Accepting request 924154 from Apache

- version update to 2.4.51
  *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
     Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
     fix of CVE-2021-41773) (cve.mitre.org)
  *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
     unused AP_NORMALIZE_DROP_PARAMETERS flag. (forwarded request 924064 from stroeder)

OBS-URL: https://build.opensuse.org/request/show/924154
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=186

apache2.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Thu Oct  7 17:30:44 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- version update to 2.4.51
+  *) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
+     Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
+     fix of CVE-2021-41773) (cve.mitre.org)
+  *) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
+     unused AP_NORMALIZE_DROP_PARAMETERS flag.
+
+
+-------------------------------------------------------------------
+Mon Oct  4 15:23:51 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- version update to 2.4.50
+  *) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
+     the uri-path when it's preceded by a dot.  [Yann Ylavic]
+  *) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
+     fails (!= 0 exit), the renewal process is aborted and an error is
+     reported for the MDomain. This provides scripts that distribute
+     information in a cluster to abort early with bothering an ACME
+     server to validate a dns name that will not work. The common
+     retry logic will make another attempt in the future, as with
+     other failures.
+     Fixed a bug when adding private key specs to an already working
+     MDomain, see <https://github.com/icing/mod_md/issues/260>.
+     [Stefan Eissing]
+  *) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
+     had no hostname ("unix:/...").  [Yann Ylavic]
+  *) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
+     run into an assertion which terminated (and restarted) the child process where
+     the task was running. Eventually, all OCSP responses were collected, but not
+     in the way that things are supposed to work.
+     See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
+     The bug was possibly triggered when more than one OCSP status needed updating
+     at the same time. For example for several renewed certificates after a server
+     reload.
+  *) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules.  PR 57691 + 65590.
+     [Janne Peltonen <janne.peltonen sange.fi>]
+  *) event mpm: Correctly count active child processes in parent process if
+     child process dies due to MaxConnectionsPerChild.
+     PR 65592 [Ruediger Pluem]
+  *) mod_http2: when a server is restarted gracefully, any idle h2 worker
+     threads are shut down immediately.
+     Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
+     Adds all other, never proposed code changes to make a clean
+     sync of http2 sources. [Stefan Eissing]
+  *) mod_dav: Correctly handle errors returned by dav providers on REPORT
+     requests. [Ruediger Pluem]
+  *) core: do not install core input/output filters on secondary
+     connections. [Stefan Eissing]
+  *) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
+     and use it to prevent that failures in running the pre_connection
+     hook cause crashes afterwards. [Ruediger Pluem]
+  *) mod_speling: Add CheckBasenameMatch PR 44221.  [Christophe Jaillet]
+
 -------------------------------------------------------------------
 Fri Sep 17 08:37:29 UTC 2021 - pgajdos@suse.com
 

apache2.spec

@@ -115,7 +115,7 @@
 %endif
 
 Name:           apache2%{psuffix}
-Version:        2.4.49
+Version:        2.4.51
 Release:        0
 Summary:        The Apache HTTPD Server
 License:        Apache-2.0

httpd-2.4.49.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:65b965d6890ea90d9706595e4b7b9365b5060bec8ea723449480b4769974133b
-size 7199599

httpd-2.4.49.tar.bz2.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmE7YfoACgkQ03fJ59GU
-TGbbug//aZ9SUOjopIEfyop/AcVdDhgXJjs0ZRQEA4DpDRWwn5//8agKAoZpe8ao
-UEqb89zTISkxEIwwUAnF5Df9g1cP6iF+pgfGQS2tNB0EIYVnOQCubd7Dj6WWr9GY
-bzA7qTgO9Y7jwyYzHlwMX1chZ49wRjoQdzQbCIjNPxRA0PdOSZn6NlcEJSfodgqH
-XQM8/akvPQ1SFwmN990ObcWMjRopwDovlRvHtyKfTSgtNjbL4Qe4PVGp9K5RYCoM
-M0QyIZokOMxpNmAh37FAd2siBSyXrJZFlgpXkXnQ6mn7EHU/+yh2XiTo/XJ0CjMf
-yytcC1l9DIW7VIH9HogdZQ9E4cvFjMLve03YbAOhzjOYdmCjU+v1gwUC6m0NV+H8
-XV573435L9BIXb4nI0TB2nbtiJiFBKcoinsps5UEX5KbAepQAC6OPqADEHQgRkCn
-9PCzruJlJUm7oh2q9BRg2qc2IoePyk5Tv7MAcT6msGcSX9Lh5TkHsLIVPdId+aZ/
-0Q7gIgME9Ej4k+LoiuJNmag7IgLQZxTk82CD9T59REslgDkkT2KP4/PzSgx8G5It
-GmtOQUX7x4AgGtu1YSSn9mbZ73P7b76ii1vHv/eOybAY7zWe/03hXaeNn0Lcgk7Z
-nBjWQfm/Pv01QgCNdpiyZ/lRj3zn4VxFMtCFNSB3ktgezxhYcWI=
-=qZK9
------END PGP SIGNATURE-----

httpd-2.4.51.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20e01d81fecf077690a4439e3969a9b22a09a8d43c525356e863407741b838f4
+size 7653609

httpd-2.4.51.tar.bz2.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmFe8kEACgkQ03fJ59GU
+TGatthAAtWzeOD1TCIEvf5f9bAIZDK9vjEEnBZDeYMMrH1wVJGNJm48XP08O/Kbq
+qhvc9201RUwkAtWEUX811ZBAYd5A8lAqetfmIuCSHerYSOU0CbhvBjKsuIJVIKWD
+Wo1uPUDWk068V0HBquQtW6AEB4oo16fKPMEr1aOOxFpR+F806daJN1gt3ubPzkNJ
+rZd4E6dV00eEymeUIfk0BjDqSWKHmUr+08/dtWqc7kGYGcnJzu0e5pr6cc0hOV2o
+mqYm28F7eMSe5JCnAOd1LnnqtOwV81mZLxiAxR40PoFhV7IoBLo0zAJ99AHxJfA2
+9RjCmZ/WYtleeDT7mC1cdATHKOPRaubklzK6Ntf7tMaRIO07hnIfIRXQveKG7h+G
+Og6PGtfR9bwDGrg2f5Dr+R2fwUJO7EL31IxTYQFBUDe2Q82aNIWpdIFdte93nc+S
+HqjWq3w6zq+jdSm3xvyLB0LLSOguXhcjj5VEqV+aExZPASbf+Q8bG51mSbMQhkaq
+fEheFcdhu3Sm0x5xQXvEM3gX5XUr8vmrPWaacayPYfS7MinWukV0hXe5/DoYkFTt
+a1pt6bHcyVfR0tB0Q3bvm59EeaxLVfogb6Eq74RlrfYiCU/Qx7bMUs3tSeIkHGmY
+cNhpxzc/36i4Cf+fBDPKuJroXYV5wFoQmpnXVLAqRd6jWZcOizY=
+=f5dx
+-----END PGP SIGNATURE-----