From 9d8a3a209073108454281c44617c83e4ef60bc92 Mon Sep 17 00:00:00 2001
From: Stefan Eissing
Date: Thu, 19 Oct 2023 09:27:09 +0000
Subject: [PATCH] publishing release httpd-2.4.58
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1913112 13f79535-47bb-0310-9956-ffa450edef68
---
CHANGES | 42 +
STATUS | 3 +-
docs/manual/env.html.tr.utf8 | 1 +
docs/manual/mod/core.html.de | 2 +-
docs/manual/mod/core.html.es | 2 +-
docs/manual/mod/core.html.ja.utf8 | 2 +-
docs/manual/mod/core.html.tr.utf8 | 1 +
docs/manual/mod/directives.html.de | 11 +
docs/manual/mod/directives.html.en | 1 +
docs/manual/mod/directives.html.es | 11 +
docs/manual/mod/directives.html.fr.utf8 | 1 +
docs/manual/mod/directives.html.ja.utf8 | 11 +
docs/manual/mod/directives.html.ko.euc-kr | 11 +
docs/manual/mod/directives.html.tr.utf8 | 11 +
docs/manual/mod/directives.html.zh-cn.utf8 | 11 +
docs/manual/mod/mod_alias.html.en | 44 +
docs/manual/mod/mod_alias.html.fr.utf8 | 16 +
docs/manual/mod/mod_alias.html.ja.utf8 | 28 +
docs/manual/mod/mod_alias.html.ko.euc-kr | 28 +
docs/manual/mod/mod_alias.html.tr.utf8 | 27 +
docs/manual/mod/mod_alias.xml.fr | 2 +-
docs/manual/mod/mod_alias.xml.ja | 2 +-
docs/manual/mod/mod_alias.xml.ko | 2 +-
docs/manual/mod/mod_alias.xml.meta | 2 +-
docs/manual/mod/mod_alias.xml.tr | 2 +-
docs/manual/mod/mod_dav.html.ja.utf8 | 14 +
docs/manual/mod/mod_dav.html.ko.euc-kr | 14 +
docs/manual/mod/mod_deflate.html.ja.utf8 | 14 +
docs/manual/mod/mod_deflate.html.ko.euc-kr | 14 +
docs/manual/mod/mod_setenvif.html.tr.utf8 | 1 +
docs/manual/mod/quickreference.html.de | 993 +++++-----
docs/manual/mod/quickreference.html.en | 1585 ++++++++--------
docs/manual/mod/quickreference.html.es | 991 +++++-----
docs/manual/mod/quickreference.html.fr.utf8 | 1617 +++++++++--------
docs/manual/mod/quickreference.html.ja.utf8 | 987 +++++-----
docs/manual/mod/quickreference.html.ko.euc-kr | 987 +++++-----
docs/manual/mod/quickreference.html.tr.utf8 | 995 +++++-----
.../manual/mod/quickreference.html.zh-cn.utf8 | 991 +++++-----
docs/manual/style/version.ent | 2 +-
include/ap_release.h | 2 +-
40 files changed, 4931 insertions(+), 4550 deletions(-)
diff --git a/CHANGES b/CHANGES
index 4a2aa4ac56f..8ffc6c52701 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,48 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.59
+
Changes with Apache 2.4.58
+ *) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
+ memory not reclaimed right away on RST (cve.mitre.org)
+ When a HTTP/2 stream was reset (RST frame) by a client, there
+ was a time window were the request's memory resources were not
+ reclaimed immediately. Instead, de-allocation was deferred to
+ connection close. A client could send new requests and resets,
+ keeping the connection busy and open and causing the memory
+ footprint to keep on growing. On connection close, all resources
+ were reclaimed, but the process might run out of memory before
+ that.
+ This was found by the reporter during testing of CVE-2023-44487
+ (HTTP/2 Rapid Reset Exploit) with their own test client. During
+ "normal" HTTP/2 use, the probability to hit this bug is very
+ low. The kept memory would not become noticeable before the
+ connection closes or times out.
+ Users are recommended to upgrade to version 2.4.58, which fixes
+ the issue.
+ Credits: Will Dormann of Vul Labs
+
+ *) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
+ initial windows size 0 (cve.mitre.org)
+ An attacker, opening a HTTP/2 connection with an initial window
+ size of 0, was able to block handling of that connection
+ indefinitely in Apache HTTP Server. This could be used to
+ exhaust worker resources in the server, similar to the well
+ known "slow loris" attack pattern.
+ This has been fixed in version 2.4.58, so that such connection
+ are terminated properly after the configured connection timeout.
+ This issue affects Apache HTTP Server: from 2.4.55 through
+ 2.4.57.
+ Users are recommended to upgrade to version 2.4.58, which fixes
+ the issue.
+ Credits: Prof. Sven Dietrich (City University of New York)
+
+ *) SECURITY: CVE-2023-31122: mod_macro buffer over-read
+ (cve.mitre.org)
+ Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
+ Server.This issue affects Apache HTTP Server: through 2.4.57.
+ Credits: David Shoon (github/davidshoon)
+
*) mod_ssl: Silence info log message "SSL Library Error: error:0A000126:
SSL routines::unexpected eof while reading" when using
OpenSSL 3 by setting SSL_OP_IGNORE_UNEXPECTED_EOF if
diff --git a/STATUS b/STATUS
index ccd1ba47f9b..a2127eb6424 100644
--- a/STATUS
+++ b/STATUS
@@ -29,7 +29,8 @@ Release history:
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.4.58 : In development
+ 2.4.59 : In development
+ 2.4.58 : Released on October 19, 2023
2.4.57 : Released on April 06, 2023
2.4.56 : Released on March 07, 2023
2.4.55 : Released on January 17, 2023
diff --git a/docs/manual/env.html.tr.utf8 b/docs/manual/env.html.tr.utf8
index 66ffec81fa5..5578c31b7b9 100644
--- a/docs/manual/env.html.tr.utf8
+++ b/docs/manual/env.html.tr.utf8
@@ -29,6 +29,7 @@
ko |
tr
+Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
Apache HTTP Sunucusunu etkileyen ortam değişkenleri iki çeşittir.
diff --git a/docs/manual/mod/core.html.de b/docs/manual/mod/core.html.de
index 13b54dafb64..3c1ae2bce29 100644
--- a/docs/manual/mod/core.html.de
+++ b/docs/manual/mod/core.html.de
@@ -1462,7 +1462,7 @@ to the network
Beschreibung: | Threshold above which pending data are flushed to the
network |
Syntax: | FlushMaxThreshold number-of-bytes |
-Voreinstellung: | FlushMaxThreshold 65536 |
+Voreinstellung: | FlushMaxThreshold 65535 |
Kontext: | Serverkonfiguration, Virtual Host |
Status: | Core |
Modul: | core |
diff --git a/docs/manual/mod/core.html.es b/docs/manual/mod/core.html.es
index 584c38ec7cb..0ac6895b6d0 100644
--- a/docs/manual/mod/core.html.es
+++ b/docs/manual/mod/core.html.es
@@ -1640,7 +1640,7 @@ to the network
Descripción: | Threshold above which pending data are flushed to the
network |
Sintaxis: | FlushMaxThreshold number-of-bytes |
-Valor por defecto: | FlushMaxThreshold 65536 |
+Valor por defecto: | FlushMaxThreshold 65535 |
Contexto: | server config, virtual host |
Estado: | Core |
Módulo: | core |
diff --git a/docs/manual/mod/core.html.ja.utf8 b/docs/manual/mod/core.html.ja.utf8
index 8c1be703861..90c655f3284 100644
--- a/docs/manual/mod/core.html.ja.utf8
+++ b/docs/manual/mod/core.html.ja.utf8
@@ -1410,7 +1410,7 @@ to the network
説明: | Threshold above which pending data are flushed to the
network |
構文: | FlushMaxThreshold number-of-bytes |
-デフォルト: | FlushMaxThreshold 65536 |
+デフォルト: | FlushMaxThreshold 65535 |
コンテキスト: | サーバ設定ファイル, バーチャルホスト |
ステータス: | Core |
モジュール: | core |
diff --git a/docs/manual/mod/core.html.tr.utf8 b/docs/manual/mod/core.html.tr.utf8
index 5d87a5144f4..6e825db9749 100644
--- a/docs/manual/mod/core.html.tr.utf8
+++ b/docs/manual/mod/core.html.tr.utf8
@@ -33,6 +33,7 @@
ja |
tr
+Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.
Açıklama: | Apache HTTP Sunucusunda daima mevcut olan çekirdek
özellikler |
Durum: | Çekirdek |
---|
diff --git a/docs/manual/mod/directives.html.de b/docs/manual/mod/directives.html.de
index 2f026d3fde3..af039a42bc2 100644
--- a/docs/manual/mod/directives.html.de
+++ b/docs/manual/mod/directives.html.de
@@ -71,6 +71,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -224,6 +225,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -243,6 +245,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -298,7 +301,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -306,15 +311,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -437,10 +445,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -551,6 +561,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/directives.html.en b/docs/manual/mod/directives.html.en
index 2f70f774b2b..f056e726274 100644
--- a/docs/manual/mod/directives.html.en
+++ b/docs/manual/mod/directives.html.en
@@ -72,6 +72,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
diff --git a/docs/manual/mod/directives.html.es b/docs/manual/mod/directives.html.es
index d825016c4ae..568f7c8b333 100644
--- a/docs/manual/mod/directives.html.es
+++ b/docs/manual/mod/directives.html.es
@@ -74,6 +74,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -227,6 +228,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -246,6 +248,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -301,7 +304,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -309,15 +314,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -440,10 +448,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -554,6 +564,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/directives.html.fr.utf8 b/docs/manual/mod/directives.html.fr.utf8
index 9c14fee8e4d..e6381a73173 100644
--- a/docs/manual/mod/directives.html.fr.utf8
+++ b/docs/manual/mod/directives.html.fr.utf8
@@ -72,6 +72,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
diff --git a/docs/manual/mod/directives.html.ja.utf8 b/docs/manual/mod/directives.html.ja.utf8
index 085955d6736..286b141f397 100644
--- a/docs/manual/mod/directives.html.ja.utf8
+++ b/docs/manual/mod/directives.html.ja.utf8
@@ -69,6 +69,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -222,6 +223,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -241,6 +243,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -296,7 +299,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -304,15 +309,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -435,10 +443,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -549,6 +559,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/directives.html.ko.euc-kr b/docs/manual/mod/directives.html.ko.euc-kr
index 4b6fb51a7c1..fa36a6a174d 100644
--- a/docs/manual/mod/directives.html.ko.euc-kr
+++ b/docs/manual/mod/directives.html.ko.euc-kr
@@ -69,6 +69,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -222,6 +223,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -241,6 +243,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -296,7 +299,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -304,15 +309,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -435,10 +443,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -549,6 +559,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/directives.html.tr.utf8 b/docs/manual/mod/directives.html.tr.utf8
index 07d8ca4f212..12ccfec383f 100644
--- a/docs/manual/mod/directives.html.tr.utf8
+++ b/docs/manual/mod/directives.html.tr.utf8
@@ -68,6 +68,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -221,6 +222,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -240,6 +242,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -295,7 +298,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -303,15 +308,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -434,10 +442,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -548,6 +558,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/directives.html.zh-cn.utf8 b/docs/manual/mod/directives.html.zh-cn.utf8
index cc9c789dffb..7487c2ed477 100644
--- a/docs/manual/mod/directives.html.zh-cn.utf8
+++ b/docs/manual/mod/directives.html.zh-cn.utf8
@@ -67,6 +67,7 @@
AddType
Alias
AliasMatch
+AliasPreservePath
Allow
AllowCONNECT
AllowEncodedSlashes
@@ -220,6 +221,7 @@
CoreDumpDirectory
CustomLog
Dav
+DavBasePath
DavDepthInfinity
DavGenericLockDB
DavLockDB
@@ -239,6 +241,7 @@
DefaultRuntimeDir
DefaultType
Define
+DeflateAlterETag
DeflateBufferSize
DeflateCompressionLevel
DeflateFilterNote
@@ -294,7 +297,9 @@
Group
H2CopyFiles
H2Direct
+H2EarlyHint
H2EarlyHints
+H2MaxDataFrameLen
H2MaxSessionStreams
H2MaxWorkerIdleSeconds
H2MaxWorkers
@@ -302,15 +307,18 @@
H2ModernTLSOnly
H2OutputBuffering
H2Padding
+H2ProxyRequests
H2Push
H2PushDiarySize
H2PushPriority
H2PushResource
H2SerializeHeaders
H2StreamMaxMemSize
+H2StreamTimeout
H2TLSCoolDownSecs
H2TLSWarmUpSize
H2Upgrade
+H2WebSockets
H2WindowSize
Header
HeaderName
@@ -433,10 +441,12 @@
MDCertificateProtocol
MDCertificateStatus
MDChallengeDns01
+MDChallengeDns01Version
MDContactEmail
MDDriveMode
MDExternalAccountBinding
MDHttpProxy
+MDMatchNames
MDMember
MDMembers
MDMessageCmd
@@ -547,6 +557,7 @@
Redirect
RedirectMatch
RedirectPermanent
+RedirectRelative
RedirectTemp
RedisConnPoolTTL
RedisTimeout
diff --git a/docs/manual/mod/mod_alias.html.en b/docs/manual/mod/mod_alias.html.en
index 6ef150a3858..53f012ea0fd 100644
--- a/docs/manual/mod/mod_alias.html.en
+++ b/docs/manual/mod/mod_alias.html.en
@@ -75,6 +75,7 @@
# /files/foo and /files/bar mapped to /ftp/pub/files/foo and /ftp/pub/files/bar
+<Location "/files">
+ AliasPreservePath on
+ Alias "/ftp/pub/files"
+</Location>
+# /errors/foo and /errors/bar mapped to /var/www/errors.html
+<Location "/errors">
+ AliasPreservePath off
+ Alias "/var/www/errors.html"
+</Location>
+
+
@@ -290,6 +308,31 @@ AliasMatch "^/image/(.*)\.gif$" "/files/gif.images/$1.gif"
+
+
+
+
+
When using the two parameter version of the
+ Alias
directive, the full path after the alias
+ is preserved. When using the one parameter version of the
+ Alias
directive inside a
+ Location
directive, the full path is dropped,
+ and all URLs are mapped to the target expression.
+
+
To make the one parameter version of the
+ Alias
directive preserve paths in the same way
+ that the two parameter version of the Alias
+ directive, enable this setting.
+
+
@@ -469,6 +512,7 @@ a different URL
Context: | server config, virtual host, directory |
Status: | Base |
Module: | mod_alias |
---|
+
Compatibility: | 2.4.58 and later |
By default, if the target URL of a Redirect
directive is a relative URL beginning with a '/' character, the server
diff --git a/docs/manual/mod/mod_alias.html.fr.utf8 b/docs/manual/mod/mod_alias.html.fr.utf8
index e32d585a1d9..6b4f5857a12 100644
--- a/docs/manual/mod/mod_alias.html.fr.utf8
+++ b/docs/manual/mod/mod_alias.html.fr.utf8
@@ -32,6 +32,8 @@
ko |
tr
+Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.
Description: | Permet d'atteindre différentes parties du système de
fichiers depuis l'arborescence des documents du site web, ainsi que la
redirection d'URL |
@@ -75,6 +77,7 @@ redirection d'URL