You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/11/10 13:04:52 UTC
cvs commit: httpd-2.0 CHANGES STATUS
jorton 2004/11/10 04:04:52
Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS
Log:
Backports done.
Revision Changes Path
No revision
No revision
1.988.2.377 +13 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.376
retrieving revision 1.988.2.377
diff -d -w -u -r1.988.2.376 -r1.988.2.377
--- CHANGES 23 Oct 2004 14:25:23 -0000 1.988.2.376
+++ CHANGES 10 Nov 2004 12:04:50 -0000 1.988.2.377
@@ -1,5 +1,18 @@
Changes with Apache 2.0.53
+ *) SECURITY: CAN-2004-0942 (cve.mitre.org):
+ Fix for memory consumption DoS in handling of MIME folded request
+ headers. [Joe Orton]
+
+ *) SECURITY: CAN-2004-0885 (cve.mitre.org)
+ mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
+ bypassed during an SSL renegotiation. PR 31505.
+ [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
+
+ *) mod_ssl: Fail at startup rather than segfault at runtime if a
+ client cert is configured with an encrypted private key.
+ PR 24030. [Joe Orton]
+
*) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
[Joe Orton]
1.751.2.1144 +1 -24 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.1143
retrieving revision 1.751.2.1144
diff -d -w -u -r1.751.2.1143 -r1.751.2.1144
--- STATUS 9 Nov 2004 19:25:13 -0000 1.751.2.1143
+++ STATUS 10 Nov 2004 12:04:50 -0000 1.751.2.1144
@@ -71,19 +71,10 @@
RELEASE SHOWSTOPPERS:
- *) mod_rewrite: Regression since 2.0.52 in QUERY_STRING handling
- for [P] rules.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/mappers/mod_rewrite.c?r1=1.262&r2=1.263
- +1: jorton, nd, wrowe
-
PATCHES TO BACKPORT FROM 2.1
[ please place file names and revisions from HEAD here, so it is easy to
identify exactly what the proposed changes are! ]
- *) SECURITY: CAN-2004-0942 Fix for memory consumption DoS.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c?r1=1.158&r2=1.159
- +1: stoddard, jorton, nd
-
*) util_ldap: Add the util_ldap_cache_getuserdn() API to allow
non-LDAP authentication modules the ability to use the util_ldap
cache for authorization purposes only rather than authentication.
@@ -97,20 +88,6 @@
modules/aaa/mod_authnz_ldap.c: r1.7
docs/manual/mod/mod_authnz_ldap.xml: r1.3
+1: bnicholes, wrowe
-
- *) mod_ssl: Fix and prevent an SSLCipherSuite bypass by resuming a
- session during a renegotiation.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_kernel.c?r1=1.110&r2=1.111
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_init.c?r1=1.128&r2=1.129
- PR: 31505
- +1: jorton, pquerna, minfrin, wrowe
-
- *) mod_ssl: Fail to configure when an SSL proxy is configured with
- incomplete client cert keypair, rather than segfaulting at
- runtime.
- http://cvs.apache.org/viewcvs/httpd-2.0/modules/ssl/ssl_engine_init.c.diff?r1=1.118&r2=1.119
- PR: 24030
- +1: jorton, minfrin, jerenkrantz, wrowe
*) mod_ssl: Fix an possible NULL pointer dereference in some configs.
http://nagoya.apache.org/bugzilla/showattachment.cgi?attach_id=13182