Hello community,
here is the log from the commit of package apache2-mod_jk for openSUSE:Factory checked in at 2018-11-06 14:38:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2-mod_jk (Old)
and /work/SRC/openSUSE:Factory/.apache2-mod_jk.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_jk"
Tue Nov 6 14:38:42 2018 rev:35 rq:646387 version:1.2.46
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2-mod_jk/apache2-mod_jk.changes 2018-09-26 16:12:04.767420624 +0200
+++ /work/SRC/openSUSE:Factory/.apache2-mod_jk.new/apache2-mod_jk.changes 2018-11-06 14:39:16.556606256 +0100
@@ -1,0 +2,32 @@
+Mon Nov 5 09:56:03 UTC 2018 - Pedro Monreal Gonzalez
+
+- Update to version 1.2.46
+ Fixes:
+ * Apache: Fix regression in 1.2.44 which resulted in
+ socket_connect_timeout to be interpreted in units of seconds
+ instead of milliseconds on platforms that provide poll(). (rjung)
+ * Security: CVE-2018-11759 Connector path traversal [bsc#1114612]
+
+- Update to version 1.2.45
+ Fixes:
+ * Correct regression in 1.2.44 that broke request handling for
+ OPTIONS * requests. (rjung)
+ * Improve path parameter parsing so that the session ID specified
+ by the session_path worker property for load-balanced workers
+ can be extracted from a path parameter in any segment of the
+ URI, rather than only from the final segment. (markt)
+ * Apache: Improve path parameter handling so that JkStripSession
+ can remove session IDs that are specified on path parameters in any
+ segment of the URI rather than only the final segment. (markt)
+ * IIS: Improve path parameter handling so that strip_session can
+ remove session IDs that are specified on path parameters in any
+ segment of the URI rather than only the final segment. (markt)
+ Updates:
+ * Apache: Update the documentation to note additional
+ limitations of the JkAutoAlias directive. (markt)
+ Code:
+ * Common: Optimize path parameter handling. (rjung)
+
+- Cleaned with spec-cleaner
+
+-------------------------------------------------------------------
Old:
----
tomcat-connectors-1.2.44-src.tar.gz
tomcat-connectors-1.2.44-src.tar.gz.asc
New:
----
tomcat-connectors-1.2.46-src.tar.gz
tomcat-connectors-1.2.46-src.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_jk.spec ++++++
--- /var/tmp/diff_new_pack.pYJkIY/_old 2018-11-06 14:39:24.340594494 +0100
+++ /var/tmp/diff_new_pack.pYJkIY/_new 2018-11-06 14:39:24.348594482 +0100
@@ -12,18 +12,18 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define connectors_root tomcat-connectors-%{version}-src
Name: apache2-mod_jk
-Version: 1.2.44
+Version: 1.2.46
Release: 0
Summary: Connectors between Apache and Tomcat Servlet Container
License: Apache-2.0
Group: Productivity/Networking/Web/Frontends
-Url: http://tomcat.apache.org/connectors-doc/
+URL: http://tomcat.apache.org/connectors-doc/
Source0: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-%{version}-src.tar.gz
Source1: jk.conf
Source2: README.SUSE
@@ -40,7 +40,6 @@
Provides: tomcat-mod = %{version}
Obsoletes: mod_jk-ap20 < %{version}
Obsoletes: tomcat-mod < %{version}
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package provides modules for Apache to invisibly integrate Tomcat
@@ -81,8 +80,8 @@
set -x
%files
-%defattr(-,root,root,-)
-%doc LICENSE README.SUSE
+%license LICENSE
+%doc README.SUSE
%doc conf/workers.properties
%doc jk.conf
%{apache_libexecdir}/*
++++++ tomcat-connectors-1.2.44-src.tar.gz -> tomcat-connectors-1.2.46-src.tar.gz ++++++
++++ 1764 lines of diff (skipped)