Opened 4 years ago

Closed 4 years ago

#9842 closed enhancement (fixed)

httpd-2.4.28

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by bdubbs@…, 4 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

Taking a lot of packages. I hope to get them all done this weekend.

comment:2 by bdubbs@…, 4 years ago

Changelog Apache 2.4

03-October-2017 Changes with Apache 2.4.28

Apache Lounge changes:

  *) Upgraded nghttp2 to 1.26.0 from 1.24.0.1 (Changelog)

  *) Upgraded brotli lib to 1.0.1 from master 1.0.0 (30-06-2017) (Changelog)

  *) Updgraded libxml2 to 2.9.5 from 2.9.4 (Changelog)

  *) Upgraded expat to 2.2.4 from 2.2.1 (Changelog)

ASF changes:

  *) SECURITY: CVE-2017-9798 (cve.mitre.org)
     Corrupted or freed memory access.  must now be used in the
     main configuration file (httpd.conf) to register HTTP methods before the
     .htaccess files.  [Yann Ylavic]

  *) event: Avoid possible blocking in the listener thread when shutting down
     connections. PR 60956.  [Yann Ylavic]

  *) mod_speling: Don't embed referer data in a link in error page.
     PR 38923 [Nick Kew]

  *) htdigest: prevent a buffer overflow when a string exceeds the allowed max
     length in a password file.
     [Luca Toscano, Hanno Böck ]

  *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
     [Jim Jagielski]

  *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
     PR 61142.

  *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
     down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
     's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]

  *) mod_http2: Fix for stalling when more than 32KB are written to a
     suspended stream.  [Stefan Eissing]

  *) build: allow configuration without APR sources.  [Jacob Champion]

  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.
     [Bernard Spil , Michael Schlenker ,
      Yann Ylavic]

  *) core/log: Support use of optional "tag" in syslog entries.
     PR 60525. [Ben Rubson , Jim Jagielski]

  *) mod_proxy: Fix ProxyAddHeaders merging.  [Joe Orton]
 
  *) core: Disallow multiple Listen on the same IP:port when listener buckets
     are configured (ListenCoresBucketsRatio > 0), consistently with the single
     bucket case (default), thus avoiding the leak of the corresponding socket
     descriptors on graceful restart.  [Yann Ylavic]

  *) event: Avoid listener periodic wake ups by using the pollset wake-ability
     when available.  PR 57399.  [Yann Ylavic, Luca Toscano]

  *) mod_proxy_wstunnel: Fix detection of unresponded request which could have
     led to spurious HTTP 502 error messages sent on upgrade connections.
     PR 61283.  [Yann Ylavic]

comment:3 by bdubbs@…, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 19310.

Note: See TracTickets for help on using tickets.