You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2014/08/22 13:43:36 UTC
svn commit: r1619755 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
Author: wrowe
Date: Fri Aug 22 11:43:36 2014
New Revision: 1619755
URL: http://svn.apache.org/r1619755
Log:
Resequence CHANGES chronologically and by severity
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1619755&r1=1619754&r2=1619755&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Aug 22 11:43:36 2014
@@ -21,9 +21,6 @@ Changes with Apache 2.2.28
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener, Jeff Trawick]
- *) mod_deflate: Handle Zlib header and validation bytes received in multiple
- chunks. PR 46146. [Yann Ylavic]
-
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
@@ -31,6 +28,12 @@ Changes with Apache 2.2.28
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
+ *) core: Detect incomplete request and response bodies, log an error and
+ forward it to the underlying filters. PR 55475. [Yann Ylavic]
+
+ *) mod_deflate: Handle Zlib header and validation bytes received in multiple
+ chunks. PR 46146. [Yann Ylavic]
+
*) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs. PR 55782. [Yann Ylavic]
@@ -50,9 +53,6 @@ Changes with Apache 2.2.28
and that coincides with the end of stream ("Zlib error flushing inflate
buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
- *) core: Detect incomplete request and response bodies, log an error and
- forward it to the underlying filters. PR 55475. [Yann Ylavic]
-
*) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary
header might not get the benefit of the thundering herd protection due to
an incorrect internal cache key. PR 50317.
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1619755&r1=1619754&r2=1619755&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Aug 22 11:43:36 2014
@@ -99,35 +99,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_deflate: Fix reentrance in output and input filters (buffering of
- incomplete Zlib header or validation bytes). PR 46146.
- trunk patch: https://svn.apache.org/r1572655
- https://svn.apache.org/r1572663
- https://svn.apache.org/r1572668
- https://svn.apache.org/r1572669
- https://svn.apache.org/r1572670
- https://svn.apache.org/r1572671
- https://svn.apache.org/r1573224
- https://svn.apache.org/r1586745
- https://svn.apache.org/r1587594
- https://svn.apache.org/r1587639
- https://svn.apache.org/r1590509
- https://svn.apache.org/r1603156 (partially, CHANGES update)
- https://svn.apache.org/r1604353
- https://svn.apache.org/r1611725
- 2.4.x patch: https://svn.apache.org/r1604458 (2.4.10)
- 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_reentrant_with_CHANGES_v4.patch
- (modulo CHANGES)
- +1: ylavic, wrowe, rpluem
- ylavic: v4 is now merging correctly after http://svn.apache.org/r1611806
-
- *) core: Detect incomplete request and response bodies, log an error and
- forward it to the underlying filters. PR 55475 [Yann Ylavic]
- trunk patch: http://svn.apache.org/r1538776
- 2.4.x patch: http://svn.apache.org/r1570324 (2.4.8)
- 2.2.x patch: http://people.apache.org/~ylavic/2.2.x-http_filter_incomplete.patch
- (modulo CHANGES)
- +1: ylavic, wrowe, rpluem
PATCHES PROPOSED TO BACKPORT FROM TRUNK: