Package: apache2 / 2.4.38-3

Metadata

Package Version Patches format
apache2 2.4.38-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fhs_compliance.patch | (download)

configure | 6 3 + 3 - 0 !
configure.in | 6 3 + 3 - 0 !
include/ap_config_layout.h.in | 1 1 + 0 - 0 !
include/httpd.h | 2 1 + 1 - 0 !
4 files changed, 8 insertions(+), 7 deletions(-)

 fix up fhs file locations for apache2 droppings.
no_LD_LIBRARY_PATH.patch | (download)

support/envvars-std.in | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 remove ld_library_path from envvars-std
suexec CVE 2007 1742.patch | (download)

support/suexec.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix race condition with chdir
 Fix /var/www* being accepted as docroot instead of /var/www/*
 (the same for public_html* instead of public_html/* )
customize_apxs.patch | (download)

support/apxs.in | 139 34 + 105 - 0 !
1 file changed, 34 insertions(+), 105 deletions(-)

 adapt apxs to debian specific changes
 - Make apxs2 use a2enmod and /etc/apache2/mods-available
 - Make libtool happier
 - Use LDFLAGS from config_vars.mk, allows one to override them
build_suexec custom.patch | (download)

Makefile.in | 19 11 + 8 - 0 !
support/Makefile.in | 12 8 + 4 - 0 !
2 files changed, 19 insertions(+), 12 deletions(-)

 add suexec-custom to the build system
reproducible_builds.diff | (download)

server/Makefile.in | 5 3 + 2 - 0 !
server/buildmark.c | 6 1 + 5 - 0 !
2 files changed, 4 insertions(+), 7 deletions(-)

 make builds reproducible
 Don't use __DATE__ __TIME__. Use changelog date instead.
 Sort exported symbols.
spelling errors.patch | (download)

LICENSE | 2 1 + 1 - 0 !
docs/man/httxt2dbm.1 | 2 1 + 1 - 0 !
docs/manual/howto/htaccess.html.ja.utf8 | 4 2 + 2 - 0 !
docs/manual/mod/core.html.es | 4 2 + 2 - 0 !
docs/manual/programs/httxt2dbm.html.en | 4 2 + 2 - 0 !
modules/http/http_request.c | 6 3 + 3 - 0 !
modules/http2/h2_config.c | 2 1 + 1 - 0 !
modules/http2/h2_ngn_shed.c | 2 1 + 1 - 0 !
modules/mappers/mod_imagemap.c | 2 1 + 1 - 0 !
modules/md/md_acme_authz.c | 2 1 + 1 - 0 !
modules/metadata/mod_remoteip.c | 2 1 + 1 - 0 !
modules/ssl/mod_ssl.c | 4 2 + 2 - 0 !
support/ab.c | 2 1 + 1 - 0 !
13 files changed, 19 insertions(+), 19 deletions(-)

 spelling errors
CVE 2019 0196.patch | (download)

modules/http2/h2_request.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] merge of r1852986 from trunk:

mod_http2: disentangelment of stream and request method.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1852989 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0211.patch | (download)

include/scoreboard.h | 4 3 + 1 - 0 !
server/mpm/event/event.c | 13 8 + 5 - 0 !
server/mpm/prefork/prefork.c | 19 7 + 12 - 0 !
server/mpm/worker/worker.c | 10 6 + 4 - 0 !
4 files changed, 24 insertions(+), 22 deletions(-)

 [patch] merge r1855306 from trunk:

MPMs unix: bind the bucket number of each child to its slot number

We need not remember each child's bucket number in SHM for restarts, for the
lifetime of the httpd main process the bucket number can be bound to the slot
number such that: bucket = slot % num_buckets.

This both simplifies the logic and helps children maintenance per bucket in
threaded MPMs, where previously perform_idle_server_maintenance() could create
or kill children processes for the buckets it was not in charge of.

Submitted by: ylavic
Reviewed by: ylavic, rpluem, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855378 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0215.patch | (download)

modules/ssl/ssl_engine_kernel.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] merge r1855849 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Correctly
  restore SSL verify state after PHA failure in TLSv1.3.

Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Reviewed by: jorton, covener, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855917 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0217.patch | (download)

modules/aaa/mod_auth_digest.c | 26 12 + 14 - 0 !
1 file changed, 12 insertions(+), 14 deletions(-)

 [patch] merge r1853190 from trunk:

Fix a race condition.  Authentication with valid credentials could be
CVE 2019 0220 1.patch | (download)

include/ap_mmn.h | 4 3 + 1 - 0 !
include/http_core.h | 2 1 + 1 - 0 !
include/httpd.h | 14 12 + 2 - 0 !
server/core.c | 13 13 + 0 - 0 !
server/request.c | 25 9 + 16 - 0 !
server/util.c | 10 7 + 3 - 0 !
6 files changed, 45 insertions(+), 23 deletions(-)

 [patch] merge of r1855705 from trunk:

core: merge consecutive slashes in the path



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855737 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0220 2.patch | (download)

server/request.c | 4 3 + 1 - 0 !
server/util.c | 4 4 + 0 - 0 !
2 files changed, 7 insertions(+), 1 deletion(-)

 [patch] merge 1855743,1855744 ^/httpd/httpd/trunk .

r->parsed_uri.path safety in recent backport

*) core: fix SEGFAULT in CONNECT with recent change
   2.4.x: svn merge -c 1855743,1855744 ^/httpd/httpd/trunk .
   +1: rpluem, icing, covener




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855751 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0220 3.patch | (download)

server/util.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch]   *) maintainer mode fix for util.c no2slash_ex      trunk
 patch: http://svn.apache.org/r1855755      2.4.x patch svn merge -c 1855755
 ^/httpd/httpd/trunk .      +1: covener, rpluem, jim, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1855853 13f79535-47bb-0310-9956-ffa450edef68

CVE 2019 0197.patch | (download)

modules/http2/h2_conn.c | 14 9 + 5 - 0 !
modules/http2/h2_mplx.c | 8 7 + 1 - 0 !
modules/http2/h2_task.c | 3 1 + 2 - 0 !
3 files changed, 17 insertions(+), 8 deletions(-)

---