httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r22560 - /dev/httpd/
Date Tue, 17 Oct 2017 18:57:46 GMT
Author: jim
Date: Tue Oct 17 18:57:45 2017
New Revision: 22560

Log:
Upload httpd 2.4.29 test tarballs

Added:
    dev/httpd/CHANGES_2.4.29
    dev/httpd/httpd-2.4.29-deps.tar.bz2   (with props)
    dev/httpd/httpd-2.4.29-deps.tar.bz2.asc   (with props)
    dev/httpd/httpd-2.4.29-deps.tar.bz2.md5
    dev/httpd/httpd-2.4.29-deps.tar.bz2.sha1
    dev/httpd/httpd-2.4.29-deps.tar.bz2.sha256
    dev/httpd/httpd-2.4.29-deps.tar.gz   (with props)
    dev/httpd/httpd-2.4.29-deps.tar.gz.asc   (with props)
    dev/httpd/httpd-2.4.29-deps.tar.gz.md5
    dev/httpd/httpd-2.4.29-deps.tar.gz.sha1
    dev/httpd/httpd-2.4.29-deps.tar.gz.sha256
    dev/httpd/httpd-2.4.29.tar.bz2   (with props)
    dev/httpd/httpd-2.4.29.tar.bz2.asc   (with props)
    dev/httpd/httpd-2.4.29.tar.bz2.md5
    dev/httpd/httpd-2.4.29.tar.bz2.sha1
    dev/httpd/httpd-2.4.29.tar.bz2.sha256
    dev/httpd/httpd-2.4.29.tar.gz   (with props)
    dev/httpd/httpd-2.4.29.tar.gz.asc   (with props)
    dev/httpd/httpd-2.4.29.tar.gz.md5
    dev/httpd/httpd-2.4.29.tar.gz.sha1
    dev/httpd/httpd-2.4.29.tar.gz.sha256
Removed:
    dev/httpd/CHANGES_2.4.28
    dev/httpd/httpd-2.4.28-deps.tar.bz2
    dev/httpd/httpd-2.4.28-deps.tar.bz2.asc
    dev/httpd/httpd-2.4.28-deps.tar.bz2.md5
    dev/httpd/httpd-2.4.28-deps.tar.bz2.sha1
    dev/httpd/httpd-2.4.28-deps.tar.bz2.sha256
    dev/httpd/httpd-2.4.28-deps.tar.gz
    dev/httpd/httpd-2.4.28-deps.tar.gz.asc
    dev/httpd/httpd-2.4.28-deps.tar.gz.md5
    dev/httpd/httpd-2.4.28-deps.tar.gz.sha1
    dev/httpd/httpd-2.4.28-deps.tar.gz.sha256
    dev/httpd/httpd-2.4.28.tar.bz2
    dev/httpd/httpd-2.4.28.tar.bz2.asc
    dev/httpd/httpd-2.4.28.tar.bz2.md5
    dev/httpd/httpd-2.4.28.tar.bz2.sha1
    dev/httpd/httpd-2.4.28.tar.bz2.sha256
    dev/httpd/httpd-2.4.28.tar.gz
    dev/httpd/httpd-2.4.28.tar.gz.asc
    dev/httpd/httpd-2.4.28.tar.gz.md5
    dev/httpd/httpd-2.4.28.tar.gz.sha1
    dev/httpd/httpd-2.4.28.tar.gz.sha256
Modified:
    dev/httpd/Announcement2.4.html
    dev/httpd/Announcement2.4.txt
    dev/httpd/CHANGES_2.4

Modified: dev/httpd/Announcement2.4.html
==============================================================================
--- dev/httpd/Announcement2.4.html (original)
+++ dev/httpd/Announcement2.4.html Tue Oct 17 18:57:45 2017
@@ -49,15 +49,15 @@
 <div class="banner"></div>
 
 <h1>
-                       Apache HTTP Server 2.4.28 Released
+                       Apache HTTP Server 2.4.29 Released
 </h1>
 <p>
-   October 5, 2017
+   October XX, 2017
 </p>
 <p>
    The Apache Software Foundation and the Apache HTTP Server Project are
    pleased to <a href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
-   the release of version 2.4.28 of the Apache
+   the release of version 2.4.29 of the Apache
    HTTP Server ("Apache").  This version of Apache is our latest GA
    release of the new generation 2.4.x branch of Apache HTTPD and
    represents fifteen years of innovation by the project, and is
@@ -69,7 +69,7 @@
    encourage users of all prior versions to upgrade.
 </p>
 <p>
-   Apache HTTP Server 2.4.28 is available for download from:
+   Apache HTTP Server 2.4.29 is available for download from:
 </p>
 <dl>
   <dd><a href="https://httpd.apache.org/download.cgi"
@@ -77,7 +77,7 @@
 </dl>
 <p>
    Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file, linked from the
download page, for a
-   full list of changes.  A condensed list, <a href="./CHANGES_2.4.28">CHANGES_2.4.28</a>
includes only
+   full list of changes.  A condensed list, <a href="./CHANGES_2.4.29">CHANGES_2.4.29</a>
includes only
    those changes introduced since the prior 2.4 release.  A summary of all 
    of the security vulnerabilities addressed in this and earlier releases 
    is available:
@@ -88,17 +88,6 @@
   </dd>
 </dl>
 <p>
-   Of particular note in this release is 1 SECURITY item:
-</p>
-<ul>
-     <li>SECURITY: CVE-2017-9798 (cve.mitre.org)<br/>
-       Corrupted or freed memory access. &lt;Limit[Except]&gt; or the
-       RegisterHttpMethod directive must be given in the startup
-       configuration (httpd.conf) to register non-standard HTTP methods
-       before listing them in an .htaccess files.
-</li>
-</ul>
-<p>
    This release requires the Apache Portable Runtime (APR), minimum version
    1.5.x, and APR-Util, minimum version 1.5.x. Some features may require the 1.6.x
    version of both APR and APR-Util. The APR libraries must be upgraded for

Modified: dev/httpd/Announcement2.4.txt
==============================================================================
--- dev/httpd/Announcement2.4.txt (original)
+++ dev/httpd/Announcement2.4.txt Tue Oct 17 18:57:45 2017
@@ -1,9 +1,9 @@
-                Apache HTTP Server 2.4.28 Released
+                Apache HTTP Server 2.4.29 Released
 
-   October 5, 2017
+   October XX, 2017
 
    The Apache Software Foundation and the Apache HTTP Server Project
-   are pleased to announce the release of version 2.4.28 of the Apache
+   are pleased to announce the release of version 2.4.29 of the Apache
    HTTP Server ("Apache").  This version of Apache is our latest GA
    release of the new generation 2.4.x branch of Apache HTTPD and
    represents fifteen years of innovation by the project, and is
@@ -13,7 +13,7 @@
    We consider this release to be the best version of Apache available, and
    encourage users of all prior versions to upgrade.
 
-   Apache HTTP Server 2.4.28 is available for download from:
+   Apache HTTP Server 2.4.29 is available for download from:
 
      http://httpd.apache.org/download.cgi
 
@@ -24,21 +24,13 @@
      http://httpd.apache.org/docs/trunk/new_features_2_4.html
 
    Please see the CHANGES_2.4 file, linked from the download page, for a
-   full list of changes. A condensed list, CHANGES_2.4.28 includes only
+   full list of changes. A condensed list, CHANGES_2.4.29 includes only
    those changes introduced since the prior 2.4 release.  A summary of all 
    of the security vulnerabilities addressed in this and earlier releases 
    is available:
 
      http://httpd.apache.org/security/vulnerabilities_24.html
 
-   Of particular note in this release is 1 SECURITY item:
-
-     o SECURITY: CVE-2017-9798 (cve.mitre.org)
-       Corrupted or freed memory access. <Limit[Except] > or the
-       RegisterHttpMethod directive must be given in the startup
-       configuration (httpd.conf) to register non-standard HTTP methods
-       before listing them in an .htaccess files.
-
    This release requires the Apache Portable Runtime (APR), minimum
    version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
    require the 1.6.x version of both APR and APR-Util. The APR libraries

Modified: dev/httpd/CHANGES_2.4
==============================================================================
--- dev/httpd/CHANGES_2.4 (original)
+++ dev/httpd/CHANGES_2.4 Tue Oct 17 18:57:45 2017
@@ -1,4 +1,34 @@
                                                          -*- coding: utf-8 -*-
+Changes with Apache 2.4.29
+
+  *) mod_unique_id: Use output of the PRNG rather than IP address and
+     pid, avoiding sleep() call and possible DNS issues at startup,
+     plus improving randomness for IPv6-only hosts.  [Jan Kaluza]
+
+  *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
+     is used in a condition that evaluates to true. PR 58231 [Luca Toscano]
+
+  *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
+     beams that could lead to assertion failure in edge cases.
+     [Stefan Eissing] 
+
+  *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
+     in 2.4.28.  [Jim Jagielski]
+
+  *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
+     PR 61546.  [Lubos Uhliarik <luhliari redhat.com>]
+
+  *) mod_rewrite: Add support for starting External Rewriting Programs
+     as non-root user on UNIX systems by specifying username and group
+     name as third argument of RewriteMap directive.  [Jan Kaluza]
+
+  *) core: Rewrite the Content-Length filter to avoid excessive memory
+     consumption. Chunked responses will be generated in more cases
+     than in previous releases.  PR 61222.  [Joe Orton, Ruediger Pluem]
+
+  *) mod_ssl: Fix SessionTicket callback return value, which does seem to
+     matter with OpenSSL 1.1. [Yann Ylavic]
+
 Changes with Apache 2.4.28
 
   *) SECURITY: CVE-2017-9798 (cve.mitre.org)

Added: dev/httpd/CHANGES_2.4.29
==============================================================================
--- dev/httpd/CHANGES_2.4.29 (added)
+++ dev/httpd/CHANGES_2.4.29 Tue Oct 17 18:57:45 2017
@@ -0,0 +1,43 @@
+                                                         -*- coding: utf-8 -*-
+Changes with Apache 2.4.29
+
+  *) mod_unique_id: Use output of the PRNG rather than IP address and
+     pid, avoiding sleep() call and possible DNS issues at startup,
+     plus improving randomness for IPv6-only hosts.  [Jan Kaluza]
+
+  *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST
+     is used in a condition that evaluates to true. PR 58231 [Luca Toscano]
+
+  *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket
+     beams that could lead to assertion failure in edge cases.
+     [Stefan Eissing] 
+
+  *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced
+     in 2.4.28.  [Jim Jagielski]
+
+  *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
+     PR 61546.  [Lubos Uhliarik <luhliari redhat.com>]
+
+  *) mod_rewrite: Add support for starting External Rewriting Programs
+     as non-root user on UNIX systems by specifying username and group
+     name as third argument of RewriteMap directive.  [Jan Kaluza]
+
+  *) core: Rewrite the Content-Length filter to avoid excessive memory
+     consumption. Chunked responses will be generated in more cases
+     than in previous releases.  PR 61222.  [Joe Orton, Ruediger Pluem]
+
+  *) mod_ssl: Fix SessionTicket callback return value, which does seem to
+     matter with OpenSSL 1.1. [Yann Ylavic]
+
+
+  [Apache 2.3.0-dev includes those bug fixes and changes with the
+   Apache 2.2.xx tree as documented, and except as noted, below.]
+
+Changes with Apache 2.2.x and later:
+
+  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
+
+Changes with Apache 2.0.x and later:
+
+  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
+

Added: dev/httpd/httpd-2.4.29-deps.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29-deps.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/x-bzip2

Added: dev/httpd/httpd-2.4.29-deps.tar.bz2.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29-deps.tar.bz2.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.29-deps.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.bz2.md5 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+df0eea2fc85ce911ee20f3d790c9c03f *httpd-2.4.29-deps.tar.bz2

Added: dev/httpd/httpd-2.4.29-deps.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.bz2.sha1 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+4320d6a21b89556e4b35ba46411ca14e0cfc2612 *httpd-2.4.29-deps.tar.bz2

Added: dev/httpd/httpd-2.4.29-deps.tar.bz2.sha256
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.bz2.sha256 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.bz2.sha256 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+3dedd66197c0902961c3c0c3615c1fcd3b305a71a6ed6fec8b08dfb401634e20 *httpd-2.4.29-deps.tar.bz2

Added: dev/httpd/httpd-2.4.29-deps.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29-deps.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/x-gzip

Added: dev/httpd/httpd-2.4.29-deps.tar.gz.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29-deps.tar.gz.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.29-deps.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.gz.md5 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+eed4446286ee611d266686d951004649 *httpd-2.4.29-deps.tar.gz

Added: dev/httpd/httpd-2.4.29-deps.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.gz.sha1 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+fbe8b7e0b1aeaea7fe491f1ab082c72888b4b41f *httpd-2.4.29-deps.tar.gz

Added: dev/httpd/httpd-2.4.29-deps.tar.gz.sha256
==============================================================================
--- dev/httpd/httpd-2.4.29-deps.tar.gz.sha256 (added)
+++ dev/httpd/httpd-2.4.29-deps.tar.gz.sha256 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+c1e7749b44b08d09d7d94986ab4b0d9bf48c7dfca7270ccf1677cb7ad08cf309 *httpd-2.4.29-deps.tar.gz

Added: dev/httpd/httpd-2.4.29.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/x-bzip2

Added: dev/httpd/httpd-2.4.29.tar.bz2.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29.tar.bz2.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.29.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.4.29.tar.bz2.md5 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+0c599404ef6b69eee95bcd9fcd094407 *httpd-2.4.29.tar.bz2

Added: dev/httpd/httpd-2.4.29.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.4.29.tar.bz2.sha1 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+d99137fe45c6267653350f888bf745a3d242ddbe *httpd-2.4.29.tar.bz2

Added: dev/httpd/httpd-2.4.29.tar.bz2.sha256
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.bz2.sha256 (added)
+++ dev/httpd/httpd-2.4.29.tar.bz2.sha256 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+777753a5a25568a2a27428b2214980564bc1c38c1abf9ccc7630b639991f7f00 *httpd-2.4.29.tar.bz2

Added: dev/httpd/httpd-2.4.29.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/x-gzip

Added: dev/httpd/httpd-2.4.29.tar.gz.asc
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.4.29.tar.gz.asc
------------------------------------------------------------------------------
    svn:mime-type = application/pgp-signature

Added: dev/httpd/httpd-2.4.29.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.4.29.tar.gz.md5 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+6380b0856658f07479fdcba9e20294a6 *httpd-2.4.29.tar.gz

Added: dev/httpd/httpd-2.4.29.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.4.29.tar.gz.sha1 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+c6badd5f9bc3a951026c839d35ac05267612ff61 *httpd-2.4.29.tar.gz

Added: dev/httpd/httpd-2.4.29.tar.gz.sha256
==============================================================================
--- dev/httpd/httpd-2.4.29.tar.gz.sha256 (added)
+++ dev/httpd/httpd-2.4.29.tar.gz.sha256 Tue Oct 17 18:57:45 2017
@@ -0,0 +1 @@
+948e4a11278a5954698b880b30f401b1e9ab743713ee2c7280a54dd4ddd87085 *httpd-2.4.29.tar.gz



Mime
View raw message