rpms/httpd
6
0
Fork 0
Code Issues Pull Requests Releases Activity
98 Commits 13 Branches 102 Tags 9.7 MiB
c9s
Commit Graph

98 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Luboš Uhliarik
bc87d8b344 Resolves: RHEL-131827 - Fix error page messaging when error handling fails 2025-12-19 03:14:40 +01:00
Joe Orton
9f7c4b3c9c - mod_ssl: add conf.d/snipolicy.conf to set 'SSLVHostSNIPolicy authonly' default 
Resolves: RHEL-119000
 2025-11-11 10:25:00 +01:00
Luboš Uhliarik
c28866c1a2 Resolves: RHEL-119000 - mod_ssl: allow more fine grained SSL SNI vhost check 
to avoid unnecessary 421 errors after CVE-2025-23048 fix
 2025-11-06 16:13:48 +01:00
Luboš Uhliarik
057f28fe95 Resolves: RHEL-105446 - mod_proxy_hcheck may stop healthchecks after a child 
process is reclaimed
 2025-10-24 13:29:01 +02:00
Branislav Náter
53e0c59ab3 Acceptance tier is no longer used 2025-10-21 15:10:46 +00:00
Branislav Náter
613de5a7b5 Run tests in centos-stream namespace 2025-10-21 15:10:46 +00:00
Luboš Uhliarik
ed47623433 Resolves: RHEL-114501 Image mode: The dir /var/www is not created when 
updating system in image mode
 2025-10-13 14:45:06 +02:00
Luboš Uhliarik
09d28eb9e3 Resolves: RHEL-99815 - stickysession field does not work when specifying 
it in the query parameter after upgrade to 9.5
Resolves: RHEL-99953 - httpd: HTTP Session Hijack via a TLS
  upgrade (CVE-2025-49812)
Resolves: RHEL-99968 - httpd: access control bypass by trusted
  clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
Resolves: RHEL-99977 - httpd: insufficient escaping of user-supplied
  data in mod_ssl (CVE-2024-47252)
 2025-08-16 16:32:49 +02:00
Luboš Uhliarik
3c3fb24034 Resolves: RHEL-94562 - httpd 2.4.62: mod_proxy_connect prematurely closes 
connections
 2025-07-29 14:18:23 +02:00
Joe Orton
288dccd150 mod_dav: add dav_get_base_path() API 
Resolves: RHEL-41069
 2025-07-07 11:40:31 +01:00
Luboš Uhliarik
b468bcf074 Resolves: RHEL-66488 - Apache HTTPD no longer parse PHP files with unicode 
characters in the name
 2025-01-29 18:18:16 +01:00
Luboš Uhliarik
8dd58debab Resolves: RHEL-68660 - RewriteRule proxying to UDS (unix domain socket) 
configured in .htaccess doesn't work on httpd-2.4.62-1
 2025-01-09 20:22:55 +01:00
Joe Orton
fb547673cc mod_ssl: fix loading keys via ENGINE API 
Resolves: RHEL-36755
 2024-09-12 13:39:00 +01:00
Luboš Uhliarik
46fa0eee6d new version 2.4.62 
Resolves: RHEL-52724 - Regression introduced by CVE-2024-38474 fix
 2024-08-12 14:05:15 +02:00
Luboš Uhliarik
7770a807d3 Resolves: RHEL-49856: htcacheclean.service missing [Install] section 2024-07-19 21:25:46 +02:00
Joe Orton
4c4d7554f0 mod_ssl: restore SSL_OP_NO_RENEGOTIATE support 
Related: RHEL-14668
 2024-05-30 13:36:11 +01:00
Joe Orton
ed6e87717d mod_ssl: defer ENGINE_finish() calls to a cleanup 
Resolves: RHEL-36755
 2024-05-21 16:41:55 +01:00
Luboš Uhliarik
966d01a60e Resolves: RHEL-6575 - [RFE] httpd use systemd-sysusers 2024-05-20 12:47:28 +02:00
Luboš Uhliarik
f62333944e Related: RHEL-14668 - RFE: httpd rebase to 2.4.59 2024-05-08 18:48:35 +02:00
Joe Orton
48a224a9c9 Resolves: RHEL-35870 - httpd mod_cgi/cgid unification 2024-05-08 16:13:02 +01:00
Luboš Uhliarik
bc238b515b new version 2.4.59 
Resolves: RHEL-14668 - RFE: httpd rebase to 2.4.59
Resolves: RHEL-31856 - httpd: HTTP response splitting
  (CVE-2023-38709)
Resolves: RHEL-31859 - httpd: HTTP Response Splitting in multiple
  modules (CVE-2024-24795)
 2024-05-06 17:41:14 +02:00
Joe Orton
b3d1e6d8de mod_dav: add DavBasePath 
Resolves: RHEL-6600
 2024-02-08 17:19:45 +00:00
Joe Orton
926baa67c3 mod_xml2enc: fix media type handling 
Resolves: RHEL-17686
 2024-02-07 15:45:02 +00:00
Luboš Uhliarik
df3e6a5147 Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read 
vulnerability (CVE-2023-31122)
 2024-02-05 16:06:21 +01:00
Joe Orton
763937a8bc Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType, 
add mod_dav_fs locking around lockdb API
 2023-12-14 12:52:27 +00:00
Tomas Korbar
1607557553 Fix issue found by covscan 
Related: #2222001
 2023-07-20 09:50:07 +02:00
Joe Orton
931da42665 Resolves: #2217726 - Make PROPFIND tolerant of deletion race 2023-07-18 10:58:57 +01:00
Tomas Korbar
e0badf3bc2 Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice 2023-07-11 15:16:47 +02:00
Luboš Uhliarik
11c156ebbe Resolves: #2186645 - Fix issue found by covscan in httpd package 
Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
 2023-04-14 02:41:37 +02:00
Luboš Uhliarik
d4b55888c2 Resolves: #2184403 - rebase httpd to 2.4.57 
Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
  mod_rewrite and mod_proxy
 2023-04-11 14:31:37 +02:00
Luboš Uhliarik
188a9ca177 Security fix for CVE-2006-20001 CVE-2022-37436 CVE-2022-36760 
Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling
 2023-01-30 22:46:43 +01:00
Luboš Uhliarik
f38bb25abe Resolves: #2160667 - prevent sscg creating /dhparams.pem 2023-01-24 10:24:39 +01:00
Luboš Uhliarik
29ba282799 Resolves: #2143176 - Dependency from mod_http2 on httpd broken 2022-12-08 02:34:40 +01:00
Luboš Uhliarik
486cdd8e18 Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO 2022-12-06 18:30:22 +01:00
Luboš Uhliarik
d0bb9350f2 Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure 
with websockets
 2022-07-22 12:23:04 +02:00
Luboš Uhliarik
9837c3578f Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2022-07-21 19:44:30 +02:00
Luboš Uhliarik
7d7f7cade3 Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2022-07-21 18:14:08 +02:00
Luboš Uhliarik
e48d1ff2b5 Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2022-07-21 17:19:49 +02:00
Luboš Uhliarik
3e971cd869 Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped 
by hop-by-hop mechanism
 2022-07-20 18:39:13 +02:00
Luboš Uhliarik
f50c76924f Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in 
ap_strcmp_match()

- uncomment previous security patch200 - it was commented out by mistake
 2022-07-20 17:04:41 +02:00
Luboš Uhliarik
4e955b0b8d Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request 
smuggling
 2022-07-20 16:41:33 +02:00
Luboš Uhliarik
3bed4484eb Related: #2065677 - fix downgrade issue after introducing httpd 
core sub-package

- mod_ssl and other modules should depend on httpd core sub-package
 2022-06-28 01:18:59 +02:00
Luboš Uhliarik
7fd1efd8e0 Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() 2022-06-24 14:53:45 +02:00
Luboš Uhliarik
032b2cd822 Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() 2022-06-16 18:28:30 +02:00
Luboš Uhliarik
14361142ce Related: #2079939 - httpd rebase to 2.4.53 
- there is possible regression in PCRE 2 and in httpd 2.4.53 it was
  automatically switched to use PCRE 1 as default. Therefore I'm forcing
  httpd to build with PCRE 1
 2022-06-15 15:28:08 +02:00
Luboš Uhliarik
ef2b91d363 Resolves: #2065677 - httpd minimisation for ubi-micro 
minimize httpd dependencies (new httpd-core package)
mod_systemd and mod_brotli are now packaged in the main httpd package
 2022-06-01 16:48:59 +02:00
Luboš Uhliarik
d6fbadf25f Related: #2079939 - httpd rebase to 2.4.53 
- backport regression fix - r1901199
 2022-06-01 02:11:42 +02:00
Luboš Uhliarik
0ded77a485 Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending 
with core
 2022-06-01 01:49:31 +02:00
Luboš Uhliarik
0579fb3c3f new version 2.4.53 
Resolves: #2079939 - httpd rebase to 2.4.53
 2022-06-01 01:12:41 +02:00
Luboš Uhliarik
30c01a09c1 Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using 
SetEnv or PassEnv
 2022-04-11 15:13:04 +02:00