From: Eric Covener Date: Tue, 17 Jan 2023 16:15:56 +0000 (+0000) Subject: publishing release httpd-2.4.55 X-Git-Tag: 2.4.56-candidate~45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0a27f2035ee677a49be91c649b783334d05bb07;p=thirdparty%2Fapache%2Fhttpd.git publishing release httpd-2.4.55 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906739 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 920e30920cf..ae652275a9e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,36 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.56 + Changes with Apache 2.4.55 + *) SECURITY: CVE-2022-37436: Apache HTTP Server: mod_proxy prior to + 2.4.55 allows a backend to trigger HTTP response splitting + (cve.mitre.org) + Prior to Apache HTTP Server 2.4.55, a malicious backend can + cause the response headers to be truncated early, resulting in + some headers being incorporated into the response body. If the + later headers have any security purpose, they will not be + interpreted by the client. + Credits: Dimas Fariski Setyawan Putra (@nyxsorcerer) + + *) SECURITY: CVE-2022-36760: Apache HTTP Server: mod_proxy_ajp + Possible request smuggling (cve.mitre.org) + Inconsistent Interpretation of HTTP Requests ('HTTP Request + Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server + allows an attacker to smuggle requests to the AJP server it + forwards requests to. This issue affects Apache HTTP Server + Apache HTTP Server 2.4 version 2.4.54 and prior versions. + Credits: ZeddYu_Lu from Qi'anxin Research Institute of Legendsec + at Qi'anxin Group + + *) SECURITY: CVE-2006-20001: mod_dav out of bounds read, or write + of zero byte (cve.mitre.org) + A carefully crafted If: request header can cause a memory read, + or write of a single zero byte, in a pool (heap) memory location + beyond the header value sent. This could cause the process to + crash. + This issue affects Apache HTTP Server 2.4.54 and earlier. + *) mod_dav: Open the lock database read-only when possible. PR 36636 [Wilson Felipe , manu] diff --git a/NOTICE b/NOTICE index aade8aa1648..4770ce98737 100644 --- a/NOTICE +++ b/NOTICE @@ -1,5 +1,5 @@ Apache HTTP Server -Copyright 2022 The Apache Software Foundation. +Copyright 2023 The Apache Software Foundation. This product includes software developed at The Apache Software Foundation (https://www.apache.org/). diff --git a/STATUS b/STATUS index 911dfaa986f..0cd9b20585b 100644 --- a/STATUS +++ b/STATUS @@ -29,7 +29,8 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.4.55 : In development + 2.4.56 : In development + 2.4.55 : Released on January 17, 2023 2.4.54 : Released on June 08, 2022 2.4.53 : Released on March 14, 2022 2.4.52 : Released on December 20, 2021 diff --git a/docs/man/rotatelogs.8 b/docs/man/rotatelogs.8 index 5fd32a4dd2d..e7a2e6cb369 100644 --- a/docs/man/rotatelogs.8 +++ b/docs/man/rotatelogs.8 @@ -19,7 +19,7 @@ .el .ne 3 .IP "\\$1" \\$2 .. -.TH "ROTATELOGS" 8 "2022-03-28" "Apache HTTP Server" "rotatelogs" +.TH "ROTATELOGS" 8 "2023-01-17" "Apache HTTP Server" "rotatelogs" .SH NAME rotatelogs \- Piped logging program to rotate Apache logs @@ -85,49 +85,49 @@ The number of minutes offset from UTC\&. If omitted, zero is assumed and UTC is .SH "EXAMPLES" .nf - + CustomLog "|bin/rotatelogs /var/log/logfile 86400" common - + .fi .PP This creates the files /var/log/logfile\&.nnnn where nnnn is the system time at which the log nominally starts (this time will always be a multiple of the rotation time, so you can synchronize cron scripts with it)\&. At the end of each rotation time (here after 24 hours) a new log is started\&. .nf - + CustomLog "|bin/rotatelogs -l /var/log/logfile\&.%Y\&.%m\&.%d 86400" common - + .fi .PP This creates the files /var/log/logfile\&.yyyy\&.mm\&.dd where yyyy is the year, mm is the month, and dd is the day of the month\&. Logging will switch to a new file every day at midnight, local time\&. .nf - + CustomLog "|bin/rotatelogs /var/log/logfile 5M" common - + .fi .PP This configuration will rotate the logfile whenever it reaches a size of 5 megabytes\&. .nf - + ErrorLog "|bin/rotatelogs /var/log/errorlog\&.%Y-%m-%d-%H_%M_%S 5M" - + .fi .PP This configuration will rotate the error logfile whenever it reaches a size of 5 megabytes, and the suffix to the logfile name will be created of the form \fBerrorlog\&.YYYY-mm-dd-HH_MM_SS\fR\&. .nf - + CustomLog "|bin/rotatelogs -t /var/log/logfile 86400" common - + .fi .PP -This creates the file /var/log/logfile, truncating the file at startup and then truncating the file once per day\&. It is expected in this scenario that a separate process (such as tail) would process the file in real time\&. +This creates the file \fB/var/log/logfile\fR, truncating the file at startup and then truncating the file once per day\&. It is expected in this scenario that a separate process (such as tail) would process the file in real time\&. .SH "PORTABILITY" diff --git a/docs/manual/bind.html.de b/docs/manual/bind.html.de index 9cce70e99b4..fcad060e369 100644 --- a/docs/manual/bind.html.de +++ b/docs/manual/bind.html.de @@ -220,7 +220,7 @@ var comments_identifier = 'http://httpd.apache.org/docs/2.4/bind.html'; } })(window, document); //-->