cvs commit: apachen/src CHANGES

[dgaudet]

dgaudet     98/01/07 14:24:39

  Modified:    .        STATUS
               src      CHANGES
  Log:
  mod_include and mod_imap cleanup/security fixes
  
  Revision  Changes    Path
  1.57      +1 -4      apachen/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /export/home/cvs/apachen/STATUS,v
  retrieving revision 1.56
  retrieving revision 1.57
  diff -u -r1.56 -r1.57
  --- STATUS    1998/01/07 17:04:02     1.56
  +++ STATUS    1998/01/07 22:24:36     1.57
  @@ -70,12 +70,9 @@
         scheme never succeeds (fwd)
       * Paul's [PATCH] a bundle of multithreading changes
       * Ken's [PATCH] for copyright year update
  +    * Dean's [PATCH] 1.3: security updates for mod_imap and mod_include
   
   Available Patches:
  -
  -    * Dean's [PATCH] 1.3: security updates for mod_imap and mod_include
  -     <[EMAIL PROTECTED]>
  -     Status: Dean +1, Jim +1, Martin +1
   
       * Dean's [PATCH] yet another slow function
           <[EMAIL PROTECTED]>
  
  
  
  1.559     +12 -5     apachen/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apachen/src/CHANGES,v
  retrieving revision 1.558
  retrieving revision 1.559
  diff -u -r1.558 -r1.559
  --- CHANGES   1998/01/05 08:41:22     1.558
  +++ CHANGES   1998/01/07 22:24:37     1.559
  @@ -1,5 +1,12 @@
   Changes with Apache 1.3b4
   
  +  *) SECURITY: General mod_include cleanup, including fixing several
  +     possible buffer overflows and a possible infinite loop.
  +     [Dean Gaudet, Marc Slemko]
  +
  +  *) SECURITY: Numerous changes to mod_imap in a general cleanup
  +     including fixing a possible buffer overflow.  [Dean Gaudet]
  +
     *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
        (connections are not dropped). Code can handle graceful restarts
        (but there is as yet no way to signal this to Apache). Various
  @@ -537,11 +544,11 @@
        update_mtime() routine has also been added to advance it if
        appropriate.  [Roy Fielding, Ken Coar]
   
  -  *) If a htaccess file can not be read due to bad permissions, deny
  -     access to the directory with a HTTP_FORBIDDEN.  The previous
  -     behavior was to ignore the htaccess file if it could not
  -     be read.  This change may make some setups with unreadable
  -     htaccess files stop working.  PR#817  [Marc Slemko]
  +  *) SECURITY: If a htaccess file can not be read due to bad permissions,
  +     deny access to the directory with a HTTP_FORBIDDEN.  The previous
  +     behavior was to ignore the htaccess file if it could not be read.
  +     This change may make some setups with unreadable htaccess files
  +     stop working.  PR#817  [Marc Slemko]
   
     *) Add aplog_error() providing a mechanism to define levels of
        verbosity to the server error logging. This addition also provides