rse 98/02/18 00:31:00
Modified: src CHANGES
Log:
Include the changelog for 1.2.5 and 1.2.6 to the 1.3 tree because
we already have the changlog entries there for 1.2.x-1.2.4 so we should
keep it in sync now, too.
Revision Changes Path
1.634 +143 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.633
retrieving revision 1.634
diff -u -r1.633 -r1.634
--- CHANGES 1998/02/14 13:43:58 1.633
+++ CHANGES 1998/02/18 08:30:58 1.634
@@ -1407,6 +1407,149 @@
*) PORT: Added Windows NT support
[Ben Laurie and Ambarish Malpani <[EMAIL PROTECTED]>]
+Changes with Apache 1.2.6
+
+ *) mod_include when using XBitHack Full would send ETags in addition to
+ sending Last-Modifieds. This is incorrect HTTP/1.1 behaviour.
+ [Dean Gaudet] PR#1133
+
+ *) SECURITY: When a client connects to a particular port/addr, and
+ gives a Host: header ensure that the virtual host requested can
+ actually be reached via that port/addr. [Ed Korthof <[EMAIL
PROTECTED]>]
+
+ *) Support virtual hosts with wildcard port and/or multiple ports
+ properly. [Ed Korthof <[EMAIL PROTECTED]>]
+
+ *) Fixed some case-sensitivity issues according to RFC2068.
+ [Dean Gaudet]
+
+ *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
+ and mod_include.c. [Dean Gaudet]
+
+ *) Variable 'cwd' was being used pointlessly before being set.
+ [Ken Coar] PR#1738
+
+ *) SIGURG doesn't exist on all platforms.
+ [Mark Andrew Heinrich <[EMAIL PROTECTED]>]
+
+ *) When an error occurs during a POST, or other operation with a
+ request body, the body has to be read from the net before allowing
+ a keepalive session to continue. [Roy Fielding] PR#1399
+
+ *) When an error occurs in fcntl() locking suggest the user look up
+ the docs for LockFile. [Dean Gaudet]
+
+ *) table_set() and table_unset() did not deal correctly with
+ multiple occurrences of the same key. [Stephen Scheck
+ <[EMAIL PROTECTED]>, Ben Laurie] PR#1604
+
+ *) send_fd_length() did not calculate total_bytes_sent properly in error
+ cases. [Ben Reser <[EMAIL PROTECTED]>] PR#1366
+
+ *) r->connection->user was allocated in the wrong pool causing corruption
+ in some cases when used with mod_cern_meta. [Dean Gaudet] PR#1500
+
+ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
+ Also removed the auto-generated link to www.apache.org that was the
+ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
+
+ *) Multiple "close" tokens may have been set in the "Connection"
+ header, not an error, but a waste.
+ [EMAIL PROTECTED] PR#1683
+
+ *) "basic" and "digest" auth tokens should be tested case-insensitive.
+ [EMAIL PROTECTED] PR#1599, PR#1666
+
+ *) It appears the "257th byte" bug (see
+ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
+ at the 256th byte as well. Fixed. [Dean Gaudet]
+
+ *) mod_rewrite would not handle %3f properly in some situations.
+ [Ralf Engelschall]
+
+ *) Apache could generate improperly chunked HTTP/1.1 responses when
+ the bputc() or rputc() functions were used by modules (such as
+ mod_include). [Dean Gaudet]
+
+ *) #ifdef wrap a few #defines in httpd.h to make life easier on
+ some ports. [Ralf Engelschall]
+
+ *) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
+
+ *) Quote CC='$(CC)' to improve recurse make calls. [Martin Kraemer]
+
+ *) Avoid B_ERROR redeclaration on sysvr4 systems. [Martin Kraemer]
+
+Changes with Apache 1.2.5
+
+ *) SECURITY: Fix a possible buffer overflow in logresolve. This is
+ only an issue on systems without a MAXDNAME define or where
+ the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
+
+ *) Fix an improper length in an ap_snprintf call in proxy_date_canon().
+ [Marc Slemko]
+
+ *) Fix core dump in the ftp proxy when reading incorrectly formatted
+ directory listings. [Marc Slemko]
+
+ *) SECURITY: Fix possible minor buffer overflow in the proxy cache.
+ [Marc Slemko]
+
+ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
+ is used to read various types of files such as htaccess and
+ htpasswd files. [Marc Slemko]
+
+ *) SECURITY: Ensure that the buffer returned by ht_time is always
+ properly null terminated. [Marc Slemko]
+
+ *) SECURITY: General mod_include cleanup, including fixing several
+ possible buffer overflows and a possible infinite loop. This cleanup
+ was done against 1.3 code and then backported to 1.2, the result
+ is a large difference (due to indentation cleanup in 1.3 code).
+ Users interested in seeing a smaller set of relevant differences
+ should consider comparing against src/modules/standard/mod_include.c
+ from the 1.3b3 release. Non-indentation changes to mod_include
+ between 1.2 and 1.3 were minimal. [Dean Gaudet, Marc Slemko]
+
+ *) SECURITY: Numerous changes to mod_imap in a general cleanup
+ including fixing a possible buffer overflow. This cleanup also
+ was done with 1.3 code as a basis, see the the previous note
+ about mod_include. [Dean Gaudet]
+
+ *) SECURITY: If a htaccess file can not be read due to bad
+ permissions, deny access to the directory with a HTTP_FORBIDDEN.
+ The previous behavior was to ignore the htaccess file if it could not
+ be read. This change may make some setups with unreadable
+ htaccess files stop working. PR#817 [Marc Slemko]
+
+ *) SECURITY: no2slash() was O(n^2) in the length of the input.
+ Make it O(n). This inefficiency could be used to mount a denial
+ of service attack against the Apache server. Thanks to
+ Michal Zalewski <[EMAIL PROTECTED]> for reporting
+ this. [Dean Gaudet]
+
+ *) mod_include used uninitialized data for some uses of && and ||.
+ [Brian Slesinsky <[EMAIL PROTECTED]>] PR#1139
+
+ *) mod_imap should decline all non-GET methods.
+ [Jay Bloodworth <[EMAIL PROTECTED]>]
+
+ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
+
+ *) mod_userdir was modifying r->finfo in cases where it wasn't setting
+ r->filename. Since those two are meant to be in sync with each other
+ this is a bug. ["Paul B. Henson" <[EMAIL PROTECTED]>]
+
+ *) mod_include did not properly handle all possible redirects from sub-
+ requests. [Ken Coar]
+
+ *) Inetd mode (which is buggy) uses timeouts without having setup the
+ jmpbuffer. [Dean Gaudet] PR#1064
+
+ *) Work around problem under Linux where a child will start looping
+ reporting a select error over and over.
+ [Rick Franchuk <[EMAIL PROTECTED]>] PR#1107
+
Changes with Apache 1.2.4
*) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
