Hello community, here is the log from the commit of package apache2-mod_jk for openSUSE:Factory checked in at 2018-11-06 14:38:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache2-mod_jk (Old) and /work/SRC/openSUSE:Factory/.apache2-mod_jk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_jk" Tue Nov 6 14:38:42 2018 rev:35 rq:646387 version:1.2.46 Changes: -------- --- /work/SRC/openSUSE:Factory/apache2-mod_jk/apache2-mod_jk.changes 2018-09-26 16:12:04.767420624 +0200 +++ /work/SRC/openSUSE:Factory/.apache2-mod_jk.new/apache2-mod_jk.changes 2018-11-06 14:39:16.556606256 +0100 @@ -1,0 +2,32 @@ +Mon Nov 5 09:56:03 UTC 2018 - Pedro Monreal Gonzalez <[email protected]> + +- Update to version 1.2.46 + Fixes: + * Apache: Fix regression in 1.2.44 which resulted in + socket_connect_timeout to be interpreted in units of seconds + instead of milliseconds on platforms that provide poll(). (rjung) + * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] + +- Update to version 1.2.45 + Fixes: + * Correct regression in 1.2.44 that broke request handling for + OPTIONS * requests. (rjung) + * Improve path parameter parsing so that the session ID specified + by the session_path worker property for load-balanced workers + can be extracted from a path parameter in any segment of the + URI, rather than only from the final segment. (markt) + * Apache: Improve path parameter handling so that JkStripSession + can remove session IDs that are specified on path parameters in any + segment of the URI rather than only the final segment. (markt) + * IIS: Improve path parameter handling so that strip_session can + remove session IDs that are specified on path parameters in any + segment of the URI rather than only the final segment. (markt) + Updates: + * Apache: Update the documentation to note additional + limitations of the JkAutoAlias directive. (markt) + Code: + * Common: Optimize path parameter handling. (rjung) + +- Cleaned with spec-cleaner + +------------------------------------------------------------------- Old: ---- tomcat-connectors-1.2.44-src.tar.gz tomcat-connectors-1.2.44-src.tar.gz.asc New: ---- tomcat-connectors-1.2.46-src.tar.gz tomcat-connectors-1.2.46-src.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2-mod_jk.spec ++++++ --- /var/tmp/diff_new_pack.pYJkIY/_old 2018-11-06 14:39:24.340594494 +0100 +++ /var/tmp/diff_new_pack.pYJkIY/_new 2018-11-06 14:39:24.348594482 +0100 @@ -12,18 +12,18 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define connectors_root tomcat-connectors-%{version}-src Name: apache2-mod_jk -Version: 1.2.44 +Version: 1.2.46 Release: 0 Summary: Connectors between Apache and Tomcat Servlet Container License: Apache-2.0 Group: Productivity/Networking/Web/Frontends -Url: http://tomcat.apache.org/connectors-doc/ +URL: http://tomcat.apache.org/connectors-doc/ Source0: http://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-%{version}-src.tar.gz Source1: jk.conf Source2: README.SUSE @@ -40,7 +40,6 @@ Provides: tomcat-mod = %{version} Obsoletes: mod_jk-ap20 < %{version} Obsoletes: tomcat-mod < %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This package provides modules for Apache to invisibly integrate Tomcat @@ -81,8 +80,8 @@ set -x %files -%defattr(-,root,root,-) -%doc LICENSE README.SUSE +%license LICENSE +%doc README.SUSE %doc conf/workers.properties %doc jk.conf %{apache_libexecdir}/* ++++++ tomcat-connectors-1.2.44-src.tar.gz -> tomcat-connectors-1.2.46-src.tar.gz ++++++ ++++ 1764 lines of diff (skipped)
