1.47. httpd

Updated httpd packages that resolve several issues are now available.

The Apache HTTP Server is a popular web server.

These updated packages provide fixes for the following bugs:

* In a reverse proxy configuration, the Date field in the response headers sent by an upstream server was replaced by a Date header using the local time at the proxy server. This could result in inappropriate caching of the response in browsers or downstream caches. The Date header is no longer replaced in a reverse proxy configuration and caching is correct. ( BZ#565865)

* Due to a bug in the filter initialization process, filters configured using the "mod_filter" module were not handled correctly if a "sub-request" took place. For example, using the "FilterChain" directive to configure the "DEFLATE" compression filter with a Server-Side-Include page could result in pages which were only partially compressed. With this update filters used with mod_filter operate correctly. ( BZ#570628)

* If using a WebDAV repository, uploading new content with the "PUT" HTTP method could remove an existing resource if an error occurred during the upload. This was caused by a bug in failure handling. With this update the content remains in place. ( BZ#572910)

* The output of the "mod_deflate" module could have contained corrupted or empty HTTP responses when either response compression was enabled, or when acting as a proxy, expansion of compressed responses from upstream servers. The compressed responses are now fixed. ( BZ#593715, BZ#612211)

* If the "mod_dbd" module was used, due to a memory lifetime issue in the module, an error message from glibc concerning "double free or corruption" could be raised when the httpd daemon was stopped, and the daemon would terminate unexpectedly. This update fixes the memory lifetime issues. The error message no longer appears and the server exits normally. ( BZ#633955)

* When executing "service httpd stop", a 10-seconds timeout is used before terminating the httpd parent process in case of error. If this timeout was insufficient, resources did not allow the parent process to terminate cleanly and could be leaked. The "STOP_TIMEOUT" environment variable has been introduced which can be used in the "/etc/sysconfig/httpd" configuration file to change the timeout. This can be used to allow a longer delay and fix resource leaks if the httpd parent is slow to terminate. ( BZ#644223)

* If arguments passed to the "ab" benchmarking program triggered a memory allocation failure, ab could terminate with a Segmentation Fault error. The memory allocation failure is now trapped earlier, and the program exits gracefully with an error message. ( BZ#645845)

All httpd users are advised to upgrade to these updated packages, which resolve these issues.