Return-Path: X-Original-To: apmail-httpd-cvs-archive@www.apache.org Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6A2AB1831A for ; Tue, 8 Dec 2015 20:36:09 +0000 (UTC) Received: (qmail 9145 invoked by uid 500); 8 Dec 2015 20:36:09 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 9074 invoked by uid 500); 8 Dec 2015 20:36:09 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 9065 invoked by uid 99); 8 Dec 2015 20:36:09 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Dec 2015 20:36:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id CAEA218027B for ; Tue, 8 Dec 2015 20:36:08 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.497 X-Spam-Level: * X-Spam-Status: No, score=1.497 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, KAM_LOTSOFHASH=0.25, RP_MATCHES_RCVD=-0.554, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id YlPu4pXlveHz for ; Tue, 8 Dec 2015 20:36:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTP id 9629C20C70 for ; Tue, 8 Dec 2015 20:36:01 +0000 (UTC) Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 7E39EE0232 for ; Tue, 8 Dec 2015 20:36:00 +0000 (UTC) Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 48C513A00E7 for ; Tue, 8 Dec 2015 20:36:00 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r11496 - /dev/httpd/ Date: Tue, 08 Dec 2015 20:35:59 -0000 To: cvs@httpd.apache.org From: jim@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20151208203600.48C513A00E7@svn01-us-west.apache.org> Author: jim Date: Tue Dec 8 20:35:59 2015 New Revision: 11496 Log: Push dev tarballs Added: dev/httpd/CHANGES_2.4.18 dev/httpd/httpd-2.4.18-deps.tar.bz2 (with props) dev/httpd/httpd-2.4.18-deps.tar.bz2.asc (with props) dev/httpd/httpd-2.4.18-deps.tar.bz2.md5 dev/httpd/httpd-2.4.18-deps.tar.bz2.sha1 dev/httpd/httpd-2.4.18-deps.tar.gz (with props) dev/httpd/httpd-2.4.18-deps.tar.gz.asc (with props) dev/httpd/httpd-2.4.18-deps.tar.gz.md5 dev/httpd/httpd-2.4.18-deps.tar.gz.sha1 dev/httpd/httpd-2.4.18.tar.bz2 (with props) dev/httpd/httpd-2.4.18.tar.bz2.asc (with props) dev/httpd/httpd-2.4.18.tar.bz2.md5 dev/httpd/httpd-2.4.18.tar.bz2.sha1 dev/httpd/httpd-2.4.18.tar.gz (with props) dev/httpd/httpd-2.4.18.tar.gz.asc (with props) dev/httpd/httpd-2.4.18.tar.gz.md5 dev/httpd/httpd-2.4.18.tar.gz.sha1 Modified: dev/httpd/Announcement2.4.html dev/httpd/Announcement2.4.txt dev/httpd/CHANGES_2.4 Modified: dev/httpd/Announcement2.4.html ============================================================================== --- dev/httpd/Announcement2.4.html (original) +++ dev/httpd/Announcement2.4.html Tue Dec 8 20:35:59 2015 @@ -15,12 +15,12 @@

- Apache HTTP Server 2.4.17 Released + Apache HTTP Server 2.4.18 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce - the release of version 2.4.17 of the Apache + the release of version 2.4.18 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of @@ -29,18 +29,11 @@ and bug fix release.

- In this release are some exciting new features including: -

-
    -
  • HTTP/2 support via mod_http2 module
-
  • Support for SO_REUSEPORT in MPMs for significant scalability - -

    We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

    - Apache HTTP Server 2.4.17 is available for download from: + Apache HTTP Server 2.4.18 is available for download from:

    Please see the CHANGES_2.4 file, linked from the download page, for a - full list of changes. A condensed list, CHANGES_2.4.17 includes only + full list of changes. A condensed list, CHANGES_2.4.18 includes only those changes introduced since the prior 2.4 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: Modified: dev/httpd/Announcement2.4.txt ============================================================================== --- dev/httpd/Announcement2.4.txt (original) +++ dev/httpd/Announcement2.4.txt Tue Dec 8 20:35:59 2015 @@ -1,22 +1,17 @@ - Apache HTTP Server 2.4.17 Released + Apache HTTP Server 2.4.18 Released The Apache Software Foundation and the Apache HTTP Server Project - are pleased to announce the release of version 2.4.17 of the Apache + are pleased to announce the release of version 2.4.18 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This release of Apache is principally a feature and bug fix release. - In this release are some exciting new features including: - - *) HTTP/2 support via mod_http2 module - *) Support for SO_REUSEPORT in MPMs for significant scalability - We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. - Apache HTTP Server 2.4.17 is available for download from: + Apache HTTP Server 2.4.18 is available for download from: http://httpd.apache.org/download.cgi @@ -27,7 +22,7 @@ http://httpd.apache.org/docs/trunk/new_features_2_4.html Please see the CHANGES_2.4 file, linked from the download page, for a - full list of changes. A condensed list, CHANGES_2.4.17 includes only + full list of changes. A condensed list, CHANGES_2.4.18 includes only those changes introduced since the prior 2.4 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: Modified: dev/httpd/CHANGES_2.4 ============================================================================== --- dev/httpd/CHANGES_2.4 (original) +++ dev/httpd/CHANGES_2.4 Tue Dec 8 20:35:59 2015 @@ -1,5 +1,99 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.18 + + *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection + if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666. + [Stefan Eissing] + + *) mod_http2: connection level window for flow control is set to protocol + maximum of 2GB-1, preventing window exhaustion when sending data on many + streams with higher cumulative window size. + Reducing write frequency unless push promises need to be flushed. + [Stefan Eissing] + + *) mod_http2: required minimum version of libnghttp2 is 1.2.1 + [Stefan Eissing] + + *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration. + In earlier version of httpd, you can explicitelly set the 'flusher' parameter + to 'flush' as a workaround. (i.e. flusher=flush) + Add documentation for the 'flusher' parameter when defining a proxy worker. + [Christophe Jaillet] + + *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure + to only staple responses with certificate status "good". [Kaspar Brand] + + *) mod_http2: new directive 'H2PushPriority' to allow priority specifications + on server pushed streams according to their content-type. + [Stefan Eissing] + + *) mod_http2: fixes crash on connection abort for a busy connection. + fixes crash on a request that did not produce any response. + [Stefan Eissing] + + *) mod_http2: trailers are sent after reponse body if set in request_rec + trailers_out before the end-of-request bucket is sent through the + output filters. [Stefan Eissing] + + *) mod_http2: incoming trailers (headers after request body) are properly + forwarded to the processing engine. [Stefan Eissing] + + *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server + pushes a server/virtual host. Pushes are initiated by the presence + of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing] + + *) mod_http2: write performance of http2 improved for larger resources, + especially static files. [Stefan Eissing] + + *) core: if the first HTTP/1.1 request on a connection goes to a server that + prefers different protocols, these protocols are announced in a Upgrade: + header on the response, mentioning the preferred protocols. + [Stefan Eissing] + + *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs' + to control TLS record sizes during connection lifetime. + [Stefan Eissing] + + *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security + requirements of RFC 7540 on TLS connections. [Stefan Eissing] + + *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols + that a client could possibly upgrade to. Use in first request on a + connection to announce protocol choices. [Stefan Eissing] + + *) mod_http2: reworked deallocation on connection shutdown and worker + abort. Separate parent pool for all workers. worker threads are joined + on planned worker shutdown. [Yann Ylavic, Stefan Eissing] + + *) mod_ssl: when receiving requests for other virtual hosts than the handshake + server, the SSL parameters are checked for equality. With equal + configuration, requests are passed for processing. Any change will trigger + the old behaviour of "421 Misdirected Request". + SSL now remembers the cipher suite that was used for the last handshake. + This is compared against for any vhost/directory cipher specification. + Detailed examination of renegotiation is only done when these do not + match. + Renegotiation is 403ed when a master connection is present. Exact reason + is given additionally in a request note. [Stefan Eissing] + + *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit + alignment (SPARC64, PPC64). [Yann Ylavic] + + *) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header + fields as described in RFC7230. [Christophe Jaillet] + + *) core/util_script: making REDIRECT_URL a full URL is now opt-in + via new 'QualifyRedirectURL' directive. + + *) core: Limit to ten the number of tolerated empty lines between request, + and consume them before the pipelining check to avoid possible response + delay when reading the next request without flushing. [Yann Ylavic] + + *) mod_ssl: Extend expression parser registration to support ssl variables + in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function + syntax "ssl(VARNAME)". [Rainer Jung] + Changes with Apache 2.4.17 *) mod_http2: added donated HTTP/2 implementation via core module. Similar @@ -9,6 +103,9 @@ Changes with Apache 2.4.17 to avoid reusing it should the close be effective after some new request is ready to be sent. [Yann Ylavic] + *) mod_ssl: Make the output filter more friendly with deferred write and + response pipelining. [Yann Ylavic, Joe Orton] + *) mod_substitute: Allow to configure the patterns merge order with the new SubstituteInheritBefore on|off directive. PR 57641 [Marc.Stern , Yann Ylavic, William Rowe] Added: dev/httpd/CHANGES_2.4.18 ============================================================================== --- dev/httpd/CHANGES_2.4.18 (added) +++ dev/httpd/CHANGES_2.4.18 Tue Dec 8 20:35:59 2015 @@ -0,0 +1,108 @@ + -*- coding: utf-8 -*- + +Changes with Apache 2.4.18 + + *) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection + if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666. + [Stefan Eissing] + + *) mod_http2: connection level window for flow control is set to protocol + maximum of 2GB-1, preventing window exhaustion when sending data on many + streams with higher cumulative window size. + Reducing write frequency unless push promises need to be flushed. + [Stefan Eissing] + + *) mod_http2: required minimum version of libnghttp2 is 1.2.1 + [Stefan Eissing] + + *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration. + In earlier version of httpd, you can explicitelly set the 'flusher' parameter + to 'flush' as a workaround. (i.e. flusher=flush) + Add documentation for the 'flusher' parameter when defining a proxy worker. + [Christophe Jaillet] + + *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure + to only staple responses with certificate status "good". [Kaspar Brand] + + *) mod_http2: new directive 'H2PushPriority' to allow priority specifications + on server pushed streams according to their content-type. + [Stefan Eissing] + + *) mod_http2: fixes crash on connection abort for a busy connection. + fixes crash on a request that did not produce any response. + [Stefan Eissing] + + *) mod_http2: trailers are sent after reponse body if set in request_rec + trailers_out before the end-of-request bucket is sent through the + output filters. [Stefan Eissing] + + *) mod_http2: incoming trailers (headers after request body) are properly + forwarded to the processing engine. [Stefan Eissing] + + *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server + pushes a server/virtual host. Pushes are initiated by the presence + of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing] + + *) mod_http2: write performance of http2 improved for larger resources, + especially static files. [Stefan Eissing] + + *) core: if the first HTTP/1.1 request on a connection goes to a server that + prefers different protocols, these protocols are announced in a Upgrade: + header on the response, mentioning the preferred protocols. + [Stefan Eissing] + + *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs' + to control TLS record sizes during connection lifetime. + [Stefan Eissing] + + *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security + requirements of RFC 7540 on TLS connections. [Stefan Eissing] + + *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols + that a client could possibly upgrade to. Use in first request on a + connection to announce protocol choices. [Stefan Eissing] + + *) mod_http2: reworked deallocation on connection shutdown and worker + abort. Separate parent pool for all workers. worker threads are joined + on planned worker shutdown. [Yann Ylavic, Stefan Eissing] + + *) mod_ssl: when receiving requests for other virtual hosts than the handshake + server, the SSL parameters are checked for equality. With equal + configuration, requests are passed for processing. Any change will trigger + the old behaviour of "421 Misdirected Request". + SSL now remembers the cipher suite that was used for the last handshake. + This is compared against for any vhost/directory cipher specification. + Detailed examination of renegotiation is only done when these do not + match. + Renegotiation is 403ed when a master connection is present. Exact reason + is given additionally in a request note. [Stefan Eissing] + + *) core: Fix scoreboard crash (SIGBUS) on hardware requiring strict 64bit + alignment (SPARC64, PPC64). [Yann Ylavic] + + *) mod_cache: Accept HT (Horizontal Tab) when parsing cache related header + fields as described in RFC7230. [Christophe Jaillet] + + *) core/util_script: making REDIRECT_URL a full URL is now opt-in + via new 'QualifyRedirectURL' directive. + + *) core: Limit to ten the number of tolerated empty lines between request, + and consume them before the pipelining check to avoid possible response + delay when reading the next request without flushing. [Yann Ylavic] + + *) mod_ssl: Extend expression parser registration to support ssl variables + in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function + syntax "ssl(VARNAME)". [Rainer Jung] + + + [Apache 2.3.0-dev includes those bug fixes and changes with the + Apache 2.2.xx tree as documented, and except as noted, below.] + +Changes with Apache 2.2.x and later: + + *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup + +Changes with Apache 2.0.x and later: + + *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup + Added: dev/httpd/httpd-2.4.18-deps.tar.bz2 ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18-deps.tar.bz2 ------------------------------------------------------------------------------ svn:mime-type = application/x-bzip2 Added: dev/httpd/httpd-2.4.18-deps.tar.bz2.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18-deps.tar.bz2.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.18-deps.tar.bz2.md5 ============================================================================== --- dev/httpd/httpd-2.4.18-deps.tar.bz2.md5 (added) +++ dev/httpd/httpd-2.4.18-deps.tar.bz2.md5 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +4734d0254240545f1f7ce33f64b067fa *httpd-2.4.18-deps.tar.bz2 Added: dev/httpd/httpd-2.4.18-deps.tar.bz2.sha1 ============================================================================== --- dev/httpd/httpd-2.4.18-deps.tar.bz2.sha1 (added) +++ dev/httpd/httpd-2.4.18-deps.tar.bz2.sha1 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +877c503064c6ccdec6b6d99355501a4c50178da4 *httpd-2.4.18-deps.tar.bz2 Added: dev/httpd/httpd-2.4.18-deps.tar.gz ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18-deps.tar.gz ------------------------------------------------------------------------------ svn:mime-type = application/x-gzip Added: dev/httpd/httpd-2.4.18-deps.tar.gz.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18-deps.tar.gz.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.18-deps.tar.gz.md5 ============================================================================== --- dev/httpd/httpd-2.4.18-deps.tar.gz.md5 (added) +++ dev/httpd/httpd-2.4.18-deps.tar.gz.md5 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +177a920d3b9bb5753855c4a1b03ba722 *httpd-2.4.18-deps.tar.gz Added: dev/httpd/httpd-2.4.18-deps.tar.gz.sha1 ============================================================================== --- dev/httpd/httpd-2.4.18-deps.tar.gz.sha1 (added) +++ dev/httpd/httpd-2.4.18-deps.tar.gz.sha1 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +e9013fb476815ee01765bd57b214b5faaee99550 *httpd-2.4.18-deps.tar.gz Added: dev/httpd/httpd-2.4.18.tar.bz2 ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18.tar.bz2 ------------------------------------------------------------------------------ svn:mime-type = application/x-bzip2 Added: dev/httpd/httpd-2.4.18.tar.bz2.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18.tar.bz2.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.18.tar.bz2.md5 ============================================================================== --- dev/httpd/httpd-2.4.18.tar.bz2.md5 (added) +++ dev/httpd/httpd-2.4.18.tar.bz2.md5 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +3690b3cc991b7dfd22aea9e1264a11b9 *httpd-2.4.18.tar.bz2 Added: dev/httpd/httpd-2.4.18.tar.bz2.sha1 ============================================================================== --- dev/httpd/httpd-2.4.18.tar.bz2.sha1 (added) +++ dev/httpd/httpd-2.4.18.tar.bz2.sha1 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +271a129f2f04e3aa694e5c2091df9b707bf8ef80 *httpd-2.4.18.tar.bz2 Added: dev/httpd/httpd-2.4.18.tar.gz ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18.tar.gz ------------------------------------------------------------------------------ svn:mime-type = application/x-gzip Added: dev/httpd/httpd-2.4.18.tar.gz.asc ============================================================================== Binary file - no diff available. Propchange: dev/httpd/httpd-2.4.18.tar.gz.asc ------------------------------------------------------------------------------ svn:mime-type = application/pgp-signature Added: dev/httpd/httpd-2.4.18.tar.gz.md5 ============================================================================== --- dev/httpd/httpd-2.4.18.tar.gz.md5 (added) +++ dev/httpd/httpd-2.4.18.tar.gz.md5 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +2f90ce3426541817e0dfd01cae086b60 *httpd-2.4.18.tar.gz Added: dev/httpd/httpd-2.4.18.tar.gz.sha1 ============================================================================== --- dev/httpd/httpd-2.4.18.tar.gz.sha1 (added) +++ dev/httpd/httpd-2.4.18.tar.gz.sha1 Tue Dec 8 20:35:59 2015 @@ -0,0 +1 @@ +d817d144dd1397efc52b9ce1dfc9e5713e7265e6 *httpd-2.4.18.tar.gz