Hello community, here is the log from the commit of package apache2 for openSUSE:Factory checked in at Tue Nov 30 18:39:46 CET 2010. -------- --- apache2/apache2.changes 2010-10-05 19:17:56.000000000 +0200 +++ apache2/apache2.changes 2010-10-21 16:13:51.000000000 +0200 @@ -1,0 +2,46 @@ +Tue Oct 19 17:16:16 UTC 2010 - poeml@cmdline.net + +- update to 2.2.17: + SECURITY: CVE-2010-1623 (cve.mitre.org) + Fix a denial of service attack against apr_brigade_split_line(). + [Actual fix is in the libapr 1.3 line, which we don't use // poeml] + SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) + Fix two buffer over-read flaws in the bundled copy of expat which could + cause applications to crash while parsing specially-crafted XML documents. + [We build with system expat library // poeml] + prefork MPM: Run cleanups for final request when process exits gracefully + to work around a flaw in apr-util. PR 43857 + core: + - check symlink ownership if both FollowSymlinks and + SymlinksIfOwnerMatch are set + - fix origin checking in SymlinksIfOwnerMatch PR 36783 + - (re)-introduce -T commandline option to suppress documentroot + check at startup. PR 41887 + vhost: + - A purely-numeric Host: header should not be treated as a port. PR 44979 + rotatelogs: + - Fix possible buffer overflow if admin configures a + mongo log file path. + Proxy balancer: support setting error status according to HTTP response + code from a backend. PR 48939. + mod_authnz_ldap: + - If AuthLDAPCharsetConfig is set, also convert the + password to UTF-8. PR 45318. + mod_dir, mod_negotiation: + - Pass the output filter information to newly created sub requests; as these + are later on used as true requests with an internal redirect. This allows + for mod_cache et.al. to trap the results of the redirect. PR 17629, 43939 + mod_headers: + - Enable multi-match-and-replace edit option PR 46594 + mod_log_config: + - Make ${cookie}C correctly match whole cookie names + instead of substrings. PR 28037. + mod_reqtimeout: + - Do not wrongly enforce timeouts for mod_proxy's backend + connections and other protocol handlers (like mod_ftp). Enforce the + timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering + close time from 30 to 2 seconds. + mod_ssl: + - Do not do overlapping memcpy. PR 45444 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- httpd-2.2.16.tar.bz2 New: ---- httpd-2.2.17.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2.spec ++++++ --- /var/tmp/diff_new_pack.aFuBvB/_old 2010-11-30 18:37:12.000000000 +0100 +++ /var/tmp/diff_new_pack.aFuBvB/_new 2010-11-30 18:37:12.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package apache2 (Version 2.2.16) +# spec file for package apache2 (Version 2.2.17) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -67,9 +67,9 @@ %define platform_string Linux/%VENDOR License: ASLv.. Group: Productivity/Networking/Web/Servers -%define realver 2.2.16 -Version: 2.2.16 -Release: 2 +%define realver 2.2.17 +Version: 2.2.17 +Release: 1 #Source0: http://www.apache.org/dist/httpd-%{version}.tar.bz2 Source0: http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2 # Add file to take mtime from it in prep section ++++++ httpd-2.2.16.tar.bz2 -> httpd-2.2.17.tar.bz2 ++++++ ++++ 149305 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org