-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-e00c65ec6f 2019-09-30 01:38:57.532586 --------------------------------------------------------------------------------
Name : httpd Product : Fedora 29 Version : 2.4.41 Release : 1.fc29 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server.
-------------------------------------------------------------------------------- Update Information:
This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update: * `mod_md` is now packaged from upstream *github* releases. * `mod_cgid` stderr handling has been improved See http://www.apache.org/dist/httpd/CHANGES_2.4.41 for a full list of changes since the previous release of `httpd`. -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 15 2019 Joe Orton jorton@redhat.com - 2.4.41-1 - update to 2.4.41 * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 2.4.39-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jul 23 2019 Joe Orton jorton@redhat.com - 2.4.39-12 - drop /var/lib/dav directory, since mod_dav_fs uses statedir * Wed Jul 17 2019 Joe Orton jorton@redhat.com - 2.4.39-11 - mod_cgid: use fd passing to fix script stderr handling (#1591157) * Mon Jul 8 2019 Joe Orton jorton@redhat.com - 2.4.39-10 - htpasswd: add SHA-256/512 support - apachectl: restore -V/-v/-t support (#1727434) * Fri Jun 21 2019 Joe Orton jorton@redhat.com - 2.4.39-9 - create instance-specific StateDir in httpd@.service, instance.conf * Thu Jun 20 2019 Joe Orton jorton@redhat.com - 2.4.39-8 - remove superfluous ap_hack_ symbols from httpd binary - more verbose %check section * Thu Jun 13 2019 Lubos Uhliarik luhliari@redhat.com - 2.4.39-7 - remove bundled mod_md module * Thu Jun 13 2019 Joe Orton jorton@redhat.com - 2.4.39-6 - mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs * Wed Jun 12 2019 Joe Orton jorton@redhat.com - 2.4.39-5 - fixes for StateDir directive (upstream r1857731, r1857731) * Thu May 2 2019 Lubos Uhliarik luhliari@redhat.com - 2.4.39-4 - httpd dependency on initscripts is unspecified (#1705188) * Tue Apr 9 2019 Joe Orton jorton@redhat.com - 2.4.39-3 - fix statedir symlink to point to /var/lib/httpd (#1697662) - mod_reqtimeout: fix default values regression (PR 63325) * Tue Apr 2 2019 Lubos Uhliarik luhliari@redhat.com - 2.4.39-2 - update to 2.4.39 * Thu Feb 28 2019 Joe Orton jorton@redhat.com - 2.4.38-6 - apachectl: cleanup and replace script wholesale (#1641237) * drop "apachectl fullstatus" support * run systemctl with --no-pager option * implement graceful&graceful-stop by signal directly - run "httpd -t" from legacy action script * Tue Feb 5 2019 Lubos Uhliarik luhliari@redhat.com - 2.4.38-5 - segmentation fault fix (FIPS) * Tue Feb 5 2019 Joe Orton jorton@redhat.com - 2.4.38-4 - use serverroot-relative statedir, rundir by default * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 2.4.38-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Jan 23 2019 Lubos Uhliarik luhliari@redhat.com - 2.4.38-2 - new version 2.4.38 (#1668125) * Mon Jan 14 2019 Bj��rn Esser besser82@fedoraproject.org - 2.4.37-6 - Rebuilt for libcrypt.so.2 (#1666033) * Thu Nov 22 2018 Lubo�� Uhliarik luhliari@redhat.com - 2.4.37-5 - Resolves: #1652678 - TLS connection allowed while all protocols are forbidden * Thu Nov 8 2018 Joe Orton jorton@redhat.com - 2.4.37-4 - add httpd.conf(5) (#1611361) * Wed Nov 7 2018 Lubo�� Uhliarik luhliari@redhat.com - 2.4.37-3 - Resolves: #1647241 - fix apachectl script * Wed Oct 31 2018 Joe Orton jorton@redhat.com - 2.4.37-2 - add DefaultStateDir/ap_state_dir_relative() - mod_dav_fs: use state dir for default DAVLockDB - mod_md: use state dir for default MDStoreDir * Wed Oct 31 2018 Joe Orton jorton@redhat.com - 2.4.37-1 - update to 2.4.37 * Wed Oct 31 2018 Joe Orton jorton@redhat.com - 2.4.34-11 - add htcacheclean.service(8) man page * Fri Sep 28 2018 Joe Orton jorton@redhat.com - 2.4.34-10 - apachectl: don't read /etc/sysconfig/httpd * Tue Sep 25 2018 Joe Orton jorton@redhat.com - 2.4.34-9 - fix build if OpenSSL built w/o SSLv3 support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it https://bugzilla.redhat.com/show_bug.cgi?id=1727434 [ 2 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743961 [ 3 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743957 [ 4 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated https://bugzilla.redhat.com/show_bug.cgi?id=1591157 [ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743997 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e00c65ec6f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org