From 75808db17caf8b960b351e3408e74142f4c85aac Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 14 Apr 2024 15:42:30 +0200
Subject: Adding upstream version 2.117.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 tags/a/apache2-deprecated-auth-config.tag | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 tags/a/apache2-deprecated-auth-config.tag

(limited to 'tags/a/apache2-deprecated-auth-config.tag')

diff --git a/tags/a/apache2-deprecated-auth-config.tag b/tags/a/apache2-deprecated-auth-config.tag
new file mode 100644
index 0000000..a60d581
--- /dev/null
+++ b/tags/a/apache2-deprecated-auth-config.tag
@@ -0,0 +1,15 @@
+Tag: apache2-deprecated-auth-config
+Severity: warning
+Check: apache2
+Explanation: The package is using some of the deprecated authentication configuration
+ directives Order, Satisfy, Allow, Deny, &lt;Limit&gt; or &lt;LimitExcept&gt;
+ .
+ These do not integrate well with the new authorization scheme of Apache
+ 2.4 and, in the case of &lt;Limit&gt; and &lt;LimitExcept&gt; have confusing
+ semantics. The configuration directives should be replaced with a suitable
+ combination of &lt;RequireAll&gt;, &lt;RequireAny&gt;, Require all, Require local,
+ Require ip, and Require method.
+ .
+ Alternatively, the offending lines can be wrapped between
+ &lt;IfModule !mod&lowbar;authz&lowbar;core.c&gt; ... &lt;/IfModule&gt; or
+ &lt;IfVersion &lt; 2.3&gt; ... &lt;/IfVersion&gt; directives.
-- 
cgit v1.2.3