Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E14E01878A for ; Fri, 19 Jun 2015 16:47:17 +0000 (UTC) Received: (qmail 91629 invoked by uid 500); 19 Jun 2015 16:47:17 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 91554 invoked by uid 500); 19 Jun 2015 16:47:17 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 91545 invoked by uid 99); 19 Jun 2015 16:47:17 -0000 Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Jun 2015 16:47:17 +0000 Received: from hades.apache.org (localhost [127.0.0.1]) by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id A2271AC0095 for ; Fri, 19 Jun 2015 16:47:17 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r9450 - /dev/httpd/ Date: Fri, 19 Jun 2015 16:47:17 -0000 To: cvs@httpd.apache.org From: jim@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150619164717.A2271AC0095@hades.apache.org> Author: jim Date: Fri Jun 19 16:47:17 2015 New Revision: 9450 Log: Remove 2.4.14 test tarballs and pop w/ 2.4.15 Added: dev/httpd/CHANGES_2.4.15 dev/httpd/httpd-2.4.15-deps.tar.bz2 (with props) dev/httpd/httpd-2.4.15-deps.tar.bz2.asc (with props) dev/httpd/httpd-2.4.15-deps.tar.bz2.md5 dev/httpd/httpd-2.4.15-deps.tar.bz2.sha1 dev/httpd/httpd-2.4.15-deps.tar.gz (with props) dev/httpd/httpd-2.4.15-deps.tar.gz.asc (with props) dev/httpd/httpd-2.4.15-deps.tar.gz.md5 dev/httpd/httpd-2.4.15-deps.tar.gz.sha1 dev/httpd/httpd-2.4.15.tar.bz2 (with props) dev/httpd/httpd-2.4.15.tar.bz2.asc (with props) dev/httpd/httpd-2.4.15.tar.bz2.md5 dev/httpd/httpd-2.4.15.tar.bz2.sha1 dev/httpd/httpd-2.4.15.tar.gz (with props) dev/httpd/httpd-2.4.15.tar.gz.asc (with props) dev/httpd/httpd-2.4.15.tar.gz.md5 dev/httpd/httpd-2.4.15.tar.gz.sha1 Removed: dev/httpd/CHANGES_2.4.14 dev/httpd/httpd-2.4.14-deps.tar.bz2 dev/httpd/httpd-2.4.14-deps.tar.bz2.asc dev/httpd/httpd-2.4.14-deps.tar.bz2.md5 dev/httpd/httpd-2.4.14-deps.tar.bz2.sha1 dev/httpd/httpd-2.4.14-deps.tar.gz dev/httpd/httpd-2.4.14-deps.tar.gz.asc dev/httpd/httpd-2.4.14-deps.tar.gz.md5 dev/httpd/httpd-2.4.14-deps.tar.gz.sha1 dev/httpd/httpd-2.4.14.tar.bz2 dev/httpd/httpd-2.4.14.tar.bz2.asc dev/httpd/httpd-2.4.14.tar.bz2.md5 dev/httpd/httpd-2.4.14.tar.bz2.sha1 dev/httpd/httpd-2.4.14.tar.gz dev/httpd/httpd-2.4.14.tar.gz.asc dev/httpd/httpd-2.4.14.tar.gz.md5 dev/httpd/httpd-2.4.14.tar.gz.sha1 Modified: dev/httpd/CHANGES_2.4 Modified: dev/httpd/CHANGES_2.4 ============================================================================== --- dev/httpd/CHANGES_2.4 (original) +++ dev/httpd/CHANGES_2.4 Fri Jun 19 16:47:17 2015 @@ -1,5 +1,20 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.15 + + *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol + data during read of chunked request bodies. PR 58049. + [Edward Lu ] + + *) mod_ldap: Stop leaking LDAP connections when 'LDAPConnectionPoolTTL 0' + is configured. PR 58037. [Ted Phelps ] + + *) core: Allow spaces after chunk-size for compatibility with implementations + using a pre-filled buffer. [Yann Ylavic, Jeff Trawick] + + *) mod_ssl: Remove deprecated SSLCertificateChainFile warning. + [Yann Ylavic] + Changes with Apache 2.4.14 *) SECURITY: CVE-2015-3183 (cve.mitre.org) @@ -170,7 +185,8 @@ Changes with Apache 2.4.13 gmail com>, William Rowe, Yann Ylavic] *) http: Make ap_die() robust against any HTTP error code and not modify - response status (finally logged) when nothing is to be done. [Yann Ylavic] + response status (finally logged) when nothing is to be done. PR 56035. + [Yann Ylavic] *) mod_proxy_connect/wstunnel: If both client and backend sides get readable at the same time, don't lose errors occuring while forwarding on the first Added: dev/httpd/CHANGES_2.4.15 ============================================================================== --- dev/httpd/CHANGES_2.4.15 (added) +++ dev/httpd/CHANGES_2.4.15 Fri Jun 19 16:47:17 2015 @@ -0,0 +1,274 @@ + -*- coding: utf-8 -*- + +Changes with Apache 2.4.15 + + *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol + data during read of chunked request bodies. PR 58049. + [Edward Lu ] + + *) mod_ldap: Stop leaking LDAP connections when 'LDAPConnectionPoolTTL 0' + is configured. PR 58037. [Ted Phelps ] + + *) core: Allow spaces after chunk-size for compatibility with implementations + using a pre-filled buffer. [Yann Ylavic, Jeff Trawick] + + *) mod_ssl: Remove deprecated SSLCertificateChainFile warning. + [Yann Ylavic] + +Changes with Apache 2.4.14 + + *) SECURITY: CVE-2015-3183 (cve.mitre.org) + core: Fix chunk header parsing defect. + Remove apr_brigade_flatten(), buffering and duplicated code from + the HTTP_IN filter, parse chunks in a single pass with zero copy. + Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext + authorized characters. [Graham Leggett, Yann Ylavic] + + *) SECURITY: CVE-2015-3185 (cve.mitre.org) + Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) + with new ap_some_authn_required and ap_force_authn hook. [Ben Reser] + +Changes with Apache 2.4.13 + + *) SECURITY: CVE-2015-0253 (cve.mitre.org) + core: Fix a crash with ErrorDocument 400 pointing to a local URL-path + with the INCLUDES filter active, introduced in 2.4.11. PR 57531. + [Yann Ylavic] + + *) SECURITY: CVE-2015-0228 (cve.mitre.org) + mod_lua: A maliciously crafted websockets PING after a script + calls r:wsupgrade() can cause a child process crash. + [Edward Lu ] + + *) mod_proxy: Don't put the worker in error state for 500 or 503 errors + returned by the backend unless failonstatus is configured to. PR 56925. + [Yann Ylavic] + + *) core: Don't lowercase the argument to SetHandler if it begins with + "proxy:unix". PR 57968. [Eric Covener] + + *) mod_ssl OCSP Stapling: Don't block initial handshakes while refreshing + the OCSP response for a different certificate. mod_ssl has an additional + global mutex, "ssl-stapling-refresh". PR 57131 (partial fix). + [Jeff Trawick] + + *) mod_authz_dbm: Fix crashes when "dbm-file-group" is used and + authz modules were loaded in the "wrong" order. [Joe Orton] + + *) mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime + of DB lookup entries independently of the selected DB engine. PR 46421. + [Steven whitson , Jan Kaluza, Yann Ylavic]. + + *) In alignment with RFC 7525, the default recommended SSLCipherSuite + and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the + default recommended SSLProtocol and SSLProxyProtocol directives now + exclude SSLv3. Existing configurations must be adjusted by the + administrator. [William Rowe] + + *) mod_ssl: Add support for extracting subjectAltName entries of type + rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n + environment variables. Also addresses PR 57207. [Kaspar Brand] + + *) dav_validate_request: avoid validating locks and ETags when there are + no If headers providing them on a resource we aren't modifying. + [Ben Reser] + + *) mod_proxy_scgi: ProxySCGIInternalRedirect now allows an alternate + response header to be used by the application, for when the application + or framework is unable to return Location in the internal-redirect + form. [Jeff Trawick] + + *) core: Cleanup the request soon/even if some output filter fails to + handle the EOR bucket. [Yann Ylavic] + + *) mpm_event: Allow for timer events duplicates. [Jim Jagielski, Yann Ylavic] + + *) mod_proxy, mod_ssl, mod_cache_socache, mod_socache_*: Support machine + readable server-status produced when using the "?auto" query string. + [Rainer Jung] + + *) mod_status: Add more data to machine readable server-status produced + when using the "?auto" query string. [Rainer Jung] + + *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at + configure time (RAND_egd), and complain if SSLRandomSeed requires using + it otherwise. [Bernard Spil , Stefan Sperling, + Kaspar Brand] + + *) mod_ssl: make sure to consistently output SSLCertificateChainFile + deprecation warnings, when encountered in a VirtualHost block. + [Falco Schwarz ] + + *) mod_log_config: Add "%{UNIT}T" format to output request duration in + seconds, milliseconds or microseconds depending on UNIT ("s", "ms", "us"). + [Ben Reser, Rainer Jung] + + *) Allow FallbackResource to work when a directory is requested and + there is no autoindex nor DirectoryIndex. + [Jack , Eric Covener] + + *) mod_proxy_wstunnel: Bypass the handler while the connection is not + upgraded to WebSocket, so that other modules can possibly take over + the leading HTTP requests. [Yann Ylavic] + + *) mod_http: Fix incorrect If-Match handling. PR 57358 + [Kunihiko Sakamoto ] + + *) mod_ssl: Add a warning if protocol given in SSLProtocol or SSLProxyProtocol + will override other parameters given in the same directive. This could be + a missing + or - prefix. PR 52820 [Christophe Jaillet] + + *) core, modules: Avoid error response/document handling by the core if some + handler or input filter already did it while reading the request (causing + a double response body). [Yann Ylavic] + + *) mod_proxy_ajp: Fix client connection errors handling and logged status + when it occurs. PR 56823. [Yann Ylavic] + + *) mod_proxy: Use the correct server name for SNI in case the backend + SSL connection itself is established via a proxy server. + PR 57139 [Szabolcs Gyurko ] + + *) mod_ssl: Fix possible crash when loading server certificate constraints. + PR 57694. [Paul Spangler , Yann Ylavic] + + *) build: Don't load both mod_cgi and mod_cgid in the default configuration + if they're both built. [olli hauer ] + + *) mod_logio: Add LogIOTrackTTFB and %^FB logformat to log the time + taken to start writing response headers. [Eric Covener] + + *) mod_ssl: Avoid compilation errors with LibreSSL related to + the use of ENGINE_CTRL_CHIL_SET_FORKCHECK. + [Stuart Henderson ] + + *) mod_proxy_http: Use the "Connection: close" header for requests to + backends not recycling connections (disablereuse), including the default + reverse and forward proxies. [Yann Ylavic] + + *) mod_proxy: Add ap_connection_reusable() for checking if a connection + is reusable as of this point in processing. [Jeff Trawick] + + *) mod_proxy_wstunnel: Avoid an empty response by failing with 502 (Bad + Gateway) when no response is ever received from the backend. + [Jan Kaluza] + + *) core_filters: Restore/disable TCP_NOPUSH option after non-blocking + sendfile. [Yann Ylavic] + + *) mod_buffer: Forward flushed input data immediately and avoid (unlikely) + access to freed memory. [Yann Ylavic, Christophe Jaillet] + + *) core: Add CGIPassAuth directive to control whether HTTP authorization + headers are passed to scripts as CGI variables. PR 56855. [Jeff + Trawick] + + *) core: Initialize scoreboard's used optional functions on graceful restarts + to avoid a crash when relocation occurs. PR 57177. [Yann Ylavic] + + *) mod_dav: Avoid a potential integer underflow in the lock timeout value sent + back to a client. The answer to a LOCK request could be an extremly large + integer if the time needed to lock the resource was longer that the + requested timeout given in the LOCK request. In such a case, we now answer + "Second-0". PR55420 + [Christophe Jaillet] + + *) mod_cgid: Within the first minute of a server start or restart, + allow mod_cgid to retry connecting to its daemon process. Previously, + 'No such file or directory: unable to connect to cgi daemon...' could + be logged without an actual retry. PR57685. + [Edward Lu ] + + *) mod_proxy: Use the original (non absolute) form of the request-line's URI + for requests embedded in CONNECT payloads used to connect SSL backends via + a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms , William Rowe, Yann Ylavic] + + *) http: Make ap_die() robust against any HTTP error code and not modify + response status (finally logged) when nothing is to be done. PR 56035. + [Yann Ylavic] + + *) mod_proxy_connect/wstunnel: If both client and backend sides get readable + at the same time, don't lose errors occuring while forwarding on the first + side when none occurs next on the other side, and abort. [Yann Ylavic] + + *) mod_rewrite: Improve relative substitutions in per-directory/htaccess + context for directories found by mod_userdir and mod_alias. These no + longer require RewriteBase to be specified. [Eric Covener] + + *) mod_proxy_http: Don't expect the backend to ack the "Connection: close" to + finally close those not meant to be kept alive by SetEnv proxy-nokeepalive + or force-proxy-request-1.0. [Yann Ylavic] + + *) core: If explicitly configured, use the KeepaliveTimeout value of the + virtual host which handled the latest request on the connection, or by + default the one of the first virtual host bound to the same IP:port. + PR56226. [Yann Ylavic] + + *) mod_lua: After a r:wsupgrade(), mod_lua was not properly + responding to a websockets PING but instead invoking the specified + script. PR57524. [Edward Lu ] + + *) mod_ssl: Add the SSL_CLIENT_CERT_RFC4523_CEA variable, which provides + a combination of certificate serialNumber and issuer as defined by + CertificateExactMatch in RFC4523. [Graham Leggett] + + *) core: Add expression support to ErrorDocument. Switch from a fixed + sized 664 byte array per merge to a hash table. [Graham Leggett] + + *) ab: Add missing longest request (100%) to CSV export. + [Marcin Fabrykowski ] + + *) mod_macro: Clear macros before initialization to avoid use-after-free + on startup or restart when the module is linked statically. PR 57525 + [apache.org tech.futurequest.net, Yann Ylavic] + + *) mod_alias: Introduce expression parser support for Alias, ScriptAlias + and Redirect. [Graham Leggett] + + *) mod_ssl: 'SSLProtocol ALL' was being ignored in virtual host context. + PR 57100. [Michael Kaufmann , + Yann Ylavic] + + *) mpm_event: Avoid access to the scoreboard from the connection while + it is suspended (waiting for events). [Eric Covener, Jeff Trawick] + + *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument. + PR 57334. [Yann Ylavic]. + + *) mod_deflate: A misplaced check prevents limiting small bodies with the + new inflate limits. PR56872. [Edward Lu, Eric Covener, Yann Ylavic] + + *) mod_proxy_ajp: Forward SSL protocol name (SSLv3, TLSv1.1 etc.) as a + request attribute to the backend. Recent Tomcat versions will extract + it and provide it as a servlet request attribute named + "org.apache.tomcat.util.net.secure_protocol_version". [Rainer Jung] + + *) core: Optimize string concatenation in expression parser when evaluating + a string expression. [Rainer Jung] + + *) acinclude.m4: Generate #LoadModule directive in default httpd.conf for + every --enable-mpms-shared. PR 53882. [olli hauer , + Yann Ylavic] + + *) mod_authn_dbd: Fix the error message logged in case of error while querying + the database. This is associated to AH01656 and AH01661. [Christophe Jaillet] + + *) mod_authz_groupfile: Reduce the severity of AH01667 from ERROR to DEBUG, + because it may be evaluated inside . PR55523. [Eric Covener] + + *) mod_ssl: Fix small memory leak during initialization when ECDH is used. + [Jan Kaluza] + + + [Apache 2.3.0-dev includes those bug fixes and changes with the + Apache 2.2.xx tree as documented, and except as noted, below.] + +Changes with Apache 2.2.x and later: + + *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup + +Changes with Apache 2.0.x and later: + + *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup + Added: dev/httpd/httpd-2.4.15-deps.tar.bz2 ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15-deps.tar.bz2 ------------------------------------------------------------------------------ svn:mime-type = application/x-bzip2 Added: dev/httpd/httpd-2.4.15-deps.tar.bz2.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15-deps.tar.bz2.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.15-deps.tar.bz2.md5 ============================================================================== --- dev/httpd/httpd-2.4.15-deps.tar.bz2.md5 (added) +++ dev/httpd/httpd-2.4.15-deps.tar.bz2.md5 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +15f6b43a66496243c683ee3d5bb41fcd *httpd-2.4.15-deps.tar.bz2 Added: dev/httpd/httpd-2.4.15-deps.tar.bz2.sha1 ============================================================================== --- dev/httpd/httpd-2.4.15-deps.tar.bz2.sha1 (added) +++ dev/httpd/httpd-2.4.15-deps.tar.bz2.sha1 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +728abc706e67815dda0d109e252335ff3446aadb *httpd-2.4.15-deps.tar.bz2 Added: dev/httpd/httpd-2.4.15-deps.tar.gz ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15-deps.tar.gz ------------------------------------------------------------------------------ svn:mime-type = application/x-gzip Added: dev/httpd/httpd-2.4.15-deps.tar.gz.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15-deps.tar.gz.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.15-deps.tar.gz.md5 ============================================================================== --- dev/httpd/httpd-2.4.15-deps.tar.gz.md5 (added) +++ dev/httpd/httpd-2.4.15-deps.tar.gz.md5 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +4e8d5d8aa51a30671569c79b044984c2 *httpd-2.4.15-deps.tar.gz Added: dev/httpd/httpd-2.4.15-deps.tar.gz.sha1 ============================================================================== --- dev/httpd/httpd-2.4.15-deps.tar.gz.sha1 (added) +++ dev/httpd/httpd-2.4.15-deps.tar.gz.sha1 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +c041de36f6b496aed2700cdee19ce607f9eea631 *httpd-2.4.15-deps.tar.gz Added: dev/httpd/httpd-2.4.15.tar.bz2 ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15.tar.bz2 ------------------------------------------------------------------------------ svn:mime-type = application/x-bzip2 Added: dev/httpd/httpd-2.4.15.tar.bz2.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15.tar.bz2.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.15.tar.bz2.md5 ============================================================================== --- dev/httpd/httpd-2.4.15.tar.bz2.md5 (added) +++ dev/httpd/httpd-2.4.15.tar.bz2.md5 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +c071647e14ce40f6addeaab1b857d198 *httpd-2.4.15.tar.bz2 Added: dev/httpd/httpd-2.4.15.tar.bz2.sha1 ============================================================================== --- dev/httpd/httpd-2.4.15.tar.bz2.sha1 (added) +++ dev/httpd/httpd-2.4.15.tar.bz2.sha1 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +0bef3d6af8839fbeb0fa276f63152acb3f191884 *httpd-2.4.15.tar.bz2 Added: dev/httpd/httpd-2.4.15.tar.gz ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15.tar.gz ------------------------------------------------------------------------------ svn:mime-type = application/x-gzip Added: dev/httpd/httpd-2.4.15.tar.gz.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.15.tar.gz.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.15.tar.gz.md5 ============================================================================== --- dev/httpd/httpd-2.4.15.tar.gz.md5 (added) +++ dev/httpd/httpd-2.4.15.tar.gz.md5 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +4aa22226a1448f33c699f486691209c0 *httpd-2.4.15.tar.gz Added: dev/httpd/httpd-2.4.15.tar.gz.sha1 ============================================================================== --- dev/httpd/httpd-2.4.15.tar.gz.sha1 (added) +++ dev/httpd/httpd-2.4.15.tar.gz.sha1 Fri Jun 19 16:47:17 2015 @@ -0,0 +1 @@ +9ab40f9de50dbbc6bd20be38b52c7fa5a211d417 *httpd-2.4.15.tar.gz