pool/apache2
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 941816 from home:AndreasStieger:branches:Apache

Browse Source 
changlog update for 2.4.52:
CVE-2021-44224 boo#1193943
CVE-2021-44790 boo#1193942

OBS-URL: https://build.opensuse.org/request/show/941816
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=662
This commit is contained in:
Petr Gajdos 2021-12-21 10:28:15 +00:00 committed by Git OBS Bridge
parent 91179b73e4
commit 24717da42a
1 changed files with 12 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
apache2.changes
View File

@ -2,32 +2,32 @@
Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com> Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
- version update to 2.4.52: - version update to 2.4.52:
* fix CVE-2021-44224: NULL dereference or SSRF in forward proxy
configurations [boo#1193943]
* fix CVE-2021-44790: buffer overflow when parsing multipart
content in mod_lua [boo#1193942]
*) http: Enforce that fully qualified uri-paths not to be forward-proxied *) http: Enforce that fully qualified uri-paths not to be forward-proxied
have an http(s) scheme, and that the ones to be forward proxied have a have an http(s) scheme, and that the ones to be forward proxied have a
hostname, per HTTP specifications. [Ruediger Pluem, Yann Ylavic] hostname, per HTTP specifications.
*) OpenSSL autoconf detection improvement: pick up openssl.pc in the *) OpenSSL autoconf detection improvement: pick up openssl.pc in the
specified openssl path. [Joe Orton]
*) mod_proxy_connect, mod_proxy: Do not change the status code after we
already sent it to the client. already sent it to the client.
*) mod_http: Correctly sent a 100 Continue status code when sending an interim *) mod_http: Correctly sent a 100 Continue status code when sending an interim
response as result of an Expect: 100-Continue in the request and not the response as result of an Expect: 100-Continue in the request and not the
current status code of the request. PR 65725 [Ruediger Pluem] current status code of the request
*) mod_dav: Some DAV extensions, like CalDAV, specify both document *) mod_dav: Some DAV extensions, like CalDAV, specify both document
elements and property elements that need to be taken into account elements and property elements that need to be taken into account
when generating a property. The document element and property element when generating a property. The document element and property element
are made available in the dav_liveprop_elem structure by calling are made available in the dav_liveprop_elem structure by calling
dav_get_liveprop_element(). [Graham Leggett] dav_get_liveprop_element()
*) mod_dav: Add utility functions dav_validate_root_ns(), *) mod_dav: Add utility functions dav_validate_root_ns(),
dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and
dav_find_attr() so that other modules get to play too. dav_find_attr() so that other modules get to play too.
[Graham Leggett] *) mpm_event: Restart stopping of idle children after a load peak
*) mpm_event: Restart stopping of idle children after a load peak. PR 65626.
[Yann Ylavic, Ruediger Pluem]
*) mod_http2: fixes 2 regressions in server limit handling. *) mod_http2: fixes 2 regressions in server limit handling.
1. When reaching server limits, such as MaxRequestsPerChild, the 1. When reaching server limits, such as MaxRequestsPerChild, the
HTTP/2 connection send a GOAWAY frame much too early on new HTTP/2 connection send a GOAWAY frame much too early on new
connections, leading to invalid protocol state and a client connections, leading to invalid protocol state and a client
failing the request. See PR65731. failing the request
The module now initializes the HTTP/2 protocol correctly and The module now initializes the HTTP/2 protocol correctly and
allows the client to submit one request before the shutdown allows the client to submit one request before the shutdown
via a GOAWAY frame is being announced. via a GOAWAY frame is being announced.
@ -36,22 +36,14 @@ Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
when reaching MaxConnectionsPerChild. When unprocessed h2 when reaching MaxConnectionsPerChild. When unprocessed h2
requests were queued at the time, these could stall. requests were queued at the time, these could stall.
See <https://github.com/icing/mod_h2/issues/212>. See <https://github.com/icing/mod_h2/issues/212>.
[Stefan Eissing] *) mod_ssl: Add build support for OpenSSL v3
*) mod_ssl: Add build support for OpenSSL v3. [Rainer Jung,
Stefan Fritsch, Yann Ylavic, Stefan Eissing, Joe Orton,
Giovanni Bechis]
*) mod_proxy_connect: Honor the smallest of the backend or client timeout *) mod_proxy_connect: Honor the smallest of the backend or client timeout
while tunneling. [Yann Ylavic] while tunneling
*) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP *) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP
half-close forwarding when tunneling protocols. [Yann Ylavic] half-close forwarding when tunneling protocols
*) core: Be safe with ap_lingering_close() called with a socket NULL-ed by *) core: Be safe with ap_lingering_close() called with a socket NULL-ed by
a third-party module. PR 65627. a third-party module. PR 65627.
[acmondor <bz.apache.org acmondor.ca>, Yann Ylavic]
*) mod_md: Fix memory leak in case of failures to load the private key. *) mod_md: Fix memory leak in case of failures to load the private key.
PR 65620 [ Filipe Casal <filipe.casal@trailofbits.com> ]
*) mod_md: adding v2.4.8 with the following changes *) mod_md: adding v2.4.8 with the following changes
- Added support for ACME External Account Binding (EAB). - Added support for ACME External Account Binding (EAB).
Use the new directive `MDExternalAccountBinding` to provide the Use the new directive `MDExternalAccountBinding` to provide the
@ -82,15 +74,11 @@ Mon Dec 20 11:26:49 UTC 2021 - David Anes <david.anes@suse.com>
See <https://github.com/icing/mod_md/issues/268> See <https://github.com/icing/mod_md/issues/268>
- Fixed a mixup in md-status handler when static certificate files - Fixed a mixup in md-status handler when static certificate files
and renewal was configured at the same time. and renewal was configured at the same time.
*) mod_md: values for External Account Binding (EAB) can *) mod_md: values for External Account Binding (EAB) can
now also be configured to be read from a separate JSON now also be configured to be read from a separate JSON
file. This allows to keep server configuration permissions file. This allows to keep server configuration permissions
world readable without exposing secrets. world readable without exposing secrets.
[Stefan Eissing]
*) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. *) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO.
PR 65616. [Ruediger Pluem]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 24 11:04:43 UTC 2021 - pgajdos@suse.com Wed Nov 24 11:04:43 UTC 2021 - pgajdos@suse.com