File apache2-mod_jk.changes of Package apache2-mod_jk.31986

-------------------------------------------------------------------
Thu Dec 21 13:51:41 UTC 2023 - David Anes <david.anes@suse.com>

- Add apache2-fix-symbol-export-typo.patch to fix a typo to restrict
  the symbols to export by the module. Fixes bsc#1206261

-------------------------------------------------------------------
Tue Oct 17 07:41:10 UTC 2023 - David Anes <david.anes@suse.com>

- Update to version 1.2.49:
  Apache
    * Retrieve default request id from mod_unique_id. It can also be
      taken from an arbitrary environment variable by configuring
      "JkRequestIdIndicator".
    * Don't delegate the generatation of the response body to httpd
      when the status code represents an error if the request used
      the HEAD method.
    * Only export the main module symbol. Visibility of module 
      internal symbols led to crashes when conflicting with library
      symbols. Based on a patch provided by Josef ńĆejka. (wrong fix
      was applied for bsc#1206261)
    * Remove support for implicit mapping of requests to workers. 
      All mappings must now be explicit.
  IIS
    * Set default request id as a GUID. It can also be taken from an
      arbitrary request header by configuring "request_id_header".
    * Fix non-empty check for the Translate header.
  Common
    * Fix compiler warning when initializing and copying fixed 
      length strings.
    * Add a request id to mod_jk log lines.
    * Enable configure to find the correct sizes for pid_t and 
      pthread_t when building on MacOS.
    * Fix Clang 15/16 compatability. Pull request #6 provided by 
      Sam James.
    * Improve XSS hardening in status worker.
    * Add additional bounds and error checking when reading AJP 
      messages.
  Docs
    * Remove support for the Netscape / Sun ONE / Oracle iPlanet Web
      Server as the product has been retired.
    * Remove links to the old JK2 documentation. The JK2 
      documentation is still available, it is just no longer linked
      from the current JK documentation.
    * Restructure subsections in changelog starting with version 
      1.2.45.

-------------------------------------------------------------------
Mon May 18 08:29:01 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Update jk.conf: [bsc#1167896]
  * Specify the location of JkShmFile.
  * Update tomcat-webapps paths.

-------------------------------------------------------------------
Mon May 11 16:22:00 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Fix Aliases to be compatible with the tomcat example URLs [bsc#1167896]

-------------------------------------------------------------------
Mon May 11 15:00:49 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Changes for 1.2.47 and 1.2.48 updates:
  * Add: Apache: Extend trace level logging of method entry/exit to
    aid debugging of request mapping issues.
  * Fix: Apache: Fix a bug in the normalization checks that prevented
    file based requests, such as SSI file includes, from being processed.
  * Fix: Apache: When using JkAutoAlias, ensure that files that include
    spaces in their name are accessible.
  * Update: Common: Update the documentation to reflect that the source
    code for the Apache Tomcat Connectors has moved from Subversion to Git.
  * Fix: Common: When using set_session_cookie, ensure that an updated session
    cookie is issued if the load-balancer has to failover to a different worker.
  * Update: Common: Update config.guess and config.sub from
    https://git.savannah.gnu.org/git/config.git.
  * Update: Common: Update release script for migration to git.

-------------------------------------------------------------------
Sun Feb  9 20:47:25 UTC 2020 - pgajdos@suse.com

- remove useless %check section

-------------------------------------------------------------------
Mon Nov  5 09:56:03 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

- Update to version 1.2.46
  Fixes:
    * Apache: Fix regression in 1.2.44 which resulted in
      socket_connect_timeout to be interpreted in units of seconds
      instead of milliseconds on platforms that provide poll(). (rjung)
    * Security: CVE-2018-11759 Connector path traversal [bsc#1114612]

- Update to version 1.2.45
  Fixes:
    * Correct regression in 1.2.44 that broke request handling for
      OPTIONS * requests. (rjung)
    * Improve path parameter parsing so that the session ID specified
      by the session_path worker property for load-balanced workers
      can be extracted from a path parameter in any segment of the
      URI, rather than only from the final segment. (markt)
    * Apache: Improve path parameter handling so that JkStripSession
      can remove session IDs that are specified on path parameters in any
      segment of the URI rather than only the final segment. (markt)
    * IIS: Improve path parameter handling so that strip_session can
      remove session IDs that are specified on path parameters in any
      segment of the URI rather than only the final segment. (markt) 
  Updates:
    * Apache: Update the documentation to note additional
      limitations of the JkAutoAlias directive. (markt)
  Code:
    * Common: Optimize path parameter handling. (rjung)

- Cleaned with spec-cleaner

-------------------------------------------------------------------
Wed Sep 19 15:44:20 UTC 2018 - pmonrealgonzalez@suse.com

- Update to version 1.2.44
  Updates:
    * Remove the Novell Netware make files and Netware specific source
      code since there has not been a supported version of Netware
      available for over five years. (markt)
    * Apache: Update the documentation to use httpd 2.4.x style access
      control directives. (markt)
    * Update PCRE bundled with the ISAPI redirector to 8.42. (rjung)
    * Update config.guess and config.sub from
      https://git.savannah.gnu.org/git/config.git. (rjung)
  Fixes:
    * Common: Use Local, rather than Global, mutexs on Windows to
      better support multi-user environments. (markt)
    * Apache: Use poll rather than select to avoid the limitations of
      select triggering an httpd crash. Patch provided by Koen Wilde. (markt)
    * ISAPI: Remove the check that rejects requests that contain path
      segments that match WEB-INF or META-INF as it duplicates a check
      that Tomcat performs and, because ISAPI does not have visibility of
      the current context path, it is impossible to implement this check
      without valid requests being rejected. (markt)
    * Refactor normalisation of request URIs to a common location and align
      the normalisation implementation for mod_jk with that implemented by
      Tomcat. (markt)
  Add:
    * Clarify the behvaiour of lb workers when all ajp13 workers fail with
      particular reference to the role of the retries attribute. (markt)
    * Add the new load-balancer worker property lb_retries to improve the
      control over the number of retries. Based on a patch provided by
      Frederik Nosi. (markt)
    * Add a note to the documentation that the CollapseSlashes options are
      now effectively hard-coded to CollpaseSlashesAll due to the changes
      made to align normalization with that implemented in Tomcat. (markt)

-------------------------------------------------------------------
Thu Mar 15 16:13:18 UTC 2018 - pmonrealgonzalez@suse.com

- Update to version 1.2.43 [bsc#1085220, CVE-2018-1323]
  * LB: Propagate load factor changes applied by the status worker
        to a load balancer sub worker correctly to all processes.
  * ISAPI: Align the make files for 32-bit and 64-bit builds.
  * Update config.guess and config.sub
  * Update PCRE bundled with the ISAPI redirector to 8.41.
  * Update the ISAPI redirector installation documentation to
    reflect the currently supported versions of Windows.
  * Align the normalization performed by the ISAPI redirector with
    that implemented by Tomcat.

-------------------------------------------------------------------
Tue Feb 13 14:33:08 UTC 2018 - tchvatal@suse.com

- Disable tests for now as the default profile is not working
  properly to load up and upstream should update the sample

-------------------------------------------------------------------
Thu Feb  1 12:55:38 UTC 2018 - tchvatal@suse.com

- Version update to 1.2.42:
  * Many small fixes
  * Optimalization for new gccs
  * Minor code cleanups

-------------------------------------------------------------------
Sat May 20 19:08:36 UTC 2017 - tchvatal@suse.com

- Just depend on java-devel

-------------------------------------------------------------------
Wed Jan 20 09:38:37 UTC 2016 - tchvatal@suse.com

- Version update to 1.2.41:
  * remove merged patch apache2-mod_jk-CVE-2014-8111.patch
  * many small bugfixes all around:
    + http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

-------------------------------------------------------------------
Wed Sep  9 11:26:17 UTC 2015 - pgajdos@suse.com

- test package with %apache_test_module_load

-------------------------------------------------------------------
Thu Jul 16 07:22:02 UTC 2015 - pgajdos@suse.com

- Requries: %{apache_suse_maintenance_mmn}
  This will pull this module to the update (in released distribution) 
  when apache maintainer thinks it is good (due api/abi changes).

-------------------------------------------------------------------
Thu Jun  4 12:00:03 UTC 2015 - tchvatal@suse.com

- Apply patch to fix bnc#927845 CVE-2014-8111 VUL-1: apache2-mod_jk: Tomcat
  mod_jk information leak due to incorrect JkMount/JkUnmount directives
  processing:
  * apache2-mod_jk-CVE-2014-8111.patch

-------------------------------------------------------------------
Thu Jun  4 11:27:13 UTC 2015 - pgajdos@suse.com

- access configuration conditional in jk.conf example

-------------------------------------------------------------------
Wed Mar 18 10:25:18 UTC 2015 - tchvatal@suse.com

- Drop the asc again to make dimstar happy

-------------------------------------------------------------------
Fri Mar 13 12:12:03 UTC 2015 - tchvatal@suse.com

- Add asc signature file.
- Fix URL for homepage

-------------------------------------------------------------------
Mon Nov 24 15:32:23 UTC 2014 - pgajdos@suse.com

- fix tomcat paths in jk.conf [bnc#742618]

-------------------------------------------------------------------
Mon Nov  3 07:43:17 UTC 2014 - pgajdos@suse.com

- use apache rpm macros

-------------------------------------------------------------------
Mon Jun  2 13:05:55 UTC 2014 - tchvatal@suse.com

- Cleanup with spec-cleaner

-------------------------------------------------------------------
Mon Jun  2 12:56:42 UTC 2014 - tchvatal@suse.com

- Version bump to 1.2.40 fixes bnc#880798:
 * Fix forwarding of chunked requests, which is broken in version 1.2.39. (rjung)
 * 56352: Fix regression in memory release. (mturk)
 * Fix status worker display of worker IP address after name or port was changed. (rjung)
 * 56297: Improve key hash function. Copied from APR. (rjung)
 * 55683: Remove quotes from quoted session cookies. (rjung)
 * 53542: ISAPI: Fix grammar in 503 error page. (rjung)
 * 55696: Crash on Mac OS X 10.9 during config parsing. (rjung)
 * Deprecate nt_service from Tomcat Connectors. (mturk)
 * 56133: Fix possible crash when a request fails during request body transfer to the back end and reply_timeout was set. Patch contributed by Hiroto Shimizu. (rjung)
 * Fix status worker not updating parameters for all members. (mturk)
 * 55853: HTTPD: Use the correct API for setting Content-Length. Patch contributed by areese yahoo-inc.com. (rjung)
 * Add IPV6 support for connection to webserver. New directive prefer_ipv6 has been added to control the hostname resolution and preserve backward compatibility. (mturk)
 * Add --disable-sock-cloexec to configure to disable use of SOCK_CLOEXEC (using FD_CLOEXEC + fnctl instead) so built modules will work with Linux kernels prior to 2.6.27. (timw)
 * Clean up config file parsing. Worker names are now restricted to 60 bytes. (rjung)
 * Allow to set a stickyness cookie in case a web framework breaks Tomcat's adding of the routing ID to the end of the JSESSIONID cookie. (rjung)
 * Use max_packet_size also for request body forwarding. (rjung)
 * Apache 2.4: By default forward logical client address as provided by mod_remoteip. When setting JkOptions ForwardPhysicalAddress mod_jk will instead forward the physical peer address. (rjung)
 * Minor documentation improvements. (rjung)  

-------------------------------------------------------------------
Mon Jan 28 19:37:34 UTC 2013 - dimstar@opensuse.org

- Update to version 1.2.37:
  + Fix compatibility with apache 2.4
- Introduce apxs variable, based on apache_branch. With apache 2.4,
  apxs2 moved from %{_sbindir} to %{_bindir}.

-------------------------------------------------------------------
Sat Sep 17 11:16:45 UTC 2011 - jengelh@medozas.de

- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build

-------------------------------------------------------------------
Tue Jun  7 15:06:47 UTC 2011 - vlado.paskov@gmail.com

- Update of README.SUSE file: now reflects configuration steps for 
  mod_jk with tomcat6 server. It was refering tomcat5 configuration.

-------------------------------------------------------------------
Tue Aug  3 13:01:34 UTC 2010 - gaboo@gaboo.org

- Update to version 1.2.30
  * Apache: Improve compatibility with Apache 2.3. (rjung)
  * AJP: Improve socket shutdown handling. (mturk)
  * AJP: Ensure we never reuse a non reusable socket. (mturk)
  * AJP: Tolerate a single excess packet when waiting for cpong. (mturk)
  * AJP: Check protocol correctness more strictly. (mturk)
  * other bug fixes and improvements
  * http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

-------------------------------------------------------------------
Tue Oct 13 06:52:58 UTC 2009 - mvyskocil@suse.cz

- bnc#493575 - VUL-1: apache2-mod_jk: mod_jk information leak
  added jakarta-tomcat-connectors-4.1.30-src-CVE-2008-5519.patch
  http://svn.eu.apache.org/viewvc?view=rev&revision=702540

-------------------------------------------------------------------
Thu Sep 11 15:23:18 CEST 2008 - skh@suse.de

- update to version 1.2.26
- full changelog at
  http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html

-------------------------------------------------------------------
Mon Mar  5 14:57:06 CET 2007 - skh@suse.de

- update to version 1.2.21 (fix CVE-2007-0774: Long URL Stack Overflow
  Vulnerability, b.n.c. #248157)

-------------------------------------------------------------------
Wed Jan 17 13:48:16 CET 2007 - skh@suse.de

- update to newer (sic!) version 1.2.20
- remove apache13 cruft from spec file and patches

-------------------------------------------------------------------
Mon Oct 23 13:47:07 CEST 2006 - poeml@suse.de

- rename from mod_jk (name of source rpm) resp. mod_jk-ap20 (name
  of binary rpm) to apache2-mod_jk

-------------------------------------------------------------------
Tue Feb  7 14:27:23 CET 2006 - poeml@suse.de

- remove apr_sockaddr_port_get() call which is obsolete in libapr 1
- fix missing include
- bzip2 the source tarball

-------------------------------------------------------------------
Mon Jan 30 14:04:04 CET 2006 - poeml@suse.de

- removed libapr-util1-devel from BuildRequires (apache2-devel does
  require it)                                                                                                                                          

-------------------------------------------------------------------
Wed Jan 25 21:38:21 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Mon Jan 23 11:29:47 CET 2006 - poeml@suse.de

- make the package depend on the apache module API version

-------------------------------------------------------------------
Thu Jan 19 13:13:15 CET 2006 - cthiel@suse.de

- removed unneeded sources
  * apr-util-0.9.4.tar.gz 
  * apr_20030819101622.tar.bz2
  * apr_20030819101622-apache2_cflags.patch
  * apr_20030819101622.patch
- fixed build

-------------------------------------------------------------------
Tue Nov  8 14:10:56 CET 2005 - dmueller@suse.de

- don't build as root 

-------------------------------------------------------------------
Wed Sep 29 16:57:44 CEST 2004 - skh@suse.de

- Added better documentation and sample configuration (#46081)

-------------------------------------------------------------------
Mon Sep 13 16:08:02 CEST 2004 - skh@suse.de

- First separate package (no longer a subpackage of tomcat)
- Switch to JPackage package layout, but keep newer version 4.1.30 from
  former package apache2-jakarta-tomcat-connectors

openSUSE Build Service is sponsored by