1.52. httpd
1.52.1. RHBA-2011:1067: httpd bug fix and enhancement update
Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.
Important
This update was released as errata RHBA-2011:1067 — httpd bug fix and enhancement update.
The Apache HTTP Server is a popular web server.
Bug Fixes:
- BZ#264681
- Prior to this update, using any mod_ldap directive within a
VirtualHost
context prevented the module from caching results for that particular virtual host. This update adapts the mod_ldap module to make sure that caching now works correctly in such configurations. - BZ#552303, BZ#632407
- When the mod_proxy module was configured as a reverse proxy, multiple unrelated bugs may have prevented it from operating correctly, and may have led to incorrect handling of connection timeouts or even data corruption. With this update, various patches have been applied to address this issue, and the mod_proxy module can now serve as a reverse proxy as expected.
- BZ#580008
- When the mod_deflate module was configured to compress responses and an HTTP client prematurely terminated a connection, the previous version of the
httpd
service may have terminated unexpectedly with a segmentation fault. This update applies a patch that resolves this issue, andhttpd
no longer crashes. - BZ#604727
- Prior to this update, the mod_authnz_ldap module was unable to handle referrals from an LDAP server. This update introduces the
LDAPChaseReferrals
directive, which allows users to enable referral chasing. - BZ#614423
- Previously, when the
OID
() function was used as part of theSSLRequire
directive, it was unable to parse certificate attributes of an unknown type. Consequent to this, strings that use the Abstract Syntax Notation One (ASN.1) notation were not rendered properly, and may have been incorrectly prefixed with a random string. This update adapts theOID
() function to parse all unknown attributes as ASN.1 strings, so that these strings are now rendered as expected. - BZ#649648
- Due to incorrect handling of the SSL certificate cache, an attempt to use an SSL configuration with multiple
VirtualHost
sections that use identicalServerName
values rendered thehttpd
service unable to start. With this update, the underlying source code has been adapted to address this issue, and using multipleVirtualHost
sections with identicalServerNames
values no longer preventshttpd
from starting. - BZ#673276
- Due to incorrect handling of responses with multiple duplicate headers, when a user configured the
httpd
service to transform HTTP response headers by specifyingedit
as a value of theHeader
directive, only one of the matching headers was retained. This has now been fixed, and theedit
mode is now applied correctly across all HTTP response headers. - BZ#674102
- When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the
KeepAlive
directive set toOn
) kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with persistent connections no longer process new requests when a graceful restart is requested. - BZ#678057
- Prior to this update, an attempt to use the
ProxyPassReverse
directive with abalancer://
URL that included a path segment caused redirect responses to map the HTTP Location header paths incorrectly. This error has been fixed, and HTTP Location header paths are now mapped correctly. - BZ#679994
- Previously, the
FilterProvider
directive of the mod_filter module was unable to match against non-standard HTTP response headers. With this update, the underlying source code has been adapted to address this issue, and theFilterProvider
directive is now able to match against non-standard HTTP response headers as expected. - BZ#691497
- When configured as a reverse proxy, the previous version of the mod_proxy module was unable to establish an SSL connection via an intermediary proxy configured using the
ProxyRemote
directive. This update adapts the mod_proxy module to support this configuration. - BZ#698402
- Prior to this update, the mod_include module may have failed to parse certain Server Side Include (SSI) documents if the response contained attribute boundaries that were split across multiple buckets. This update corrects this error, and such SSI documents can now be parsed as expected.
Enhancements:
- BZ#379811
- When using the mod_cache module, by default, the
CacheMaxExpire
directive is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update adapts the mod_cache module to provide support forhard
as a second argument of theCacheMaxExpire
directive, allowing a maximum expiry time to be enforced for all resources. - BZ#555870
- The mod_proxy_balancer load balancer module has been updated to provide support for the bybusyness scheduler algorithm.
- BZ#612198
- The mod_reqtimeout module has been added. When enabled, this module allows fine-grained timeouts to be applied during request parsing.
- BZ#658766
- The mod_proxy and mod_proxy_http modules have been updated to provide support for remote HTTPS proxy servers by using the
HTTP CONNECT
method.
All users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.