apache2

pool/apache2

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Petr Gajdos	52dd150f04	- updated to 2.4.28: ) SECURITY: CVE-2017-9798 (cve.mitre.org) Corrupted or freed memory access. <Limit[Except]> must now be used in the main configuration file (httpd.conf) to register HTTP methods before the .htaccess files. [Yann Ylavic] ) event: Avoid possible blocking in the listener thread when shutting down connections. PR 60956. [Yann Ylavic] ) mod_speling: Don't embed referer data in a link in error page. PR 38923 [Nick Kew] ) htdigest: prevent a buffer overflow when a string exceeds the allowed max length in a password file. [Luca Toscano, Hanno Böck <hanno hboeck de>] ) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). [Jim Jagielski] ) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. PR 61142. ) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] ) mod_http2: Fix for stalling when more than 32KB are written to a suspended stream. [Stefan Eissing] ) build: allow configuration without APR sources. [Jacob Champion] ) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>, Yann Ylavic] ) core/log: Support use of optional "tag" in syslog entries. PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski] ) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton] *) core: Disallow multiple Listen on the same IP:port when listener buckets are configured (ListenCoresBucketsRatio > 0), consistently with the single OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=527	2017-10-06 07:51:06 +00:00

Author

SHA256

Message

Date

Petr Gajdos

52dd150f04

- updated to 2.4.28:

*) SECURITY: CVE-2017-9798 (cve.mitre.org)
     Corrupted or freed memory access. <Limit[Except]> must now be used in the
     main configuration file (httpd.conf) to register HTTP methods before the
     .htaccess files.  [Yann Ylavic]
  *) event: Avoid possible blocking in the listener thread when shutting down
     connections. PR 60956.  [Yann Ylavic]
  *) mod_speling: Don't embed referer data in a link in error page.
     PR 38923 [Nick Kew]
  *) htdigest: prevent a buffer overflow when a string exceeds the allowed max
     length in a password file.
     [Luca Toscano, Hanno Böck <hanno hboeck de>]
  *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
     [Jim Jagielski]
  *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
     PR 61142.
  *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
     down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
     's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
  *) mod_http2: Fix for stalling when more than 32KB are written to a
     suspended stream.  [Stefan Eissing]
  *) build: allow configuration without APR sources.  [Jacob Champion]
  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
     [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
      Yann Ylavic]
  *) core/log: Support use of optional "tag" in syslog entries.
     PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski]
  *) mod_proxy: Fix ProxyAddHeaders merging.  [Joe Orton]
  *) core: Disallow multiple Listen on the same IP:port when listener buckets
     are configured (ListenCoresBucketsRatio > 0), consistently with the single

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=527

2017-10-06 07:51:06 +00:00

1 Commits