1.52. httpd

1.52.1. RHBA-2011:1067: httpd bug fix and enhancement update

Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1067 — httpd bug fix and enhancement update.
The Apache HTTP Server is a popular web server.
Bug Fixes:
BZ#264681
Prior to this update, using any mod_ldap directive within a VirtualHost context prevented the module from caching results for that particular virtual host. This update adapts the mod_ldap module to make sure that caching now works correctly in such configurations.
BZ#552303, BZ#632407
When the mod_proxy module was configured as a reverse proxy, multiple unrelated bugs may have prevented it from operating correctly, and may have led to incorrect handling of connection timeouts or even data corruption. With this update, various patches have been applied to address this issue, and the mod_proxy module can now serve as a reverse proxy as expected.
BZ#580008
When the mod_deflate module was configured to compress responses and an HTTP client prematurely terminated a connection, the previous version of the httpd service may have terminated unexpectedly with a segmentation fault. This update applies a patch that resolves this issue, and httpd no longer crashes.
BZ#604727
Prior to this update, the mod_authnz_ldap module was unable to handle referrals from an LDAP server. This update introduces the LDAPChaseReferrals directive, which allows users to enable referral chasing.
BZ#614423
Previously, when the OID() function was used as part of the SSLRequire directive, it was unable to parse certificate attributes of an unknown type. Consequent to this, strings that use the Abstract Syntax Notation One (ASN.1) notation were not rendered properly, and may have been incorrectly prefixed with a random string. This update adapts the OID() function to parse all unknown attributes as ASN.1 strings, so that these strings are now rendered as expected.
BZ#649648
Due to incorrect handling of the SSL certificate cache, an attempt to use an SSL configuration with multiple VirtualHost sections that use identical ServerName values rendered the httpd service unable to start. With this update, the underlying source code has been adapted to address this issue, and using multiple VirtualHost sections with identical ServerNames values no longer prevents httpd from starting.
BZ#673276
Due to incorrect handling of responses with multiple duplicate headers, when a user configured the httpd service to transform HTTP response headers by specifying edit as a value of the Header directive, only one of the matching headers was retained. This has now been fixed, and the edit mode is now applied correctly across all HTTP response headers.
BZ#674102
When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the KeepAlive directive set to On) kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with persistent connections no longer process new requests when a graceful restart is requested.
BZ#678057
Prior to this update, an attempt to use the ProxyPassReverse directive with a balancer:// URL that included a path segment caused redirect responses to map the HTTP Location header paths incorrectly. This error has been fixed, and HTTP Location header paths are now mapped correctly.
BZ#679994
Previously, the FilterProvider directive of the mod_filter module was unable to match against non-standard HTTP response headers. With this update, the underlying source code has been adapted to address this issue, and the FilterProvider directive is now able to match against non-standard HTTP response headers as expected.
BZ#691497
When configured as a reverse proxy, the previous version of the mod_proxy module was unable to establish an SSL connection via an intermediary proxy configured using the ProxyRemote directive. This update adapts the mod_proxy module to support this configuration.
BZ#698402
Prior to this update, the mod_include module may have failed to parse certain Server Side Include (SSI) documents if the response contained attribute boundaries that were split across multiple buckets. This update corrects this error, and such SSI documents can now be parsed as expected.
Enhancements:
BZ#379811
When using the mod_cache module, by default, the CacheMaxExpire directive is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update adapts the mod_cache module to provide support for hard as a second argument of the CacheMaxExpire directive, allowing a maximum expiry time to be enforced for all resources.
BZ#555870
The mod_proxy_balancer load balancer module has been updated to provide support for the bybusyness scheduler algorithm.
BZ#612198
The mod_reqtimeout module has been added. When enabled, this module allows fine-grained timeouts to be applied during request parsing.
BZ#658766
The mod_proxy and mod_proxy_http modules have been updated to provide support for remote HTTPS proxy servers by using the HTTP CONNECT method.
All users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

1.52.2. RHBA-2011:0480: httpd bug fix update

Updated httpd packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The Apache HTTP Server is a popular web server.
This update fixes the following bug:
* When the mod_proxy module was configured as a reverse proxy using HTTP over SSL/TLS to a back-end server, data from the back end could be incorrectly truncated. This update applies a backported patch that resolves this issue, and using a reverse proxy with HTTP over SSL/TLS no longer causes the Apache HTTP Server to serve corrupted data. (BZ#694158)
All users of httpd are advised to upgrade to these updated packages, which fix this bug.