httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r280171 - /httpd/httpd/branches/2.2.x/CHANGES
Date Sun, 11 Sep 2005 19:55:00 GMT
Author: wrowe
Date: Sun Sep 11 12:54:59 2005
New Revision: 280171

URL: http://svn.apache.org/viewcvs?rev=280171&view=rev
Log:

  SYNC to 2.0.x/CHANGES; shift backported patches to the fixed-in-2.0.x
  section, and ensure that common sections of CHANGES are 100% identical.


Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=280171&r1=280170&r2=280171&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sun Sep 11 12:54:59 2005
@@ -109,19 +109,12 @@
   *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'. 
      [Paul Querna]
 
-  *) proxy FTP: Fix confusion about globbing characters which could lead
-     to getting a directory listing when a file was requested.  PR 34512.
-     [Sean <infamous41md hotmail.com>]
-
   *) mod_mime_magic: Handle CRLF-format magic files so that it works with
      the default installation on Windows.  [Jeff Trawick]
 
   *) core: Allow multiple modules to register interest in a single 
      configuration command. [Paul Querna]
 
-  *) EBCDIC: Handle chunked input from client or, with proxy, origin
-     server.  [Jeff Trawick]
-
   *) authn_provider_alias: Adds the configuration block tag
      <AuthnProviderAlias baseProvider Alias>
      Authentication directives contained within this block can be
@@ -141,12 +134,6 @@
      during the build; -f and -Z arguments added to specify SSL protocol
      options.  [Masaoki Kobayashi <masaoki techfirm.co.jp>]
 
-  *) Support the suppress-error-charset setting, as with Apache 1.3.x.
-     PR 31274.  [Jeff Trawick]
-
-  *) Prevent hangs of child processes when writing to piped loggers at
-     the time of graceful restart.  PR 26467.  [Jeff Trawick]
-  
   *) mod_info: Show the Quick Handler [Paul Querna]
 
   *) mod_ldap: Add the directive LDAPVerifyServerCert to specify 
@@ -276,8 +263,8 @@
   *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
      [Rici Lake <rici ricilake.net>]
 
-  *) mod_proxy: Fix incorrect decoding/unescaping for reverse proxies.
-     PR 32459, 15207. [Jim Jagielski]
+  *) mod_proxy: Fix ap_proxy_canonenc API.
+     PR 32459. [Jim Jagielski]
 
   *) mod_cache: Add CacheStorePrivate and CacheStoreNoStore directive.
      [Justin Erenkrantz]
@@ -815,7 +802,43 @@
      invoked cgi application, to conform to the behavior of mod_cgi.
      [Pradeep Kumar S <pradeep.smani gmail.com>]
 
-  *) SECURITY: CAN-2005-2088
+  *) mod_include: Fix possible environment variable corruption when 
+     using nested includes.  PR 12655.  [Joe Orton]
+
+  *) Support the suppress-error-charset setting, as with Apache 1.3.x.
+     PR 31274.  [Jeff Trawick]
+
+  *) EBCDIC: Handle chunked input from client or, with proxy, origin
+     server.  [Jeff Trawick]
+
+  *) Fix bad globbing comparison which could result in getting
+     a directory listing when a file was requested. PR 34512.
+     [sean <infamous41md hotmail.com>]
+
+  *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
+     was called even if mod_auth_ldap_check_user_id() was not
+     (or if it didn't succeed) for non-authoritative cases.
+     [Jim Jagielski]
+
+  *) SECURITY: CAN-2005-2728 (cve.mitre.org)
+     Fix cases where the byterange filter would buffer responses
+     into memory.  PR 29962.  [Joe Orton]
+
+  *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
+     PR 15207.  [Jim Jagielski]
+
+  *) mod_ldap: Fix various shared memory cache handling bugs.
+     PR 34209.  [Joe Orton]
+
+  *) Fix a file descriptor leak when starting piped loggers.  PR 33748. 
+     [Joe Orton]
+
+  *) mod_ldap: Avoid segfaults when opening connections if using a version
+     of OpenLDAP older than 2.2.21.  PR 34618.  [Brad Nicholes]
+
+  *) mod_ssl: Fix build with OpenSSL 0.9.8.  PR 35757.  [William Rowe]
+
+  *) SECURITY: CAN-2005-2088 (cve.mitre.org)
      core: If a request contains both Transfer-Encoding and Content-Length
      headers, remove the Content-Length, mitigating some HTTP Request 
      Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
@@ -825,6 +848,9 @@
      connection, mitigating some HTTP Response Splitting attacks.
      [Jeff Trawick]
 
+  *) Prevent hangs of child processes when writing to piped loggers at
+     the time of graceful restart.  PR 26467.  [Jeff Trawick]
+
   *) SECURITY: CAN-2005-1268 (cve.mitre.org)
      mod_ssl: Fix off-by-one overflow whilst printing CRL information
      at "LogLevel debug" which could be triggered if configured 
@@ -833,8 +859,8 @@
   *) mod_userdir: Fix possible memory corruption issue.  PR 34588.
      [David Leonard <dleonard vintela.com>]
 
-  *) worker MPM: don't take down the whole server for a transient
-     thread creation failure.  PR 34514.  [Greg Ames]
+  *) worker mpm: don't take down the whole server for a transient
+     thread creation failure. PR 34514 [Greg Ames]
   
   *) mod_rewrite: use buffered I/O to improve performance with large
      RewriteMap txt: files.  [Greg Ames]
@@ -853,6 +879,11 @@
      the ldap socket connection timeout value.  
      [Brad Nicholes]
 
+  *) Correctly export all mod_dav public functions.
+     [Branko Čibej <brane xbc.nu>]
+
+  *) Add a build script to create a solaris package. [Graham Leggett]
+
   *) worker MPM: Fix a problem which could cause httpd processes to
      remain active after shutdown.  [Jeff Trawick]
 
@@ -902,7 +933,7 @@
      modules/expermimental subdirectory.  [Jim Jagielski]
 
   *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
-     library handles special characters. PR 24437.  [Jess Holle]
+     library handles special characters.  PR 24437.  [Jess Holle]
 
   *) Win32 MPM: Correct typo in debugging output.  [William Rowe]
 
@@ -911,10 +942,10 @@
      [Roy Fielding]
 
   *) Add charset to example CGI scripts.  [Roy Fielding]
- 
+
   *) mod_ssl: fail quickly if SSL connection is aborted rather than
      making many doomed ap_pass_brigade calls.  PR 32699.  [Joe Orton]
- 
+
   *) Remove compiled-in upper limit on LimitRequestFieldSize.
      [Bill Stoddard]
 
@@ -964,11 +995,11 @@
 
   *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
      [Joe Orton]
-                                                                                
+
   *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
      [Jeff Trawick]
-
-  *) mod_cache: CacheDisable will only disable the URLs it was meant to 
+ 
+  *) mod_cache: CacheDisable will only disable the URLs it was meant to
      disable, not all caching. PR 31128.
      [Edward Rudd <eddie omegaware.com>, Paul Querna]
 
@@ -989,13 +1020,14 @@
      [Rüdiger Plüm <r.pluem t-online.de>]
 
   *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
-     statistics display. PR 29216.  [Graham Leggett]
+     statistics display. PR 29216. [Graham Leggett]
 
   *) mod_ldap: fix a bogus error message to tell the user which file
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
 
-  *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
+  *) SECURITY: CAN-2004-1834 (cve.mitre.org)
+     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 
   *) Fix the re-linking issue when purging elements from the LDAP cache
      PR 24801.  [Jess Holle <jessh ptc.com>]
@@ -1029,7 +1061,7 @@
   *) mod_mem_cache: Fixed race condition causing segfault because of memory being
      freed twice, or reused after being freed.
      [J. Clar, W. Stoddard, G. Ames]
-
+    
   *) Add -l option to rotatelogs to let it use local time rather than
      UTC.  PR 24417.  [Ken Coar, Uli Zappe <uli ritual.org>]
 
@@ -1203,11 +1235,11 @@
 
   *) Add the NOTICE file to the rpm spec file in compliance with the
      Apache v2.0 license. [Graham Leggett]
-
+ 
   *) RPM spec file changes: changed default dependancy to link to db4
      instead of db3. Fixed complaints about unpackaged files.
      [Graham Leggett]
-
+ 
 Changes with Apache 2.0.50
 
   *) SECURITY: CAN-2004-0493 (cve.mitre.org)
@@ -2021,7 +2053,8 @@
      names faulted the running OS2 worker process.  The fix is
      actually in APR 0.9.4.  [Brian Havard]
 
-  *) Forward port: Escape special characters (especially control
+  *) SECURITY: CAN-2003-0083 (cve.mitre.org)
+     Forward port: Escape special characters (especially control
      characters) in mod_log_config to make a clear distinction between
      client-supplied strings (with special characters) and server-side
      strings. This was already introduced in version 1.3.25.
@@ -3272,7 +3305,7 @@
 
   *) Fix AcceptPathInfo. PR 8234  [Cliff Woolley]
 
-  *) SECURITY:  CAN-2002-1592 (cve.mitre.org) [CERT VU#165803]
+  *) SECURITY: CAN-2002-1592 (cve.mitre.org) [CERT VU#165803]
      Added the APLOG_TOCLIENT flag to ap_log_rerror() to
      explicitly tell the server that warning messages should be sent 
      to the client in addition to being recorded in the error log. 



Mime
View raw message