You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2017/07/06 19:28:46 UTC
svn commit: r20352 [3/3] - /dev/httpd/
Added: dev/httpd/CHANGES_2.2.34
==============================================================================
--- dev/httpd/CHANGES_2.2.34 (added)
+++ dev/httpd/CHANGES_2.2.34 Thu Jul 6 19:28:45 2017
@@ -0,0 +1,34 @@
+ -*- coding: utf-8 -*-
+Changes with Apache 2.2.34
+
+ *) Allow single-char field names inadvertantly disallowed in 2.2.32.
+ PR 61220. [Yann Ylavic]
+
+Changes with Apache 2.2.33 (not released)
+
+ *) SECURITY: CVE-2017-7668 (cve.mitre.org)
+ The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
+ bug in token list parsing, which allows ap_find_token() to search past
+ the end of its input string. By maliciously crafting a sequence of
+ request headers, an attacker may be able to cause a segmentation fault,
+ or to force ap_find_token() to return an incorrect value.
+ [Jacob Champion]
+
+ *) SECURITY: CVE-2017-3169 (cve.mitre.org)
+ mod_ssl may dereference a NULL pointer when third-party modules call
+ ap_hook_process_connection() during an HTTP request to an HTTPS port.
+ [Yann Ylavic]
+
+ *) SECURITY: CVE-2017-3167 (cve.mitre.org)
+ Use of the ap_get_basic_auth_pw() by third-party modules outside of the
+ authentication phase may lead to authentication requirements being
+ bypassed.
+ [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]
+
+ *) SECURITY: CVE-2017-7679 (cve.mitre.org)
+ mod_mime can read one byte past the end of a buffer when sending a
+ malicious Content-Type response header. [Yann Ylavic]
+
+ *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope.
+ [Joe Orton]
+
Added: dev/httpd/httpd-2.2.34-win32-src.zip
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34-win32-src.zip
------------------------------------------------------------------------------
svn:mime-type = application/zip
Added: dev/httpd/httpd-2.2.34-win32-src.zip.asc
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34-win32-src.zip.asc
------------------------------------------------------------------------------
svn:mime-type = application/pgp-signature
Added: dev/httpd/httpd-2.2.34-win32-src.zip.md5
==============================================================================
--- dev/httpd/httpd-2.2.34-win32-src.zip.md5 (added)
+++ dev/httpd/httpd-2.2.34-win32-src.zip.md5 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+0a619a3e9d5c6b268a02d7398434fe3b httpd-2.2.34-win32-src.zip
Added: dev/httpd/httpd-2.2.34-win32-src.zip.sha1
==============================================================================
--- dev/httpd/httpd-2.2.34-win32-src.zip.sha1 (added)
+++ dev/httpd/httpd-2.2.34-win32-src.zip.sha1 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+4a23503e9c272eed58c86046a8da737866cd1aff httpd-2.2.34-win32-src.zip
Added: dev/httpd/httpd-2.2.34-win32-src.zip.sha256
==============================================================================
--- dev/httpd/httpd-2.2.34-win32-src.zip.sha256 (added)
+++ dev/httpd/httpd-2.2.34-win32-src.zip.sha256 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+d175774890444eaa5ee84ee3adfa829e1dc2531216d3d9f01077fbf1ea53ed25 httpd-2.2.34-win32-src.zip
Added: dev/httpd/httpd-2.2.34.tar.bz2
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34.tar.bz2
------------------------------------------------------------------------------
svn:mime-type = application/x-bzip2
Added: dev/httpd/httpd-2.2.34.tar.bz2.asc
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34.tar.bz2.asc
------------------------------------------------------------------------------
svn:mime-type = application/pgp-signature
Added: dev/httpd/httpd-2.2.34.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.2.34.tar.bz2.md5 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+c0bf1bdb779a3b5e6e294caf9ca20441 *httpd-2.2.34.tar.bz2
Added: dev/httpd/httpd-2.2.34.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.2.34.tar.bz2.sha1 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+829206394e238af0b800fc78d19c74ee466ecb23 *httpd-2.2.34.tar.bz2
Added: dev/httpd/httpd-2.2.34.tar.bz2.sha256
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.bz2.sha256 (added)
+++ dev/httpd/httpd-2.2.34.tar.bz2.sha256 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+e53183d5dfac5740d768b4c9bea193b1099f4b06b57e5f28d7caaf9ea7498160 *httpd-2.2.34.tar.bz2
Added: dev/httpd/httpd-2.2.34.tar.gz
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/x-gzip
Added: dev/httpd/httpd-2.2.34.tar.gz.asc
==============================================================================
Binary file - no diff available.
Propchange: dev/httpd/httpd-2.2.34.tar.gz.asc
------------------------------------------------------------------------------
svn:mime-type = application/pgp-signature
Added: dev/httpd/httpd-2.2.34.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.2.34.tar.gz.md5 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+fc33e64a9d4bca2f7ef7023189cb5ee6 *httpd-2.2.34.tar.gz
Added: dev/httpd/httpd-2.2.34.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.2.34.tar.gz.sha1 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+16707ec0642b8a1555502e1dcf8d42836f695bc0 *httpd-2.2.34.tar.gz
Added: dev/httpd/httpd-2.2.34.tar.gz.sha256
==============================================================================
--- dev/httpd/httpd-2.2.34.tar.gz.sha256 (added)
+++ dev/httpd/httpd-2.2.34.tar.gz.sha256 Thu Jul 6 19:28:45 2017
@@ -0,0 +1 @@
+a89196d2f8c1ec2b213180dba2b534153b87dbb51d5cd2c90cd3feff7700d07b *httpd-2.2.34.tar.gz