From: Jim Jagielski Date: Mon, 5 Dec 2016 14:46:00 +0000 (+0000) Subject: updates X-Git-Tag: 2.4.24~74 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f633d3b37b1c32715a497fa28a642a62f1511e6;p=thirdparty%2Fapache%2Fhttpd.git updates git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772685 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7fc1fd06fa4..9c4ce2ed9ce 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,29 @@ Changes with Apache 2.4.24 *) mod_http2: CVE-2016-8740: Mitigate DoS memory exhaustion via endless CONTINUATION frames. - [Naveen Tiwari and CDF/SEFCOM at Arizona State University, Stefan Eissing] + [Naveen Tiwari and CDF/SEFCOM at Arizona State + University, Stefan Eissing] + + *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. + [Dominic Scheirlinck , Yann Ylavic] + + *) Enforce http request grammer corresponding to RFC7230 for request lines + and request headers [William Rowe, Stefan Fritsch] + + *) core: New directive HttpProtocolOptions to control httpd enforcement + of various RFC7230 requirements. [Stefan Fritsch, William Rowe] + + *) core: Permit unencoded ';' characters to appear in proxy requests and + Location: response headers. Corresponds to modern browser behavior. + [William Rowe] + + *) core: ap_rgetline_core now pulls from r->proto_input_filters. + + *) core: Correctly parse an IPv6 literal host specification in an absolute + URL in the request line. [Stefan Fritsch] + + *) core: New directive RegisterHttpMethod for registering non-standard + HTTP methods. [Stefan Fritsch] *) mod_socache_memcache: Pass expiration time through to memcached. [Faidon Liambotis , Joe Orton] @@ -65,24 +87,6 @@ Changes with Apache 2.4.24 the same PID (e.g. in container). PR 60261. [Val , Yann Ylavic] - *) Enforce http request grammer corresponding to RFC7230 for request lines - and request headers [William Rowe, Stefan Fritsch] - - *) core: New directive HttpProtocolOptions to control httpd enforcement - of various RFC7230 requirements. [Stefan Fritsch, William Rowe] - - *) core: Permit unencoded ';' characters to appear in proxy requests and - Location: response headers. Corresponds to modern browser behavior. - [William Rowe] - - *) core: ap_rgetline_core now pulls from r->proto_input_filters. - - *) core: Correctly parse an IPv6 literal host specification in an absolute - URL in the request line. [Stefan Fritsch] - - *) core: New directive RegisterHttpMethod for registering non-standard - HTTP methods. [Stefan Fritsch] - *) mod_http2: unannounced and multiple interim responses (status code < 200) are parsed and forwarded to client until a final response arrives. [Stefan Eissing] @@ -171,9 +175,6 @@ Changes with Apache 2.4.24 *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing streams to the end. [Stefan Eissing] - *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. - [Dominic Scheirlinck , Yann Ylavic] - *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data available before the request is sent. PR 57832. [Yann Ylavic] diff --git a/STATUS b/STATUS index d8aff5a61a3..03c54ae2c85 100644 --- a/STATUS +++ b/STATUS @@ -147,6 +147,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk works modulo CHANGES and next-number +1: jim jailletc36: compatibility note missing in the XML file + jim: Will address during commit *) mod_lua: Fix default value of LuaInherit directive. It should be