Changes with Apache 2.4.48
*) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the
fallback to mod_proxy_http for WebSocket upgrade and tunneling.
[Yann Ylavic]
*) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling.
BZ 65294. [Yann Ylavic]
*) core: Fix a regression that stripped the ETag header from 304 responses.
PR 61820 [Ruediger Pluem, Roy T. Fielding]
*) core: Adding SSL related inquiry functions to the server API.
These function are always available, even when no module providing
SSL is loaded. They provide their own "shadowing" implementation for
the optional functions of similar name that mod_ssl and impersonators
of mod_ssl provide.
This enables loading of several SSL providing modules when all but
one of them registers itself into the new hooks. Two old-style SSL
modules will not work, as they replace the others optional functions
with their own.
Modules using the old-style optional functions will continue to work
as core supplies its own versions of those.
The following has been added so far:
- ap_ssl_conn_is_ssl() to query if a connection is using SSL.
- ap_ssl_var_lookup() to query SSL related variables for a
server/connection/request.
- Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules
providing SSL can install their own value supplying functions.
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=651
Changes with Apache 2.4.46
*) mod_proxy_fcgi: Fix build warnings for Windows platform
[Eric Covener, Christophe Jaillet]
Changes with Apache 2.4.45
*) mod_http2: remove support for abandoned http-wg draft
<https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
[Stefan Eissing]
Changes with Apache 2.4.44
*) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
protocol limit). [Yann Ylavic]
*) mod_http2:
Fixes <https://github.com/icing/mod_h2/issues/200>:
"LimitRequestFields 0" now disables the limit, as documented.
Fixes <https://github.com/icing/mod_h2/issues/201>:
Do not count repeated headers with same name against the field
count limit. The are merged internally, as if sent in a single HTTP/1 line.
[Stefan Eissing]
*) mod_http2: Avoid segfaults in case of handling certain responses for
already aborted connections. [Stefan Eissing, Ruediger Pluem]
*) mod_http2: The module now handles master/secondary connections and has marked
methods according to use. [Stefan Eissing]
*) core: Drop an invalid Last-Modified header value coming
from a FCGI/CGI script instead of replacing it with Unix epoch.
[Yann Ylavic, Luca Toscano]
*) Add support for strict content-length parsing through addition of
ap_parse_strict_length() [Yann Ylavic]
*) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
*) mod_proxy_http: flush spooled request body in one go to avoid
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=610
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]
*) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
[Michael Kaufmann, Stefan Eissing]
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
*) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
*) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
*) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
*) Add a config layout for OpenWRT. [Graham Leggett]
*) Add support for cross compiling to apxs. If apxs is being executed from
somewhere other than its target location, add that prefix to includes and
library directories. Without this, apxs would fail to find config_vars.mk
and exit. [Graham Leggett]
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=601
- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache
to honour net.core.somaxconn sysctl as the mandatory limit.
the old value of 511 was never used as until v5.4-rc6 it was
clamped to 128, in current kernels the default limit is 4096.
Cannot use the apr_socket_listen(.., -1) idiom because the function
expects a positive integer argument.
OBS-URL: https://build.opensuse.org/request/show/769110
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=596
