You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2014/08/22 19:57:29 UTC

svn commit: r6251 - /dev/httpd/

Author: wrowe
Date: Fri Aug 22 17:57:27 2014
New Revision: 6251

Log:
Replace 2.2.28 with 2.2.29 - corrected docs/manual/

Added:
    dev/httpd/CHANGES_2.2.29
    dev/httpd/httpd-2.2.29.tar.bz2   (with props)
    dev/httpd/httpd-2.2.29.tar.bz2.asc
    dev/httpd/httpd-2.2.29.tar.bz2.md5
    dev/httpd/httpd-2.2.29.tar.bz2.sha1
    dev/httpd/httpd-2.2.29.tar.gz   (with props)
    dev/httpd/httpd-2.2.29.tar.gz.asc
    dev/httpd/httpd-2.2.29.tar.gz.md5
    dev/httpd/httpd-2.2.29.tar.gz.sha1
Removed:
    dev/httpd/CHANGES_2.2.28
    dev/httpd/httpd-2.2.28.tar.bz2
    dev/httpd/httpd-2.2.28.tar.bz2.asc
    dev/httpd/httpd-2.2.28.tar.bz2.md5
    dev/httpd/httpd-2.2.28.tar.bz2.sha1
    dev/httpd/httpd-2.2.28.tar.gz
    dev/httpd/httpd-2.2.28.tar.gz.asc
    dev/httpd/httpd-2.2.28.tar.gz.md5
    dev/httpd/httpd-2.2.28.tar.gz.sha1
Modified:
    dev/httpd/CHANGES_2.2

Modified: dev/httpd/CHANGES_2.2
==============================================================================
--- dev/httpd/CHANGES_2.2 (original)
+++ dev/httpd/CHANGES_2.2 Fri Aug 22 17:57:27 2014
@@ -1,4 +1,9 @@
                                                          -*- coding: utf-8 -*-
+Changes with Apache 2.2.29
+
+  *) Corrected docs/manual pages for new MergeTrailers directive and other
+     out of date documentation. [William Rowe]
+
 Changes with Apache 2.2.28
 
   *) SECURITY: CVE-2014-0118 (cve.mitre.org)

Added: dev/httpd/CHANGES_2.2.29
==============================================================================
--- dev/httpd/CHANGES_2.2.29 (added)
+++ dev/httpd/CHANGES_2.2.29 Fri Aug 22 17:57:27 2014
@@ -0,0 +1,77 @@
+                                                         -*- coding: utf-8 -*-
+Changes with Apache 2.2.29
+
+  *) Corrected docs/manual pages for new MergeTrailers directive and other
+     out of date documentation. [William Rowe]
+
+Changes with Apache 2.2.28
+
+  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
+     mod_deflate: The DEFLATE input filter (inflates request bodies) now
+     limits the length and compression ratio of inflated request bodies to avoid
+     denial of service via highly compressed bodies.  See directives
+     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
+     and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
+
+  *) SECURITY: CVE-2014-0231 (cve.mitre.org)
+     mod_cgid: Fix a denial of service against CGI scripts that do
+     not consume stdin that could lead to lingering HTTPD child processes
+     filling up the scoreboard and eventually hanging the server.  By
+     default, the client I/O timeout (Timeout directive) now applies to
+     communication with scripts.  The CGIDScriptTimeout directive can be
+     used to set a different timeout for communication with scripts.
+     [Rainer Jung, Eric Covener, Yann Ylavic]
+
+  *) SECURITY: CVE-2014-0226 (cve.mitre.org)
+     Fix a race condition in scoreboard handling, which could lead to
+     a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
+ 
+  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
+     core: HTTP trailers could be used to replace HTTP headers
+     late during request processing, potentially undoing or
+     otherwise confusing modules that examined or modified
+     request headers earlier.  Adds "MergeTrailers" directive to restore
+     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
+
+  *) core: Detect incomplete request and response bodies, log an error and
+     forward it to the underlying filters. PR 55475.  [Yann Ylavic]
+
+  *) mod_deflate: Handle Zlib header and validation bytes received in multiple
+     chunks. PR 46146. [Yann Ylavic]
+
+  *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
+     differs. PR 55782.  [Yann Ylavic]
+ 
+  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
+     [Lukas Bezdicka <social v3.sk>]
+
+  *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
+     [Ben Reser]
+
+  *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
+     resumed by TLS session resumption (RFC 5077). [Rainer Jung]
+
+  *) mod_proxy_ajp: Forward local IP address as a custom request attribute
+     like we already do for the remote port. [Rainer Jung]
+
+  *) mod_deflate: Don't fail when flushing inflated data to the user-agent
+     and that coincides with the end of stream ("Zlib error flushing inflate
+     buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
+
+  *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary 
+     header might not get the benefit of the thundering herd protection due to 
+     an incorrect internal cache key.  PR 50317. 
+     [Ruediger Pluem, Jan Kaluza, Yann Ylavic]
+
+  *) mod_rewrite: Support session cookies with the CO= flag when later
+     parameters are used.  The doc for this implied the feature had been
+     backported for quite some time.  PR56014 [Eric Covener]
+
+  *) mod_cache: Don't remove stale cache entries that cannot be conditionally
+     revalidated. This prevents the thundering herd protection from serving
+     stale responses during a revalidation. PR 50317.
+     [Eric Covener, Jan Kaluza,  Ruediger Pluem]
+
+  *) core: Increase TCP_DEFER_ACCEPT socket option to from 1 to 30 seconds. 
+     PR 41270. [Dean Gaudet <dean arctic org>]
+

Added: dev/httpd/httpd-2.2.29.tar.bz2
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.2.29.tar.bz2
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/httpd/httpd-2.2.29.tar.bz2.asc
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.bz2.asc (added)
+++ dev/httpd/httpd-2.2.29.tar.bz2.asc Fri Aug 22 17:57:27 2014
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.10 (GNU/Linux)
+
+iQIcBAABAgAGBQJT94PxAAoJEI77GWKQiPVlk2wP/3fm/ZlNawCSpuAsUpuqvTjy
+5FTpX9dz9tRws+pinszogIJMHeR47925Q5luZx/1U5ukF1IKjMjOoIeGrb/TlgzZ
+e/KdMkX6Ozb2unRauyo2Zz3A2N2sbQWDRT2X/hQCNH5Y9fKdCjoR+MKDcbfDhccO
+5UI7S1h2rt82wnE24uQYIdCz/kyrwHiAjyFej/r2fXZRuzJudGt+sV77BT9zTuQL
+MvNhY0aKV8bSjgKfpVqkAKciEYJbgABpqAYqaUdUyo3GjkXKr6+EZSJrKCrX/H5G
+HQQiHzp4GuCDr1Bp6WDuqVz1w87HAer5GqZhofOoCJ7esDfVS7JMxmkIWXtr1w9z
+wjkXrHXj34gzMoAoPFceRzYiKYdpN6Bpd1/RAXtrEPQ/naBja5TwZbmwuAEMDTFg
+rxGuc+rnSYFffl0fMll/zkP0A/cnw/kr3ZkBmUMagXa24iWBBwbjgOCX/jS03hTE
+ygWR7zj3gurW0NQIYYX2+9edI990Xs1MTGnc/N5t/2jKx+b13UnQxR6vdXvyQNyN
+3rORgdzqJqTS6fcKurqUclVM6XVAXlkchLzKm4WgtCyVY8WBqUT4mvShsoEUxbAw
+dAGaIErhtMyIIXxX6ZNo5loWyzqFIPDGmFzJ4iQJxagg2IoGby4Ft22OzqZFPNwj
+53gZxj9+UHzy2u3KcSj4
+=s2sg
+-----END PGP SIGNATURE-----

Added: dev/httpd/httpd-2.2.29.tar.bz2.md5
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.bz2.md5 (added)
+++ dev/httpd/httpd-2.2.29.tar.bz2.md5 Fri Aug 22 17:57:27 2014
@@ -0,0 +1 @@
+579342fdeaa7b8b68d17fee91f8fab6e *httpd-2.2.29.tar.bz2

Added: dev/httpd/httpd-2.2.29.tar.bz2.sha1
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.bz2.sha1 (added)
+++ dev/httpd/httpd-2.2.29.tar.bz2.sha1 Fri Aug 22 17:57:27 2014
@@ -0,0 +1 @@
+1d6a8fbc1391d358cc6fe430edc16222b97258d5 *httpd-2.2.29.tar.bz2

Added: dev/httpd/httpd-2.2.29.tar.gz
==============================================================================
Binary file - no diff available.

Propchange: dev/httpd/httpd-2.2.29.tar.gz
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/httpd/httpd-2.2.29.tar.gz.asc
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.gz.asc (added)
+++ dev/httpd/httpd-2.2.29.tar.gz.asc Fri Aug 22 17:57:27 2014
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.10 (GNU/Linux)
+
+iQIcBAABAgAGBQJT94PwAAoJEI77GWKQiPVl810QAKhDq9HSIRegrG7kD8VoTfQn
+MKwHXV/7mIIIlgbDz2/SPJACz6JltE/DOcSEhRbfBA3/OM5bAJcl9khmP36KyN5G
+1d+nI7ibLr2pAH6mnuKNcfnUOKvlojIkA8QYlltQxgCZi7zUabLbx4TYEEGqV+/O
+NTSuPiy2SqCJuxJsDc5ClKZzTPFykz/JPFEL8zTi5J4HoOEKtVsTANBidH/vSxIh
+5/Je7cpzVjTGE7zYQ13TqWiz0GYNT0WoGXQwLffjkpJacb21+mFjgICVXQQ/jQnv
+79TSGURa+BTWVdZJwZWx/kPjRLibUAmPfnw4YUM8QrUt6dcMQoScXVGN6v/DEx6a
+Hc4PFrXNwy3azranntuwyLYxrWe9eX4RayKZY6zWjoSoA4JLLj03vlCmuo9uGBoD
+d89BlPWwfR2a8p74Z/MsGkfne3mpt0fBlqz1rg0crwmc6Nt5M9EHncHyGlR3TynU
+NcCwvLnUxzODt0l0jd48DvhMovaY9kC3mIvEw/Cp+3p1PvU1cQM/YBKw4oO45jYa
+EL5uBQR1AE3yREh3D8FN1rnG3dinpVtkampm3oCxe2pB/KDsiESA0QSimGfHqNoz
+0npjMQxEd62Oi22a5k0cAYq1o6n1SjPKkSqbcH7t+zqcZYBsdRgWl1VmBXuED25H
+uxRN4v+vLqn0qlo+a4W1
+=xiBY
+-----END PGP SIGNATURE-----

Added: dev/httpd/httpd-2.2.29.tar.gz.md5
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.gz.md5 (added)
+++ dev/httpd/httpd-2.2.29.tar.gz.md5 Fri Aug 22 17:57:27 2014
@@ -0,0 +1 @@
+7036a6eb5fb3b85be7a804255438b795 *httpd-2.2.29.tar.gz

Added: dev/httpd/httpd-2.2.29.tar.gz.sha1
==============================================================================
--- dev/httpd/httpd-2.2.29.tar.gz.sha1 (added)
+++ dev/httpd/httpd-2.2.29.tar.gz.sha1 Fri Aug 22 17:57:27 2014
@@ -0,0 +1 @@
+eea518d4b8be8e05697ae1d6ce449cd474868d0d *httpd-2.2.29.tar.gz