]>
git.pld-linux.org Git - packages/apache.git/log
Adam Osuchowski [Fri, 5 Apr 2024 07:38:54 +0000 (09:38 +0200)]
- up to 2.4.59
Arkadiusz Miśkiewicz [Fri, 20 Oct 2023 11:57:14 +0000 (13:57 +0200)]
Up to 2.4.58; fixes CVE-2023-45802, CVE-2023-43622, CVE-2023-31122
Adam Gołębiowski [Fri, 7 Apr 2023 08:47:13 +0000 (10:47 +0200)]
- updated to 2.4.57
Arkadiusz Miśkiewicz [Thu, 9 Mar 2023 09:59:10 +0000 (10:59 +0100)]
Up to 2.4.56; fixes CVE-2023-27522, CVE-2023-25690
Arkadiusz Miśkiewicz [Wed, 1 Feb 2023 19:44:10 +0000 (20:44 +0100)]
Release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 26 Jan 2023 06:57:53 +0000 (07:57 +0100)]
Up to 2.4.55; fixes CVE-2022-37436, CVE-2022-36760, CVE-2006-20001
Jakub Bogusz [Tue, 21 Jun 2022 16:29:01 +0000 (18:29 +0200)]
- versioned Obsoletes for old packages, fixed mod_mmap_static O, dropped O for never-existing packages
Arkadiusz Miśkiewicz [Fri, 17 Jun 2022 20:13:32 +0000 (22:13 +0200)]
Up to 2.4.54; fixes CVE-2022-31813, CVE-2022-30556, CVE-2022-30522, CVE-2022-29404, CVE-2022-28615, CVE-2022-28614, CVE-2022-28330, CVE-2022-26377
Adam Osuchowski [Tue, 15 Mar 2022 11:29:03 +0000 (12:29 +0100)]
- up to 2.4.53; fixes CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719
Arkadiusz Miśkiewicz [Tue, 21 Dec 2021 21:03:35 +0000 (22:03 +0100)]
Up to 2.4.52; fixes CVE-2021-44790, CVE-2021-44224
Arkadiusz Miśkiewicz [Wed, 17 Nov 2021 09:04:49 +0000 (10:04 +0100)]
BR: curl-devel for mod_md
Arkadiusz Miśkiewicz [Sat, 23 Oct 2021 12:45:25 +0000 (14:45 +0200)]
Rel 3; more openssl 3 changes from FC
Arkadiusz Miśkiewicz [Sat, 23 Oct 2021 11:06:23 +0000 (13:06 +0200)]
Fix undefined symbol: ERR_GET_FUNC with openssl 3 and apply patch from
previous commit.
Arkadiusz Miśkiewicz [Wed, 13 Oct 2021 14:51:31 +0000 (14:51 +0000)]
Rel 2; fixes segfaults with itk mpm - https://bz.apache.org/bugzilla/show_bug.cgi?id=65627
Elan Ruusamäe [Fri, 8 Oct 2021 09:01:31 +0000 (12:01 +0300)]
Up to 2.4.51, Fixes CVE-2021-41773, CVE-2021-42013
- https://security-tracker.debian.org/tracker/CVE-2021-41773
- https://security-tracker.debian.org/tracker/CVE-2021-42013
Arkadiusz Miśkiewicz [Tue, 5 Oct 2021 15:55:59 +0000 (17:55 +0200)]
Up to 2.4.20; fixes CVE-2021-41773, CVE-2021-41524 (both introduced in 2.4.49)
Jan Rękorajski [Fri, 24 Sep 2021 21:22:34 +0000 (23:22 +0200)]
rebuild with openssl 3.0.0
Release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 18 Sep 2021 13:58:21 +0000 (15:58 +0200)]
Up to 2.4.49; fixes CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798, CVE-2021-33193
Jan Rękorajski [Tue, 31 Aug 2021 22:23:26 +0000 (00:23 +0200)]
- relative symlinks, rpm.org does not like absolute ones
Jakub Bogusz [Wed, 16 Jun 2021 19:19:18 +0000 (21:19 +0200)]
- updated todo
Arkadiusz Miśkiewicz [Wed, 16 Jun 2021 07:26:09 +0000 (09:26 +0200)]
Up to 2.4.28
Arkadiusz Miśkiewicz [Wed, 16 Jun 2021 07:21:22 +0000 (09:21 +0200)]
Rediff patches, make rpm4 more happy.
Jan Rękorajski [Sat, 27 Feb 2021 19:51:12 +0000 (20:51 +0100)]
- unconditional noarch subpackages
Elan Ruusamäe [Mon, 19 Oct 2020 12:41:30 +0000 (15:41 +0300)]
Bump apr dependency to 1.7.0
/usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_thread_mutex_timedlock
Jan Rękorajski [Sun, 20 Sep 2020 14:27:31 +0000 (16:27 +0200)]
- bump apr deps
- rel 2
Arkadiusz Miśkiewicz [Tue, 18 Aug 2020 20:17:20 +0000 (22:17 +0200)]
- up to 2.4.46;Fixes:
*) SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information
disclosure or RCE of existing file on the server running under a malicious
process environment. [Yann Ylavic]
*) SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
*) SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefen Eissing, Eric Covener, Christophe Jaillet]
Arkadiusz Miśkiewicz [Thu, 2 Apr 2020 07:06:55 +0000 (09:06 +0200)]
- up to 2.4.43; fixes CVE-2020-1934, CVE-2020-1927
Jan Rękorajski [Sat, 25 Jan 2020 13:46:09 +0000 (14:46 +0100)]
- drop obsolete and outdated manual inclusion of rpm macros
Arkadiusz Miśkiewicz [Tue, 22 Oct 2019 12:47:50 +0000 (14:47 +0200)]
- update to current intermediate mozilla recommendation
Arkadiusz Miśkiewicz [Sat, 17 Aug 2019 08:13:50 +0000 (10:13 +0200)]
- up to 2.4.41
Elan Ruusamäe [Tue, 30 Apr 2019 13:06:48 +0000 (16:06 +0300)]
sort modules list for easier merging, keep one at a line
Elan Ruusamäe [Tue, 30 Apr 2019 12:59:44 +0000 (15:59 +0300)]
port misc changes from feat/conf-modules branch
Jakub Bogusz [Tue, 16 Apr 2019 13:28:12 +0000 (15:28 +0200)]
- typo
Adam Gołębiowski [Sun, 31 Mar 2019 12:40:27 +0000 (14:40 +0200)]
- mod_socache_redis subpackage
Adam Gołębiowski [Sun, 31 Mar 2019 11:43:26 +0000 (13:43 +0200)]
- updated to 2.4.39
Adam Gołębiowski [Tue, 22 Jan 2019 22:52:46 +0000 (23:52 +0100)]
- updated to 2.4.38, fixes CVE-2018-17189, CVE-2018-17199, CVE-2019-0190
Arkadiusz Miśkiewicz [Thu, 25 Oct 2018 11:50:36 +0000 (13:50 +0200)]
- up to 2.4.37; enable TLSv1.3 and disable 1.0/1.1
Arkadiusz Miśkiewicz [Fri, 28 Sep 2018 07:06:01 +0000 (09:06 +0200)]
- rel 2; stronger dummy certificates as openssl 1.1.1 rejects weak certs
Arkadiusz Miśkiewicz [Mon, 24 Sep 2018 10:57:33 +0000 (12:57 +0200)]
- up to 2.4.35
Bartek Szady [Sat, 22 Sep 2018 09:25:37 +0000 (11:25 +0200)]
-release 3, nghttp2-libs requirement is enough for apache-mod_http2.
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 14:05:40 +0000 (16:05 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 16 Jul 2018 17:37:01 +0000 (19:37 +0200)]
- up to 2.4.34
Arkadiusz Miśkiewicz [Wed, 27 Jun 2018 09:42:22 +0000 (11:42 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 22 Mar 2018 08:05:23 +0000 (09:05 +0100)]
- up to 2.4.33
Arkadiusz Miśkiewicz [Sat, 17 Mar 2018 11:00:17 +0000 (12:00 +0100)]
- update md5 and better permissions for /var/lib/httpd
Arkadiusz Miśkiewicz [Sat, 17 Mar 2018 10:37:37 +0000 (11:37 +0100)]
- up to 2.4.32
Jan Rękorajski [Mon, 4 Dec 2017 00:11:33 +0000 (01:11 +0100)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 23 Oct 2017 17:23:07 +0000 (19:23 +0200)]
- up to 2.4.29
Robert Graużenis [Sun, 8 Oct 2017 09:48:31 +0000 (11:48 +0200)]
- up to 2.4.28 (fixes CVE-2017-9798)
Jakub Bogusz [Wed, 12 Jul 2017 15:06:15 +0000 (17:06 +0200)]
- added mod_brotli
- updated mod_lua BR to lua53 (configure prefers 5.3 > 5.2 > 5.1); if one wants 5.1, there is patch needed to allow choice
Arkadiusz Miśkiewicz [Tue, 11 Jul 2017 23:16:24 +0000 (01:16 +0200)]
- up to 2.4.27; fixes few compatibility issues
Elan Ruusamäe [Tue, 11 Jul 2017 14:07:48 +0000 (17:07 +0300)]
add missing apr-util dependency to base
apr-util-1.5.4-3.x86_64 marks apache-base-2.4.26-3.x86_64 (req libaprutil-1.so.0()(64bit))
Arkadiusz Miśkiewicz [Thu, 29 Jun 2017 08:45:48 +0000 (10:45 +0200)]
- rel 3; force new apr-util, too (new symbols)
Jakub Bogusz [Wed, 21 Jun 2017 16:41:47 +0000 (18:41 +0200)]
- bump nghttp2 requirement for complete support
Arkadiusz Miśkiewicz [Wed, 21 Jun 2017 09:54:01 +0000 (11:54 +0200)]
- rel 2; force new apr due to new symbols
Adam Gołębiowski [Tue, 20 Jun 2017 07:45:03 +0000 (09:45 +0200)]
- no longer needed (as of 2.4.26)
Adam Gołębiowski [Tue, 20 Jun 2017 07:42:04 +0000 (09:42 +0200)]
- updated to 2.4.26 (fixes CVE-2017-7679, CVE-2017-7668, CVE-2017-7659,
CVE-2017-3169, CVE-2017-3167)
- reuseport patch removed (included in this release)
- lua-lib patch removed (reworked in a different way)
- mod_auth_digest and mod_charset_lite no longer marked experimental,
- enable proxy_http2 module
Arkadiusz Miśkiewicz [Tue, 16 May 2017 12:04:27 +0000 (14:04 +0200)]
- rel 2; don't set SO_REUSEPORT when not needed; fix conf files generation
Elan Ruusamäe [Tue, 1 Nov 2016 19:30:11 +0000 (21:30 +0200)]
add LoadModule function to setup LoadModule directives
Arkadiusz Miśkiewicz [Thu, 29 Dec 2016 07:35:55 +0000 (08:35 +0100)]
- up to 2.4.25; fixes CVE-2016-8743, CVE-2016-0736, CVE-2016-2161, CVE-2016-5387, CVE-2016-8740
Elan Ruusamäe [Tue, 1 Nov 2016 19:23:21 +0000 (21:23 +0200)]
update doc links to 2.4 version
Elan Ruusamäe [Sat, 1 Oct 2016 18:50:45 +0000 (21:50 +0300)]
add mod_{filter,headers,reqtimeout,rewrite} to apache package
common packages you want to install
Elan Ruusamäe [Wed, 31 Aug 2016 08:05:59 +0000 (11:05 +0300)]
drop webserver(reqtimeout)
too much copy paste in
2bd52d6
no such "module" is documented in webapps package README and unlikely
any webapp to use such in deps
Arkadiusz Miśkiewicz [Tue, 19 Jul 2016 11:28:40 +0000 (13:28 +0200)]
- rel 2; fixes CVE-2016-5387
Arkadiusz Miśkiewicz [Tue, 5 Jul 2016 18:36:30 +0000 (20:36 +0200)]
- up to 2.4.23
Arkadiusz Miśkiewicz [Thu, 14 Apr 2016 06:36:13 +0000 (08:36 +0200)]
- up to 2.4.20
Arkadiusz Miśkiewicz [Thu, 4 Feb 2016 13:42:08 +0000 (14:42 +0100)]
Drop MultiViews by default (it's confusing for many people using rewrites with QSA and causes higher hdd usage). rt#brak
Arkadiusz Miśkiewicz [Mon, 14 Dec 2015 22:01:57 +0000 (23:01 +0100)]
- up to 2.4.18
Arkadiusz Miśkiewicz [Sun, 22 Nov 2015 09:56:23 +0000 (10:56 +0100)]
- rel 3
Elan Ruusamäe [Mon, 16 Nov 2015 14:16:33 +0000 (16:16 +0200)]
revert
b3d7d6d , really fix regexp
Arkadiusz Miśkiewicz [Mon, 16 Nov 2015 12:20:15 +0000 (13:20 +0100)]
- typo
Elan Ruusamäe [Wed, 11 Nov 2015 13:31:20 +0000 (15:31 +0200)]
also exclude .user.ini
Elan Ruusamäe [Wed, 11 Nov 2015 13:29:12 +0000 (15:29 +0200)]
.htaccess is protected from apache-common.conf
Elan Ruusamäe [Sat, 31 Oct 2015 00:08:04 +0000 (02:08 +0200)]
secure access to vcs files
Arkadiusz Miśkiewicz [Thu, 29 Oct 2015 11:38:01 +0000 (12:38 +0100)]
- use default mutext (depends on apr default) instead of forcing file mutex
Elan Ruusamäe [Sat, 17 Oct 2015 14:46:37 +0000 (17:46 +0300)]
use ErrorLogFromat default similar to prefork mpm
Elan Ruusamäe [Sat, 17 Oct 2015 14:39:59 +0000 (17:39 +0300)]
fix broken ErrorLogFormat. refs
e13a60a
spaces need to be backslash escaped for optional fields (like client)
do not break existing log format, which log parsers assume, log vhost
like client optionally.
also do not enable it by default. stick to compiled in default
Jakub Bogusz [Sat, 17 Oct 2015 07:57:09 +0000 (09:57 +0200)]
- pl for -mod_http2
Elan Ruusamäe [Fri, 16 Oct 2015 20:23:50 +0000 (23:23 +0300)]
up to 2.4.17, experimental http2 (h2) support
merged in from
https://icing.github.io/mod_h2/
see https://icing.github.io/mod_h2/howto.html
Elan Ruusamäe [Tue, 6 Oct 2015 13:54:36 +0000 (16:54 +0300)]
SSLUseStapling should not be enabled if using self-generated certs
Arkadiusz Miśkiewicz [Fri, 2 Oct 2015 21:49:43 +0000 (23:49 +0200)]
- fix for 2.4 (we want it to be denied)
Arkadiusz Miśkiewicz [Mon, 28 Sep 2015 06:29:04 +0000 (08:29 +0200)]
Log vhost in error log file.
Elan Ruusamäe [Fri, 11 Sep 2015 13:17:31 +0000 (16:17 +0300)]
update more places to add libtool --tag=CC
Elan Ruusamäe [Mon, 10 Aug 2015 09:16:50 +0000 (12:16 +0300)]
noarch subpackages
Andrzej Zawadzki [Thu, 6 Aug 2015 22:03:54 +0000 (00:03 +0200)]
- up to 2.4.16
- STBR
Elan Ruusamäe [Sat, 2 May 2015 17:37:58 +0000 (20:37 +0300)]
drop old (upgrade to 2.2.0) mod_ssl trigger
Elan Ruusamäe [Sat, 2 May 2015 17:28:59 +0000 (20:28 +0300)]
drop httpd.conf symlink trigger as well. refs
5aeda90
Elan Ruusamäe [Sat, 2 May 2015 13:54:04 +0000 (16:54 +0300)]
mod_session_crypto Requires apr-util-crypto-openssl
(20019)DSO load failed: AH01845: The crypto library 'openssl' could not be loaded:
/usr/lib/apr-util-1/apr_crypto_openssl-1.so: cannot open shared object file: No such file or directory (apr_crypto_openssl-1.so: 0)
Elan Ruusamäe [Sat, 2 May 2015 08:54:11 +0000 (11:54 +0300)]
typo
Elan Ruusamäe [Mon, 27 Apr 2015 10:48:11 +0000 (13:48 +0300)]
enable restart delay at 100000ms
for full thread, see:
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-October/024055.html
Jan Rękorajski [Tue, 24 Feb 2015 19:48:26 +0000 (20:48 +0100)]
- x32 rebuild
- release 3 (by relup.sh)
Elan Ruusamäe [Thu, 19 Feb 2015 10:56:31 +0000 (12:56 +0200)]
add webserver(headers) provide
Elan Ruusamäe [Sun, 12 Oct 2014 20:15:53 +0000 (23:15 +0300)]
drop /etc/httpd/httpd.conf
it's obsolete for very long time already
Tomasz Pala [Sat, 31 Jan 2015 19:25:29 +0000 (20:25 +0100)]
mod_dav doesn't need these, don't pull requirements of config example
Tomasz Pala [Sat, 31 Jan 2015 19:13:15 +0000 (20:13 +0100)]
ever heard about 'loops'?
Tomasz Pala [Sat, 31 Jan 2015 18:29:00 +0000 (19:29 +0100)]
unified LoadModule directives
Arkadiusz Miśkiewicz [Fri, 30 Jan 2015 15:46:57 +0000 (16:46 +0100)]
- up to 2.4.12; fixes CVE-2014-3583, CVE-2014-3581, CVE-2014-8109, CVE-2013-5704
Arkadiusz Miśkiewicz [Tue, 16 Dec 2014 14:56:17 +0000 (15:56 +0100)]
- update to latest intermediate compatibility https://wiki.mozilla.org/Security/Server_Side_TLS
Arkadiusz Miśkiewicz [Wed, 19 Nov 2014 12:08:18 +0000 (13:08 +0100)]
Yet keep ssl-unclean-shutdown for IE6-9.
Arkadiusz Miśkiewicz [Wed, 19 Nov 2014 12:04:13 +0000 (13:04 +0100)]
Limit badness only to IE2-5. See
http://blogs.msdn.com/b/ieinternals/archive/2011/03/26/https-and-connection-close-is-your-apache-modssl-server-configuration-set-to-slow.aspx
for more information. Found by zawadaa.
This page took 0.081419 seconds and 4 git commands to generate.