diff --git a/apache2-mod_http2-issue-167.patch b/apache2-mod_http2-issue-167.patch deleted file mode 100644 index fb75313..0000000 --- a/apache2-mod_http2-issue-167.patch +++ /dev/null @@ -1,39 +0,0 @@ -Index: httpd-2.4.34/modules/http2/h2_from_h1.c -=================================================================== ---- httpd-2.4.34.orig/modules/http2/h2_from_h1.c 2018-05-29 23:16:29.000000000 +0200 -+++ httpd-2.4.34/modules/http2/h2_from_h1.c 2019-02-27 12:39:19.503285243 +0100 -@@ -22,6 +22,8 @@ - #include - - #include -+#define AP_STATUS_IS_HEADER_ONLY(x) ((x) == HTTP_NO_CONTENT || \ -+ (x) == HTTP_NOT_MODIFIED) - #include - #include - #include -@@ -586,18 +588,20 @@ apr_status_t h2_filter_headers_out(ap_fi - } - } - -- if (r->header_only) { -+ if (r->header_only || AP_STATUS_IS_HEADER_ONLY(r->status)) { - ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, f->c, -- "h2_task(%s): header_only, cleanup output brigade", -+ "h2_task(%s): headers only, cleanup output brigade", - task->id); - b = body_bucket? body_bucket : APR_BRIGADE_FIRST(bb); - while (b != APR_BRIGADE_SENTINEL(bb)) { - next = APR_BUCKET_NEXT(b); - if (APR_BUCKET_IS_EOS(b) || AP_BUCKET_IS_EOR(b)) { - break; -- } -- APR_BUCKET_REMOVE(b); -- apr_bucket_destroy(b); -+ } -+ if (!H2_BUCKET_IS_HEADERS(b)) { -+ APR_BUCKET_REMOVE(b); -+ apr_bucket_destroy(b); -+ } - b = next; - } - } diff --git a/apache2.changes b/apache2.changes index 85bd015..8b21bf1 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,84 @@ +------------------------------------------------------------------- +Tue Apr 2 10:26:21 UTC 2019 - pgajdos@suse.com + +- version update to 2.4.39 + * mod_proxy/ssl: Cleanup per-request SSL configuration anytime a + backend connection is recycled/reused to avoid a possible crash + with some SSLProxy configurations in or + context. PR 63256. [Yann Ylavic] + * mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA + failure. [Michael Kaufmann ] + * mod_log_config: Support %{c}h for conn-hostname, %h for + useragent_host PR 55348 + * mod_socache_redis: Support for Redis as socache storage + provider. + * core: new configuration option 'MergeSlashes on|off' that + controls handling of multiple, consecutive slash ('/') + characters in the path component of the request URL. [Eric + Covener] + * mod_http2: when SSL renegotiation is inhibited and a 403 + ErrorDocument is in play, the proper HTTP/2 stream reset did + not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael + Kaufmann] + * mod_http2: new configuration directive: `H2Padding numbits` to + control padding of HTTP/2 payload frames. 'numbits' is a number + from 0-8, controlling the range of padding bytes added to a + frame. The actual number added is chosen randomly per frame. + This applies to HEADERS, DATA and PUSH_PROMISE frames equally. + The default continues to be 0, e.g. no padding. [Stefan + Eissing] + * mod_http2: ripping out all the h2_req_engine internal features + now that mod_proxy_http2 has no more need for it. Optional + functions are still declared but no longer implemented. While + previous mod_proxy_http2 will work with this, it is + recommeneded to run the matching versions of both modules. + [Stefan Eissing] + * mod_proxy_http2: changed mod_proxy_http2 implementation and + fixed several bugs which resolve PR63170. The proxy module does + now a single h2 request on the (reused) connection and returns. + [Stefan Eissing] + * mod_http2/mod_proxy_http2: proxy_http2 checks correct master + connection aborted status to trigger immediate shutdown of + backend connections. This is now always signalled by mod_http2 + when the the session is being released. proxy_http2 now only + sends a PING frame to the backend when there is not already one + in flight. [Stefan Eissing] + * mod_proxy_http2: fixed an issue where a proxy_http2 handler + entered an infinite loop when encountering certain errors on + the backend connection. See + . [Stefan + Eissing] + * mod_http2: Configuration directives H2Push and H2Upgrade can + now be specified per Location/Directory, e.g. disabling PUSH + for a specific set of resources. [Stefan Eissing] + * mod_http2: HEAD requests to some module such as mod_cgid caused + the stream to terminate improperly and cause a HTTP/2 + PROTOCOL_ERROR. Fixes + . [Michael + Kaufmann] + * http: Fix possible empty response with mod_ratelimit for HEAD + requests. PR 63192. [Yann Ylavic] + * mod_cache_socache: Avoid reallocations and be safe with + outgoing data lifetime. [Yann Ylavic] + * MPMs unix: bind the bucket number of each child to its slot + number, for a more efficient per bucket maintenance. [Yann + Ylavic] + * mod_auth_digest: Fix a race condition. Authentication with + valid credentials could be refused in case of concurrent + accesses from different users. PR 63124. [Simon Kappel + ] + * mod_http2: enable re-use of slave connections again. Fixed + slave connection keepalives counter. [Stefan Eissing] + * mod_reqtimeout: Allow to configure (TLS-)handshake timeouts. PR + 61310. [Yann Ylavic] + * mod_proxy_wstunnel: Fix websocket proxy over UDS. PR 62932 + + * mod_ssl: Don't unset FIPS mode on restart unless it's forced by + configuration (SSLFIPS on) and not active by default in + OpenSSL. PR 63136. [Yann Ylavic] +- deleted patches + - apache2-mod_http2-issue-167.patch (upstreamed) + ------------------------------------------------------------------- Mon Mar 18 21:44:17 UTC 2019 - Jan Engelhardt diff --git a/apache2.spec b/apache2.spec index f55ba4b..c4f9383 100644 --- a/apache2.spec +++ b/apache2.spec @@ -65,7 +65,7 @@ %define build_http2 0 %endif Name: apache2 -Version: 2.4.38 +Version: 2.4.39 Release: 0 Summary: The Apache Web Server Version 2.4 License: Apache-2.0 @@ -145,8 +145,6 @@ Patch111: httpd-visibility.patch # PATCH-FEATURE-UPSTREAM kstreitova@suse.com -- backport of HttpContentLengthHeadZero and HttpExpectStrict Patch115: httpd-2.4.x-fate317766-config-control-two-protocol-options.diff Patch116: deprecated-scripts-arch.patch -# fix https://github.com/icing/mod_h2/issues/167 [bsc#1125965] -Patch117: apache2-mod_http2-issue-167.patch BuildRequires: apache-rpm-macros-control BuildRequires: apr-util-devel #Since 2.4.7 the event MPM requires apr 1.5.0 or later. @@ -339,7 +337,6 @@ to administrators of web servers in general. %if 0%{?suse_version} == 1110 %patch116 -p1 %endif -%patch117 -p1 cat %{_sourcedir}/SUSE-NOTICE >> NOTICE # install READMEs a=$(basename %{SOURCE22}) diff --git a/httpd-2.4.38.tar.bz2 b/httpd-2.4.38.tar.bz2 deleted file mode 100644 index d03078e..0000000 --- a/httpd-2.4.38.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7dc65857a994c98370dc4334b260101a7a04be60e6e74a5c57a6dee1bc8f394a -size 7035030 diff --git a/httpd-2.4.38.tar.bz2.asc b/httpd-2.4.38.tar.bz2.asc deleted file mode 100644 index 80f31cb..0000000 --- a/httpd-2.4.38.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEueghOu+4Ya81pB8smV41IhrYTf8FAlxAzY0ACgkQmV41IhrY -Tf8KCAf8CjlyLRwVKCeqgZJRthebKCr+liUH2+IFIoIX8erbvlx6wXN9lgb9O16R -JmWBK7TLIFRxDfb68j3aS7OqM4/aZ2aIh5XJmFevmcmH+7CJYLVfQF5XLwIYUNj+ -L+BiUYjpwJb7MPiaXNi5/7A9XIdbCdOIuInnQKsgonmlOZRniaQOWQRel7CTwWP5 -SPOxThkeBK8zdqlFZ8og+uqDSZ5CbmRJgyN1O67MCHp13hX6WMtTLyd5+KF2gxr2 -4Ilrv2ryvl6hV+lDthW1D7u3SVAZ3NBvAW+4qpPTmCxMfW4TLl8hfQA1licnEXOl -WEWJ/rSMVYoNelM3qPGz4gRy2yRp7A== -=b8GF ------END PGP SIGNATURE----- diff --git a/httpd-2.4.39.tar.bz2 b/httpd-2.4.39.tar.bz2 new file mode 100644 index 0000000..e6cb5e5 --- /dev/null +++ b/httpd-2.4.39.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b4ca9d05773aa59b54d66cd8f4744b945289f084d3be17d7981d1783a5decfa2 +size 7030539 diff --git a/httpd-2.4.39.tar.bz2.asc b/httpd-2.4.39.tar.bz2.asc new file mode 100644 index 0000000..e9383dc --- /dev/null +++ b/httpd-2.4.39.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEueghOu+4Ya81pB8smV41IhrYTf8FAlybkZUACgkQmV41IhrY +Tf95uwgAxLwIsW7SFVXjYND69EBKwUPddPgvLTXCC8Qb7v49nkGLQbNp7Emiolsq +CcgIjUNtKCgOSI/diAH0Ii2e3FpdvmZKgxWKqGXAn5xUSq4Sp9McQb1S46x925gU +J+Qqm4e3+JiY3nBntPx3K2j8/33hX/QMDxOTqnYE+m/l5uyL713Ed2LeJe6Dc4oE +PxAmNm2TEdWfAG0/ZIzhGkZEoEjLQLTKJ6MVpEFeF7UKVJVc2aeA6a8FOilIoCXX +k0/fFc8ljjogy4tia3EiKZCW3VRVYeZa7IiSlTRo8UhUKPAF8h4/I8T35Mq1n3mV +KPMrkTtxb9N3o91KFSJHaXuIKxrltw== +=lnVM +-----END PGP SIGNATURE-----