forked from pool/apache2
06a8f464b4
- updated to 2.4.28:
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except]> must now be used in the
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files. [Yann Ylavic]
*) event: Avoid possible blocking in the listener thread when shutting down
connections. PR 60956. [Yann Ylavic]
*) mod_speling: Don't embed referer data in a link in error page.
PR 38923 [Nick Kew]
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
[Luca Toscano, Hanno Böck <hanno hboeck de>]
*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
[Jim Jagielski]
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
PR 61142.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream. [Stefan Eissing]
*) build: allow configuration without APR sources. [Jacob Champion]
*) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184.
[Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
Yann Ylavic]
*) core/log: Support use of optional "tag" in syslog entries.
PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski]
*) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton]
*) core: Disallow multiple Listen on the same IP:port when listener buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the single
OBS-URL: https://build.opensuse.org/request/show/532105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache2?expand=0&rev=136