OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=33

apache2.changes

@@ -1,3 +1,128 @@
+-------------------------------------------------------------------
+Mon Jul 27 22:20:11 CEST 2009 - poeml@suse.de
+
+- update to 2.2.12:
+  SECURITY: CVE-2009-1891 (cve.mitre.org)
+     Fix a potential Denial-of-Service attack against mod_deflate or other 
+     modules, by forcing the server to consume CPU time in compressing a 
+     large file after a client disconnects.  PR 39605.
+  SECURITY: CVE-2009-1195 (cve.mitre.org)
+     Prevent the "Includes" Option from being enabled in an .htaccess 
+     file if the AllowOverride restrictions do not permit it.
+  SECURITY: CVE-2009-1890 (cve.mitre.org) 
+     Fix a potential Denial-of-Service attack against mod_proxy in a
+     reverse proxy configuration, where a remote attacker can force a
+     proxy process to consume CPU time indefinitely.  
+  SECURITY: CVE-2009-1191 (cve.mitre.org)
+     mod_proxy_ajp: Avoid delivering content from a previous request which
+     failed to send a request body. PR 46949 
+  SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
+     The bundled copy of the APR-util library has been updated, fixing three
+     different security issues which may affect particular configurations
+     and third-party modules.
+  core:
+   - New piped log syntax: Use "||process args" to launch the given process
+     without invoking the shell/command interpreter.  Use "|$command line"
+     (the default behavior of "|command line" in 2.2) to invoke using shell,
+     consuming an additional shell process for the lifetime of the logging
+     pipe program but granting additional process invocation flexibility.
+   - prefork: Fix child process hang during graceful restart/stop in
+     configurations with multiple listening sockets.  PR 42829.  
+   - Translate the status line to ASCII on EBCDIC platforms in
+     ap_send_interim_response() and for locally generated "100
+     Continue" responses.  
+   - CGI: return 504 (Gateway timeout) rather than 500 when a
+     script times out before returning status line/headers. PR 42190 
+   - prefork: Log an error instead of segfaulting when child startup fails
+     due to pollset creation failures.  PR 46467.  
+   - core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
+   - Set Listen protocol to "https" if port is set to 443 and no proto is specified
+     (as documented but not implemented). PR 46066  
+   - Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.
+     PR 42571 and PR 44266 (dup).  
+  mod_alias: 
+   - check sanity in Redirect arguments.  PR 44729 
+   - Ensure Redirect emits HTTP-compliant URLs.  PR 44020
+  mod_authnz_ldap: 
+   - Reduce number of initialization debug messages and make
+     information more clear. PR 46342 
+  mod_cache: 
+   - Introduce 'no-cache' per-request environment variable to
+     prevent the saving of an otherwise cacheable response.
+   - Correctly save Content-Encoding of cachable entity. PR 46401
+   - When an explicit Expires or Cache-Control header is set, cache
+     normally non-cacheable response statuses. PR 46346.
+  mod_cgid: 
+   - fix segfault problem on solaris.  PR 39332 
+  mod_disk_cache: 
+   - The module now turns off sendfile support if 'EnableSendfile
+     off' is defined globally. PR 41218.
+  mod_disk_cache/mod_mem_cache: 
+   - Fix handling of CacheIgnoreHeaders directive to correctly
+     remove headers before storing them.
+  mod_deflate: 
+   - revert changes in 2.2.8 that caused an invalid etag to be
+     emitted for on-the-fly gzip content-encoding.  PR 39727 will
+     require larger fixes and this fix was far more harmful than
+     the original code. PR 45023. 
+  mod_ext_filter: 
+   - fix error handling when the filter prog fails to start, and
+     introduce an onfail configuration option to abort the request
+     or to remove the broken filter and continue.  PR 41120 
+  mod_include: 
+   - fix potential segfault when handling back references on an
+     empty SSI variable. 
+   - Prevent a case of SSI timefmt-smashing with filter chains
+     including multiple INCLUDES filters. PR 39369 
+   - support generating non-ASCII characters as entities in SSI PR
+     25202 
+  mod_ldap: 
+   - Avoid a segfault when result->rc is checked in
+     uldap_connection_init when result is NULL. This could happen
+     if LDAP initialization failed.  PR 45994.  
+  mod_negotiation: 
+   - Escape pathes of filenames in 406 responses to avoid HTML
+     injections and HTTP response splitting.  PR 46837.
+  mod_proxy: 
+   - Complete ProxyPassReverse to handle balancer URL's.  Given;
+     BalancerMember balancer://alias http://example.com/foo
+     ProxyPassReverse /bash balancer://alias/bar backend url
+     http://example.com/foo/bar/that is now translated /bash/that
+  mod_proxy_ajp: 
+   - Check more strictly that the backend follows the AJP protocol. 
+   - Forward remote port information by default.
+  mod_proxy_http: 
+   - fix Host: header for literal IPv6 addresses.  PR 47177 
+   - fix case sensitivity checking transfer encoding PR 47383 
+  mod_rewrite: 
+   - Remove locking for writing to the rewritelog.  PR 46942
+   - Fix the error string returned by RewriteRule.  RewriteRule
+     returned "RewriteCond: bad flag delimiters" when the 3rd
+     argument of RewriteRule was not started with "[" or not ended
+     with "]".  PR 45082 
+   - When evaluating a proxy rule in directory context, do escape
+     the filename by default. PR 46428 
+   - Introduce DiscardPathInfo|DPI flag to stop the troublesome way
+     that per-directory rewrites append the previous notion of
+     PATH_INFO to each substitution before evaluating subsequent
+     rules.  PR38642 
+   - fix "B" flag breakage by reverting r589343 PR 45529 
+  mod_ssl: 
+   - Add server name indication support (RFC 4366) and better
+     support for name based virtual hosts with SSL. PR 34607
+   - Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
+     to enable stricter checking of remote server certificates.
+   - Add SSLRenegBufferSize directive to allow changing the size of
+     the buffer used for the request-body where necessary during a
+     per-dir renegotiation.  PR 39243.  
+  mod_substitute: 
+   - Fix a memory leak. PR 44948
+
+-------------------------------------------------------------------
+Tue Jul 14 14:14:22 CEST 2009 - hvogel@suse.de
+
+- Fix missing -Y option in gensslcert [bnc#416888]
+
 -------------------------------------------------------------------
 Tue Jun  9 17:09:35 CEST 2009 - poeml@suse.de
 

gensslcert

@@ -55,7 +55,7 @@ FQHOSTNAME=`cat /etc/HOSTNAME`
    CAdays=$((365 * 6))
   srvdays=$((365 * 2))
 
-while getopts C:N:c:s:l:o:u:n:e:y:dh OPT; do
+while getopts C:N:c:s:l:o:u:n:e:y:Y:dh OPT; do
     case $OPT in
         C) name=$OPTARG-;;
         N) comment=$OPTARG;;

httpd-2.2.11.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe
-size 5230130

httpd-2.2.12.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b1e95d4f19a8f6cf9c2b9d44f5f109d22d79d3efb3e0a3c8265eebc9f82fc416
+size 5140433