Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache2 for openSUSE:Factory checked
in at 2024-08-08 10:57:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache2 (Old)
and /work/SRC/openSUSE:Factory/.apache2.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2"
Thu Aug 8 10:57:11 2024 rev:211 rq:1192286 version:2.4.62
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache2/apache2.changes 2024-07-09
20:03:30.151615477 +0200
+++ /work/SRC/openSUSE:Factory/.apache2.new.7232/apache2.changes
2024-08-08 10:57:29.041364772 +0200
@@ -1,0 +2,46 @@
+Sat Aug 3 17:27:07 UTC 2024 - Arjen de Korte <suse+bu...@de-korte.org>
+
+- Update to 2.4.62
+
+ *) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with
+ mod_rewrite in server/vhost context on Windows (cve.mitre.org)
+ [boo#1228098]
+ SSRF in Apache HTTP Server on Windows with mod_rewrite in
+ server/vhost context, allows to potentially leak NTML hashes to
+ a malicious server via SSRF and malicious requests.
+ Users are recommended to upgrade to version 2.4.62 which fixes
+ this issue.
+ Credits: Smi1e (DBAPPSecurity Ltd.)
+
+ *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code
+ disclosure with handlers configured via AddType (cve.mitre.org)
+ [boo#1228097]
+ A partial fix for CVE-2024-39884 in the core of Apache HTTP
+ Server 2.4.61 ignores some use of the legacy content-type based
+ configuration of handlers. "AddType" and similar configuration,
+ under some circumstances where files are requested indirectly,
+ result in source code disclosure of local content. For example,
+ PHP scripts may be served instead of interpreted.
+ Users are recommended to upgrade to version 2.4.62, which fixes
+ this issue.
+
+ *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
+ "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
+ with BalancerMember(s). PR 69168. [Yann Ylavic]
+
+ *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
+ PR 69160 [Yann Ylavic]
+
+ *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
+ [Joe Orton]
+
+ *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
+ via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
+
+ *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
+ [Ruediger Pluem, Yann Ylavic]
+
+ *) mpm_worker: Fix possible warning (AH00045) about children processes not
+ terminating timely. [Yann Ylavic]
+
+-------------------------------------------------------------------
Old:
----
httpd-2.4.61.tar.bz2
httpd-2.4.61.tar.bz2.asc
New:
----
httpd-2.4.62.tar.bz2
httpd-2.4.62.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2.spec ++++++
--- /var/tmp/diff_new_pack.4e8xaq/_old 2024-08-08 10:57:30.469423480 +0200
+++ /var/tmp/diff_new_pack.4e8xaq/_new 2024-08-08 10:57:30.473423644 +0200
@@ -107,7 +107,7 @@
%define build_http2 1
Name: apache2%{psuffix}
-Version: 2.4.61
+Version: 2.4.62
Release: 0
Summary: The Apache HTTPD Server
License: Apache-2.0
++++++ httpd-2.4.61.tar.bz2 -> httpd-2.4.62.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/apache2/httpd-2.4.61.tar.bz2
/work/SRC/openSUSE:Factory/.apache2.new.7232/httpd-2.4.62.tar.bz2 differ: char
11, line 1
