Return-Path: 
 <cvs-return-50238-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3AA45101D7
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Tue, 18 Mar 2014 20:45:36 +0000 (UTC)
Received: (qmail 29950 invoked by uid 500); 18 Mar 2014 20:45:31 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 29729 invoked by uid 500); 18 Mar 2014 20:45:30 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 29685 invoked by uid 99); 18 Mar 2014 20:45:28 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2014 20:45:28 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Mar 2014 20:45:26 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id BF798238883D
	for <cvs@httpd.apache.org>; Tue, 18 Mar 2014 20:45:06 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r4745 - in /release/httpd: CHANGES_2.2 CHANGES_2.2.27
 httpd-2.2.27.tar.bz2 httpd-2.2.27.tar.bz2.asc httpd-2.2.27.tar.bz2.md5
 httpd-2.2.27.tar.bz2.sha1 httpd-2.2.27.tar.gz httpd-2.2.27.tar.gz.asc
 httpd-2.2.27.tar.gz.md5 httpd-2.2.27.tar.gz.sha1
Date: Tue, 18 Mar 2014 20:45:06 -0000
To: cvs@httpd.apache.org
From: wrowe@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20140318204506.BF798238883D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: wrowe
Date: Tue Mar 18 20:45:06 2014
New Revision: 4745

Log:
Prepare to flood mirrors

Added:
    release/httpd/CHANGES_2.2.27
      - copied unchanged from r4744, dev/httpd/CHANGES_2.2.27
    release/httpd/httpd-2.2.27.tar.bz2
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.bz2
    release/httpd/httpd-2.2.27.tar.bz2.asc
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.bz2.asc
    release/httpd/httpd-2.2.27.tar.bz2.md5
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.bz2.md5
    release/httpd/httpd-2.2.27.tar.bz2.sha1
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.bz2.sha1
    release/httpd/httpd-2.2.27.tar.gz
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.gz
    release/httpd/httpd-2.2.27.tar.gz.asc
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.gz.asc
    release/httpd/httpd-2.2.27.tar.gz.md5
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.gz.md5
    release/httpd/httpd-2.2.27.tar.gz.sha1
      - copied unchanged from r4744, dev/httpd/httpd-2.2.27.tar.gz.sha1
Modified:
    release/httpd/CHANGES_2.2

Modified: release/httpd/CHANGES_2.2
==============================================================================
--- release/httpd/CHANGES_2.2 (original)
+++ release/httpd/CHANGES_2.2 Tue Mar 18 20:45:06 2014
@@ -1,4 +1,39 @@
                                                          -*- coding: utf-8 -*-
+Changes with Apache 2.2.27
+
+  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
+     Clean up cookie logging with fewer redundant string parsing passes.
+     Log only cookies with a value assignment. Prevents segfaults when
+     logging truncated cookies.
+     [William Rowe, Ruediger Pluem, Jim Jagielski]
+
+  *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+     mod_dav: Keep track of length of cdata properly when removing
+     leading spaces. Eliminates a potential denial of service from
+     specifically crafted DAV WRITE requests
+     [Amin Tora <Amin.Tora neustar.biz>]
+
+  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
+     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
+
+  *) mod_proxy_http: Core dumped under high load. PR 50335.
+     [Jan Kaluza <jkaluza redhat.com>]
+
+  *) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
+     [Christophe Jaillet]
+
+  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
+     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
+
+  *) mod_ldap: Fix a potential memory leak or corruption.  PR 54936.
+     [Zhenbo Xu <zhenbo1987 gmail com>]
+
+  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
+     forward proxy request. [Ruediger Pluem]
+
+  *) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows. 
+     PR46679 [Bob Ionescu]
+
 Changes with Apache 2.2.26
 
   *) mod_dav: dav_resource->uri treated as unencoded. This was an
@@ -994,6 +1029,8 @@ Changes with Apache 2.2.10
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_authz_host: Add support for env=!envvar [Jim Jagielski]
+
   *) Allow for smax to be 0 for balancer members so that all idle
      connections are able to be dropped should they exceed ttl.
      PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,