You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "KFanyo_Subs@Digiflex Systems" <kf...@digiflexsystems.com> on 2004/08/24 00:23:03 UTC

RE: cvs commit: httpd-2.0 CHANGES


-----Original Message-----
From: jorton@apache.org [mailto:jorton@apache.org] 
Sent: Monday, August 23, 2004 4:53 PM
To: httpd-2.0-cvs@apache.org
Subject: cvs commit: httpd-2.0 CHANGES


jorton      2004/08/23 13:53:22

  Modified:    .        CHANGES
  Log:
  Synch with 2.0 branch.
  
  Revision  Changes    Path
  1.1564    +27 -19    httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1563
  retrieving revision 1.1564
  diff -d -w -u -r1.1563 -r1.1564
  --- CHANGES	20 Aug 2004 21:41:48 -0000	1.1563
  +++ CHANGES	23 Aug 2004 20:53:22 -0000	1.1564
  @@ -14,19 +14,9 @@
     *) Fix some compiler warnings in proxy
        [Geoffrey Young <ge...@modperlcookbook.org>]
   
  -  *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
  -     [Zvi Har'El <rl math.technion.ac.il>]
  -
  -  *) apachectl: Fix a problem finding envvars if sbindir != bindir.
  -     PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]
  -
     *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
        number of days until the client cert expires.  [Joe Orton]
   
  -  *) mod_userdir: Ensure that the userdir identity is used for
  -     suexec userdir access in a virtual host which has suexec configured.

  -     PR 18156.  [Joshua Slive]
  -
     *) SECURITY: CAN-2004-0751 (cve.mitre.org)
        mod_ssl: Fix a segfault in the SSL input filter which could be
        triggered if using "speculative" mode, for instance by a 
  @@ -49,9 +39,6 @@
     *) Added proxy_ajp.c module for proxy support to ajp:// backends.
        [Jean Frederic Clere]
   
  -  *) SECURITY: CAN-2004-0748 (cve.mitre.org)
  -     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
  -
     *) mod_disk_cache: Implement binary format for on-disk header files.
        [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
   
  @@ -70,8 +57,6 @@
     *) Add load balancer support to the scoreboard in preparation for
        load balancing support in mod_proxy. [Mladen Turk]
   
  -  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
  -
     *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to 
        allow a non-secure connection to be upgraded to secure connections
        [Brad Nicholes]
  @@ -121,10 +106,6 @@
     *) <IfModule> now recognizes the module identifier in addition to the
        file name. PR 29003.  [Edward Rudd <eddie omegaware.com>, André
Malo]
   
  -  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
  -     chosen SSL environment variable.  PR 20957. 
  -     [Martin v. Loewis <martin v.loewis.de>]
  -
     *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
        OpenSSL 0.9.7 flag which uses the server's cipher order rather
        than the client's.  PR 28665.
  @@ -437,6 +418,28 @@
   
   Changes with Apache 2.0.51
   
  +  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
  +     chosen SSL environment variable.  PR 20957. 
  +     [Martin v. Loewis <martin v.loewis.de>]
  +
  +  *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
  +     [Zvi Har'El <rl math.technion.ac.il>]
  +
  +  *) apachectl: Fix a problem finding envvars if sbindir != bindir.
  +     PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]
  +
  +  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
  +
  +  *) SECURITY: CAN-2004-0748 (cve.mitre.org)
  +     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
  +
  +  *) mod_ssl: Avoid startup failure after unclean shutdown if using
shmcb.
  +     PR 18989.  [Joe Orton]
  +
  +  *) mod_userdir: Ensure that the userdir identity is used for
  +     suexec userdir access in a virtual host which has suexec configured.

  +     PR 18156.  [Joshua Slive]
  +
     *) mod_rewrite no longer confuses the RewriteMap caches if
        different maps defined in different virtual hosts use the
        same map name. PR 26462.  [André Malo]
  @@ -519,6 +522,11 @@
        Close a denial of service vulnerability identified by Georgi
        Guninski which could lead to memory exhaustion with certain
        input data.  [Jeff Trawick]
  +
  +  *) mod_cgi: Handle output on stderr during script execution on Unix
  +     platforms; preventing deadlock when stderr output fills pipe buffer.
  +     Also fixes case where stderr from nph- scripts could be lost.
  +     PR 22030, 18348.  [Joe Orton, Jeff Trawick]
   
     *) mod_alias now emits a warning if it detects overlapping *Alias*
        directives.  [André Malo]