Version in base suite: 2.4.48-3.1+deb11u1 Base version: apache2_2.4.48-3.1+deb11u1 Target version: apache2_2.4.49-1~deb11u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/a/apache2/apache2_2.4.48-3.1+deb11u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/a/apache2/apache2_2.4.49-1~deb11u2.dsc .travis.yml | 6 CHANGES | 174 +++ Makefile.in | 6 ROADMAP | 2 VERSIONING | 2 build/ltmain.sh | 250 +---- configure | 14 debian/changelog | 19 debian/patches/CVE-2021-33193.patch | 870 ------------------- debian/patches/CVE-2021-40438-improvement.patch | 38 debian/patches/fhs_compliance.patch | 2 debian/patches/series | 4 debian/upstream/signing-key.asc | 60 + docs/manual/bind.html.de | 2 docs/manual/bind.html.en | 2 docs/manual/bind.html.fr.utf8 | 2 docs/manual/bind.html.ja.utf8 | 2 docs/manual/bind.html.ko.euc-kr | 2 docs/manual/bind.html.tr.utf8 | 2 docs/manual/caching.html.en | 2 docs/manual/caching.html.fr.utf8 | 2 docs/manual/caching.html.tr.utf8 | 2 docs/manual/configuring.html.de | 2 docs/manual/configuring.html.en | 2 docs/manual/configuring.html.fr.utf8 | 2 docs/manual/configuring.html.ja.utf8 | 2 docs/manual/configuring.html.ko.euc-kr | 2 docs/manual/configuring.html.tr.utf8 | 2 docs/manual/content-negotiation.html.en | 2 docs/manual/content-negotiation.html.fr.utf8 | 2 docs/manual/content-negotiation.html.ja.utf8 | 2 docs/manual/content-negotiation.html.ko.euc-kr | 2 docs/manual/content-negotiation.html.tr.utf8 | 2 docs/manual/custom-error.html.en | 2 docs/manual/custom-error.html.es | 2 docs/manual/custom-error.html.fr.utf8 | 2 docs/manual/custom-error.html.ja.utf8 | 2 docs/manual/custom-error.html.ko.euc-kr | 2 docs/manual/custom-error.html.tr.utf8 | 2 docs/manual/developer/API.html.en | 2 docs/manual/developer/debugging.html.en | 2 docs/manual/developer/documenting.html.en | 2 docs/manual/developer/documenting.html.zh-cn.utf8 | 2 docs/manual/developer/filters.html.en | 2 docs/manual/developer/hooks.html.en | 2 docs/manual/developer/modguide.html.en | 3 docs/manual/developer/modules.html.en | 2 docs/manual/developer/modules.html.ja.utf8 | 2 docs/manual/developer/new_api_2_4.html.en | 2 docs/manual/developer/output-filters.html.en | 2 docs/manual/developer/request.html.en | 2 docs/manual/developer/thread_safety.html.en | 2 docs/manual/dns-caveats.html.en | 2 docs/manual/dns-caveats.html.fr.utf8 | 2 docs/manual/dns-caveats.html.ja.utf8 | 2 docs/manual/dns-caveats.html.ko.euc-kr | 2 docs/manual/dns-caveats.html.tr.utf8 | 2 docs/manual/dso.html.en | 2 docs/manual/dso.html.fr.utf8 | 2 docs/manual/dso.html.ja.utf8 | 2 docs/manual/dso.html.ko.euc-kr | 2 docs/manual/dso.html.tr.utf8 | 2 docs/manual/env.html.en | 2 docs/manual/env.html.fr.utf8 | 2 docs/manual/env.html.ja.utf8 | 2 docs/manual/env.html.ko.euc-kr | 2 docs/manual/env.html.tr.utf8 | 2 docs/manual/expr.html.en | 2 docs/manual/expr.html.fr.utf8 | 2 docs/manual/filter.html.en | 2 docs/manual/filter.html.es | 2 docs/manual/filter.html.fr.utf8 | 2 docs/manual/filter.html.ja.utf8 | 2 docs/manual/filter.html.ko.euc-kr | 2 docs/manual/filter.html.tr.utf8 | 2 docs/manual/getting-started.html.en | 2 docs/manual/getting-started.html.fr.utf8 | 2 docs/manual/getting-started.html.ru.utf8 | 2 docs/manual/glossary.html.de | 2 docs/manual/glossary.html.en | 2 docs/manual/glossary.html.es | 2 docs/manual/glossary.html.fr.utf8 | 2 docs/manual/glossary.html.ja.utf8 | 2 docs/manual/glossary.html.ko.euc-kr | 2 docs/manual/glossary.html.tr.utf8 | 2 docs/manual/handler.html.en | 2 docs/manual/handler.html.es | 2 docs/manual/handler.html.fr.utf8 | 2 docs/manual/handler.html.ja.utf8 | 2 docs/manual/handler.html.ko.euc-kr | 2 docs/manual/handler.html.tr.utf8 | 2 docs/manual/handler.html.zh-cn.utf8 | 2 docs/manual/howto/access.html.en | 2 docs/manual/howto/access.html.es | 2 docs/manual/howto/access.html.fr.utf8 | 2 docs/manual/howto/auth.html.en | 2 docs/manual/howto/auth.html.es | 2 docs/manual/howto/auth.html.fr.utf8 | 2 docs/manual/howto/auth.html.ja.utf8 | 2 docs/manual/howto/auth.html.ko.euc-kr | 2 docs/manual/howto/auth.html.tr.utf8 | 2 docs/manual/howto/cgi.html.en | 2 docs/manual/howto/cgi.html.es | 2 docs/manual/howto/cgi.html.fr.utf8 | 2 docs/manual/howto/cgi.html.ja.utf8 | 2 docs/manual/howto/cgi.html.ko.euc-kr | 2 docs/manual/howto/htaccess.html.en | 2 docs/manual/howto/htaccess.html.es | 2 docs/manual/howto/htaccess.html.fr.utf8 | 2 docs/manual/howto/htaccess.html.ja.utf8 | 2 docs/manual/howto/htaccess.html.ko.euc-kr | 2 docs/manual/howto/htaccess.html.pt-br | 2 docs/manual/howto/http2.html.en | 2 docs/manual/howto/http2.html.es | 2 docs/manual/howto/http2.html.fr.utf8 | 2 docs/manual/howto/public_html.html.en | 2 docs/manual/howto/public_html.html.es | 2 docs/manual/howto/public_html.html.fr.utf8 | 2 docs/manual/howto/public_html.html.ja.utf8 | 2 docs/manual/howto/public_html.html.ko.euc-kr | 2 docs/manual/howto/public_html.html.tr.utf8 | 2 docs/manual/howto/reverse_proxy.html.en | 2 docs/manual/howto/reverse_proxy.html.fr.utf8 | 2 docs/manual/howto/ssi.html.en | 2 docs/manual/howto/ssi.html.es | 2 docs/manual/howto/ssi.html.fr.utf8 | 2 docs/manual/howto/ssi.html.ja.utf8 | 2 docs/manual/howto/ssi.html.ko.euc-kr | 2 docs/manual/install.html.de | 2 docs/manual/install.html.en | 2 docs/manual/install.html.es | 2 docs/manual/install.html.fr.utf8 | 2 docs/manual/install.html.ja.utf8 | 2 docs/manual/install.html.ko.euc-kr | 2 docs/manual/install.html.tr.utf8 | 2 docs/manual/invoking.html.de | 2 docs/manual/invoking.html.en | 2 docs/manual/invoking.html.es | 2 docs/manual/invoking.html.fr.utf8 | 2 docs/manual/invoking.html.ja.utf8 | 2 docs/manual/invoking.html.ko.euc-kr | 2 docs/manual/invoking.html.tr.utf8 | 2 docs/manual/license.html.en | 2 docs/manual/logs.html.en | 2 docs/manual/logs.html.fr.utf8 | 2 docs/manual/logs.html.ja.utf8 | 2 docs/manual/logs.html.ko.euc-kr | 2 docs/manual/logs.html.tr.utf8 | 2 docs/manual/misc/password_encryptions.html.en | 2 docs/manual/misc/password_encryptions.html.fr.utf8 | 2 docs/manual/misc/perf-tuning.html.en | 2 docs/manual/misc/perf-tuning.html.fr.utf8 | 2 docs/manual/misc/perf-tuning.html.ko.euc-kr | 2 docs/manual/misc/perf-tuning.html.tr.utf8 | 2 docs/manual/misc/relevant_standards.html.en | 2 docs/manual/misc/relevant_standards.html.fr.utf8 | 2 docs/manual/misc/relevant_standards.html.ko.euc-kr | 2 docs/manual/misc/security_tips.html.en | 2 docs/manual/misc/security_tips.html.fr.utf8 | 2 docs/manual/misc/security_tips.html.ko.euc-kr | 2 docs/manual/misc/security_tips.html.tr.utf8 | 2 docs/manual/mod/core.html.de | 18 docs/manual/mod/core.html.en | 59 + docs/manual/mod/core.html.es | 18 docs/manual/mod/core.html.fr.utf8 | 95 +- docs/manual/mod/core.html.ja.utf8 | 18 docs/manual/mod/core.html.tr.utf8 | 85 + docs/manual/mod/directive-dict.html.en | 2 docs/manual/mod/directive-dict.html.es | 2 docs/manual/mod/directive-dict.html.fr.utf8 | 2 docs/manual/mod/directive-dict.html.ja.utf8 | 2 docs/manual/mod/directive-dict.html.ko.euc-kr | 2 docs/manual/mod/directive-dict.html.tr.utf8 | 2 docs/manual/mod/directives.html.de | 4 docs/manual/mod/directives.html.en | 4 docs/manual/mod/directives.html.es | 4 docs/manual/mod/directives.html.fr.utf8 | 4 docs/manual/mod/directives.html.ja.utf8 | 4 docs/manual/mod/directives.html.ko.euc-kr | 4 docs/manual/mod/directives.html.tr.utf8 | 4 docs/manual/mod/directives.html.zh-cn.utf8 | 4 docs/manual/mod/event.html.en | 2 docs/manual/mod/event.html.fr.utf8 | 2 docs/manual/mod/mod_access_compat.html.en | 2 docs/manual/mod/mod_access_compat.html.fr.utf8 | 2 docs/manual/mod/mod_access_compat.html.ja.utf8 | 2 docs/manual/mod/mod_actions.html.de | 2 docs/manual/mod/mod_actions.html.en | 2 docs/manual/mod/mod_actions.html.fr.utf8 | 2 docs/manual/mod/mod_actions.html.ja.utf8 | 2 docs/manual/mod/mod_actions.html.ko.euc-kr | 2 docs/manual/mod/mod_alias.html.en | 2 docs/manual/mod/mod_alias.html.fr.utf8 | 2 docs/manual/mod/mod_alias.html.ja.utf8 | 2 docs/manual/mod/mod_alias.html.ko.euc-kr | 2 docs/manual/mod/mod_alias.html.tr.utf8 | 2 docs/manual/mod/mod_allowmethods.html.en | 2 docs/manual/mod/mod_allowmethods.html.fr.utf8 | 2 docs/manual/mod/mod_asis.html.en | 2 docs/manual/mod/mod_asis.html.fr.utf8 | 2 docs/manual/mod/mod_asis.html.ja.utf8 | 2 docs/manual/mod/mod_asis.html.ko.euc-kr | 2 docs/manual/mod/mod_auth_basic.html.en | 2 docs/manual/mod/mod_auth_basic.html.fr.utf8 | 2 docs/manual/mod/mod_auth_basic.html.ja.utf8 | 2 docs/manual/mod/mod_auth_basic.html.ko.euc-kr | 2 docs/manual/mod/mod_auth_digest.html.en | 2 docs/manual/mod/mod_auth_digest.html.fr.utf8 | 2 docs/manual/mod/mod_auth_digest.html.ko.euc-kr | 2 docs/manual/mod/mod_auth_form.html.en | 2 docs/manual/mod/mod_auth_form.html.fr.utf8 | 2 docs/manual/mod/mod_authn_anon.html.en | 2 docs/manual/mod/mod_authn_anon.html.fr.utf8 | 2 docs/manual/mod/mod_authn_anon.html.ja.utf8 | 2 docs/manual/mod/mod_authn_anon.html.ko.euc-kr | 2 docs/manual/mod/mod_authn_core.html.en | 2 docs/manual/mod/mod_authn_core.html.fr.utf8 | 2 docs/manual/mod/mod_authn_dbd.html.en | 2 docs/manual/mod/mod_authn_dbd.html.fr.utf8 | 2 docs/manual/mod/mod_authn_dbm.html.en | 2 docs/manual/mod/mod_authn_dbm.html.fr.utf8 | 2 docs/manual/mod/mod_authn_dbm.html.ja.utf8 | 2 docs/manual/mod/mod_authn_dbm.html.ko.euc-kr | 2 docs/manual/mod/mod_authn_file.html.en | 2 docs/manual/mod/mod_authn_file.html.fr.utf8 | 2 docs/manual/mod/mod_authn_file.html.ja.utf8 | 2 docs/manual/mod/mod_authn_file.html.ko.euc-kr | 2 docs/manual/mod/mod_authn_socache.html.en | 2 docs/manual/mod/mod_authn_socache.html.fr.utf8 | 2 docs/manual/mod/mod_authnz_fcgi.html.en | 2 docs/manual/mod/mod_authnz_fcgi.html.fr.utf8 | 2 docs/manual/mod/mod_authnz_ldap.html.en | 2 docs/manual/mod/mod_authnz_ldap.html.fr.utf8 | 2 docs/manual/mod/mod_authz_core.html.en | 2 docs/manual/mod/mod_authz_core.html.fr.utf8 | 2 docs/manual/mod/mod_authz_dbd.html.en | 2 docs/manual/mod/mod_authz_dbd.html.fr.utf8 | 2 docs/manual/mod/mod_authz_dbm.html.en | 2 docs/manual/mod/mod_authz_dbm.html.fr.utf8 | 2 docs/manual/mod/mod_authz_dbm.html.ko.euc-kr | 2 docs/manual/mod/mod_authz_groupfile.html.en | 2 docs/manual/mod/mod_authz_groupfile.html.fr.utf8 | 2 docs/manual/mod/mod_authz_groupfile.html.ja.utf8 | 2 docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr | 2 docs/manual/mod/mod_authz_host.html.en | 2 docs/manual/mod/mod_authz_host.html.fr.utf8 | 2 docs/manual/mod/mod_authz_owner.html.en | 2 docs/manual/mod/mod_authz_owner.html.fr.utf8 | 2 docs/manual/mod/mod_authz_owner.html.ja.utf8 | 2 docs/manual/mod/mod_authz_owner.html.ko.euc-kr | 2 docs/manual/mod/mod_authz_user.html.en | 2 docs/manual/mod/mod_authz_user.html.fr.utf8 | 2 docs/manual/mod/mod_authz_user.html.ja.utf8 | 2 docs/manual/mod/mod_authz_user.html.ko.euc-kr | 2 docs/manual/mod/mod_autoindex.html.en | 2 docs/manual/mod/mod_autoindex.html.fr.utf8 | 2 docs/manual/mod/mod_autoindex.html.ja.utf8 | 2 docs/manual/mod/mod_autoindex.html.ko.euc-kr | 2 docs/manual/mod/mod_autoindex.html.tr.utf8 | 2 docs/manual/mod/mod_brotli.html.en | 2 docs/manual/mod/mod_brotli.html.fr.utf8 | 2 docs/manual/mod/mod_buffer.html.en | 2 docs/manual/mod/mod_buffer.html.fr.utf8 | 2 docs/manual/mod/mod_cache.html.en | 2 docs/manual/mod/mod_cache.html.fr.utf8 | 2 docs/manual/mod/mod_cache.html.ja.utf8 | 2 docs/manual/mod/mod_cache.html.ko.euc-kr | 2 docs/manual/mod/mod_cache_disk.html.en | 2 docs/manual/mod/mod_cache_disk.html.fr.utf8 | 2 docs/manual/mod/mod_cache_disk.html.ja.utf8 | 2 docs/manual/mod/mod_cache_disk.html.ko.euc-kr | 2 docs/manual/mod/mod_cache_socache.html.en | 2 docs/manual/mod/mod_cache_socache.html.fr.utf8 | 2 docs/manual/mod/mod_cern_meta.html.en | 2 docs/manual/mod/mod_cern_meta.html.fr.utf8 | 2 docs/manual/mod/mod_cern_meta.html.ko.euc-kr | 2 docs/manual/mod/mod_cgi.html.en | 2 docs/manual/mod/mod_cgi.html.fr.utf8 | 2 docs/manual/mod/mod_cgi.html.ja.utf8 | 2 docs/manual/mod/mod_cgi.html.ko.euc-kr | 2 docs/manual/mod/mod_cgid.html.en | 2 docs/manual/mod/mod_cgid.html.fr.utf8 | 2 docs/manual/mod/mod_cgid.html.ja.utf8 | 2 docs/manual/mod/mod_cgid.html.ko.euc-kr | 2 docs/manual/mod/mod_charset_lite.html.en | 2 docs/manual/mod/mod_charset_lite.html.fr.utf8 | 2 docs/manual/mod/mod_charset_lite.html.ko.euc-kr | 2 docs/manual/mod/mod_data.html.en | 2 docs/manual/mod/mod_data.html.fr.utf8 | 2 docs/manual/mod/mod_dav.html.en | 2 docs/manual/mod/mod_dav.html.fr.utf8 | 2 docs/manual/mod/mod_dav.html.ja.utf8 | 2 docs/manual/mod/mod_dav.html.ko.euc-kr | 2 docs/manual/mod/mod_dav_fs.html.en | 2 docs/manual/mod/mod_dav_fs.html.fr.utf8 | 2 docs/manual/mod/mod_dav_fs.html.ja.utf8 | 2 docs/manual/mod/mod_dav_fs.html.ko.euc-kr | 2 docs/manual/mod/mod_dav_lock.html.en | 2 docs/manual/mod/mod_dav_lock.html.fr.utf8 | 2 docs/manual/mod/mod_dav_lock.html.ja.utf8 | 2 docs/manual/mod/mod_dbd.html.en | 2 docs/manual/mod/mod_dbd.html.fr.utf8 | 2 docs/manual/mod/mod_deflate.html.en | 2 docs/manual/mod/mod_deflate.html.fr.utf8 | 2 docs/manual/mod/mod_deflate.html.ja.utf8 | 2 docs/manual/mod/mod_deflate.html.ko.euc-kr | 2 docs/manual/mod/mod_dialup.html.en | 2 docs/manual/mod/mod_dialup.html.fr.utf8 | 2 docs/manual/mod/mod_dir.html.en | 2 docs/manual/mod/mod_dir.html.fr.utf8 | 2 docs/manual/mod/mod_dir.html.ja.utf8 | 2 docs/manual/mod/mod_dir.html.ko.euc-kr | 2 docs/manual/mod/mod_dir.html.tr.utf8 | 2 docs/manual/mod/mod_dumpio.html.en | 2 docs/manual/mod/mod_dumpio.html.fr.utf8 | 2 docs/manual/mod/mod_dumpio.html.ja.utf8 | 2 docs/manual/mod/mod_echo.html.en | 2 docs/manual/mod/mod_echo.html.fr.utf8 | 2 docs/manual/mod/mod_echo.html.ja.utf8 | 2 docs/manual/mod/mod_echo.html.ko.euc-kr | 2 docs/manual/mod/mod_env.html.en | 2 docs/manual/mod/mod_env.html.fr.utf8 | 2 docs/manual/mod/mod_env.html.ja.utf8 | 2 docs/manual/mod/mod_env.html.ko.euc-kr | 2 docs/manual/mod/mod_env.html.tr.utf8 | 2 docs/manual/mod/mod_example_hooks.html.en | 2 docs/manual/mod/mod_example_hooks.html.fr.utf8 | 2 docs/manual/mod/mod_example_hooks.html.ko.euc-kr | 2 docs/manual/mod/mod_expires.html.en | 2 docs/manual/mod/mod_expires.html.fr.utf8 | 2 docs/manual/mod/mod_expires.html.ja.utf8 | 2 docs/manual/mod/mod_expires.html.ko.euc-kr | 2 docs/manual/mod/mod_ext_filter.html.en | 2 docs/manual/mod/mod_ext_filter.html.fr.utf8 | 2 docs/manual/mod/mod_ext_filter.html.ja.utf8 | 2 docs/manual/mod/mod_ext_filter.html.ko.euc-kr | 2 docs/manual/mod/mod_file_cache.html.en | 2 docs/manual/mod/mod_file_cache.html.fr.utf8 | 2 docs/manual/mod/mod_file_cache.html.ko.euc-kr | 2 docs/manual/mod/mod_filter.html.en | 2 docs/manual/mod/mod_filter.html.fr.utf8 | 2 docs/manual/mod/mod_headers.html.en | 2 docs/manual/mod/mod_headers.html.fr.utf8 | 2 docs/manual/mod/mod_headers.html.ja.utf8 | 2 docs/manual/mod/mod_headers.html.ko.euc-kr | 2 docs/manual/mod/mod_heartbeat.html.en | 2 docs/manual/mod/mod_heartbeat.html.fr.utf8 | 2 docs/manual/mod/mod_heartmonitor.html.en | 2 docs/manual/mod/mod_heartmonitor.html.fr.utf8 | 2 docs/manual/mod/mod_http2.html.en | 2 docs/manual/mod/mod_http2.html.fr.utf8 | 2 docs/manual/mod/mod_ident.html.en | 2 docs/manual/mod/mod_ident.html.fr.utf8 | 2 docs/manual/mod/mod_ident.html.ja.utf8 | 2 docs/manual/mod/mod_ident.html.ko.euc-kr | 2 docs/manual/mod/mod_imagemap.html.en | 2 docs/manual/mod/mod_imagemap.html.fr.utf8 | 2 docs/manual/mod/mod_imagemap.html.ko.euc-kr | 2 docs/manual/mod/mod_include.html.en | 6 docs/manual/mod/mod_include.html.fr.utf8 | 4 docs/manual/mod/mod_include.html.ja.utf8 | 2 docs/manual/mod/mod_info.html.en | 2 docs/manual/mod/mod_info.html.fr.utf8 | 2 docs/manual/mod/mod_info.html.ja.utf8 | 2 docs/manual/mod/mod_info.html.ko.euc-kr | 2 docs/manual/mod/mod_isapi.html.en | 2 docs/manual/mod/mod_isapi.html.fr.utf8 | 2 docs/manual/mod/mod_isapi.html.ko.euc-kr | 2 docs/manual/mod/mod_lbmethod_bybusyness.html.en | 2 docs/manual/mod/mod_lbmethod_bybusyness.html.fr.utf8 | 2 docs/manual/mod/mod_lbmethod_byrequests.html.en | 2 docs/manual/mod/mod_lbmethod_byrequests.html.fr.utf8 | 2 docs/manual/mod/mod_lbmethod_bytraffic.html.en | 2 docs/manual/mod/mod_lbmethod_bytraffic.html.fr.utf8 | 2 docs/manual/mod/mod_lbmethod_heartbeat.html.en | 2 docs/manual/mod/mod_lbmethod_heartbeat.html.fr.utf8 | 2 docs/manual/mod/mod_ldap.html.en | 2 docs/manual/mod/mod_ldap.html.fr.utf8 | 2 docs/manual/mod/mod_log_config.html.en | 2 docs/manual/mod/mod_log_config.html.fr.utf8 | 2 docs/manual/mod/mod_log_config.html.ja.utf8 | 2 docs/manual/mod/mod_log_config.html.ko.euc-kr | 2 docs/manual/mod/mod_log_config.html.tr.utf8 | 2 docs/manual/mod/mod_log_debug.html.en | 27 docs/manual/mod/mod_log_debug.html.fr.utf8 | 27 docs/manual/mod/mod_log_forensic.html.en | 2 docs/manual/mod/mod_log_forensic.html.fr.utf8 | 2 docs/manual/mod/mod_log_forensic.html.ja.utf8 | 2 docs/manual/mod/mod_log_forensic.html.tr.utf8 | 2 docs/manual/mod/mod_logio.html.en | 2 docs/manual/mod/mod_logio.html.fr.utf8 | 2 docs/manual/mod/mod_logio.html.ja.utf8 | 2 docs/manual/mod/mod_logio.html.ko.euc-kr | 2 docs/manual/mod/mod_logio.html.tr.utf8 | 2 docs/manual/mod/mod_lua.html.en | 47 - docs/manual/mod/mod_lua.html.fr.utf8 | 61 - docs/manual/mod/mod_macro.html.en | 2 docs/manual/mod/mod_macro.html.fr.utf8 | 2 docs/manual/mod/mod_md.html.en | 2 docs/manual/mod/mod_md.html.fr.utf8 | 67 + docs/manual/mod/mod_mime.html.en | 2 docs/manual/mod/mod_mime.html.fr.utf8 | 2 docs/manual/mod/mod_mime.html.ja.utf8 | 2 docs/manual/mod/mod_mime_magic.html.en | 2 docs/manual/mod/mod_mime_magic.html.fr.utf8 | 2 docs/manual/mod/mod_negotiation.html.en | 2 docs/manual/mod/mod_negotiation.html.fr.utf8 | 2 docs/manual/mod/mod_negotiation.html.ja.utf8 | 2 docs/manual/mod/mod_nw_ssl.html.en | 2 docs/manual/mod/mod_nw_ssl.html.fr.utf8 | 2 docs/manual/mod/mod_privileges.html.en | 2 docs/manual/mod/mod_privileges.html.fr.utf8 | 2 docs/manual/mod/mod_proxy.html.en | 2 docs/manual/mod/mod_proxy.html.fr.utf8 | 2 docs/manual/mod/mod_proxy.html.ja.utf8 | 2 docs/manual/mod/mod_proxy_ajp.html.en | 2 docs/manual/mod/mod_proxy_ajp.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_ajp.html.ja.utf8 | 2 docs/manual/mod/mod_proxy_balancer.html.en | 2 docs/manual/mod/mod_proxy_balancer.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_balancer.html.ja.utf8 | 2 docs/manual/mod/mod_proxy_connect.html.en | 2 docs/manual/mod/mod_proxy_connect.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_connect.html.ja.utf8 | 2 docs/manual/mod/mod_proxy_express.html.en | 2 docs/manual/mod/mod_proxy_express.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_fcgi.html.en | 2 docs/manual/mod/mod_proxy_fcgi.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_fdpass.html.en | 2 docs/manual/mod/mod_proxy_fdpass.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_ftp.html.en | 2 docs/manual/mod/mod_proxy_ftp.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_hcheck.html.en | 2 docs/manual/mod/mod_proxy_hcheck.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_html.html.en | 2 docs/manual/mod/mod_proxy_html.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_http.html.en | 2 docs/manual/mod/mod_proxy_http.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_http2.html.en | 2 docs/manual/mod/mod_proxy_http2.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_scgi.html.en | 2 docs/manual/mod/mod_proxy_scgi.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_uwsgi.html.en | 2 docs/manual/mod/mod_proxy_uwsgi.html.fr.utf8 | 2 docs/manual/mod/mod_proxy_wstunnel.html.en | 2 docs/manual/mod/mod_proxy_wstunnel.html.fr.utf8 | 23 docs/manual/mod/mod_ratelimit.html.en | 2 docs/manual/mod/mod_ratelimit.html.fr.utf8 | 2 docs/manual/mod/mod_reflector.html.en | 2 docs/manual/mod/mod_reflector.html.fr.utf8 | 2 docs/manual/mod/mod_remoteip.html.en | 2 docs/manual/mod/mod_remoteip.html.fr.utf8 | 2 docs/manual/mod/mod_reqtimeout.html.en | 2 docs/manual/mod/mod_reqtimeout.html.fr.utf8 | 2 docs/manual/mod/mod_request.html.en | 2 docs/manual/mod/mod_request.html.fr.utf8 | 2 docs/manual/mod/mod_request.html.tr.utf8 | 2 docs/manual/mod/mod_rewrite.html.en | 2 docs/manual/mod/mod_rewrite.html.fr.utf8 | 2 docs/manual/mod/mod_sed.html.en | 2 docs/manual/mod/mod_sed.html.fr.utf8 | 2 docs/manual/mod/mod_session.html.en | 2 docs/manual/mod/mod_session.html.fr.utf8 | 2 docs/manual/mod/mod_session_cookie.html.en | 2 docs/manual/mod/mod_session_cookie.html.fr.utf8 | 2 docs/manual/mod/mod_session_crypto.html.en | 2 docs/manual/mod/mod_session_crypto.html.fr.utf8 | 2 docs/manual/mod/mod_session_dbd.html.en | 2 docs/manual/mod/mod_session_dbd.html.fr.utf8 | 2 docs/manual/mod/mod_setenvif.html.en | 2 docs/manual/mod/mod_setenvif.html.fr.utf8 | 2 docs/manual/mod/mod_setenvif.html.ja.utf8 | 2 docs/manual/mod/mod_setenvif.html.ko.euc-kr | 2 docs/manual/mod/mod_setenvif.html.tr.utf8 | 2 docs/manual/mod/mod_slotmem_plain.html.en | 2 docs/manual/mod/mod_slotmem_plain.html.fr.utf8 | 2 docs/manual/mod/mod_slotmem_shm.html.en | 2 docs/manual/mod/mod_slotmem_shm.html.fr.utf8 | 2 docs/manual/mod/mod_so.html.en | 2 docs/manual/mod/mod_so.html.fr.utf8 | 2 docs/manual/mod/mod_so.html.ja.utf8 | 2 docs/manual/mod/mod_so.html.ko.euc-kr | 2 docs/manual/mod/mod_so.html.tr.utf8 | 2 docs/manual/mod/mod_socache_dbm.html.en | 2 docs/manual/mod/mod_socache_dbm.html.fr.utf8 | 2 docs/manual/mod/mod_socache_dc.html.en | 2 docs/manual/mod/mod_socache_dc.html.fr.utf8 | 2 docs/manual/mod/mod_socache_memcache.html.en | 2 docs/manual/mod/mod_socache_memcache.html.fr.utf8 | 2 docs/manual/mod/mod_socache_redis.html.en | 2 docs/manual/mod/mod_socache_redis.html.fr.utf8 | 2 docs/manual/mod/mod_socache_shmcb.html.en | 2 docs/manual/mod/mod_socache_shmcb.html.fr.utf8 | 2 docs/manual/mod/mod_speling.html.en | 2 docs/manual/mod/mod_speling.html.fr.utf8 | 2 docs/manual/mod/mod_speling.html.ja.utf8 | 2 docs/manual/mod/mod_speling.html.ko.euc-kr | 2 docs/manual/mod/mod_ssl.html.en | 2 docs/manual/mod/mod_ssl.html.fr.utf8 | 2 docs/manual/mod/mod_status.html.en | 2 docs/manual/mod/mod_status.html.fr.utf8 | 2 docs/manual/mod/mod_status.html.ja.utf8 | 2 docs/manual/mod/mod_status.html.ko.euc-kr | 2 docs/manual/mod/mod_status.html.tr.utf8 | 2 docs/manual/mod/mod_substitute.html.en | 2 docs/manual/mod/mod_substitute.html.fr.utf8 | 2 docs/manual/mod/mod_suexec.html.en | 2 docs/manual/mod/mod_suexec.html.fr.utf8 | 2 docs/manual/mod/mod_suexec.html.ja.utf8 | 2 docs/manual/mod/mod_suexec.html.ko.euc-kr | 2 docs/manual/mod/mod_suexec.html.tr.utf8 | 2 docs/manual/mod/mod_systemd.html.en | 2 docs/manual/mod/mod_systemd.html.fr.utf8 | 2 docs/manual/mod/mod_unique_id.html.en | 2 docs/manual/mod/mod_unique_id.html.fr.utf8 | 2 docs/manual/mod/mod_unique_id.html.ja.utf8 | 2 docs/manual/mod/mod_unique_id.html.ko.euc-kr | 2 docs/manual/mod/mod_unixd.html.en | 2 docs/manual/mod/mod_unixd.html.fr.utf8 | 2 docs/manual/mod/mod_unixd.html.tr.utf8 | 2 docs/manual/mod/mod_userdir.html.en | 2 docs/manual/mod/mod_userdir.html.fr.utf8 | 2 docs/manual/mod/mod_userdir.html.ja.utf8 | 2 docs/manual/mod/mod_userdir.html.ko.euc-kr | 2 docs/manual/mod/mod_userdir.html.tr.utf8 | 2 docs/manual/mod/mod_usertrack.html.en | 2 docs/manual/mod/mod_usertrack.html.fr.utf8 | 2 docs/manual/mod/mod_version.html.en | 2 docs/manual/mod/mod_version.html.fr.utf8 | 2 docs/manual/mod/mod_version.html.ja.utf8 | 2 docs/manual/mod/mod_version.html.ko.euc-kr | 2 docs/manual/mod/mod_vhost_alias.html.en | 2 docs/manual/mod/mod_vhost_alias.html.fr.utf8 | 2 docs/manual/mod/mod_vhost_alias.html.tr.utf8 | 2 docs/manual/mod/mod_watchdog.html.en | 2 docs/manual/mod/mod_watchdog.html.fr.utf8 | 2 docs/manual/mod/mod_xml2enc.html.en | 2 docs/manual/mod/mod_xml2enc.html.fr.utf8 | 2 docs/manual/mod/module-dict.html.en | 2 docs/manual/mod/module-dict.html.fr.utf8 | 2 docs/manual/mod/module-dict.html.ja.utf8 | 2 docs/manual/mod/module-dict.html.ko.euc-kr | 2 docs/manual/mod/module-dict.html.tr.utf8 | 2 docs/manual/mod/mpm_common.html.de | 2 docs/manual/mod/mpm_common.html.en | 2 docs/manual/mod/mpm_common.html.fr.utf8 | 2 docs/manual/mod/mpm_common.html.ja.utf8 | 2 docs/manual/mod/mpm_common.html.tr.utf8 | 2 docs/manual/mod/mpm_netware.html.en | 2 docs/manual/mod/mpm_netware.html.fr.utf8 | 2 docs/manual/mod/mpm_winnt.html.de | 2 docs/manual/mod/mpm_winnt.html.en | 2 docs/manual/mod/mpm_winnt.html.fr.utf8 | 2 docs/manual/mod/mpm_winnt.html.ja.utf8 | 2 docs/manual/mod/mpmt_os2.html.en | 2 docs/manual/mod/mpmt_os2.html.fr.utf8 | 2 docs/manual/mod/overrides.html.en | 69 - docs/manual/mod/overrides.html.fr.utf8 | 69 - docs/manual/mod/prefork.html.de | 2 docs/manual/mod/prefork.html.en | 2 docs/manual/mod/prefork.html.fr.utf8 | 2 docs/manual/mod/prefork.html.ja.utf8 | 2 docs/manual/mod/prefork.html.tr.utf8 | 2 docs/manual/mod/quickreference.html.de | 699 +++++++-------- docs/manual/mod/quickreference.html.en | 697 +++++++-------- docs/manual/mod/quickreference.html.es | 697 +++++++-------- docs/manual/mod/quickreference.html.fr.utf8 | 715 +++++++-------- docs/manual/mod/quickreference.html.ja.utf8 | 685 +++++++------- docs/manual/mod/quickreference.html.ko.euc-kr | 695 +++++++-------- docs/manual/mod/quickreference.html.tr.utf8 | 710 +++++++-------- docs/manual/mod/quickreference.html.zh-cn.utf8 | 697 +++++++-------- docs/manual/mod/worker.html.de | 2 docs/manual/mod/worker.html.en | 2 docs/manual/mod/worker.html.fr.utf8 | 2 docs/manual/mod/worker.html.ja.utf8 | 2 docs/manual/mod/worker.html.tr.utf8 | 2 docs/manual/mpm.html.de | 2 docs/manual/mpm.html.en | 2 docs/manual/mpm.html.es | 2 docs/manual/mpm.html.fr.utf8 | 2 docs/manual/mpm.html.ja.utf8 | 2 docs/manual/mpm.html.ko.euc-kr | 2 docs/manual/mpm.html.tr.utf8 | 2 docs/manual/mpm.html.zh-cn.utf8 | 2 docs/manual/new_features_2_0.html.de | 2 docs/manual/new_features_2_0.html.en | 2 docs/manual/new_features_2_0.html.fr.utf8 | 2 docs/manual/new_features_2_0.html.ja.utf8 | 2 docs/manual/new_features_2_0.html.ko.euc-kr | 2 docs/manual/new_features_2_0.html.pt-br | 2 docs/manual/new_features_2_0.html.tr.utf8 | 2 docs/manual/new_features_2_2.html.en | 2 docs/manual/new_features_2_2.html.fr.utf8 | 2 docs/manual/new_features_2_2.html.ko.euc-kr | 2 docs/manual/new_features_2_2.html.pt-br | 2 docs/manual/new_features_2_2.html.tr.utf8 | 2 docs/manual/new_features_2_4.html.en | 2 docs/manual/new_features_2_4.html.fr.utf8 | 2 docs/manual/new_features_2_4.html.tr.utf8 | 2 docs/manual/platform/ebcdic.html.en | 2 docs/manual/platform/ebcdic.html.ko.euc-kr | 2 docs/manual/platform/netware.html.en | 2 docs/manual/platform/netware.html.fr.utf8 | 2 docs/manual/platform/netware.html.ko.euc-kr | 2 docs/manual/platform/perf-hp.html.en | 2 docs/manual/platform/perf-hp.html.fr.utf8 | 2 docs/manual/platform/perf-hp.html.ko.euc-kr | 2 docs/manual/platform/rpm.html.en | 2 docs/manual/platform/rpm.html.fr.utf8 | 2 docs/manual/platform/win_compiling.html.en | 2 docs/manual/platform/win_compiling.html.fr.utf8 | 2 docs/manual/platform/win_compiling.html.ko.euc-kr | 2 docs/manual/platform/windows.html.en | 2 docs/manual/platform/windows.html.fr.utf8 | 2 docs/manual/platform/windows.html.ko.euc-kr | 2 docs/manual/programs/ab.html.en | 2 docs/manual/programs/ab.html.fr.utf8 | 2 docs/manual/programs/ab.html.ko.euc-kr | 2 docs/manual/programs/ab.html.tr.utf8 | 2 docs/manual/programs/apachectl.html.en | 2 docs/manual/programs/apachectl.html.fr.utf8 | 2 docs/manual/programs/apachectl.html.ko.euc-kr | 2 docs/manual/programs/apachectl.html.tr.utf8 | 2 docs/manual/programs/apxs.html.en | 2 docs/manual/programs/apxs.html.fr.utf8 | 2 docs/manual/programs/apxs.html.ko.euc-kr | 2 docs/manual/programs/apxs.html.tr.utf8 | 2 docs/manual/programs/configure.html.en | 2 docs/manual/programs/configure.html.fr.utf8 | 2 docs/manual/programs/configure.html.ko.euc-kr | 2 docs/manual/programs/configure.html.tr.utf8 | 2 docs/manual/programs/dbmmanage.html.en | 2 docs/manual/programs/dbmmanage.html.fr.utf8 | 2 docs/manual/programs/dbmmanage.html.ko.euc-kr | 2 docs/manual/programs/dbmmanage.html.tr.utf8 | 2 docs/manual/programs/fcgistarter.html.en | 2 docs/manual/programs/fcgistarter.html.fr.utf8 | 2 docs/manual/programs/fcgistarter.html.tr.utf8 | 2 docs/manual/programs/htcacheclean.html.en | 2 docs/manual/programs/htcacheclean.html.fr.utf8 | 2 docs/manual/programs/htcacheclean.html.ko.euc-kr | 2 docs/manual/programs/htcacheclean.html.tr.utf8 | 2 docs/manual/programs/htdbm.html.en | 2 docs/manual/programs/htdbm.html.fr.utf8 | 2 docs/manual/programs/htdbm.html.tr.utf8 | 2 docs/manual/programs/htdigest.html.en | 2 docs/manual/programs/htdigest.html.fr.utf8 | 2 docs/manual/programs/htdigest.html.ko.euc-kr | 2 docs/manual/programs/htdigest.html.tr.utf8 | 2 docs/manual/programs/htpasswd.html.en | 2 docs/manual/programs/htpasswd.html.fr.utf8 | 2 docs/manual/programs/htpasswd.html.ko.euc-kr | 2 docs/manual/programs/htpasswd.html.tr.utf8 | 2 docs/manual/programs/httpd.html.en | 2 docs/manual/programs/httpd.html.fr.utf8 | 2 docs/manual/programs/httpd.html.ko.euc-kr | 2 docs/manual/programs/httpd.html.tr.utf8 | 2 docs/manual/programs/httxt2dbm.html.en | 2 docs/manual/programs/httxt2dbm.html.fr.utf8 | 2 docs/manual/programs/httxt2dbm.html.tr.utf8 | 2 docs/manual/programs/log_server_status.html.en | 2 docs/manual/programs/log_server_status.html.fr.utf8 | 2 docs/manual/programs/logresolve.html.en | 2 docs/manual/programs/logresolve.html.fr.utf8 | 2 docs/manual/programs/logresolve.html.ko.euc-kr | 2 docs/manual/programs/logresolve.html.tr.utf8 | 2 docs/manual/programs/other.html.en | 2 docs/manual/programs/other.html.fr.utf8 | 2 docs/manual/programs/other.html.ko.euc-kr | 2 docs/manual/programs/other.html.tr.utf8 | 2 docs/manual/programs/rotatelogs.html.en | 2 docs/manual/programs/rotatelogs.html.fr.utf8 | 2 docs/manual/programs/rotatelogs.html.ko.euc-kr | 2 docs/manual/programs/rotatelogs.html.tr.utf8 | 2 docs/manual/programs/split-logfile.html.en | 2 docs/manual/programs/split-logfile.html.fr.utf8 | 2 docs/manual/programs/suexec.html.en | 2 docs/manual/programs/suexec.html.fr.utf8 | 2 docs/manual/programs/suexec.html.ko.euc-kr | 2 docs/manual/programs/suexec.html.tr.utf8 | 2 docs/manual/rewrite/access.html.en | 2 docs/manual/rewrite/access.html.fr.utf8 | 2 docs/manual/rewrite/advanced.html.en | 2 docs/manual/rewrite/advanced.html.fr.utf8 | 2 docs/manual/rewrite/avoid.html.en | 2 docs/manual/rewrite/avoid.html.fr.utf8 | 2 docs/manual/rewrite/flags.html.en | 2 docs/manual/rewrite/flags.html.fr.utf8 | 2 docs/manual/rewrite/htaccess.html.en | 2 docs/manual/rewrite/htaccess.html.fr.utf8 | 2 docs/manual/rewrite/intro.html.en | 2 docs/manual/rewrite/intro.html.fr.utf8 | 2 docs/manual/rewrite/proxy.html.en | 2 docs/manual/rewrite/proxy.html.fr.utf8 | 2 docs/manual/rewrite/remapping.html.en | 2 docs/manual/rewrite/remapping.html.fr.utf8 | 2 docs/manual/rewrite/rewritemap.html.en | 2 docs/manual/rewrite/rewritemap.html.fr.utf8 | 2 docs/manual/rewrite/tech.html.en | 2 docs/manual/rewrite/tech.html.fr.utf8 | 2 docs/manual/rewrite/vhosts.html.en | 2 docs/manual/rewrite/vhosts.html.fr.utf8 | 2 docs/manual/sections.html.en | 2 docs/manual/sections.html.fr.utf8 | 2 docs/manual/sections.html.ja.utf8 | 2 docs/manual/sections.html.ko.euc-kr | 2 docs/manual/sections.html.tr.utf8 | 2 docs/manual/server-wide.html.en | 2 docs/manual/server-wide.html.fr.utf8 | 2 docs/manual/server-wide.html.ja.utf8 | 2 docs/manual/server-wide.html.ko.euc-kr | 2 docs/manual/server-wide.html.tr.utf8 | 2 docs/manual/sitemap.html.de | 2 docs/manual/sitemap.html.en | 2 docs/manual/sitemap.html.es | 2 docs/manual/sitemap.html.fr.utf8 | 2 docs/manual/sitemap.html.ja.utf8 | 2 docs/manual/sitemap.html.ko.euc-kr | 2 docs/manual/sitemap.html.tr.utf8 | 2 docs/manual/sitemap.html.zh-cn.utf8 | 2 docs/manual/socache.html.en | 2 docs/manual/socache.html.fr.utf8 | 2 docs/manual/ssl/ssl_compat.html.en | 2 docs/manual/ssl/ssl_compat.html.fr.utf8 | 2 docs/manual/ssl/ssl_faq.html.en | 2 docs/manual/ssl/ssl_faq.html.fr.utf8 | 2 docs/manual/ssl/ssl_howto.html.en | 2 docs/manual/ssl/ssl_howto.html.fr.utf8 | 2 docs/manual/ssl/ssl_intro.html.en | 2 docs/manual/ssl/ssl_intro.html.fr.utf8 | 2 docs/manual/ssl/ssl_intro.html.ja.utf8 | 2 docs/manual/stopping.html.de | 2 docs/manual/stopping.html.en | 2 docs/manual/stopping.html.es | 2 docs/manual/stopping.html.fr.utf8 | 2 docs/manual/stopping.html.ja.utf8 | 2 docs/manual/stopping.html.ko.euc-kr | 2 docs/manual/stopping.html.tr.utf8 | 2 docs/manual/style/version.ent | 2 docs/manual/suexec.html.en | 2 docs/manual/suexec.html.fr.utf8 | 2 docs/manual/suexec.html.ja.utf8 | 2 docs/manual/suexec.html.ko.euc-kr | 2 docs/manual/suexec.html.tr.utf8 | 2 docs/manual/upgrading.html.en | 2 docs/manual/upgrading.html.fr.utf8 | 2 docs/manual/urlmapping.html.en | 2 docs/manual/urlmapping.html.fr.utf8 | 2 docs/manual/urlmapping.html.ja.utf8 | 2 docs/manual/urlmapping.html.ko.euc-kr | 2 docs/manual/urlmapping.html.tr.utf8 | 2 docs/manual/vhosts/details.html.en | 2 docs/manual/vhosts/details.html.fr.utf8 | 2 docs/manual/vhosts/details.html.ko.euc-kr | 2 docs/manual/vhosts/details.html.tr.utf8 | 2 docs/manual/vhosts/examples.html.en | 2 docs/manual/vhosts/examples.html.fr.utf8 | 2 docs/manual/vhosts/examples.html.ja.utf8 | 2 docs/manual/vhosts/examples.html.ko.euc-kr | 2 docs/manual/vhosts/examples.html.tr.utf8 | 2 docs/manual/vhosts/fd-limits.html.en | 2 docs/manual/vhosts/fd-limits.html.fr.utf8 | 2 docs/manual/vhosts/fd-limits.html.ja.utf8 | 2 docs/manual/vhosts/fd-limits.html.ko.euc-kr | 2 docs/manual/vhosts/fd-limits.html.tr.utf8 | 2 docs/manual/vhosts/ip-based.html.en | 2 docs/manual/vhosts/ip-based.html.fr.utf8 | 2 docs/manual/vhosts/ip-based.html.ja.utf8 | 2 docs/manual/vhosts/ip-based.html.ko.euc-kr | 2 docs/manual/vhosts/ip-based.html.tr.utf8 | 2 docs/manual/vhosts/mass.html.en | 2 docs/manual/vhosts/mass.html.fr.utf8 | 2 docs/manual/vhosts/mass.html.ko.euc-kr | 2 docs/manual/vhosts/mass.html.tr.utf8 | 2 docs/manual/vhosts/name-based.html.de | 2 docs/manual/vhosts/name-based.html.en | 2 docs/manual/vhosts/name-based.html.fr.utf8 | 2 docs/manual/vhosts/name-based.html.ja.utf8 | 2 docs/manual/vhosts/name-based.html.ko.euc-kr | 2 docs/manual/vhosts/name-based.html.tr.utf8 | 2 httpd.spec | 2 include/ap_mmn.h | 21 include/ap_release.h | 2 include/http_core.h | 6 include/http_protocol.h | 21 include/http_request.h | 12 include/http_ssl.h | 37 include/http_vhost.h | 13 include/httpd.h | 17 include/mpm_common.h | 9 modules/aaa/mod_auth_basic.c | 2 modules/dav/main/mod_dav.c | 496 ++++++++-- modules/dav/main/mod_dav.h | 80 + modules/dav/main/util.c | 8 modules/examples/mod_example_hooks.c | 17 modules/filters/mod_deflate.c | 37 modules/filters/mod_request.c | 16 modules/generators/mod_autoindex.c | 5 modules/generators/mod_info.c | 1 modules/http/http_protocol.c | 2 modules/http2/h2_mplx.c | 26 modules/http2/h2_request.c | 108 -- modules/ldap/util_ldap.c | 100 +- modules/loggers/mod_log_debug.c | 8 modules/loggers/mod_log_forensic.c | 2 modules/lua/mod_lua.c | 31 modules/mappers/mod_rewrite.c | 10 modules/md/md_acme.c | 3 modules/md/md_acme_authz.c | 39 modules/md/md_acme_drive.c | 30 modules/md/md_acme_order.c | 5 modules/md/md_crypt.c | 79 + modules/md/md_crypt.h | 7 modules/md/md_curl.c | 6 modules/md/md_json.c | 11 modules/md/md_jws.c | 8 modules/md/md_ocsp.c | 126 +- modules/md/md_store_fs.c | 57 - modules/md/md_util.c | 57 + modules/md/md_util.h | 37 modules/md/md_version.h | 4 modules/md/mod_md.c | 9 modules/md/mod_md.h | 27 modules/md/mod_md_config.c | 4 modules/md/mod_md_ocsp.c | 68 - modules/md/mod_md_ocsp.h | 6 modules/metadata/mod_unique_id.c | 77 - modules/proxy/mod_proxy.c | 460 +++++++--- modules/proxy/mod_proxy.h | 72 + modules/proxy/mod_proxy_ajp.c | 1 modules/proxy/mod_proxy_balancer.c | 296 ++++-- modules/proxy/mod_proxy_hcheck.c | 68 + modules/proxy/mod_proxy_http.c | 4 modules/proxy/mod_proxy_uwsgi.c | 22 modules/proxy/proxy_util.c | 293 ++++-- modules/ssl/mod_ssl.c | 73 - modules/ssl/ssl_engine_config.c | 4 modules/ssl/ssl_engine_init.c | 28 modules/ssl/ssl_engine_io.c | 64 + modules/ssl/ssl_engine_kernel.c | 27 modules/ssl/ssl_engine_vars.c | 8 modules/ssl/ssl_private.h | 18 modules/ssl/ssl_util_stapling.c | 3 server/connection.c | 9 server/core.c | 14 server/core_filters.c | 5 server/mpm/event/event.c | 568 +++++++----- server/mpm/prefork/prefork.c | 39 server/mpm/worker/worker.c | 6 server/mpm_common.c | 6 server/mpm_fdqueue.c | 4 server/mpm_fdqueue.h | 2 server/protocol.c | 332 ++++--- server/request.c | 129 +- server/scoreboard.c | 2 server/ssl.c | 92 ++ server/util.c | 192 ++-- server/vhost.c | 38 support/htcacheclean.c | 63 - test/test_travis_conditions.sh | 39 test/travis_run_linux.sh | 2 861 files changed, 7623 insertions(+), 6347 deletions(-) diff -Nru apache2-2.4.48/.travis.yml apache2-2.4.49/.travis.yml --- apache2-2.4.48/.travis.yml 2021-01-17 22:46:45.000000000 +0000 +++ apache2-2.4.49/.travis.yml 2021-09-03 08:33:22.000000000 +0000 @@ -37,8 +37,8 @@ # definitions to either: # condition_24x_only => run the job only for 2.4.x # condition_not_24x => run the job everywhere EXCEPT 2.4.x -_cond1: &condition_24x_only (branch is present AND branch = 2.4.x) OR (tag is present AND tag ~= /^2.4/) -_cond2: &condition_not_24x (branch is not present OR branch != 2.4.x) AND (tag is not present OR tag !~ /^2.4/) +_cond1: &condition_24x_only (branch is present AND (branch = 2.4.x OR branch ~= /^candidate-2.4/)) OR (tag is present AND tag ~= /^2.4/) +_cond2: &condition_not_24x (branch is not present OR (branch != 2.4.x AND branch !~ /^candidate-2.4/)) AND (tag is not present OR tag !~ /^2.4/) jobs: include: @@ -364,7 +364,7 @@ irc: if: fork = false channels: - - "chat.freenode.net#httpd-dev" + - "irc.libera.chat#httpd-dev" email: if: fork = false recipients: diff -Nru apache2-2.4.48/CHANGES apache2-2.4.49/CHANGES --- apache2-2.4.48/CHANGES 2021-05-14 19:18:52.000000000 +0000 +++ apache2-2.4.49/CHANGES 2021-09-09 15:22:23.000000000 +0000 @@ -1,6 +1,144 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.49 + + *) core/mod_proxy/mod_ssl: + Adding `outgoing` flag to conn_rec, indicating a connection is + initiated by the server to somewhere, in contrast to incoming + connections from clients. + Adding 'ap_ssl_bind_outgoing()` function that marks a connection + as outgoing and is used by mod_proxy instead of the previous + optional function `ssl_engine_set`. This enables other SSL + module to secure proxy connections. + The optional functions `ssl_engine_set`, `ssl_engine_disable` and + `ssl_proxy_enable` are now provided by the core to have backward + compatibility with non-httpd modules that might use them. mod_ssl + itself no longer registers these functions, but keeps them in its + header for backward compatibility. + The core provided optional function wrap any registered function + like it was done for `ssl_is_ssl`. + [Stefan Eissing] + + *) mod_ssl: Support logging private key material for use with + wireshark via log file given by SSLKEYLOGFILE environment + variable. Requires OpenSSL 1.1.1. PR 63391. [Joe Orton] + + *) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and + "ProxyPassInterpolateEnv On" are configured. PR 65549. + [Joel Self ] + + *) mpm_event: Fix children processes possibly not stopped on graceful + restart. PR 63169. [Joel Self ] + + *) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d) + protocols from mod_proxy_http, and a timeout triggering falsely when + using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with + upgrade= setting. PRs 65521 and 65519. [Yann Ylavic] + + *) mod_unique_id: Reduce the time window where duplicates may be generated + PR 65159 + [Christophe Jaillet] + + *) mpm_prefork: Block signals for child_init hooks to prevent potential + threads created from there to catch MPM's signals. + [Ruediger Pluem, Yann Ylavic] + + *) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load. + PR 65159" added in 2.4.47. + This causes issue on Windows. + [Christophe Jaillet] + + *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] + + *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted + as successful or a staged renewal is replacing the existing certificates. + This avoid potential mess ups in the md store file system to render the active + certificates non-working. [@mkauf] + + *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. + [Yann Ylavic] + + *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) + connections. If ALPN protocols are provided and sent to the + remote server, the received protocol selected is inspected + and checked for a match. Without match, the peer handshake + fails. + An exception is the proposal of "http/1.1" where it is + accepted if the remote server did not answer ALPN with + a selected protocol. This accomodates for hosts that do + not observe/support ALPN and speak http/1.x be default. + + *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances + with others when their URLs contain a '$' substitution. PR 65419 + 65429. + [Yann Ylavic] + + *) mod_dav: Add method_precondition hook. WebDAV extensions define + conditions that must exist before a WebDAV method can be executed. + This hook allows a WebDAV extension to verify these preconditions. + [Graham Leggett] + + *) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other + modules apart from versioning implementations to handle the REPORT method. + [Graham Leggett] + + *) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and + dav_get_resource() to mod_dav.h. [Graham Leggett] + + *) core: fix ap_escape_quotes substitution logic. [Eric Covener] + + *) Easy patches: synch 2.4.x and trunk + - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp. + - mod_ldap: log and abort locking errors. + - mod_ldap: style fix for r1831165 + - mod_ldap: build break fix for r1831165 + - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements + - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590) + - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case. + - mod_rewrite: Save a few cycles. + - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues + - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED + [Christophe Jaillet] + + *) core/mpm: add hook 'child_stopping` that gets called when the MPM is + stopping a child process. The additional `graceful` parameter allows + registered hooks to free resources early during a graceful shutdown. + [Yann Ylavic, Stefan Eissing] + + *) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the + balancer-manager, which can lead to a crash. [Yann Ylavic] + + *) mpm_event: Fix graceful stop/restart of children processes if connections + are in lingering close for too long. [Yann Ylavic] + + *) mod_md: fixed a potential null pointer dereference if ACME/OCSP + server returned 2xx responses without content type. Reported by chuangwen. + [chuangwen, Stefan Eissing] + + *) mod_md: + - Domain names in `` can now appear in quoted form. + - Fixed a failure in ACME challenge selection that aborted further searches + when the tls-alpn-01 method did not seem to be suitable. + - Changed the tls-alpn-01 setup to only become unsuitable when none of the + dns names showed support for a configured 'Protocols ... acme-tls/1'. This + allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost. + [Stefan Eissing] + + *) Add CPING to health check logic. [Jean-Frederic Clere] + + *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] + + *) core, h2: common ap_parse_request_line() and ap_check_request_header() + code. [Yann Ylavic] + + *) core: Add StrictHostCheck to allow unconfigured hostnames to be + rejected. [Eric Covener] + + *) htcacheclean: Improve help messages. [Christophe Jaillet] + Changes with Apache 2.4.48 + *) SECURITY: CVE-2021-31618 (cve.mitre.org) + mod_http2: Fix a potential NULL pointer dereference [Ivan Zhakov] + *) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic] @@ -126,6 +264,33 @@ Changes with Apache 2.4.47 + *) SECURITY: CVE-2021-30641 (cve.mitre.org) + Unexpected section matching with 'MergeSlashes OFF' + + *) SECURITY: CVE-2020-35452 (cve.mitre.org) + mod_auth_digest: possible stack overflow by one nul byte while validating + the Digest nonce. [Yann Ylavic] + + *) SECURITY: CVE-2021-26691 (cve.mitre.org) + mod_session: Fix possible crash due to NULL pointer dereference, which + could be used to cause a Denial of Service with a malicious backend + server and SessionHeader. [Yann Ylavic] + + *) SECURITY: CVE-2021-26690 (cve.mitre.org) + mod_session: Fix possible crash due to NULL pointer dereference, which + could be used to cause a Denial of Service. [Yann Ylavic] + + *) SECURITY: CVE-2020-13950 (cve.mitre.org) + mod_proxy_http: Fix possible crash due to NULL pointer dereference, which + could be used to cause a Denial of Service. [Yann Ylavic] + + *) SECURITY: CVE-2020-13938 (cve.mitre.org) + Windows: Prevent local users from stopping the httpd process [Ivan Zhakov] + + *) SECURITY: CVE-2019-17567 (cve.mitre.org) + mod_proxy_wstunnel, mod_proxy_http: Handle Upgradable protocols end-to-end + negotiation. [Yann Ylavic] + *) mod_dav_fs: Improve logging output when failing to open files for writing. PR 64413. [Bingyu Shen ] @@ -185,22 +350,13 @@ *) mod_authnz_ldap: Prevent authentications with empty passwords for the initial bind to fail with status 500. [Ruediger Pluem] - *) mod_auth_digest: Fast validation of the nonce's base64 to fail early if - the format can't match anyway. [Yann Ylavic] - *) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] - *) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in - proxy_util. [Yann Ylavic] - *) mod_proxy: Improve tunneling loop to support half closed connections and pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] - *) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response - and switched protocol forwarding. [Yann Ylavic] - *) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] diff -Nru apache2-2.4.48/Makefile.in apache2-2.4.49/Makefile.in --- apache2-2.4.48/Makefile.in 2021-02-11 10:51:19.000000000 +0000 +++ apache2-2.4.49/Makefile.in 2021-06-02 07:11:47.000000000 +0000 @@ -158,9 +158,9 @@ update-changes: @for i in `find changes-entries -type f`; do \ cp CHANGES CHANGES.tmp ; \ - awk -v fname=$$i 'BEGIN{done = 0} \ - done == 0 && /^Changes with Apache /{ active = 1; print; next}; \ - /^ *\*/ && active == 1 && done == 0{rec=$$0; while(getline CHANGES ; \ rm CHANGES.tmp ; \ if [ -n "$(SVN)" ] ; then \ diff -Nru apache2-2.4.48/ROADMAP apache2-2.4.49/ROADMAP --- apache2-2.4.48/ROADMAP 2020-02-21 00:33:40.000000000 +0000 +++ apache2-2.4.49/ROADMAP 2020-02-21 00:33:40.000000000 +0000 @@ -1,6 +1,6 @@ APACHE 2.x ROADMAP ================== -Last modified at [$Date: 2020-02-21 00:33:40 +0000 (ven. 21 févr. 2020) $] +Last modified at [$Date: 2020-02-21 01:33:40 +0100 (Fri, 21 Feb 2020) $] WORKS IN PROGRESS diff -Nru apache2-2.4.48/VERSIONING apache2-2.4.49/VERSIONING --- apache2-2.4.48/VERSIONING 2020-02-21 00:33:40.000000000 +0000 +++ apache2-2.4.49/VERSIONING 2020-02-21 00:33:40.000000000 +0000 @@ -1,6 +1,6 @@ APACHE 2.x VERSIONING ===================== -[$LastChangedDate: 2020-02-21 00:33:40 +0000 (ven. 21 févr. 2020) $] +[$LastChangedDate: 2020-02-21 01:33:40 +0100 (Fri, 21 Feb 2020) $] INTRODUCTION diff -Nru apache2-2.4.48/build/ltmain.sh apache2-2.4.49/build/ltmain.sh --- apache2-2.4.48/build/ltmain.sh 2021-05-17 21:21:45.000000000 +0000 +++ apache2-2.4.49/build/ltmain.sh 2021-09-10 13:47:01.000000000 +0000 @@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.6 Debian-2.4.6-15" +VERSION=2.4.6 package_revision=2.4.6 @@ -387,7 +387,7 @@ # putting '$debug_cmd' at the start of all your functions, you can get # bash to show function call trace with: # -# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name debug_cmd=${debug_cmd-":"} exit_cmd=: @@ -1370,7 +1370,7 @@ #! /bin/sh # Set a version string for this script. -scriptversion=2015-10-07.11; # UTC +scriptversion=2014-01-07.03; # UTC # A portable, pluggable option parser for Bourne shell. # Written by Gary V. Vaughan, 2010 @@ -1530,8 +1530,6 @@ { $debug_cmd - _G_rc_run_hooks=false - case " $hookable_fns " in *" $1 "*) ;; *) func_fatal_error "'$1' does not support hook funcions.n" ;; @@ -1540,16 +1538,16 @@ eval _G_hook_fns=\$$1_hooks; shift for _G_hook in $_G_hook_fns; do - if eval $_G_hook '"$@"'; then - # store returned options list back into positional - # parameters for next 'cmd' execution. - eval _G_hook_result=\$${_G_hook}_result - eval set dummy "$_G_hook_result"; shift - _G_rc_run_hooks=: - fi + eval $_G_hook '"$@"' + + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift done - $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result + func_quote_for_eval ${1+"$@"} + func_run_hooks_result=$func_quote_for_eval_result } @@ -1559,16 +1557,10 @@ ## --------------- ## # In order to add your own option parsing hooks, you must accept the -# full positional parameter list in your hook function, you may remove/edit -# any options that you action, and then pass back the remaining unprocessed +# full positional parameter list in your hook function, remove any +# options that you action, and then pass back the remaining unprocessed # options in '_result', escaped suitably for -# 'eval'. In this case you also must return $EXIT_SUCCESS to let the -# hook's caller know that it should pay attention to -# '_result'. Returning $EXIT_FAILURE signalizes that -# arguments are left untouched by the hook and therefore caller will ignore the -# result variable. -# -# Like this: +# 'eval'. Like this: # # my_options_prep () # { @@ -1578,11 +1570,9 @@ # usage_message=$usage_message' # -s, --silent don'\''t print informational messages # ' -# # No change in '$@' (ignored completely by this hook). There is -# # no need to do the equivalent (but slower) action: -# # func_quote_for_eval ${1+"$@"} -# # my_options_prep_result=$func_quote_for_eval_result -# false +# +# func_quote_for_eval ${1+"$@"} +# my_options_prep_result=$func_quote_for_eval_result # } # func_add_hook func_options_prep my_options_prep # @@ -1591,37 +1581,25 @@ # { # $debug_cmd # -# args_changed=false -# # # Note that for efficiency, we parse as many options as we can # # recognise in a loop before passing the remainder back to the # # caller on the first unrecognised argument we encounter. # while test $# -gt 0; do # opt=$1; shift # case $opt in -# --silent|-s) opt_silent=: -# args_changed=: -# ;; +# --silent|-s) opt_silent=: ;; # # Separate non-argument short options: # -s*) func_split_short_opt "$_G_opt" # set dummy "$func_split_short_opt_name" \ # "-$func_split_short_opt_arg" ${1+"$@"} # shift -# args_changed=: # ;; -# *) # Make sure the first unrecognised option "$_G_opt" -# # is added back to "$@", we could need that later -# # if $args_changed is true. -# set dummy "$_G_opt" ${1+"$@"}; shift; break ;; +# *) set dummy "$_G_opt" "$*"; shift; break ;; # esac # done # -# if $args_changed; then -# func_quote_for_eval ${1+"$@"} -# my_silent_option_result=$func_quote_for_eval_result -# fi -# -# $args_changed +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result # } # func_add_hook func_parse_options my_silent_option # @@ -1633,32 +1611,16 @@ # $opt_silent && $opt_verbose && func_fatal_help "\ # '--silent' and '--verbose' options are mutually exclusive." # -# false +# func_quote_for_eval ${1+"$@"} +# my_option_validation_result=$func_quote_for_eval_result # } # func_add_hook func_validate_options my_option_validation # -# You'll also need to manually amend $usage_message to reflect the extra +# You'll alse need to manually amend $usage_message to reflect the extra # options you parse. It's preferable to append if you can, so that # multiple option parsing hooks can be added safely. -# func_options_finish [ARG]... -# ---------------------------- -# Finishing the option parse loop (call 'func_options' hooks ATM). -func_options_finish () -{ - $debug_cmd - - _G_func_options_finish_exit=false - if func_run_hooks func_options ${1+"$@"}; then - func_options_finish_result=$func_run_hooks_result - _G_func_options_finish_exit=: - fi - - $_G_func_options_finish_exit -} - - # func_options [ARG]... # --------------------- # All the functions called inside func_options are hookable. See the @@ -1668,28 +1630,17 @@ { $debug_cmd - _G_rc_options=false - - for my_func in options_prep parse_options validate_options options_finish - do - if eval func_$my_func '${1+"$@"}'; then - eval _G_res_var='$'"func_${my_func}_result" - eval set dummy "$_G_res_var" ; shift - _G_rc_options=: - fi - done + func_options_prep ${1+"$@"} + eval func_parse_options \ + ${func_options_prep_result+"$func_options_prep_result"} + eval func_validate_options \ + ${func_parse_options_result+"$func_parse_options_result"} - # Save modified positional parameters for caller. As a top-level - # options-parser function we always need to set the 'func_options_result' - # variable (regardless the $_G_rc_options value). - if $_G_rc_options; then - func_options_result=$_G_res_var - else - func_quote_for_eval ${1+"$@"} - func_options_result=$func_quote_for_eval_result - fi + eval func_run_hooks func_options \ + ${func_validate_options_result+"$func_validate_options_result"} - $_G_rc_options + # save modified positional parameters for caller + func_options_result=$func_run_hooks_result } @@ -1698,9 +1649,9 @@ # All initialisations required before starting the option parse loop. # Note that when calling hook functions, we pass through the list of # positional parameters. If a hook function modifies that list, and -# needs to propagate that back to rest of this script, then the complete +# needs to propogate that back to rest of this script, then the complete # modified list must be put in 'func_run_hooks_result' before -# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned). +# returning. func_hookable func_options_prep func_options_prep () { @@ -1710,14 +1661,10 @@ opt_verbose=false opt_warning_types= - _G_rc_options_prep=false - if func_run_hooks func_options_prep ${1+"$@"}; then - _G_rc_options_prep=: - # save modified positional parameters for caller - func_options_prep_result=$func_run_hooks_result - fi + func_run_hooks func_options_prep ${1+"$@"} - $_G_rc_options_prep + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result } @@ -1731,20 +1678,18 @@ func_parse_options_result= - _G_rc_parse_options=false # this just eases exit handling while test $# -gt 0; do # Defer to hook functions for initial option parsing, so they # get priority in the event of reusing an option name. - if func_run_hooks func_parse_options ${1+"$@"}; then - eval set dummy "$func_run_hooks_result"; shift - _G_rc_parse_options=: - fi + func_run_hooks func_parse_options ${1+"$@"} + + # Adjust func_parse_options positional parameters to match + eval set dummy "$func_run_hooks_result"; shift # Break out of the loop if we already parsed every option. test $# -gt 0 || break - _G_match_parse_options=: _G_opt=$1 shift case $_G_opt in @@ -1759,10 +1704,7 @@ ;; --warnings|--warning|-W) - if test $# = 0 && func_missing_arg $_G_opt; then - _G_rc_parse_options=: - break - fi + test $# = 0 && func_missing_arg $_G_opt && break case " $warning_categories $1" in *" $1 "*) # trailing space prevents matching last $1 above @@ -1815,25 +1757,15 @@ shift ;; - --) _G_rc_parse_options=: ; break ;; + --) break ;; -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; - *) set dummy "$_G_opt" ${1+"$@"}; shift - _G_match_parse_options=false - break - ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac - - $_G_match_parse_options && _G_rc_parse_options=: done - - if $_G_rc_parse_options; then - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - func_parse_options_result=$func_quote_for_eval_result - fi - - $_G_rc_parse_options + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result } @@ -1846,21 +1778,16 @@ { $debug_cmd - _G_rc_validate_options=false - # Display all warnings if -W was not given. test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" - if func_run_hooks func_validate_options ${1+"$@"}; then - # save modified positional parameters for caller - func_validate_options_result=$func_run_hooks_result - _G_rc_validate_options=: - fi + func_run_hooks func_validate_options ${1+"$@"} # Bail if the options were screwed! $exit_cmd $EXIT_FAILURE - $_G_rc_validate_options + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result } @@ -2141,12 +2068,12 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.6-15 + version: $progname (GNU libtool) 2.4.6 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` Report bugs to . -GNU libtool home page: . +GNU libtool home page: . General help using GNU software: ." exit 0 } @@ -2343,8 +2270,6 @@ nonopt= preserve_args= - _G_rc_lt_options_prep=: - # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) @@ -2368,18 +2293,11 @@ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; - *) - _G_rc_lt_options_prep=false - ;; esac - if $_G_rc_lt_options_prep; then - # Pass back the list of options. - func_quote_for_eval ${1+"$@"} - libtool_options_prep_result=$func_quote_for_eval_result - fi - - $_G_rc_lt_options_prep + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result } func_add_hook func_options_prep libtool_options_prep @@ -2391,12 +2309,9 @@ { $debug_cmd - _G_rc_lt_parse_options=false - # Perform our own loop to consume as many options as possible in # each iteration. while test $# -gt 0; do - _G_match_lt_parse_options=: _G_opt=$1 shift case $_G_opt in @@ -2471,22 +2386,15 @@ func_append preserve_args " $_G_opt" ;; - # An option not handled by this hook function: - *) set dummy "$_G_opt" ${1+"$@"} ; shift - _G_match_lt_parse_options=false - break - ;; + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;; esac - $_G_match_lt_parse_options && _G_rc_lt_parse_options=: done - if $_G_rc_lt_parse_options; then - # save modified positional parameters for caller - func_quote_for_eval ${1+"$@"} - libtool_parse_options_result=$func_quote_for_eval_result - fi - $_G_rc_lt_parse_options + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result } func_add_hook func_parse_options libtool_parse_options @@ -7364,16 +7272,10 @@ # -tp=* Portland pgcc target processor selection # --sysroot=* for sysroot support # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization - # -specs=* GCC specs files # -stdlib=* select c++ std lib with clang - # -fsanitize=* Clang/GCC memory and address sanitizer - # -fuse-ld=* Linker select flags for GCC - # -static-* direct GCC to link specific libraries statically - # -fcilkplus Cilk Plus language extension features for C/C++ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ - -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ - -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus) + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result func_append compile_command " $arg" @@ -7666,10 +7568,7 @@ case $pass in dlopen) libs=$dlfiles ;; dlpreopen) libs=$dlprefiles ;; - link) - libs="$deplibs %DEPLIBS%" - test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" - ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test lib,dlpreopen = "$linkmode,$pass"; then @@ -7988,19 +7887,19 @@ # It is a libtool convenience library, so add in its objects. func_append convenience " $ladir/$objdir/$old_library" func_append old_convenience " $ladir/$objdir/$old_library" - tmp_libs= - for deplib in $dependency_libs; do - deplibs="$deplib $deplibs" - if $opt_preserve_dup_deps; then - case "$tmp_libs " in - *" $deplib "*) func_append specialdeplibs " $deplib" ;; - esac - fi - func_append tmp_libs " $deplib" - done elif test prog != "$linkmode" && test lib != "$linkmode"; then func_fatal_error "'$lib' is not a convenience library" fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done continue fi # $pass = conv @@ -8924,9 +8823,6 @@ revision=$number_minor lt_irix_increment=no ;; - *) - func_fatal_configuration "$modename: unknown library version type '$version_type'" - ;; esac ;; no) diff -Nru apache2-2.4.48/configure apache2-2.4.49/configure --- apache2-2.4.48/configure 2021-05-17 21:21:48.000000000 +0000 +++ apache2-2.4.49/configure 2021-09-10 13:47:03.000000000 +0000 @@ -948,7 +948,6 @@ docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -1209,7 +1208,6 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE}' @@ -1462,15 +1460,6 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1608,7 +1597,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1761,7 +1750,6 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] diff -Nru apache2-2.4.48/debian/changelog apache2-2.4.49/debian/changelog --- apache2-2.4.48/debian/changelog 2021-08-12 11:51:47.000000000 +0000 +++ apache2-2.4.49/debian/changelog 2021-09-30 04:06:35.000000000 +0000 @@ -1,3 +1,22 @@ +apache2 (2.4.49-1~deb11u2) bullseye-security; urgency=medium + + [ Yadd ] + * Re-export upstream signing key without extra signatures. + + [ Moritz Muehlenhoff ] + * Fix CVE-2021-40438 regression + + -- Yadd Thu, 30 Sep 2021 06:06:35 +0200 + +apache2 (2.4.49-1~deb11u1) bullseye-security; urgency=high + + * Update upstream GPG keys + * New upstream version 2.4.49 (Closes: CVE-2021-34798, CVE-2021-36160, + CVE-2021-39275, CVE-2021-40438) + * Refresh patches + + -- Yadd Thu, 16 Sep 2021 05:54:22 +0200 + apache2 (2.4.48-3.1+deb11u1) bullseye-security; urgency=medium * Fix mod_proxy HTTP2 request line injection (Closes: CVE-2021-33193) diff -Nru apache2-2.4.48/debian/patches/CVE-2021-33193.patch apache2-2.4.49/debian/patches/CVE-2021-33193.patch --- apache2-2.4.48/debian/patches/CVE-2021-33193.patch 2021-08-12 11:51:47.000000000 +0000 +++ apache2-2.4.49/debian/patches/CVE-2021-33193.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,870 +0,0 @@ -Description: fix mod_proxy HTTP2 request line injection - *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] - *) core, h2: common ap_parse_request_line() and ap_check_request_header() - code. [Yann Ylavic] - *) core: Add StrictHostCheck to allow unconfigured hostnames to be - rejected. [Eric Covener] -Author: Stefan Eissing -Origin: upstream, https://github.com/apache/httpd/commit/ecebcc03 -Bug: https://portswigger.net/research/http2 -Forwarded: not-needed -Reviewed-By: Yadd -Last-Update: 2021-08-12 - ---- a/include/ap_mmn.h -+++ b/include/ap_mmn.h -@@ -559,6 +559,9 @@ - * and ap_ssl_answer_challenge and hooks. - * 20120211.104 (2.4.47-dev) Move ap_ssl_* into new http_ssl.h header file - * 20120211.105 (2.4.47-dev) Add ap_ssl_ocsp* hooks and functions to http_ssl.h. -+ * 20120211.106 (2.4.47-dev) Add ap_create_request(). -+ * 20120211.107 (2.4.47-dev) Add ap_parse_request_line() and -+ * ap_check_request_header() - */ - - #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ -@@ -566,7 +569,7 @@ - #ifndef MODULE_MAGIC_NUMBER_MAJOR - #define MODULE_MAGIC_NUMBER_MAJOR 20120211 - #endif --#define MODULE_MAGIC_NUMBER_MINOR 105 /* 0...n */ -+#define MODULE_MAGIC_NUMBER_MINOR 107 /* 0...n */ - - /** - * Determine if the server's current MODULE_MAGIC_NUMBER is at least a ---- a/include/http_core.h -+++ b/include/http_core.h -@@ -754,6 +754,7 @@ - - apr_size_t flush_max_threshold; - apr_int32_t flush_max_pipelined; -+ unsigned int strict_host_check; - } core_server_config; - - /* for AddOutputFiltersByType in core.c */ -@@ -782,6 +783,11 @@ - typedef struct core_output_filter_ctx core_output_filter_ctx_t; - typedef struct core_filter_ctx core_ctx_t; - -+struct core_filter_ctx { -+ apr_bucket_brigade *b; -+ apr_bucket_brigade *tmpbb; -+}; -+ - typedef struct core_net_rec { - /** Connection to the client */ - apr_socket_t *client_socket; ---- a/include/http_protocol.h -+++ b/include/http_protocol.h -@@ -54,6 +54,13 @@ - */ - - /** -+ * Read an empty request and set reasonable defaults. -+ * @param c The current connection -+ * @return The new request_rec -+ */ -+AP_DECLARE(request_rec *) ap_create_request(conn_rec *c); -+ -+/** - * Read a request and fill in the fields. - * @param c The current connection - * @return The new request_rec -@@ -61,6 +68,20 @@ - request_rec *ap_read_request(conn_rec *c); - - /** -+ * Parse and validate the request line. -+ * @param r The current request -+ * @return 1 on success, 0 on failure -+ */ -+AP_DECLARE(int) ap_parse_request_line(request_rec *r); -+ -+/** -+ * Validate the request header and select vhost. -+ * @param r The current request -+ * @return 1 on success, 0 on failure -+ */ -+AP_DECLARE(int) ap_check_request_header(request_rec *r); -+ -+/** - * Read the mime-encoded headers. - * @param r The current request - */ ---- a/include/http_vhost.h -+++ b/include/http_vhost.h -@@ -100,6 +100,19 @@ - AP_DECLARE(void) ap_update_vhost_from_headers(request_rec *r); - - /** -+ * Updates r->server with the best name-based virtual host match, within -+ * the chain of matching virtual hosts selected by ap_update_vhost_given_ip. -+ * @param r The current request -+ * @param require_match 1 to return an HTTP error if the requested hostname is -+ * not explicitly matched to a VirtualHost. -+ * @return return HTTP_OK unless require_match was specified and the requested -+ * hostname did not match any ServerName, ServerAlias, or VirtualHost -+ * address-spec. -+ */ -+AP_DECLARE(int) ap_update_vhost_from_headers_ex(request_rec *r, int require_match); -+ -+ -+/** - * Match the host in the header with the hostname of the server for this - * request. - * @param r The current request ---- a/modules/http2/h2_request.c -+++ b/modules/http2/h2_request.c -@@ -210,75 +210,12 @@ - return dst; - } - --#if !AP_MODULE_MAGIC_AT_LEAST(20150222, 13) --static request_rec *my_ap_create_request(conn_rec *c) --{ -- apr_pool_t *p; -- request_rec *r; -- -- apr_pool_create(&p, c->pool); -- apr_pool_tag(p, "request"); -- r = apr_pcalloc(p, sizeof(request_rec)); -- AP_READ_REQUEST_ENTRY((intptr_t)r, (uintptr_t)c); -- r->pool = p; -- r->connection = c; -- r->server = c->base_server; -- -- r->user = NULL; -- r->ap_auth_type = NULL; -- -- r->allowed_methods = ap_make_method_list(p, 2); -- -- r->headers_in = apr_table_make(r->pool, 5); -- r->trailers_in = apr_table_make(r->pool, 5); -- r->subprocess_env = apr_table_make(r->pool, 25); -- r->headers_out = apr_table_make(r->pool, 12); -- r->err_headers_out = apr_table_make(r->pool, 5); -- r->trailers_out = apr_table_make(r->pool, 5); -- r->notes = apr_table_make(r->pool, 5); -- -- r->request_config = ap_create_request_config(r->pool); -- /* Must be set before we run create request hook */ -- -- r->proto_output_filters = c->output_filters; -- r->output_filters = r->proto_output_filters; -- r->proto_input_filters = c->input_filters; -- r->input_filters = r->proto_input_filters; -- ap_run_create_request(r); -- r->per_dir_config = r->server->lookup_defaults; -- -- r->sent_bodyct = 0; /* bytect isn't for body */ -- -- r->read_length = 0; -- r->read_body = REQUEST_NO_BODY; -- -- r->status = HTTP_OK; /* Until further notice */ -- r->header_only = 0; -- r->the_request = NULL; -- -- /* Begin by presuming any module can make its own path_info assumptions, -- * until some module interjects and changes the value. -- */ -- r->used_path_info = AP_REQ_DEFAULT_PATH_INFO; -- -- r->useragent_addr = c->client_addr; -- r->useragent_ip = c->client_ip; -- -- return r; --} --#endif -- - request_rec *h2_request_create_rec(const h2_request *req, conn_rec *c) - { -- int access_status; -+ int access_status = HTTP_OK; - --#if AP_MODULE_MAGIC_AT_LEAST(20150222, 13) - request_rec *r = ap_create_request(c); --#else -- request_rec *r = my_ap_create_request(c); --#endif - --#if AP_MODULE_MAGIC_AT_LEAST(20200331, 3) - ap_run_pre_read_request(r, c); - - /* Time to populate r with the data we have. */ -@@ -307,49 +244,6 @@ - r->status = HTTP_OK; - goto die; - } --#else -- { -- const char *s; -- -- r->headers_in = apr_table_clone(r->pool, req->headers); -- ap_run_pre_read_request(r, c); -- -- /* Time to populate r with the data we have. */ -- r->request_time = req->request_time; -- r->method = apr_pstrdup(r->pool, req->method); -- /* Provide quick information about the request method as soon as known */ -- r->method_number = ap_method_number_of(r->method); -- if (r->method_number == M_GET && r->method[0] == 'H') { -- r->header_only = 1; -- } -- ap_parse_uri(r, req->path ? req->path : ""); -- r->protocol = (char*)"HTTP/2.0"; -- r->proto_num = HTTP_VERSION(2, 0); -- r->the_request = apr_psprintf(r->pool, "%s %s HTTP/2.0", -- r->method, req->path ? req->path : ""); -- -- /* Start with r->hostname = NULL, ap_check_request_header() will get it -- * form Host: header, otherwise we get complains about port numbers. -- */ -- r->hostname = NULL; -- ap_update_vhost_from_headers(r); -- -- /* we may have switched to another server */ -- r->per_dir_config = r->server->lookup_defaults; -- -- s = apr_table_get(r->headers_in, "Expect"); -- if (s && s[0]) { -- if (ap_cstr_casecmp(s, "100-continue") == 0) { -- r->expecting_100 = 1; -- } -- else { -- r->status = HTTP_EXPECTATION_FAILED; -- access_status = r->status; -- goto die; -- } -- } -- } --#endif - - /* we may have switched to another server */ - r->per_dir_config = r->server->lookup_defaults; ---- a/server/core.c -+++ b/server/core.c -@@ -511,6 +511,8 @@ - conf->protocols_honor_order = -1; - conf->merge_slashes = AP_CORE_CONFIG_UNSET; - -+ conf->strict_host_check= AP_CORE_CONFIG_UNSET; -+ - return (void *)conf; - } - -@@ -585,6 +587,12 @@ - ? virt->flush_max_pipelined - : base->flush_max_pipelined; - -+ conf->strict_host_check = (virt->strict_host_check != AP_CORE_CONFIG_UNSET) -+ ? virt->strict_host_check -+ : base->strict_host_check; -+ -+ AP_CORE_MERGE_FLAG(strict_host_check, conf, base, virt); -+ - return conf; - } - -@@ -4623,7 +4631,10 @@ - AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO, - "Controls whether the REDIRECT_URL environment variable is fully " - "qualified"), -- -+AP_INIT_FLAG("StrictHostCheck", set_core_server_flag, -+ (void *)APR_OFFSETOF(core_server_config, strict_host_check), -+ RSRC_CONF, -+ "Controls whether a hostname match is required"), - AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower, - (void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO, - "a mime type that overrides other configured type"), -@@ -5623,4 +5634,3 @@ - core_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ - }; -- ---- a/server/core_filters.c -+++ b/server/core_filters.c -@@ -85,11 +85,6 @@ - apr_size_t nvec; - }; - --struct core_filter_ctx { -- apr_bucket_brigade *b; -- apr_bucket_brigade *tmpbb; --}; -- - - apr_status_t ap_core_input_filter(ap_filter_t *f, apr_bucket_brigade *b, - ap_input_mode_t mode, apr_read_type_e block, ---- a/server/protocol.c -+++ b/server/protocol.c -@@ -609,8 +609,15 @@ - } - - r->args = r->parsed_uri.query; -- r->uri = r->parsed_uri.path ? r->parsed_uri.path -- : apr_pstrdup(r->pool, "/"); -+ if (r->parsed_uri.path) { -+ r->uri = r->parsed_uri.path; -+ } -+ else if (r->method_number == M_OPTIONS) { -+ r->uri = apr_pstrdup(r->pool, "*"); -+ } -+ else { -+ r->uri = apr_pstrdup(r->pool, "/"); -+ } - - #if defined(OS2) || defined(WIN32) - /* Handle path translations for OS/2 and plug security hole. -@@ -645,13 +652,6 @@ - - static int read_request_line(request_rec *r, apr_bucket_brigade *bb) - { -- enum { -- rrl_none, rrl_badmethod, rrl_badwhitespace, rrl_excesswhitespace, -- rrl_missinguri, rrl_baduri, rrl_badprotocol, rrl_trailingtext, -- rrl_badmethod09, rrl_reject09 -- } deferred_error = rrl_none; -- char *ll; -- char *uri; - apr_size_t len; - int num_blank_lines = DEFAULT_LIMIT_BLANK_LINES; - core_server_config *conf = ap_get_core_module_config(r->server->module_config); -@@ -711,6 +711,20 @@ - } - - r->request_time = apr_time_now(); -+ return 1; -+} -+ -+AP_DECLARE(int) ap_parse_request_line(request_rec *r) -+{ -+ core_server_config *conf = ap_get_core_module_config(r->server->module_config); -+ int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); -+ enum { -+ rrl_none, rrl_badmethod, rrl_badwhitespace, rrl_excesswhitespace, -+ rrl_missinguri, rrl_baduri, rrl_badprotocol, rrl_trailingtext, -+ rrl_badmethod09, rrl_reject09 -+ } deferred_error = rrl_none; -+ apr_size_t len = 0; -+ char *uri, *ll; - - r->method = r->the_request; - -@@ -742,7 +756,6 @@ - if (deferred_error == rrl_none) - deferred_error = rrl_missinguri; - r->protocol = uri = ""; -- len = 0; - goto rrl_done; - } - else if (strict && ll[0] && apr_isspace(ll[1]) -@@ -773,7 +786,6 @@ - /* Verify URI terminated with a single SP, or mark as specific error */ - if (!ll) { - r->protocol = ""; -- len = 0; - goto rrl_done; - } - else if (strict && ll[0] && apr_isspace(ll[1]) -@@ -866,6 +878,14 @@ - r->header_only = 1; - - ap_parse_uri(r, uri); -+ if (r->status == HTTP_OK -+ && (r->parsed_uri.path != NULL) -+ && (r->parsed_uri.path[0] != '/') -+ && (r->method_number != M_OPTIONS -+ || strcmp(r->parsed_uri.path, "*") != 0)) { -+ /* Invalid request-target per RFC 7230 section 5.3 */ -+ r->status = HTTP_BAD_REQUEST; -+ } - - /* With the request understood, we can consider HTTP/0.9 specific errors */ - if (r->proto_num == HTTP_VERSION(0, 9) && deferred_error == rrl_none) { -@@ -973,6 +993,79 @@ - return 0; - } - -+AP_DECLARE(int) ap_check_request_header(request_rec *r) -+{ -+ core_server_config *conf; -+ int strict_host_check; -+ const char *expect; -+ int access_status; -+ -+ conf = ap_get_core_module_config(r->server->module_config); -+ -+ /* update what we think the virtual host is based on the headers we've -+ * now read. may update status. -+ */ -+ strict_host_check = (conf->strict_host_check == AP_CORE_CONFIG_ON); -+ access_status = ap_update_vhost_from_headers_ex(r, strict_host_check); -+ if (strict_host_check && access_status != HTTP_OK) { -+ if (r->server == ap_server_conf) { -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10156) -+ "Requested hostname '%s' did not match any ServerName/ServerAlias " -+ "in the global server configuration ", r->hostname); -+ } -+ else { -+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10157) -+ "Requested hostname '%s' did not match any ServerName/ServerAlias " -+ "in the matching virtual host (default vhost for " -+ "current connection is %s:%u)", -+ r->hostname, r->server->defn_name, r->server->defn_line_number); -+ } -+ r->status = access_status; -+ } -+ if (r->status != HTTP_OK) { -+ return 0; -+ } -+ -+ if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1, 1))) -+ || ((r->proto_num == HTTP_VERSION(1, 1)) -+ && !apr_table_get(r->headers_in, "Host"))) { -+ /* -+ * Client sent us an HTTP/1.1 or later request without telling us the -+ * hostname, either with a full URL or a Host: header. We therefore -+ * need to (as per the 1.1 spec) send an error. As a special case, -+ * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain -+ * a Host: header, and the server MUST respond with 400 if it doesn't. -+ */ -+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00569) -+ "client sent HTTP/1.1 request without hostname " -+ "(see RFC2616 section 14.23): %s", r->uri); -+ r->status = HTTP_BAD_REQUEST; -+ return 0; -+ } -+ -+ if (((expect = apr_table_get(r->headers_in, "Expect")) != NULL) -+ && (expect[0] != '\0')) { -+ /* -+ * The Expect header field was added to HTTP/1.1 after RFC 2068 -+ * as a means to signal when a 100 response is desired and, -+ * unfortunately, to signal a poor man's mandatory extension that -+ * the server must understand or return 417 Expectation Failed. -+ */ -+ if (ap_cstr_casecmp(expect, "100-continue") == 0) { -+ r->expecting_100 = 1; -+ } -+ else { -+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) -+ "client sent an unrecognized expectation value " -+ "of Expect: %s", expect); -+ r->status = HTTP_EXPECTATION_FAILED; -+ return 0; -+ } -+ } -+ -+ return 1; -+} -+ - static int table_do_fn_check_lengths(void *r_, const char *key, - const char *value) - { -@@ -1256,16 +1349,10 @@ - apr_brigade_destroy(tmp_bb); - } - --request_rec *ap_read_request(conn_rec *conn) -+AP_DECLARE(request_rec *) ap_create_request(conn_rec *conn) - { - request_rec *r; - apr_pool_t *p; -- const char *expect; -- int access_status; -- apr_bucket_brigade *tmp_bb; -- apr_socket_t *csd; -- apr_interval_time_t cur_timeout; -- - - apr_pool_create(&p, conn->pool); - apr_pool_tag(p, "request"); -@@ -1304,6 +1391,7 @@ - r->read_body = REQUEST_NO_BODY; - - r->status = HTTP_OK; /* Until further notice */ -+ r->header_only = 0; - r->the_request = NULL; - - /* Begin by presuming any module can make its own path_info assumptions, -@@ -1314,13 +1402,35 @@ - r->useragent_addr = conn->client_addr; - r->useragent_ip = conn->client_ip; - -+ return r; -+} -+ -+/* Apply the server's timeout/config to the connection/request. */ -+static void apply_server_config(request_rec *r) -+{ -+ apr_socket_t *csd; -+ -+ csd = ap_get_conn_socket(r->connection); -+ apr_socket_timeout_set(csd, r->server->timeout); -+ -+ r->per_dir_config = r->server->lookup_defaults; -+} -+ -+request_rec *ap_read_request(conn_rec *conn) -+{ -+ int access_status; -+ apr_bucket_brigade *tmp_bb; -+ -+ request_rec *r = ap_create_request(conn); -+ - tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); - conn->keepalive = AP_CONN_UNKNOWN; - - ap_run_pre_read_request(r, conn); - - /* Get the request... */ -- if (!read_request_line(r, tmp_bb)) { -+ if (!read_request_line(r, tmp_bb) || !ap_parse_request_line(r)) { -+ apr_brigade_cleanup(tmp_bb); - switch (r->status) { - case HTTP_REQUEST_URI_TOO_LARGE: - case HTTP_BAD_REQUEST: -@@ -1336,49 +1446,38 @@ - "request failed: malformed request line"); - } - access_status = r->status; -- r->status = HTTP_OK; -- ap_die(access_status, r); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- r = NULL; -- apr_brigade_destroy(tmp_bb); -- goto traceout; -+ goto die_unusable_input; -+ - case HTTP_REQUEST_TIME_OUT: -+ /* Just log, no further action on this connection. */ - ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, NULL); - if (!r->connection->keepalives) - ap_run_log_transaction(r); -- apr_brigade_destroy(tmp_bb); -- goto traceout; -- default: -- apr_brigade_destroy(tmp_bb); -- r = NULL; -- goto traceout; -+ break; - } -+ /* Not worth dying with. */ -+ conn->keepalive = AP_CONN_CLOSE; -+ apr_pool_destroy(r->pool); -+ goto ignore; - } -+ apr_brigade_cleanup(tmp_bb); - - /* We may have been in keep_alive_timeout mode, so toggle back - * to the normal timeout mode as we fetch the header lines, - * as necessary. - */ -- csd = ap_get_conn_socket(conn); -- apr_socket_timeout_get(csd, &cur_timeout); -- if (cur_timeout != conn->base_server->timeout) { -- apr_socket_timeout_set(csd, conn->base_server->timeout); -- cur_timeout = conn->base_server->timeout; -- } -+ apply_server_config(r); - - if (!r->assbackwards) { - const char *tenc, *clen; - - ap_get_mime_headers_core(r, tmp_bb); -+ apr_brigade_cleanup(tmp_bb); - if (r->status != HTTP_OK) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00567) - "request failed: error reading the headers"); -- ap_send_error_response(r, 0); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- apr_brigade_destroy(tmp_bb); -- goto traceout; -+ access_status = r->status; -+ goto die_unusable_input; - } - - clen = apr_table_get(r->headers_in, "Content-Length"); -@@ -1389,13 +1488,8 @@ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242) - "client sent invalid Content-Length " - "(%s): %s", clen, r->uri); -- r->status = HTTP_BAD_REQUEST; -- conn->keepalive = AP_CONN_CLOSE; -- ap_send_error_response(r, 0); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- apr_brigade_destroy(tmp_bb); -- goto traceout; -+ access_status = HTTP_BAD_REQUEST; -+ goto die_unusable_input; - } - } - -@@ -1411,13 +1505,8 @@ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02539) - "client sent unknown Transfer-Encoding " - "(%s): %s", tenc, r->uri); -- r->status = HTTP_BAD_REQUEST; -- conn->keepalive = AP_CONN_CLOSE; -- ap_send_error_response(r, 0); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- apr_brigade_destroy(tmp_bb); -- goto traceout; -+ access_status = HTTP_BAD_REQUEST; -+ goto die_unusable_input; - } - - /* https://tools.ietf.org/html/rfc7230 -@@ -1437,88 +1526,79 @@ - } - } - -- apr_brigade_destroy(tmp_bb); -- -- /* update what we think the virtual host is based on the headers we've -- * now read. may update status. -- */ -- ap_update_vhost_from_headers(r); -- access_status = r->status; -- -- /* Toggle to the Host:-based vhost's timeout mode to fetch the -- * request body and send the response body, if needed. -- */ -- if (cur_timeout != r->server->timeout) { -- apr_socket_timeout_set(csd, r->server->timeout); -- cur_timeout = r->server->timeout; -- } -- -- /* we may have switched to another server */ -- r->per_dir_config = r->server->lookup_defaults; -- -- if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1, 1))) -- || ((r->proto_num == HTTP_VERSION(1, 1)) -- && !apr_table_get(r->headers_in, "Host"))) { -- /* -- * Client sent us an HTTP/1.1 or later request without telling us the -- * hostname, either with a full URL or a Host: header. We therefore -- * need to (as per the 1.1 spec) send an error. As a special case, -- * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain -- * a Host: header, and the server MUST respond with 400 if it doesn't. -- */ -- access_status = HTTP_BAD_REQUEST; -- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00569) -- "client sent HTTP/1.1 request without hostname " -- "(see RFC2616 section 14.23): %s", r->uri); -- } -- - /* - * Add the HTTP_IN filter here to ensure that ap_discard_request_body - * called by ap_die and by ap_send_error_response works correctly on - * status codes that do not cause the connection to be dropped and - * in situations where the connection should be kept alive. - */ -- - ap_add_input_filter_handle(ap_http_input_filter_handle, - NULL, r, r->connection); - -- if (access_status != HTTP_OK -- || (access_status = ap_run_post_read_request(r))) { -- ap_die(access_status, r); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- r = NULL; -- goto traceout; -+ /* Validate Host/Expect headers and select vhost. */ -+ if (!ap_check_request_header(r)) { -+ /* we may have switched to another server still */ -+ apply_server_config(r); -+ access_status = r->status; -+ goto die_before_hooks; - } - -- if (((expect = apr_table_get(r->headers_in, "Expect")) != NULL) -- && (expect[0] != '\0')) { -- /* -- * The Expect header field was added to HTTP/1.1 after RFC 2068 -- * as a means to signal when a 100 response is desired and, -- * unfortunately, to signal a poor man's mandatory extension that -- * the server must understand or return 417 Expectation Failed. -- */ -- if (ap_cstr_casecmp(expect, "100-continue") == 0) { -- r->expecting_100 = 1; -- } -- else { -- r->status = HTTP_EXPECTATION_FAILED; -- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) -- "client sent an unrecognized expectation value of " -- "Expect: %s", expect); -- ap_send_error_response(r, 0); -- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); -- ap_run_log_transaction(r); -- goto traceout; -- } -+ /* we may have switched to another server */ -+ apply_server_config(r); -+ -+ if ((access_status = ap_run_post_read_request(r))) { -+ goto die; - } - -- AP_READ_REQUEST_SUCCESS((uintptr_t)r, (char *)r->method, (char *)r->uri, (char *)r->server->defn_name, r->status); -+ AP_READ_REQUEST_SUCCESS((uintptr_t)r, (char *)r->method, -+ (char *)r->uri, (char *)r->server->defn_name, -+ r->status); - return r; -- traceout: -+ -+ /* Everything falls through on failure */ -+ -+die_unusable_input: -+ /* Input filters are in an undeterminate state, cleanup (including -+ * CORE_IN's socket) such that any further attempt to read is EOF. -+ */ -+ { -+ ap_filter_t *f = conn->input_filters; -+ while (f) { -+ if (f->frec == ap_core_input_filter_handle) { -+ core_net_rec *net = f->ctx; -+ apr_brigade_cleanup(net->in_ctx->b); -+ break; -+ } -+ ap_remove_input_filter(f); -+ f = f->next; -+ } -+ conn->input_filters = r->input_filters = f; -+ conn->keepalive = AP_CONN_CLOSE; -+ } -+ -+die_before_hooks: -+ /* First call to ap_die() (non recursive) */ -+ r->status = HTTP_OK; -+ -+die: -+ ap_die(access_status, r); -+ -+ /* ap_die() sent the response through the output filters, we must now -+ * end the request with an EOR bucket for stream/pipeline accounting. -+ */ -+ { -+ apr_bucket_brigade *eor_bb; -+ eor_bb = apr_brigade_create(conn->pool, conn->bucket_alloc); -+ APR_BRIGADE_INSERT_TAIL(eor_bb, -+ ap_bucket_eor_create(conn->bucket_alloc, r)); -+ ap_pass_brigade(conn->output_filters, eor_bb); -+ apr_brigade_cleanup(eor_bb); -+ } -+ -+ignore: -+ r = NULL; - AP_READ_REQUEST_FAILURE((uintptr_t)r); -- return r; -+ return NULL; - } - - /* if a request with a body creates a subrequest, remove original request's ---- a/server/vhost.c -+++ b/server/vhost.c -@@ -34,6 +34,7 @@ - #include "http_vhost.h" - #include "http_protocol.h" - #include "http_core.h" -+#include "http_main.h" - - #if APR_HAVE_ARPA_INET_H - #include -@@ -973,7 +974,13 @@ - } - - --static void check_hostalias(request_rec *r) -+/* -+ * Updates r->server from ServerName/ServerAlias. Per the interaction -+ * of ip and name-based vhosts, it only looks in the best match from the -+ * connection-level ip-based matching. -+ * Returns HTTP_BAD_REQUEST if there was no match. -+ */ -+static int update_server_from_aliases(request_rec *r) - { - /* - * Even if the request has a Host: header containing a port we ignore -@@ -1051,11 +1058,18 @@ - goto found; - } - -- return; -+ if (!r->connection->vhost_lookup_data) { -+ if (matches_aliases(r->server, host)) { -+ s = r->server; -+ goto found; -+ } -+ } -+ return HTTP_BAD_REQUEST; - - found: - /* s is the first matching server, we're done */ - r->server = s; -+ return HTTP_OK; - } - - -@@ -1072,7 +1086,7 @@ - * This is in conjunction with the ServerPath code in http_core, so we - * get the right host attached to a non- Host-sending request. - * -- * See the comment in check_hostalias about how each vhost can be -+ * See the comment in update_server_from_aliases about how each vhost can be - * listed multiple times. - */ - -@@ -1136,10 +1150,16 @@ - - AP_DECLARE(void) ap_update_vhost_from_headers(request_rec *r) - { -+ ap_update_vhost_from_headers_ex(r, 0); -+} -+ -+AP_DECLARE(int) ap_update_vhost_from_headers_ex(request_rec *r, int require_match) -+{ - core_server_config *conf = ap_get_core_module_config(r->server->module_config); - const char *host_header = apr_table_get(r->headers_in, "Host"); - int is_v6literal = 0; - int have_hostname_from_url = 0; -+ int rc = HTTP_OK; - - if (r->hostname) { - /* -@@ -1152,8 +1172,8 @@ - else if (host_header != NULL) { - is_v6literal = fix_hostname(r, host_header, conf->http_conformance); - } -- if (r->status != HTTP_OK) -- return; -+ if (!require_match && r->status != HTTP_OK) -+ return HTTP_OK; - - if (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE) { - /* -@@ -1174,10 +1194,16 @@ - /* check if we tucked away a name_chain */ - if (r->connection->vhost_lookup_data) { - if (r->hostname) -- check_hostalias(r); -+ rc = update_server_from_aliases(r); - else - check_serverpath(r); - } -+ else if (require_match && r->hostname) { -+ /* check the base server config */ -+ rc = update_server_from_aliases(r); -+ } -+ -+ return rc; - } - - /** diff -Nru apache2-2.4.48/debian/patches/CVE-2021-40438-improvement.patch apache2-2.4.49/debian/patches/CVE-2021-40438-improvement.patch --- apache2-2.4.48/debian/patches/CVE-2021-40438-improvement.patch 1970-01-01 00:00:00.000000000 +0000 +++ apache2-2.4.49/debian/patches/CVE-2021-40438-improvement.patch 2021-09-30 03:59:48.000000000 +0000 @@ -0,0 +1,38 @@ +Description: fix CVE-2021-40438 regression +Author: Stefan Eissing +Origin: upstream, + https://github.com/apache/httpd/commit/6e768a81 + https://github.com/apache/httpd/commit/81a8b013 +Forwarded: not-needed +Reviewed-By: Moritz Muehlenhoff + Yadd +Last-Update: 2021-09-30 + +--- a/modules/mappers/mod_rewrite.c ++++ b/modules/mappers/mod_rewrite.c +@@ -617,6 +617,13 @@ + return 6; + } + break; ++ case 'u': ++ case 'U': ++ if (!ap_cstr_casecmpn(uri, "nix:", 4)) { /* unix: */ ++ *sqs = 1; ++ return (uri[4] == '/' && uri[5] == '/') ? 7 : 5; ++ } ++ break; + } + + return 0; +--- a/modules/proxy/proxy_util.c ++++ b/modules/proxy/proxy_util.c +@@ -2291,7 +2291,8 @@ + rv = apr_uri_parse(r->pool, uds_url, &urisock); + *origin_url++ = '|'; + +- if (rv == APR_SUCCESS && urisock.path && !urisock.hostname) { ++ if (rv == APR_SUCCESS && urisock.path && (!urisock.hostname ++ || !urisock.hostname[0])) { + uds_path = ap_runtime_dir_relative(r->pool, urisock.path); + } + if (!uds_path) { diff -Nru apache2-2.4.48/debian/patches/fhs_compliance.patch apache2-2.4.49/debian/patches/fhs_compliance.patch --- apache2-2.4.48/debian/patches/fhs_compliance.patch 2021-08-12 11:51:47.000000000 +0000 +++ apache2-2.4.49/debian/patches/fhs_compliance.patch 2021-09-30 03:53:10.000000000 +0000 @@ -4,7 +4,7 @@ Last-Update: 2012-02-25 --- a/configure +++ b/configure -@@ -40439,17 +40439,17 @@ +@@ -40427,17 +40427,17 @@ cat >>confdefs.h <<_ACEOF diff -Nru apache2-2.4.48/debian/patches/series apache2-2.4.49/debian/patches/series --- apache2-2.4.48/debian/patches/series 2021-08-12 11:51:47.000000000 +0000 +++ apache2-2.4.49/debian/patches/series 2021-09-30 03:59:48.000000000 +0000 @@ -7,8 +7,8 @@ #mod_proxy_ajp-add-secret-parameter.diff #buffer-http-request-bodies-for-tlsv13.diff #tlsv13-add-logno.diff +spelling-errors.diff # This patch is applied manually #suexec-custom.patch -spelling-errors.diff -CVE-2021-33193.patch +CVE-2021-40438-improvement.patch diff -Nru apache2-2.4.48/debian/upstream/signing-key.asc apache2-2.4.49/debian/upstream/signing-key.asc --- apache2-2.4.48/debian/upstream/signing-key.asc 2021-08-12 11:51:47.000000000 +0000 +++ apache2-2.4.49/debian/upstream/signing-key.asc 2021-09-30 03:53:10.000000000 +0000 @@ -5259,3 +5259,63 @@ Ot6BQHeyFl0mtrYT1mI= =L7j3 -----END PGP PUBLIC KEY BLOCK----- + +pub rsa4096 2021-09-01 [SC] + 26F51EF9A82F4ACB43F1903ED377C9E7D1944C66 +uid [ ultimativ ] Stefan Eissing (icing) +sub rsa4096 2021-09-01 [E] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: GPGTools - https://gpgtools.org + +mQINBGEvgQMBEADHvUv7G4XclbrRea5S/m0xcV/n4eAOE7UjoDhJurR2NYEA7Ori +YML3h+Uo0a8Fr7BWdvi9FucaxUbZ7ohbUULBNfFDRpH52ojNnnKaKgtWNbGjz0BJ +3y9Udlo7jblGXnsO5zDUoQI8t5I3MjrCK3lU5OO0gvMloa8aSl/rQJ4zo5AYx2VN +Tek0JNcccp5LJaQ31BmoC0ucanBZniQG0CrMKUw6utNoY/6HF2jNVxzBs0VBneA2 +LhIJ/2QKYIEfqTTmmDqeor/Uk3xowEpnAiEe1Y+QKlRkvNs0txekB9XKbW+L6yS8 +yW7VPtAMU4IAA6FKvSOAPWSAuqc0beitZarCw4zCLf5EsluI+r0j4nJ/rCNroiUe +CNCDx4i5wwV39m0+Dmei3HuXUBqyH1ydDspZdgSGacLqUOsj7M+v+lpWiWEgbEo8 +w1jeQ9mn+Juj73QLR3bmUxjTe8acTl22/FGKndMcNf+pawLh51NvqmOPGOX+w+Ul +jWIVG6nTCBZB3OACk8to16YMgw8NfK38VHM76YpMOJwgEk+kqljDU0vvI1LIxoT/ +BHyup3Bf2scPPKhe7U47+WBz2f2FC9ZQdlm7VhMYWhGfiilY+SkAHGIto6KEeavv +O5lo2ziOqsotQeYSN/2nyWLcayC5dQxmZJoo1VvjibRm/GkDGLTmc0wEcwARAQAB +tCtTdGVmYW4gRWlzc2luZyAoaWNpbmcpIDxzdGVmYW5AZWlzc2luZy5vcmc+iQJO +BBMBCgA4FiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmEvgQMCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQ03fJ59GUTGaH/g//XHeDFajXzOuebcvVf6iQKUMS +WYlV/GO2f27ZutNv1nFmD6zvlOZ6yr+JANoMAK9iXK6K/R8fYlL1LzkJvCS4V0i3 +fnbZto3bd2Eiyitvs0ppj1c6GLOU5EtWLHsa3l1/X7EGjY9yOguqk168wLwMOXpy +YXGOzdqUxrep91kE4Z3y3YflcRm+3Fvi4dARnjAZguiMvbOLaiEHZ4jDDcckxQr3 +9uOWpq7OYY07PvemqCJyczVkzEKxDj7hm62p9HvoJB/KwTFkYW1aLfB8fd834iEc +6DoF17V8DoPMoU1kLRdcVDEsJPpFFEBF3pn2cmi+oOryRrSK1Rbo+HHQyFqo3D01 +9/svYZHRXnXhRbfBd45/qYaJOeq4tqo572Lv2LFDkuZ6S3rJ1qgVPSvSHL7kkOxh ++/x2zRujXzgdVorjXLYw6LfkCHzaevd/DVycHh6d5ctfiTSEsy3JVp+XKK94r8Rb +e9ybf6whA7tEnuwr0sX5219eYGWw5/awMn8UfMSdrRYQbRdW7Wr8vA+7UMdlY+VI +51gFBAod11bSi9uMPToXczwYH3OMRnAn04sIp2BOwCwnIW4h+RD71pnZgDMcxiil +NxhZJYw8w5dvla2v3zxh+oCa+bdP79wHbphNVVWMfhJcnRbQlDiZgoKXdPhU+mcN +BlyebrE81USOWMS6XXi5Ag0EYS+BAwEQAJ1jce2bjEpG6RNaXkN03GuzB8EOOW4K +J7t2ZNhX77okMdcUrXcu8DvvDG7okGDtwB+Ql6yWwbJeCIxhyWeeF+TwcZWvBs00 +3uiiZLfissN4pn9198BtxntUVqoc1NKbAudOyAimlCUlDExEhHQQ6PYP7i6xBf/M +3MZlYyni2ZnMjbsxuNXTN0TR2J53sKCaQvjQjWQwD9N5/0ZivU/uiCuG1Sbn6Wjt +Xp511g74m0Rio68i12/QVEfMZWhorWDhDxQSPhVWqFC1sChLDHZ/7L1IhzMX0q3W +xPCK+rBsMSy/SWw5GotrQATIgJLTGQG7tehDWiVDTxCQSrELQoawJdO99g6C+OEL +m3Z5CnDYVwD4CLPB+DRROaB8UbauvMJZCHMo3OXUALj89ZRpD20h2RQyIkTl37LS +J9IYM9SxA792ujNoUbdWS/FNIUpopP94jemyaj6qqEBwUGMvIPE0RdsIPdOEcuS3 +3kW9W/bHlWCe8m0CIPbwZFohNGk9+KBalz1CTNnZxB7rvRyLLhzJws9BqtU7X3dy +J0ZcYHGQJsvU8ZfAM/EUMLbyvUSbnDdNwDDjduO8ZuOWYjg5f/FwSR25k/yGvfUe +RyiptHnl5c7BMkNaEtfHFVDPOIts6vDVD3K/np9AK7UY58snaMnqFTtxz1munJSX +C0IXelr+V6hRABEBAAGJAjYEGAEKACAWIQQm9R75qC9Ky0PxkD7Td8nn0ZRMZgUC +YS+BAwIbDAAKCRDTd8nn0ZRMZqEoD/49MVe/6bW54eh0CG6B07tY1qlkelSv+xfY +tgZ3V+vZFtLVjo0RYpeP4Yt0ZtpNqZEPnHqwAvD7TZQayNVgo13uK/0aBlAhVtWZ +54nuItHcwT90u+3Tj5hnHwPptIxSsfRWEAg5BkegQN76c+yhNHWJ5U2H2pG2+YkP +dXHS89/nbDEi9kZhgtIer9lhmZSgSO2RYzj/QHgLNEor3IGUGAI3u0M2o+dcoVyH +NJGPRboBzCm8qNDt/3cctQDzFdDA+3X7KbPKekYs3ewuO1l+JtXtnq3S4tkvMDI1 +ZKX0RBydw5w+bksTk6Z7X7nbYmPCeNNBVQUshwQwDXCHPDXd1MxWJHqTz8lOPo70 +fHH0DWTTOw9rNMacUnz7FE0veDcknOZQ4snbHwZkUC4Mg5wM6KOyWgrTW6XK0TSx +Su1Qou7xKD/A1zgx9C0eIqicnifDUEY9SGfXaJrsJDJICEP0BtmcfsP0Z8DcmzOv +atfaF/cmJBtSR6IegJYJCtrlFdpIKQSikZO4QP5B3odc0ipuklkJcPkbQhpx+C5x +O3yU7Izv+cy+yhF+uq8NtWVQx+WCtt4RWqSn6sxtUvTb5qnRbMQtZJ2vbN8+WqTK +ZNlXGF7PBgjSTJnHmCvaT4gfVnJ/NAwn4stq+bdPnrBSKaDnYGwWpV9g8u+XSpOF +ebJKIV3Evw== +=tHCM +-----END PGP PUBLIC KEY BLOCK----- + diff -Nru apache2-2.4.48/docs/manual/bind.html.de apache2-2.4.49/docs/manual/bind.html.de --- apache2-2.4.48/docs/manual/bind.html.de 2021-04-22 06:43:44.000000000 +0000 +++ apache2-2.4.49/docs/manual/bind.html.de 2021-09-10 13:46:32.000000000 +0000 @@ -202,7 +202,7 @@  ja  |  ko  |  tr 

-
top

Kommentare

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
+
top

Kommentare

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.