Commit 4e543650 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

Resequence CHANGES chronologically and by severity

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1619755 13f79535-47bb-0310-9956-ffa450edef68
parent 3332af01
Loading
Loading
Loading
Loading
+6 −6
Original line number Diff line number Diff line
@@ -21,9 +21,6 @@ Changes with Apache 2.2.28
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
 
  *) mod_deflate: Handle Zlib header and validation bytes received in multiple
     chunks. PR 46146. [Yann Ylavic]

  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
@@ -31,6 +28,12 @@ Changes with Apache 2.2.28
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]

  *) core: Detect incomplete request and response bodies, log an error and
     forward it to the underlying filters. PR 55475.  [Yann Ylavic]

  *) mod_deflate: Handle Zlib header and validation bytes received in multiple
     chunks. PR 46146. [Yann Ylavic]

  *) mod_proxy: Don't reuse a SSL backend connection whose requested SNI
     differs. PR 55782.  [Yann Ylavic]
 
@@ -50,9 +53,6 @@ Changes with Apache 2.2.28
     and that coincides with the end of stream ("Zlib error flushing inflate
     buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]

  *) core: Detect incomplete request and response bodies, log an error and
     forward it to the underlying filters. PR 55475.  [Yann Ylavic]

  *) mod_cache, mod_disk_cache: With CacheLock enabled, responses with a Vary 
     header might not get the benefit of the thundering herd protection due to 
     an incorrect internal cache key.  PR 50317. 
+0 −29
Original line number Diff line number Diff line
@@ -99,35 +99,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
  [ start all new proposals below, under PATCHES PROPOSED. ]

   * mod_deflate: Fix reentrance in output and input filters (buffering of
                  incomplete Zlib header or validation bytes). PR 46146.
     trunk patch: https://svn.apache.org/r1572655
                  https://svn.apache.org/r1572663
                  https://svn.apache.org/r1572668
                  https://svn.apache.org/r1572669
                  https://svn.apache.org/r1572670
                  https://svn.apache.org/r1572671
                  https://svn.apache.org/r1573224
                  https://svn.apache.org/r1586745
                  https://svn.apache.org/r1587594
                  https://svn.apache.org/r1587639
                  https://svn.apache.org/r1590509
                  https://svn.apache.org/r1603156 (partially, CHANGES update)
                  https://svn.apache.org/r1604353
                  https://svn.apache.org/r1611725
     2.4.x patch: https://svn.apache.org/r1604458 (2.4.10)
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_reentrant_with_CHANGES_v4.patch
                  (modulo CHANGES)
     +1: ylavic, wrowe, rpluem
     ylavic: v4 is now merging correctly after http://svn.apache.org/r1611806

   *) core: Detect incomplete request and response bodies, log an error and
            forward it to the underlying filters. PR 55475 [Yann Ylavic]
     trunk patch: http://svn.apache.org/r1538776
     2.4.x patch: http://svn.apache.org/r1570324 (2.4.8)
     2.2.x patch: http://people.apache.org/~ylavic/2.2.x-http_filter_incomplete.patch
                  (modulo CHANGES)
     +1: ylavic, wrowe, rpluem


PATCHES PROPOSED TO BACKPORT FROM TRUNK: