Overview Repositories Revisions Requests Users Attributes Meta

The Apache Web Server Version 2.4

Edit Package apache2
http://httpd.apache.org/

Apache 2, the successor to Apache 1.

Apache is the most used Web server software worldwide.

Some new features in Apache 2: - hybrid multiprocess, multithreaded
mode for improved scalability

- multiprotocol support

- stream filtering

- IPv6 support

- new module API

New modules include: - mod_auth_db

- mod_auth_digest

- mod_charset_lite

- mod_dav

- mod_file_cache

Mod_ssl is no longer a separate package, but is now included in the
Apache distribution.

See /usr/share/doc/packages/apache2/, http://httpd.apache.org/, and
http://httpd.apache.org/docs-2.4/upgrading.html.

Refresh
Refresh
Source Files
Filename Size Changed
_multibuild 0000000356 356 Bytes
apache-test-application-xml-type.patch 0000000581 581 Bytes
apache-test-turn-off-variables-in-ssl-var-lookup.patch 0000000679 679 Bytes
apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch 0000007330 7.16 KB
apache2-LimitRequestFieldSize-limits-headers.patch 0000001943 1.9 KB
apache2-README-access_compat.txt 0000002514 2.46 KB
apache2-README-configuration.txt 0000000933 933 Bytes
apache2-README-instances.txt 0000001479 1.44 KB
apache2-a2enflag 0000001288 1.26 KB
apache2-a2enmod 0000001671 1.63 KB
apache2-apachectl.patch 0000001095 1.07 KB
apache2-check_forensic 0000000918 918 Bytes
apache2-default-server.conf 0000004257 4.16 KB
apache2-errors.conf 0000002924 2.86 KB
apache2-find_directives 0000003811 3.72 KB
apache2-gensslcert 0000006202 6.06 KB
apache2-global.conf 0000000144 144 Bytes
apache2-httpd.conf 0000009304 9.09 KB
apache2-listen.conf 0000000749 749 Bytes
apache2-loadmodule.conf 0000006171 6.03 KB
apache2-logresolve-tmp-security.patch 0000001780 1.74 KB
apache2-manual.conf 0000000825 825 Bytes
apache2-mod_autoindex-defaults.conf 0000001504 1.47 KB
apache2-mod_cgid-timeout.conf 0000000344 344 Bytes
apache2-mod_example.c 0000001662 1.62 KB
apache2-mod_info.conf 0000000467 467 Bytes
apache2-mod_log_config.conf 0000001058 1.03 KB
apache2-mod_mime-defaults.conf 0000005245 5.12 KB
apache2-mod_reqtimeout.conf 0000001020 1020 Bytes
apache2-mod_status.conf 0000000936 936 Bytes
apache2-mod_userdir.conf 0000001504 1.47 KB
apache2-mod_usertrack.conf 0000000085 85 Bytes
apache2-protocols.conf 0000000743 743 Bytes
apache2-script-helpers 0000002379 2.32 KB
apache2-server-tuning.conf 0000006281 6.13 KB
apache2-ssl-dirs.tar.bz2 0000000851 851 Bytes
apache2-ssl-global.conf 0000006785 6.63 KB
apache2-start_apache2 0000005471 5.34 KB
apache2-system-dirs-layout.patch 0000002791 2.73 KB
apache2-systemd-ask-pass 0000000083 83 Bytes
apache2-vhost-ssl.template 0000001752 1.71 KB
apache2-vhost.template 0000004813 4.7 KB
apache2.changes 0000361066 353 KB
apache2.keyring 0000549907 537 KB
apache2.service 0000000567 567 Bytes
apache2.spec 0000033096 32.3 KB
apache2.target 0000000066 66 Bytes
apache2@.service 0000000575 575 Bytes
firewalld-ssl.apache2 0000000448 448 Bytes
firewalld.apache2 0000000354 354 Bytes
httpd-2.4.62.tar.bz2 0007521661 7.17 MB
httpd-2.4.62.tar.bz2.asc 0000000833 833 Bytes
httpd-framework-svn1921782.tar.bz2 0001228913 1.17 MB
logrotate.apache2 0000000695 695 Bytes
permissions.apache2 0000000033 33 Bytes
susefirewall-ssl.apache2 0000000359 359 Bytes
susefirewall.apache2 0000000357 357 Bytes
sysconfig.apache2 0000008677 8.47 KB
Revision 706 (latest revision is 712)
David Anes's avatar David Anes (david.anes) accepted request 1191452 from Arjen de Korte's avatar Arjen de Korte (adkorte) (revision 706) 
- Update to 2.4.62
  *) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
     mod_rewrite in server/vhost context on Windows (cve.mitre.org)
     [boo#1228098]
     SSRF in Apache HTTP Server on Windows with mod_rewrite in
     server/vhost context, allows to potentially leak NTML hashes to
     a malicious server via SSRF and malicious requests.
     Users are recommended to upgrade to version 2.4.62 which fixes
     this issue.
     Credits: Smi1e (DBAPPSecurity Ltd.)
  *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
     disclosure with handlers configured via AddType (cve.mitre.org)
     [boo#1228097]
     A partial fix for  CVE-2024-39884 in the core of Apache HTTP
     Server 2.4.61 ignores some use of the legacy content-type based
     configuration of handlers. "AddType" and similar configuration,
     under some circumstances where files are requested indirectly,
     result in source code disclosure of local content. For example,
     PHP scripts may be served instead of interpreted.
     Users are recommended to upgrade to version 2.4.62, which fixes
     this issue.
  *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
     "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
     with BalancerMember(s).  PR 69168.  [Yann Ylavic]
  *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
     PR 69160 [Yann Ylavic]
  *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
     [Joe Orton]
  *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
     via OpenSSL 3.x providers.  [Ingo Franzki <ifranzki linux.ibm.com>]
  *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
     [Ruediger Pluem, Yann Ylavic]
  *) mpm_worker: Fix possible warning (AH00045) about children processes not
     terminating timely.  [Yann Ylavic]
Comments 0
openSUSE Build Service is sponsored by
Places