Name: apache2-worker	Distribution: openSUSE:Factory:zSystems
Version: 2.4.65	Vendor: openSUSE
Release: 2.2	Build date: Tue Sep 23 15:37:34 2025
Group: Productivity/Networking/Web/Servers	Build host: reproducible
Size: 4730265	Source RPM: apache2-worker-2.4.65-2.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://httpd.apache.org/
Summary: The Apache HTTPD Server

The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating
systems including UNIX and Windows. The goal of this project
is to provide a secure, efficient and extensible server that
provides HTTP services in sync with the current HTTP standards.

Provides

Requires

License

Apache-2.0

Changelog

* Tue Sep 23 2025 pgajdos@suse.com
- httpd testsuite of svn revision 1928711, fixes the failure
caused by libxml2 version update to 2.14
* Wed Jul 23 2025 pgajdos@suse.com
- version update to 2.4.65
* ) SECURITY: CVE-2025-54090: Apache HTTP Server: 'RewriteCond expr'
always evaluates to true in 2.4.64 (cve.mitre.org)
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond
expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes
the issue.
* Fri Jul 18 2025 Martin Schreiner <martin.schreiner@suse.com>
* Refresh patches:
- apache-test-application-xml-type.patch
- apache-test-turn-off-variables-in-ssl-var-lookup.patch
- apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
- apache2-LimitRequestFieldSize-limits-headers.patch
* Update to 2.4.64.
* CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase
* CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack
* CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service
* CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption
* CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping
* CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths
* CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header
* CVE-2024-42516: Apache HTTP Server: HTTP response splitting
* mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer
size.
* mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5
builds which enable it in libssl natively.
* mod_asis: Fix the log level of the message AH01236.
* mod_session_dbd: ensure format used with SessionDBDCookieName and
SessionDBDCookieName2 are correct.
* mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could
inadvertently modify the Content-Type _response_ header. Applies to
Content-Type only and likely to only affect static file responses.
* mod_ssl: Remove warning over potential uninitialised value
for ssl protocol prior to protocol selection.
* mod_proxy: Reuse ProxyRemote connections when possible, like prior
to 2.4.59.
* mod_systemd: Add systemd socket activation support.
* mod_systemd: Log the SELinux context at startup if available and
enabled.
* mod_http2: update to version 2.0.32
The code setting the connection window size was set wrong,
preventing `H2WindowSize` to work.
* mod_http2: update to version 2.0.30
- Fixed bug in handling over long response headers. When the 64 KB limit
of nghttp2 was exceeded, the request was not reset and the client was
left hanging, waiting for it. Now the stream is reset.
- Added new directive `H2MaxHeaderBlockLen` to set the limit on response
header sizes.
- Fixed handling of Timeout vs. KeepAliveTimeout when first request on a
connection was reset.
* mod_lua: Fix memory handling in LuaOutputFilter.
* mod_proxy_http2: revert r1912193 for detecting broken backend connections
as this interferes with backend selection who a node is unresponsive.
* mod_proxy_balancer: Fix a regression that caused stickysession keys no
longer be recognized if they are provided as query parameter in the URL.
* mod_md: update to version 2.5.2
- Fixed TLS-ALPN-01 challenges when multiple `MDPrivateKeys` are specified
with EC keys before RSA ones.
- Fixed missing newlines in the status page output.
* mod_dav: Add API to expose DavBasePath setting.
* mod_md: update to version 2.5.1
- Added support for ACME profiles with new directives MDProfile and
MDProfileMandatory.
- When installing a custom CA file via `MDCACertificateFile`, also set the
libcurl option CURLSSLOPT_NO_REVOKE that suppresses complains by Schannel
(when curl is linked with it) about missing CRL/OCSP in certificates.
- Fixed handling of corrupted httpd.json and added test 300_30 for it.
File is removed on error and written again. Fixes #369.
- Added explanation in log for how to proceed when md_store.json could not be
parsed and prevented the server start.
- restored fixed to #336 and #337 which got lost in a sync with Apache svn
- Add Issue Name/Uris to certificate information in md-status handler
- MDomains with static certificate files have MDRenewMode "manual", unless
"always" is configured.
* core: Report invalid Options= argument when parsing AllowOverride
directives.
* scoreboard/mod_http2: record durations of HTTP/2 requests.
* Mon Mar 10 2025 Martin Schreiner <martin.schreiner@suse.com>
- Update to 2.4.63:
* mod_dav: Update redirect-carefully example BrowserMatch config
to match more recent client versions.
* mod_cache_socache: Fix possible crash on error path.
* mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
* mod_md: update to version 2.4.31
- Improved error reporting when waiting for ACME server to verify
domains or finalizing the order fails, e.g. times out.
- Increasing the timeouts to wait for ACME server to verify domain
names and issue the certificate from 30 seconds to 5 minutes.
- Change a log level from error to debug when Stapling is enabled
but a certificate carries no OCSP responder URL.
* mod_proxy_balancer: Fix the handling of the stickysession
configuration parameter by the balancer manager.
* Add the ldap-search option to mod_authnz_ldap, allowing
authorization to be based on arbitrary expressions that do not
include the username. Make sure that when ldap searches are too
long, we explicitly log the error.
* mod_proxy: Honor parameters of ProxyPassMatch workers with substitution
in the host name or port.
* mod_log_config: Fix merging for the "LogFormat" directive.
* mod_lua: Make r.ap_auth_type writable.
* mod_md: update to version 2.4.29
- Fixed HTTP-01 challenges to not carry a final newline, as some
ACME server fail to ignore it.
- Fixed missing label+newline in server-status plain text output
when MDStapling is enabled.
* mod_ssl: Restore support for loading PKCS#11 keys via ENGINE
without "SSLCryptoDevice" configured.
* mod_authnz_ldap: Fix possible memory corruption if the
AuthLDAPSubGroupAttribute directive is configured.
* mod_proxy_fcgi: Don't re-encode SCRIPT_FILENAME when set via SetHandler.
* mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten URLs,
including "unix:" ones.
* mod_rewrite: Error out in case a RewriteRule in directory context
uses the proxy, but mod_proxy is not loaded.
* http: Remove support for Request-Range header sent by Navigator
2-3 and MSIE 3.
* mod_rewrite: Don't require flag to preserve a leading // added by
applying the perdir prefix to the substitution.
* Windows: Restore the ability to "Include" configuration files on
UNC paths.
* mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs
in Location (incomplete fix in 2.4.62).
* mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/' is messed
up, this could prevent further renewals to happen. Now, when the
staging set is present, but could not be activated due to an
error, purge the whole directory.
- Fix certificate retrieval on ACME renewal to not require a
'Location:' header returned by the ACME CA. This was the way it
was done in ACME before it became an IETF standard. Let's
Encrypt still supports this, but other CAs do not.
- Restore compatibility with OpenSSL < 1.1.
* mod_tls: removed the experimental module. It now is availble
standalone from https://github.com/icing/mod_tls. The rustls
provided API is not stable and does not align with the httpd
release cycle.
* mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
* mod_http2: Return connection monitoring to the event MPM when
blocking on client updates.
* Tue Jan 14 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Fix builds of test package with RPM 4.20:
+ noarch packages cannot rely on libdir, which is an
arch-dependent variable. Rely on apxs -q libdir to extract the
correct information instead.
* Tue Nov 05 2024 Martin Schreiner <martin.schreiner@suse.com>
- Update httpd-framework to svn1921782.
- Fixes Apache's impact on bsc#1218342.
* Mon Nov 04 2024 Jan Engelhardt <jengelh@inai.de>
- Explicitly mark start_apache2 as bash-dependent.
* Mon Sep 30 2024 Thorsten Kukuk <kukuk@suse.com>
- Add /srv/www directories to filelist [bsc#1231027]
(apache2 will not start since default config uses this directory)
* Sat Aug 03 2024 Arjen de Korte <suse+build@de-korte.org>
- Update to 2.4.62
* ) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
mod_rewrite in server/vhost context on Windows (cve.mitre.org)
[boo#1228098]
SSRF in Apache HTTP Server on Windows with mod_rewrite in
server/vhost context, allows to potentially leak NTML hashes to
a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes
this issue.
Credits: Smi1e (DBAPPSecurity Ltd.)
* ) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
[boo#1228097]
A partial fix for CVE-2024-39884 in the core of Apache HTTP
Server 2.4.61 ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes
this issue.
* ) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
"balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
with BalancerMember(s). PR 69168. [Yann Ylavic]
* ) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
PR 69160 [Yann Ylavic]
* ) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
[Joe Orton]
* ) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
* ) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
[Ruediger Pluem, Yann Ylavic]
* ) mpm_worker: Fix possible warning (AH00045) about children processes not
terminating timely. [Yann Ylavic]
* Thu Jul 04 2024 Arjen de Korte <suse+build@de-korte.org>
- Update to 2.4.61
* ) SECURITY: CVE-2024-39884: Apache HTTP Server: source code
disclosure with handlers configured via AddType (cve.mitre.org)
[boo#1227353]
A regression in the core of Apache HTTP Server 2.4.60 ignores
some use of the legacy content-type based configuration of
handlers. "AddType" and similar configuration, under some
circumstances where files are requested indirectly, result in
source code disclosure of local content. For example, PHP
scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes
this issue.
- Update to 2.4.60
* ) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy
handler substitution (cve.mitre.org) [boo#1227271]
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and
earlier allows an attacker to cause unsafe RewriteRules to
unexpectedly setup URL's to be handled by mod_proxy.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in
Denial of Service in mod_proxy via a malicious request
(cve.mitre.org) [boo#1227270]
null pointer dereference in mod_proxy in Apache HTTP Server
2.4.59 and earlier allows an attacker to crash the server via a
malicious request.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38476: Apache HTTP Server may use
exploitable/malicious backend application output to run local
handlers via internal redirect (cve.mitre.org) [boo#1227269]
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier
are vulnerably to information disclosure, SSRF or local script
execution via backend applications whose response headers are
malicious or exploitable.
Note: Some legacy uses of the 'AddType' directive to connect a
request to a handler must be ported to 'AddHandler' after this fix.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in
mod_rewrite when first segment of substitution matches
filesystem path. (cve.mitre.org) [boo#1227268]
Improper escaping of output in mod_rewrite in Apache HTTP Server
2.4.59 and earlier allows an attacker to map URLs to filesystem
locations that are permitted to be served by the server but are
not intentionally/directly reachable by any URL, resulting in
code execution or source code disclosure.
Substitutions in server context that use a backreferences or
variables as the first segment of the substitution are affected.
Some unsafe RewiteRules will be broken by this change and the
rewrite flag "UnsafePrefixStat" can be used to opt back in once
ensuring the substitution is appropriately constrained.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with
encoded question marks in backreferences (cve.mitre.org)
[boo#1227278]
Substitution encoding issue in mod_rewrite in Apache HTTP Server
2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly
reachable by any URL or source disclosure of scripts meant to
only to be executed as CGI.
Note: Some RewriteRules that capture and substitute unsafely will now
fail unless rewrite flag "UnsafeAllow3F" is specified.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding
problem (cve.mitre.org) [boo#1227276]
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and
earlier allows request URLs with incorrect encoding to be sent
to backend services, potentially bypassing authentication via
crafted requests.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
(cve.mitre.org) [boo#1227267]
SSRF in Apache HTTP Server on Windows allows to potentially leak
NTML hashes to a malicious server via SSRF and malicious
requests or content
Note: Existing configurations that access UNC paths
will have to configure new directive "UNCList" to allow access
during request processing.
Credits: Orange Tsai (@orange_8361) from DEVCORE
* ) SECURITY: CVE-2024-36387: Apache HTTP Server: DoS by Null
pointer in websocket over HTTP/2 (cve.mitre.org) [boo#1227272]
Serving WebSocket protocol upgrades over a HTTP/2 connection
could result in a Null Pointer dereference, leading to a crash
of the server process, degrading performance.
Credits: Marc Stern (<marc.stern AT approach-cyber.com>)
* ) mod_proxy: Fix DNS requests and connections closed before the
configured addressTTL. BZ 69126. [Yann Ylavic]
* ) core: On Linux, log the real thread ID in error logs. [Joe Orton]
* ) core: Support zone/scope in IPv6 link-local addresses in Listen and
VirtualHost directives (requires APR 1.7.x or later). PR 59396
[Joe Orton]
* ) mod_ssl: Reject client-initiated renegotiation with a TLS alert
(rather than connection closure). [Joe Orton, Yann Ylavic]
* ) Updated mime.types. [Mohamed Akram <mohd.akram outlook.com>,
Adam Silverstein <adamsilverstein earthboundhosting.com>]
* ) mod_ssl: Fix a regression that causes the default DH parameters for a key
no longer set and thus effectively disabling DH ciphers when no explicit
DH parameters are set. PR 68863 [Ruediger Pluem]
* ) mod_cgid: Optional support for file descriptor passing, fixing
error log handling (configure --enable-cgid-fdpassing) on Unix
platforms. PR 54221. [Joe Orton]
* ) mod_cgid/mod_cgi: Distinguish script stderr output clearly in
error logs. PR 61980. [Hank Ibell <hwibell gmail.com>]
* ) mod_tls: update version of rustls-ffi to v0.13.0.
[Daniel McCarney (@cpu}]
* ) mod_md:
- Using OCSP stapling information to trigger certificate renewals. Proposed
by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.
- removed patches (upstreamed)
- apache2-issue-444.patch
* Sat Jun 15 2024 Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Require main apache2 package in MPM packages (boo#1226379)
* Thu Jun 13 2024 pgajdos@suse.com
- added patches [bsc#1226217]
https://github.com/apache/httpd/pull/444/commits/c2fffd29b0f58bdc9caaaff4fec68e17a676f182
+ apache2-issue-444.patch
* Thu Apr 04 2024 Arjen de Korte <suse+build@de-korte.org>
- Update to 2.4.59:
* ) mod_deflate: Fixes and better logging for handling various
error and edge cases. [Eric Covener, Yann Ylavic, Joe Orton,
Eric Norris <enorris etsy.com>]
* ) Add CGIScriptTimeout to mod_cgi. [Eric Covener]
* ) mod_xml2enc: Tolerate libxml2 2.12.0 and later. PR 68610
[ttachi <tachihara AT hotmail.com>]
* ) mod_slotmem_shm: Use ap_os_is_path_absolute() to make it portable.
[Jean-Frederic Clere]
* ) mod_ssl: Use OpenSSL-standard functions to assemble CA
name lists for SSLCACertificatePath/SSLCADNRequestPath.
Names will now be consistently sorted. PR 61574.
[Joe Orton]
* ) mod_xml2enc: Update check to accept any text/ media type
or any XML media type per RFC 7303, avoiding
corruption of Microsoft OOXML formats. PR 64339.
[Joseph Heenan <joseph.heenan fintechlabs.io>, Joe Orton]
* ) mod_http2: v2.0.26 with the following fixes:
- Fixed `Date` header on requests upgraded from HTTP/1.1 (h2c). Fixes
<https://github.com/icing/mod_h2/issues/272>.
- Fixed small memory leak in h2 header bucket free. Thanks to
Michael Kaufmann for finding this and providing the fix.
* ) htcacheclean: In -a/-A mode, list all files per subdirectory
rather than only one. PR 65091.
[Artem Egorenkov <aegorenkov.91 gmail.com>]
* ) mod_ssl: SSLProxyMachineCertificateFile/Path may reference files
which include CA certificates; those CA certs are treated as if
configured with SSLProxyMachineCertificateChainFile. [Joe Orton]
* ) htpasswd, htdbm, dbmmanage: Update help&docs to refer to
"hashing", rather than "encrypting" passwords.
[Michele Preziuso <mpreziuso kaosdynamics.com>]
* ) mod_ssl: Fix build with LibreSSL 2.0.7+. PR 64047.
[Giovanni Bechis, Yann Ylavic]
* ) htpasswd: Add support for passwords using SHA-2. [Joe Orton,
Yann Ylavic]
* ) core: Allow mod_env to override system environment vars. [Joe Orton]
* ) Allow mod_dav_fs to tolerate race conditions between PROPFIND and an
operation which removes a directory/file between apr_dir_read() and
apr_stat(). Current behaviour is to abort the connection which seems
inferior to tolerating (and logging) the error. [Joe Orton]
* ) mod_ldap: HTML-escape data in the ldap-status handler.
[Eric Covener, Chamal De Silva]
* ) mod_ssl: Disable the OpenSSL ENGINE API when OPENSSL_NO_ENGINE is set.
Allow for "SSLCryptoDevice builtin" if the ENGINE API is not available,
notably with OpenSSL >= 3. PR 68080. [Yann Ylavic, Joe Orton]
* ) mod_ssl: Improve compatibility with OpenSSL 3, fix build warnings about
deprecated ENGINE_ API, honor OPENSSL_API_COMPAT setting while defaulting
to compatibitily with version 1.1.1 (including ENGINEs / SSLCryptoDevice).
[Yann Ylavic]
* ) mod_ssl: release memory to the OS when needed. [Giovanni Bechis]
* ) mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when
some dollar substitution (backreference) happens in the hostname or port
part of the URL. [Yann Ylavic]
* ) mod_proxy: Allow to set a TTL for how long DNS resolutions to backend
systems are cached. [Yann Ylavic]
* ) mod_proxy: Add optional third argument for ProxyRemote, which
configures Basic authentication credentials to pass to the remote
proxy. PR 37355. [Joe Orton]
* Tue Feb 20 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
* Mon Jan 29 2024 Dirk Müller <dmueller@suse.com>
- use grep -E for egrep
* Thu Oct 19 2023 David Anes <david.anes@suse.com>
- Update to 2.4.58:
* ) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2 stream was reset (RST frame) by a client, there
was a time window were the request's memory resources were not
reclaimed immediately. Instead, de-allocation was deferred to
connection close. A client could send new requests and resets,
keeping the connection busy and open and causing the memory
footprint to keep on growing. On connection close, all resources
were reclaimed, but the process might run out of memory before
that.
This was found by the reporter during testing of CVE-2023-44487
(HTTP/2 Rapid Reset Exploit) with their own test client. During
"normal" HTTP/2 use, the probability to hit this bug is very
low. The kept memory would not become noticeable before the
connection closes or times out.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Will Dormann of Vul Labs
* ) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
initial windows size 0 (cve.mitre.org)
An attacker, opening a HTTP/2 connection with an initial window
size of 0, was able to block handling of that connection
indefinitely in Apache HTTP Server. This could be used to
exhaust worker resources in the server, similar to the well
known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection
are terminated properly after the configured connection timeout.
This issue affects Apache HTTP Server: from 2.4.55 through
2.4.57.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Prof. Sven Dietrich (City University of New York)
* ) SECURITY: CVE-2023-31122: mod_macro buffer over-read
(cve.mitre.org)
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.This issue affects Apache HTTP Server: through 2.4.57.
Credits: David Shoon (github/davidshoon)
* ) mod_ssl: Silence info log message "SSL Library Error: error:0A000126:
SSL routines::unexpected eof while reading" when using
OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if
available. [Rainer Jung]
* ) mod_http2: improved early cleanup of streams.
[Stefan Eissing]
* ) mod_proxy_http2: improved error handling on connection errors while
response is already underway.
[Stefan Eissing]
* ) mod_http2: fixed a bug that could lead to a crash in main connection
output handling. This occured only when the last request on a HTTP/2
connection had been processed and the session decided to shut down.
This could lead to an attempt to send a final GOAWAY while the previous
write was still in progress. See PR 66646.
[Stefan Eissing]
* ) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value.
Fixes PR66752.
[Stefan Eissing]
* ) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as
described in RFC 8441. A new directive 'H2WebSockets on|off' has been
added. The feature is by default not enabled.
As also discussed in the manual, this feature should work for setups
using "ProxyPass backend-url upgrade=websocket" without further changes.
Special server modules for WebSockets will have to be adapted,
most likely, as the handling if IO events is different with HTTP/2.
HTTP/2 WebSockets are supported on platforms with native pipes. This
excludes Windows.
[Stefan Eissing]
* ) mod_rewrite: Fix a regression with both a trailing ? and [QSA].
in OCSP stapling. PR 66672. [Frank Meier <frank.meier ergon.ch>, covener]
* ) mod_http2: fixed a bug in flushing pending data on an already closed
connection that could lead to a busy loop, preventing the HTTP/2 session
to close down successfully. Fixed PR 66624.
[Stefan Eissing]
* ) mod_http2: v2.0.15 with the following fixes and improvements
- New directive 'H2EarlyHint name value' to add headers to a response,
picked up already when a "103 Early Hints" response is sent. 'name' and
'value' must comply to the HTTP field restrictions.
This directive can be repeated several times and header fields of the
same names add. Sending a 'Link' header with 'preload' relation will
also cause a HTTP/2 PUSH if enabled and supported by the client.
- Fixed an issue where requests were not logged and accounted in a timely
fashion when the connection returns to "keepalive" handling, e.g. when
the request served was the last outstanding one.
This led to late appearance in access logs with wrong duration times
reported.
- Accurately report the bytes sent for a request in the '%O' Log format.
This addresses #203, a long outstanding issue where mod_h2 has reported
numbers over-eagerly from internal buffering and not what has actually
been placed on the connection.
The numbers are now the same with and without H2CopyFiles enabled.
[Stefan Eissing]
* ) mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
[Stefan Eissing]
* ) mod_rewrite: Add server directory to include path as mod_rewrite requires
test_char.h. PR 66571 [Valeria Petrov <valeria.petrov@spinetix.com>]
* ) mod_http2: new directive `H2ProxyRequests on|off` to enable handling
of HTTP/2 requests in a forward proxy configuration.
General forward proxying is enabled via `ProxyRequests`. If the
HTTP/2 protocol is also enabled for such a server/host, this new
directive is needed in addition.
[Stefan Eissing]
* ) core: Updated conf/mime.types:
- .js moved from 'application/javascript' to 'text/javascript'
- .mjs was added as 'text/javascript'
- add .opus ('audio/ogg')
- add 'application/vnd.geogebra.slides'
- add WebAssembly MIME types and extension
[Mathias Bynens <@mathiasbynens> via PR 318,
Richard de Boer <richard tubul.net>, Dave Hodder <dmh dmh.org.uk>,
Zbynek Konecny <zbynek1729 gmail.com>]
* ) mod_proxy_http2: fixed using the wrong "bucket_alloc" from the backend
connection when sending data on the frontend one. This caused crashes
or infinite loops in rare situations.
* ) mod_proxy_http2: fixed a bug in retry/response handling that could lead
to wrong status codes or HTTP messages send at the end of response bodies
exceeding the announced content-length.
* ) mod_proxy_http2: fix retry handling to not leak temporary errors.
On detecting that that an existing connection was shutdown by the other
side, a 503 response leaked even though the request was retried on a
fresh connection.
* ) mod_http2: fixed a bug that did cleanup of consumed and pending buckets in
the wrong order when a bucket_beam was destroyed.
[Stefan Eissing]
* ) mod_http2: avoid double chunked-encoding on internal redirects.
PR 66597 [Yann Ylavic, Stefan Eissing]
* ) mod_http2: Fix reporting of `Total Accesses` in server-status to not count
HTTP/2 requests twice. Fixes PR 66801.
[Stefan Eissing]
* ) mod_ssl: Fix handling of Certificate Revoked messages
in OCSP stapling. PR 66626. [<gmoniker gmail.com>]
* ) mod_http2: fixed a bug in handling of stream timeouts.
[Stefan Eissing]
* ) mod_tls: updating to rustls-ffi version 0.9.2 or higher.
Checking in configure for proper version installed. Code
fixes for changed clienthello member name.
[Stefan Eissing]
* ) mod_md:
- New directive `MDMatchNames all|servernames` to allow more control over how
MDomains are matched to VirtualHosts.
- New directive `MDChallengeDns01Version`. Setting this to `2` will provide
the command also with the challenge value on `teardown` invocation. In version
1, the default, only the `setup` invocation gets this parameter.
Refs #312. Thanks to @domrim for the idea.
- For Managed Domain in "manual" mode, the checks if all used ServerName and
ServerAlias are part of the MDomain now reports a warning instead of an error
(AH10040) when not all names are present.
- MDChallengeDns01 can now be configured for individual domains.
Using PR from JÃ©rÃ´me Billiras (@bilhackmac) and adding test case and fixing proper working
- Fixed a bug found by JÃ©rÃ´me Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
* ) mod_ldap: Avoid performance overhead of APR-util rebind cache for
OpenLDAP 2.2+. PR 64414. [Joe Orton]
* ) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximum
amount of response body bytes put into a single HTTP/2 DATA frame.
Setting this to 0 places no limit (but the max size allowed by the
protocol is observed).
The module, by default, tries to use the maximum size possible, which is
somewhat around 16KB. This sets the maximum. When less response data is
available, smaller frames will be sent.
* ) mod_md: fixed passing of the server environment variables to programs
started via MDMessageCmd and MDChallengeDns01 on *nix system.
See <https://github.com/icing/mod_md/issues/319>.
[Stefan Eissing]
* ) mod_dav: Add DavBasePath directive to configure the repository root
path. PR 35077. [Joe Orton]
* ) mod_alias: Add AliasPreservePath directive to map the full
path after the alias in a location. [Graham Leggett]
* ) mod_alias: Add RedirectRelative to allow relative redirect targets to be
issued as-is. [Eric Covener, Graham Leggett]
* ) core: Add formats %{z} and %{strftime-format} to ErrorLogFormat, and make
sure that if the format is configured early enough it applies to every log
line. PR 62161. [Yann Ylavic]
* ) mod_deflate: Add DeflateAlterETag to control how the ETag
is modified. The 'NoChange' parameter mimics 2.2.x behavior.
PR 45023, PR 39727. [Eric Covener]
* ) core: Optimize send_brigade_nonblocking(). [Yann Ylavic, Christophe Jaillet]
* ) mod_status: Remove duplicate keys "BusyWorkers" and "IdleWorkers".
Resolve inconsistency between the previous two occurrences by
counting workers in state SERVER_GRACEFUL no longer as busy,
but instead in a new counter "GracefulWorkers" (or on HTML
view as "workers gracefully restarting"). Also add the graceful
counter as a new column to the existing HTML per process table
for async MPMs. PR 63300. [Rainer Jung]
* Sat Aug 05 2023 Dirk Stoecker <opensuse@dstoecker.de>
- Enable building of mod_md
* Fri Apr 07 2023 Arjen de Korte <suse+build@de-korte.org>
- Update to 2.4.57:
* ) mod_proxy: Check before forwarding that a nocanon path has not been
rewritten with spaces during processing. [Yann Ylavic]
* ) mod_proxy: In case that AllowEncodedSlashes is set to NoDecode do not
double encode encoded slashes in the URL sent by the reverse proxy to the
backend. [Ruediger Pluem]
* ) mod_http2: fixed a crash during connection termination. See PR 66539.
[Stefan Eissing]
* ) mod_rewrite: Fix a 2.4.56 regression for substitutions ending
in a question mark. PR66547. [Eric Covener]
* ) mod_rewrite: Add "BCTLS" and "BNE" RewriteRule flags. Re-allow encoded
characters on redirections without the "NE" flag.
[Yann Ylavic, Eric Covener]
* ) mod_proxy: Fix double encoding of the uri-path of the request forwarded
to the origin server, when using mapping=encoded|servlet. [Yann Ylavic]
* ) mod_mime: Do not match the extention against possible query string
parameters in case ProxyPass was used with the nocanon option.
[Ruediger Pluem]
* Wed Mar 08 2023 David Anes <david.anes@suse.com>
- This update fixes the following security issues:
* CVE-2023-27522 [bsc#1209049]: mod_proxy_uwsgi HTTP response splitting
* CVE-2023-25690 [bsc#1209047]: HTTP request splitting with mod_rewrite and mod_proxy
- Update to 2.4.56:
* ) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated. [Eric Covener]
* ) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file. PR 66421.
[nailyk <bzapache nailyk.fr>, Christophe Jaillet]
* ) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
of headers. [Ruediger Pluem]
* ) mod_md:
- Enabling ED25519 support and certificate transparency information when
building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis.
- MDChallengeDns01 can now be configured for individual domains.
Thanks to Jérôme Billiras (@bilhackmac) for the initial PR.
- Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge
teardown not being invoked as it should.
[Stefan Eissing]
* ) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
reported in access logs and error documents. The processing of the
reset was correct, only unneccesary reporting was caused.
[Stefan Eissing]
* ) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
[Yann Ylavic]
* Wed Jan 18 2023 David Anes <david.anes@suse.com>
- This update fixes the following security issues:
* CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
* CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
* CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
- Update to 2.4.55:
* ) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to
2.4.55 allows a backend to trigger HTTP response splitting
(cve.mitre.org)
Prior to Apache HTTP Server 2.4.55, a malicious backend can
cause the response headers to be truncated early, resulting in
some headers being incorporated into the response body. If the
later headers have any security purpose, they will not be
interpreted by the client.
Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer)
* ) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp
Possible request smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.54 and prior versions.
Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec
at Qi'anxin Group
* ) SECURITY: CVE-2006-20001: mod_dav out of bounds read, or write
of zero byte (cve.mitre.org)
A carefully crafted If: request header can cause a memory read,
or write of a single zero byte, in a pool (heap) memory location
beyond the header value sent. This could cause the process to
crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
* ) mod_dav: Open the lock database read-only when possible.
PR 36636 [Wilson Felipe <wfelipe gmail.com>, manu]
* ) mod_proxy_http2: apply the standard httpd content type handling
to responses from the backend, as other proxy modules do. Fixes PR 66391.
Thanks to Jérôme Billiras for providing the patch.
[Stefan Eissing]
* ) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
[Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
<alejandro.alvarez.ayllon cern.ch>]
* ) mod_proxy_hcheck: Honor worker timeout settings. [Yann Ylavic]
* ) mod_http2: version 2.0.10 of the module, synchronizing changes
with the gitgub version. This is a partial rewrite of how connections
and streams are handled.
- an APR pollset and pipes (where supported) are used to monitor
the main connection and react to IO for request/response handling.
This replaces the stuttered timed waits of earlier versions.
- H2SerializeHeaders directive still exists, but has no longer an effect.
- Clients that seemingly misbehave still get less resources allocated,
but ongoing requests are no longer disrupted.
- Fixed an issue since 1.15.24 that "Server" headers in proxied requests
were overwritten instead of preserved. [PR by @daum3ns]
- A regression in v1.15.24 was fixed that could lead to httpd child
processes not being terminated on a graceful reload or when reaching
MaxConnectionsPerChild. When unprocessed h2 requests were queued at
the time, these could stall. See #212.
- Improved information displayed in 'server-status' for H2 connections when
Extended Status is enabled. Now one can see the last request that IO
operations happened on and transferred IO stats are updated as well.
- When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection
send a GOAWAY frame much too early on new connections, leading to invalid
protocol state and a client failing the request. See PR65731 at
<https://bz.apache.org/bugzilla/show_bug.cgi?id=65731>.
The module now initializes the HTTP/2 protocol correctly and allows the
client to submit one request before the shutdown via a GOAWAY frame
is being announced.
- :scheme pseudo-header values, not matching the
connection scheme, are forwarded via absolute uris to the
http protocol processing to preserve semantics of the request.
Checks on combinations of pseudo-headers values/absence
have been added as described in RFC 7540. Fixes #230.
- A bug that prevented trailers (e.g. HEADER frame at the end) to be
generated in certain cases was fixed. See #233 where it prevented
gRPC responses to be properly generated.
- Request and response header values are automatically stripped of leading
and trialing space/tab characters. This is equivalent behaviour to what
Apache httpd's http/1.1 parser does.
The checks for this in nghttp2 v1.50.0+ are disabled.
- Extensive testing in production done by Alessandro Bianchi (@alexskynet)
on the v2.0.x versions for stability. Many thanks!
* ) mod_proxy_http2: fixed #235 by no longer forwarding 'Host:' header when
request ':authority' is known. Improved test case that did not catch that
the previous 'fix' was incorrect.
* ) mod_proxy_hcheck: hcmethod now allows for HTTP/1.1 requests
using GET11, HEAD11 and/or OPTIONS11. [Jim Jagielski]
* ) mod_proxy: The AH03408 warning for a forcibly closed backend
connection is now logged at INFO level. [Yann Ylavic]
* ) mod_ssl: When dumping the configuration, the existence of
certificate/key files is no longer tested. [Joe Orton]
* ) mod_authn_core: Add expression support to AuthName and AuthType.
[Graham Leggett]
* ) mod_ssl: when a proxy connection had handled a request using SSL, an
error was logged when "SSLProxyEngine" was only configured in the
location/proxy section and not the overall server. The connection
continued to work, the error log was in error. Fixed PR66190.
[Stefan Eissing]
* ) mod_proxy_hcheck: Re-enable workers in standard ERROR state. PR 66302.
[Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
* ) mod_proxy_hcheck: Detect AJP/CPING support correctly. PR 66300.
[Alessandro Cavaliere <alessandro.cavalier7 unibo.it>]
* ) mod_http2: Export mod_http2.h as public header. [Stefan Eissing]
* ) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
* ) core: Avoid an overflow on large inputs in ap_is_matchexp. PR 66033
[Ruediger Pluem]
* ) mod_heartmonitor: Allow "HeartbeatMaxServers 0" to use file based
storage instead of slotmem. Needed after setting
HeartbeatMaxServers default to the documented value 10 in 2.4.54.
PR 66131. [Jérôme Billiras]
* ) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery
This is a game changer for performances if client use PROPFIND a lot,
PR 66313. [Emmanuel Dreyfus]
* Mon Dec 12 2022 Dirk Müller <dmueller@suse.com>
- switch to pkgconfig(zlib) so that alternative providers can be
used
* Fri Sep 23 2022 Stephan Kulow <coolo@suse.com>
- The 2.4.54 release brought support for PCRE2, but for that we also
need to change buildrequires to pcre2-devel
* Tue Sep 20 2022 David Anes <david.anes@suse.com>
- Remove references to README.QUICKSTART and point them to
https://en.opensuse.org/SDB:Apache_installation (bsc#1203573)
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Tue Jun 28 2022 Stefan Schubert <schubi@intern>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Wed Jun 08 2022 pgajdos@suse.com
- update httpd-framework to svn revision 1898917
* Wed Jun 08 2022 pgajdos@suse.com
- version update to 2.4.54
Changes with Apache 2.4.54
* ) SECURITY: CVE-2022-31813: mod_proxy X-Forwarded-For dropped by
hop-by-hop mechanism (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin
server/application.
Credits: The Apache HTTP Server project would like to thank
Gaetan Ferry (Synacktiv) for reporting this issue
* ) SECURITY: CVE-2022-30556: Information Disclosure in mod_lua with
websockets (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
* ) SECURITY: CVE-2022-30522: mod_sed denial of service
(cve.mitre.org)
If Apache HTTP Server 2.4.53 is configured to do transformations
with mod_sed in contexts where the input to mod_sed may be very
large, mod_sed may make excessively large memory allocations and
trigger an abort.
Credits: This issue was found by Brian Moussalli from the JFrog
Security Research team
* ) SECURITY: CVE-2022-29404: Denial of service in mod_lua
r:parsebody (cve.mitre.org)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to
a lua script that calls r:parsebody(0) may cause a denial of
service due to no default limit on possible input size.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
* ) SECURITY: CVE-2022-28615: Read beyond bounds in
ap_strcmp_match() (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may crash or disclose
information due to a read beyond bounds in ap_strcmp_match()
when provided with an extremely large input buffer. While no
code distributed with the server can be coerced into such a
call, third-party modules or lua scripts that use
ap_strcmp_match() may hypothetically be affected.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
* ) SECURITY: CVE-2022-28614: read beyond bounds via ap_rwrite()
(cve.mitre.org)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and
earlier may read unintended memory if an attacker can cause the
server to reflect very large input using ap_rwrite() or
ap_rputs(), such as with mod_luas r:puts() function.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
* ) SECURITY: CVE-2022-28330: read beyond bounds in mod_isapi
(cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond
bounds when configured to process requests with the mod_isapi
module.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
* ) SECURITY: CVE-2022-26377: mod_proxy_ajp: Possible request
smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.53 and prior versions.
Credits: Ricter Z @ 360 Noah Lab
* ) mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.
[Petr Sumbera <petr.sumbera oracle.com>, Yann Ylavic]
* ) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
PR 65666. [Yann Ylavic]
* ) mod_md: a bug was fixed that caused very large MDomains
with the combined DNS names exceeding ~7k to fail, as
request bodies would contain partially wrong data from
uninitialized memory. This would have appeared as failure
in signing-up/renewing such configurations.
[Stefan Eissing, Ronald Crane (Zippenhop LLC)]
* ) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
PR 65666. [Yann Ylavic]
* ) MPM event: Restart children processes killed before idle maintenance.
PR 65769. [Yann Ylavic, Ruediger Pluem]
* ) ab: Allow for TLSv1.3 when the SSL library supports it.
[abhilash1232 gmail.com, xiaolongx.jiang intel.com, Yann Ylavic]
* ) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
transmission delays. PR 66019. [Yann Ylavic]
* ) MPM event: Fix accounting of active/total processes on ungraceful restart,
PR 66004 (follow up to PR 65626 from 2.4.52). [Yann Ylavic]
* ) core: make ap_escape_quotes() work correctly on strings
with more than MAX_INT/2 characters, counting quotes double.
Credit to <generalbugs@zippenhop.com> for finding this.
[Stefan Eissing]
* ) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
[Stefan Eissing]
* ) mod_http2: remove unused and insecure code. Fixes PR66037.
Thanks to Ronald Crane (Zippenhop LLC) for reporting this.
[Stefan Eissing]
* ) mod_proxy: Add backend port to log messages to
ease identification of involved service. [Rainer Jung]
* ) mod_http2: removing unscheduling of ongoing tasks when
connection shows potential abuse by a client. This proved
counter-productive and the abuse detection can false flag
requests using server-side-events.
Fixes <https://github.com/icing/mod_h2/issues/231>.
[Stefan Eissing]
* ) mod_md: Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
[Rainer Jung]
* ) mod_md: fixed a bug leading to failed transfers for OCSP
stapling information when more than 6 certificates needed
updates in the same run. [Stefan Eissing]
* ) mod_proxy: Set a status code of 502 in case the backend just closed the
connection in reply to our forwarded request. [Ruediger Pluem]
* ) mod_md: a possible NULL pointer deref was fixed in
the JSON code for persisting time periods (start+end).
Fixes #282 on mod_md's github.
Thanks to @marcstern for finding this. [Stefan Eissing]
* ) mod_heartmonitor: Set the documented default value
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized. [Rainer Jung]
* ) mod_md: added support for managing certificates via a
local tailscale daemon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
[Stefan Eissing]
- modified patches
% apache-test-application-xml-type.patch (refreshed)
% apache-test-turn-off-variables-in-ssl-var-lookup.patch (refreshed)
% apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch (refreshed)
* Mon Mar 14 2022 pgajdos@suse.com
- httpd-framework updated to svn1898917
- deleted patches
- apache-test-DirectorySlash-NotFound-logic.patch (upstreamed)
- apache2-perl-io-socket.patch (upstreamed)
* Mon Mar 14 2022 pgajdos@suse.com
- version update to 2.4.53
* ) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds
(cve.mitre.org)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP
Server allows an attacker to overwrite heap memory with possibly
attacker provided data.
This issue affects Apache HTTP Server 2.4 version 2.4.52 and
prior versions.
Credits: Ronald Crane (Zippenhop LLC)
* ) SECURITY: CVE-2022-22721: core: Possible buffer overflow with
very large or unlimited LimitXMLRequestBody (cve.mitre.org)
If LimitXMLRequestBody is set to allow request bodies larger
than 350MB (defaults to 1M) on 32 bit systems an integer
overflow happens which later causes out of bounds writes.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credits: Anonymous working with Trend Micro Zero Day Initiative
* ) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability
in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org)
Apache HTTP Server 2.4.52 and earlier fails to close inbound
connection when errors are encountered discarding the request
body, exposing the server to HTTP Request Smuggling
Credits: James Kettle <james.kettle portswigger.net>
* ) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of
in r:parsebody (cve.mitre.org)
A carefully crafted request body can cause a read to a random
memory area which could cause the process to crash.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credits: Chamal De Silva
* ) core: Make sure and check that LimitXMLRequestBody fits in system memory.
[Ruediger Pluem, Yann Ylavic]
* ) core: Simpler connection close logic if discarding the request body fails.
[Yann Ylavic, Ruediger Pluem]
* ) mod_http2: preserve the port number given in a HTTP/1.1
request that was Upgraded to HTTP/2. Fixes PR65881.
[Stefan Eissing]
* ) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic]
* ) dbm: Split the loading of a dbm driver from the opening of a dbm file. When
an attempt to load a dbm driver fails, log clearly which driver triggered
the error (not "default"), and what the error was. [Graham Leggett]
* ) mod_proxy: Use the maxium of front end and backend timeouts instead of the
minimum when tunneling requests (websockets, CONNECT requests).
Backend timeouts can be configured more selectively (per worker if needed)
as front end timeouts and typically the backend timeouts reflect the
application requirements better. PR 65886 [Ruediger Pluem]
* ) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers
when an efficient TLS implementation is available. [Yann Ylavic]
* ) core, mod_info: Add compiled and loaded PCRE versions to version
number display. [Rainer Jung]
* ) mod_md: do not interfere with requests to /.well-known/acme-challenge/
resources if challenge type 'http-01' is not configured for a domain.
Fixes <https://github.com/icing/mod_md/issues/279>.
[Stefan Eissing]
* ) mod_dav: Fix regression when gathering properties which could lead to huge
memory consumption proportional to the number of resources.
[Evgeny Kotkov, Ruediger Pluem]
* ) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x)
for regular expression evaluation. This depends on locating pcre2-config.
[William Rowe, Petr Pisar <ppisar redhat.com>, Rainer Jung]
* ) Add the ldap function to the expression API, allowing LDAP filters and
distinguished names based on expressions to be escaped correctly to
guard against LDAP injection. [Graham Leggett]
* ) mod_md: the status description in MDomain's JSON, exposed in the
md-status handler (if configured) did sometimes not carry the correct
message when certificates needed renew.
[Stefan Eissing]
* ) mpm_event: Fix a possible listener deadlock on heavy load when restarting
and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic]
* Thu Jan 27 2022 pgajdos@suse.com
- ssl-global.conf: set SSLCipherSuite to PROFILE=SYSTEM instead of
DEFAULT_SUSE [jsc#SLE-22561]
- set also SSLProxyCipherSuite to PROFILE=SYSTEM
- modified sources
% apache2-ssl-global.conf
* Tue Jan 11 2022 David Anes <david.anes@suse.com>
- Align some defaults in apache2-server-tuning.conf to upstream
defaults:
* Updated MaxRequestWorkers and ServerLimit to 256. [bsc#1194062]
- The old name MaxRequestsPerChild is changed to MaxConnectionsPerChild.
* See https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
* Mon Jan 10 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Add apache2-perl-io-socket.patch: t/ssl/ocsp.t: Handle new error
message raised by IO-Socket-SSL 2.073.
* Mon Jan 10 2022 olaf@aepfle.de
- remove instance units from post scripts, they can not be reloaded

Files

/etc/alternatives/httpd
/etc/alternatives/mod_access_compat.so
/etc/alternatives/mod_actions.so
/etc/alternatives/mod_alias.so
/etc/alternatives/mod_allowmethods.so
/etc/alternatives/mod_asis.so
/etc/alternatives/mod_auth_basic.so
/etc/alternatives/mod_auth_digest.so
/etc/alternatives/mod_auth_form.so
/etc/alternatives/mod_authn_anon.so
/etc/alternatives/mod_authn_core.so
/etc/alternatives/mod_authn_dbd.so
/etc/alternatives/mod_authn_dbm.so
/etc/alternatives/mod_authn_file.so
/etc/alternatives/mod_authn_socache.so
/etc/alternatives/mod_authnz_fcgi.so
/etc/alternatives/mod_authnz_ldap.so
/etc/alternatives/mod_authz_core.so
/etc/alternatives/mod_authz_dbd.so
/etc/alternatives/mod_authz_dbm.so
/etc/alternatives/mod_authz_groupfile.so
/etc/alternatives/mod_authz_host.so
/etc/alternatives/mod_authz_owner.so
/etc/alternatives/mod_authz_user.so
/etc/alternatives/mod_autoindex.so
/etc/alternatives/mod_brotli.so
/etc/alternatives/mod_bucketeer.so
/etc/alternatives/mod_buffer.so
/etc/alternatives/mod_cache.so
/etc/alternatives/mod_cache_disk.so
/etc/alternatives/mod_cache_socache.so
/etc/alternatives/mod_case_filter.so
/etc/alternatives/mod_case_filter_in.so
/etc/alternatives/mod_cgi.so
/etc/alternatives/mod_cgid.so
/etc/alternatives/mod_charset_lite.so
/etc/alternatives/mod_data.so
/etc/alternatives/mod_dav.so
/etc/alternatives/mod_dav_fs.so
/etc/alternatives/mod_dav_lock.so
/etc/alternatives/mod_dbd.so
/etc/alternatives/mod_deflate.so
/etc/alternatives/mod_dialup.so
/etc/alternatives/mod_dir.so
/etc/alternatives/mod_dumpio.so
/etc/alternatives/mod_echo.so
/etc/alternatives/mod_env.so
/etc/alternatives/mod_expires.so
/etc/alternatives/mod_ext_filter.so
/etc/alternatives/mod_file_cache.so
/etc/alternatives/mod_filter.so
/etc/alternatives/mod_headers.so
/etc/alternatives/mod_heartmonitor.so
/etc/alternatives/mod_http2.so
/etc/alternatives/mod_imagemap.so
/etc/alternatives/mod_include.so
/etc/alternatives/mod_info.so
/etc/alternatives/mod_lbmethod_bybusyness.so
/etc/alternatives/mod_lbmethod_byrequests.so
/etc/alternatives/mod_lbmethod_bytraffic.so
/etc/alternatives/mod_lbmethod_heartbeat.so
/etc/alternatives/mod_ldap.so
/etc/alternatives/mod_log_config.so
/etc/alternatives/mod_log_debug.so
/etc/alternatives/mod_log_forensic.so
/etc/alternatives/mod_logio.so
/etc/alternatives/mod_lua.so
/etc/alternatives/mod_macro.so
/etc/alternatives/mod_mime.so
/etc/alternatives/mod_mime_magic.so
/etc/alternatives/mod_negotiation.so
/etc/alternatives/mod_optional_fn_export.so
/etc/alternatives/mod_optional_fn_import.so
/etc/alternatives/mod_optional_hook_export.so
/etc/alternatives/mod_optional_hook_import.so
/etc/alternatives/mod_proxy.so
/etc/alternatives/mod_proxy_ajp.so
/etc/alternatives/mod_proxy_balancer.so
/etc/alternatives/mod_proxy_connect.so
/etc/alternatives/mod_proxy_express.so
/etc/alternatives/mod_proxy_fcgi.so
/etc/alternatives/mod_proxy_fdpass.so
/etc/alternatives/mod_proxy_ftp.so
/etc/alternatives/mod_proxy_hcheck.so
/etc/alternatives/mod_proxy_html.so
/etc/alternatives/mod_proxy_http.so
/etc/alternatives/mod_proxy_http2.so
/etc/alternatives/mod_proxy_scgi.so
/etc/alternatives/mod_proxy_uwsgi.so
/etc/alternatives/mod_proxy_wstunnel.so
/etc/alternatives/mod_ratelimit.so
/etc/alternatives/mod_reflector.so
/etc/alternatives/mod_remoteip.so
/etc/alternatives/mod_reqtimeout.so
/etc/alternatives/mod_request.so
/etc/alternatives/mod_rewrite.so
/etc/alternatives/mod_sed.so
/etc/alternatives/mod_session.so
/etc/alternatives/mod_session_cookie.so
/etc/alternatives/mod_session_crypto.so
/etc/alternatives/mod_session_dbd.so
/etc/alternatives/mod_setenvif.so
/etc/alternatives/mod_slotmem_plain.so
/etc/alternatives/mod_slotmem_shm.so
/etc/alternatives/mod_socache_dbm.so
/etc/alternatives/mod_socache_memcache.so
/etc/alternatives/mod_socache_redis.so
/etc/alternatives/mod_socache_shmcb.so
/etc/alternatives/mod_speling.so
/etc/alternatives/mod_ssl.so
/etc/alternatives/mod_status.so
/etc/alternatives/mod_substitute.so
/etc/alternatives/mod_suexec.so
/etc/alternatives/mod_unique_id.so
/etc/alternatives/mod_userdir.so
/etc/alternatives/mod_usertrack.so
/etc/alternatives/mod_version.so
/etc/alternatives/mod_vhost_alias.so
/etc/alternatives/mod_watchdog.so
/etc/alternatives/mod_xml2enc.so
/usr/lib64/apache2
/usr/lib64/apache2-worker
/usr/lib64/apache2-worker/mod_access_compat.so
/usr/lib64/apache2-worker/mod_actions.so
/usr/lib64/apache2-worker/mod_alias.so
/usr/lib64/apache2-worker/mod_allowmethods.so
/usr/lib64/apache2-worker/mod_asis.so
/usr/lib64/apache2-worker/mod_auth_basic.so
/usr/lib64/apache2-worker/mod_auth_digest.so
/usr/lib64/apache2-worker/mod_auth_form.so
/usr/lib64/apache2-worker/mod_authn_anon.so
/usr/lib64/apache2-worker/mod_authn_core.so
/usr/lib64/apache2-worker/mod_authn_dbd.so
/usr/lib64/apache2-worker/mod_authn_dbm.so
/usr/lib64/apache2-worker/mod_authn_file.so
/usr/lib64/apache2-worker/mod_authn_socache.so
/usr/lib64/apache2-worker/mod_authnz_fcgi.so
/usr/lib64/apache2-worker/mod_authnz_ldap.so
/usr/lib64/apache2-worker/mod_authz_core.so
/usr/lib64/apache2-worker/mod_authz_dbd.so
/usr/lib64/apache2-worker/mod_authz_dbm.so
/usr/lib64/apache2-worker/mod_authz_groupfile.so
/usr/lib64/apache2-worker/mod_authz_host.so
/usr/lib64/apache2-worker/mod_authz_owner.so
/usr/lib64/apache2-worker/mod_authz_user.so
/usr/lib64/apache2-worker/mod_autoindex.so
/usr/lib64/apache2-worker/mod_brotli.so
/usr/lib64/apache2-worker/mod_bucketeer.so
/usr/lib64/apache2-worker/mod_buffer.so
/usr/lib64/apache2-worker/mod_cache.so
/usr/lib64/apache2-worker/mod_cache_disk.so
/usr/lib64/apache2-worker/mod_cache_socache.so
/usr/lib64/apache2-worker/mod_case_filter.so
/usr/lib64/apache2-worker/mod_case_filter_in.so
/usr/lib64/apache2-worker/mod_cgid.so
/usr/lib64/apache2-worker/mod_charset_lite.so
/usr/lib64/apache2-worker/mod_data.so
/usr/lib64/apache2-worker/mod_dav.so
/usr/lib64/apache2-worker/mod_dav_fs.so
/usr/lib64/apache2-worker/mod_dav_lock.so
/usr/lib64/apache2-worker/mod_dbd.so
/usr/lib64/apache2-worker/mod_deflate.so
/usr/lib64/apache2-worker/mod_dialup.so
/usr/lib64/apache2-worker/mod_dir.so
/usr/lib64/apache2-worker/mod_dumpio.so
/usr/lib64/apache2-worker/mod_echo.so
/usr/lib64/apache2-worker/mod_env.so
/usr/lib64/apache2-worker/mod_expires.so
/usr/lib64/apache2-worker/mod_ext_filter.so
/usr/lib64/apache2-worker/mod_file_cache.so
/usr/lib64/apache2-worker/mod_filter.so
/usr/lib64/apache2-worker/mod_headers.so
/usr/lib64/apache2-worker/mod_heartmonitor.so
/usr/lib64/apache2-worker/mod_http2.so
/usr/lib64/apache2-worker/mod_imagemap.so
/usr/lib64/apache2-worker/mod_include.so
/usr/lib64/apache2-worker/mod_info.so
/usr/lib64/apache2-worker/mod_lbmethod_bybusyness.so
/usr/lib64/apache2-worker/mod_lbmethod_byrequests.so
/usr/lib64/apache2-worker/mod_lbmethod_bytraffic.so
/usr/lib64/apache2-worker/mod_lbmethod_heartbeat.so
/usr/lib64/apache2-worker/mod_ldap.so
/usr/lib64/apache2-worker/mod_log_config.so
/usr/lib64/apache2-worker/mod_log_debug.so
/usr/lib64/apache2-worker/mod_log_forensic.so
/usr/lib64/apache2-worker/mod_logio.so
/usr/lib64/apache2-worker/mod_lua.so
/usr/lib64/apache2-worker/mod_macro.so
/usr/lib64/apache2-worker/mod_md.so
/usr/lib64/apache2-worker/mod_mime.so
/usr/lib64/apache2-worker/mod_mime_magic.so
/usr/lib64/apache2-worker/mod_negotiation.so
/usr/lib64/apache2-worker/mod_optional_fn_export.so
/usr/lib64/apache2-worker/mod_optional_fn_import.so
/usr/lib64/apache2-worker/mod_optional_hook_export.so
/usr/lib64/apache2-worker/mod_optional_hook_import.so
/usr/lib64/apache2-worker/mod_proxy.so
/usr/lib64/apache2-worker/mod_proxy_ajp.so
/usr/lib64/apache2-worker/mod_proxy_balancer.so
/usr/lib64/apache2-worker/mod_proxy_connect.so
/usr/lib64/apache2-worker/mod_proxy_express.so
/usr/lib64/apache2-worker/mod_proxy_fcgi.so
/usr/lib64/apache2-worker/mod_proxy_fdpass.so
/usr/lib64/apache2-worker/mod_proxy_ftp.so
/usr/lib64/apache2-worker/mod_proxy_hcheck.so
/usr/lib64/apache2-worker/mod_proxy_html.so
/usr/lib64/apache2-worker/mod_proxy_http.so
/usr/lib64/apache2-worker/mod_proxy_http2.so
/usr/lib64/apache2-worker/mod_proxy_scgi.so
/usr/lib64/apache2-worker/mod_proxy_uwsgi.so
/usr/lib64/apache2-worker/mod_proxy_wstunnel.so
/usr/lib64/apache2-worker/mod_ratelimit.so
/usr/lib64/apache2-worker/mod_reflector.so
/usr/lib64/apache2-worker/mod_remoteip.so
/usr/lib64/apache2-worker/mod_reqtimeout.so
/usr/lib64/apache2-worker/mod_request.so
/usr/lib64/apache2-worker/mod_rewrite.so
/usr/lib64/apache2-worker/mod_sed.so
/usr/lib64/apache2-worker/mod_session.so
/usr/lib64/apache2-worker/mod_session_cookie.so
/usr/lib64/apache2-worker/mod_session_crypto.so
/usr/lib64/apache2-worker/mod_session_dbd.so
/usr/lib64/apache2-worker/mod_setenvif.so
/usr/lib64/apache2-worker/mod_slotmem_plain.so
/usr/lib64/apache2-worker/mod_slotmem_shm.so
/usr/lib64/apache2-worker/mod_socache_dbm.so
/usr/lib64/apache2-worker/mod_socache_memcache.so
/usr/lib64/apache2-worker/mod_socache_redis.so
/usr/lib64/apache2-worker/mod_socache_shmcb.so
/usr/lib64/apache2-worker/mod_speling.so
/usr/lib64/apache2-worker/mod_ssl.so
/usr/lib64/apache2-worker/mod_status.so
/usr/lib64/apache2-worker/mod_substitute.so
/usr/lib64/apache2-worker/mod_suexec.so
/usr/lib64/apache2-worker/mod_unique_id.so
/usr/lib64/apache2-worker/mod_userdir.so
/usr/lib64/apache2-worker/mod_usertrack.so
/usr/lib64/apache2-worker/mod_version.so
/usr/lib64/apache2-worker/mod_vhost_alias.so
/usr/lib64/apache2-worker/mod_watchdog.so
/usr/lib64/apache2-worker/mod_xml2enc.so
/usr/lib64/apache2/mod_access_compat.so
/usr/lib64/apache2/mod_actions.so
/usr/lib64/apache2/mod_alias.so
/usr/lib64/apache2/mod_allowmethods.so
/usr/lib64/apache2/mod_asis.so
/usr/lib64/apache2/mod_auth_basic.so
/usr/lib64/apache2/mod_auth_digest.so
/usr/lib64/apache2/mod_auth_form.so
/usr/lib64/apache2/mod_authn_anon.so
/usr/lib64/apache2/mod_authn_core.so
/usr/lib64/apache2/mod_authn_dbd.so
/usr/lib64/apache2/mod_authn_dbm.so
/usr/lib64/apache2/mod_authn_file.so
/usr/lib64/apache2/mod_authn_socache.so
/usr/lib64/apache2/mod_authnz_fcgi.so
/usr/lib64/apache2/mod_authnz_ldap.so
/usr/lib64/apache2/mod_authz_core.so
/usr/lib64/apache2/mod_authz_dbd.so
/usr/lib64/apache2/mod_authz_dbm.so
/usr/lib64/apache2/mod_authz_groupfile.so
/usr/lib64/apache2/mod_authz_host.so
/usr/lib64/apache2/mod_authz_owner.so
/usr/lib64/apache2/mod_authz_user.so
/usr/lib64/apache2/mod_autoindex.so
/usr/lib64/apache2/mod_brotli.so
/usr/lib64/apache2/mod_bucketeer.so
/usr/lib64/apache2/mod_buffer.so
/usr/lib64/apache2/mod_cache.so
/usr/lib64/apache2/mod_cache_disk.so
/usr/lib64/apache2/mod_cache_socache.so
/usr/lib64/apache2/mod_case_filter.so
/usr/lib64/apache2/mod_case_filter_in.so
/usr/lib64/apache2/mod_cgid.so
/usr/lib64/apache2/mod_charset_lite.so
/usr/lib64/apache2/mod_data.so
/usr/lib64/apache2/mod_dav.so
/usr/lib64/apache2/mod_dav_fs.so
/usr/lib64/apache2/mod_dav_lock.so
/usr/lib64/apache2/mod_dbd.so
/usr/lib64/apache2/mod_deflate.so
/usr/lib64/apache2/mod_dialup.so
/usr/lib64/apache2/mod_dir.so
/usr/lib64/apache2/mod_dumpio.so
/usr/lib64/apache2/mod_echo.so
/usr/lib64/apache2/mod_env.so
/usr/lib64/apache2/mod_expires.so
/usr/lib64/apache2/mod_ext_filter.so
/usr/lib64/apache2/mod_file_cache.so
/usr/lib64/apache2/mod_filter.so
/usr/lib64/apache2/mod_headers.so
/usr/lib64/apache2/mod_heartmonitor.so
/usr/lib64/apache2/mod_http2.so
/usr/lib64/apache2/mod_imagemap.so
/usr/lib64/apache2/mod_include.so
/usr/lib64/apache2/mod_info.so
/usr/lib64/apache2/mod_lbmethod_bybusyness.so
/usr/lib64/apache2/mod_lbmethod_byrequests.so
/usr/lib64/apache2/mod_lbmethod_bytraffic.so
/usr/lib64/apache2/mod_lbmethod_heartbeat.so
/usr/lib64/apache2/mod_ldap.so
/usr/lib64/apache2/mod_log_config.so
/usr/lib64/apache2/mod_log_debug.so
/usr/lib64/apache2/mod_log_forensic.so
/usr/lib64/apache2/mod_logio.so
/usr/lib64/apache2/mod_lua.so
/usr/lib64/apache2/mod_macro.so
/usr/lib64/apache2/mod_mime.so
/usr/lib64/apache2/mod_mime_magic.so
/usr/lib64/apache2/mod_negotiation.so
/usr/lib64/apache2/mod_optional_fn_export.so
/usr/lib64/apache2/mod_optional_fn_import.so
/usr/lib64/apache2/mod_optional_hook_export.so
/usr/lib64/apache2/mod_optional_hook_import.so
/usr/lib64/apache2/mod_proxy.so
/usr/lib64/apache2/mod_proxy_ajp.so
/usr/lib64/apache2/mod_proxy_balancer.so
/usr/lib64/apache2/mod_proxy_connect.so
/usr/lib64/apache2/mod_proxy_express.so
/usr/lib64/apache2/mod_proxy_fcgi.so
/usr/lib64/apache2/mod_proxy_fdpass.so
/usr/lib64/apache2/mod_proxy_ftp.so
/usr/lib64/apache2/mod_proxy_hcheck.so
/usr/lib64/apache2/mod_proxy_html.so
/usr/lib64/apache2/mod_proxy_http.so
/usr/lib64/apache2/mod_proxy_http2.so
/usr/lib64/apache2/mod_proxy_scgi.so
/usr/lib64/apache2/mod_proxy_uwsgi.so
/usr/lib64/apache2/mod_proxy_wstunnel.so
/usr/lib64/apache2/mod_ratelimit.so
/usr/lib64/apache2/mod_reflector.so
/usr/lib64/apache2/mod_remoteip.so
/usr/lib64/apache2/mod_reqtimeout.so
/usr/lib64/apache2/mod_request.so
/usr/lib64/apache2/mod_rewrite.so
/usr/lib64/apache2/mod_sed.so
/usr/lib64/apache2/mod_session.so
/usr/lib64/apache2/mod_session_cookie.so
/usr/lib64/apache2/mod_session_crypto.so
/usr/lib64/apache2/mod_session_dbd.so
/usr/lib64/apache2/mod_setenvif.so
/usr/lib64/apache2/mod_slotmem_plain.so
/usr/lib64/apache2/mod_slotmem_shm.so
/usr/lib64/apache2/mod_socache_dbm.so
/usr/lib64/apache2/mod_socache_memcache.so
/usr/lib64/apache2/mod_socache_redis.so
/usr/lib64/apache2/mod_socache_shmcb.so
/usr/lib64/apache2/mod_speling.so
/usr/lib64/apache2/mod_ssl.so
/usr/lib64/apache2/mod_status.so
/usr/lib64/apache2/mod_substitute.so
/usr/lib64/apache2/mod_suexec.so
/usr/lib64/apache2/mod_unique_id.so
/usr/lib64/apache2/mod_userdir.so
/usr/lib64/apache2/mod_usertrack.so
/usr/lib64/apache2/mod_version.so
/usr/lib64/apache2/mod_vhost_alias.so
/usr/lib64/apache2/mod_watchdog.so
/usr/lib64/apache2/mod_xml2enc.so
/usr/sbin/httpd
/usr/sbin/httpd-worker

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 22 23:18:26 2025

apache2-worker-2.4.65-2.2 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Provides

Requires

License

Changelog

Files