] * ) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error when parsing or forwarding the response fails. [Yann Ylavic] * ) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e PR 53435 [tadanori , Sebastian Wiedenroth ] * ) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read determine whether it is a normal close or a real error. PR 57168. [Yann Ylavic] * ) mod_proxy_wstunnel: abort backend connection on polling error to avoid further processing. [Yann Ylavic] * ) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu ] * ) mod_proxy_connect: Fix ProxyRemote to https:// backends on EBCDIC systems. PR 57092 [Edward Lu ] * ) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752 CacheLock error occurs during cache revalidation. [Eric Covener] * ) mod_ssl: Move OCSP stapling information from a per-certificate store to a per-server hash. PR 54357, PR 56919. [Alex Bligh , Yann Ylavic, Kaspar Brand] * ) mod_cache_socache: Change average object size hint from 32 bytes to 2048 bytes. [Rainer Jung] * ) mod_cache_socache: Add cache status to server-status. [Rainer Jung] * ) event: Fix worker-listener deadlock in graceful restart. PR 56960. * ) Concat strings at compile time when possible. PR 53741. * ) mod_substitute: Restrict configuration in .htaccess to FileInfo as documented. [Rainer Jung] * ) mod_substitute: Make maximum line length configurable. [Rainer Jung] * ) mod_substitute: Fix line length limitation in case of regexp plus flatten. [Rainer Jung] * ) mod_proxy: Truncated character worker names are no longer fatal errors. PR53218. [Jim Jagielski] * ) mod_dav: Set r->status_line in dav_error_response. PR 55426. * ) mod_proxy_http, mod_cache: Avoid (unlikely) accesses to freed memory. [Yann Ylavic, Christophe Jaillet] * ) http_protocol: fix logic in ap_method_list_(add|remove) in order: - to correctly reset bits - not to modify the 'method_mask' bitfield unnecessarily [Christophe Jaillet] * ) mod_slotmem_shm: Increase log level for some originally debug messages. [Jim Jagielski] * ) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with the wrong credentials when a backend connection is reused. [Eric Covener] * ) mod_macro: Add missing APLOGNO for some Warning log messages. [Christophe Jaillet] * ) mod_cache: Avoid sending 304 responses during failed revalidations PR56881. [Eric Covener] * ) mod_status: Honor client IP address using mod_remoteip. PR 55886. [Jim Jagielski] * ) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12 and later. PR 56615. [Chuck Liu , Jeff Trawick] * ) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade failed) messages from ERROR to TRACE1. Other filters do not bother re-reporting failures from lower level filters. PR56832. [Eric Covener] * ) core: Avoid useless warning message when parsing a section guarded by if $(foo) is used within the section. PR 56503 [Christophe Jaillet] * ) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the application. PR 56858. [Manuel Mausz ] * ) mod_proxy_http: Proxy responses with error status and "ProxyErrorOverride On" hang until proxy timeout. PR53420 [Rainer Jung] * ) mod_log_config: Allow three character log formats to be registered. For backwards compatibility, the first character of a three-character format must be the '^' (caret) character. [Eric Covener] * ) mod_lua: Don't quote Expires and Path values. PR 56734. [Keith Mashinter, ] * ) mod_authz_core: Allow 'es to be seen from auth stanzas under virtual hosts. PR 56870. [Eric Covener]- Redone lost patch to fix boo#859439 + service reload can cause log data to be lost with logrotate under some circumstances: remove "-t" from service reload. [bnc#859439]- Fix URL syntax in various files- fix IfModule directive around SSLSessionCache [bnc#842377c#11]- added httpd-2.4.x-bnc871310-CVE-2013-5704-mod_headers_chunked_requests.patch to fix flaw in the way mod_headers handled chunked requests. Adds "MergeTrailers" directive to restore legacy behavior [bnc#871310], [CVE-2013-5704].- added httpd-2.4.x-bnc909715-CVE-2014-8109-mod_lua_handling_of_Require_line.patch that fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments [bnc#909715], [CVE-2014-8109].- fixed start at boot for ssl and encrypted key [bnc#792309]- fix shebang in start_apache2 script that contains bash-specific constructions- small improvement of ssl instructions [bnc#891813]- fix bashisms in post scripts- added httpd-2.4.10-check_null_pointer_dereference.patch to avoid a crash when Content-Type has an empty value [bnc#899836], CVE-2014-3581- httpd-event-deadlock.patch: Fix worker-listener deadlock in graceful restart.- httpd-2.1.9-apachectl.dif renamed to httpd-2.4.10-apachectl.patch and updated (fixed bashism).- drop (turned off) itk mpm spec file code as mpm-itk is now provided as a separate module, not via patch (see http://mpm-itk.sesse.net/ and [bnc#851229])- enable mod_imagemap [bnc#866366]- fixed link to Apache quickstart [bnc#624681], [bnc#789806]- the following unused patches were removed from the package: * apache2-mod_ssl_npn.patch * httpd-2.0.49-log_server_status.dif- 700 permissions for /usr/sbin/apache2-systemd-ask-pass and /usr/sbin/start_apache2 [bnc#851627]- allow only TCP ports in Yast2 firewall files- more 2.2 -> 2.4 [bnc#862058]- ServerSignature=Off and ServerTokens=Prod by request from security team [bnc#716495]- fix documentation links 2.2 -> 2.4 [bnc#888163] (internal)- Update package Summary and Description. - version 2.4.10 * SECURITY: CVE-2014-0117 (cve.mitre.org) * SECURITY: CVE-2014-3523 (cve.mitre.org) * SECURITY: CVE-2014-0226 (cve.mitre.org) * SECURITY: CVE-2014-0118 (cve.mitre.org) * SECURITY: CVE-2014-0231 (cve.mitre.org) * Multiple bugfixes to mod_ssl, mod_cache, mod_deflate, mod_lua * mod_proxy_fcgi supports unix sockets.- provide httpd.service as alias for apache2.service for compatibility reasons (bnc#888093)- move most ssl options to ssl-global.conf. There is usually no need for every vhost to re-define the ciphers for example (bnc#865582). Drop some commented entries that only lead to confusion.- version 2.4.9 * SECURITY: CVE-2014-0098 * SECURITY: CVE-2013-6438 * multiple bugfixes and improvements to mod_ssl, mod_lua, mod_session and core, see CHANGES for details.- /etc/sysconfig/apache2: add socache_shmcb to the list of modules that are enabled. /etc/apache2/ssl-global.conf: make SSLSessionCache shmcb... conditional on IfModule socache_shmcb. The same applies to SSLSessionCache dmb:* via module socache_dbm in commented section of same file. [bnc#864185] - /etc/sysconfig/apache2: remove reference to non-existing script /usr/share/doc/packages/apache2/certificate.sh, which was only a wrapper to mkcert.sh anyways. [bnc#864185]- update to apache 2.4.7, important changes: * This release requires both apr and apr-util 1.5.x series and therefore will no longer build in older released products * mod_ssl: Improve handling of ephemeral DH and ECDH keys (obsoletes httpd-mod_ssl_ephemeralkeyhandling.patch) * event MPM: Fix possible crashes * mod_deflate: Improve error detection * core: Add open_htaccess hook in conjunction with dirwalk_stat. * mod_rewrite: Make rewrite websocket-aware to allow proxying. * mod_ssl: drop support for export-grade ciphers with ephemeral RSA keys, and unconditionally disable aNULL, eNULL and EXP ciphers (not overridable via SSLCipherSuite) * core, mod_ssl: Enable the ability for a module to reverse the sense of a poll event from a read to a write or vice versa (obsoletes httpd-event-ssl.patch) * see CHANGES for more details- httpd-mod_ssl_ephemeralkeyhandling.patch obsoletes mod_ssl-2.4.x-ekh.diff this new patch is the final form of the rework, merged for 2.4.7.- Removed obsolete directive DefaultType - Changed all access control to new Require directive- reenable mod_ssl-2.4.x-ekh.diff- Correct build in old distros.- disable (revert) mod_ssl changes in the previous commit so it does not end in factory or 13.1 yet.- make mod_systemd static so scenarios described in [bnc#846897] do not happen again.- mod_ssl: improve ephemeral key handling in particular, support DH params with more than 1024 bits, and allow custom configuration. This patch adjust DH parameters according to the relevant RFC recommendations and permanently disables the usage of "export" and "NULL" ciphers no matter what the user configuration is (mod_ssl-2.4.x-ekh.diff, to be in 2.4.7)- fix [bnc#846897] problems building kiwi images due to systemd not being running in chroot. (submit to 13.1 ASAP)- Fix SUSE spelling.- Also fix subtle non-obvious systemd unit confusion we really mean -DFOREGROUND not -DNO_DETACH the latter only inhibits the parent from forking, not quite the same as running in well.. the foreground as required.- Ensure we only use /run and not /var/run- Really use %requires_ge for libapr1 and libapr-util1 mentioned but not implemented in the previous commit.- Use %requires_ge for libapr1 and libapr-util1 - apache2-default-server.conf: Need to use IncludeOptional - apache-20-22-upgrade: also load authz_core - httpd-visibility.patch: Use compiler symbol visibility.- Make the default keysize in the sample gensslcerts 2048 bits to match government recommendations.- Enable mod_proxy_html, mod_xml2enc and mod_lua (missed BuildRequires)- provide and obsolete mod_macro - upgrade: some people complain that log_config module is not enabled by default sometimes, fix that. - upgrade : "SSLMutex" no longer exists. - Toogle EnableSendfile on because now apache defaults to off due to kernel bugs. that's a silly thing to do here as kernel bugs have to be fixed at their source, not worked around in applications.- httpd-event-ssl.patch: from upstream Lift the restriction that prevents mod_ssl taking full advantage of the event MPM.- Update to version 2.4.6 * SECURITY: CVE-2013-1896 (cve.mitre.org) * SECURITY: CVE-2013-2249 (cve.mitre.org) * Major updates to mod_lua * Support for proxying websocket requests * Higher performant shm-based cache implementation * Addition of mod_macro for easier configuration management * As well as several exciting fixes, especially those related to RFC edge cases in mod_cache and mod_proxy. - IMPORTANT : With the current packaging scheme, we can no longer Include the ITK MPM, therefore it has been disabled. This is because this MPM can now only be provided as a loadable module but we do not currently build MPMs as shared modules but as independant binaries and all helpers/startup scripts depend on that behaviour. It will be fixed in the upcoming weeks/months.- apache-20-22-upgrade: still no cookie, module authn_file is ok and must not be disabled on update. authn_core must however be enabled too.- fix apache_mmn spec macro, otherwise all modules down the chain will have broken dependencies- remove After=mysql.service php-fpm.service postgresql.service which were added in the previous change, those must be added as Before=apache2.service in the respective services.- Include mod_systemd for more complete integration with systemd, turn the service to Typé=notify as required - Disable SSL NPN patch for now, it is required for mod_spdy but mod_spdy does not support apache 2.4- apache 2.4.4 * fix for CVE-2012-3499 * fix for the CRIME attack (disable ssl compression by default) * many other bugfies * build access_compat amd unixd as static modules and solve some other upgrade quirks (bnc#813705)- Install apache2.service accordingly (/usr/lib/systemd for 12.3 and up or /lib/systemd for older versions).- Apache 2.4.3 * SECURITY: CVE-2012-3502 * SECURITY: CVE-2012-2687 * mod_cache: Set content type in case we return stale content. * lots of bugfixes see http://www.apache.org/dist/httpd/CHANGES_2.4.3- Improve systemd unit file (tested for months)- use %set_permissions instead %run_permissions (bnc#764097)- Fix factory-auto (aka r2dbag) complains about URL. - Provide a symlink for apxs2 new location otherwise all buggy spec files of external modules will break.- BuildRequire xz explicitly, fix build in !Factory - Drop more old, unused patches- Upgrade to apache 2.4.2 * * ATTENTION, before installing this update YOU MUST READ http://httpd.apache.org/docs/2.4/upgrading.html CAREFULLY otherwise your server will most likely fail to start due to backward incompatible changes. * You can read the huge complete list of changes at http://httpd.apache.org/docs/2.4/new_features_2_4.html- gensslcert: Use 0400 permissions for generated SSL certificate files instead of 0644- modified apache2.2-mpm-itk-20090414-00.patch to fix itk running as root. bnc#681176 / CVE-2011-1176- remove the insecure LD_LIBRARY_PATH line. bnc#757710- Add apache2-mod_ssl_npn.patch: Add npn support to mod_ssl, which is needed by spdy. - Provide apache2(mod_ssl+npn), indicating that our mod_ssl does have the npn patch. This can be used by mod_spdy to ensure a compatible apache/mod_ssl is installed.- fix truncating and resulting paniking of answer headers (bnc#690734)- update to 2.2.22 * ) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * ) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * ) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * ) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. * ) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. * ) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. * ) mod_proxy_ajp: Try to prevent a single long request from marking a worker in error. * ) config: Update the default mod_ssl configuration: Disable SSLv2, only allow >= 128bit ciphers, add commented example for speed optimized cipher list, limit MSIE workaround to MSIE <= 5. * ) core: Fix segfault in ap_send_interim_response(). PR 52315. * ) mod_log_config: Prevent segfault. PR 50861. * ) mod_win32: Invert logic for env var UTF-8 fixing. Now we exclude a list of vars which we know for sure they dont hold UTF-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. PR 13029 / 34985. * ) core: Fix hook sorting for Perl modules, a regression introduced in 2.2.21. PR: 45076. * ) Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. PR 51878. * ) Example configuration: Fix entry for MaxRanges (use "unlimited" instead of "0"). * ) mod_substitute: Fix buffer overrun. - adjusted SSL template/default config for upstream changes, and added MaxRanges example to apache2-server-tuning.conf - fixed installation of (moved) man pages- compile with pcre 8.30 - patch taken from apache bugzilla- enable mod_reqtimeout by default via APACHE_MODULES in /etc/sysconfig/apache2, configuration /etc/apache2/mod_reqtimeout.conf . Of course, the existing configuration remains unchanged.- add default vhost configs * default-vhost.conf, default-vhost-ssl.conf, README.default-vhost- openldap2 is not necessary, just openldap2-devel as buildrequires- add automake as buildrequire to avoid implicit dependency- update to /etc/init.d/apache2: handle reload with deleted binaries after package update more thoughtfully: If the binaries have been replaced, then a dlopen(3) on the apache modules is prone to fail. => Don't reload then, but complain and fail. Especially important for logrotate!- httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff fixes mod_proxy reverse exposure via RewriteRule or ProxyPassMatch directives. This is CVE-2011-3368.- Ensure service_add_pre macro is correctly called for openSUSE 12.1 or later.- Fix systemd files packaging, %ghost is not a good idea. - Use systemd rpm macros for openSUSE 12.1 and later.- don't create $RPM_BUILD_ROOT/etc/init.d twice in %install.- Update to 2.2.21. News therein: * re-worked CVE-2011-3192 (byterange_filter.c) with a regression fix. New config option: MaxRanges (PR 51748) * multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs, mod_alias, mod_rewrite. As always, see CHANGES file. - added httpd-%{realver}.tar.bz2.asc to source, along with 60C5442D.key which the tarball was signed with.- need to add %ghost /lib/systemd to satisfy distributions that have no systemd yet.- Add apache2-systemd-ask-pass / apache2.service / start_apache2 and modify apache2-ssl-global.conf for systemd support (bnc#697137).- Update to version 2.2.20, fix CVE-2011-3192 mod_deflate D.o.S.- Fix apache PR 45076- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage- Add 2 patches from the "low hanging fruit" warnings in apache STATUS page. * mod_deflate: Stop compressing HEAD requests if there is not Content-Length header * mod_reqtimeout: Disable keep-alive after read timeout- Remove -fno-strict-aliasing from CFLAGS, no longer needed.- Allow KeepAliveTimeout to be expressed in miliseconds sometimes one second is too long, upstream r733557.- When linux changes to version 3.x configure tests are gonna break. remove version check, assuming kernel 2.2 or later.- Update to 2.2.19, only one bugfix. * ) Revert ABI breakage in 2.2.18 caused by the function signature change of ap_unescape_url_keep2f(). This release restores the signature from 2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex(). [Eric Covener]- Remove SSLv2 disabled patch, already in upstream. - Update to version 2.2.18 * mod_ssl, ab: Support OpenSSL compiled without SSLv2 support. * core: Treat timeout reading request as 408 error, not 400. * core: Only log a 408 if it is no keepalive timeout. * mod_rewrite: Allow to unset environment variables. * prefork: Update MPM state in children during a graceful restart. * Other fixes in mod_cache,mod_dav,mod_proxy se NEWS for detail.- Fix regular expression in vhost ssl template IE workaround it is obsolete see https://issues.apache.org/bugzilla/show_bug.cgi?id=49484 You should apply this update to fix painfully slow SSL connections when using IE.- Allow usage of an openSSL library compiled without SSlv2- set sane default cipher string in apache2-vhost-ssl.template - remove useless example snakeoil certs - remove broken mkcert script- Tag boot script as interactive as systemd uses it- recommend the default mpm package (bnc#670027)- update to 2.2.17: SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). [Actual fix is in the libapr 1.3 line, which we don't use // poeml] SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause applications to crash while parsing specially-crafted XML documents. [We build with system expat library // poeml] prefork MPM: Run cleanups for final request when process exits gracefully to work around a flaw in apr-util. PR 43857 core: - check symlink ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set - fix origin checking in SymlinksIfOwnerMatch PR 36783 - (re)-introduce -T commandline option to suppress documentroot check at startup. PR 41887 vhost: - A purely-numeric Host: header should not be treated as a port. PR 44979 rotatelogs: - Fix possible buffer overflow if admin configures a mongo log file path. Proxy balancer: support setting error status according to HTTP response code from a backend. PR 48939. mod_authnz_ldap: - If AuthLDAPCharsetConfig is set, also convert the password to UTF-8. PR 45318. mod_dir, mod_negotiation: - Pass the output filter information to newly created sub requests; as these are later on used as true requests with an internal redirect. This allows for mod_cache et.al. to trap the results of the redirect. PR 17629, 43939 mod_headers: - Enable multi-match-and-replace edit option PR 46594 mod_log_config: - Make ${cookie}C correctly match whole cookie names instead of substrings. PR 28037. mod_reqtimeout: - Do not wrongly enforce timeouts for mod_proxy's backend connections and other protocol handlers (like mod_ftp). Enforce the timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering close time from 30 to 2 seconds. mod_ssl: - Do not do overlapping memcpy. PR 45444- Add missing libcap-devel to BuildRequires, wanted by "itk" MPM.- update to 2.2.16: SECURITY: CVE-2010-1452 (cve.mitre.org) mod_dav, mod_cache: Fix Handling of requests without a path segment. PR: 49246 SECURITY: CVE-2010-2068 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection for platforms Windows, Netware and OS2. PR: 49417. core: - Filter init functions are now run strictly once per request before handler invocation. The init functions are no longer run for connection filters. PR 49328. mod_filter: - enable it to act on non-200 responses. PR 48377 mod_ldap: - LDAP caching was suppressed (and ldap-status handler returns title page only) when any mod_ldap directives were used in VirtualHost context. mod_ssl: - Fix segfault at startup if proxy client certs are shared across multiple vhosts. PR 39915. mod_proxy_http: - Log the port of the remote server in various messages. PR 48812. apxs: - Fix -A and -a options to ignore whitespace in httpd.conf mod_dir: - add FallbackResource directive, to enable admin to specify an action to happen when a URL maps to no file, without resorting to ErrorDocument or mod_rewrite. PR 47184 mod_rewrite: - Allow to set environment variables without explicitely giving a value. - add Requires and BuildRequires on libapr1 >= 1.4.2. In the past, libapr1 >= 1.0 was sufficient. But since 2.2.16, a failure to create listen sockets can occur, unless newer libapr1 is used. See https://bugzilla.redhat.com/show_bug.cgi?id=516331 - remove obsolete httpd-2.2.15-deprecated_use_of_build_in_variable.patch- add type and encoding for zipped SVG images (.svgz) Thanks to Sebastian Siebert (via Submit Request #40059)- fix deprecated usage of $[ in apxs2 (httpd-2.2.15-deprecated_use_of_build_in_variable.patch)- Do not compile in build time but use mtime of changes file instead. This allows build-compare to identify that no changes have happened.- add apache2-prefork to the Requires of apache2-devel, because apxs2 will build for prefork, if not called as apxs2-worker (which should rarely be the case). Also added gcc to the Requires.- update to 2.2.15: SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. SECURITY: CVE-2009-3555 (cve.mitre.org) mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l. SECURITY: CVE-2010-0408 (cve.mitre.org) mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. SECURITY: CVE-2010-0425 (cve.mitre.org) mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR 48359 mod_reqtimeout: - New module to set timeouts and minimum data rates for receiving requests from the client. core: - Fix potential memory leaks by making sure to not destroy bucket brigades that have been created by earlier filters. - Return APR_EOF if request body is shorter than the length announced by the client. PR 33098 - Preserve Port information over internal redirects PR 35999 - Build: fix --with-module to work as documented PR 43881 worker: - Don't report server has reached MaxClients until it has. Add message when server gets within MinSpareThreads of MaxClients. PR 46996. ab, mod_ssl: - Restore compatibility with OpenSSL < 0.9.7g. mod_authnz_ldap: - Add AuthLDAPBindAuthoritative to allow Authentication to try other providers in the case of an LDAP bind failure. PR 46608 - Failures to map a username to a DN, or to check a user password now result in an informational level log entry instead of warning level. mod_cache: - Introduce the thundering herd lock, a mechanism to keep the flood of requests at bay that strike a backend webserver as a cached entity goes stale. - correctly consider s-maxage in cacheability decisions. mod_disk_cache, mod_mem_cache: - don't cache incomplete responses, per RFC 2616, 13.8. PR15866. mod_charset_lite: - Honor 'CharsetOptions NoImplicitAdd'. mod_filter: - fix FilterProvider matching where "dispatch" string doesn't exist. PR 48054 mod_include: - Allow fine control over the removal of Last-Modified and ETag headers within the INCLUDES filter, making it possible to cache responses if desired. Fix the default value of the SSIAccessEnable directive. mod_ldap: - If LDAPSharedCacheSize is too small, try harder to purge some cache entries and log a warning. Also increase the default LDAPSharedCacheSize to 500000. This is a more realistic size suitable for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries. PR 46749. mod_log_config: - Add the R option to log the handler used within the request. mod_mime: - Make RemoveType override the info from TypesConfig. PR 38330. - Detect invalid use of MultiviewsMatch inside Location and LocationMatch sections. PR 47754. mod_negotiation: - Preserve query string over multiviews negotiation. This buglet was fixed for type maps in 2.2.6, but the same issue affected multiviews and was overlooked. PR 33112 mod_proxy: - unable to connect to a backend is SERVICE_UNAVAILABLE, rather than BAD_GATEWAY or (especially) NOT_FOUND. PR 46971 mod_proxy, mod_proxy_http: - Support remote https proxies by using HTTP CONNECT. PR 19188. mod_proxy_http: - Make sure that when an ErrorDocument is served from a reverse proxied URL, that the subrequest respects the status of the original request. This brings the behaviour of proxy_handler in line with default_handler. PR 47106. mod_proxy_ajp: - Really regard the operation a success, when the client aborted the connection. In addition adjust the log message if the client aborted the connection. mod_rewrite: - Make sure that a hostname:port isn't fully qualified if the request is a CONNECT request. PR 47928 - Add scgi scheme detection. mod_ssl: - Fix a potential I/O hang if a long list of trusted CAs is configured for client cert auth. PR 46952. - When extracting certificate subject/issuer names to the SSL_*_DN_* variables, handle RDNs with duplicate tags by exporting multiple varialables with an "_n" integer suffix. PR 45875. - obsolete patch CVE-2009-3555-2.2.patch removed- readd whitespace removed by autobuild- package documentation as noarch- add patch for CVE-2009-3555 (cve.mitre.org) http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch http://mail-archives.apache.org/mod_mbox/httpd-announce/200911.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l.- update to 2.2.14: * ) SECURITY: CVE-2009-2699 (cve.mitre.org) Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support (Event Port backend) which could trigger hangs in the prefork and event MPMs on that platform. PR 47645. [Jeff Trawick] * ) SECURITY: CVE-2009-3095 (cve.mitre.org) mod_proxy_ftp: sanity check authn credentials. [Stefan Fritsch , Joe Orton] * ) SECURITY: CVE-2009-3094 (cve.mitre.org) mod_proxy_ftp: NULL pointer dereference on error paths. [Stefan Fritsch , Joe Orton] * ) mod_proxy_scgi: Backport from trunk. [André Malo] * ) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL has been defined at a very high level. PR 45946. [Eric Covener] * ) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett] * ) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries usage() in synch with the manual and the implementation (0 and -1 both disable the cache). [Eric Covener] * ) mod_ssl: The error message when SSLCertificateFile is missing should at least give the name or position of the problematic virtual host definition. [Stefan Fritsch sf sfritsch.de] * ) htdbm: Fix possible buffer overflow if dbm database has very long values. PR 30586 [Dan Poirier] * ) Add support for HTTP PUT to ab. [Jeff Barnes ] * ) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute type. PR 45107. [Michael Ströder , Peter Sylvester ] * ) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore defined session identifiers encoded in the URL when caching. [Ruediger Pluem] * ) mod_mem_cache: fix seg fault under load due to pool concurrency problem PR: 47672 [Dan Poirier ] * ) mod_autoindex: Correctly create an empty cell if the description for a file is missing. PR 47682 [Peter Poeml ]- update to 2.2.13: * ) SECURITY: CVE-2009-2412 (cve.mitre.org) Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow in pools and rmm, where size alignment was taking place. * ) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report warnings compiling mod_ssl against OpenSSL to the httpd developers. * ) mod_cgid: Do not add an empty argument when calling the CGI script. PR 46380 * ) Fix potential segfaults with use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. PR 36780.- update to 2.2.12: SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. PR 39605. SECURITY: CVE-2009-1195 (cve.mitre.org) Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. SECURITY: CVE-2009-1191 (cve.mitre.org) mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. PR 46949 SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org) The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules. core: - New piped log syntax: Use "||process args" to launch the given process without invoking the shell/command interpreter. Use "|$command line" (the default behavior of "|command line" in 2.2) to invoke using shell, consuming an additional shell process for the lifetime of the logging pipe program but granting additional process invocation flexibility. - prefork: Fix child process hang during graceful restart/stop in configurations with multiple listening sockets. PR 42829. - Translate the status line to ASCII on EBCDIC platforms in ap_send_interim_response() and for locally generated "100 Continue" responses. - CGI: return 504 (Gateway timeout) rather than 500 when a script times out before returning status line/headers. PR 42190 - prefork: Log an error instead of segfaulting when child startup fails due to pollset creation failures. PR 46467. - core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars - Set Listen protocol to "https" if port is set to 443 and no proto is specified (as documented but not implemented). PR 46066 - Output -M and -S dumps (modules and vhosts) to stdout instead of stderr. PR 42571 and PR 44266 (dup). mod_alias: - check sanity in Redirect arguments. PR 44729 - Ensure Redirect emits HTTP-compliant URLs. PR 44020 mod_authnz_ldap: - Reduce number of initialization debug messages and make information more clear. PR 46342 mod_cache: - Introduce 'no-cache' per-request environment variable to prevent the saving of an otherwise cacheable response. - Correctly save Content-Encoding of cachable entity. PR 46401 - When an explicit Expires or Cache-Control header is set, cache normally non-cacheable response statuses. PR 46346. mod_cgid: - fix segfault problem on solaris. PR 39332 mod_disk_cache: - The module now turns off sendfile support if 'EnableSendfile off' is defined globally. PR 41218. mod_disk_cache/mod_mem_cache: - Fix handling of CacheIgnoreHeaders directive to correctly remove headers before storing them. mod_deflate: - revert changes in 2.2.8 that caused an invalid etag to be emitted for on-the-fly gzip content-encoding. PR 39727 will require larger fixes and this fix was far more harmful than the original code. PR 45023. mod_ext_filter: - fix error handling when the filter prog fails to start, and introduce an onfail configuration option to abort the request or to remove the broken filter and continue. PR 41120 mod_include: - fix potential segfault when handling back references on an empty SSI variable. - Prevent a case of SSI timefmt-smashing with filter chains including multiple INCLUDES filters. PR 39369 - support generating non-ASCII characters as entities in SSI PR 25202 mod_ldap: - Avoid a segfault when result->rc is checked in uldap_connection_init when result is NULL. This could happen if LDAP initialization failed. PR 45994. mod_negotiation: - Escape pathes of filenames in 406 responses to avoid HTML injections and HTTP response splitting. PR 46837. mod_proxy: - Complete ProxyPassReverse to handle balancer URL's. Given; BalancerMember balancer://alias http://example.com/foo ProxyPassReverse /bash balancer://alias/bar backend url http://example.com/foo/bar/that is now translated /bash/that mod_proxy_ajp: - Check more strictly that the backend follows the AJP protocol. - Forward remote port information by default. mod_proxy_http: - fix Host: header for literal IPv6 addresses. PR 47177 - fix case sensitivity checking transfer encoding PR 47383 mod_rewrite: - Remove locking for writing to the rewritelog. PR 46942 - Fix the error string returned by RewriteRule. RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd argument of RewriteRule was not started with "[" or not ended with "]". PR 45082 - When evaluating a proxy rule in directory context, do escape the filename by default. PR 46428 - Introduce DiscardPathInfo|DPI flag to stop the troublesome way that per-directory rewrites append the previous notion of PATH_INFO to each substitution before evaluating subsequent rules. PR38642 - fix "B" flag breakage by reverting r589343 PR 45529 mod_ssl: - Add server name indication support (RFC 4366) and better support for name based virtual hosts with SSL. PR 34607 - Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives to enable stricter checking of remote server certificates. - Add SSLRenegBufferSize directive to allow changing the size of the buffer used for the request-body where necessary during a per-dir renegotiation. PR 39243. mod_substitute: - Fix a memory leak. PR 44948- Fix missing -Y option in gensslcert [bnc#416888]- merge changes from openSUSE:Factory: - trailing spaces removed from robots.txt - moved Snakeoil certificates to separate subpackage example-certificates [bnc#419601] - removed outdated ca-bundle.crt - NOT merging the change from [bnc#301380] (setting TraceEnable Off), since there is no reason to deviate from upstream- avoid useless (and potentially irritating) messages from usermod called in %post when updating the package - this should probably only be run when updating from very old installs anyway. - likewise, avoid similar useless messages about creation of the httpd user when installing on Fedora.- fix hyperref to the quickstart howto in the installed httpd.conf [bnc#500938] Thanks, Frank!- add ITK MPM (apache2.2-mpm-itk-20090414-00.patch) see http://mpm-itk.sesse.net/- buildfix (from Factory): replace "shadow" by "pwdutils" in requires- update apache2-vhost.template mod_php4 references [bnc#444205]- fixed the ed script which turns apxs into apxs-{prefork,worker,event) to work on Fedora, by using - instead of ^ to go "up" one line. Thereby fixing Fedora build. (Package probably needs further tuning to fit into a Fedora environment.)apache-doclamb23 1554977371  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ab2.4.232.4.23-49.12.4.23-49.12.4.23     apache2conf.dmanual.confmanualBUILDINGLICENSEbind.htmlbind.html.debind.html.enbind.html.frbind.html.ja.utf8bind.html.ko.euc-krbind.html.tr.utf8caching.htmlcaching.html.encaching.html.frcaching.html.tr.utf8configuring.htmlconfiguring.html.deconfiguring.html.enconfiguring.html.frconfiguring.html.ja.utf8configuring.html.ko.euc-krconfiguring.html.tr.utf8content-negotiation.htmlcontent-negotiation.html.encontent-negotiation.html.frcontent-negotiation.html.ja.utf8content-negotiation.html.ko.euc-krcontent-negotiation.html.tr.utf8convenience.mapcustom-error.htmlcustom-error.html.encustom-error.html.escustom-error.html.frcustom-error.html.ja.utf8custom-error.html.ko.euc-krcustom-error.html.tr.utf8developerAPI.htmlAPI.html.endebugging.htmldebugging.html.endocumenting.htmldocumenting.html.endocumenting.html.zh-cn.utf8filters.htmlfilters.html.enhooks.htmlhooks.html.enindex.htmlindex.html.enindex.html.zh-cn.utf8modguide.htmlmodguide.html.enmodules.htmlmodules.html.enmodules.html.ja.utf8new_api_2_4.htmlnew_api_2_4.html.enoutput-filters.htmloutput-filters.html.enrequest.htmlrequest.html.enthread_safety.htmlthread_safety.html.endns-caveats.htmldns-caveats.html.endns-caveats.html.frdns-caveats.html.ja.utf8dns-caveats.html.ko.euc-krdns-caveats.html.tr.utf8dso.htmldso.html.endso.html.frdso.html.ja.utf8dso.html.ko.euc-krdso.html.tr.utf8env.htmlenv.html.enenv.html.frenv.html.ja.utf8env.html.ko.euc-krenv.html.tr.utf8expr.htmlexpr.html.enexpr.html.frfaqindex.htmlindex.html.enindex.html.esindex.html.frindex.html.tr.utf8index.html.zh-cn.utf8filter.htmlfilter.html.enfilter.html.esfilter.html.frfilter.html.ja.utf8filter.html.ko.euc-krfilter.html.tr.utf8getting-started.htmlgetting-started.html.engetting-started.html.frglossary.htmlglossary.html.deglossary.html.englossary.html.esglossary.html.frglossary.html.ja.utf8glossary.html.ko.euc-krglossary.html.tr.utf8handler.htmlhandler.html.enhandler.html.eshandler.html.frhandler.html.ja.utf8handler.html.ko.euc-krhandler.html.tr.utf8handler.html.zh-cn.utf8howtoaccess.htmlaccess.html.enaccess.html.frauth.htmlauth.html.enauth.html.frauth.html.ja.utf8auth.html.ko.euc-krauth.html.tr.utf8cgi.htmlcgi.html.encgi.html.frcgi.html.ja.utf8cgi.html.ko.euc-krhtaccess.htmlhtaccess.html.enhtaccess.html.frhtaccess.html.ja.utf8htaccess.html.ko.euc-krhtaccess.html.pt-brhttp2.htmlhttp2.html.enindex.htmlindex.html.enindex.html.frindex.html.ja.utf8index.html.ko.euc-krindex.html.zh-cn.utf8public_html.htmlpublic_html.html.enpublic_html.html.frpublic_html.html.ja.utf8public_html.html.ko.euc-krpublic_html.html.tr.utf8reverse_proxy.htmlreverse_proxy.html.enssi.htmlssi.html.enssi.html.frssi.html.ja.utf8ssi.html.ko.euc-krimagesapache_header.gifbal-man-b.pngbal-man-w.pngbal-man.pngbuild_a_mod_2.pngbuild_a_mod_3.pngbuild_a_mod_4.pngcaching_fig1.gifcaching_fig1.pngcaching_fig1.tr.pngcustom_errordocs.pngdown.giffavicon.icofeather.giffeather.pngfilter_arch.pngfilter_arch.tr.pnghome.gifindex.gifleft.gifmod_filter_new.gifmod_filter_new.pngmod_filter_new.tr.pngmod_filter_old.gifmod_filter_old.pngmod_rewrite_fig1.gifmod_rewrite_fig1.pngmod_rewrite_fig2.gifmod_rewrite_fig2.pngpixel.gifreverse-proxy-arch.pngrewrite_backreferences.pngrewrite_process_uri.pngrewrite_rule_flow.pngright.gifssl_intro_fig1.gifssl_intro_fig1.pngssl_intro_fig2.gifssl_intro_fig2.pngssl_intro_fig3.gifssl_intro_fig3.pngsub.gifsyntax_rewritecond.pngsyntax_rewriterule.pngup.gifindex.htmlindex.html.daindex.html.deindex.html.enindex.html.esindex.html.frindex.html.ja.utf8index.html.ko.euc-krindex.html.pt-brindex.html.tr.utf8index.html.zh-cn.utf8install.htmlinstall.html.deinstall.html.eninstall.html.esinstall.html.frinstall.html.ja.utf8install.html.ko.euc-krinstall.html.tr.utf8invoking.htmlinvoking.html.deinvoking.html.eninvoking.html.esinvoking.html.frinvoking.html.ja.utf8invoking.html.ko.euc-krinvoking.html.tr.utf8license.htmllicense.html.enlogs.htmllogs.html.enlogs.html.frlogs.html.ja.utf8logs.html.ko.euc-krlogs.html.tr.utf8miscindex.htmlindex.html.enindex.html.frindex.html.ko.euc-krindex.html.tr.utf8index.html.zh-cn.utf8password_encryptions.htmlpassword_encryptions.html.enpassword_encryptions.html.frperf-tuning.htmlperf-tuning.html.enperf-tuning.html.frperf-tuning.html.ko.euc-krperf-tuning.html.tr.utf8relevant_standards.htmlrelevant_standards.html.enrelevant_standards.html.frrelevant_standards.html.ko.euc-krsecurity_tips.htmlsecurity_tips.html.ensecurity_tips.html.frsecurity_tips.html.ko.euc-krsecurity_tips.html.tr.utf8modcore.htmlcore.html.decore.html.encore.html.escore.html.frcore.html.ja.utf8core.html.tr.utf8directive-dict.htmldirective-dict.html.endirective-dict.html.frdirective-dict.html.ja.utf8directive-dict.html.ko.euc-krdirective-dict.html.tr.utf8directives.htmldirectives.html.dedirectives.html.endirectives.html.esdirectives.html.frdirectives.html.ja.utf8directives.html.ko.euc-krdirectives.html.tr.utf8directives.html.zh-cn.utf8event.htmlevent.html.enevent.html.frindex.htmlindex.html.deindex.html.enindex.html.esindex.html.frindex.html.ja.utf8index.html.ko.euc-krindex.html.tr.utf8index.html.zh-cn.utf8mod_access_compat.htmlmod_access_compat.html.enmod_access_compat.html.frmod_access_compat.html.ja.utf8mod_actions.htmlmod_actions.html.demod_actions.html.enmod_actions.html.frmod_actions.html.ja.utf8mod_actions.html.ko.euc-krmod_alias.htmlmod_alias.html.enmod_alias.html.frmod_alias.html.ja.utf8mod_alias.html.ko.euc-krmod_alias.html.tr.utf8mod_allowmethods.htmlmod_allowmethods.html.enmod_allowmethods.html.frmod_asis.htmlmod_asis.html.enmod_asis.html.frmod_asis.html.ja.utf8mod_asis.html.ko.euc-krmod_auth_basic.htmlmod_auth_basic.html.enmod_auth_basic.html.frmod_auth_basic.html.ja.utf8mod_auth_basic.html.ko.euc-krmod_auth_digest.htmlmod_auth_digest.html.enmod_auth_digest.html.frmod_auth_digest.html.ko.euc-krmod_auth_form.htmlmod_auth_form.html.enmod_auth_form.html.frmod_authn_anon.htmlmod_authn_anon.html.enmod_authn_anon.html.frmod_authn_anon.html.ja.utf8mod_authn_anon.html.ko.euc-krmod_authn_core.htmlmod_authn_core.html.enmod_authn_core.html.frmod_authn_dbd.htmlmod_authn_dbd.html.enmod_authn_dbd.html.frmod_authn_dbm.htmlmod_authn_dbm.html.enmod_authn_dbm.html.frmod_authn_dbm.html.ja.utf8mod_authn_dbm.html.ko.euc-krmod_authn_file.htmlmod_authn_file.html.enmod_authn_file.html.frmod_authn_file.html.ja.utf8mod_authn_file.html.ko.euc-krmod_authn_socache.htmlmod_authn_socache.html.enmod_authn_socache.html.frmod_authnz_fcgi.htmlmod_authnz_fcgi.html.enmod_authnz_ldap.htmlmod_authnz_ldap.html.enmod_authnz_ldap.html.frmod_authz_core.htmlmod_authz_core.html.enmod_authz_core.html.frmod_authz_dbd.htmlmod_authz_dbd.html.enmod_authz_dbd.html.frmod_authz_dbm.htmlmod_authz_dbm.html.enmod_authz_dbm.html.frmod_authz_dbm.html.ko.euc-krmod_authz_groupfile.htmlmod_authz_groupfile.html.enmod_authz_groupfile.html.frmod_authz_groupfile.html.ja.utf8mod_authz_groupfile.html.ko.euc-krmod_authz_host.htmlmod_authz_host.html.enmod_authz_host.html.frmod_authz_owner.htmlmod_authz_owner.html.enmod_authz_owner.html.frmod_authz_owner.html.ja.utf8mod_authz_owner.html.ko.euc-krmod_authz_user.htmlmod_authz_user.html.enmod_authz_user.html.frmod_authz_user.html.ja.utf8mod_authz_user.html.ko.euc-krmod_autoindex.htmlmod_autoindex.html.enmod_autoindex.html.frmod_autoindex.html.ja.utf8mod_autoindex.html.ko.euc-krmod_autoindex.html.tr.utf8mod_buffer.htmlmod_buffer.html.enmod_buffer.html.frmod_cache.htmlmod_cache.html.enmod_cache.html.frmod_cache.html.ja.utf8mod_cache.html.ko.euc-krmod_cache_disk.htmlmod_cache_disk.html.enmod_cache_disk.html.frmod_cache_disk.html.ja.utf8mod_cache_disk.html.ko.euc-krmod_cache_socache.htmlmod_cache_socache.html.enmod_cache_socache.html.frmod_cern_meta.htmlmod_cern_meta.html.enmod_cern_meta.html.frmod_cern_meta.html.ko.euc-krmod_cgi.htmlmod_cgi.html.enmod_cgi.html.frmod_cgi.html.ja.utf8mod_cgi.html.ko.euc-krmod_cgid.htmlmod_cgid.html.enmod_cgid.html.frmod_cgid.html.ja.utf8mod_cgid.html.ko.euc-krmod_charset_lite.htmlmod_charset_lite.html.enmod_charset_lite.html.frmod_charset_lite.html.ko.euc-krmod_data.htmlmod_data.html.enmod_data.html.frmod_dav.htmlmod_dav.html.enmod_dav.html.frmod_dav.html.ja.utf8mod_dav.html.ko.euc-krmod_dav_fs.htmlmod_dav_fs.html.enmod_dav_fs.html.frmod_dav_fs.html.ja.utf8mod_dav_fs.html.ko.euc-krmod_dav_lock.htmlmod_dav_lock.html.enmod_dav_lock.html.frmod_dav_lock.html.ja.utf8mod_dbd.htmlmod_dbd.html.enmod_dbd.html.frmod_deflate.htmlmod_deflate.html.enmod_deflate.html.frmod_deflate.html.ja.utf8mod_deflate.html.ko.euc-krmod_dialup.htmlmod_dialup.html.enmod_dialup.html.frmod_dir.htmlmod_dir.html.enmod_dir.html.frmod_dir.html.ja.utf8mod_dir.html.ko.euc-krmod_dir.html.tr.utf8mod_dumpio.htmlmod_dumpio.html.enmod_dumpio.html.frmod_dumpio.html.ja.utf8mod_echo.htmlmod_echo.html.enmod_echo.html.frmod_echo.html.ja.utf8mod_echo.html.ko.euc-krmod_env.htmlmod_env.html.enmod_env.html.frmod_env.html.ja.utf8mod_env.html.ko.euc-krmod_env.html.tr.utf8mod_example_hooks.htmlmod_example_hooks.html.enmod_example_hooks.html.frmod_example_hooks.html.ko.euc-krmod_expires.htmlmod_expires.html.enmod_expires.html.frmod_expires.html.ja.utf8mod_expires.html.ko.euc-krmod_ext_filter.htmlmod_ext_filter.html.enmod_ext_filter.html.frmod_ext_filter.html.ja.utf8mod_ext_filter.html.ko.euc-krmod_file_cache.htmlmod_file_cache.html.enmod_file_cache.html.frmod_file_cache.html.ko.euc-krmod_filter.htmlmod_filter.html.enmod_filter.html.frmod_headers.htmlmod_headers.html.enmod_headers.html.frmod_headers.html.ja.utf8mod_headers.html.ko.euc-krmod_heartbeat.htmlmod_heartbeat.html.enmod_heartbeat.html.frmod_heartmonitor.htmlmod_heartmonitor.html.enmod_heartmonitor.html.frmod_http2.htmlmod_http2.html.enmod_ident.htmlmod_ident.html.enmod_ident.html.frmod_ident.html.ja.utf8mod_ident.html.ko.euc-krmod_imagemap.htmlmod_imagemap.html.enmod_imagemap.html.frmod_imagemap.html.ko.euc-krmod_include.htmlmod_include.html.enmod_include.html.frmod_include.html.ja.utf8mod_info.htmlmod_info.html.enmod_info.html.frmod_info.html.ja.utf8mod_info.html.ko.euc-krmod_isapi.htmlmod_isapi.html.enmod_isapi.html.frmod_isapi.html.ko.euc-krmod_lbmethod_bybusyness.htmlmod_lbmethod_bybusyness.html.enmod_lbmethod_bybusyness.html.frmod_lbmethod_byrequests.htmlmod_lbmethod_byrequests.html.enmod_lbmethod_byrequests.html.frmod_lbmethod_bytraffic.htmlmod_lbmethod_bytraffic.html.enmod_lbmethod_bytraffic.html.frmod_lbmethod_heartbeat.htmlmod_lbmethod_heartbeat.html.enmod_lbmethod_heartbeat.html.frmod_ldap.htmlmod_ldap.html.enmod_ldap.html.frmod_log_config.htmlmod_log_config.html.enmod_log_config.html.frmod_log_config.html.ja.utf8mod_log_config.html.ko.euc-krmod_log_config.html.tr.utf8mod_log_debug.htmlmod_log_debug.html.enmod_log_debug.html.frmod_log_forensic.htmlmod_log_forensic.html.enmod_log_forensic.html.frmod_log_forensic.html.ja.utf8mod_log_forensic.html.tr.utf8mod_logio.htmlmod_logio.html.enmod_logio.html.frmod_logio.html.ja.utf8mod_logio.html.ko.euc-krmod_logio.html.tr.utf8mod_lua.htmlmod_lua.html.enmod_lua.html.frmod_macro.htmlmod_macro.html.enmod_macro.html.frmod_mime.htmlmod_mime.html.enmod_mime.html.frmod_mime.html.ja.utf8mod_mime_magic.htmlmod_mime_magic.html.enmod_mime_magic.html.frmod_negotiation.htmlmod_negotiation.html.enmod_negotiation.html.frmod_negotiation.html.ja.utf8mod_nw_ssl.htmlmod_nw_ssl.html.enmod_nw_ssl.html.frmod_privileges.htmlmod_privileges.html.enmod_privileges.html.frmod_proxy.htmlmod_proxy.html.enmod_proxy.html.frmod_proxy.html.ja.utf8mod_proxy_ajp.htmlmod_proxy_ajp.html.enmod_proxy_ajp.html.frmod_proxy_ajp.html.ja.utf8mod_proxy_balancer.htmlmod_proxy_balancer.html.enmod_proxy_balancer.html.frmod_proxy_balancer.html.ja.utf8mod_proxy_connect.htmlmod_proxy_connect.html.enmod_proxy_connect.html.frmod_proxy_connect.html.ja.utf8mod_proxy_express.htmlmod_proxy_express.html.enmod_proxy_express.html.frmod_proxy_fcgi.htmlmod_proxy_fcgi.html.enmod_proxy_fcgi.html.frmod_proxy_fdpass.htmlmod_proxy_fdpass.html.enmod_proxy_fdpass.html.frmod_proxy_ftp.htmlmod_proxy_ftp.html.enmod_proxy_ftp.html.frmod_proxy_hcheck.htmlmod_proxy_hcheck.html.enmod_proxy_html.htmlmod_proxy_html.html.enmod_proxy_html.html.frmod_proxy_http.htmlmod_proxy_http.html.enmod_proxy_http.html.frmod_proxy_http2.htmlmod_proxy_http2.html.enmod_proxy_scgi.htmlmod_proxy_scgi.html.enmod_proxy_scgi.html.frmod_proxy_wstunnel.htmlmod_proxy_wstunnel.html.enmod_ratelimit.htmlmod_ratelimit.html.enmod_ratelimit.html.frmod_reflector.htmlmod_reflector.html.enmod_reflector.html.frmod_remoteip.htmlmod_remoteip.html.enmod_remoteip.html.frmod_reqtimeout.htmlmod_reqtimeout.html.enmod_reqtimeout.html.frmod_request.htmlmod_request.html.enmod_request.html.frmod_request.html.tr.utf8mod_rewrite.htmlmod_rewrite.html.enmod_rewrite.html.frmod_sed.htmlmod_sed.html.enmod_sed.html.frmod_session.htmlmod_session.html.enmod_session.html.frmod_session_cookie.htmlmod_session_cookie.html.enmod_session_cookie.html.frmod_session_crypto.htmlmod_session_crypto.html.enmod_session_crypto.html.frmod_session_dbd.htmlmod_session_dbd.html.enmod_session_dbd.html.frmod_setenvif.htmlmod_setenvif.html.enmod_setenvif.html.frmod_setenvif.html.ja.utf8mod_setenvif.html.ko.euc-krmod_setenvif.html.tr.utf8mod_slotmem_plain.htmlmod_slotmem_plain.html.enmod_slotmem_plain.html.frmod_slotmem_shm.htmlmod_slotmem_shm.html.enmod_slotmem_shm.html.frmod_so.htmlmod_so.html.enmod_so.html.frmod_so.html.ja.utf8mod_so.html.ko.euc-krmod_so.html.tr.utf8mod_socache_dbm.htmlmod_socache_dbm.html.enmod_socache_dbm.html.frmod_socache_dc.htmlmod_socache_dc.html.enmod_socache_dc.html.frmod_socache_memcache.htmlmod_socache_memcache.html.enmod_socache_memcache.html.frmod_socache_shmcb.htmlmod_socache_shmcb.html.enmod_socache_shmcb.html.frmod_speling.htmlmod_speling.html.enmod_speling.html.frmod_speling.html.ja.utf8mod_speling.html.ko.euc-krmod_ssl.htmlmod_ssl.html.enmod_ssl.html.frmod_status.htmlmod_status.html.enmod_status.html.frmod_status.html.ja.utf8mod_status.html.ko.euc-krmod_status.html.tr.utf8mod_substitute.htmlmod_substitute.html.enmod_substitute.html.frmod_suexec.htmlmod_suexec.html.enmod_suexec.html.frmod_suexec.html.ja.utf8mod_suexec.html.ko.euc-krmod_suexec.html.tr.utf8mod_unique_id.htmlmod_unique_id.html.enmod_unique_id.html.frmod_unique_id.html.ja.utf8mod_unique_id.html.ko.euc-krmod_unixd.htmlmod_unixd.html.enmod_unixd.html.frmod_unixd.html.tr.utf8mod_userdir.htmlmod_userdir.html.enmod_userdir.html.frmod_userdir.html.ja.utf8mod_userdir.html.ko.euc-krmod_userdir.html.tr.utf8mod_usertrack.htmlmod_usertrack.html.enmod_usertrack.html.frmod_version.htmlmod_version.html.enmod_version.html.ja.utf8mod_version.html.ko.euc-krmod_vhost_alias.htmlmod_vhost_alias.html.enmod_vhost_alias.html.frmod_vhost_alias.html.tr.utf8mod_watchdog.htmlmod_watchdog.html.enmod_xml2enc.htmlmod_xml2enc.html.enmod_xml2enc.html.frmodule-dict.htmlmodule-dict.html.enmodule-dict.html.frmodule-dict.html.ja.utf8module-dict.html.ko.euc-krmodule-dict.html.tr.utf8mpm_common.htmlmpm_common.html.dempm_common.html.enmpm_common.html.frmpm_common.html.ja.utf8mpm_common.html.tr.utf8mpm_netware.htmlmpm_netware.html.enmpm_netware.html.frmpm_winnt.htmlmpm_winnt.html.dempm_winnt.html.enmpm_winnt.html.frmpm_winnt.html.ja.utf8mpmt_os2.htmlmpmt_os2.html.enmpmt_os2.html.frprefork.htmlprefork.html.deprefork.html.enprefork.html.frprefork.html.ja.utf8prefork.html.tr.utf8quickreference.htmlquickreference.html.dequickreference.html.enquickreference.html.esquickreference.html.frquickreference.html.ja.utf8quickreference.html.ko.euc-krquickreference.html.tr.utf8quickreference.html.zh-cn.utf8worker.htmlworker.html.deworker.html.enworker.html.frworker.html.ja.utf8worker.html.tr.utf8mpm.htmlmpm.html.dempm.html.enmpm.html.esmpm.html.frmpm.html.ja.utf8mpm.html.ko.euc-krmpm.html.tr.utf8mpm.html.zh-cn.utf8new_features_2_0.htmlnew_features_2_0.html.denew_features_2_0.html.ennew_features_2_0.html.frnew_features_2_0.html.ja.utf8new_features_2_0.html.ko.euc-krnew_features_2_0.html.pt-brnew_features_2_0.html.ru.koi8-rnew_features_2_0.html.tr.utf8new_features_2_2.htmlnew_features_2_2.html.ennew_features_2_2.html.frnew_features_2_2.html.ko.euc-krnew_features_2_2.html.pt-brnew_features_2_2.html.tr.utf8new_features_2_4.htmlnew_features_2_4.html.ennew_features_2_4.html.frnew_features_2_4.html.tr.utf8platformebcdic.htmlebcdic.html.enebcdic.html.ko.euc-krindex.htmlindex.html.enindex.html.frindex.html.ko.euc-krindex.html.zh-cn.utf8netware.htmlnetware.html.ennetware.html.frnetware.html.ko.euc-krperf-hp.htmlperf-hp.html.enperf-hp.html.frperf-hp.html.ko.euc-krrpm.htmlrpm.html.enwin_compiling.htmlwin_compiling.html.enwin_compiling.html.frwin_compiling.html.ko.euc-krwindows.htmlwindows.html.enwindows.html.frwindows.html.ko.euc-krprogramsab.htmlab.html.enab.html.frab.html.ko.euc-krab.html.tr.utf8apachectl.htmlapachectl.html.enapachectl.html.frapachectl.html.ko.euc-krapachectl.html.tr.utf8apxs.htmlapxs.html.enapxs.html.frapxs.html.ko.euc-krapxs.html.tr.utf8configure.htmlconfigure.html.enconfigure.html.frconfigure.html.ko.euc-krconfigure.html.tr.utf8dbmmanage.htmldbmmanage.html.endbmmanage.html.frdbmmanage.html.ko.euc-krdbmmanage.html.tr.utf8fcgistarter.htmlfcgistarter.html.enfcgistarter.html.frfcgistarter.html.tr.utf8htcacheclean.htmlhtcacheclean.html.enhtcacheclean.html.frhtcacheclean.html.ko.euc-krhtcacheclean.html.tr.utf8htdbm.htmlhtdbm.html.enhtdbm.html.frhtdbm.html.tr.utf8htdigest.htmlhtdigest.html.enhtdigest.html.frhtdigest.html.ko.euc-krhtdigest.html.tr.utf8htpasswd.htmlhtpasswd.html.enhtpasswd.html.frhtpasswd.html.ko.euc-krhtpasswd.html.tr.utf8httpd.htmlhttpd.html.enhttpd.html.frhttpd.html.ko.euc-krhttpd.html.tr.utf8httxt2dbm.htmlhttxt2dbm.html.enhttxt2dbm.html.frhttxt2dbm.html.tr.utf8index.htmlindex.html.enindex.html.esindex.html.frindex.html.ko.euc-krindex.html.tr.utf8index.html.zh-cn.utf8log_server_status.htmllog_server_status.html.enlogresolve.htmllogresolve.html.enlogresolve.html.frlogresolve.html.ko.euc-krlogresolve.html.tr.utf8other.htmlother.html.enother.html.frother.html.ko.euc-krother.html.tr.utf8rotatelogs.htmlrotatelogs.html.enrotatelogs.html.frrotatelogs.html.ko.euc-krrotatelogs.html.tr.utf8split-logfile.htmlsplit-logfile.html.ensuexec.htmlsuexec.html.ensuexec.html.ko.euc-krsuexec.html.tr.utf8rewriteaccess.htmlaccess.html.enaccess.html.fradvanced.htmladvanced.html.enadvanced.html.fravoid.htmlavoid.html.enavoid.html.frflags.htmlflags.html.enflags.html.frhtaccess.htmlhtaccess.html.enhtaccess.html.frindex.htmlindex.html.enindex.html.frindex.html.tr.utf8index.html.zh-cn.utf8intro.htmlintro.html.enintro.html.frproxy.htmlproxy.html.enproxy.html.frremapping.htmlremapping.html.enremapping.html.frrewritemap.htmlrewritemap.html.enrewritemap.html.frtech.htmltech.html.entech.html.frvhosts.htmlvhosts.html.envhosts.html.frsections.htmlsections.html.ensections.html.frsections.html.ja.utf8sections.html.ko.euc-krsections.html.tr.utf8server-wide.htmlserver-wide.html.enserver-wide.html.frserver-wide.html.ja.utf8server-wide.html.ko.euc-krserver-wide.html.tr.utf8sitemap.htmlsitemap.html.desitemap.html.ensitemap.html.essitemap.html.frsitemap.html.ja.utf8sitemap.html.ko.euc-krsitemap.html.tr.utf8sitemap.html.zh-cn.utf8socache.htmlsocache.html.ensocache.html.frsslindex.htmlindex.html.enindex.html.frindex.html.ja.utf8index.html.tr.utf8index.html.zh-cn.utf8ssl_compat.htmlssl_compat.html.enssl_compat.html.frssl_faq.htmlssl_faq.html.enssl_faq.html.frssl_howto.htmlssl_howto.html.enssl_howto.html.frssl_intro.htmlssl_intro.html.enssl_intro.html.frssl_intro.html.ja.utf8stopping.htmlstopping.html.destopping.html.enstopping.html.esstopping.html.frstopping.html.ja.utf8stopping.html.ko.euc-krstopping.html.tr.utf8stylebuild.propertiescommon.dtdcssmanual-chm.cssmanual-loose-100pc.cssmanual-print.cssmanual-zip-100pc.cssmanual-zip.cssmanual.cssprettify.cssfaq.dtdlanglang.dtdlatexatbeginend.stymanualpage.dtdmodulesynopsis.dtdscriptsMINIFYprettify.jsprettify.min.jssitemap.dtdversion.entxslutilsuexec.htmlsuexec.html.ensuexec.html.frsuexec.html.ja.utf8suexec.html.ko.euc-krsuexec.html.tr.utf8upgrading.htmlupgrading.html.enupgrading.html.frurlmapping.htmlurlmapping.html.enurlmapping.html.frurlmapping.html.ja.utf8urlmapping.html.ko.euc-krurlmapping.html.tr.utf8vhostsdetails.htmldetails.html.endetails.html.frdetails.html.ko.euc-krdetails.html.tr.utf8examples.htmlexamples.html.enexamples.html.frexamples.html.ja.utf8examples.html.ko.euc-krexamples.html.tr.utf8fd-limits.htmlfd-limits.html.enfd-limits.html.frfd-limits.html.ja.utf8fd-limits.html.ko.euc-krfd-limits.html.tr.utf8index.htmlindex.html.deindex.html.enindex.html.frindex.html.ja.utf8index.html.ko.euc-krindex.html.tr.utf8index.html.zh-cn.utf8ip-based.htmlip-based.html.enip-based.html.frip-based.html.ja.utf8ip-based.html.ko.euc-krip-based.html.tr.utf8mass.htmlmass.html.enmass.html.frmass.html.ko.euc-krmass.html.tr.utf8name-based.htmlname-based.html.dename-based.html.enname-based.html.frname-based.html.ja.utf8name-based.html.ko.euc-krname-based.html.tr.utf8/etc//etc/apache2//etc/apache2/conf.d//usr/share/apache2//usr/share/apache2/manual//usr/share/apache2/manual/developer//usr/share/apache2/manual/faq//usr/share/apache2/manual/howto//usr/share/apache2/manual/images//usr/share/apache2/manual/misc//usr/share/apache2/manual/mod//usr/share/apache2/manual/platform//usr/share/apache2/manual/programs//usr/share/apache2/manual/rewrite//usr/share/apache2/manual/ssl//usr/share/apache2/manual/style//usr/share/apache2/manual/style/css//usr/share/apache2/manual/style/latex//usr/share/apache2/manual/style/scripts//usr/share/apache2/manual/style/xsl//usr/share/apache2/manual/vhosts/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10022/openSUSE_Leap_42.3_Update/6d6f0d38a11247c9c41df7a29aebe494-apache2.openSUSE_Leap_42.3_Updatedrpmlzma5i586-suse-linux   ! "#$%&'()* +++,++-./++directoryASCII textXML document textGIF image data, version 89a, 600 x 62PNG image data, 1000 x 728, 8-bit/color RGBA, non-interlacedPNG image data, 1000 x 927, 8-bit/color RGBA, non-interlacedPNG image data, 1000 x 491, 8-bit/color RGBA, non-interlacedPNG image data, 476 x 300, 8-bit/color RGB, interlacedPNG image data, 343 x 140, 8-bit/color RGB, interlacedPNG image data, 730 x 133, 8-bit/color RGB, interlacedGIF image data, version 89a, 600 x 406PNG image data, 600 x 406, 8-bit colormap, non-interlacedPNG image data, 686 x 464, 8-bit colormap, non-interlacedGIF image data, version 89a, 11 x 11GIF image data, version 89a, 248 x 70PNG image data, 248 x 70, 8-bit/color RGBA, non-interlacedPNG image data, 569 x 392, 1-bit colormap, non-interlacedPNG image data, 569 x 392, 2-bit colormap, non-interlacedGIF image data, version 87a, 100 x 32GIF image data, version 87a, 423 x 331PNG image data, 423 x 331, 1-bit colormap, non-interlacedPNG image data, 423 x 331, 2-bit colormap, non-interlacedGIF image data, version 87a, 160 x 310PNG image data, 160 x 310, 1-bit colormap, non-interlacedGIF image data, version 87a, 428 x 385PNG image data, 428 x 385, 2-bit colormap, non-interlacedGIF image data, version 87a, 381 x 179PNG image data, 381 x 179, 2-bit colormap, non-interlacedGIF image data, version 89a, 1 x 1PNG image data, 297 x 333, 8-bit/color RGBA, non-interlacedPNG image data, 700 x 145, 8-bit/color RGB, interlacedPNG image data, 472 x 450, 8-bit/color RGB, interlacedPNG image data, 391 x 429, 8-bit/color RGB, non-interlacedGIF image data, version 89a, 423 x 327PNG image data, 423 x 327, 2-bit colormap, non-interlacedGIF image data, version 89a, 428 x 217PNG image data, 428 x 217, 4-bit colormap, non-interlacedGIF image data, version 89a, 423 x 323PNG image data, 423 x 323, 4-bit colormap, non-interlacedGIF image data, version 89a, 500 x 62PNG image data, 497 x 297, 8-bit/color RGB, non-interlacedPNG image data, 498 x 318, 8-bit/color RGB, non-interlacedXML 1.0 document textLaTeX document, ASCII textPOSIX shell script, ASCII text executableHTML document, ASCII text, with very long linesASCII text, with very long lines7s\$0\,Ae?@]"k%jS$+e'4jT[τ,6" +;kG1#-jЮgoۊiy=f`Raɐb4_`)^,z qzޅHb\ ^F[}gTH2$q T\]ŻSKJքIU*:ѶቢE</c|_c{c͢fy[GU'fqOv։y*A-O<-d]0.^k3C.? ( EKVC]DT9Mm,Ǩ^tƨ>g-=ڵ,hznWQRBWg#| ^ݻ߹r홥k); OZ=*= oOL%0 X9cG^ |3%WGӻ/ M/rq =+4|vB)zM6UA$IW]ho &slg;`d ÓϼSVI$yМ=[ zO;?b\QjxM4uD6+ pvȧ9t=_܆u60ģsu^׭Y=.߳f.akctw*~:RF")8W%Է\JpIS=8ȃ}{N}<;WSy?/t6:VJU?pP{I{X3TCDI>#A5a\ɳ]W>5M#os,S7;nj+P~znK}K~a2ɾH3KR+WYD)ůhf@R >]UJwO@%\>~fb].R.XĚ%#Bu^bԋ!9pRIԾz16s-J [o{Q3bZϠd27Čv>F/n,6؉n$ңw)^PStdw_Z";wc.:m4ۗtYi-RH\U!&@L5JxVGe#Dy@+Jbn 뻸vι0sX(Z.&ʣұHVixkOm&fKr],m;ǪR .E5lbgˬs~+Y1C^fId8 t@i/ vl v[@\'ط߭+<׃m).u ˰V7DA0J $lU%[[Ju =4FdX8-X`ax~ygd,{DQOJ`vjOB*P'ןd]%魂ZNNfX,'lF{`Jk^xo\^M:MtEub([Q $J=ȱydmgW6 **Yle蹌‚ݤ$bv^6ubNtYobM> <ƣjGU:Fsl_HQ}ozFGZ:4p(1ϣ"3o J (>THxwVM\s3yls}=ZmcpL dёQs+tH/euR3@r+] 55je 4^q`!+ԟmr&Ejw{Qd?amQ]/hbxEih$gATJH9Ջ9,Wɗx{b(jVMJXAUx(N3\+%XpfO`0IK"?,pBkŦ oCjV,`0{ef{;CcEmM;iTΟE-%̳!圞gqU6A g,<4S.m# 8y(0o<$ lce y $Ͳعc7Lh,nDaF!W}}׫%6+ex ,qB+L%#c:X:y6y›pG}xБ#cINní+u.  `lїwWO & Z6V1D0s<$-DI٢T|a4(G7m1(*NLz;.>O.̼͇P#Y3|0J2}?4 !}NBKё7@ I=vDPuțSc,Y*X9\M %ˆPrs:.V5# 9h3Yšg &<ޢ! G<񌄯驞yb*;_Ih+6gaw+zmUb$ꭣ7'ο귡  Iz!&_`Z J `ATkZ1)#-;,)wN apܿ6M8O3-l6"HJt#`ڳ)Y.AUQ~xCL/.wO0|VNE)H.Y 7VzGv[ıyz[k:FAl^l5;3 Õf{KZtUH|E  Nk28)5P(b w552߇%/FTG$O[V51 -}BT:H3bL/BZ|kFW0C;D׫0,ȹ,jq*b,"wc JH!\ jֵY2 0==|.?7T@_0Qʸ22I%x41>q´mZ%$*=pEH3^3n5OQKAT q]ko |nZB柇/=<OwhЂyW!w>iq {% 1 zi #5e5|O҇qQ>J7ƘŎ0cEui5w?Λuzt,PBкz5©鮧WzIqo-M `wr-BMb~$NE)ʣo;D[Ru~RO>}6+K><O{rWtcJe8@V7ha0_+ٺKi Hq?;||`. `hujLh5*sB)օN3V smFk-KOXi{+tc"j=A%=[k:z_p 㝭z`A/mk윬KK77z/w K(tн=iPY%\Ofq  fl|dd{"!ulShV4* vԏ{Z?<:RH 'i2[zbI8ˬ·YSv{~9^.Ƀ*tBGVOm]hIy؂ٷjBC̭}JmWɼ‡u#Wǻ1[ݽ,%bd_|rY<˼TOcN[EU nbtde4tk~[U"!6?7ƪ_|bn#ÝxT^h}%S)02q&%r2\&S+`.Bƛ Z8i ~VĉtiJ '\C.m^U+k."tnU襨$^nUIԕ(Aհ`y<(cOxV "WVņ2^P'ݸq 3$ykjP#q^+dMt:k%Wzg"}ܭ8Њ++u2![51WJk _6={cFQ"ĥqj+Y툹F>mlLyֈtOc@G,mυ%4?ZF*c?lha[0֎34gɭt>J.^#ϑg󢻟GZ/Y9;>;d~ĈElbX.b=CͼL&T&PK%ub ;ʉwKSo/~ARtPNX$/D6Fh;|Q{U941PpIݽLiB3$'n!tfr->>쮑ĤT#&.Wo"!jUu %x$߱);@tUzf\qtq'. h mz?O%, BΣ׆g>GĢK鴾NŰas~[z%c:Reywh :Ziuƙ8h9WOZVIp֙'r6 .J%'52rnp34^Y}5?`S=tz j =ξtb=l@kR8qeӅ^Xp. 1 ,~[߀ Pc4p *Ci%k(|;DqR@H3bx V-׬B}kYN\.Yxի^pf$cnQ#ӎOџ%~EcIH2I錒zW/=+\d$ ϣg* JPA\5 41Yppp{Az%uMv'Q<@{p/c)w+SF^du1ȒED5Gۍ"liJXނ+ R\&,3q׆)uń` D|McU"G jP(&ќ\;BmN $^S*,@K\y1a[nӋq/F"HA@l9!aZ{wj6492T!eifݸ8%>zornsTq/lo1L.-G=z7h4TA7k Ξ۲HldaOMIp?Uim-O`\WB$3 i9*HоFȹ#&t.hR44YIPF 4v%9olk%.lQ%W҈t uU]Ema.Jn7չs~w^DMH '}r ǽq15 :dޏk2\ %9LVRO%eެ|;ȯu]s`cS,\*v:jUaQ19ERzRz/u'yu7Qﰷ