Search
j0ke.net Open Build Service
>
Projects
>
Apache
>
apache2
> Changes
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
Changes of Revision 26
[-]
[+]
Added
apache2.changes
@@ -0,0 +1,2985 @@ +------------------------------------------------------------------- +Fri Nov 21 12:01:00 CET 2008 - skh@suse.de + +- apache2-server-tuning.conf: + Enclose module-specific configuration in IfModule tags [bnc#440584] + +------------------------------------------------------------------- +Fri Nov 14 09:40:05 CET 2008 - poeml@suse.de + +- apply Dirks fix for [bnc#444878], making the packaging of per-mpm + modules more deterministic. They'll reliably put into the + subpackage or main package now, which varied in a ping-pong way + from build to build in the past. + +------------------------------------------------------------------- +Wed Oct 29 18:38:17 CET 2008 - poeml@suse.de + +- update year of copyright in rc.apache2 + +------------------------------------------------------------------- +Wed Oct 29 00:13:58 CET 2008 - poeml@suse.de + +- update to 2.2.10: + SECURITY: CVE-2008-2939 (cve.mitre.org) + mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of + the FTP URL. Discovered by Marc Bevand of Rapid7. + core: + - Support chroot on Unix-family platforms. PR 43596 + mod_authn_alias: + - Detect during startup when AuthDigestProvider is configured to + use an incompatible provider via AuthnProviderAlias. PR 45196 + mod_cgid: + - Pass along empty command line arguments from an ISINDEX query + that has consecutive '+' characters in the QUERY_STRING, + matching the behavior of mod_cgi. + mod_charset_lite: + - Avoid dropping error responses by handling meta buckets + correctly. PR 45687 + mod_dav_fs: + - Retrieve minimal system information about directory entries + when walking a DAV fs, resolving a performance degradation on + Windows. PR 45464. + mod_headers: + - Prevent Header edit from processing only the first header of + possibly multiple headers with the same name and deleting the + remaining ones. PR 45333. + mod_proxy: + - Allow for smax to be 0 for balancer members so that all idle + connections are able to be dropped should they exceed ttl. PR 43371 + - Add 'scolonpathdelim' parameter to allow for ';' to also be + used as a session path separator/delim PR 45158. + - Add connectiontimeout parameter for proxy workers in order to + be able to set the timeout for connecting to the backend separately. + PR 45445. + mod_proxy_http: + - Don't trigger a retry by the client if a failure to + read the response line was the result of a timeout. + - Introduce environment variable proxy-initial-not-pooled to + avoid reusing pooled connections if the client connection is an initial + connection. PR 37770. + - Do not forward requests with 'Expect: 100-continue' to + known HTTP/1.0 servers. Return 'Expectation failed' (417) instead. + mod_proxy_balancer: + - Move nonce field in the balancer manager page inside + the html form where it belongs. PR 45578. + - Add 'bybusyness' load balance method. + mod_rewrite: + - Allow Cookie option to set secure and HttpOnly flags. PR 44799 + - Preserve the query string when [proxy,noescape]. PR 45247. + mod_ssl: + - implement dynamic mutex callbacks for the benefit of OpenSSL. + - Rewrite shmcb to avoid memory alignment issues. PR 42101. +- drop obsolete patch httpd-2.2.x-CVE-2008-2939.patch + +------------------------------------------------------------------- +Fri Oct 24 13:23:41 CEST 2008 - skh@suse.de + +- apache2.firewall, apache2.ssl-firewall + Use unique name tags "HTTP Server" and "HTTPS Server" in for + SuSEFirewall2 configuration [bnc#414962] + +------------------------------------------------------------------- +Fri Sep 19 16:18:39 CEST 2008 - skh@suse.de + +- add httpd-2.x.x-logresolve.patch again [bnc#210904] +- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]: + mod_proxy_ftp: Prevent XSS attacks when using wildcards in + the path of the FTP URL. Discovered by Marc Bevand of Rapid7. + [Ruediger Pluem] + +------------------------------------------------------------------- +Tue Aug 26 22:59:55 CEST 2008 - poeml@suse.de + +- drop rc.config handling (was removed in or after SuSE Linux 8.0) +- don't use fillup_insserv options which have been removed lately + +------------------------------------------------------------------- +Fri Aug 15 11:25:47 CEST 2008 - poeml@suse.de + +- fix init script LSB headers + +------------------------------------------------------------------- +Wed Jun 25 14:36:06 CEST 2008 - poeml@suse.de + +- add note to /etc/sysconfig/apache2 and /etc/init.d/apache2 about + how to set ulimits when starting the server +- undocument APACHE_BUFFERED_LOGS and APACHE_TIMEOUT in the + sysconfig template. They still work but I think it is good to + keep this stuff out of the beginner's config, first because both + features are sophisticated enough to not being tweaked in most + cases, second because it only confuses people I guess, and makes + the sysconfig file larger than necessary. + +------------------------------------------------------------------- +Sun Jun 15 19:39:46 CEST 2008 - poeml@suse.de + +- update to 2.2.9: + SECURITY: CVE-2008-2364 (cve.mitre.org) + mod_proxy_http: Better handling of excessive interim responses + from origin server to prevent potential denial of service and + high memory usage. Reported by Ryujiro Shibuya. + SECURITY: CVE-2007-6420 (cve.mitre.org) + mod_proxy_balancer: Prevent CSRF attacks against the + balancer-manager interface. + - htpasswd: Fix salt generation weakness. PR 31440 + worker/event MPM: + - Fix race condition in pool recycling that leads to + segmentation faults under load. PR 44402 + core: + - Fix address-in-use startup failure on some platforms caused by + creating an IPv4 listener which overlaps with an existing IPv6 + listener. + - Add the filename of the configuration file to the warning + message about the useless use of AllowOverride. PR 39992. + - Do not allow Options ALL if not all options are allowed to be + overwritten. PR 44262 + - reinstate location walk to fix config for subrequests PR 41960 + - Fix garbled TRACE response on EBCDIC platforms. + - gen_test_char: add double-quote to the list of + T_HTTP_TOKEN_STOP. PR 9727 + http_filters: + - Don't return 100-continue on redirects. PR 43711 + - Don't return 100-continue on client error PR 43711 + - Don't spin if get an error when reading the next chunk. PR 44381 + - Don't add bogus duplicate Content-Language entries + suexec: + - When group is given as a numeric gid, validate it by looking up + the actual group name such that the name can be used in log entries. + PR 7862 + mod_authn_dbd: + - Disambiguate and tidy database authentication error messages. PR 43210. + mod_cache: + - Handle If-Range correctly if the cached resource was stale. PR 44579 + - Revalidate cache entities which have Cache-Control: no-cache + set in their response headers. PR 44511 + mod_cgid: + - Explicitly set permissions of the socket (ScriptSock) shared + by mod_cgid and request processing threads, for OS'es such as + HPUX and AIX that do not use umask for AF_UNIX socket permissions. + - Don't try to restart the daemon if it fails to initialize the socket. + mod_charset_lite: + - Add TranslateAllMimeTypes sub-option to CharsetOptions, + allowing the administrator to skip the mimetype checking that + precedes translation. + mod_dav: + - Return "method not allowed" if the destination URI of a WebDAV + copy / move operation is no DAV resource. PR 44734 + mod_headers: + - Add 'merge' option to avoid duplicate values within the same header. + mod_include: + - Correctly handle SSI directives split over multiple filter + mod_log_config: + - Add format options for %p so that the actual local or remote + port can be logged. PR 43415. + mod_logio: + - Provide optional function to allow modules to adjust the + bytes_in count + mod_proxy: + - Make all proxy modules nocanon aware and do not add the + query string again in this case. PR 44803. + - scoreboard: Remove unused proxy load balancer elements from scoreboard + image (not scoreboard memory itself). + - Support environment variable interpolation in reverse + proxying directives. + - Do not try a direct connection if the connection via a + remote proxy failed before and the request has a request body. + - ProxyPassReverse is now balancer aware. + - Lower memory consumption for short lived connections. + PR 44026. + - Keep connections to the backend persistent in the HTTPS case. + mod_proxy_ajp: + - Do not retry request in the case that we either failed to + sent a part of the request body or if the request is not idempotent. + PR 44334 + mod_proxy_ftp: + - Fix base for directory listings. PR 27834 + mod_proxy_http: + - Fix processing of chunked responses if Connection: + Transfer-Encoding is set in the response of the proxied
