From: Eric Covener <covener@apache.org>
Date: Sun, 31 Aug 2014 01:29:41 +0000 (+0000)
Subject: these are backported
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1929d74e8b48dfc17f8f37a0a808ae5b449f581e;p=thirdparty%2Fapache%2Fhttpd.git

these are backported



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1621553 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index cbdf8ef556f..7e3c478519a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -37,22 +37,11 @@ Changes with Apache 2.5.0
 
   *) mpm_winnt: Normalize the error and status messages emitted by service.c,
      the service control interface for Windows.  [William Rowe]
-
-  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
-     core: HTTP trailers could be used to replace HTTP headers
-     late during request processing, potentially undoing or
-     otherwise confusing modules that examined or modified
-     request headers earlier.  Adds "MergeTrailers" directive to restore 
-     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
   
   *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
        - to correctly reset bits
        - not to modify the 'method_mask' bitfield unnecessarily
 
-  *) mod_log_config: Allow three character log formats to be registered. For
-     backwards compatibility, the first character of a three-character format
-     must be the '^' (caret) character.  [Eric Covener]
-
   *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
      is run, instead of waiting until the end of the request. [Eric Covener]