httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r571444 - /httpd/httpd/trunk/CHANGES
Date Fri, 31 Aug 2007 12:24:02 GMT
Author: jim
Date: Fri Aug 31 05:24:02 2007
New Revision: 571444

These have been backported to 2.2.x, so remove from
the trunk/2.3.0 CHANGES file


Modified: httpd/httpd/trunk/CHANGES
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 31 05:24:02 2007
@@ -12,40 +12,6 @@
      PR 41644 [Stuart Children <stuart>]
-  *) mod_autoindex: Add in Type and Charset options to
-     IndexOptions directive. This allows the admin to explicitly
-     set the content-type and charset of the generated page.
-     [Jim Jagielski]
-  *) mime.types: Many updates to sync with IANA registry and common
-     unregistered types that the owners refuse to register.  Admins
-     are encouraged to update their installed mime.types file.
-     PR: 35550, 37798, 39317, 31483 [Roy T. Fielding]
-  *) log core: ensure we use a special pool for stderr logging, so that
-     the stderr channel remains valid from the time plog is destroyed,
-     until the time the open_logs hook is called again.  [William Rowe]
-  *) main core: Emit errors during the initial apr_app_initialize()
-     or apr_pool_create() (when apr-based error reporting is not ready).
-     [William Rowe, Jeff Trawick]
-  *) mpm_winnt: Prevent the parent-child pipe from leaking into other
-     spawned processes, and ensure we have a /Device/null handle for
-     stdout when running as-a-service.  [William Rowe]
-  *) log core: fix the new piped logger case where we couldn't connect 
-     the replacement stderr logger's stderr to the NULL stdout stream.  
-     Continue in this case, since the previous alternative of no error 
-     logging at all (/dev/null) is far worse. [William Rowe]
-  *) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
-     improper merging of the cache lock in vhost config
-     PR 43164 [Eric Covener]
-  *) mod_negotiation: preserve Query String in resolving a type map
-     PR 33112 [Jørgen Thomsen <apache>, Nick Kew]
   *) mod_deflate: fix content_encoding detection in inflate_out filter
      when it's not in response headers table.
      PR 42993 [Nick Kew]
@@ -65,40 +31,15 @@
      where the user is not in group X, but is in a subgroup contained in X.
      PR 42891 [Paul J. Reder]
-  *) mod_deflate: don't try to process metadata buckets as data.  what should
-     have been a 413 error was logged as a 500 and a blank screen appeared
-     at the browser.
-     [Greg Ames, Ruediger Pluem]
-  *) SECURITY: CVE-2007-3304 (
-     prefork, worker, event MPMs: Ensure that the parent process cannot
-     be forced to kill processes outside its process group.  [Joe Orton]
-  *) SECURITY: CVE-2006-5752 (
-     mod_status: Fix a possible XSS attack against a site with a public
-     server-status page and ExtendedStatus enabled, for browsers which
-     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
   *) Event MPM: Add support for running under mod_ssl, by reverting to the
      Worker MPM behaviors, when run under an input filter that buffers
      its own data. [Paul Querna]
   *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
-  *) SECURITY: CVE-2007-1862 (
-     mod_mem_cache: Copy headers into longer lived storage; header names and 
-     values could previously point to cleaned up storage
-     PR 41551 [Davi Arnaut <davi>]
-  *) mod_cache: Do not set Date or Expires when they are missing from
-     the original response or are invalid.  [Justin Erenkrantz]
   *) mod_cache: Correctly handle HEAD requests on expired cache content.
      PR 41230.  [Niklas Edmundsson]
-  *) mod_proxy: Added ProxyPassMatch directive, which is similar
-     to ProxyPass but takes a regex local path prefix. [Jim Jagielski]
   *) mod_so: Solve dev's confusion by reporting expected/seen module
      magic signatures when failing with a 'garbled' message, and solve
      user's confusion by pointing out 'perhaps compiled for a different
@@ -108,13 +49,6 @@
      performs inline response content pattern matching (including
      regex) and substitution.  [Jim Jagielski]
-  *) mod_ssl: Version reporting update; displays 'compiled against'
-     Apache and build-time SSL Library versions at loglevel [info],
-     while reporting the run-time SSL Library version in the server
-     info tags.  Helps to identify a mod_ssl built against one flavor
-     of OpenSSL but running against another (also adds SSL-C version
-     number reporting.)  [William Rowe]
   *) core: Change etag generation to produce identical results on 
      32-bit and 64-bit platforms.  PR 40064.  [Joe Orton]
@@ -138,14 +72,6 @@
      when invoked without variable name(s). 
      [William Rowe, Sander Temme]
-  *) mod_dbd: Create memory sub-pools for each DB connection and close
-     DB connections in a pool cleanup function.  Ensure prepared statements
-     are destroyed before DB connection is closed.  When using reslists,
-     prevent segfaults when child processes exit, and stop memory leakage
-     of ap_dbd_t structures.  Avoid use of global s->process->pool, which
-     isn't destroyed by exiting child processes in most multi-process MPMs.
-     PR 39985.  [Chris Darroch, Nick Kew]
   *) apxs: Eliminate run-time check for mod_so.  PR 40653.
      [David M. Lee <dmlee>]
@@ -156,13 +82,6 @@
   *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
      cleanups registered in modules' child_init hooks are performed.
      [Chris Darroch]
-  *) mod_dbd: Handle error conditions in dbd_construct() properly.
-     Simplify ap_dbd_open() and use correct arguments to apr_dbd_error()
-     when non-threaded.  Register correct cleanup data in non-threaded
-     ap_dbd_acquire() and ap_dbd_cacquire().  Clean up configuration data
-     and merge function.  Use ap_log_error() wherever possible.
-     [Chris Darroch, Nick Kew]
   *) core: Do not replace a Date header set by a proxied backend server.
      PR 40232. [Ruediger Pluem]

View raw message