httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r571441 - /httpd/httpd/trunk/CHANGES
Date Fri, 31 Aug 2007 12:15:02 GMT
Author: jim
Date: Fri Aug 31 05:15:02 2007
New Revision: 571441

URL: http://svn.apache.org/viewvc?rev=571441&view=rev
Log:
Finish cleanup of CHANGES files, to reduce the sync required
when backporting, etc...

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=571441&r1=571440&r2=571441&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 31 05:15:02 2007
@@ -1,5 +1,6 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.3.0
+[ When backported to 2.2.x, remove entry from this file ]
 
   *) mod_proxy_connect: avoid segfault on DNS lookup failure.
      PR 40756 [Trevin Beattie <tbeattie boingo.com>]
@@ -346,468 +347,6 @@
      allowing string-valued client certificate attributes to be used for
      access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
      [Martin Kraemer, David Reid]
-
-Changes with Apache 2.2.5
-
-  *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]
-
-  *) mod_deflate: fix protocol handling in deflate input filter
-     PR 23287 [Nick Kew]
-
-  *) mod_proxy: fix buffer overflow issue
-     PR 41144 [Davi Arnaut]
-
-  *) mime.types: add Registered Javascript/ECMAScript MIME types (RFC4329)
-     PR 40299 [Dave Hodder <dmh dmh.org.uk>]
-
-  *) mod_filter: fix integer comparisons in dispatch rules
-     PR 41835 [Nick Kew]
-
-  *) mod_filter: fix merging of ! and = in FilterChain
-     PR 42186 [Issac Goldstand <margol beamartyr.net>]
- 
-  *) mod_cache: Let Cache-Control max-age set the expiration of the cached
-     representation if Expires is not set.  [Justin Erenkrantz]
-
-  *) mod_disk_cache: Allow Vary'd responses to be refreshed properly.
-     [Justin Erenkrantz]
-
-  *) mod_cache: Allow caching of requests with query arguments when
-     Cache-Control max-age is explicitly specified.  [Justin Erenkrantz]
-
-  *) mod_proxy: Print the correct error message for erroneous configured
-     ProxyPass directives. PR 40439. [serai lans-tv.com]
-
-  *) mod_so: Provide more helpful LoadModule feedback when an error occurs.
-     [William Rowe]
-
-  *) mod_alias: Accept path components (URL part) in Redirects.  PR 35314.
-     [Nick Kew]
-
-  *) mod_headers: Allow % at the end of a Header value.  PR 36609.
-     [Nick Kew, Ruediger Pluem]
-
-  *) mod_cache: Use the same cache key throughout the whole request processing
-     to handle escaped URLs correctly.  PR 41475. [Ruediger Pluem]
-
-  *) mod_cache: Add CacheIgnoreQueryString directive.  PR 41484.
-     [Fredrik Widlund <fredrik.widlund qbrick.com>]
-
-  *) mod_cache: While serving a cached entity ensure that filters that have
-     been applied to this cached entity before saving it to the cache are not
-     applied again. PR 40090. [Ruediger Pluem]
-
-  *) mod_cache: Correctly cache objects whose URL query string has been
-     modified by mod_rewrite. PR 40805. [Ruediger Pluem]
-
-  *) mod_proxy_http: Change handling of ProxyErrorOverride such that
-     3xx responses are no longer over-ridden (handling of 4xx and 5xx
-     responses is unchanged).  PR 39245.
-     [Jeff Trawick, Bart van der Schans <schans hippo.nl>]
-
-  *) htdbm: Enable crypt support on platforms with crypt() but not
-     <crypt.h>, such as z/OS. [David Jones <oscaremma gmail.com>]
-
-  *) mod_ssl: initialize thread locks before initializing the hardware
-     acceleration library, so the latter can make use of the former. 
-     PR 20951. [adunn at ncipher.com]
-
-  *) ab.c: Correct behavior of HTTP request headers sent by ab
-     in presence of -H command-line overrides. PR 31268, 26554.
-     [Arvind Srinivasan <arvind.srinivasan  sun.com>]
-
-  *) ab.c: The apr_port_t type is unsigned, but ab was using a
-     signed format code in its reports. PR 42070.
-     [Takashi Sato <serai  lans-tv.com>]
-
-  *) core: Correct a regression since 2.0.x in the handling of AllowOverride 
-     Options.  PR 41829.  [Torsten Förtsch <torsten.foertsch gmx.net>]
-
-  *) mod_proxy_http: Handle request bodies larger than 2 GB by converting
-     the Content-Length header of the request correctly. PR 40883.
-     [Ruediger Pluem, toadie <toadie643 gmail.com>]
-
-  *) mod_proxy: Fix some proxy setting inheritance problems (eg:
-     ProxyTimeout). PR 11540. [Stuart Children <stuart terminus.co.uk>]
-
-  *) Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
-     can work after that terminating signal.
-     [Eric Covener <covener gmail.com>]
-
-  *) Win32: Makefile.win will now build with MS VC 8 (Visual Studio 2005)
-     including embedding the .manifest information into each binary.
-     [William Rowe]
-
-Changes with Apache 2.2.4
-
-  *) mod_isapi: Correctly present SERVER_PORT_SECURE.
-     PR: 40573.  [Matt Eaton <asf divinehawk.com>]
-
-  *) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util
-     statically like the older support programs.
-     [Eric Covener <covener gmail.com>]
-
-  *) core: Fix NONBLOCK status of listening sockets on restart/graceful
-     PR 37680.  [Darius Davis <darius-abz free-range.com.au>]
-
-  *) mod_deflate: Rework inflate output and deflate output filter to fix several
-     issues: Incorrect handling of flush buckets, potential memory leaks,
-     excessive memory usage in inflate output filter for large compressed
-     content. PR 39854. [Ruediger Pluem, Nick Kew, Justin Erenkrantz]
-
-  *) mod_mem_cache: Memory leak fix: Unconditionally free the buffer.
-     [Davi Arnaut <davi haxent.com.br>]
-
-  *) Allow mod_dumpio to log at other than DEBUG levels via
-     the new DumpIOLogLevel directive. [Jim Jagielski]
-
-  *) rotatelogs: Improve error message for open failures.  PR 39487.
-     [Joe Orton]
-
-  *) Better detection and clean up of ldap connection that has been
-     terminated by the ldap server.  PR 40878.
-     [Rob Baily <rbaily servicebench com>]
-
-  *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions
-     by creating a root pool for object persistence across requests. This
-     also eliminates the need for custom serialization code.
-     [Davi Arnaut <davi haxent.com.br>]
-
-  *) mod_authnz_ldap: Add an AuthLDAPRemoteUserAttribute directive. If
-     set, REMOTE_USER will be set to this attribute, rather than the
-     username supplied by the user. Useful for example when you want users
-     to log in using an email address, but need to supply a userid instead
-     to the backend.  [Graham Leggett]
-
-  *) mod_cgi and mod_cgid: Don't use apr_status_t error return
-     from input filters as HTTP return value from the handler.
-     PR 31579.  [Nick Kew]
-
-  *) mod_cache: Eliminate a bogus error in the log when a filter returns
-     AP_FILTER_ERROR.  [Niklas Edmundsson <nikke acc.umu.se>]
-
-  *) core: Fix issue which could cause piped loggers to be orphaned and never
-     terminate after a graceful restart.  PR 40651.  [Joe Orton, Ruediger Pluem]
-
-  *) core: Fix address-in-use startup failure caused by corruption of the list
-     of listen sockets in some configurations with multiple generic Listen
-     directives.  [Jeff Trawick]
-
-  *) mod_headers: Support regexp-based editing of HTTP headers.  [Nick Kew]
-
-  *) mod_proxy: Add explicit flushing feature. When Servlet container sends AJP
-     body message with size 0, this means that Servlet container has asked for
-     an explicit flush. Create flush bucket in that case. This feature has been
-     added to the recent Tomcat versions without breaking the AJP protocol.
-     [Mladen Turk]
-
-  *) mod_proxy_balancer: Set the new environment variable BALANCER_ROUTE_CHANGED
-     if a worker with a route different from the one supplied by the client
-     had been chosen or if the client supplied no routing information for
-     a balancer with sticky sessions. [Ruediger Pluem]
-
-  *) mod_proxy_balancer: Add information about the route, the sticky session
-     and the worker used during a request as environment variables. PR 39806.
-     [Brian <brectanu gmail.com>]
-
-  *) mod_proxy: Don't try to use dead backend connection. PR 37770.
-     [Olivier BOEL <ob dorrboel.com>]
-
-  *) mod_proxy_balancer: Extract stickysession routing information contained as
-     parameter in the URL correctly. PR 40400.
-     [Ruediger Pluem, Tomokazu Harada <harada sysrdc.ns-sol.co.jp>]
-
-  *) mod_proxy_ajp: Added cping/cpong support for the AJP protocol.
-     A new worker directive ping=timeout will cause CPING packet
-     to be send expecting CPONG packet within defined timeout.
-     In case the backend is too busy this will fail instead
-     sending the full header.  [Mladen Turk]
-
-  *) mod_cache: From RFC3986 (section 6.2.3.) if a URI contains an
-     authority component and an empty path, the empty path is to be equivalent
-     to "/". It explicitly cites the following four URIs as equivalents:
-       http://example.com
-       http://example.com/
-       http://example.com:/
-       http://example.com:80/
-     [Davi Arnaut <davi haxent.com.br>]
-
-  *) mod_cache: Don't cache requests with a expires date in the past;
-     otherwise mod_cache will always try to cache the URL. This bug
-     might lead to numerous rename() errors on win32 if the URL was
-     previously cached.  [Davi Arnaut <davi haxent.com.br>]
-
-  *) mod_disk_cache: Make sure that only positive integers are accepted
-     for the CacheMaxFileSize and CacheMinFileSize parameters in the
-     config file. PR39380.  [Niklas Edmundsson <nikke acc.umu.se>]
-
-  *) core: Deal with the widespread use of apr_status_t return values
-     as HTTP status codes, as documented in PR#31759 (a bug shared by
-     the default handler, mod_cgi, mod_cgid, mod_proxy, and probably
-     others). PR31759.  [Jeff Trawick, Ruediger Pluem, Joe Orton]
-
-  *) mod_ext_filter: Handle filter names which include capital letters.
-     PR 40323.  [Jeff Trawick]
-
-  *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
-     support.  Also corrects the slashes for Windows.
-     PR 15993.  [William Rowe]
-
-  *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
-     token parser worked while the resulting length was misinterpreted.
-     PR 29098.  [Brock Bland <bbland serena.com>]
-
-  *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
-     attempts to stream the response at the client.  Log these as well.
-     PR 30022, 40470.  [William Rowe, Matt Eaton <asf divinehawk.com>]
-
-  *) mod_isapi: Ensure we walk through all the methods the developer may have
-     employed to report their HTTP status result code.
-     PR 16637 30033 28089.  [Matt Lewandowsky <matt iamcode.net>, William Rowe]
-
-  *) mod_echo: Fix precedence problem in if statement. PR 40658.
-     [Larry Cipriani <lvc lucent.com>]
-
-  *) mod_mime_magic: Fix precedence problem in if statement. PR 40656.
-     [Larry Cipriani <lvc lucent.com>]
-
-  *) The full server version information is now included in the error log at
-     startup as well as server status reports, irrespective of the setting
-     of the ServerTokens directive.  ap_get_server_version() is now 
-     deprecated, and is replaced by ap_get_server_banner() and 
-     ap_get_server_description().  [Jeff Trawick]
-
-  *) mod_proxy_balancer: Workers can now be defined as part of
-     a balancer cluster "set" in which members of a lower-numbered set
-     are preferred over higher numbered ones.  [Jim Jagielski]
-
-  *) mod_proxy_balancer: Workers can now be defined as "hot standby" which
-     will only be used if all other workers are unusable (eg: in
-     error or disabled). Also, the balancer-manager displays the election
-     count and I/O counts of all workers.  [Jim Jagielski]
-
-  *) mod_proxy_ajp: Close connection to backend if reading of request body
-     fails. PR 40310.  [Ian Abel <ianabel mxtelecom.com>]
-
-  *) mod_proxy_balancer: Retry worker chosen by route / redirect worker if
-     it is in error state before sending "Service Temporarily Unavailable".
-     PR 38962.  [Christian Boitel <cboitel lfdj.com>]
-
-Changes with Apache 2.2.3
-
-  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
-     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
-     handling.  For some RewriteRules this could lead to a pointer being
-     written out of bounds.  Reported by Mark Dowd of McAfee.
-     [Mark Cox]
-
-  *) mod_authn_alias: Add a check to make sure that the base provider and the
-     alias names are different and also that the alias has not been registered
-     before. PR 40051. [Brad Nicholes]
-
-  *) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
-     client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
-     [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
-
-  *) mod_cache: Do not overwrite the Content-Type in the cache, for
-     successfully revalidated cached objects. PR 39647. [Ruediger Pluem]
-
-  *) mod_speling: Add directive to deal with case corrections only
-     and ignore other misspellings [Olivier Thereaux  <ot w3.org>]
-
-  *) mod_dbd: Fix dependence on virtualhost configuration in
-     defining prepared statements (possible segfault at startup
-     in user modules such as mod_authn_dbd).  [Nick Kew]
-
-  *) Add optional 'scheme://' prefix to ServerName directive,
-     allowing correct determination of the canonical server URL
-     for use behind a proxy or offload device handling SSL; fixing
-     redirect generation in those cases. PR 33398. [Sander Temme]
-
-  *) Added server_scheme field to server_rec for above. Minor MMN bump.
-     [Sander Temme]
-
-  *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593.
-     [Ruediger Pluem, Joe Orton]
-
-  *) Worker MPM: On graceless shutdown or restart, send signals to
-     each worker thread to wake them up if they're polling on a
-     Keep-Alive connection.  PR 38737.  [Chris Darroch]
-
-  *) worker and event MPMs: fix excessive forking if fork() or child_init
-     take a long time.  PR 39275.
-     [Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ]
-
-  *) configure: Add "--with-included-apr" flag to force use of the
-     bundled version of APR at build time.  [Joe Orton]
-
-  *) Respect GracefulShutdownTimeout in the worker and event MPMs.
-     [Chris Darroch, Garrett Rooney]
-
-  *) mod_mem_cache: Set content type correctly when delivering data from
-     cache. PR 39266. [Ruediger Pluem]
-
-  *) mod_autoindex: Fix filename escaping with FancyIndexing disabled.
-     PR 38910.  [Robby Griffin <rmg terc.edu>]
-
-  *) mod_charset_lite: Bypass translation when the source and dest charsets
-     are the same. [Jeff Trawick]
-
-Changes with Apache 2.2.2
-
-  *) mod_deflate: Allow mod_deflate to handle internal redirects.
-     [Brian J. France <list firehawksystems.com>]
-
-  *) mod_proxy_balancer: Initialize members of a balancer correctly.
-     PR 38227. [James A. Robinson <jim.robinson stanford.edu>]
-
-  *) mod_proxy: Do not release connections from connection pool twice.
-     PR 38793. [Ruediger Pluem, matthias <mk-asf gigacodes.de>]
-
-  *) core: Prevent reading uninitialized memory while reading a line of
-     protocol input.  PR 39282. [Davi Arnaut <davi haxent.com.br>]
-
-  *) mod_dbd: Update defaults, improve error reporting.
-     [Chris Darroch <chrisd pearsoncmg com>, Nick Kew]
-
-  *) mod_dbd: Create own pool and mutex to avoid problem use of
-     process pool in request processing.
-     [Chris Darroch <chrisd pearsoncmg com>]
-
-  *) HTML-escape the Expect error message.  Not classed as security as
-     an attacker has no way to influence the Expect header a victim will
-     send to a target site.  Reported by Thiago Zaninotti
-     <thiango nstalker.com>. [Mark Cox]
-
-  *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
-     [Jeff Trawick]
-
-  *) htdbm: Warn the user when adding a plaintext password on a platform
-     where it wouldn't work with the server (i.e., anywhere that has
-     crypt()).  [Jeff Trawick]
-
-  *) mod_proxy: don't reuse a connection that may be to the wrong backend
-     PR 39253 [Ruediger Pluem]
-
-  *) Default handler: Don't return output filter apr_status_t values.
-     PR 31759.  [Jeff Trawick, Ruediger Pluem, Joe Orton]
-
-Changes with Apache 2.2.1
-
-  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
-     mod_ssl: Fix a possible crash during access control checks if a
-     non-SSL request is processed for an SSL vhost (such as the
-     "HTTP request received on SSL port" error message when an 400 
-     ErrorDocument is configured, or if using "SSLEngine optional").
-     PR 37791.  [Rüdiger Plüm, Joe Orton]
-
-  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
-     mod_imagemap: Escape untrusted referer header before outputting
-     in HTML to avoid potential cross-site scripting.  Change also
-     made to ap_escape_html so we escape quotes.  Reported by JPCERT.
-     [Mark Cox]
-
-  *) mod_proxy_ajp: Flushing of the output after each AJP chunk is now
-     configurable at runtime via the 'flushpackets' and 'flushwait' worker
-     params. Minor MMN bump. [Jim Jagielski]
-
-  *) mod_proxy: Fix incorrect usage of local and shared worker init.
-     PR 38403. [Jim Jagielski]
-
-  *) mod_isapi: Fix compiler errors on Unix platforms.
-     [William Rowe]
-
-  *) mod_proxy_http: Send HTTP Keep-Alive Headers. PR 38524.
-     [Rüdiger Plüm, Joe Orton]
-
-  *) mod_disk_cache: Return the correct error codes from bucket read
-     failures, instead of APR_EGENERAL.
-     [Brian Akins <brian.akins turner.com>]
-
-  *) Add APR/APR-Util Compiled and Runtime Version numbers to the
-     output of 'httpd -V'. [William Rowe]
-
-  *) http: If a connection is aborted while waiting for a chunked line,
-     flag the connection as errored out.  [Justin Erenkrantz]
-
-  *) core: Reject invalid Expect header immediately. PR 38123.
-     [Ruediger Pluem]
-
-  *) mod_proxy: Fix KeepAlives not being allowed and set to
-     backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
-
-  *) mod_proxy: If we get an error reading the upstream response,
-     close the connection.  [Justin Erenkrantz, Roy T. Fielding,
-     Jim Jagielski, Ruediger Pluem]
-
-  *) mod_proxy_ajp: Support common headers of the AJP protocol in responses.
-     PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>]
-
-  *) mod_proxy_balancer: Do not overwrite the status of initialized workers and
-     respect the configured status of uninitilized workers when creating a new
-     child process. [Ruediger Pluem]
-
-  *) mod_proxy_ajp: Crosscheck the length of the body chunk with the length of
-     the ajp message to prevent mod_proxy_ajp from reading beyond the buffer
-     boundaries and thus revealing possibly sensitive memory contents to the
-     client. [Ruediger Pluem]
-
-  *) Ensure that the proper status line is written to the client, fixing
-     incorrect status lines caused by filters which modify r->status without 
-     resetting r->status_line, such as the built-in byterange filter.
-     [Jeff Trawick]
-
-  *) mod_speling: Stop crashing with certain non-file requests.  [Jeff Trawick]
-
-  *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
-     [Ruediger Pluem]
-
-  *) Modify apr[util] .h detection to avoid breakage on VPATH builds
-     using Solaris make (amoung others) and avoid breakage in ./buildconf
-     when srclib/apr[-util] are symlinks rather than directories proper.
-     [William Rowe]
-
-  *) Chunk filter: Fix chunk filter to create correct chunks in the case that
-     a flush bucket is surrounded by data buckets. [Ruediger Pluem]
-
-  *) Fix syntax error in httpd.h with strict compilers.  PR 38740.
-     [Per Olausson <pao darkheim.freeserve.co.uk>]
-
-  *) Preserve the Content-Length header for a proxied HEAD response.
-     PR 18757.  [Greg Ames]
-
-  *) Fix recursive ErrorDocument handling.  PR 36090.
-     [Chris Darroch <chrisd pearsoncmg.com>]
-
-  *) Don't hang on error return from post_read_request.  PR37790 [Nick Kew]
-
-  *) Fix off-by-one error in proxy_balancer.  PR37753
-     [Kazuhiro Osawa <ko yappo ne jp>]
-
-Changes with Apache 2.2.0
-
-  *) mod_negotiation: Minor performance tweak by reusing already calculated
-     strlen.
-     [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]
-
-  *) Remove support for 'On' and 'Off' for AuthBasicProvider and
-     AuthDigestProvider.  [Joshua Slive, Justin Erenkrantz]
-
-  *) Add in new UseCanonicalPhysicalPort directive, which controls
-     whether or not Apache will ever use the actual physical port
-     when constructing the canonical port number. [Jim Jagielski]
-
-  *) mod_dav: Fix a null pointer dereference in an error code path during the
-     handling of MKCOL.
-     [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]
-
-  *) Fix DESTDIR=... installation when using bundled copy of APR.
-     [Torsten Foertsch <torsten.foertsch gmx.net>]
-
-  *) mod_proxy_balancer: When finding best worker, use case insensitive
-     match for scheme and host, but case sensitive for the rest of
-     the path. [Jim Jagielski, Ruediger Pluem]
-
 
   [Apache 2.1.0-dev includes those bug fixes and changes with the
    Apache 2.2.xx tree as documented, and except as noted, below.]



Mime
View raw message