Accepting request 941816 from home:AndreasStieger:branches:Apache
changlog update for 2.4.52: CVE-2021-44224 boo#1193943 CVE-2021-44790 boo#1193942 OBS-URL: https://build.opensuse.org/request/show/941816 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=662
This commit is contained in:
Git OBS Bridge
parent
91179b73e4
commit
24717da42a
@ -2,32 +2,32 @@
|
||||
Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
|
||||
|
||||
- version update to 2.4.52:
|
||||
* fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
|
||||
configurations [boo#1193943]
|
||||
* fix CVE-2021-44790: buffer overflow when parsing multipart
|
||||
content in mod_lua [boo#1193942]
|
||||
*) http: Enforce that fully qualified uri-paths not to be forward-proxied
|
||||
have an http(s) scheme, and that the ones to be forward proxied have a
|
||||
hostname, per HTTP specifications. [Ruediger Pluem, Yann Ylavic]
|
||||
hostname, per HTTP specifications.
|
||||
*) OpenSSL autoconf detection improvement: pick up openssl.pc in the
|
||||
specified openssl path. [Joe Orton]
|
||||
*) mod_proxy_connect, mod_proxy: Do not change the status code after we
|
||||
already sent it to the client.
|
||||
*) mod_http: Correctly sent a 100 Continue status code when sending an interim
|
||||
response as result of an Expect: 100-Continue in the request and not the
|
||||
current status code of the request. PR 65725 [Ruediger Pluem]
|
||||
current status code of the request
|
||||
*) mod_dav: Some DAV extensions, like CalDAV, specify both document
|
||||
elements and property elements that need to be taken into account
|
||||
when generating a property. The document element and property element
|
||||
are made available in the dav_liveprop_elem structure by calling
|
||||
dav_get_liveprop_element(). [Graham Leggett]
|
||||
dav_get_liveprop_element()
|
||||
*) mod_dav: Add utility functions dav_validate_root_ns(),
|
||||
dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
|
||||
dav_find_attr() so that other modules get to play too.
|
||||
[Graham Leggett]
|
||||
*) mpm_event: Restart stopping of idle children after a load peak. PR 65626.
|
||||
[Yann Ylavic, Ruediger Pluem]
|
||||
*) mpm_event: Restart stopping of idle children after a load peak
|
||||
*) mod_http2: fixes 2 regressions in server limit handling.
|
||||
1. When reaching server limits, such as MaxRequestsPerChild, the
|
||||
HTTP/2 connection send a GOAWAY frame much too early on new
|
||||
connections, leading to invalid protocol state and a client
|
||||
failing the request. See PR65731.
|
||||
failing the request
|
||||
The module now initializes the HTTP/2 protocol correctly and
|
||||
allows the client to submit one request before the shutdown
|
||||
via a GOAWAY frame is being announced.
|
||||
@ -36,22 +36,14 @@ Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
|
||||
when reaching MaxConnectionsPerChild. When unprocessed h2
|
||||
requests were queued at the time, these could stall.
|
||||
See <https://github.com/icing/mod_h2/issues/212>.
|
||||
[Stefan Eissing]
|
||||
*) mod_ssl: Add build support for OpenSSL v3. [Rainer Jung,
|
||||
Stefan Fritsch, Yann Ylavic, Stefan Eissing, Joe Orton,
|
||||
Giovanni Bechis]
|
||||
*) mod_ssl: Add build support for OpenSSL v3
|
||||
*) mod_proxy_connect: Honor the smallest of the backend or client timeout
|
||||
while tunneling. [Yann Ylavic]
|
||||
while tunneling
|
||||
*) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
|
||||
half-close forwarding when tunneling protocols. [Yann Ylavic]
|
||||
|
||||
half-close forwarding when tunneling protocols
|
||||
*) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
|
||||
a third-party module. PR 65627.
|
||||
[acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
|
||||
|
||||
*) mod_md: Fix memory leak in case of failures to load the private key.
|
||||
PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
|
||||
|
||||
*) mod_md: adding v2.4.8 with the following changes
|
||||
- Added support for ACME External Account Binding (EAB).
|
||||
Use the new directive `MDExternalAccountBinding` to provide the
|
||||
@ -82,15 +74,11 @@ Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
|
||||
See <https://github.com/icing/mod_md/issues/268>
|
||||
- Fixed a mixup in md-status handler when static certificate files
|
||||
and renewal was configured at the same time.
|
||||
|
||||
*) mod_md: values for External Account Binding (EAB) can
|
||||
now also be configured to be read from a separate JSON
|
||||
file. This allows to keep server configuration permissions
|
||||
world readable without exposing secrets.
|
||||
[Stefan Eissing]
|
||||
|
||||
*) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
|
||||
PR 65616. [Ruediger Pluem]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 24 11:04:43 UTC 2021 - pgajdos@suse.com
|
||||
|
||||
Loading…
Reference in New Issue
Block a user