diff --git a/apache2.changes b/apache2.changes index 67446e6..3796f28 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Fri Oct 6 07:45:55 UTC 2017 - pgajdos@suse.com + +- updated to 2.4.28: + *) SECURITY: CVE-2017-9798 (cve.mitre.org) + Corrupted or freed memory access. must now be used in the + main configuration file (httpd.conf) to register HTTP methods before the + .htaccess files. [Yann Ylavic] + *) event: Avoid possible blocking in the listener thread when shutting down + connections. PR 60956. [Yann Ylavic] + *) mod_speling: Don't embed referer data in a link in error page. + PR 38923 [Nick Kew] + *) htdigest: prevent a buffer overflow when a string exceeds the allowed max + length in a password file. + [Luca Toscano, Hanno Böck ] + *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). + [Jim Jagielski] + *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. + PR 61142. + *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified + down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), + 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] + *) mod_http2: Fix for stalling when more than 32KB are written to a + suspended stream. [Stefan Eissing] + *) build: allow configuration without APR sources. [Jacob Champion] + *) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. + [Bernard Spil , Michael Schlenker , + Yann Ylavic] + *) core/log: Support use of optional "tag" in syslog entries. + PR 60525. [Ben Rubson , Jim Jagielski] + *) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton] + *) core: Disallow multiple Listen on the same IP:port when listener buckets + are configured (ListenCoresBucketsRatio > 0), consistently with the single + bucket case (default), thus avoiding the leak of the corresponding socket + descriptors on graceful restart. [Yann Ylavic] + *) event: Avoid listener periodic wake ups by using the pollset wake-ability + when available. PR 57399. [Yann Ylavic, Luca Toscano] + *) mod_proxy_wstunnel: Fix detection of unresponded request which could have + led to spurious HTTP 502 error messages sent on upgrade connections. + PR 61283. [Yann Ylavic] + ------------------------------------------------------------------- Thu Oct 5 12:57:56 UTC 2017 - pgajdos@suse.com diff --git a/apache2.spec b/apache2.spec index cb00fb0..ba79b48 100644 --- a/apache2.spec +++ b/apache2.spec @@ -53,7 +53,7 @@ %define mods_static unixd %endif Name: apache2 -Version: 2.4.27 +Version: 2.4.28 Release: 0 Summary: The Apache Web Server Version 2.4 License: Apache-2.0 diff --git a/httpd-2.4.27.tar.bz2 b/httpd-2.4.27.tar.bz2 deleted file mode 100644 index ddcce70..0000000 --- a/httpd-2.4.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a -size 6527394 diff --git a/httpd-2.4.27.tar.bz2.asc b/httpd-2.4.27.tar.bz2.asc deleted file mode 100644 index c3539e3..0000000 --- a/httpd-2.4.27.tar.bz2.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIVAwUAWV51rTTqduZ5FIWoAQpSYQ//dq6ZWySYFWcTvHW3dgvgrKHZYyrX+Sd1 -tk4lprsTEBIcx3DnCGp6DUJ5vpTW20biPjMfOqRgjX3YEJvzyPasebiSPlsb3Kfm -AMSkRhd73rjzrJ34qsN9JBeenupUxcDWPjJxaXB1miys4S1GXgb9gH9lkVpq9w5I -hXsyP9xh5y7ZWguaNmKpezmLK+D90pglhD+/6D7nR9r1MVCyVL/30ARAsryaevjA -cGbDm0ZJ2SjWD9oCY7vVIYFTyTx6tTg0+vHsOsAyKyq82wEVr8NvNwzdWv2KygOB -vx+vpJC6o1Lz5WaU7vVDndZJzJAZq9S1yH/D0mkQ35qTUDEB/4qGvChWnEvqCoeq -sLQA2111fot/PpgiWFFpx47gZrytkG6vqE6YnDr5zYT2IYCsq4saCAxj5uIahios -D70kE4RHyUN7ohAYMbCLqyCN/2IIIrFPzXDUOS3j7HkTM3j9ZtltlMtaQeFOo+u3 -uYsDxbKhlTFparj2wDFf8wl+M2/0sfeVzFNkUkVzYhnHQQ4ydaCVIk+CEhvCD/FZ -oXRNALOnCkmMOK9pptaIe/Y/kmlAPGK2OLAjEuQsYI16SGv81FYmr3Cd/5lK80IJ -IrLK7CP5jgoBhFzmbC2VfoCsEiewOD9bOggFMDiAewlVxF5007aK1acQdoMueN/s -rB0+dG7ENno= -=9qyb ------END PGP SIGNATURE----- diff --git a/httpd-2.4.28.tar.bz2 b/httpd-2.4.28.tar.bz2 new file mode 100644 index 0000000..5a36f5a --- /dev/null +++ b/httpd-2.4.28.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666 +size 6553163 diff --git a/httpd-2.4.28.tar.bz2.asc b/httpd-2.4.28.tar.bz2.asc new file mode 100644 index 0000000..e95ffa3 --- /dev/null +++ b/httpd-2.4.28.tar.bz2.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIVAwUAWcjw5zTqduZ5FIWoAQr5EQ/7BXT4HjCD3eUJK9OymmpchCYZL1l4uZNy +4oywYvn5THhWy4i9+sOxgju4LFQJCUlu/Cmqeh5bZgZIfdCAnxNANiNmtIaL0gum +in0ZmLYeiJHLT1qkUYUhmUgRXoUTG5GBeHEhKaQUG36aywYlJK/OVRxEA/tqaLPX +SyaUCHao98E0UjarDvSLwpH1/7KAA8GyknEaZnTXhnyFboEFGRiI2xpkeRM8NhNh +ASIq0YfndBlneG4uHlsPoWLcFp5HttQ9YdpBo39sbSVLKFlUg9XYK/3n0mh3Xx5Z +xowVOs2/5gP2sPjmC92ycx3LRlwK7ygw1/Dx/dImuhTtTAL7OG6i1/qFNY1utNCh +LAddU/on5YQz5beV1LjZip9ef4yBikqBsRUtyu/fQG+EqiszzpxxHf+JfaWXl+hu +NoFIALVtSEBf8LHT0cvIRWY3Id05nYDpknGiuNxuDIpYc4qdY7yDOa6lPeS3kGzC +iPFh63B6nhzNudNWCT0YH2mLKGs6szDM4Hwh13Kotva3vus7UWv4O8jFAiSPvO8h +aNpfy2IMcvjuXBu4oWbuu/X6l0FLZo/LKGzvUDZiG62Z1RCH/zg9f5OiBVIlEIWM +INe6IsivQOM3DMNJX6U3VZUyx2hN4J5O31bkP4qMoNnHOzA7PD9JX4owirpxy4eZ +Y2Ywbc9jeBk= +=kUfO +-----END PGP SIGNATURE-----