- Update to version 2.4.6
* SECURITY: CVE-2013-1896 (cve.mitre.org)
* SECURITY: CVE-2013-2249 (cve.mitre.org)
* Major updates to mod_lua
* Support for proxying websocket requests
* Higher performant shm-based cache implementation
* Addition of mod_macro for easier configuration management
* As well as several exciting fixes, especially those related to RFC edge
cases in mod_cache and mod_proxy.
- IMPORTANT : With the current packaging scheme, we can no longer
Include the ITK MPM, therefore it has been disabled. This is because
this MPM can now only be provided as a loadable module but we do
not currently build MPMs as shared modules but as independant
binaries and all helpers/startup scripts depend on that behaviour.
It will be fixed in the upcoming weeks/months.
OBS-URL: https://build.opensuse.org/request/show/184014
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=382
- remove After=mysql.service php-fpm.service postgresql.service
which were added in the previous change, those must be added
as Before=apache2.service in the respective services.
- Include mod_systemd for more complete integration with
systemd, turn the service to Typé=notify as required
- Disable SSL NPN patch for now, it is required for mod_spdy
but mod_spdy does not support apache 2.4
- apache 2.4.4
* fix for CVE-2012-3499
* fix for the CRIME attack (disable ssl compression by default)
* many other bugfies
* build access_compat amd unixd as static modules and solve
some other upgrade quirks (bnc#813705)
OBS-URL: https://build.opensuse.org/request/show/179374
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=379
binaries after package update more thoughtfully: If the binaries
have been replaced, then a dlopen(3) on the apache modules is
prone to fail. => Don't reload then, but complain and fail.
Especially important for logrotate!
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=350
* re-worked CVE-2011-3192 (byterange_filter.c) with a regression
fix. New config option: MaxRanges (PR 51748)
* multi fixes in mod_filter, mod_proxy_ajp, mod_dav_fs,
mod_alias, mod_rewrite. As always, see CHANGES file.
- added httpd-%{realver}.tar.bz2.asc to source, along with
60C5442D.key which the tarball was signed with.
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=337
- Update to version 2.2.20, fix CVE-2011-3192
mod_deflate D.o.S.
- Fix apache PR 45076
- Use SSL_MODE_RELEASE_BUFFERS to reduce mod_ssl memory usage
- Add 2 patches from the "low hanging fruit" warnings in apache
STATUS page.
* mod_deflate: Stop compressing HEAD requests
if there is not Content-Length header
* mod_reqtimeout: Disable keep-alive after read timeout
- Remove -fno-strict-aliasing from CFLAGS, no longer needed.
- Allow KeepAliveTimeout to be expressed in miliseconds
sometimes one second is too long, upstream r733557.
- When linux changes to version 3.x configure tests are gonna break.
remove version check, assuming kernel 2.2 or later.
OBS-URL: https://build.opensuse.org/request/show/80399
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=334
- Update to 2.2.19, only one bugfix.
*) Revert ABI breakage in 2.2.18 caused by the function signature change
of ap_unescape_url_keep2f(). This release restores the signature from
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
[Eric Covener]
- Remove SSLv2 disabled patch, already in upstream.
- Update to version 2.2.18
* mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
* core: Treat timeout reading request as 408 error, not 400.
* core: Only log a 408 if it is no keepalive timeout.
* mod_rewrite: Allow to unset environment variables.
* prefork: Update MPM state in children during a graceful restart.
* Other fixes in mod_cache,mod_dav,mod_proxy se NEWS for detail.
- Fix regular expression in vhost ssl template IE workaround
it is obsolete see https://issues.apache.org/bugzilla/show_bug.cgi?id=49484
You should apply this update to fix painfully slow SSL
connections when using IE.
- Allow usage of an openSSL library compiled without SSlv2
OBS-URL: https://build.opensuse.org/request/show/71347
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=331
create listen port). But I hope it'll be fine in the "real" build service build
environment, as it used to be.
- update to 2.2.17:
SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against apr_brigade_split_line().
[Actual fix is in the libapr 1.3 line, which we don't use // poeml]
SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
Fix two buffer over-read flaws in the bundled copy of expat which could
cause applications to crash while parsing specially-crafted XML documents.
[We build with system expat library // poeml]
prefork MPM: Run cleanups for final request when process exits gracefully
to work around a flaw in apr-util. PR 43857
core:
- check symlink ownership if both FollowSymlinks and
SymlinksIfOwnerMatch are set
- fix origin checking in SymlinksIfOwnerMatch PR 36783
- (re)-introduce -T commandline option to suppress documentroot
check at startup. PR 41887
vhost:
- A purely-numeric Host: header should not be treated as a port. PR 44979
rotatelogs:
- Fix possible buffer overflow if admin configures a
mongo log file path.
Proxy balancer: support setting error status according to HTTP response
code from a backend. PR 48939.
mod_authnz_ldap:
- If AuthLDAPCharsetConfig is set, also convert the
password to UTF-8. PR 45318.
mod_dir, mod_negotiation:
- Pass the output filter information to newly created sub requests; as these
are later on used as true requests with an internal redirect. This allows
for mod_cache et.al. to trap the results of the redirect. PR 17629, 43939
mod_headers:
- Enable multi-match-and-replace edit option PR 46594
mod_log_config:
- Make ${cookie}C correctly match whole cookie names
instead of substrings. PR 28037.
mod_reqtimeout:
- Do not wrongly enforce timeouts for mod_proxy's backend
connections and other protocol handlers (like mod_ftp). Enforce the
timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering
close time from 30 to 2 seconds.
mod_ssl:
- Do not do overlapping memcpy. PR 45444
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=326