Hello community,
here is the log from the commit of package apache2 for openSUSE:Factory checked in at 2019-04-04 14:12:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
and /work/SRC/openSUSE:Factory/.apache2.new.3908 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2"
Thu Apr 4 14:12:08 2019 rev:155 rq:690621 version:2.4.39
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2019-03-01 20:26:24.678054918 +0100
+++ /work/SRC/openSUSE:Factory/.apache2.new.3908/apache2.changes 2019-04-04 14:12:11.701292827 +0200
@@ -1,0 +2,86 @@
+Tue Apr 2 10:26:21 UTC 2019 - pgajdos@suse.com
+
+- version update to 2.4.39
+ * mod_proxy/ssl: Cleanup per-request SSL configuration anytime a
+ backend connection is recycled/reused to avoid a possible crash
+ with some SSLProxy configurations in <Location> or <Proxy>
+ context. PR 63256. [Yann Ylavic]
+ * mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA
+ failure. [Michael Kaufmann <mail michael-kaufmann.ch>]
+ * mod_log_config: Support %{c}h for conn-hostname, %h for
+ useragent_host PR 55348
+ * mod_socache_redis: Support for Redis as socache storage
+ provider.
+ * core: new configuration option 'MergeSlashes on|off' that
+ controls handling of multiple, consecutive slash ('/')
+ characters in the path component of the request URL. [Eric
+ Covener]
+ * mod_http2: when SSL renegotiation is inhibited and a 403
+ ErrorDocument is in play, the proper HTTP/2 stream reset did
+ not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael
+ Kaufmann]
+ * mod_http2: new configuration directive: `H2Padding numbits` to
+ control padding of HTTP/2 payload frames. 'numbits' is a number
+ from 0-8, controlling the range of padding bytes added to a
+ frame. The actual number added is chosen randomly per frame.
+ This applies to HEADERS, DATA and PUSH_PROMISE frames equally.
+ The default continues to be 0, e.g. no padding. [Stefan
+ Eissing]
+ * mod_http2: ripping out all the h2_req_engine internal features
+ now that mod_proxy_http2 has no more need for it. Optional
+ functions are still declared but no longer implemented. While
+ previous mod_proxy_http2 will work with this, it is
+ recommeneded to run the matching versions of both modules.
+ [Stefan Eissing]
+ * mod_proxy_http2: changed mod_proxy_http2 implementation and
+ fixed several bugs which resolve PR63170. The proxy module does
+ now a single h2 request on the (reused) connection and returns.
+ [Stefan Eissing]
+ * mod_http2/mod_proxy_http2: proxy_http2 checks correct master
+ connection aborted status to trigger immediate shutdown of
+ backend connections. This is now always signalled by mod_http2
+ when the the session is being released. proxy_http2 now only
+ sends a PING frame to the backend when there is not already one
+ in flight. [Stefan Eissing]
+ * mod_proxy_http2: fixed an issue where a proxy_http2 handler
+ entered an infinite loop when encountering certain errors on
+ the backend connection. See
+ https://bz.apache.org/bugzilla/show_bug.cgi?id=63170. [Stefan
+ Eissing]
+ * mod_http2: Configuration directives H2Push and H2Upgrade can
+ now be specified per Location/Directory, e.g. disabling PUSH
+ for a specific set of resources. [Stefan Eissing]
+ * mod_http2: HEAD requests to some module such as mod_cgid caused
+ the stream to terminate improperly and cause a HTTP/2
+ PROTOCOL_ERROR. Fixes
+ https://github.com/icing/mod_h2/issues/167. [Michael
+ Kaufmann]
+ * http: Fix possible empty response with mod_ratelimit for HEAD
+ requests. PR 63192. [Yann Ylavic]
+ * mod_cache_socache: Avoid reallocations and be safe with
+ outgoing data lifetime. [Yann Ylavic]
+ * MPMs unix: bind the bucket number of each child to its slot
+ number, for a more efficient per bucket maintenance. [Yann
+ Ylavic]
+ * mod_auth_digest: Fix a race condition. Authentication with
+ valid credentials could be refused in case of concurrent
+ accesses from different users. PR 63124. [Simon Kappel
+