httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0 CHANGES STATUS
Date Wed, 10 Nov 2004 12:04:52 GMT
jorton      2004/11/10 04:04:52

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
  Log:
  Backports done.
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.377 +13 -0     httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.376
  retrieving revision 1.988.2.377
  diff -d -w -u -r1.988.2.376 -r1.988.2.377
  --- CHANGES	23 Oct 2004 14:25:23 -0000	1.988.2.376
  +++ CHANGES	10 Nov 2004 12:04:50 -0000	1.988.2.377
  @@ -1,5 +1,18 @@
   Changes with Apache 2.0.53
   
  +  *) SECURITY: CAN-2004-0942 (cve.mitre.org):
  +     Fix for memory consumption DoS in handling of MIME folded request
  +     headers.  [Joe Orton]
  +
  +  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
  +     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
  +     bypassed during an SSL renegotiation.  PR 31505.  
  +     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
  +
  +  *) mod_ssl: Fail at startup rather than segfault at runtime if a
  +     client cert is configured with an encrypted private key.
  +     PR 24030.  [Joe Orton]
  +
     *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
        [Joe Orton]
   
  
  
  
  1.751.2.1144 +1 -24     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.1143
  retrieving revision 1.751.2.1144
  diff -d -w -u -r1.751.2.1143 -r1.751.2.1144
  --- STATUS	9 Nov 2004 19:25:13 -0000	1.751.2.1143
  +++ STATUS	10 Nov 2004 12:04:50 -0000	1.751.2.1144
  @@ -71,19 +71,10 @@
   
   RELEASE SHOWSTOPPERS:
   
  -    *) mod_rewrite: Regression since 2.0.52 in QUERY_STRING handling
  -       for [P] rules.
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/mappers/mod_rewrite.c?r1=1.262&r2=1.263
  -       +1: jorton, nd, wrowe
  -
   PATCHES TO BACKPORT FROM 2.1
     [ please place file names and revisions from HEAD here, so it is easy to
       identify exactly what the proposed changes are! ]
   
  -    *) SECURITY: CAN-2004-0942 Fix for memory consumption DoS.
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c?r1=1.158&r2=1.159
  -       +1: stoddard, jorton, nd
  -
       *) util_ldap: Add the util_ldap_cache_getuserdn() API to allow 
          non-LDAP authentication modules the ability to use the util_ldap 
          cache for authorization purposes only rather than authentication.  
  @@ -97,20 +88,6 @@
            modules/aaa/mod_authnz_ldap.c: r1.7
   	 docs/manual/mod/mod_authnz_ldap.xml: r1.3
          +1: bnicholes, wrowe
  -
  -    *) mod_ssl: Fix and prevent an SSLCipherSuite bypass by resuming a
  -       session during a renegotiation.
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
  -       PR: 31505
  -       +1: jorton, pquerna, minfrin, wrowe
  -
  -    *) mod_ssl: Fail to configure when an SSL proxy is configured with
  -       incomplete client cert keypair, rather than segfaulting at
  -       runtime.
  -       http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
  -       PR: 24030
  -       +1: jorton, minfrin, jerenkrantz, wrowe
   
       *) mod_ssl: Fix an possible NULL pointer dereference in some configs.
          http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=13182
  
  
  

Mime
View raw message