7b598b41aa
- relink /usr/sbin/httpd after apache2-MPM uninstall [bsc#1107930c#1] - simplify find_mpm function from script-helpers - /usr/sbin/httpd is now created depending on preference hardcoded in find_mpm (script-helpers), not depending on alphabetical order of MPMs - simplify spec file a bit
Petr Gajdos2018-09-27 11:14:35 +00:00
48a4ad5223
Accepting request 637678 from home:stroeder:branches:Apache
Petr Gajdos2018-09-24 13:54:25 +00:00
d15e98e21b
- updated to 2.4.34: *) Introduce zh-cn and zh-tw (simplified and traditional Chinese) error document translations. [CodeingBoy, popcorner] *) event: avoid possible race conditions with modules on the child pool. [Stefan Fritsch] *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or ProxyPassReverseCookiePath directive could fail to update correctly 'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560. [Christophe Jaillet] *) mod_ratelimit: fix behavior when proxing content. PR 62362. [Luca Toscano, Yann Ylavic] *) core: Re-allow '_' (underscore) in hostnames. [Eric Covener] *) mod_authz_core: If several parameters are used in a AuthzProviderAlias directive, if these parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored. Add a message to warn about such a spurious configuration. PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet] *) mod_md: improvements and bugfixes - MDNotifyCmd now takes additional parameter that are passed on to the called command. - ACME challenges have better checks for interference with other modules - ACME challenges are only handled for domains managed by the module, allowing other ACME clients to operate for other domains in the server. - better libressl integration *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'. PR 62480. [Lubos Uhliarik <luhliari redhat.com>} *) logging: Some early logging-related startup messages could be lost when using syslog for the global ErrorLog. [Eric Covener] *) mod_cache: Handle case of an invalid Expires header value RFC compliant like the case of an Expires time in the past: allow to overwrite the
Petr Gajdos2018-07-16 12:08:37 +00:00
eb58d7e03f
- updated to 2.4.33: *) core: Fix request timeout logging and possible crash for error_log hooks. [Yann Ylavic] *) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM, where children processes need to attach them instead since they are owned by the parent process already. [Yann Ylavic] *) ab: try all destination socket addresses returned by apr_sockaddr_info_get instead of failing on first one when not available. Needed for instance if localhost resolves to both ::1 and 127.0.0.1 e.g. if both are in /etc/hosts. [Jan Kaluza] *) ab: Use only one connection to determine working destination socket address. [Jan Kaluza] *) ab: LibreSSL doesn't have or require Windows applink.c. [Gregg L. Smith] *) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms. apr-util's bcrypt implementation doesn't tolerate EBCDIC. [Eric Covener] *) htpasswd/htdbm: report the right limit when get_password() overflows. [Yann Ylavic] *) htpasswd: Don't fail in -v mode if password file is unwritable. PR 61631. [Joe Orton] *) htpasswd: don't point to (unused) stack memory on output to make static analysers happy. PR 60634. [Yann Ylavic, reported by shqking and Zhenwei Zou] *) mod_access_compat: Fail if a comment is found in an Allow or Deny directive. [Jan Kaluza] *) mod_authz_host: Ignore comments after "Require host", logging a warning, or logging an error if the line is otherwise empty. [Jan Kaluza, Joe Orton] *) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix Y2K38 bug. [Joe Orton] *) mod_ssl: Support SSL DN raw variable extraction without conversion
Petr Gajdos2018-03-19 09:22:56 +00:00
cb29f1dbd9
- Replace SuSEFirewall2 by firewalld II (fate#323460) [bsc#1083492]
Petr Gajdos2018-03-19 07:55:45 +00:00
0f49ffe6bb
- Replace SuSEFirewall2 by firewalld II (fate#323460)
Petr Gajdos2018-03-19 07:54:04 +00:00
fd7f9d1515
- updated to 2.4.29: *) mod_unique_id: Use output of the PRNG rather than IP address and pid, avoiding sleep() call and possible DNS issues at startup, plus improving randomness for IPv6-only hosts. [Jan Kaluza] *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is used in a condition that evaluates to true. PR 58231 [Luca Toscano] *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases. [Stefan Eissing] *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced in 2.4.28. [Jim Jagielski] *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set. PR 61546. [Lubos Uhliarik <luhliari redhat.com>] *) mod_rewrite: Add support for starting External Rewriting Programs as non-root user on UNIX systems by specifying username and group name as third argument of RewriteMap directive. [Jan Kaluza] *) core: Rewrite the Content-Length filter to avoid excessive memory consumption. Chunked responses will be generated in more cases than in previous releases. PR 61222. [Joe Orton, Ruediger Pluem] *) mod_ssl: Fix SessionTicket callback return value, which does seem to matter with OpenSSL 1.1. [Yann Ylavic]
Petr Gajdos2017-10-18 09:23:58 +00:00
a7a85e96b3
- gensslcert: * set also SAN [bsc#1045159] * drop -C argument, it was not mapped to CN actually * consider also case when hostname does return empty string or does not exist [bsc#1057406] * do not consider environment ROOT variable
Petr Gajdos2017-10-17 12:46:25 +00:00
52dd150f04
- updated to 2.4.28: *) SECURITY: CVE-2017-9798 (cve.mitre.org) Corrupted or freed memory access. <Limit[Except]> must now be used in the main configuration file (httpd.conf) to register HTTP methods before the .htaccess files. [Yann Ylavic] *) event: Avoid possible blocking in the listener thread when shutting down connections. PR 60956. [Yann Ylavic] *) mod_speling: Don't embed referer data in a link in error page. PR 38923 [Nick Kew] *) htdigest: prevent a buffer overflow when a string exceeds the allowed max length in a password file. [Luca Toscano, Hanno Böck <hanno hboeck de>] *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). [Jim Jagielski] *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. PR 61142. *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] *) mod_http2: Fix for stalling when more than 32KB are written to a suspended stream. [Stefan Eissing] *) build: allow configuration without APR sources. [Jacob Champion] *) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>, Yann Ylavic] *) core/log: Support use of optional "tag" in syslog entries. PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski] *) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton] *) core: Disallow multiple Listen on the same IP:port when listener buckets are configured (ListenCoresBucketsRatio > 0), consistently with the single
Petr Gajdos2017-10-06 07:51:06 +00:00
1a67fa8fff
- suexec binary moved to main package [bsc#1054741]
Petr Gajdos2017-10-05 13:04:58 +00:00
6063afb8e4
- updated to 2.4.27: *) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table' global variable when using Lua 5.2 or later. This was exported as a side effect from luaL_register, which is no longer supported as of Lua 5.2 which deprecates pollution of the global namespace. [Rainer Jung] *) COMPATIBILITY: mod_http2: Disable and give warning when using Prefork. The server will continue to run, but HTTP/2 will no longer be negotiated. [Stefan Eissing] *) COMPATIBILITY: mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202. [Jacob Champion, Jim Jagielski] *) mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3. PR58188, PR60831, PR61245. [Rainer Jung] *) mod_http2: Simplify ready queue, less memory and better performance. Update mod_http2 version to 1.10.7. [Stefan Eissing] *) Allow single-char field names inadvertantly disallowed in 2.4.25. PR 61220. [Yann Ylavic] *) htpasswd / htdigest: Do not apply the strict permissions of the temporary passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem] *) core: Avoid duplicate HEAD in Allow header. This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26. PR 61207. [Christophe Jaillet] - drop upstreamed patch: * httpd-2.4.12-lua-5.2.patch (see upstream's PR#58188 for details)
Petr Gajdos2017-07-17 09:42:57 +00:00
d5895e84f0
Accepting request 509637 from home:pluskalm:branches:Apache
Kristyna Streitova2017-07-14 08:07:48 +00:00
fdc17b9ba7
- server-tunning.conf: MaxClients was renamed to MaxRequestWorkers [bsc#1037731] - gensslcert: use hostname when fqdn is too long [bsc#1035829]
Petr Gajdos2017-06-02 07:45:40 +00:00
30b44e65be
- remove apache-doc and apache-example-pages obsoletes/provides
Petr Gajdos2017-05-29 07:27:41 +00:00
ab631f02c6
- remove apache-doc obsoletes/provides
Petr Gajdos2017-05-19 09:02:02 +00:00
7989a25145
Accepting request 481459 from Apache
Yuchen Lin2017-03-29 11:21:41 +00:00
91a4b6d10e
Accepting request 481458 from home:kukuk:sysusers
Petr Gajdos2017-03-20 16:40:56 +00:00
694c5cee88
- start_apache2: include individual sysconfig.d files instead of sysconfig.d dir, include sysconfig.d/include.conf after httpd.conf is processed [bsc#1023616]
Petr Gajdos2017-03-07 15:37:35 +00:00
ce5ce88864
- verify tarball: added httpd*.bz2.asc, apache2.keyring and remove 60C5442D.key
Petr Gajdos2017-01-02 11:11:25 +00:00
1403855591
- update to 2.4.25: fixed several security issues (CVE-2016-8740, CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743), many fixes and improvements of mod_http2 and other modules; see CHANGES for full change log
Petr Gajdos2017-01-02 10:31:04 +00:00
Petr Gajdos
Dominique Leuenberger
Kristyna Streitova
Yuchen Lin
Cristian Rodríguez