Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at Wed Jul 29 15:14:50 CEST 2009. -------- --- apache2/apache2.changes 2009-06-09 17:11:05.000000000 +0200 +++ /mounts/work_src_done/STABLE/apache2/apache2.changes 2009-07-27 22:55:50.000000000 +0200 @@ -1,0 +2,125 @@ +Mon Jul 27 22:20:11 CEST 2009 - poeml@suse.de + +- update to 2.2.12: + SECURITY: CVE-2009-1891 (cve.mitre.org) + Fix a potential Denial-of-Service attack against mod_deflate or other + modules, by forcing the server to consume CPU time in compressing a + large file after a client disconnects. PR 39605. + SECURITY: CVE-2009-1195 (cve.mitre.org) + Prevent the "Includes" Option from being enabled in an .htaccess + file if the AllowOverride restrictions do not permit it. + SECURITY: CVE-2009-1890 (cve.mitre.org) + Fix a potential Denial-of-Service attack against mod_proxy in a + reverse proxy configuration, where a remote attacker can force a + proxy process to consume CPU time indefinitely. + SECURITY: CVE-2009-1191 (cve.mitre.org) + mod_proxy_ajp: Avoid delivering content from a previous request which + failed to send a request body. PR 46949 + SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org) + The bundled copy of the APR-util library has been updated, fixing three + different security issues which may affect particular configurations + and third-party modules. + core: + - New piped log syntax: Use "||process args" to launch the given process + without invoking the shell/command interpreter. Use "|$command line" + (the default behavior of "|command line" in 2.2) to invoke using shell, + consuming an additional shell process for the lifetime of the logging + pipe program but granting additional process invocation flexibility. + - prefork: Fix child process hang during graceful restart/stop in + configurations with multiple listening sockets. PR 42829. + - Translate the status line to ASCII on EBCDIC platforms in + ap_send_interim_response() and for locally generated "100 + Continue" responses. + - CGI: return 504 (Gateway timeout) rather than 500 when a + script times out before returning status line/headers. PR 42190 + - prefork: Log an error instead of segfaulting when child startup fails + due to pollset creation failures. PR 46467. + - core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars + - Set Listen protocol to "https" if port is set to 443 and no proto is specified + (as documented but not implemented). PR 46066 + - Output -M and -S dumps (modules and vhosts) to stdout instead of stderr. + PR 42571 and PR 44266 (dup). + mod_alias: + - check sanity in Redirect arguments. PR 44729 + - Ensure Redirect emits HTTP-compliant URLs. PR 44020 + mod_authnz_ldap: + - Reduce number of initialization debug messages and make + information more clear. PR 46342 + mod_cache: + - Introduce 'no-cache' per-request environment variable to + prevent the saving of an otherwise cacheable response. + - Correctly save Content-Encoding of cachable entity. PR 46401 + - When an explicit Expires or Cache-Control header is set, cache + normally non-cacheable response statuses. PR 46346. + mod_cgid: + - fix segfault problem on solaris. PR 39332 + mod_disk_cache: + - The module now turns off sendfile support if 'EnableSendfile + off' is defined globally. PR 41218. + mod_disk_cache/mod_mem_cache: + - Fix handling of CacheIgnoreHeaders directive to correctly + remove headers before storing them. + mod_deflate: + - revert changes in 2.2.8 that caused an invalid etag to be + emitted for on-the-fly gzip content-encoding. PR 39727 will + require larger fixes and this fix was far more harmful than + the original code. PR 45023. + mod_ext_filter: + - fix error handling when the filter prog fails to start, and + introduce an onfail configuration option to abort the request + or to remove the broken filter and continue. PR 41120 + mod_include: + - fix potential segfault when handling back references on an + empty SSI variable. + - Prevent a case of SSI timefmt-smashing with filter chains + including multiple INCLUDES filters. PR 39369 + - support generating non-ASCII characters as entities in SSI PR + 25202 + mod_ldap: + - Avoid a segfault when result->rc is checked in + uldap_connection_init when result is NULL. This could happen + if LDAP initialization failed. PR 45994. + mod_negotiation: + - Escape pathes of filenames in 406 responses to avoid HTML + injections and HTTP response splitting. PR 46837. + mod_proxy: + - Complete ProxyPassReverse to handle balancer URL's. Given; + BalancerMember balancer://alias http://example.com/foo + ProxyPassReverse /bash balancer://alias/bar backend url + http://example.com/foo/bar/that is now translated /bash/that + mod_proxy_ajp: + - Check more strictly that the backend follows the AJP protocol. + - Forward remote port information by default. + mod_proxy_http: + - fix Host: header for literal IPv6 addresses. PR 47177 + - fix case sensitivity checking transfer encoding PR 47383 + mod_rewrite: + - Remove locking for writing to the rewritelog. PR 46942 + - Fix the error string returned by RewriteRule. RewriteRule + returned "RewriteCond: bad flag delimiters" when the 3rd + argument of RewriteRule was not started with "[" or not ended + with "]". PR 45082 + - When evaluating a proxy rule in directory context, do escape + the filename by default. PR 46428 + - Introduce DiscardPathInfo|DPI flag to stop the troublesome way + that per-directory rewrites append the previous notion of + PATH_INFO to each substitution before evaluating subsequent + rules. PR38642 + - fix "B" flag breakage by reverting r589343 PR 45529 + mod_ssl: + - Add server name indication support (RFC 4366) and better + support for name based virtual hosts with SSL. PR 34607 + - Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives + to enable stricter checking of remote server certificates. + - Add SSLRenegBufferSize directive to allow changing the size of + the buffer used for the request-body where necessary during a + per-dir renegotiation. PR 39243. + mod_substitute: + - Fix a memory leak. PR 44948 + +------------------------------------------------------------------- +Tue Jul 14 14:14:22 CEST 2009 - hvogel@suse.de + +- Fix missing -Y option in gensslcert [bnc#416888] + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- httpd-2.2.11.tar.bz2 New: ---- httpd-2.2.12.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.uvDrXy/_old 2009-07-29 15:01:09.000000000 +0200 +++ /var/tmp/diff_new_pack.uvDrXy/_new 2009-07-29 15:01:09.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package apache2 (Version 2.2.11) +# spec file for package apache2 (Version 2.2.12) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -60,11 +60,11 @@ # "Server:" header %define VENDOR SUSE %define platform_string Linux/%VENDOR -License: The Apache Software License +License: Apache Software License .. Group: Productivity/Networking/Web/Servers -%define realver 2.2.11 -Version: 2.2.11 -Release: 5 +%define realver 2.2.12 +Version: 2.2.12 +Release: 1 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 Source10: SUSE-NOTICE @@ -180,7 +180,7 @@ %if %worker %package worker -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2 worker MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Provides: %{pname}-MPM @@ -189,7 +189,7 @@ %if %prefork %package prefork -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2 "prefork" MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Provides: %{pname}-MPM @@ -201,7 +201,7 @@ %if %event %package event -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2 event MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Provides: %{pname}-MPM @@ -210,7 +210,7 @@ %if %itk %package itk -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2 "ITK" MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Provides: %{pname}-MPM @@ -272,31 +272,28 @@ %if %itk %description itk -The "ITK" MPM (Multi-Processing Module) is experimental and NOT -officially endorsed by the Apache Software Foundation, so it may or may -not work as expected. - -Apache2-mpm-itk (just mpm-itk for short) is a MPM for the Apache 2 web -server. mpm-itk allows you to run each of your vhosts under a separate -uid and gid -- in short, the scripts and configuration files for one -vhost no longer have to be readable for all the other vhosts. +The "ITK" MPM (Multi-Processing Module) is experimental and NOT officially +endorsed by the Apache Software Foundation, so it may or may not work as +expected. + +Apache2-mpm-itk (just mpm-itk for short) is a MPM for the Apache 2 web server. +mpm-itk allows you to run each of your vhosts under a separate uid and gid -- +in short, the scripts and configuration files for one vhost no longer have to +be readable for all the other vhosts. See http://mpm-itk.sesse.net/ -Authors: Too many to list here -- see -/usr/share/doc/packages/apache2/ABOUT_APACHE Steinar H. Gunderson (ITK -module) - Authors: -------- Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + Steinar H. Gunderson (ITK module) %endif %package devel -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2.0 Header and Include Files Group: Development/Libraries/C and C++ Requires: %{name} = %{version} %{pname}-MPM @@ -309,8 +306,8 @@ %package doc -License: The Apache Software License -Summary: Additional Package Documentation +License: Apache Software License .. +Summary: Additional Package Documentation. Group: Documentation/Other %if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 Provides: apache-doc @@ -324,7 +321,7 @@ %package example-pages -License: The Apache Software License +License: Apache Software License .. Summary: Example Pages for the Apache 2 Web Server Group: Productivity/Networking/Web/Servers %if 0%{?suse_version} >= 901 && 0%{?sles_version} != 9 @@ -343,7 +340,7 @@ Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE %package example-certificates -License: The Apache Software License +License: Apache Software License .. Summary: Example certificates for the Apache 2 Web Server Group: Productivity/Networking/Web/Servers @@ -357,7 +354,7 @@ Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE %package utils -License: The Apache Software License +License: Apache Software License .. Summary: Apache 2 utilities Group: Productivity/Networking/Web/Servers @@ -371,6 +368,7 @@ -------- Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE + %prep # # O/ ._ .__ ._ ++++++ gensslcert ++++++ --- /var/tmp/diff_new_pack.uvDrXy/_old 2009-07-29 15:01:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvDrXy/_new 2009-07-29 15:01:10.000000000 +0200 @@ -55,7 +55,7 @@ CAdays=$((365 * 6)) srvdays=$((365 * 2)) -while getopts C:N:c:s:l:o:u:n:e:y:dh OPT; do +while getopts C:N:c:s:l:o:u:n:e:y:Y:dh OPT; do case $OPT in C) name=$OPTARG-;; N) comment=$OPTARG;; ++++++ httpd-2.2.11.tar.bz2 -> httpd-2.2.12.tar.bz2 ++++++ ++++ 40422 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org