Overview Repositories Revisions Requests Users Attributes Meta

Revisions of apache2

David Anes's avatar David Anes (david.anes) accepted request 1102468 from Dirk Stoecker's avatar Dirk Stoecker (dstoecker) (revision 692) 
- Enable building of mod_md
buildservice-autocommit accepted request 1078453 from David Anes's avatar David Anes (david.anes) (revision 691) 
baserev update by copy to link target
buildservice-autocommit accepted request 1070268 from David Anes's avatar David Anes (david.anes) (revision 689) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1070261 from David Anes's avatar David Anes (david.anes) (revision 688) 
- This update fixes the following security issues:
  * CVE-2023-27522 [bsc#1209049]: mod_proxy_uwsgi HTTP response splitting 
  * CVE-2023-25690 [bsc#1209047]: HTTP request splitting with mod_rewrite and mod_proxy  
- Update to 2.4.56: 
    *) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
      truncated without the initial logfile being truncated.  [Eric Covener]
    *) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
      allow connections of any age to be reused. Up to now, a negative value
      was handled as an error when parsing the configuration file.  PR 66421.
      [nailyk <bzapache nailyk.fr>, Christophe Jaillet]
    *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
      of headers. [Ruediger Pluem]
    *) mod_md:
      - Enabling ED25519 support and certificate transparency information when
        building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
      - MDChallengeDns01 can now be configured for individual domains.
        Thanks to Jérôme Billiras (@bilhackmac) for the initial PR.
      - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
        teardown not being invoked as it should.
      [Stefan Eissing]
    *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
      reported in access logs and error documents. The processing of the
      reset was correct, only unneccesary reporting was caused.
      [Stefan Eissing]
    *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
      [Yann Ylavic]

  * CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
  * CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
  * CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
buildservice-autocommit accepted request 1060992 from David Anes's avatar David Anes (david.anes) (revision 687) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1060991 from David Anes's avatar David Anes (david.anes) (revision 686) 
- This update fixes the following security issues:
David Anes's avatar David Anes (david.anes) accepted request 1060983 from David Anes's avatar David Anes (david.anes) (revision 685) 
- This update fixes te following security issues.
  * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
  * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
  * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
buildservice-autocommit accepted request 1060451 from David Anes's avatar David Anes (david.anes) (revision 684) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1059452 from David Anes's avatar David Anes (david.anes) (revision 682) 
- Update to 2.4.55:
    *) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
      2.4.55 allows a backend to trigger HTTP response splitting
      (cve.mitre.org)
      Prior to Apache HTTP Server 2.4.55, a malicious backend can
      cause the response headers to be truncated early, resulting in
      some headers being incorporated into the response body. If the
      later headers have any security purpose, they will not be
      interpreted by the client.
      Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
    *) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
      Possible request smuggling (cve.mitre.org)
      Inconsistent Interpretation of HTTP Requests ('HTTP Request
      Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
      allows an attacker to smuggle requests to the AJP server it
      forwards requests to.  This issue affects Apache HTTP Server
      Apache HTTP Server 2.4 version 2.4.54 and prior versions.
      Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
      at Qi'anxin Group
    *) SECURITY: CVE-2006-20001: mod_dav out of  bounds read, or write
      of zero byte (cve.mitre.org)
      A carefully crafted If: request header can cause a memory read,
      or write of a single zero byte, in a pool (heap) memory location
      beyond the header value sent. This could cause the process to
      crash.
      This issue affects Apache HTTP Server 2.4.54 and earlier.
    *) mod_dav: Open the lock database read-only when possible.
      PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
    *) mod_proxy_http2: apply the standard httpd content type handling
      to responses from the backend, as other proxy modules do. Fixes PR 66391.
buildservice-autocommit accepted request 1043275 from David Anes's avatar David Anes (david.anes) (revision 681) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1043175 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 680) 
- switch to pkgconfig(zlib) so that alternative providers can be
  used
buildservice-autocommit accepted request 1005552 from David Anes's avatar David Anes (david.anes) (revision 679) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1005549 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 678) 
- The 2.4.54 release brought support for PCRE2, but for that we also
  need to change buildrequires to pcre2-devel
buildservice-autocommit accepted request 1004996 from David Anes's avatar David Anes (david.anes) (revision 677) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1004993 from David Anes's avatar David Anes (david.anes) (revision 676) 
- Remove references to README.QUICKSTART and point them to 
  https://en.opensuse.org/SDB:Apache_installation (bsc#1203573)
buildservice-autocommit accepted request 1002993 from David Anes's avatar David Anes (david.anes) (revision 675) 
baserev update by copy to link target
David Anes's avatar David Anes (david.anes) accepted request 1000574 from Stefan Schubert's avatar Stefan Schubert (schubi2) (revision 674) 
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.
buildservice-autocommit accepted request 985733 from David Anes's avatar David Anes (david.anes) (revision 673) 
baserev update by copy to link target
Displaying revisions 21 - 40 of 712
openSUSE Build Service is sponsored by
Places