Changes with Apache 2.4.48
*) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the
fallback to mod_proxy_http for WebSocket upgrade and tunneling.
[Yann Ylavic]
*) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling.
BZ 65294. [Yann Ylavic]
*) core: Fix a regression that stripped the ETag header from 304 responses.
PR 61820 [Ruediger Pluem, Roy T. Fielding]
*) core: Adding SSL related inquiry functions to the server API.
These function are always available, even when no module providing
SSL is loaded. They provide their own "shadowing" implementation for
the optional functions of similar name that mod_ssl and impersonators
of mod_ssl provide.
This enables loading of several SSL providing modules when all but
one of them registers itself into the new hooks. Two old-style SSL
modules will not work, as they replace the others optional functions
with their own.
Modules using the old-style optional functions will continue to work
as core supplies its own versions of those.
The following has been added so far:
- ap_ssl_conn_is_ssl() to query if a connection is using SSL.
- ap_ssl_var_lookup() to query SSL related variables for a
server/connection/request.
- Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules
providing SSL can install their own value supplying functions.
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=651
Changes with Apache 2.4.46
*) mod_proxy_fcgi: Fix build warnings for Windows platform
[Eric Covener, Christophe Jaillet]
Changes with Apache 2.4.45
*) mod_http2: remove support for abandoned http-wg draft
<https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
[Stefan Eissing]
Changes with Apache 2.4.44
*) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
protocol limit). [Yann Ylavic]
*) mod_http2:
Fixes <https://github.com/icing/mod_h2/issues/200>:
"LimitRequestFields 0" now disables the limit, as documented.
Fixes <https://github.com/icing/mod_h2/issues/201>:
Do not count repeated headers with same name against the field
count limit. The are merged internally, as if sent in a single HTTP/1 line.
[Stefan Eissing]
*) mod_http2: Avoid segfaults in case of handling certain responses for
already aborted connections. [Stefan Eissing, Ruediger Pluem]
*) mod_http2: The module now handles master/secondary connections and has marked
methods according to use. [Stefan Eissing]
*) core: Drop an invalid Last-Modified header value coming
from a FCGI/CGI script instead of replacing it with Unix epoch.
[Yann Ylavic, Luca Toscano]
*) Add support for strict content-length parsing through addition of
ap_parse_strict_length() [Yann Ylavic]
*) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
*) mod_proxy_http: flush spooled request body in one go to avoid
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=610
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]
*) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
[Michael Kaufmann, Stefan Eissing]
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
*) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
*) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
*) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
*) Add a config layout for OpenWRT. [Graham Leggett]
*) Add support for cross compiling to apxs. If apxs is being executed from
somewhere other than its target location, add that prefix to includes and
library directories. Without this, apxs would fail to find config_vars.mk
and exit. [Graham Leggett]
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=601
- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache
to honour net.core.somaxconn sysctl as the mandatory limit.
the old value of 511 was never used as until v5.4-rc6 it was
clamped to 128, in current kernels the default limit is 4096.
Cannot use the apr_socket_listen(.., -1) idiom because the function
expects a positive integer argument.
OBS-URL: https://build.opensuse.org/request/show/769110
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=596
* mod_proxy/ssl: Cleanup per-request SSL configuration anytime a
backend connection is recycled/reused to avoid a possible crash
with some SSLProxy configurations in <Location> or <Proxy>
context. PR 63256. [Yann Ylavic]
* mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA
failure. [Michael Kaufmann <mail michael-kaufmann.ch>]
* mod_log_config: Support %{c}h for conn-hostname, %h for
useragent_host PR 55348
* mod_socache_redis: Support for Redis as socache storage
provider.
* core: new configuration option 'MergeSlashes on|off' that
controls handling of multiple, consecutive slash ('/')
characters in the path component of the request URL. [Eric
Covener]
* mod_http2: when SSL renegotiation is inhibited and a 403
ErrorDocument is in play, the proper HTTP/2 stream reset did
not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael
Kaufmann]
* mod_http2: new configuration directive: `H2Padding numbits` to
control padding of HTTP/2 payload frames. 'numbits' is a number
from 0-8, controlling the range of padding bytes added to a
frame. The actual number added is chosen randomly per frame.
This applies to HEADERS, DATA and PUSH_PROMISE frames equally.
The default continues to be 0, e.g. no padding. [Stefan
Eissing]
* mod_http2: ripping out all the h2_req_engine internal features
now that mod_proxy_http2 has no more need for it. Optional
functions are still declared but no longer implemented. While
previous mod_proxy_http2 will work with this, it is
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=581
- updated to 2.4.38
* mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
PR 63052 [Joe Orton]
* mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification. PR 39730 [Christophe Jaillet]
* mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed. [Michael Kaufmann, Stefan Eissing]
* mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case. [Ruediger Pluem]
* mod_session: Always decode session attributes early. [Hank Ibell]
* core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive. [Hank Ibell]
* mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
* mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line [Jim Jagielski]
* mod_session_cookie: avoid duplicate Set-Cookie header in the response.
[Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
* mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play. Fixes PR 62880. [Michael Kaufmann]
* mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()' [Yann Ylavic]
* mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
PR 61519, 62654. [Joe Orton, Stefan Eissing]
* mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
* mod_lua: Now marked as a stable module [https://s.apache.org/Xnh1]
OBS-URL: https://build.opensuse.org/request/show/667015
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=576
