- updated to 2.4.38
* mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
* mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
* mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
* mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
* mod_session: Always decode session attributes early. [Hank Ibell]
* core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
* mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
* mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
* mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
* mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
* mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
* mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
* mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
* mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1] (forwarded request 667015 from mmanu84)
OBS-URL: https://build.opensuse.org/request/show/667841
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=153
- updated to 2.4.38
* mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
* mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
* mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
* mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
* mod_session: Always decode session attributes early. [Hank Ibell]
* core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
* mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
* mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
* mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
* mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
* mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
* mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
* mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
* mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
OBS-URL: https://build.opensuse.org/request/show/667015
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=576
- updated to 2.4.37
* mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1. [Rainer Jung]
* mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
when client certificates are available from the original handshake
but were originally not verified and should get verified now.
This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]
* mod_ssl: Correctly merge configurations that have client certificates set
by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
- updated to 2.4.36
* mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
responses. Regression introduced in 2.4.35.
* mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
body of the response. [Jim Jagielski]
* mod_http2: adding defensive code for stream EOS handling, in case the request handler
missed to signal it the normal way (eos buckets). Addresses github issues
https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]
* ab: Add client certificate support. [Graham Leggett]
* ab: Disable printing temp key for OpenSSL before
version 1.0.2. SSL_get_server_tmp_key is not available
there. [Rainer Jung]
* mod_ssl: Fix a regression that the configuration settings for verify mode
and verify depth were taken from the frontend connection in case of
connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
* MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
before signals handling to avoid lifetime issues on restart or shutdown.
PR 62658. [Yann Ylavic]
* mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
behavioural changes compared to v1.2 and earlier; client and
configuration changes should be expected. SSLCipherSuite is
enhanced for TLSv1.3 ciphers, but applies at vhost level only.
[Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
* mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
should be accepted after the authorization scheme. \t are also tolerated.
[Christophe Jaillet]
* mod_proxy_hcheck: Fix issues with interval determination. PR 62318
[Jim Jagielski]
* mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
[Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
* mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
[Jim Jagielski]
* mod_status, mod_echo: Fix the display of client addresses.
They were truncated to 31 characters which is not enough for IPv6 addresses.
This is done by deprecating the use of the 'client' field and using
the new 'client64' field in worker_score.
PR 54848 [Bernhard Schmidt <berni birkenwald de>, Jim Jagielski]
OBS-URL: https://build.opensuse.org/request/show/643030
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=571
- consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation
says (patch Juergen Gleiss)
- relink /usr/sbin/httpd after apache2-MPM uninstall [bsc#1107930c#1]
- simplify find_mpm function from script-helpers
- /usr/sbin/httpd is now created depending on preference hardcoded
in find_mpm (script-helpers), not depending on alphabetical
order of MPMs
- simplify spec file a bit
OBS-URL: https://build.opensuse.org/request/show/639405
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=149
- simplify find_mpm function from script-helpers
- /usr/sbin/httpd is now created depending on preference hardcoded
in find_mpm (script-helpers), not depending on alphabetical
order of MPMs
- simplify spec file a bit
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=569
- updated to 2.4.34:
*) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
document translations. [CodeingBoy, popcorner]
*) event: avoid possible race conditions with modules on the child pool.
[Stefan Fritsch]
*) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
ProxyPassReverseCookiePath directive could fail to update correctly
'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560.
[Christophe Jaillet]
*) mod_ratelimit: fix behavior when proxing content. PR 62362.
[Luca Toscano, Yann Ylavic]
*) core: Re-allow '_' (underscore) in hostnames.
[Eric Covener]
*) mod_authz_core: If several parameters are used in a AuthzProviderAlias
directive, if these parameters are not enclosed in quotation mark, only
the first one is handled. The other ones are silently ignored.
Add a message to warn about such a spurious configuration.
PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
*) mod_md: improvements and bugfixes
- MDNotifyCmd now takes additional parameter that are passed on to the called command.
- ACME challenges have better checks for interference with other modules
- ACME challenges are only handled for domains managed by the module, allowing
other ACME clients to operate for other domains in the server.
- better libressl integration
*) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
*) logging: Some early logging-related startup messages could be lost
when using syslog for the global ErrorLog. [Eric Covener]
*) mod_cache: Handle case of an invalid Expires header value RFC compliant
like the case of an Expires time in the past: allow to overwrite the
OBS-URL: https://build.opensuse.org/request/show/626658
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=147
- updated to 2.4.34:
*) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
document translations. [CodeingBoy, popcorner]
*) event: avoid possible race conditions with modules on the child pool.
[Stefan Fritsch]
*) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
ProxyPassReverseCookiePath directive could fail to update correctly
'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560.
[Christophe Jaillet]
*) mod_ratelimit: fix behavior when proxing content. PR 62362.
[Luca Toscano, Yann Ylavic]
*) core: Re-allow '_' (underscore) in hostnames.
[Eric Covener]
*) mod_authz_core: If several parameters are used in a AuthzProviderAlias
directive, if these parameters are not enclosed in quotation mark, only
the first one is handled. The other ones are silently ignored.
Add a message to warn about such a spurious configuration.
PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
*) mod_md: improvements and bugfixes
- MDNotifyCmd now takes additional parameter that are passed on to the called command.
- ACME challenges have better checks for interference with other modules
- ACME challenges are only handled for domains managed by the module, allowing
other ACME clients to operate for other domains in the server.
- better libressl integration
*) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
*) logging: Some early logging-related startup messages could be lost
when using syslog for the global ErrorLog. [Eric Covener]
*) mod_cache: Handle case of an invalid Expires header value RFC compliant
like the case of an Expires time in the past: allow to overwrite the
OBS-URL: https://build.opensuse.org/request/show/623132
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=145
*) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error
document translations. [CodeingBoy, popcorner]
*) event: avoid possible race conditions with modules on the child pool.
[Stefan Fritsch]
*) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
ProxyPassReverseCookiePath directive could fail to update correctly
'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560.
[Christophe Jaillet]
*) mod_ratelimit: fix behavior when proxing content. PR 62362.
[Luca Toscano, Yann Ylavic]
*) core: Re-allow '_' (underscore) in hostnames.
[Eric Covener]
*) mod_authz_core: If several parameters are used in a AuthzProviderAlias
directive, if these parameters are not enclosed in quotation mark, only
the first one is handled. The other ones are silently ignored.
Add a message to warn about such a spurious configuration.
PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
*) mod_md: improvements and bugfixes
- MDNotifyCmd now takes additional parameter that are passed on to the called command.
- ACME challenges have better checks for interference with other modules
- ACME challenges are only handled for domains managed by the module, allowing
other ACME clients to operate for other domains in the server.
- better libressl integration
*) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
*) logging: Some early logging-related startup messages could be lost
when using syslog for the global ErrorLog. [Eric Covener]
*) mod_cache: Handle case of an invalid Expires header value RFC compliant
like the case of an Expires time in the past: allow to overwrite the
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=562
*) core: Fix request timeout logging and possible crash for error_log hooks.
[Yann Ylavic]
*) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
where children processes need to attach them instead since they are owned
by the parent process already. [Yann Ylavic]
*) ab: try all destination socket addresses returned by
apr_sockaddr_info_get instead of failing on first one when not available.
Needed for instance if localhost resolves to both ::1 and 127.0.0.1
e.g. if both are in /etc/hosts. [Jan Kaluza]
*) ab: Use only one connection to determine working destination socket
address. [Jan Kaluza]
*) ab: LibreSSL doesn't have or require Windows applink.c. [Gregg L. Smith]
*) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
apr-util's bcrypt implementation doesn't tolerate EBCDIC. [Eric Covener]
*) htpasswd/htdbm: report the right limit when get_password() overflows.
[Yann Ylavic]
*) htpasswd: Don't fail in -v mode if password file is unwritable.
PR 61631. [Joe Orton]
*) htpasswd: don't point to (unused) stack memory on output
to make static analysers happy. PR 60634.
[Yann Ylavic, reported by shqking and Zhenwei Zou]
*) mod_access_compat: Fail if a comment is found in an Allow or Deny
directive. [Jan Kaluza]
*) mod_authz_host: Ignore comments after "Require host", logging a
warning, or logging an error if the line is otherwise empty.
[Jan Kaluza, Joe Orton]
*) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
Y2K38 bug. [Joe Orton]
*) mod_ssl: Support SSL DN raw variable extraction without conversion
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=555
