| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: apache2-itk | Distribution: openSUSE 11.3 |
| Version: 2.2.15 | Vendor: openSUSE |
| Release: 4.5.1 | Build date: Thu Sep 1 02:19:11 2011 |
| Group: Productivity/Networking/Web/Servers | Build host: build18 |
| Size: 696688 | Source RPM: apache2-2.2.15-4.5.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://httpd.apache.org/ | |
| Summary: Apache 2 "ITK" MPM (Multi-Processing Module) | |
The "ITK" MPM (Multi-Processing Module) is experimental and NOT officially
endorsed by the Apache Software Foundation, so it may or may not work as
expected.
Apache2-mpm-itk (just mpm-itk for short) is a MPM for the Apache 2 web server.
mpm-itk allows you to run each of your vhosts under a separate uid and gid --
in short, the scripts and configuration files for one vhost no longer have to
be readable for all the other vhosts.
See http://mpm-itk.sesse.net/
Authors:
--------
Too many to list here -- see /usr/share/doc/packages/apache2/ABOUT_APACHE
Steinar H. Gunderson (ITK module)
ASLv..
* Wed Aug 31 2011 draht@suse.de
- httpd-2.2.x-bnc713966-CVE-2011-3192.patch fixes byterange remote
DoS vulnerability known as CVE-2011-3192. [bnc#713966]
* Tue Jul 26 2011 draht@suse.de
- recommend the default MPM (prefork) via Recommends: in .spec
[bnc#670027]
- httpd-2.2.x-bnc690734.patch: take LimitRequestFieldsize config
option into account when parsing headers from backend. bnc#690734
* Tue Aug 17 2010 draht@suse.de
- httpd-2.2.10-bnc627030-CVE-2010-1452.patch fixes CVE-2010-1452
from [bnc#627030] - mod_cache and mod_dav. For completeness:
CVE-2010-2068 (information disclosure by mod_proxy_http) does
not affect Linux.
* Tue May 11 2010 lars@linux-schulserver.de
- fix deprecated usage of $[ in apxs2
(httpd-2.2.15-deprecated_use_of_build_in_variable.patch)
* Fri May 07 2010 aj@suse.de
- Do not compile in build time but use mtime of changes file instead.
This allows build-compare to identify that no changes have happened.
* Wed Mar 31 2010 poeml@cmdline.net
- add apache2-prefork to the Requires of apache2-devel, because apxs2 will
build for prefork, if not called as apxs2-worker (which should rarely be the
case). Also added gcc to the Requires.
* Mon Mar 08 2010 poeml@cmdline.net
- update to 2.2.15:
SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and
offer unsafe legacy renegotiation with clients which do not yet support
the new secure renegotiation protocol, RFC 5746.
SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR.
SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request processing
is completed, avoiding orphaned callback pointers.
SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the parent
request headers are not corrupted. Elimiates a problematic optimization
in the case of no request body. PR 48359
mod_reqtimeout:
- New module to set timeouts and minimum data rates for receiving requests
from the client.
core:
- Fix potential memory leaks by making sure to not destroy bucket brigades
that have been created by earlier filters.
- Return APR_EOF if request body is shorter than the length announced by the
client. PR 33098
- Preserve Port information over internal redirects PR 35999
- Build: fix --with-module to work as documented PR 43881
worker:
- Don't report server has reached MaxClients until it has. Add message when
server gets within MinSpareThreads of MaxClients. PR 46996.
ab, mod_ssl:
- Restore compatibility with OpenSSL < 0.9.7g.
mod_authnz_ldap:
- Add AuthLDAPBindAuthoritative to allow Authentication to try other
providers in the case of an LDAP bind failure. PR 46608
- Failures to map a username to a DN, or to check a user password now result
in an informational level log entry instead of warning level.
mod_cache:
- Introduce the thundering herd lock, a mechanism to keep the flood of
requests at bay that strike a backend webserver as a cached entity goes
stale.
- correctly consider s-maxage in cacheability decisions.
mod_disk_cache, mod_mem_cache:
- don't cache incomplete responses, per RFC 2616, 13.8. PR15866.
mod_charset_lite:
- Honor 'CharsetOptions NoImplicitAdd'.
mod_filter:
- fix FilterProvider matching where "dispatch" string doesn't exist. PR 48054
mod_include:
- Allow fine control over the removal of Last-Modified and ETag headers
within the INCLUDES filter, making it possible to cache responses if
desired. Fix the default value of the SSIAccessEnable directive.
mod_ldap:
- If LDAPSharedCacheSize is too small, try harder to purge some cache
entries and log a warning. Also increase the default LDAPSharedCacheSize
to 500000. This is a more realistic size suitable for the default values
of 1024 for LdapCacheEntries/LdapOpCacheEntries. PR 46749.
mod_log_config:
- Add the R option to log the handler used within the request.
mod_mime:
- Make RemoveType override the info from TypesConfig. PR 38330.
- Detect invalid use of MultiviewsMatch inside Location and LocationMatch
sections. PR 47754.
mod_negotiation:
- Preserve query string over multiviews negotiation. This buglet was fixed
for type maps in 2.2.6, but the same issue affected multiviews and was
overlooked. PR 33112
mod_proxy:
- unable to connect to a backend is SERVICE_UNAVAILABLE, rather than
BAD_GATEWAY or (especially) NOT_FOUND. PR 46971
mod_proxy, mod_proxy_http:
- Support remote https proxies by using HTTP CONNECT. PR 19188.
mod_proxy_http:
- Make sure that when an ErrorDocument is served from a reverse proxied URL,
that the subrequest respects the status of the original request. This
brings the behaviour of proxy_handler in line with default_handler. PR
47106.
mod_proxy_ajp:
- Really regard the operation a success, when the client aborted the
connection. In addition adjust the log message if the client aborted the
connection.
mod_rewrite:
- Make sure that a hostname:port isn't fully qualified if the request is a
CONNECT request. PR 47928
- Add scgi scheme detection.
mod_ssl:
- Fix a potential I/O hang if a long list of trusted CAs is configured for
client cert auth. PR 46952.
- When extracting certificate subject/issuer names to the SSL_*_DN_*
variables, handle RDNs with duplicate tags by exporting multiple
varialables with an "_n" integer suffix. PR 45875.
- obsolete patch CVE-2009-3555-2.2.patch removed
* Fri Mar 05 2010 coolo@novell.com
- readd whitespace removed by autobuild
* Wed Dec 16 2009 jengelh@medozas.de
- package documentation as noarch
* Sat Nov 07 2009 poeml@cmdline.net
- add patch for CVE-2009-3555 (cve.mitre.org)
http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch
http://mail-archives.apache.org/mod_mbox/httpd-announce/200911.mbox/%3c20091107013220.31376.qmail@minotaur.apache.org%3e
A partial fix for the TLS renegotiation prefix injection attack by rejecting
any client-initiated renegotiations. Any configuration which requires
renegotiation for per-directory/location access control is still vulnerable,
unless using OpenSSL >= 0.9.8l.
* Mon Oct 26 2009 poeml@cmdline.net
- update to 2.2.14:
* ) SECURITY: CVE-2009-2699 (cve.mitre.org)
Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork and event
MPMs on that platform. PR 47645. [Jeff Trawick]
* ) SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
* ) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
* ) mod_proxy_scgi: Backport from trunk. [André Malo]
* ) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL
has been defined at a very high level. PR 45946. [Eric Covener]
* ) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
* ) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries
usage() in synch with the manual and the implementation (0 and -1
both disable the cache). [Eric Covener]
* ) mod_ssl: The error message when SSLCertificateFile is missing should
at least give the name or position of the problematic virtual host
definition. [Stefan Fritsch sf sfritsch.de]
* ) htdbm: Fix possible buffer overflow if dbm database has very
long values. PR 30586 [Dan Poirier]
* ) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
* ) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
type. PR 45107. [Michael Ströder <michael stroeder.com>,
Peter Sylvester <peter.sylvester edelweb.fr>]
* ) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
defined session identifiers encoded in the URL when caching.
[Ruediger Pluem]
* ) mod_mem_cache: fix seg fault under load due to pool concurrency problem
PR: 47672 [Dan Poirier <poirier pobox.com>]
* ) mod_autoindex: Correctly create an empty cell if the description
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
* Mon Aug 10 2009 poeml@suse.de
- update to 2.2.13:
* ) SECURITY: CVE-2009-2412 (cve.mitre.org)
Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
in pools and rmm, where size alignment was taking place.
* ) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report
warnings compiling mod_ssl against OpenSSL to the httpd developers.
* ) mod_cgid: Do not add an empty argument when calling the CGI script.
PR 46380
* ) Fix potential segfaults with use of the legacy ap_rputs() etc
interfaces, in cases where an output filter fails. PR 36780.
* Mon Jul 27 2009 poeml@suse.de
- update to 2.2.12:
SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. PR 39605.
SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely.
SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949
SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.
core:
- New piped log syntax: Use "||process args" to launch the given process
without invoking the shell/command interpreter. Use "|$command line"
(the default behavior of "|command line" in 2.2) to invoke using shell,
consuming an additional shell process for the lifetime of the logging
pipe program but granting additional process invocation flexibility.
- prefork: Fix child process hang during graceful restart/stop in
configurations with multiple listening sockets. PR 42829.
- Translate the status line to ASCII on EBCDIC platforms in
ap_send_interim_response() and for locally generated "100
Continue" responses.
- CGI: return 504 (Gateway timeout) rather than 500 when a
script times out before returning status line/headers. PR 42190
- prefork: Log an error instead of segfaulting when child startup fails
due to pollset creation failures. PR 46467.
- core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
- Set Listen protocol to "https" if port is set to 443 and no proto is specified
(as documented but not implemented). PR 46066
- Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.
PR 42571 and PR 44266 (dup).
mod_alias:
- check sanity in Redirect arguments. PR 44729
- Ensure Redirect emits HTTP-compliant URLs. PR 44020
mod_authnz_ldap:
- Reduce number of initialization debug messages and make
information more clear. PR 46342
mod_cache:
- Introduce 'no-cache' per-request environment variable to
prevent the saving of an otherwise cacheable response.
- Correctly save Content-Encoding of cachable entity. PR 46401
- When an explicit Expires or Cache-Control header is set, cache
normally non-cacheable response statuses. PR 46346.
mod_cgid:
- fix segfault problem on solaris. PR 39332
mod_disk_cache:
- The module now turns off sendfile support if 'EnableSendfile
off' is defined globally. PR 41218.
mod_disk_cache/mod_mem_cache:
- Fix handling of CacheIgnoreHeaders directive to correctly
remove headers before storing them.
mod_deflate:
- revert changes in 2.2.8 that caused an invalid etag to be
emitted for on-the-fly gzip content-encoding. PR 39727 will
require larger fixes and this fix was far more harmful than
the original code. PR 45023.
mod_ext_filter:
- fix error handling when the filter prog fails to start, and
introduce an onfail configuration option to abort the request
or to remove the broken filter and continue. PR 41120
mod_include:
- fix potential segfault when handling back references on an
empty SSI variable.
- Prevent a case of SSI timefmt-smashing with filter chains
including multiple INCLUDES filters. PR 39369
- support generating non-ASCII characters as entities in SSI PR
25202
mod_ldap:
- Avoid a segfault when result->rc is checked in
uldap_connection_init when result is NULL. This could happen
if LDAP initialization failed. PR 45994.
mod_negotiation:
- Escape pathes of filenames in 406 responses to avoid HTML
injections and HTTP response splitting. PR 46837.
mod_proxy:
- Complete ProxyPassReverse to handle balancer URL's. Given;
BalancerMember balancer://alias http://example.com/foo
ProxyPassReverse /bash balancer://alias/bar backend url
http://example.com/foo/bar/that is now translated /bash/that
mod_proxy_ajp:
- Check more strictly that the backend follows the AJP protocol.
- Forward remote port information by default.
mod_proxy_http:
- fix Host: header for literal IPv6 addresses. PR 47177
- fix case sensitivity checking transfer encoding PR 47383
mod_rewrite:
- Remove locking for writing to the rewritelog. PR 46942
- Fix the error string returned by RewriteRule. RewriteRule
returned "RewriteCond: bad flag delimiters" when the 3rd
argument of RewriteRule was not started with "[" or not ended
with "]". PR 45082
- When evaluating a proxy rule in directory context, do escape
the filename by default. PR 46428
- Introduce DiscardPathInfo|DPI flag to stop the troublesome way
that per-directory rewrites append the previous notion of
PATH_INFO to each substitution before evaluating subsequent
rules. PR38642
- fix "B" flag breakage by reverting r589343 PR 45529
mod_ssl:
- Add server name indication support (RFC 4366) and better
support for name based virtual hosts with SSL. PR 34607
- Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
to enable stricter checking of remote server certificates.
- Add SSLRenegBufferSize directive to allow changing the size of
the buffer used for the request-body where necessary during a
per-dir renegotiation. PR 39243.
mod_substitute:
- Fix a memory leak. PR 44948
* Tue Jul 14 2009 hvogel@suse.de
- Fix missing -Y option in gensslcert [bnc#416888]
* Tue Jun 09 2009 poeml@suse.de
- merge changes from openSUSE:Factory:
- trailing spaces removed from robots.txt
- moved Snakeoil certificates to separate subpackage
example-certificates [bnc#419601]
- removed outdated ca-bundle.crt
- NOT merging the change from [bnc#301380] (setting TraceEnable
Off), since there is no reason to deviate from upstream
* Tue Jun 09 2009 poeml@suse.de
- avoid useless (and potentially irritating) messages from usermod
called in %post when updating the package - this should probably
only be run when updating from very old installs anyway.
- likewise, avoid similar useless messages about creation of the
httpd user when installing on Fedora.
* Tue May 05 2009 poeml@suse.de
- fix hyperref to the quickstart howto in the installed httpd.conf
[bnc#500938] Thanks, Frank!
* Mon Apr 27 2009 poeml@suse.de
- add ITK MPM (apache2.2-mpm-itk-20090414-00.patch)
see http://mpm-itk.sesse.net/
* Mon Apr 27 2009 poeml@suse.de
- buildfix (from Factory): replace "shadow" by "pwdutils" in requires
* Thu Mar 12 2009 crrodriguez@suse.de
- update apache2-vhost.template mod_php4 references [bnc#444205]
* Mon Mar 09 2009 poeml@suse.de
- fixed the ed script which turns apxs into
apxs-{prefork,worker,event) to work on Fedora, by using - instead
of ^ to go "up" one line. Thereby fixing Fedora build. (Package
probably needs further tuning to fit into a Fedora environment.)
/usr/lib64/apache2-itk /usr/lib64/apache2-itk/mod_actions.so /usr/lib64/apache2-itk/mod_alias.so /usr/lib64/apache2-itk/mod_asis.so /usr/lib64/apache2-itk/mod_auth_basic.so /usr/lib64/apache2-itk/mod_auth_digest.so /usr/lib64/apache2-itk/mod_authn_alias.so /usr/lib64/apache2-itk/mod_authn_anon.so /usr/lib64/apache2-itk/mod_authn_dbd.so /usr/lib64/apache2-itk/mod_authn_dbm.so /usr/lib64/apache2-itk/mod_authn_default.so /usr/lib64/apache2-itk/mod_authn_file.so /usr/lib64/apache2-itk/mod_authnz_ldap.so /usr/lib64/apache2-itk/mod_authz_dbm.so /usr/lib64/apache2-itk/mod_authz_default.so /usr/lib64/apache2-itk/mod_authz_groupfile.so /usr/lib64/apache2-itk/mod_authz_host.so /usr/lib64/apache2-itk/mod_authz_owner.so /usr/lib64/apache2-itk/mod_authz_user.so /usr/lib64/apache2-itk/mod_autoindex.so /usr/lib64/apache2-itk/mod_bucketeer.so /usr/lib64/apache2-itk/mod_cache.so /usr/lib64/apache2-itk/mod_case_filter.so /usr/lib64/apache2-itk/mod_case_filter_in.so /usr/lib64/apache2-itk/mod_cern_meta.so /usr/lib64/apache2-itk/mod_cgi.so /usr/lib64/apache2-itk/mod_charset_lite.so /usr/lib64/apache2-itk/mod_dav.so /usr/lib64/apache2-itk/mod_dav_fs.so /usr/lib64/apache2-itk/mod_dav_lock.so /usr/lib64/apache2-itk/mod_dbd.so /usr/lib64/apache2-itk/mod_deflate.so /usr/lib64/apache2-itk/mod_dir.so /usr/lib64/apache2-itk/mod_disk_cache.so /usr/lib64/apache2-itk/mod_dumpio.so /usr/lib64/apache2-itk/mod_echo.so /usr/lib64/apache2-itk/mod_env.so /usr/lib64/apache2-itk/mod_expires.so /usr/lib64/apache2-itk/mod_ext_filter.so /usr/lib64/apache2-itk/mod_file_cache.so /usr/lib64/apache2-itk/mod_filter.so /usr/lib64/apache2-itk/mod_headers.so /usr/lib64/apache2-itk/mod_ident.so /usr/lib64/apache2-itk/mod_imagemap.so /usr/lib64/apache2-itk/mod_include.so /usr/lib64/apache2-itk/mod_info.so /usr/lib64/apache2-itk/mod_ldap.so /usr/lib64/apache2-itk/mod_log_config.so /usr/lib64/apache2-itk/mod_log_forensic.so /usr/lib64/apache2-itk/mod_logio.so /usr/lib64/apache2-itk/mod_mem_cache.so /usr/lib64/apache2-itk/mod_mime.so /usr/lib64/apache2-itk/mod_mime_magic.so /usr/lib64/apache2-itk/mod_negotiation.so /usr/lib64/apache2-itk/mod_optional_fn_export.so /usr/lib64/apache2-itk/mod_optional_fn_import.so /usr/lib64/apache2-itk/mod_optional_hook_export.so /usr/lib64/apache2-itk/mod_optional_hook_import.so /usr/lib64/apache2-itk/mod_proxy.so /usr/lib64/apache2-itk/mod_proxy_ajp.so /usr/lib64/apache2-itk/mod_proxy_balancer.so /usr/lib64/apache2-itk/mod_proxy_connect.so /usr/lib64/apache2-itk/mod_proxy_ftp.so /usr/lib64/apache2-itk/mod_proxy_http.so /usr/lib64/apache2-itk/mod_proxy_scgi.so /usr/lib64/apache2-itk/mod_reqtimeout.so /usr/lib64/apache2-itk/mod_rewrite.so /usr/lib64/apache2-itk/mod_setenvif.so /usr/lib64/apache2-itk/mod_speling.so /usr/lib64/apache2-itk/mod_ssl.so /usr/lib64/apache2-itk/mod_status.so /usr/lib64/apache2-itk/mod_substitute.so /usr/lib64/apache2-itk/mod_suexec.so /usr/lib64/apache2-itk/mod_unique_id.so /usr/lib64/apache2-itk/mod_userdir.so /usr/lib64/apache2-itk/mod_usertrack.so /usr/lib64/apache2-itk/mod_version.so /usr/lib64/apache2-itk/mod_vhost_alias.so /usr/sbin/httpd2-itk
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon May 13 04:23:42 2013