Could you fix the date (September 21, 2018 sems wrong).
Thanks!
Rainer
Am 05.08.2020 um 13:32 schrieb druggeri@apache.org:
> Author: druggeri
> Date: Wed Aug 5 11:32:51 2020
> New Revision: 40863
>
> Log:
> Push 2.4.46 up to the release directory
>
> Added:
> release/httpd/CHANGES_2.4.46
> - copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
> release/httpd/httpd-2.4.46.tar.bz2
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
> release/httpd/httpd-2.4.46.tar.bz2.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
> release/httpd/httpd-2.4.46.tar.bz2.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
> release/httpd/httpd-2.4.46.tar.bz2.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
> release/httpd/httpd-2.4.46.tar.bz2.sha256
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha256
> release/httpd/httpd-2.4.46.tar.bz2.sha512
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha512
> release/httpd/httpd-2.4.46.tar.gz
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
> release/httpd/httpd-2.4.46.tar.gz.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
> release/httpd/httpd-2.4.46.tar.gz.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
> release/httpd/httpd-2.4.46.tar.gz.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
> release/httpd/httpd-2.4.46.tar.gz.sha256
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
> release/httpd/httpd-2.4.46.tar.gz.sha512
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
> Removed:
> dev/httpd/CHANGES_2.4
> dev/httpd/CHANGES_2.4.46
> dev/httpd/httpd-2.4.46-deps.tar.bz2
> dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
> dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
> dev/httpd/httpd-2.4.46-deps.tar.gz
> dev/httpd/httpd-2.4.46-deps.tar.gz.asc
> dev/httpd/httpd-2.4.46-deps.tar.gz.md5
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
> dev/httpd/httpd-2.4.46.tar.bz2
> dev/httpd/httpd-2.4.46.tar.bz2.asc
> dev/httpd/httpd-2.4.46.tar.bz2.md5
> dev/httpd/httpd-2.4.46.tar.bz2.sha1
> dev/httpd/httpd-2.4.46.tar.bz2.sha256
> dev/httpd/httpd-2.4.46.tar.bz2.sha512
> dev/httpd/httpd-2.4.46.tar.gz
> dev/httpd/httpd-2.4.46.tar.gz.asc
> dev/httpd/httpd-2.4.46.tar.gz.md5
> dev/httpd/httpd-2.4.46.tar.gz.sha1
> dev/httpd/httpd-2.4.46.tar.gz.sha256
> dev/httpd/httpd-2.4.46.tar.gz.sha512
> Modified:
> release/httpd/Announcement2.4.html
> release/httpd/Announcement2.4.txt
> release/httpd/CHANGES_2.4
>
> Modified: release/httpd/Announcement2.4.html
> ==============================================================================
> --- release/httpd/Announcement2.4.html (original)
> +++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
> @@ -49,27 +49,27 @@
> <div class="banner"></div>
>
> <h1>
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
> </h1>
> <p>
> - April 01, 2020
> + September 21, 2018
> </p>
> <p>
> The Apache Software Foundation and the Apache HTTP Server Project are
> pleased to <a href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
> - the release of version 2.4.43 of the Apache
> + the release of version 2.4.46 of the Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
> </p>
> <p>
> We consider this release to be the best version of Apache available, and
> encourage users of all prior versions to upgrade.
> </p>
> <p>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
> </p>
> <dl>
> <dd><a href="https://httpd.apache.org/download.cgi"
> @@ -77,7 +77,7 @@
> </dl>
> <p>
> Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file, linked from the download page, for a
> - full list of changes. A condensed list, <a href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
> + full list of changes. A condensed list, <a href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
> those changes introduced since the prior 2.4 release. A summary of all
> of the security vulnerabilities addressed in this and earlier releases
> is available:
>
> Modified: release/httpd/Announcement2.4.txt
> ==============================================================================
> --- release/httpd/Announcement2.4.txt (original)
> +++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
> @@ -1,19 +1,19 @@
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
>
> - April 01, 2020
> + September 21, 2018
>
> The Apache Software Foundation and the Apache HTTP Server Project
> - are pleased to announce the release of version 2.4.43 of the Apache
> + are pleased to announce the release of version 2.4.46 of the Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
>
> We consider this release to be the best version of Apache available, and
> encourage users of all prior versions to upgrade.
>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
>
> https://httpd.apache.org/download.cgi
>
> @@ -24,7 +24,7 @@
> https://httpd.apache.org/docs/trunk/new_features_2_4.html
>
> Please see the CHANGES_2.4 file, linked from the download page, for a
> - full list of changes. A condensed list, CHANGES_2.4.43 includes only
> + full list of changes. A condensed list, CHANGES_2.4.46 includes only
> those changes introduced since the prior 2.4 release. A summary of all
> of the security vulnerabilities addressed in this and earlier releases
> is available:
>
> Modified: release/httpd/CHANGES_2.4
> ==============================================================================
> --- release/httpd/CHANGES_2.4 (original)
> +++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
> @@ -1,6 +1,78 @@
> -*- coding: utf-8 -*-
> +Changes with Apache 2.4.46
> + *) mod_proxy_fcgi: Fix build warnings for Windows platform
> + [Eric Covener, Christophe Jaillet]
> +
> +Changes with Apache 2.4.45
> +
> + *) mod_http2: remove support for abandoned http-wg draft
> + <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
> + [Stefan Eissing]
> +
> +Changes with Apache 2.4.44
> +
> + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
> + protocol limit). [Yann Ylavic]
> +
> + *) mod_http2:
> + Fixes <https://github.com/icing/mod_h2/issues/200>:
> + "LimitRequestFields 0" now disables the limit, as documented.
> + Fixes <https://github.com/icing/mod_h2/issues/201>:
> + Do not count repeated headers with same name against the field
> + count limit. The are merged internally, as if sent in a single HTTP/1 line.
> + [Stefan Eissing]
> +
> + *) mod_http2: Avoid segfaults in case of handling certain responses for
> + already aborted connections. [Stefan Eissing, Ruediger Pluem]
> +
> + *) mod_http2: The module now handles master/secondary connections and has marked
> + methods according to use. [Stefan Eissing]
> +
> + *) core: Drop an invalid Last-Modified header value coming
> + from a FCGI/CGI script instead of replacing it with Unix epoch.
> + [Yann Ylavic, Luca Toscano]
> +
> + *) Add support for strict content-length parsing through addition of
> + ap_parse_strict_length() [Yann Ylavic]
> +
> + *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
> + evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
> +
> + *) mod_proxy_http: flush spooled request body in one go to avoid
> + leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
> +
> + *) mod_ssl: Fix a race condition and possible crash when using a proxy client
> + certificate (SSLProxyMachineCertificateFile).
> + [Armin Abfalterer <a.abfalterer gmail.com>]
> +
> + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing]
> +
> + *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and H2_STREAM_TAG.
> + PR64330 [Stefan Eissing]
> +
> + *) mod_http2: Fixed regression that caused connections to close when mod_reqtimeout
> + was configured with a handshake timeout. Fixes gitub issue #196.
> + [Stefan Eissing]
> +
> + *) mod_proxy_http2: the "ping" proxy parameter
> + (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
> + when checking the liveliness of a new or reused h2 connection to the backend.
> + With short durations, this makes load-balancing more responsive. The module
> + will hold back requests until ping conditions are met, using features of the
> + HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
> +
> + *) core: httpd is no longer linked against -lsystemd if mod_systemd
> + is enabled (and built as a DSO). [Rainer Jung]
> +
> + *) mod_proxy_http2: respect ProxyTimeout settings on backend connections
> + while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
> +
> Changes with Apache 2.4.43
>
> + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
> +
> +Changes with Apache 2.4.42
> +
> *) SECURITY: CVE-2020-1934 (cve.mitre.org)
> mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
> server. [Eric Covener]
> @@ -10,10 +82,6 @@ Changes with Apache 2.4.43
> matches and substitutions with encoded line break characters.
> The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
>
> - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
> -
> -Changes with Apache 2.4.42
> -
> *) mod_proxy_http: Fix the forwarding of requests with content body when a
> balancer member is unavailable; the retry on the next member was issued
> with an empty body (regression introduced in 2.4.41). PR63891.
Thanks!
Rainer
Am 05.08.2020 um 13:32 schrieb druggeri@apache.org:
> Author: druggeri
> Date: Wed Aug 5 11:32:51 2020
> New Revision: 40863
>
> Log:
> Push 2.4.46 up to the release directory
>
> Added:
> release/httpd/CHANGES_2.4.46
> - copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
> release/httpd/httpd-2.4.46.tar.bz2
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
> release/httpd/httpd-2.4.46.tar.bz2.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
> release/httpd/httpd-2.4.46.tar.bz2.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
> release/httpd/httpd-2.4.46.tar.bz2.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
> release/httpd/httpd-2.4.46.tar.bz2.sha256
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha256
> release/httpd/httpd-2.4.46.tar.bz2.sha512
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha512
> release/httpd/httpd-2.4.46.tar.gz
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
> release/httpd/httpd-2.4.46.tar.gz.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
> release/httpd/httpd-2.4.46.tar.gz.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
> release/httpd/httpd-2.4.46.tar.gz.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
> release/httpd/httpd-2.4.46.tar.gz.sha256
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
> release/httpd/httpd-2.4.46.tar.gz.sha512
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
> Removed:
> dev/httpd/CHANGES_2.4
> dev/httpd/CHANGES_2.4.46
> dev/httpd/httpd-2.4.46-deps.tar.bz2
> dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
> dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
> dev/httpd/httpd-2.4.46-deps.tar.gz
> dev/httpd/httpd-2.4.46-deps.tar.gz.asc
> dev/httpd/httpd-2.4.46-deps.tar.gz.md5
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
> dev/httpd/httpd-2.4.46.tar.bz2
> dev/httpd/httpd-2.4.46.tar.bz2.asc
> dev/httpd/httpd-2.4.46.tar.bz2.md5
> dev/httpd/httpd-2.4.46.tar.bz2.sha1
> dev/httpd/httpd-2.4.46.tar.bz2.sha256
> dev/httpd/httpd-2.4.46.tar.bz2.sha512
> dev/httpd/httpd-2.4.46.tar.gz
> dev/httpd/httpd-2.4.46.tar.gz.asc
> dev/httpd/httpd-2.4.46.tar.gz.md5
> dev/httpd/httpd-2.4.46.tar.gz.sha1
> dev/httpd/httpd-2.4.46.tar.gz.sha256
> dev/httpd/httpd-2.4.46.tar.gz.sha512
> Modified:
> release/httpd/Announcement2.4.html
> release/httpd/Announcement2.4.txt
> release/httpd/CHANGES_2.4
>
> Modified: release/httpd/Announcement2.4.html
> ==============================================================================
> --- release/httpd/Announcement2.4.html (original)
> +++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
> @@ -49,27 +49,27 @@
> <div class="banner"></div>
>
> <h1>
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
> </h1>
> <p>
> - April 01, 2020
> + September 21, 2018
> </p>
> <p>
> The Apache Software Foundation and the Apache HTTP Server Project are
> pleased to <a href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
> - the release of version 2.4.43 of the Apache
> + the release of version 2.4.46 of the Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
> </p>
> <p>
> We consider this release to be the best version of Apache available, and
> encourage users of all prior versions to upgrade.
> </p>
> <p>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
> </p>
> <dl>
> <dd><a href="https://httpd.apache.org/download.cgi"
> @@ -77,7 +77,7 @@
> </dl>
> <p>
> Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file, linked from the download page, for a
> - full list of changes. A condensed list, <a href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
> + full list of changes. A condensed list, <a href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
> those changes introduced since the prior 2.4 release. A summary of all
> of the security vulnerabilities addressed in this and earlier releases
> is available:
>
> Modified: release/httpd/Announcement2.4.txt
> ==============================================================================
> --- release/httpd/Announcement2.4.txt (original)
> +++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
> @@ -1,19 +1,19 @@
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
>
> - April 01, 2020
> + September 21, 2018
>
> The Apache Software Foundation and the Apache HTTP Server Project
> - are pleased to announce the release of version 2.4.43 of the Apache
> + are pleased to announce the release of version 2.4.46 of the Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
>
> We consider this release to be the best version of Apache available, and
> encourage users of all prior versions to upgrade.
>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
>
> https://httpd.apache.org/download.cgi
>
> @@ -24,7 +24,7 @@
> https://httpd.apache.org/docs/trunk/new_features_2_4.html
>
> Please see the CHANGES_2.4 file, linked from the download page, for a
> - full list of changes. A condensed list, CHANGES_2.4.43 includes only
> + full list of changes. A condensed list, CHANGES_2.4.46 includes only
> those changes introduced since the prior 2.4 release. A summary of all
> of the security vulnerabilities addressed in this and earlier releases
> is available:
>
> Modified: release/httpd/CHANGES_2.4
> ==============================================================================
> --- release/httpd/CHANGES_2.4 (original)
> +++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
> @@ -1,6 +1,78 @@
> -*- coding: utf-8 -*-
> +Changes with Apache 2.4.46
> + *) mod_proxy_fcgi: Fix build warnings for Windows platform
> + [Eric Covener, Christophe Jaillet]
> +
> +Changes with Apache 2.4.45
> +
> + *) mod_http2: remove support for abandoned http-wg draft
> + <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
> + [Stefan Eissing]
> +
> +Changes with Apache 2.4.44
> +
> + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
> + protocol limit). [Yann Ylavic]
> +
> + *) mod_http2:
> + Fixes <https://github.com/icing/mod_h2/issues/200>:
> + "LimitRequestFields 0" now disables the limit, as documented.
> + Fixes <https://github.com/icing/mod_h2/issues/201>:
> + Do not count repeated headers with same name against the field
> + count limit. The are merged internally, as if sent in a single HTTP/1 line.
> + [Stefan Eissing]
> +
> + *) mod_http2: Avoid segfaults in case of handling certain responses for
> + already aborted connections. [Stefan Eissing, Ruediger Pluem]
> +
> + *) mod_http2: The module now handles master/secondary connections and has marked
> + methods according to use. [Stefan Eissing]
> +
> + *) core: Drop an invalid Last-Modified header value coming
> + from a FCGI/CGI script instead of replacing it with Unix epoch.
> + [Yann Ylavic, Luca Toscano]
> +
> + *) Add support for strict content-length parsing through addition of
> + ap_parse_strict_length() [Yann Ylavic]
> +
> + *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
> + evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
> +
> + *) mod_proxy_http: flush spooled request body in one go to avoid
> + leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
> +
> + *) mod_ssl: Fix a race condition and possible crash when using a proxy client
> + certificate (SSLProxyMachineCertificateFile).
> + [Armin Abfalterer <a.abfalterer gmail.com>]
> +
> + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan Eissing]
> +
> + *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and H2_STREAM_TAG.
> + PR64330 [Stefan Eissing]
> +
> + *) mod_http2: Fixed regression that caused connections to close when mod_reqtimeout
> + was configured with a handshake timeout. Fixes gitub issue #196.
> + [Stefan Eissing]
> +
> + *) mod_proxy_http2: the "ping" proxy parameter
> + (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
> + when checking the liveliness of a new or reused h2 connection to the backend.
> + With short durations, this makes load-balancing more responsive. The module
> + will hold back requests until ping conditions are met, using features of the
> + HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
> +
> + *) core: httpd is no longer linked against -lsystemd if mod_systemd
> + is enabled (and built as a DSO). [Rainer Jung]
> +
> + *) mod_proxy_http2: respect ProxyTimeout settings on backend connections
> + while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
> +
> Changes with Apache 2.4.43
>
> + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
> +
> +Changes with Apache 2.4.42
> +
> *) SECURITY: CVE-2020-1934 (cve.mitre.org)
> mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
> server. [Eric Covener]
> @@ -10,10 +82,6 @@ Changes with Apache 2.4.43
> matches and substitutions with encoded line break characters.
> The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
>
> - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
> -
> -Changes with Apache 2.4.42
> -
> *) mod_proxy_http: Fix the forwarding of requests with content body when a
> balancer member is unavailable; the retry on the next member was issued
> with an empty body (regression introduced in 2.4.41). PR63891.