httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r17737 [3/3] - /dev/httpd/
Date Mon, 09 Jan 2017 17:57:22 GMT
Added: dev/httpd/CHANGES_2.2.32
==============================================================================
--- dev/httpd/CHANGES_2.2.32 (added)
+++ dev/httpd/CHANGES_2.2.32 Mon Jan  9 17:57:22 2017
@@ -0,0 +1,96 @@
+                                                         -*- coding: utf-8 -*-
+Changes with Apache 2.2.32
+
+  *) SECURITY: CVE-2016-8743 (cve.mitre.org)
+     Enforce HTTP request grammar corresponding to RFC7230 for request lines
+     and request headers, to prevent response splitting and cache pollution by
+     malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
+
+  *) Validate HTTP response header grammar defined by RFC7230, resulting
+     in a 500 error in the event that invalid response header contents are
+     detected when serving the response, to avoid response splitting and cache
+     pollution by malicious clients, upstream servers or faulty modules.
+     [Stefan Fritsch, Eric Covener, Yann Ylavic]
+
+  *) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
+     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+  *) core: Avoid a possible truncation of the faulty header included in the
+     HTML response when LimitRequestFieldSize is reached.  [Yann Ylavic]
+
+  *) core: Enforce LimitRequestFieldSize after multiple headers with the same
+     name have been merged. [Stefan Fritsch]
+
+  *) core: Drop Content-Length header and message-body from HTTP 204 responses.
+     PR 51350 [Luca Toscano]
+
+  *) core: Permit unencoded ';' characters to appear in proxy requests and
+     Location: response headers. Corresponds to modern browser behavior.
+     [William Rowe]
+
+  *) core: ap_rgetline_core now pulls from r->proto_input_filters.
+
+  *) core: Correctly parse an IPv6 literal host specification in an absolute
+     URL in the request line. [Stefan Fritsch]
+
+  *) core: New directive RegisterHttpMethod for registering non-standard
+     HTTP methods. [Stefan Fritsch]
+
+  *) core: Limit to ten the number of tolerated empty lines between request.
+     [Yann Ylavic]
+
+  *) core: reject NULLs in request line or request headers.
+     PR 43039 [Nick Kew]
+
+  *) mod_proxy: Use the correct server name for SNI in case the backend
+     SSL connection itself is established via a proxy server.
+     PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
+
+  *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
+     directives.  [Mike Rumph <mike.rumph oracle.com>]
+
+  *) mod_ssl: Support compilation against libssl built with OPENSSL_NO_SSL3.
+     [Kaspar Brand]
+
+  *) mod_proxy: Correctly consider error response codes by the backend when
+     processing failonstatus. PR 59869 [Ruediger Pluem]
+
+  *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
+     had to be issued because the remote closed the previous/reusable one
+     during idle (keep-alive) time.  [Yann Ylavic]
+
+  *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
+     [Jan Kaluza, Yann Ylavic]
+
+  *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to
+     use a different scoreboard slot then the original one.  PR 58267.
+     [Ruediger Pluem]
+
+  *) mod_proxy: Fix a race condition that caused a failed worker to be retried
+     before the retry period is over. [Ruediger Pluem]
+
+  *) mod_proxy: don't recyle backend announced "Connection: close" connections
+     to avoid reusing it should the close be effective after some new request
+     is ready to be sent.  [Yann Ylavic]
+
+  *) mod_mem_cache: Fix concurrent removal of stale entries which could lead
+     to a crash.  PR 43724.  [Yann Ylavic]
+
+  *) mime.types: add common extension "m4a" for MPEG 4 Audio.
+     PR 57895 [Dylan Millikin <dylan.millikin gmail.com>]
+
+  *) mod_substitute: Allow to configure the patterns merge order with the new
+     SubstituteInheritBefore on|off directive.  PR 57641
+     [Marc.Stern <Marc.Stern approach.be>, Yann Ylavic, William Rowe]
+
+  *) mod_mem_cache: Don't cache incomplete responses when the client
+     connection is aborted before the body is fully read.  PR 45049.
+     [Nick Pace <nick simplylogic.net>, Edward Lu, Yann Ylavic]
+
+  *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
+     failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
+     PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
+
+  *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
+     PR 57167 [Edward Lu <Chaosed0 gmail.com>]
+

Added: dev/httpd/httpd-2.2.32-win32-src.zip
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.2.32-win32-src.zip
------------------------------------------------------------------------------
    svn:mime-type = application/zip

Added: dev/httpd/httpd-2.2.32-win32-src.zip.asc
==============================================================================
--- dev/httpd/httpd-2.2.32-win32-src.zip.asc (added)
+++ dev/httpd/httpd-2.2.32-win32-src.zip.asc Mon Jan  9 17:57:22 2017
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJYc82iAAoJEI77GWKQiPVlIcQQAJzx9a2UuQ7nuc7LC+vrO9Jv
+dxz7YD1JhOhT4SfNFqmgvR2nLrBix65afgfX9EAH9GODt78r1okL6LPdl6rymtPO
+KiAPYItjASdLnr5BUsR081DWM25TuL2J1iEP8r2j6ISzqZuJ/uVdfJngK4abQP9t
+hu6UCz+OamEq5rd8OtV4fo76HhVQ0nOoqenvqnW3FI0yhKilBIsZjHOIJsqw/SsK
+cx3yXarJsAJXTInW7qiStADRatX3eljDbLnQsaWGu6bSfcp9RfPBdhuSwAnjVwtu
+/8eOmZXPLqlPGiUgHPv1vYEUWB1SCCabIIZ50JyRIqlKE3L/HsW1Byi4b8L9/smh
+lyuTQ0TFB2PGdBfoErUF93Qy2h2RybU2OggWnFE9CbCg63ygwc0W6cGMXDNbGiUO
+NPvZ4X/5KoHVM6NN0VPzi6ne+nud7PY8oeukbYQ+Lfkc/PoTWS7PUoCB40CXRUes
+IQMKXcEybavVrEKo8WX2k0sxDWdP9UTDSO5Jwg8r4zFm3CRU9ZWL9I+lcJ2FW3LC
++XiAL34ECz5KqrDFewetp+n5ts08BupLJruToqVcv8gmh2oeZGW63n0CicIbnBiI
+umJEqE7gCkhOj2eR6muX7PAVti1/cE0d/Jidj+am4q8dt4+hgggMfyKpHiBoymDZ
+Z9euzSHstl4LATJxHNDB
+=IiJf
+-----END PGP SIGNATURE-----

Added: dev/httpd/httpd-2.2.32-win32-src.zip.md5
==============================================================================
--- dev/httpd/httpd-2.2.32-win32-src.zip.md5 (added)
+++ dev/httpd/httpd-2.2.32-win32-src.zip.md5 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+MD5(httpd-2.2.32-win32-src.zip)= 0a621a81e0ffa76696b5ccb8efdf437d

Added: dev/httpd/httpd-2.2.32-win32-src.zip.sha1
==============================================================================
--- dev/httpd/httpd-2.2.32-win32-src.zip.sha1 (added)
+++ dev/httpd/httpd-2.2.32-win32-src.zip.sha1 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+SHA1(httpd-2.2.32-win32-src.zip)= f49544790ba98e43fa44208a42618723afbddde4

Added: dev/httpd/httpd-2.2.32.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.2.32.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/x-bzip2

Added: dev/httpd/httpd-2.2.32.tar.bz2.asc
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.bz2.asc (added)
+++ dev/httpd/httpd-2.2.32.tar.bz2.asc Mon Jan  9 17:57:22 2017
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJYc8seAAoJEI77GWKQiPVlOtMQAJR6HW9KaVBmIc4oqTFgblSG
+6PBEZRQegEEpC/jAiZRdnDY+tNLL0SPTDH6o2qQRrAASatH7bzn5h6iH81UKhdwz
+0UIMLt5t5Qqozwyqru0pipFv6ZoLqMpuYZ0MvRwV64SXsZAQchpK7v4IMHyv+bKm
+okrpjVYz/e84LcomMj372PBLCFPc6fwsO5LbUJkYvbQXTIuWkWI7oMFyZK433cZj
+x2rLZJAG5facQHwdd57OrqAlA3m1iynoz/E0xCVQcILKFArY+kk3UxvVIZd2+Ijn
++8DKr00a5++HLmcj+Dk+BQN5/owmP29x/LZHHkGgSGhvEHgsZ8ITPLk7X03Vaekx
+yRKImfIKWf7E6pK1rgEcT1sYQLUP7QE9WCmZK9Rx+2n9fGZ3La3D/IzzI1RcsFM1
+81Htw89t0nogeljC0s7F2Q0sjTk4ehWLZIN7DG2YSf+BkE12rgimzgcr7e+QXN2A
+F3fIKTB5TlzDB2yXIJmQJIN8XFXcLr3QxWDQb6BJ0D9iSzlccshjsBaVWqBHK19m
+sGihjVkM1cU0a7GJr4x97ltw9Cr+b1ZbpWkd+HGTMRLxdvG3wVejVgCUxazzm14D
+ioXx46p0Vu5SzOiZijmie6Ce8XgHy04dMEVdyOieT58X+xj5oB2rcNlGCLm+KHEW
+vS4eB9USvomxZFQFU6ZA
+=JcWx
+-----END PGP SIGNATURE-----

Added: dev/httpd/httpd-2.2.32.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.2.32.tar.bz2.md5 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+d590ca1a8ce577b6bdfbd738d2de4741 *httpd-2.2.32.tar.bz2

Added: dev/httpd/httpd-2.2.32.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.2.32.tar.bz2.sha1 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+36dc7f2ac97627192dcff0a121408b897f91b121 *httpd-2.2.32.tar.bz2

Added: dev/httpd/httpd-2.2.32.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.2.32.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/x-gzip

Added: dev/httpd/httpd-2.2.32.tar.gz.asc
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.gz.asc (added)
+++ dev/httpd/httpd-2.2.32.tar.gz.asc Mon Jan  9 17:57:22 2017
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJYc8siAAoJEI77GWKQiPVlAgEQALqvse17aNEj428dZdQQ3PGk
+8QznB+hZa9vytbCJo+W3A/xaQpBDf9RDPSMoXsIn3u7xgdlE6VBb6qbODEv5rIDF
+y2Y/ef3A2JpqoTYmtN+QBXNr712QUWn/WZAkZqhJuUYA0l5T5hJdB1Cs1GIu6gJ5
+RdeFFFBcKe7IkxxfsYn9cnL/8rs/LjPRPzeNrj0KWOaK0RwnxBFpy0jMIconnSo3
+pKwiwtCBYM2Ge2ewd83E3gvr7q+suqG6oJEbgr874YgnVVK2R3aj93t5SJHT47rR
+BXawkeFYEOom1tGfI2Xc3l7uyip88v27WTzqcqayaem7Nf1KSOEeaFuAWqFlO6SF
+kMfjg8Cxcsu6qdAVhoS0BJgKocHizm8aR7n2fdBfv/gRVjUPmTFv181620JShHJr
+F6onqQK3i/lyV5JsIAKMnCKhfAQRCHruw2RrGT0ALw37bZ7ZG43kVn0NLmwiucqU
+n6qWS0srH3vbR1z7aEVoPp6/ZGTWY8TzY16yRTABi3jzlsfYC3ZiPHZN3Iigc09G
+VKltC/xVk3IET1630HNczjfhK7aNm/X+J8P6a8qJtHKWgHs1lWAA51+qD0eUR0mX
++x3eKAIFuUuFa0SA6A1egAwGP4e20DvLZUviDjnqd26BbcX6VtPMVj4ZKkRGBdIu
+gCjelAok8RrKq0x7tGY1
+=dS8a
+-----END PGP SIGNATURE-----

Added: dev/httpd/httpd-2.2.32.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.2.32.tar.gz.md5 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+8141657cf0c58f14de2a5ce9426df2bc *httpd-2.2.32.tar.gz

Added: dev/httpd/httpd-2.2.32.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.2.32.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.2.32.tar.gz.sha1 Mon Jan  9 17:57:22 2017
@@ -0,0 +1 @@
+19e94b8c9e727cc16b75795814c5b0e27ebc08d5 *httpd-2.2.32.tar.gz



Mime
View raw message