From 9d8a3a209073108454281c44617c83e4ef60bc92 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 19 Oct 2023 09:27:09 +0000 Subject: [PATCH] publishing release httpd-2.4.58 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913112 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 42 + STATUS | 3 +- docs/manual/env.html.tr.utf8 | 1 + docs/manual/mod/core.html.de | 2 +- docs/manual/mod/core.html.es | 2 +- docs/manual/mod/core.html.ja.utf8 | 2 +- docs/manual/mod/core.html.tr.utf8 | 1 + docs/manual/mod/directives.html.de | 11 + docs/manual/mod/directives.html.en | 1 + docs/manual/mod/directives.html.es | 11 + docs/manual/mod/directives.html.fr.utf8 | 1 + docs/manual/mod/directives.html.ja.utf8 | 11 + docs/manual/mod/directives.html.ko.euc-kr | 11 + docs/manual/mod/directives.html.tr.utf8 | 11 + docs/manual/mod/directives.html.zh-cn.utf8 | 11 + docs/manual/mod/mod_alias.html.en | 44 + docs/manual/mod/mod_alias.html.fr.utf8 | 16 + docs/manual/mod/mod_alias.html.ja.utf8 | 28 + docs/manual/mod/mod_alias.html.ko.euc-kr | 28 + docs/manual/mod/mod_alias.html.tr.utf8 | 27 + docs/manual/mod/mod_alias.xml.fr | 2 +- docs/manual/mod/mod_alias.xml.ja | 2 +- docs/manual/mod/mod_alias.xml.ko | 2 +- docs/manual/mod/mod_alias.xml.meta | 2 +- docs/manual/mod/mod_alias.xml.tr | 2 +- docs/manual/mod/mod_dav.html.ja.utf8 | 14 + docs/manual/mod/mod_dav.html.ko.euc-kr | 14 + docs/manual/mod/mod_deflate.html.ja.utf8 | 14 + docs/manual/mod/mod_deflate.html.ko.euc-kr | 14 + docs/manual/mod/mod_setenvif.html.tr.utf8 | 1 + docs/manual/mod/quickreference.html.de | 993 +++++----- docs/manual/mod/quickreference.html.en | 1585 ++++++++-------- docs/manual/mod/quickreference.html.es | 991 +++++----- docs/manual/mod/quickreference.html.fr.utf8 | 1617 +++++++++-------- docs/manual/mod/quickreference.html.ja.utf8 | 987 +++++----- docs/manual/mod/quickreference.html.ko.euc-kr | 987 +++++----- docs/manual/mod/quickreference.html.tr.utf8 | 995 +++++----- .../manual/mod/quickreference.html.zh-cn.utf8 | 991 +++++----- docs/manual/style/version.ent | 2 +- include/ap_release.h | 2 +- 40 files changed, 4931 insertions(+), 4550 deletions(-) diff --git a/CHANGES b/CHANGES index 4a2aa4ac56f..8ffc6c52701 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,48 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.59 + Changes with Apache 2.4.58 + *) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream + memory not reclaimed right away on RST (cve.mitre.org) + When a HTTP/2 stream was reset (RST frame) by a client, there + was a time window were the request's memory resources were not + reclaimed immediately. Instead, de-allocation was deferred to + connection close. A client could send new requests and resets, + keeping the connection busy and open and causing the memory + footprint to keep on growing. On connection close, all resources + were reclaimed, but the process might run out of memory before + that. + This was found by the reporter during testing of CVE-2023-44487 + (HTTP/2 Rapid Reset Exploit) with their own test client. During + "normal" HTTP/2 use, the probability to hit this bug is very + low. The kept memory would not become noticeable before the + connection closes or times out. + Users are recommended to upgrade to version 2.4.58, which fixes + the issue. + Credits: Will Dormann of Vul Labs + + *) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with + initial windows size 0 (cve.mitre.org) + An attacker, opening a HTTP/2 connection with an initial window + size of 0, was able to block handling of that connection + indefinitely in Apache HTTP Server. This could be used to + exhaust worker resources in the server, similar to the well + known "slow loris" attack pattern. + This has been fixed in version 2.4.58, so that such connection + are terminated properly after the configured connection timeout. + This issue affects Apache HTTP Server: from 2.4.55 through + 2.4.57. + Users are recommended to upgrade to version 2.4.58, which fixes + the issue. + Credits: Prof. Sven Dietrich (City University of New York) + + *) SECURITY: CVE-2023-31122: mod_macro buffer over-read + (cve.mitre.org) + Out-of-bounds Read vulnerability in mod_macro of Apache HTTP + Server.This issue affects Apache HTTP Server: through 2.4.57. + Credits: David Shoon (github/davidshoon) + *) mod_ssl: Silence info log message "SSL Library Error: error:0A000126: SSL routines::unexpected eof while reading" when using OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if diff --git a/STATUS b/STATUS index ccd1ba47f9b..a2127eb6424 100644 --- a/STATUS +++ b/STATUS @@ -29,7 +29,8 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.4.58 : In development + 2.4.59 : In development + 2.4.58 : Released on October 19, 2023 2.4.57 : Released on April 06, 2023 2.4.56 : Released on March 07, 2023 2.4.55 : Released on January 17, 2023 diff --git a/docs/manual/env.html.tr.utf8 b/docs/manual/env.html.tr.utf8 index 66ffec81fa5..5578c31b7b9 100644 --- a/docs/manual/env.html.tr.utf8 +++ b/docs/manual/env.html.tr.utf8 @@ -29,6 +29,7 @@  ko  |  tr 

+
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

Apache HTTP Sunucusunu etkileyen ortam değişkenleri iki çeşittir.

diff --git a/docs/manual/mod/core.html.de b/docs/manual/mod/core.html.de index 13b54dafb64..3c1ae2bce29 100644 --- a/docs/manual/mod/core.html.de +++ b/docs/manual/mod/core.html.de @@ -1462,7 +1462,7 @@ to the network Beschreibung:Threshold above which pending data are flushed to the network Syntax:FlushMaxThreshold number-of-bytes -Voreinstellung:FlushMaxThreshold 65536 +Voreinstellung:FlushMaxThreshold 65535 Kontext:Serverkonfiguration, Virtual Host Status:Core Modul:core diff --git a/docs/manual/mod/core.html.es b/docs/manual/mod/core.html.es index 584c38ec7cb..0ac6895b6d0 100644 --- a/docs/manual/mod/core.html.es +++ b/docs/manual/mod/core.html.es @@ -1640,7 +1640,7 @@ to the network Descripción:Threshold above which pending data are flushed to the network Sintaxis:FlushMaxThreshold number-of-bytes -Valor por defecto:FlushMaxThreshold 65536 +Valor por defecto:FlushMaxThreshold 65535 Contexto:server config, virtual host Estado:Core Módulo:core diff --git a/docs/manual/mod/core.html.ja.utf8 b/docs/manual/mod/core.html.ja.utf8 index 8c1be703861..90c655f3284 100644 --- a/docs/manual/mod/core.html.ja.utf8 +++ b/docs/manual/mod/core.html.ja.utf8 @@ -1410,7 +1410,7 @@ to the network 説明:Threshold above which pending data are flushed to the network 構文:FlushMaxThreshold number-of-bytes -デフォルト:FlushMaxThreshold 65536 +デフォルト:FlushMaxThreshold 65535 コンテキスト:サーバ設定ファイル, バーチャルホスト ステータス:Core モジュール:core diff --git a/docs/manual/mod/core.html.tr.utf8 b/docs/manual/mod/core.html.tr.utf8 index 5d87a5144f4..6e825db9749 100644 --- a/docs/manual/mod/core.html.tr.utf8 +++ b/docs/manual/mod/core.html.tr.utf8 @@ -33,6 +33,7 @@  ja  |  tr 

+
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
Açıklama:Apache HTTP Sunucusunda daima mevcut olan çekirdek özellikler
Durum:Çekirdek
diff --git a/docs/manual/mod/directives.html.de b/docs/manual/mod/directives.html.de index 2f026d3fde3..af039a42bc2 100644 --- a/docs/manual/mod/directives.html.de +++ b/docs/manual/mod/directives.html.de @@ -71,6 +71,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -224,6 +225,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -243,6 +245,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -298,7 +301,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -306,15 +311,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -437,10 +445,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -551,6 +561,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en index 2f70f774b2b..f056e726274 100644 --- a/docs/manual/mod/directives.html.en +++ b/docs/manual/mod/directives.html.en @@ -72,6 +72,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • diff --git a/docs/manual/mod/directives.html.es b/docs/manual/mod/directives.html.es index d825016c4ae..568f7c8b333 100644 --- a/docs/manual/mod/directives.html.es +++ b/docs/manual/mod/directives.html.es @@ -74,6 +74,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -227,6 +228,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -246,6 +248,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -301,7 +304,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -309,15 +314,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -440,10 +448,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -554,6 +564,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/directives.html.fr.utf8 b/docs/manual/mod/directives.html.fr.utf8 index 9c14fee8e4d..e6381a73173 100644 --- a/docs/manual/mod/directives.html.fr.utf8 +++ b/docs/manual/mod/directives.html.fr.utf8 @@ -72,6 +72,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • diff --git a/docs/manual/mod/directives.html.ja.utf8 b/docs/manual/mod/directives.html.ja.utf8 index 085955d6736..286b141f397 100644 --- a/docs/manual/mod/directives.html.ja.utf8 +++ b/docs/manual/mod/directives.html.ja.utf8 @@ -69,6 +69,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -222,6 +223,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -241,6 +243,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -296,7 +299,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -304,15 +309,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -435,10 +443,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -549,6 +559,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/directives.html.ko.euc-kr b/docs/manual/mod/directives.html.ko.euc-kr index 4b6fb51a7c1..fa36a6a174d 100644 --- a/docs/manual/mod/directives.html.ko.euc-kr +++ b/docs/manual/mod/directives.html.ko.euc-kr @@ -69,6 +69,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -222,6 +223,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -241,6 +243,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -296,7 +299,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -304,15 +309,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -435,10 +443,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -549,6 +559,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/directives.html.tr.utf8 b/docs/manual/mod/directives.html.tr.utf8 index 07d8ca4f212..12ccfec383f 100644 --- a/docs/manual/mod/directives.html.tr.utf8 +++ b/docs/manual/mod/directives.html.tr.utf8 @@ -68,6 +68,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -221,6 +222,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -240,6 +242,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -295,7 +298,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -303,15 +308,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -434,10 +442,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -548,6 +558,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/directives.html.zh-cn.utf8 b/docs/manual/mod/directives.html.zh-cn.utf8 index cc9c789dffb..7487c2ed477 100644 --- a/docs/manual/mod/directives.html.zh-cn.utf8 +++ b/docs/manual/mod/directives.html.zh-cn.utf8 @@ -67,6 +67,7 @@
  • AddType
  • Alias
  • AliasMatch
  • +
  • AliasPreservePath
  • Allow
  • AllowCONNECT
  • AllowEncodedSlashes
  • @@ -220,6 +221,7 @@
  • CoreDumpDirectory
  • CustomLog
  • Dav
  • +
  • DavBasePath
  • DavDepthInfinity
  • DavGenericLockDB
  • DavLockDB
  • @@ -239,6 +241,7 @@
  • DefaultRuntimeDir
  • DefaultType
  • Define
  • +
  • DeflateAlterETag
  • DeflateBufferSize
  • DeflateCompressionLevel
  • DeflateFilterNote
  • @@ -294,7 +297,9 @@
  • Group
  • H2CopyFiles
  • H2Direct
  • +
  • H2EarlyHint
  • H2EarlyHints
  • +
  • H2MaxDataFrameLen
  • H2MaxSessionStreams
  • H2MaxWorkerIdleSeconds
  • H2MaxWorkers
  • @@ -302,15 +307,18 @@
  • H2ModernTLSOnly
  • H2OutputBuffering
  • H2Padding
  • +
  • H2ProxyRequests
  • H2Push
  • H2PushDiarySize
  • H2PushPriority
  • H2PushResource
  • H2SerializeHeaders
  • H2StreamMaxMemSize
  • +
  • H2StreamTimeout
  • H2TLSCoolDownSecs
  • H2TLSWarmUpSize
  • H2Upgrade
  • +
  • H2WebSockets
  • H2WindowSize
  • Header
  • HeaderName
  • @@ -433,10 +441,12 @@
  • MDCertificateProtocol
  • MDCertificateStatus
  • MDChallengeDns01
  • +
  • MDChallengeDns01Version
  • MDContactEmail
  • MDDriveMode
  • MDExternalAccountBinding
  • MDHttpProxy
  • +
  • MDMatchNames
  • MDMember
  • MDMembers
  • MDMessageCmd
  • @@ -547,6 +557,7 @@
  • Redirect
  • RedirectMatch
  • RedirectPermanent
  • +
  • RedirectRelative
  • RedirectTemp
  • RedisConnPoolTTL
  • RedisTimeout
  • diff --git a/docs/manual/mod/mod_alias.html.en b/docs/manual/mod/mod_alias.html.en index 6ef150a3858..53f012ea0fd 100644 --- a/docs/manual/mod/mod_alias.html.en +++ b/docs/manual/mod/mod_alias.html.en @@ -75,6 +75,7 @@