commit apache2 for openSUSE:Factory

Sat, 11 Mar 2023 09:22:23 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package apache2 for openSUSE:Factory checked 
in at 2023-03-11 18:22:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
 and      /work/SRC/openSUSE:Factory/.apache2.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "apache2"

Sat Mar 11 18:22:05 2023 rev:202 rq:1070268 version:2.4.56

Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes  2023-01-26 
14:28:16.021734291 +0100
+++ /work/SRC/openSUSE:Factory/.apache2.new.31432/apache2.changes       
2023-03-11 18:22:12.678308801 +0100
@@ -1,0 +2,31 @@
+Wed Mar  8 19:44:32 UTC 2023 - David Anes <david.a...@suse.com>
+
+- This update fixes the following security issues:
+  * CVE-2023-27522 [bsc#1209049]: mod_proxy_uwsgi HTTP response splitting 
+  * CVE-2023-25690 [bsc#1209047]: HTTP request splitting with mod_rewrite and 
mod_proxy  
+
+- Update to 2.4.56: 
+    *) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
+      truncated without the initial logfile being truncated.  [Eric Covener]
+    *) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order 
to
+      allow connections of any age to be reused. Up to now, a negative value
+      was handled as an error when parsing the configuration file.  PR 66421.
+      [nailyk <bzapache nailyk.fr>, Christophe Jaillet]
+    *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid 
number
+      of headers. [Ruediger Pluem]
+    *) mod_md:
+      - Enabling ED25519 support and certificate transparency information when
+        building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
+      - MDChallengeDns01 can now be configured for individual domains.
+        Thanks to Jérôme Billiras (@bilhackmac) for the initial PR.
+      - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the 
challenge
+        teardown not being invoked as it should.
+      [Stefan Eissing]
+    *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
+      reported in access logs and error documents. The processing of the
+      reset was correct, only unneccesary reporting was caused.
+      [Stefan Eissing]
+    *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
+      [Yann Ylavic]
+
+-------------------------------------------------------------------
@@ -5,3 +36,3 @@
-  * fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
-  * fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
-  * fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of 
zero byte
+  * CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
+  * CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
+  * CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero 
byte

Old:
----
  httpd-2.4.55.tar.bz2
  httpd-2.4.55.tar.bz2.asc

New:
----
  httpd-2.4.56.tar.bz2
  httpd-2.4.56.tar.bz2.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.35653j/_old  2023-03-11 18:22:17.326333026 +0100
+++ /var/tmp/diff_new_pack.35653j/_new  2023-03-11 18:22:17.330333047 +0100
@@ -107,7 +107,7 @@
 %define build_http2 1
 
 Name:           apache2%{psuffix}
-Version:        2.4.55
+Version:        2.4.56
 Release:        0
 Summary:        The Apache HTTPD Server
 License:        Apache-2.0

++++++ httpd-2.4.55.tar.bz2 -> httpd-2.4.56.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/apache2/httpd-2.4.55.tar.bz2 
/work/SRC/openSUSE:Factory/.apache2.new.31432/httpd-2.4.56.tar.bz2 differ: char 
11, line 1

Reply via email to