httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r4638 - /dev/httpd/
Date Thu, 13 Mar 2014 16:45:21 GMT
Author: jim
Date: Thu Mar 13 16:45:20 2014
New Revision: 4638

Log:
Push 2.4.9 test tarballs

Added:
    dev/httpd/CHANGES_2.4.9
    dev/httpd/httpd-2.4.9-deps.tar.bz2   (with props)
    dev/httpd/httpd-2.4.9-deps.tar.bz2.asc   (with props)
    dev/httpd/httpd-2.4.9-deps.tar.bz2.md5
    dev/httpd/httpd-2.4.9-deps.tar.bz2.sha1
    dev/httpd/httpd-2.4.9-deps.tar.gz   (with props)
    dev/httpd/httpd-2.4.9-deps.tar.gz.asc   (with props)
    dev/httpd/httpd-2.4.9-deps.tar.gz.md5
    dev/httpd/httpd-2.4.9-deps.tar.gz.sha1
    dev/httpd/httpd-2.4.9.tar.bz2   (with props)
    dev/httpd/httpd-2.4.9.tar.bz2.asc   (with props)
    dev/httpd/httpd-2.4.9.tar.bz2.md5
    dev/httpd/httpd-2.4.9.tar.bz2.sha1
    dev/httpd/httpd-2.4.9.tar.gz   (with props)
    dev/httpd/httpd-2.4.9.tar.gz.asc   (with props)
    dev/httpd/httpd-2.4.9.tar.gz.md5
    dev/httpd/httpd-2.4.9.tar.gz.sha1
Removed:
    dev/httpd/CHANGES_2.4.8
Modified:
    dev/httpd/CHANGES_2.4

Modified: dev/httpd/CHANGES_2.4
==============================================================================
--- dev/httpd/CHANGES_2.4 (original)
+++ dev/httpd/CHANGES_2.4 Thu Mar 13 16:45:20 2014
@@ -1,5 +1,16 @@
                                                          -*- coding: utf-8 -*-
 
+Changes with Apache 2.4.9
+
+  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
+     would cause a crash in SSL_get_certificate for servers where the
+     certificate hadn't been sent. [Stephen Henson]
+
+  *) mod_lua: Add a fixups hook that checks if the original request is intended 
+     for LuaMapHandler. This fixes a bug where FallbackResource invalidates the 
+     LuaMapHandler directive in certain cases by changing the URI before the map 
+     handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail com>].
+
 Changes with Apache 2.4.8
 
   *) SECURITY: CVE-2014-0098 (cve.mitre.org)
@@ -8,6 +19,16 @@ Changes with Apache 2.4.8
      logging truncated cookies.
      [William Rowe, Ruediger Pluem, Jim Jagielski]
 
+  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+     mod_dav: Keep track of length of cdata properly when removing
+     leading spaces. Eliminates a potential denial of service from
+     specifically crafted DAV WRITE requests
+     [Amin Tora <Amin.Tora neustar.biz>]
+
+  *) core: Support named groups and backreferences within the LocationMatch,
+     DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
+     non-ancient PCRE library) [Graham Leggett]
+
   *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
      TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
 

Added: dev/httpd/CHANGES_2.4.9
==============================================================================
--- dev/httpd/CHANGES_2.4.9 (added)
+++ dev/httpd/CHANGES_2.4.9 Thu Mar 13 16:45:20 2014
@@ -0,0 +1,145 @@
+                                                         -*- coding: utf-8 -*-
+
+Changes with Apache 2.4.9
+
+  *) mod_ssl: Work around a bug in some older versions of OpenSSL that
+     would cause a crash in SSL_get_certificate for servers where the
+     certificate hadn't been sent. [Stephen Henson]
+
+  *) mod_lua: Add a fixups hook that checks if the original request is intended 
+     for LuaMapHandler. This fixes a bug where FallbackResource invalidates the 
+     LuaMapHandler directive in certain cases by changing the URI before the map 
+     handler code executes [Daniel Gruno, Daniel Ferradal <dferradal gmail com>].
+
+Changes with Apache 2.4.8
+
+  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
+     Clean up cookie logging with fewer redundant string parsing passes.
+     Log only cookies with a value assignment. Prevents segfaults when
+     logging truncated cookies.
+     [William Rowe, Ruediger Pluem, Jim Jagielski]
+
+  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+     mod_dav: Keep track of length of cdata properly when removing
+     leading spaces. Eliminates a potential denial of service from
+     specifically crafted DAV WRITE requests
+     [Amin Tora <Amin.Tora neustar.biz>]
+
+  *) core: Support named groups and backreferences within the LocationMatch,
+     DirectoryMatch, FilesMatch and ProxyMatch directives. (Requires
+     non-ancient PCRE library) [Graham Leggett]
+
+  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
+     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
+
+  *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping 
+     execution when a handler is already set. PR53929. [Eric Covener]
+
+  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
+     forward proxy request. [Ruediger Pluem]
+
+  *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
+     SSLCertificateFile and SSLCertificateKeyFile directives, to enable
+     future algorithm agility, and deprecate the SSLCertificateChainFile
+     directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
+
+  *) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, 
+     and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
+     to child scopes without explicitly configuring each child scope.
+     PR56153.  [Edward Lu <Chaosed0 gmail com>] 
+
+  *) prefork: Fix long delays when doing a graceful restart.
+     PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
+
+  *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
+     5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
+
+  *) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
+     IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
+     [Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]
+
+  *) mod_remoteip: Correct the trusted proxy match test. PR 54651.
+     [Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]
+
+  *) mod_proxy_fcgi: Fix error message when an unexpected protocol version
+     number is received from the application.  PR 56110.  [Jeff Trawick]
+
+  *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
+     PR 55972. [Mike Rumph]
+
+  *) mod_lua: Update r:setcookie() to accept a table of options and add domain,
+     path and httponly to the list of options available to set.
+     PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
+     
+  *) mod_lua: Fix r:setcookie() to add, rather than replace,
+     the Set-Cookie header. PR56105
+     [Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
+
+  *) mod_lua: Allow for database results to be returned as a hash with 
+     row-name/value pairs instead of just row-number/value. [Daniel Gruno]
+
+  *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
+     %{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]
+
+  *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
+     save the socket for reuse by the next worker as if it were an 
+     APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
+
+  *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
+     that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
+
+  *) mod_session: When we have a session we were unable to decode,
+     behave as if there was no session at all. [Thomas Eckert
+     <thomas.r.w.eckert gmail com>]
+
+  *) mod_session: Fix problems interpreting the SessionInclude and
+     SessionExclude configuration. PR 56038. [Erik Pearson
+     <erik adaptations.com>]
+
+  *) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
+     stanzas under virtual hosts. PR 55622. [Eric Covener]
+
+  *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
+     30 seconds timeout. [Jan Kaluza]
+
+  *) mod_proxy: Added support for unix domain sockets as the
+     backend server endpoint [Jim Jagielski, Blaise Tarr
+     <blaise tarr gmail com>]
+
+  *) build: only search for modules (config*.m4) in known subdirectories, see
+     build/config-stubs. [Stefan Fritsch]
+
+  *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk. 
+     PR 55833. [Eric Covener]
+
+  *) mod_ssl: Add support for OpenSSL configuration commands by introducing
+     the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]
+
+  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
+     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
+
+  *) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
+     mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
+     require directives. [Graham Leggett]
+
+  *) mod_proxy_http: Core dumped under high load. PR 50335.
+     [Jan Kaluza <jkaluza redhat.com>]
+
+  *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
+     previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
+
+  *) mod_lua: Use binary copy when dealing with uploads through r:parsebody() 
+     to prevent truncating files. [Daniel Gruno]
+
+
+  [Apache 2.3.0-dev includes those bug fixes and changes with the
+   Apache 2.2.xx tree as documented, and except as noted, below.]
+
+Changes with Apache 2.2.x and later:
+
+  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
+
+Changes with Apache 2.0.x and later:
+
+  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
+

Added: dev/httpd/httpd-2.4.9-deps.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9-deps.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/x-bzip2

Added: dev/httpd/httpd-2.4.9-deps.tar.bz2.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9-deps.tar.bz2.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.9-deps.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.4.9-deps.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.4.9-deps.tar.bz2.md5 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+5e4e653eb15ed7262f56f2ab663ba143 *httpd-2.4.9-deps.tar.bz2

Added: dev/httpd/httpd-2.4.9-deps.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.4.9-deps.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.4.9-deps.tar.bz2.sha1 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+b96b258d384ee762a2fe0842fb749adbf40bde89 *httpd-2.4.9-deps.tar.bz2

Added: dev/httpd/httpd-2.4.9-deps.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9-deps.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/x-gzip

Added: dev/httpd/httpd-2.4.9-deps.tar.gz.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9-deps.tar.gz.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.9-deps.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.4.9-deps.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.4.9-deps.tar.gz.md5 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+5c9520f40e2852412cafc3c803e5d0b7 *httpd-2.4.9-deps.tar.gz

Added: dev/httpd/httpd-2.4.9-deps.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.4.9-deps.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.4.9-deps.tar.gz.sha1 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+8b3d6d7c326d1f282e22a2f98ae0a4ebbac951f8 *httpd-2.4.9-deps.tar.gz

Added: dev/httpd/httpd-2.4.9.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/x-bzip2

Added: dev/httpd/httpd-2.4.9.tar.bz2.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9.tar.bz2.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.9.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.4.9.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.4.9.tar.bz2.md5 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+2ef4e65353497606b24fa9bb3e5a3c40 *httpd-2.4.9.tar.bz2

Added: dev/httpd/httpd-2.4.9.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.4.9.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.4.9.tar.bz2.sha1 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+646aedbf59519e914c424b3a85d846bf189be3f4 *httpd-2.4.9.tar.bz2

Added: dev/httpd/httpd-2.4.9.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/x-gzip

Added: dev/httpd/httpd-2.4.9.tar.gz.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.9.tar.gz.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.9.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.4.9.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.4.9.tar.gz.md5 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+cad66480140a4444ec0af5bf037c73e1 *httpd-2.4.9.tar.gz

Added: dev/httpd/httpd-2.4.9.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.4.9.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.4.9.tar.gz.sha1 Thu Mar 13 16:45:20 2014
@@ -0,0 +1 @@
+50496e51605a3d852c183a7c667c25bcc7ee658d *httpd-2.4.9.tar.gz



Mime
View raw message