OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=33

2009-07-29 13:14:53 +00:00 · 2009-07-29 13:14:53 +00:00 · a4b90256e0
commit a4b90256e0
parent aba337e67f
5 changed files with 153 additions and 2596 deletions
--- a/apache2.changes
+++ b/apache2.changes
@ -1,3 +1,128 @@
 -------------------------------------------------------------------
 Mon Jul 27 22:20:11 CEST 2009 - poeml@suse.de
 - update to 2.2.12:
  SECURITY: CVE-2009-1891 (cve.mitre.org)
     Fix a potential Denial-of-Service attack against mod_deflate or other 
     modules, by forcing the server to consume CPU time in compressing a 
     large file after a client disconnects.  PR 39605.
  SECURITY: CVE-2009-1195 (cve.mitre.org)
     Prevent the "Includes" Option from being enabled in an .htaccess 
     file if the AllowOverride restrictions do not permit it.
  SECURITY: CVE-2009-1890 (cve.mitre.org) 
     Fix a potential Denial-of-Service attack against mod_proxy in a
     reverse proxy configuration, where a remote attacker can force a
     proxy process to consume CPU time indefinitely.  
  SECURITY: CVE-2009-1191 (cve.mitre.org)
     mod_proxy_ajp: Avoid delivering content from a previous request which
     failed to send a request body. PR 46949 
  SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
     The bundled copy of the APR-util library has been updated, fixing three
     different security issues which may affect particular configurations
     and third-party modules.
  core:
   - New piped log syntax: Use "||process args" to launch the given process
     without invoking the shell/command interpreter.  Use "|$command line"
     (the default behavior of "|command line" in 2.2) to invoke using shell,
     consuming an additional shell process for the lifetime of the logging
     pipe program but granting additional process invocation flexibility.
   - prefork: Fix child process hang during graceful restart/stop in
     configurations with multiple listening sockets.  PR 42829.  
   - Translate the status line to ASCII on EBCDIC platforms in
     ap_send_interim_response() and for locally generated "100
     Continue" responses.  
   - CGI: return 504 (Gateway timeout) rather than 500 when a
     script times out before returning status line/headers. PR 42190 
   - prefork: Log an error instead of segfaulting when child startup fails
     due to pollset creation failures.  PR 46467.  
   - core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
   - Set Listen protocol to "https" if port is set to 443 and no proto is specified
     (as documented but not implemented). PR 46066  
   - Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.
     PR 42571 and PR 44266 (dup).  
  mod_alias: 
   - check sanity in Redirect arguments.  PR 44729 
   - Ensure Redirect emits HTTP-compliant URLs.  PR 44020
  mod_authnz_ldap: 
   - Reduce number of initialization debug messages and make
     information more clear. PR 46342 
  mod_cache: 
   - Introduce 'no-cache' per-request environment variable to
     prevent the saving of an otherwise cacheable response.
   - Correctly save Content-Encoding of cachable entity. PR 46401
   - When an explicit Expires or Cache-Control header is set, cache
     normally non-cacheable response statuses. PR 46346.
  mod_cgid: 
   - fix segfault problem on solaris.  PR 39332 
  mod_disk_cache: 
   - The module now turns off sendfile support if 'EnableSendfile
     off' is defined globally. PR 41218.
  mod_disk_cache/mod_mem_cache: 
   - Fix handling of CacheIgnoreHeaders directive to correctly
     remove headers before storing them.
  mod_deflate: 
   - revert changes in 2.2.8 that caused an invalid etag to be
     emitted for on-the-fly gzip content-encoding.  PR 39727 will
     require larger fixes and this fix was far more harmful than
     the original code. PR 45023. 
  mod_ext_filter: 
   - fix error handling when the filter prog fails to start, and
     introduce an onfail configuration option to abort the request
     or to remove the broken filter and continue.  PR 41120 
  mod_include: 
   - fix potential segfault when handling back references on an
     empty SSI variable. 
   - Prevent a case of SSI timefmt-smashing with filter chains
     including multiple INCLUDES filters. PR 39369 
   - support generating non-ASCII characters as entities in SSI PR
     25202 
  mod_ldap: 
   - Avoid a segfault when result->rc is checked in
     uldap_connection_init when result is NULL. This could happen
     if LDAP initialization failed.  PR 45994.  
  mod_negotiation: 
   - Escape pathes of filenames in 406 responses to avoid HTML
     injections and HTTP response splitting.  PR 46837.
  mod_proxy: 
   - Complete ProxyPassReverse to handle balancer URL's.  Given;
     BalancerMember balancer://alias http://example.com/foo
     ProxyPassReverse /bash balancer://alias/bar backend url
     http://example.com/foo/bar/that is now translated /bash/that
  mod_proxy_ajp: 
   - Check more strictly that the backend follows the AJP protocol. 
   - Forward remote port information by default.
  mod_proxy_http: 
   - fix Host: header for literal IPv6 addresses.  PR 47177 
   - fix case sensitivity checking transfer encoding PR 47383 
  mod_rewrite: 
   - Remove locking for writing to the rewritelog.  PR 46942
   - Fix the error string returned by RewriteRule.  RewriteRule
     returned "RewriteCond: bad flag delimiters" when the 3rd
     argument of RewriteRule was not started with "[" or not ended
     with "]".  PR 45082 
   - When evaluating a proxy rule in directory context, do escape
     the filename by default. PR 46428 
   - Introduce DiscardPathInfo|DPI flag to stop the troublesome way
     that per-directory rewrites append the previous notion of
     PATH_INFO to each substitution before evaluating subsequent
     rules.  PR38642 
   - fix "B" flag breakage by reverting r589343 PR 45529 
  mod_ssl: 
   - Add server name indication support (RFC 4366) and better
     support for name based virtual hosts with SSL. PR 34607
   - Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
     to enable stricter checking of remote server certificates.
   - Add SSLRenegBufferSize directive to allow changing the size of
     the buffer used for the request-body where necessary during a
     per-dir renegotiation.  PR 39243.  
  mod_substitute: 
   - Fix a memory leak. PR 44948
 -------------------------------------------------------------------
 Tue Jul 14 14:14:22 CEST 2009 - hvogel@suse.de
 - Fix missing -Y option in gensslcert [bnc#416888]
 -------------------------------------------------------------------
 Tue Jun  9 17:09:35 CEST 2009 - poeml@suse.de
--- a/apache2.spec
+++ b/apache2.spec
--- a/2
+++ b/2
@ -55,7 +55,7 @@ FQHOSTNAME=`cat /etc/HOSTNAME`
   CAdays=$((365 * 6))
  srvdays=$((365 * 2))
-while getopts C:N:c:s:l:o:u:n:e:y:dh OPT; do
+while getopts C:N:c:s:l:o:u:n:e:y:Y:dh OPT; do
    case $OPT in
        C) name=$OPTARG-;;
        N) comment=$OPTARG;;
--- a/httpd-2.2.11.tar.bz2
+++ b/httpd-2.2.11.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe
 size 5230130
--- a/httpd-2.2.12.tar.bz2
+++ b/httpd-2.2.12.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:b1e95d4f19a8f6cf9c2b9d44f5f109d22d79d3efb3e0a3c8265eebc9f82fc416
 size 5140433