You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2012/07/04 16:14:30 UTC

svn commit: r1357274 - /httpd/httpd/trunk/CHANGES

Author: covener
Date: Wed Jul  4 14:14:30 2012
New Revision: 1357274

URL: http://svn.apache.org/viewvc?rev=1357274&view=rev
Log:
zap recent backports

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1357274&r1=1357273&r2=1357274&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jul  4 14:14:30 2012
@@ -1,11 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
-  *) SECURITY: CVE-2012-2687 (cve.mitre.org)
-     mod_negotiation: Escape filenames in variant list to prevent an
-     possible XSS for a site where untrusted users can upload files to
-     a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
-
   *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
 
   *) mod_ssl: Add RFC 5878 support. [Ben Laurie]
@@ -37,9 +32,6 @@ Changes with Apache 2.5.0
      for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
      Christophe Renou, Peter Sylvester]
 
-  *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled). 
-     [Paul Wouters <pwouters redhat.com>, Joe Orton]
-
   *) mod_ssl: Add new directive SSLCompression to disable TLS-level
      compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
 
@@ -63,10 +55,6 @@ Changes with Apache 2.5.0
   *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
      one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
 
-  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
-     forwarding to SSL backends. PR 53134.
-     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
-
   *) mod_ssl: Add support for TLS Next Protocol Negotiation.  PR 52210.
      [Matthew Steele <mdsteele google.com>]
 
@@ -86,10 +74,6 @@ Changes with Apache 2.5.0
   *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
      PR 53048. [Stefan Fritsch]
 
-  *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
-     is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
-     PR 48272. [Stefan Fritsch]
-
   *) mod_proxy_fcgi: If there is an error reading the headers from the
      backend, send an error to the client. PR 52879. [Stefan Fritsch]