Author: druggeri
Date: Wed Aug 5 11:32:51 2020
New Revision: 40863
Log:
Push 2.4.46 up to the release directory
Added:
release/httpd/CHANGES_2.4.46
- copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
release/httpd/httpd-2.4.46.tar.bz2
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
release/httpd/httpd-2.4.46.tar.bz2.asc
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
release/httpd/httpd-2.4.46.tar.bz2.md5
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
release/httpd/httpd-2.4.46.tar.bz2.sha1
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
release/httpd/httpd-2.4.46.tar.bz2.sha256
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha256
release/httpd/httpd-2.4.46.tar.bz2.sha512
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha512
release/httpd/httpd-2.4.46.tar.gz
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
release/httpd/httpd-2.4.46.tar.gz.asc
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
release/httpd/httpd-2.4.46.tar.gz.md5
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
release/httpd/httpd-2.4.46.tar.gz.sha1
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
release/httpd/httpd-2.4.46.tar.gz.sha256
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
release/httpd/httpd-2.4.46.tar.gz.sha512
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
Removed:
dev/httpd/CHANGES_2.4
dev/httpd/CHANGES_2.4.46
dev/httpd/httpd-2.4.46-deps.tar.bz2
dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
dev/httpd/httpd-2.4.46-deps.tar.gz
dev/httpd/httpd-2.4.46-deps.tar.gz.asc
dev/httpd/httpd-2.4.46-deps.tar.gz.md5
dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
dev/httpd/httpd-2.4.46.tar.bz2
dev/httpd/httpd-2.4.46.tar.bz2.asc
dev/httpd/httpd-2.4.46.tar.bz2.md5
dev/httpd/httpd-2.4.46.tar.bz2.sha1
dev/httpd/httpd-2.4.46.tar.bz2.sha256
dev/httpd/httpd-2.4.46.tar.bz2.sha512
dev/httpd/httpd-2.4.46.tar.gz
dev/httpd/httpd-2.4.46.tar.gz.asc
dev/httpd/httpd-2.4.46.tar.gz.md5
dev/httpd/httpd-2.4.46.tar.gz.sha1
dev/httpd/httpd-2.4.46.tar.gz.sha256
dev/httpd/httpd-2.4.46.tar.gz.sha512
Modified:
release/httpd/Announcement2.4.html
release/httpd/Announcement2.4.txt
release/httpd/CHANGES_2.4
Modified: release/httpd/Announcement2.4.html
==============================================================================
--- release/httpd/Announcement2.4.html (original)
+++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
@@ -49,27 +49,27 @@
<div class="banner"></div>
<h1>
- Apache HTTP Server 2.4.43 Released
+ Apache HTTP Server 2.4.46 Released
</h1>
<p>
- April 01, 2020
+ September 21, 2018
</p>
<p>
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to <a
href="https://www.apache.org/dist/httpd/Announcement2.4.html";>announce</a>
- the release of version 2.4.43 of the Apache
+ the release of version 2.4.46 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
- a security, feature and bug fix release.
+ a feature and bug fix release.
</p>
<p>
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
</p>
<p>
- Apache HTTP Server 2.4.43 is available for download from:
+ Apache HTTP Server 2.4.46 is available for download from:
</p>
<dl>
<dd><a href="https://httpd.apache.org/download.cgi";
@@ -77,7 +77,7 @@
</dl>
<p>
Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file, linked from
the download page, for a
- full list of changes. A condensed list, <a
href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
+ full list of changes. A condensed list, <a
href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
Modified: release/httpd/Announcement2.4.txt
==============================================================================
--- release/httpd/Announcement2.4.txt (original)
+++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
@@ -1,19 +1,19 @@
- Apache HTTP Server 2.4.43 Released
+ Apache HTTP Server 2.4.46 Released
- April 01, 2020
+ September 21, 2018
The Apache Software Foundation and the Apache HTTP Server Project
- are pleased to announce the release of version 2.4.43 of the Apache
+ are pleased to announce the release of version 2.4.46 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
- a security, feature and bug fix release.
+ a feature and bug fix release.
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
- Apache HTTP Server 2.4.43 is available for download from:
+ Apache HTTP Server 2.4.46 is available for download from:
https://httpd.apache.org/download.cgi
@@ -24,7 +24,7 @@
https://httpd.apache.org/docs/trunk/new_features_2_4.html
Please see the CHANGES_2.4 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.4.43 includes only
+ full list of changes. A condensed list, CHANGES_2.4.46 includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
@@ -1,6 +1,78 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.46
+ *) mod_proxy_fcgi: Fix build warnings for Windows platform
+ [Eric Covener, Christophe Jaillet]
+
+Changes with Apache 2.4.45
+
+ *) mod_http2: remove support for abandoned http-wg draft
+ <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
+ [Stefan Eissing]
+
+Changes with Apache 2.4.44
+
+ *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
+ protocol limit). [Yann Ylavic]
+
+ *) mod_http2:
+ Fixes <https://github.com/icing/mod_h2/issues/200>:
+ "LimitRequestFields 0" now disables the limit, as documented.
+ Fixes <https://github.com/icing/mod_h2/issues/201>:
+ Do not count repeated headers with same name against the field
+ count limit. The are merged internally, as if sent in a single HTTP/1
line.
+ [Stefan Eissing]
+
+ *) mod_http2: Avoid segfaults in case of handling certain responses for
+ already aborted connections. [Stefan Eissing, Ruediger Pluem]
+
+ *) mod_http2: The module now handles master/secondary connections and has
marked
+ methods according to use. [Stefan Eissing]
+
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ [Yann Ylavic, Luca Toscano]
+
+ *) Add support for strict content-length parsing through addition of
+ ap_parse_strict_length() [Yann Ylavic]
+
+ *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
+ evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
+
+ *) mod_proxy_http: flush spooled request body in one go to avoid
+ leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
+
+ *) mod_ssl: Fix a race condition and possible crash when using a proxy client
+ certificate (SSLProxyMachineCertificateFile).
+ [Armin Abfalterer <a.abfalterer gmail.com>]
+
+ *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing]
+
+ *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and
H2_STREAM_TAG.
+ PR64330 [Stefan Eissing]
+
+ *) mod_http2: Fixed regression that caused connections to close when
mod_reqtimeout
+ was configured with a handshake timeout. Fixes gitub issue #196.
+ [Stefan Eissing]
+
+ *) mod_proxy_http2: the "ping" proxy parameter
+ (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
+ when checking the liveliness of a new or reused h2 connection to the
backend.
+ With short durations, this makes load-balancing more responsive. The
module
+ will hold back requests until ping conditions are met, using features of
the
+ HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
+
+ *) core: httpd is no longer linked against -lsystemd if mod_systemd
+ is enabled (and built as a DSO). [Rainer Jung]
+
+ *) mod_proxy_http2: respect ProxyTimeout settings on backend connections
+ while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
+
Changes with Apache 2.4.43
+ *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
+
+Changes with Apache 2.4.42
+
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
@@ -10,10 +82,6 @@ Changes with Apache 2.4.43
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
- *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
-
-Changes with Apache 2.4.42
-
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
