updates

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772685 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 7fc1fd06fa4b1de6a654064ba275ba4b75f9ea3d..9c4ce2ed9ce17ff37bb2f555e3eca9dd7d09dc1e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,29 @@ Changes with Apache 2.4.24
 
   *) mod_http2: CVE-2016-8740: Mitigate DoS memory exhaustion via endless
      CONTINUATION frames.
-     [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University, Stefan Eissing]
+     [Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
+     University, Stefan Eissing]
+
+  *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
+     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+  *) Enforce http request grammer corresponding to RFC7230 for request lines
+     and request headers [William Rowe, Stefan Fritsch]
+
+  *) core: New directive HttpProtocolOptions to control httpd enforcement
+     of various RFC7230 requirements. [Stefan Fritsch, William Rowe]
+
+  *) core: Permit unencoded ';' characters to appear in proxy requests and
+     Location: response headers. Corresponds to modern browser behavior.
+     [William Rowe]
+
+  *) core: ap_rgetline_core now pulls from r->proto_input_filters.
+
+  *) core: Correctly parse an IPv6 literal host specification in an absolute
+     URL in the request line. [Stefan Fritsch]
+
+  *) core: New directive RegisterHttpMethod for registering non-standard
+     HTTP methods. [Stefan Fritsch]
 
   *) mod_socache_memcache: Pass expiration time through to memcached.
      [Faidon Liambotis <paravoid debian.org>, Joe Orton]
@@ -65,24 +87,6 @@ Changes with Apache 2.4.24
      the same PID (e.g. in container).  PR 60261.
      [Val <valentin.bremond gmail.com>, Yann Ylavic]
 
-  *) Enforce http request grammer corresponding to RFC7230 for request lines
-     and request headers [William Rowe, Stefan Fritsch]
-
-  *) core: New directive HttpProtocolOptions to control httpd enforcement
-     of various RFC7230 requirements. [Stefan Fritsch, William Rowe]
-
-  *) core: Permit unencoded ';' characters to appear in proxy requests and
-     Location: response headers. Corresponds to modern browser behavior.
-     [William Rowe]
-
-  *) core: ap_rgetline_core now pulls from r->proto_input_filters.
-
-  *) core: Correctly parse an IPv6 literal host specification in an absolute
-     URL in the request line. [Stefan Fritsch]
-
-  *) core: New directive RegisterHttpMethod for registering non-standard
-     HTTP methods. [Stefan Fritsch]
-
   *) mod_http2: unannounced and multiple interim responses (status code < 200)
      are parsed and forwarded to client until a final response arrives.
      [Stefan Eissing]
@@ -171,9 +175,6 @@ Changes with Apache 2.4.24
   *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
      streams to the end. [Stefan Eissing]
   
-  *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
-     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
-
   *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
      available before the request is sent.  PR 57832.  [Yann Ylavic]
 

diff --git a/STATUS b/STATUS
index d8aff5a61a32bac553b3bf7e42c35d5e9f646500..03c54ae2c8524dc7ac452b68564db63cc1a1a0fc 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -147,6 +147,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      2.4.x patch: trunk works modulo CHANGES and next-number
      +1: jim
      jailletc36: compatibility note missing in the XML file
+     jim:        Will address during commit
 
 
   *) mod_lua: Fix default value of LuaInherit directive. It should be