|
|
|
|
Changelog for mod_ssl-2.4.37-64.module+el8.10.0+1717+030a9fed.x86_64.rpm :
* Fri Feb 16 2024 Joe Orton - 2.4.37-64- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) * Wed Feb 14 2024 Joe Orton - 2.4.37-63- mod_xml2enc: fix media type handling Resolves: RHEL-14321 * Thu Aug 17 2023 Johnny Hughes - 2.4.37-62- change for CentOS Stream Branding * Thu Jul 27 2023 Luboš Uhliarik - 2.4.37-62- Resolves: #2221083 - Apache Bug 57087: mod_proxy_fcgi doesn\'t send cgi CONTENT_LENGTH variable when the client request used Transfer-Encoding:chunked * Thu Jul 20 2023 Tomas Korbar - 2.4.37-61- Fix issue found by covscan- Related: #2159603 * Mon Jul 17 2023 Tomas Korbar - 2.4.37-60- Another rebuild because of mistake in workflow- Related: #2159603 * Mon Jul 17 2023 Tomas Korbar - 2.4.37-59- Rebuild because of mistake in workflow- Related: #2159603 * Mon Jul 17 2023 Tomas Korbar - 2.4.37-58- Resolves: #2159603 - mod_status lists BusyWorkers IdleWorkers keys twice * Thu May 25 2023 Luboš Uhliarik - 2.4.37-57- Resolves: #2176723 - CVE-2023-27522 httpd:2.4/httpd: mod_proxy_uwsgi HTTP response splitting * Thu Apr 27 2023 Luboš Uhliarik - 2.4.37-56.5- Resolves: #2190133 - mod_rewrite regression with CVE-2023-25690 * Sat Mar 18 2023 Luboš Uhliarik - 2.4.37-56.4- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy * Tue Jan 31 2023 Luboš Uhliarik - 2.4.37-56- Resolves: #2162499 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte- Resolves: #2162485 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting- Resolves: #2162509 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling * Thu Jan 26 2023 Luboš Uhliarik - 2.4.37-55- Resolves: #2155961 - prevent sscg creating /dhparams.pem * Thu Dec 08 2022 Luboš Uhliarik - 2.4.37-54- Resolves: #2095650 - Dependency from mod_http2 on httpd broken * Wed Nov 09 2022 Luboš Uhliarik - 2.4.37-53- Resolves: #2050888 - httpd with SSL fails to start unless hostname command was installed * Mon Sep 19 2022 Tomas Korbar - 2.4.37-52- Add the SNI support in mod_proxy_wstunnel module for Apache httpd- Resolves: rhbz#2017543 * Mon Jul 25 2022 Luboš Uhliarik - 2.4.37-51- Resolves: #2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via ap_rwrite()- Resolves: #2097031 - CVE-2022-28615 httpd:2.4/httpd: out-of-bounds read in ap_strcmp_match()- Resolves: #2097458 - CVE-2022-30522 httpd:2.4/httpd: mod_sed: DoS vulnerability- Resolves: #2097480 - CVE-2022-30556 httpd:2.4/httpd: mod_lua: Information disclosure with websockets- Resolves: #2098247 - CVE-2022-31813 httpd:2.4/httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism- Resolves: #2097451 - CVE-2022-29404 httpd:2.4/httpd: mod_lua: DoS in r:parsebody- Resolves: #2096997 - CVE-2022-26377 httpd:2.4/httpd: mod_proxy_ajp: Possible request smuggling * Tue Jun 21 2022 Luboš Uhliarik - 2.4.37-50- Resolves: #2065237 - CVE-2022-22719 httpd:2.4/httpd: mod_lua: Use of uninitialized value of in r:parsebody- Resolves: #2065267 - CVE-2022-22721 httpd:2.4/httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody- Resolves: #2065324 - CVE-2022-23943 httpd:2.4/httpd: mod_sed: Read/write beyond bounds * Fri Jun 10 2022 Luboš Uhliarik - 2.4.37-49- Resolves: #2090848 - CVE-2020-13950 httpd:2.4/httpd: mod_proxy NULL pointer dereference * Mon Mar 21 2022 Luboš Uhliarik - 2.4.37-48- Resolves: #2065249 - CVE-2022-22720 httpd:2.4/httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier * Thu Jan 20 2022 Luboš Uhliarik - 2.4.37-47- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations * Mon Jan 10 2022 Luboš Uhliarik - 2.4.37-46- Resolves: #2035063 - CVE-2021-44790 httpd:2.4/httpd: mod_lua: possible buffer overflow when parsing multipart content * Thu Jan 06 2022 Luboš Uhliarik - 2.4.37-45- Resolves: #2007199 - CVE-2021-36160 httpd:2.4/httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path- Resolves: #1972491 - CVE-2021-33193 httpd:2.4/mod_http2: Request splitting via HTTP/2 method injection and mod_proxy * Mon Nov 29 2021 Luboš Uhliarik - 2.4.37-44- Resolves: #1968278 - CVE-2020-35452 httpd:2.4/httpd: Single zero byte stack overflow in mod_auth_digest- Resolves: #2001046 - Apache httpd OOME with mod_dav in RHEL 8- Resolves: #2005128 (CVE-2021-34798) - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests- Resolves: #1984828 - mod_proxy_hcheck piles up health checks leading to high memory consumption- Resolves: #2005119 - CVE-2021-39275 httpd: out-of-bounds write in ap_escape_quotes() via malicious input * Tue Oct 26 2021 Luboš Uhliarik - 2.4.37-43- Related: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path * Thu Sep 30 2021 Luboš Uhliarik - 2.4.37-42- Resolves: #2007236 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via a crafted request uri-path- Resolves: #1969229 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in mod_session * Fri Jul 09 2021 Luboš Uhliarik - 2.4.37-41- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records- Resolves: #1905613 - mod_ssl does not like valid certificate chain- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for usertrack- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer dereference in parser- Resolves: #1934741 - Apache trademark update - new logo * Fri May 14 2021 Lubos Uhliarik - 2.4.37-40- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML- Resolves: #1937334 - SSLProtocol with based virtual hosts * Tue Jan 26 2021 Artem Egorenkov - 2.4.37-39- prevent htcacheclean from while break when first file processed * Tue Jan 26 2021 Lubos Uhliarik - 2.4.37-38- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp. * files created by apache * Wed Dec 09 2020 Lubos Uhliarik - 2.4.37-37- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile to be able to handle certs without matching private key * Mon Nov 30 2020 Lubos Uhliarik - 2.4.37-36- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd mod_proxy_wstunnel- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() * Wed Nov 11 2020 Lubos Uhliarik - 2.4.37-35- Resolves: #1651376 - centralizing default index.html for httpd * Fri Nov 06 2020 Lubos Uhliarik - 2.4.37-33- Resolves: #1868608 - Intermittent Segfault in Apache httpd due to pool concurrency issues- Resolves: #1861380 - httpd/mod_proxy_http/mod_ssl aborted when sending a client cert to backend server- Resolves: #1680118 - unorderly connection close when client attempts renegotiation * Thu Oct 29 2020 Lubos Uhliarik - 2.4.37-31- Resolves: #1677590 - CVE-2018-17199 httpd:2.4/httpd: mod_session_cookie does not respect expiry time- Resolves: #1869075 - CVE-2020-11984 httpd:2.4/httpd: mod_proxy_uswgi buffer overflow- Resolves: #1872828 - httpd: typo in htpasswd, contained in httpd-tools package- Resolves: #1869576 - httpd : mod_proxy should allow to specify Proxy-Authorization in ProxyRemote directive- Resolves: #1875844 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout- Resolves: #1891829 - mod_proxy_hcheck Doesn\'t perform checks when in a balancer * Mon Jun 15 2020 Joe Orton - 2.4.37-30- Resolves: #1209162 - support logging to journald from CustomLog * Mon Jun 08 2020 Lubos Uhliarik - 2.4.37-29- Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value * Fri May 29 2020 Lubos Uhliarik - 2.4.37-28- Related: #1771847 - BalancerMember ping parameter for mod_proxy_http doesn\'t work * Tue Apr 14 2020 Lubos Uhliarik - 2.4.37-27- Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations vulnerable to open redirect- Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential open redirect- Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site scripting in mod_proxy error page- Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference in mod_remoteip- Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http doesn\'t work- Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive * Mon Dec 02 2019 Lubos Uhliarik - 2.4.37-21- Resolves: #1775158 - POST request with TLS 1.3 PHA client auth fails: Re-negotiation handshake failed: Client certificate missing * Sun Dec 01 2019 Lubos Uhliarik - 2.4.37-20- Resolves: #1704317 - Add support for SSLKEYLOGFILE * Thu Nov 28 2019 Joe Orton - 2.4.37-19- mod_cgid: enable fd passing (#1633224) * Mon Nov 18 2019 Lubos Uhliarik - 2.4.37-18- Resolves: #1744121 - Unexpected OCSP in proxy SSL connection- Resolves: #1725031 - htpasswd: support SHA-x passwords for FIPS compatibility- Resolves: #1633224 - mod_cgid logging issues * Wed Oct 02 2019 Lubos Uhliarik - 2.4.37-17- remove bundled mod_md module- Related: #1747898 - add mod_md package * Thu Aug 29 2019 Lubos Uhliarik - 2.4.37-16- Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service- Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service- Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service * Tue Jul 16 2019 Lubos Uhliarik - 2.4.37-15- Resolves: #1730721 - absolute path used for default state and runtime dir by default * Thu Jun 27 2019 Lubos Uhliarik - 2.4.37-14- Resolves: #1724549 - httpd response contains garbage in Content-Type header * Wed Jun 12 2019 Lubos Uhliarik - 2.4.37-13- Resolves: #1696142 - CVE-2019-0217 httpd:2.4/httpd: mod_auth_digest: access control bypass due to race condition- Resolves: #1696097 - CVE-2019-0220 httpd:2.4/httpd: URL normalization inconsistency- Resolves: #1669221 - `ExtendedStatus Off` directive when using mod_systemd causes systemctl to hang- Resolves: #1673022 - httpd can not be started with mod_md enabled * Mon Apr 08 2019 Lubos Uhliarik - 2.4.37-11- Resolves: #1695432 - CVE-2019-0211 httpd: privilege escalation from modules scripts- Resolves: #1696091 - CVE-2019-0215 httpd:2.4/httpd: mod_ssl: access control bypass when using per-location client certification authentication * Wed Feb 06 2019 Lubos Uhliarik - 2.4.37-10- Resolves: #1672977 - state-dir corruption on reload * Tue Feb 05 2019 Lubos Uhliarik - 2.4.37-9- Resolves: #1670716 - Coredump when starting in FIPS mode * Fri Feb 01 2019 Joe Orton - 2.4.37-8- add security fix for CVE-2019-0190 (#1671282) * Tue Dec 11 2018 Joe Orton - 2.4.37-7- add DefaultStateDir/ap_state_dir_relative() (#1653009)- mod_dav_fs: use state dir for default DAVLockDB- mod_md: use state dir for default MDStoreDir * Mon Dec 10 2018 Joe Orton - 2.4.37-6- add httpd.conf(5) (#1611361) * Mon Nov 26 2018 Luboš Uhliarik - 2.4.37-5- Resolves: #1652966 - Missing RELEASE in http header * Fri Nov 23 2018 Luboš Uhliarik - 2.4.37-4- Resolves: #1641951 - No Documentation= line in htcacheclean.service files * Fri Nov 23 2018 Luboš Uhliarik - 2.4.37-3- Resolves: #1643713 - TLS connection allowed while all protocols are forbidden * Thu Nov 22 2018 Joe Orton - 2.4.37-2- mod_ssl: fix off-by-one causing crashes in CGI children (#1649428) * Wed Nov 21 2018 Lubos Uhliarik - 2.4.37-1- Resolves: #1644625 - httpd rebase to 2.4.37 * Thu Oct 18 2018 Luboš Uhliarik - 2.4.35-10- Related: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen * Tue Oct 16 2018 Lubos Uhliarik - 2.4.35-9- mod_ssl: allow sending multiple CA names which differ only in case * Tue Oct 16 2018 Joe Orton - 2.4.35-7- mod_ssl: drop SSLRandomSeed from default config (#1638730)- mod_ssl: follow OpenSSL protocol defaults if SSLProtocol is not configured (Rob Crittenden, #1638738) * Mon Oct 15 2018 Joe Orton - 2.4.35-5- mod_ssl: don\'t require SSLCryptoDevice to be set for PKCS#11 cert * Mon Oct 15 2018 Lubos Uhliarik - 2.4.35-4- Resolves: #1635681 - sync with Fedora 28/29 httpd- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in default configuration; now follow OpenSSL system default (#1468322)- dropped NPN support- mod_md: change hard-coded default MdStoreDir to state/md (#1563846)- don\'t block on service try-restart in posttrans scriptlet- build and load mod_brotli- mod_systemd: show bound ports in status and log to journal at startup- updated httpd.service.xml man page- tweak wording in privkey passphrase prompt- drop sslmultiproxy patch- apachectl: don\'t read /etc/sysconfig/httpd- drop irrelevant Obsoletes for devel subpackage- move instantiated httpdAATT.service to main httpd package * Mon Oct 15 2018 Lubos Uhliarik - 2.4.35-3- Resolves: #1602548 - various covscan fixes * Thu Sep 27 2018 Lubos Uhliarik - 2.4.35-2- apache httpd can work with TLS 1.3 (#1617997)- drop SSLv3 support patch * Thu Sep 27 2018 Lubos Uhliarik - 2.4.35-1- new version 2.4.35 (#1632754) * Mon Sep 03 2018 Lubos Uhliarik - 2.4.33-4- mod_ssl: enable SSLv3 and change behavior of \"SSLProtocol All\" configuration (#1622630) * Thu Jul 26 2018 Joe Orton - 2.4.33-3- mod_ssl: add PKCS#11 cert/key support (Anderson Sasaki, #1527084) * Mon Apr 30 2018 Luboš Uhliarik - 2.4.33-2- new version 2.4.33- add mod_md subpackage; load mod_proxy_uwsgi by default * Mon Apr 30 2018 Joe Orton - 2.4.28-8- remove %ghosted /etc/sysconfig/httpd (#1572676) * Wed Mar 07 2018 Luboš Uhliarik - 2.4.28-2- Resolves: #1512563 - httpd: update welcome page branding- Resolves: #1511123 - RFE: httpd use event MPM by default- Resolves: #1493510 - RFE: httpd, add IP_FREEBIND support for Listen * Fri Oct 06 2017 Luboš Uhliarik - 2.4.28-1- new version 2.4.28 * Tue Oct 03 2017 Joe Orton - 2.4.27-14- add notes on enabling httpd_graceful_shutdown boolean for prefork * Fri Sep 22 2017 Joe Orton - 2.4.27-13- drop Requires(post) for mod_ssl * Fri Sep 22 2017 Joe Orton - 2.4.27-12- better error handling in httpd-ssl-gencerts (#1494556) * Thu Sep 21 2017 Stephen Gallagher - 2.4.27-11- Require sscg 2.2.0 for creating service and CA certificates together * Thu Sep 21 2017 Jeroen van Meeuwen - 2.4.27-10- Address CVE-2017-9798 by applying patch from upstream (#1490344) * Thu Sep 21 2017 Joe Orton - 2.4.27-9- use sscg defaults; append CA cert to generated cert- document httpd-init.service in httpd-init.service(8) * Thu Sep 21 2017 Jeroen van Meeuwen - 2.4.27-8- Address CVE-2017-9798 by applying patch from upstream (#1490344) * Wed Sep 20 2017 Stephen Gallagher - 2.4.27-8.1- Generate SSL certificates on service start, not %posttrans * Tue Sep 19 2017 Joe Orton - 2.4.27-8.1- move httpd.service.d, httpd.socket.d dirs to -filesystem * Wed Sep 13 2017 Joe Orton - 2.4.27-7- add new content-length filter (upstream PR 61222) * Wed Aug 02 2017 Fedora Release Engineering - 2.4.27-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 2.4.27-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jul 18 2017 Joe Orton - 2.4.27-4- update mod_systemd (r1802251) * Mon Jul 17 2017 Joe Orton - 2.4.27-3- switch to event by default for Fedora 27 and later (#1471708) * Wed Jul 12 2017 Luboš Uhliarik - 2.4.27-2- Resolves: #1469959 - httpd update cleaned out /etc/sysconfig * Mon Jul 10 2017 Luboš Uhliarik - 2.4.27-1- new version 2.4.27 * Fri Jun 30 2017 Joe Orton - 2.4.26-2- mod_proxy_fcgi: fix further regressions (PR 61202) * Mon Jun 19 2017 Luboš Uhliarik - 2.4.26-1- new version 2.4.26 * Mon Jun 05 2017 Joe Orton - 2.4.25-10- move unit man pages to section 8, add as Documentation= in units * Fri May 19 2017 Joe Orton - 2.4.25-9- add httpd.service(5) and httpd.socket(5) man pages * Tue May 16 2017 Joe Orton - 2.4.25-8- require mod_http2, now packaged separately * Wed Mar 29 2017 Luboš Uhliarik - 2.4.25-7- Resolves: #1397243 - Backport Apache Bug 53098 - mod_proxy_ajp: patch to set worker secret passed to tomcat * Tue Mar 28 2017 Luboš Uhliarik - 2.4.25-6- Resolves: #1434916 - httpd.service: Failed with result timeout * Fri Mar 24 2017 Joe Orton - 2.4.25-5- link only httpd, not support/ * against -lselinux -lsystemd * Fri Feb 10 2017 Fedora Release Engineering - 2.4.25-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Jan 12 2017 Joe Orton - 2.4.25-3- mod_watchdog: restrict thread lifetime (#1410883) * Thu Dec 22 2016 Luboš Uhliarik - 2.4.25-2- Resolves: #1358875 - require nghttp2 >= 1.5.0 * Thu Dec 22 2016 Luboš Uhliarik - 2.4.25-1- new version 2.4.25 * Mon Dec 05 2016 Luboš Uhliarik - 2.4.23-7- Resolves: #1401530 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 * Mon Nov 14 2016 Joe Orton - 2.4.23-6- fix build with OpenSSL 1.1 (#1392900)- fix typos in ssl.conf (josef randinger, #1379407) * Wed Nov 02 2016 Joe Orton - 2.4.23-5- no longer package /etc/sysconfig/httpd- synch ssl.conf with upstream * Mon Jul 18 2016 Joe Orton - 2.4.23-4- add security fix for CVE-2016-5387 * Thu Jul 07 2016 Joe Orton - 2.4.23-3- load mod_watchdog by default (#1353582) * Thu Jul 07 2016 Joe Orton - 2.4.23-2- restore build of mod_proxy_fdpass (#1325883)- improve check tests to catch configured-but-not-built modules * Thu Jul 07 2016 Joe Orton - 2.4.23-1- update to 2.4.23 (#1325883, #1353203)- load mod_proxy_hcheck- recommend use of \"systemctl edit\" in httpd.service * Thu Apr 07 2016 Joe Orton - 2.4.18-6- have \"apachectl graceful\" start httpd if not running, per man page * Wed Apr 06 2016 Joe Orton - 2.4.18-5- use redirects for lang-specific /manual/ URLs * Fri Mar 18 2016 Joe Orton - 2.4.18-4- fix welcome page HTML validity (Ville Skyttä) * Fri Mar 18 2016 Joe Orton - 2.4.18-3- remove httpd pre script (duplicate of httpd-filesystem\'s)- in httpd-filesystem pre script, create group/user iff non-existent * Wed Feb 03 2016 Fedora Release Engineering - 2.4.18-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Mon Dec 14 2015 Jan Kaluza - 2.4.18-1- update to new version 2.4.18 * Wed Dec 09 2015 Joe Orton - 2.4.17-4- re-enable mod_asis due to popular demand (#1284315) * Mon Oct 26 2015 Jan Kaluza - 2.4.17-3- fix crash when using -X argument (#1272234) * Wed Oct 14 2015 Jan Kaluza - 2.4.17-2- rebase socket activation patch to 2.4.17 * Tue Oct 13 2015 Joe Orton - 2.4.17-1- update to 2.4.17 (#1271224)- build, load mod_http2- don\'t build mod_asis, mod_file_cache- load mod_cache_socache, mod_proxy_wstunnel by default- check every built mod_ * is configured- synch ssl.conf with upstream; disable SSLv3 by default * Wed Jul 15 2015 Jan Kaluza - 2.4.12-4- update to 2.4.16 * Tue Jul 07 2015 Joe Orton - 2.4.12-3- mod_ssl: use \"localhost\" in the dummy SSL cert if len(FQDN) > 59 chars * Wed Jun 17 2015 Fedora Release Engineering - 2.4.12-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Fri Mar 27 2015 Jan Kaluza - 2.4.12-1- update to 2.4.12 * Tue Mar 24 2015 Jan Kaluza - 2.4.10-17- fix compilation with lua-5.3 * Tue Mar 24 2015 Jan Kaluza - 2.4.10-16- remove filter for auto-provides of httpd modules, it is not needed since F20 * Wed Dec 17 2014 Jan Kaluza - 2.4.10-15- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109) * Tue Oct 14 2014 Joe Orton - 2.4.10-14- require apr-util 1.5.x * Thu Sep 18 2014 Jan Kaluza - 2.4.10-13- use NoDelay and DeferAcceptSec in httpd.socket * Mon Sep 08 2014 Jan Kaluza - 2.4.10-12- increase suexec minimum acceptable uid/gid to 1000 (#1136391) * Wed Sep 03 2014 Jan Kaluza - 2.4.10-11- fix hostname requirement and conflict with openssl-libs * Mon Sep 01 2014 Jan Kaluza - 2.4.10-10- use KillMode=mixed in httpd.service (#1135122) * Fri Aug 29 2014 Joe Orton - 2.4.10-9- set vstring based on /etc/os-release (Pat Riehecky, #1114539) * Fri Aug 29 2014 Joe Orton - 2.4.10-8- pull in httpd-filesystem as Requires(pre) (#1128328)- fix cipher selection in default ssl.conf, depend on new OpenSSL (#1134348)- require hostname for mod_ssl post script (#1135118) * Fri Aug 22 2014 Jan Kaluza - 2.4.10-7- mod_systemd: updated to the latest version- use -lsystemd instead of -lsystemd-daemon (#1125084)- fix possible crash in SIGINT handling (#958934) * Thu Aug 21 2014 Joe Orton - 2.4.10-6- mod_ssl: treat \"SSLCipherSuite PROFILE=...\" as special (#1109119)- switch default ssl.conf to use PROFILE=SYSTEM (#1109119) * Sat Aug 16 2014 Fedora Release Engineering - 2.4.10-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Aug 15 2014 Jan Kaluza - 2.4.10-4- add /usr/bin/useradd dependency to -filesystem requires * Thu Aug 14 2014 Jan Kaluza - 2.4.10-3- fix creating apache user in pre script (#1128328) * Thu Jul 31 2014 Joe Orton - 2.4.10-2- enable mod_request by default for mod_auth_form- move disabled-by-default modules from 00-base.conf to 00-optional.conf * Mon Jul 21 2014 Joe Orton - 2.4.10-1- update to 2.4.10- expand variables in docdir example configs * Tue Jul 08 2014 Jan Kaluza - 2.4.9-8- add support for systemd socket activation (#1111648) * Mon Jul 07 2014 Jan Kaluza - 2.4.9-7- remove conf.modules.d from httpd-filesystem subpackage (#1081453) * Mon Jul 07 2014 Jan Kaluza - 2.4.9-6- add httpd-filesystem subpackage (#1081453) * Fri Jun 20 2014 Joe Orton - 2.4.9-5- mod_ssl: don\'t use the default OpenSSL cipher suite in ssl.conf (#1109119) * Sat Jun 07 2014 Fedora Release Engineering - 2.4.9-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Mar 28 2014 Jan Kaluza - 2.4.9-3- add support for SetHandler + proxy (#1078970) * Thu Mar 27 2014 Jan Kaluza - 2.4.9-2- move macros from /etc/rpm to macros.d (#1074277)- remove unused patches * Mon Mar 17 2014 Jan Kaluza - 2.4.9-1- update to 2.4.9 * Fri Feb 28 2014 Joe Orton - 2.4.7-6- use 2048-bit RSA key with SHA-256 signature in dummy certificate * Fri Feb 28 2014 Stephen Gallagher 2.4.7-5- Create drop directory for systemd snippets * Thu Feb 27 2014 Jan Kaluza - 2.4.7-4- remove provides of old MMN, because it contained double-dash (#1068851) * Thu Feb 20 2014 Jan Kaluza - 2.4.7-3- fix graceful restart using legacy actions * Thu Dec 12 2013 Joe Orton - 2.4.7-2- conflict with pre-1.5.0 APR- fix sslsninotreq patch * Wed Nov 27 2013 Joe Orton - 2.4.7-1- update to 2.4.7 (#1034071) * Fri Nov 22 2013 Joe Orton - 2.4.6-10- switch to requiring system-logos-httpd (#1031288) * Tue Nov 12 2013 Joe Orton - 2.4.6-9- change mmnisa to drop \"-\" altogether * Tue Nov 12 2013 Joe Orton - 2.4.6-8- drop ambiguous invalid \"-\" in RHS of httpd-mmn Provide, keeping old Provide for transition * Fri Nov 01 2013 Jan Kaluza - 2.4.6-7- systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg * Thu Oct 31 2013 Joe Orton - 2.4.6-6- mod_ssl: allow SSLEngine to override Listen-based default (r1537535) * Thu Oct 24 2013 Jan kaluza - 2.4.6-5- systemd: send SIGWINCH signal without httpd -k in ExecStop * Mon Oct 21 2013 Joe Orton - 2.4.6-4- load mod_macro by default (#998452)- add README to conf.modules.d- mod_proxy_http: add possible fix for threading issues (r1534321)- core: add fix for truncated output with CGI scripts (r1530793) * Thu Oct 10 2013 Jan Kaluza - 2.4.6-3- require fedora-logos-httpd (#1009162) * Wed Jul 31 2013 Jan Kaluza - 2.4.6-2- revert fix for dumping vhosts twice * Mon Jul 22 2013 Joe Orton - 2.4.6-1- update to 2.4.6- mod_ssl: use revised NPN API (r1487772) * Thu Jul 11 2013 Jan Kaluza - 2.4.4-12- mod_unique_id: replace use of hostname + pid with PRNG output (#976666)- apxs: mention -p option in manpage * Tue Jul 02 2013 Joe Orton - 2.4.4-11- add patch for aarch64 (Dennis Gilmore, #925558) * Mon Jul 01 2013 Joe Orton - 2.4.4-10- remove duplicate apxs man page from httpd-tools * Mon Jun 17 2013 Joe Orton - 2.4.4-9- remove zombie dbmmanage script * Fri May 31 2013 Jan Kaluza - 2.4.4-8- return 400 Bad Request on malformed Host header * Fri May 24 2013 Jan Kaluza - 2.4.4-7- ignore /etc/sysconfig/httpd and document systemd way of setting env variables in this file * Mon May 20 2013 Jan Kaluza - 2.4.4-6- htpasswd/htdbm: fix hash generation bug (#956344)- do not dump vhosts twice in httpd -S output (#928761)- mod_cache: fix potential crash caused by uninitialized variable (#954109) * Thu Apr 18 2013 Jan Kaluza - 2.4.4-5- execute systemctl reload as result of apachectl graceful- mod_ssl: ignore SNI hints unless required by config- mod_cache: forward-port CacheMaxExpire \"hard\" option- mod_ssl: fall back on another module\'s proxy hook if mod_ssl proxy is not configured. * Tue Apr 16 2013 Jan Kaluza - 2.4.4-4- fix service file to not send SIGTERM after ExecStop (#906321, #912288) * Tue Mar 26 2013 Jan Kaluza - 2.4.4-3- protect MIMEMagicFile with IfModule (#893949) * Tue Feb 26 2013 Joe Orton - 2.4.4-2- really package mod_auth_form in mod_session (#915438) * Tue Feb 26 2013 Joe Orton - 2.4.4-1- update to 2.4.4- fix duplicate ownership of mod_session config (#914901) * Fri Feb 22 2013 Joe Orton - 2.4.3-17- add mod_session subpackage, move mod_auth_form there (#894500) * Thu Feb 14 2013 Fedora Release Engineering - 2.4.3-16- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 08 2013 Joe Orton - 2.4.3-15- add systemd service for htcacheclean * Tue Nov 13 2012 Joe Orton - 2.4.3-14- drop patch for r1344712 * Tue Nov 13 2012 Joe Orton - 2.4.3-13- filter mod_ *.so auto-provides (thanks to rcollet)- pull in syslog logging fix from upstream (r1344712) * Fri Oct 26 2012 Joe Orton - 2.4.3-12- rebuild to pick up new apr-util-ldap * Tue Oct 23 2012 Joe Orton - 2.4.3-11- rebuild * Wed Oct 03 2012 Joe Orton - 2.4.3-10- pull upstream patch r1392850 in addition to r1387633 * Mon Oct 01 2012 Joe Orton - 2.4.3-9- define PLATFORM in os.h using vendor string * Mon Oct 01 2012 Joe Orton - 2.4.3-8- use systemd script unconditionally (#850149) * Mon Oct 01 2012 Joe Orton - 2.4.3-7- use systemd scriptlets if available (#850149)- don\'t run posttrans restart if /etc/sysconfig/httpd-disable-posttrans exists * Mon Oct 01 2012 Jan Kaluza - 2.4.3-6- use systemctl from apachectl (#842736) * Wed Sep 19 2012 Joe Orton - 2.4.3-5- fix some error log spam with graceful-stop (r1387633)- minor mod_systemd tweaks * Thu Sep 13 2012 Joe Orton - 2.4.3-4- use IncludeOptional for conf.d/ *.conf inclusion * Fri Sep 07 2012 Jan Kaluza - 2.4.3-3- adding mod_systemd to integrate with systemd better * Tue Aug 21 2012 Joe Orton - 2.4.3-2- mod_ssl: add check for proxy keypair match (upstream r1374214) * Tue Aug 21 2012 Joe Orton - 2.4.3-1- update to 2.4.3 (#849883)- own the docroot (#848121) * Mon Aug 06 2012 Joe Orton - 2.4.2-23- add mod_proxy fixes from upstream (r1366693, r1365604) * Thu Jul 19 2012 Fedora Release Engineering - 2.4.2-22- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jul 06 2012 Joe Orton - 2.4.2-21- drop explicit version requirement on initscripts * Thu Jul 05 2012 Joe Orton - 2.4.2-20- mod_ext_filter: fix error_log warnings * Mon Jul 02 2012 Joe Orton - 2.4.2-19- support \"configtest\" and \"graceful\" as initscripts \"legacy actions\" * Fri Jun 08 2012 Joe Orton - 2.4.2-18- avoid use of \"core\" GIF for a \"core\" directory (#168776)- drop use of \"syslog.target\" in systemd unit file * Thu Jun 07 2012 Joe Orton - 2.4.2-17- use _unitdir for systemd unit file- use /run in unit file, ssl.conf * Thu Jun 07 2012 Joe Orton - 2.4.2-16- mod_ssl: fix NPN patch merge * Wed Jun 06 2012 Joe Orton - 2.4.2-15- move tmpfiles.d fragment into /usr/lib per new guidelines- package /run/httpd not /var/run/httpd- set runtimedir to /run/httpd likewise * Wed Jun 06 2012 Joe Orton - 2.4.2-14- fix htdbm/htpasswd crash on crypt() failure (#818684) * Wed Jun 06 2012 Joe Orton - 2.4.2-13- pull fix for NPN patch from upstream (r1345599) * Thu May 31 2012 Joe Orton - 2.4.2-12- update suexec patch to use LOG_AUTHPRIV facility * Thu May 24 2012 Joe Orton - 2.4.2-11- really fix autoindex.conf (thanks to remiAATT) * Thu May 24 2012 Joe Orton - 2.4.2-10- fix autoindex.conf to allow symlink to poweredby.png * Wed May 23 2012 Joe Orton - 2.4.2-9- suexec: use upstream version of patch for capability bit support * Wed May 23 2012 Joe Orton - 2.4.2-8- suexec: use syslog rather than suexec.log, drop dac_override capability * Tue May 01 2012 Joe Orton - 2.4.2-7- mod_ssl: add TLS NPN support (r1332643, #809599) * Tue May 01 2012 Joe Orton - 2.4.2-6- add BR on APR >= 1.4.0 * Fri Apr 27 2012 Joe Orton - 2.4.2-5- use systemctl from logrotate (#221073) * Fri Apr 27 2012 Joe Orton - 2.4.2-4- pull from upstream: * use TLS close_notify alert for dummy_connection (r1326980+) * cleanup symbol exports (r1327036+) * Fri Apr 20 2012 Joe Orton - 2.4.2-3- really fix restart * Fri Apr 20 2012 Joe Orton - 2.4.2-2- tweak default ssl.conf- fix restart handling (#814645)- use graceful restart by default * Wed Apr 18 2012 Jan Kaluza - 2.4.2-1- update to 2.4.2 * Fri Mar 23 2012 Joe Orton - 2.4.1-6- fix macros * Fri Mar 23 2012 Joe Orton - 2.4.1-5- add _httpd_moddir to macros * Tue Mar 13 2012 Joe Orton - 2.4.1-4- fix symlink for poweredby.png- fix manual.conf * Tue Mar 13 2012 Joe Orton - 2.4.1-3- add mod_proxy_html subpackage (w/mod_proxy_html + mod_xml2enc)- move mod_ldap, mod_authnz_ldap to mod_ldap subpackage * Tue Mar 13 2012 Joe Orton - 2.4.1-2- clean docroot better- ship proxy, ssl directories within /var/cache/httpd- default config: * unrestricted access to (only) /var/www * remove (commented) Mutex, MaxRanges, ScriptSock * split autoindex config to conf.d/autoindex.conf- ship additional example configs in docdir * Tue Mar 06 2012 Joe Orton - 2.4.1-1- update to 2.4.1- adopt upstream default httpd.conf (almost verbatim)- split all LoadModules to conf.modules.d/ *.conf- include conf.d/ *.conf at end of httpd.conf- trim %changelog * Mon Feb 13 2012 Joe Orton - 2.2.22-2- fix build against PCRE 8.30 * Mon Feb 13 2012 Joe Orton - 2.2.22-1- update to 2.2.22 * Fri Feb 10 2012 Petr Pisar - 2.2.21-8- Rebuild against PCRE 8.30 * Mon Jan 23 2012 Jan Kaluza - 2.2.21-7- fix #783629 - start httpd after named * Mon Jan 16 2012 Joe Orton - 2.2.21-6- complete conversion to systemd, drop init script (#770311)- fix comments in /etc/sysconfig/httpd (#771024)- enable PrivateTmp in service file (#781440)- set LANG=C in /etc/sysconfig/httpd * Fri Jan 13 2012 Fedora Release Engineering - 2.2.21-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Dec 06 2011 Jan Kaluza - 2.2.21-4- fix #751591 - start httpd after remote-fs * Mon Oct 24 2011 Jan Kaluza - 2.2.21-3- allow change state of BalancerMember in mod_proxy_balancer web interface * Thu Sep 22 2011 Ville Skyttä - 2.2.21-2- Make mmn available as %{_httpd_mmn}.- Add .svgz to AddEncoding x-gzip example in httpd.conf. * Tue Sep 13 2011 Joe Orton - 2.2.21-1- update to 2.2.21 * Mon Sep 05 2011 Joe Orton - 2.2.20-1- update to 2.2.20- fix MPM stub man page generation * Wed Aug 10 2011 Jan Kaluza - 2.2.19-5- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd * Fri Jul 22 2011 Iain Arnell 1:2.2.19-4- rebuild while rpm-4.9.1 is untagged to remove trailing slash in provided directory names * Wed Jul 20 2011 Jan Kaluza - 2.2.19-3- fix #716621 - suexec now works without setuid bit * Thu Jul 14 2011 Jan Kaluza - 2.2.19-2- fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve * Fri Jul 01 2011 Joe Orton - 2.2.19-1- update to 2.2.19- enable dbd, authn_dbd in default config * Thu Apr 14 2011 Joe Orton - 2.2.17-13- fix path expansion in service files * Tue Apr 12 2011 Joe Orton - 2.2.17-12- add systemd service files (#684175, thanks to Jóhann B. Guðmundsson) * Wed Mar 23 2011 Joe Orton - 2.2.17-11- minor updates to httpd.conf- drop old patches * Wed Mar 02 2011 Joe Orton - 2.2.17-10- rebuild * Wed Feb 23 2011 Joe Orton - 2.2.17-9- use arch-specific mmn * Wed Feb 09 2011 Fedora Release Engineering - 2.2.17-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Jan 31 2011 Joe Orton - 2.2.17-7- generate dummy mod_ssl cert with CA:FALSE constraint (#667841)- add man page stubs for httpd.event, httpd.worker- drop distcache support- add STOP_TIMEOUT support to init script * Sat Jan 08 2011 Joe Orton - 2.2.17-6- update default SSLCipherSuite per upstream trunk | |