From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 2 Jul 2021 22:39:11 +0000 (+0000)
Subject: Sync CHANGES entries.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~906
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=71736a1f426c17a497ea4f40cdcca6da96a30d89;p=thirdparty%2Fapache%2Fhttpd.git

Sync CHANGES entries.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891217 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 1af4deb5c24..a2a66191895 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,51 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) core/mod_proxy/mod_ssl:
+     Adding `outgoing` flag to conn_rec, indicating a connection is
+     initiated by the server to somewhere, in contrast to incoming
+     connections from clients.
+     Adding 'ap_ssl_bind_outgoing()` function that marks a connection
+     as outgoing and is used by mod_proxy instead of the previous
+     optional function `ssl_engine_set`. This enables other SSL
+     module to secure proxy connections.
+     The optional functions `ssl_engine_set`, `ssl_engine_disable` and
+     `ssl_proxy_enable` are now provided by the core to have backward
+     compatibility with non-httpd modules that might use them. mod_ssl
+     itself no longer registers these functions, but keeps them in its
+     header for backward compatibility.
+     The core provided optional function wrap any registered function
+     like it was done for `ssl_is_ssl`.
+     [Stefan Eissing]
+
+  *) mod_h2: Don't strip headers from 304 responses.  [Yann Ylavic]
+
+  *) mpm_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
+     with others when their URLs contain a '$' substitution.  PR 65419.
+     [Yann Ylavic]
+
+  *) mpm_prefork: Block signals for child_init hooks to prevent potential
+     threads created from there to catch MPM's signals.
+     [Ruediger Pluem, Yann Ylavic]
+
+  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
+     connections. If ALPN protocols are provided and sent to the
+     remote server, the received protocol selected is inspected
+     and checked for a match. Without match, the peer handshake
+     fails.
+     An exception is the proposal of "http/1.1" where it is
+     accepted if the remote server did not answer ALPN with
+     a selected protocol. This accomodates for hosts that do
+     not observe/support ALPN and speak http/1.x be default.
+
+  * mod_log_config/mod_ssl: moved the log_handlers registered by mod_ssl
+    into mod_log_config itself. These now use the global `ap_ssl_var_lookup()`
+    functions and work for all running SSL modules.
+    The dependency from mod_ssl to mod_log_config and its header is removed.
+    mod_ssl now provides the content of "{errstr}c" as variable "SSL_CLIENT_VERIFY_ERRSTR".
+    This change should be fully compatible to all deployed configurations.
+    [Stefan Eissing]
+
   *) dbm: Split the loading of a dbm driver from the opening of a dbm file. When
      an attempt to load a dbm driver fails, log clearly which driver triggered
      the error (not "default"), and what the error was. [Graham Leggett]
diff --git a/changes-entries/h2_dont_strip_304.txt b/changes-entries/h2_dont_strip_304.txt
deleted file mode 100644
index e1e8355a4dd..00000000000
--- a/changes-entries/h2_dont_strip_304.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-  *) mod_h2: Don't strip headers from 304 responses.  [Yann Ylavic]
-
diff --git a/changes-entries/prefork_child_init_sigmask.txt b/changes-entries/prefork_child_init_sigmask.txt
deleted file mode 100644
index 16c2eb241d5..00000000000
--- a/changes-entries/prefork_child_init_sigmask.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-  *) mpm_prefork: Block signals for child_init hooks to prevent potential
-     threads created from there to catch MPM's signals.
-     [Ruediger Pluem, Yann Ylavic]
diff --git a/changes-entries/proxy_define_matchable_worker.txt b/changes-entries/proxy_define_matchable_worker.txt
deleted file mode 100644
index 2ab6eedeffe..00000000000
--- a/changes-entries/proxy_define_matchable_worker.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-  *) mpm_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
-     with others when their URLs contain a '$' substitution.  PR 65419.
-     [Yann Ylavic]
diff --git a/changes-entries/ssl_alpn_outgoing.txt b/changes-entries/ssl_alpn_outgoing.txt
deleted file mode 100644
index 0b16193ec83..00000000000
--- a/changes-entries/ssl_alpn_outgoing.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
-     connections. If ALPN protocols are provided and sent to the
-     remote server, the received protocol selected is inspected
-     and checked for a match. Without match, the peer handshake
-     fails.
-     An exception is the proposal of "http/1.1" where it is
-     accepted if the remote server did not answer ALPN with
-     a selected protocol. This accomodates for hosts that do
-     not observe/support ALPN and speak http/1.x be default.
\ No newline at end of file
diff --git a/changes-entries/ssl_log_handler_move.txt b/changes-entries/ssl_log_handler_move.txt
deleted file mode 100644
index 45340715f2d..00000000000
--- a/changes-entries/ssl_log_handler_move.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-  * mod_log_config/mod_ssl: moved the log_handlers registered by mod_ssl
-    into mod_log_config itself. These now use the global `ap_ssl_var_lookup()`
-    functions and work for all running SSL modules.
-    The dependency from mod_ssl to mod_log_config and its header is removed.
-    mod_ssl now provides the content of "{errstr}c" as variable "SSL_CLIENT_VERIFY_ERRSTR".
-    This change should be fully compatible to all deployed configurations.
-    [Stefan Eissing]
\ No newline at end of file
diff --git a/changes-entries/ssl_proxy.txt b/changes-entries/ssl_proxy.txt
deleted file mode 100644
index a82f4b1b1a2..00000000000
--- a/changes-entries/ssl_proxy.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-  *) core/mod_proxy/mod_ssl:
-     Adding `outgoing` flag to conn_rec, indicating a connection is
-     initiated by the server to somewhere, in contrast to incoming
-     connections from clients.
-     Adding 'ap_ssl_bind_outgoing()` function that marks a connection
-     as outgoing and is used by mod_proxy instead of the previous
-     optional function `ssl_engine_set`. This enables other SSL
-     module to secure proxy connections.
-     The optional functions `ssl_engine_set`, `ssl_engine_disable` and
-     `ssl_proxy_enable` are now provided by the core to have backward
-     compatibility with non-httpd modules that might use them. mod_ssl
-     itself no longer registers these functions, but keeps them in its
-     header for backward compatibility.
-     The core provided optional function wrap any registered function
-     like it was done for `ssl_is_ssl`.
-     [Stefan Eissing]
\ No newline at end of file