CHANGES revision 1aeb17f23e558c7fc587ef2f232025071d28ce2b
f743002678eb67b99bbc29fee116b65d9530fec0wroweChanges with Apache 2.1.0-dev
415bb21f281e9b4f905d5893fede9165bdf1491bjim [Remove entries to the current 2.0 section below, when backported]
f743002678eb67b99bbc29fee116b65d9530fec0wrowe *) WIN64: API changes to clean up Windows 64bit compile warnings
f743002678eb67b99bbc29fee116b65d9530fec0wrowe [Allan Edwards]
2cd2891cea784de97020bcada4e834e224428d0ccovener *) mod_rewrite: Removed the MaxRedirects option in favor of the
2cd2891cea784de97020bcada4e834e224428d0ccovener core LimitInternalRecursion directive. [Andr� Malo]
2cd2891cea784de97020bcada4e834e224428d0ccovener *) SECURITY: CAN-2004-0885 (cve.mitre.org)
1f9c3dc1ba4b56b2c14f40db86f532114504b5cfwrowe mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
1f9c3dc1ba4b56b2c14f40db86f532114504b5cfwrowe bypassed during an SSL renegotiation. PR 31505.
94bc56b747dda8afb8806d04e08164ea99e4c21dsf *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
5fcf1d4211ba64b1e9c7647fcc615a9e850c6c88covener library handles special characters. PR 24437 [Jess Holle]
5fcf1d4211ba64b1e9c7647fcc615a9e850c6c88covener *) Unix MPMs: Shut down the server more quickly when child processes are
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin slow to exit. [Joe Orton, Jeff Trawick]
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin *) mod_info: Added listing of the Request Hooks and added more build
65dec0561786621bd67f57e8054dcf80923b6cb1jorton information like 'httpd -V' contains. Changed output to XHTML.
65dec0561786621bd67f57e8054dcf80923b6cb1jorton [Paul Querna]
cda2a8c4fe289419f62e8b9607cafe4812974840sf *) mod_info: Rewrote config tree walk using a recursive function.
cda2a8c4fe289419f62e8b9607cafe4812974840sf Added ?config option. Added printout of config filename and line numbers.
cda2a8c4fe289419f62e8b9607cafe4812974840sf [Rici Lake <rici ricilake.net>, Paul Querna]
3bb96836b77f718d914dbcdbe3d9bf3ca22859a5minfrin *) mod_proxy: Fix type error that prevents proxy-sendchunks from working.
3bb96836b77f718d914dbcdbe3d9bf3ca22859a5minfrin [Justin Erenkrantz]
79821ac529d05349274b7ed2421077afffbc0c08sf *) mod_proxy: Fix data corruption by properly setting aside buckets.
79821ac529d05349274b7ed2421077afffbc0c08sf [Justin Erenkrantz]
6e3c52ed5ba88bb05d3535c6257a61faeec22388minfrin *) mod_proxy: If a request has a blank body and has a 0 Content-Length
6e3c52ed5ba88bb05d3535c6257a61faeec22388minfrin headers, pass that to the proxy. [Justin Erenkrantz]
aa8ce00557e35b6042be4afa1684b2322def4520covener *) Recognize QSA flag in mod_rewrite again.
aa8ce00557e35b6042be4afa1684b2322def4520covener [Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
b80324fbe463460d1c847b88ffe2132f92ce5587sf *) Restructured mod_auth_ldap to fit the new authentication model.
b80324fbe463460d1c847b88ffe2132f92ce5587sf The module is now called authnz_ldap and has been moved out of
5fb413c5191ff4ca01e1f6a9ad09ea8bbb2759a7wrowe the modules/experimental area and into modules/aaa with the other
5fb413c5191ff4ca01e1f6a9ad09ea8bbb2759a7wrowe auth modules. Both the authn_ldap provider and the authz_ldap
5fb413c5191ff4ca01e1f6a9ad09ea8bbb2759a7wrowe handler are contained within the authnz_ldap module. The
dbcebab5451c15100d22ef5a1cd0c80237e33a93sf authz_ldap handler introduces 3 new "requires" values for handling
dbcebab5451c15100d22ef5a1cd0c80237e33a93sf authorization. These handlers are ldap-user, ldap-group and
dbcebab5451c15100d22ef5a1cd0c80237e33a93sf ldap-dn. [Brad Nicholes]
e9356fde2e4fff8dab7eb6006ed1c476973796c5sf *) Fix some compiler warnings in proxy
e9356fde2e4fff8dab7eb6006ed1c476973796c5sf [Geoffrey Young <geoff@modperlcookbook.org>]
e9356fde2e4fff8dab7eb6006ed1c476973796c5sf *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
aaea51ff28093213376b9b8f63de07db53436223sf number of days until the client cert expires. [Joe Orton]
aaea51ff28093213376b9b8f63de07db53436223sf *) Add test_config hook, run only if httpd is invoked using -t.
276fc07643ddb8c178a35b79ae4fe27596f37739sf [Joe Orton]
276fc07643ddb8c178a35b79ae4fe27596f37739sf *) Improve error handling for corrupted pid files. [Jeff Trawick]
67746e0d18eeceb247fc940148c9b4d358929643sf *) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD
67746e0d18eeceb247fc940148c9b4d358929643sf (for backwards compatibility):
67746e0d18eeceb247fc940148c9b4d358929643sf Avoids mod_ssl.h (not included in 2.0-HEAD) and
17aeaeb2e4c4cde18ebc5231d959197e3e35e821sf use apr_socket_create_ex for 0.9.x
17aeaeb2e4c4cde18ebc5231d959197e3e35e821sf [Mladen Turk]
17aeaeb2e4c4cde18ebc5231d959197e3e35e821sf *) Added proxy_ajp.c module for proxy support to ajp:// backends.
79acb56fc63b66848d0f6f35fc272a938b819f8dtrawick [Jean Frederic Clere]
675e4332325dd31c8188c23608828f69d30e9906sf *) Fixes the build of proxy on Windows. Since the proxy_module is declared
fa8e640eeec5c0b3db42e13f1df0bafd0d89d56fsf as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there
fa8e640eeec5c0b3db42e13f1df0bafd0d89d56fsf is a LNK2001 error when building proxy_http. [Mladen Turk]
9fb3d1792a78003c60a8f0fdbef30a372b39452esf *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
65dec0561786621bd67f57e8054dcf80923b6cb1jorton [Graham Leggett]
9fb3d1792a78003c60a8f0fdbef30a372b39452esf *) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz]
2c238b83c08ac2d040d9057b1ba83ba7f71138b7kbrand *) perchild MPM: Fix thread safety problem in the use of longjmp().
2c238b83c08ac2d040d9057b1ba83ba7f71138b7kbrand [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
067fc2710958d8d2a276cd8e54284a178d232a8bsf *) Add load balancer support to the scoreboard in preparation for
067fc2710958d8d2a276cd8e54284a178d232a8bsf load balancing support in mod_proxy. [Mladen Turk]
40a9ce7a0e17b10b08693f98ed4f64e456ef69a1kbrand *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to
40a9ce7a0e17b10b08693f98ed4f64e456ef69a1kbrand allow a non-secure connection to be upgraded to secure connections
40a9ce7a0e17b10b08693f98ed4f64e456ef69a1kbrand [Brad Nicholes]
3a59bb90be3bc6246632384c3d885b875ae507d5sf *) core: Add Options= syntax to AllowOverride to specify which options
3a59bb90be3bc6246632384c3d885b875ae507d5sf may be overridden in .htaccess files. PR 29310.
3a59bb90be3bc6246632384c3d885b875ae507d5sf [Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna]
c9d1b78375e7ce7c2ccd7162d48da0eb84631bd3covener *) ab: Handle long URLs with an error instead of an buffer overflow.
c9d1b78375e7ce7c2ccd7162d48da0eb84631bd3covener PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
f7407ba6bea5ed1151cfcefcfa774b531c26eecdrpluem *) mod_so, core: Add new command line options to print all loaded
f7407ba6bea5ed1151cfcefcfa774b531c26eecdrpluem modules. '-t -D DUMP_MODULES' and '-M' will show all static
f7407ba6bea5ed1151cfcefcfa774b531c26eecdrpluem and shared modules as loaded from the configuration file.
650d8321b62cccd1830684935bb5362b4c495b17sf [Paul Querna]
650d8321b62cccd1830684935bb5362b4c495b17sf *) mod_autoindex: Add ShowForbidden to IndexOptions to list files
7bf4eb9638a127fbfbc402d2c0e4ec0085934cf0sf that are not shown because the subrequest returned 401 or 403.
7bf4eb9638a127fbfbc402d2c0e4ec0085934cf0sf PR 10575. [Paul Querna]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_headers: implement "Early" processing option in post_read_request
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim to enable Header and RequestHeader directives to be used to set up
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim testcases for pre-fixups request phases [Nick Kew]
03944c8577b204701c849fce01f3fcb423a615f1covener *) mod_proxy: multiple bugfixes, principally support cookies in
03944c8577b204701c849fce01f3fcb423a615f1covener ProxyPassReverse, and don't canonicalise URL passed to backend.
03944c8577b204701c849fce01f3fcb423a615f1covener Documentation correspondingly updated. [Nick Kew <nick webthing.com>]
f97e1288a50b3da1022b515d84bc57a5091f2fefcovener *) mod_deflate: support gzip flags in inflate_out_filter
f97e1288a50b3da1022b515d84bc57a5091f2fefcovener [Nick Kew <nick webthing.com>]
f97e1288a50b3da1022b515d84bc57a5091f2fefcovener *) Drop the ErrorHeader directive which turned out to be a misnomer.
7a975d0413ba303546b7619e4785cb641f7f09fdcovener Instead there's a new optional flag for the Header directive
7a975d0413ba303546b7619e4785cb641f7f09fdcovener ('always'), which keeps the former ErrorHeader functionality.
7a975d0413ba303546b7619e4785cb641f7f09fdcovener [Andr� Malo]
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand *) mod_deflate: Don't deflate responses with zero length
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand e.g. proxied 304's [Allan Edwards]
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand *) <IfModule> now recognizes the module identifier in addition to the
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand file name. PR 29003. [Edward Rudd <eddie omegaware.com>, Andr� Malo]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
75c2b964ca7ebfb32ad08c68c9db3bca5ecced55covener OpenSSL 0.9.7 flag which uses the server's cipher order rather
75c2b964ca7ebfb32ad08c68c9db3bca5ecced55covener than the client's. PR 28665.
5ab58649d9a4b3af01a4141920613fbf74ced7fdminfrin [Jim Schneider <jschneid netilla.com>]
5ab58649d9a4b3af01a4141920613fbf74ced7fdminfrin *) mod_ssl: Drop support for the CompatEnvVars argument to
97f293b98fc6777e5baa836c30293f433f3c12e1minfrin SSLOptions, which was never actually implemented in 2.0.
97f293b98fc6777e5baa836c30293f433f3c12e1minfrin [Joe Orton]
97f293b98fc6777e5baa836c30293f433f3c12e1minfrin *) Fix bug in mod_deflate that unconditionally sent deflate'd output
0e6c63c34b6c118ec6c28ddadda5eefb2584bf7dkbrand even when Accept-Encoding is not present. [Justin Erenkrantz]
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf *) Pass environment variables through to piped loggers and start
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf them via the shell, resolving regressions since 1.3. PR 28815
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf [Ken Coar, Jeff Trawick]
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf *) External rewrite map responses are no longer limited to 2048
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf bytes. [Andr� Malo]
fa0316cc0d5c0e80d275877df428fd8061c0a79dsf *) Proxy server was deleting cookies that Apache had already
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener assigned if the origin server had set any cookies. PR 27023.
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener [Jim Jagielski]
97cd2f98ad4abe68aaaba96b5bfc9ebf7109a2c1covener *) Removed old and unmaintained ap_add_named_module API and changed
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim the following APIs to return an error instead of hard exiting:
60d81cab99dccfbb0c8d378cf6aa7338be0fdb74covener ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
60d81cab99dccfbb0c8d378cf6aa7338be0fdb74covener and ap_process_resource_config. [Andr� Malo]
22ce742224c6aeadcb31b381c203232f578fc507covener *) mod_headers: Allow %% in header values to represent a literal %.
22ce742224c6aeadcb31b381c203232f578fc507covener [Andr� Malo]
54e36aed6866e09e1a572dc84996e93cdb487b7bsf *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
54e36aed6866e09e1a572dc84996e93cdb487b7bsf [Andr� Malo]
7fc2cdc3683b47fcf5f39a094eddefa7b22dbfc0covener *) mod_headers: Allow 'echo' also for ErrorHeaders. [Andr� Malo]
7fc2cdc3683b47fcf5f39a094eddefa7b22dbfc0covener *) mod_deflate: New option for DEFLATE output file (force-gzip),
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim new output filter 'INFLATE' for uncompressing responses.
292707b9868335763d6f2bb74a263134eeeb8cadkbrand [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
070235bcb25af37efebf6405b082413144968289kbrand *) Added new module mod_version, which provides version dependent
070235bcb25af37efebf6405b082413144968289kbrand configuration containers. [Andr� Malo]
4281cf6a722c99ae21394dc2000bd48efcebdb3akbrand *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
4281cf6a722c99ae21394dc2000bd48efcebdb3akbrand format is used. PR 27787. [Andr� Malo]
c7715b8cd6f5b5f4a27b12d816c6f48c522715f5covener *) Allow Digest providers to return AUTH_DENIED to propagate a 401
c7715b8cd6f5b5f4a27b12d816c6f48c522715f5covener status and terminate the provider chain prior to checking the password.
c7715b8cd6f5b5f4a27b12d816c6f48c522715f5covener [Geoffrey Young]
df58c3a1c000d76859808ca4746a41623b432c81sf *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
df58c3a1c000d76859808ca4746a41623b432c81sf Don't place script socket inside default server root instead of
df58c3a1c000d76859808ca4746a41623b432c81sf actual server root. PR 27886. [Jeff Trawick]
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf *) mod_proxy: Fix handling of non-200 success status codes when
65f6e321663b3fd0f93d8b47b4df05f189de6cf1sf "ProxyErrorOverride On" is configured. PR 20183.
bcb2c4ef861e8f8260284631b6753e1088643c8asf *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
6defa5d20691765eb0b98daf5db4b1004353222esf directive (previously NetWare-only) to override default thread
6defa5d20691765eb0b98daf5db4b1004353222esf stack size for threads which handle client connections. Required
415bb21f281e9b4f905d5893fede9165bdf1491bjim for some third-party modules on platforms with small default
5b0a925d0d2cfe3defeb45cd0d29126ef3603bb4niq thread stack size. [Jeff Trawick]
5b0a925d0d2cfe3defeb45cd0d29126ef3603bb4niq *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
5b0a925d0d2cfe3defeb45cd0d29126ef3603bb4niq now populates r->user with the (possibly unauthenticated) user,
caa47b19a81edcfc44b79583a0e386e326cf6492niq and mod_auth_digest returns 500 when a provider returns
caa47b19a81edcfc44b79583a0e386e326cf6492niq AUTH_GENERAL_ERROR.
caa47b19a81edcfc44b79583a0e386e326cf6492niq [Geoffrey Young]
caa47b19a81edcfc44b79583a0e386e326cf6492niq *) The whole codebase was relicensed and is now available under
caa47b19a81edcfc44b79583a0e386e326cf6492niq the Apache License, Version 2.0 (http://www.apache.org/licenses).
caa47b19a81edcfc44b79583a0e386e326cf6492niq [Apache Software Foundation]
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim *) Delete some make-generated files in the server directory during
09359a90ff115fc5eeb96e1e5c78a58dd9fc59d3jim "make clean" processing. PR 26552. [Jeff Trawick]
3e13c3c3e6517a04c8c20ffb8e62aadb3b13f8dfrjung *) Add core version query function (ap_get_server_revision) and
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung accompanying ap_version_t structure (minor MMN bump).
b8c9229249804470a885a1a43f7f2dad15fb06a3rjung [Andr� Malo]
ef3e19a9a27ca055dd20e971d5578f5510308023niq *) mod_rewrite: EOLs sent by external rewritemaps are now consumed
ef3e19a9a27ca055dd20e971d5578f5510308023niq as whole. That way, on systems with more than one EOL character
ef3e19a9a27ca055dd20e971d5578f5510308023niq rewritemap programs no longer need to switch stdout to binary
ef3e19a9a27ca055dd20e971d5578f5510308023niq mode. PR 25635. [Andr� Malo]
099d298d417b68b3d11fb5934c404c60f518d69csf *) mod_rewrite: Introduce the ability to force a content handler via
099d298d417b68b3d11fb5934c404c60f518d69csf the [handler=...] flag. [Andr� Malo]
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf *) mod_rewrite: Introduce the RewriteCond -x check, which returns
0d54de55e9fec3d9ac5989a5fe016f349b82ed05sf true if the pattern is a file with execution permissions.
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung [Andr� Malo]
636d0d3e03f5f4f2fefae0f20c36e288755e79f6rjung *) mod_rewrite: Allow proxying and RewriteRules in directory context
3f5968bf1059aebe846e121a6f3748dd03471ce4sf for subrequests. PR 14648, 15114. [Andr� Malo]
3f5968bf1059aebe846e121a6f3748dd03471ce4sf *) mod_rewrite: Allow setting of any valid HTTP response code.
3f5968bf1059aebe846e121a6f3748dd03471ce4sf PR 25917. [Andr� Malo]
3f5968bf1059aebe846e121a6f3748dd03471ce4sf *) mod_rewrite: Cookie creation now works locale independent.
3f5968bf1059aebe846e121a6f3748dd03471ce4sf [Andr� Malo]
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf *) mod_ssl: Add support for distributed session cache using 'distcache'.
ab86c68ce36c715e93f403dde41d0b9c1522c8b0sf [Geoff Thorpe <geoff geoffthorpe.net>]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_dav: Disallow requests with an unescaped hash character in
7c6f514f2ef9b98f58b8f8a5f534eb78a75f29f2jorton the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf attaches a body to the 302 response and a wrong Content-Length header.
3e520e9f095fbbcaa3c216c8ea56e89bd6fd58b4sf PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
93d757f10e0823af718075b34363970c4af0e6cdsf *) Bring ErrorHeader concept forward from 1.3, so that response
93d757f10e0823af718075b34363970c4af0e6cdsf header fields can be set for return even on errors or external
93d757f10e0823af718075b34363970c4af0e6cdsf redirects. [Ken Coar]
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf *) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf in the initial container. PR 25414.
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf [Geoffrey Young <geoff apache.org>]
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf *) Clean up httpd -V output: Instead of displaying the MPM source
533d85911f7e4914ee5f9d5c99a2421f4ab4208asf directory, display the MPM name and some MPM properties.
78b046ee9f769d9609ea1157177d5467e4700c89covener [Geoffrey Young <geoff apache.org>]
78b046ee9f769d9609ea1157177d5467e4700c89covener *) mod_ssl/mod_status: Re-enable support for output of SSL session
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf cache information in server-status page. [Joe Orton]
5d1aa7e499fc511e937db7a7ce671add9a4d6702sf *) mod_ssl: Remove the shmht session cache, shmcb should be used
00f8426677a7975dc809e4ccb11241c543ec8a0esf instead. [Joe Orton]
00f8426677a7975dc809e4ccb11241c543ec8a0esf *) mod_logio: Account for some bytes handed to the network layer prior to
3ef519991d73cff6763052b5a44c206bda01541dsf dropped connections. [Jeff Trawick]
3ef519991d73cff6763052b5a44c206bda01541dsf *) mod_autoindex: new directive IndexStyleSheet
3ef519991d73cff6763052b5a44c206bda01541dsf [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
512bc8626ede860ea2ef329e6c2ffbd6ceba3903sf *) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
f82baabbe731507742af2f7ba41463dbbc7911e9sf *) Log an error when requests for URIs which fail to map to a valid
f82baabbe731507742af2f7ba41463dbbc7911e9sf filesystem name are rejected with 403. [Jeff Trawick]
26d07dbe57cb2c8f49df541329a1653635988dbbsf *) Switch to APR 1.0 API.
686555019e71b355e835166dfefbec33f7fb6f90rjung *) Major overhaul of mod_include's filter parser. The new parser code
686555019e71b355e835166dfefbec33f7fb6f90rjung is expected to be more robust and should catch all of the edge cases
686555019e71b355e835166dfefbec33f7fb6f90rjung that were not handled by the previous one. This includes a binary
eda40bb2debf78c913552346127358797665cf7frjung incompatible change of mod_include's external API. [Andr� Malo]
eda40bb2debf78c913552346127358797665cf7frjung *) mod_rewrite: Allow forced mimetypes [T=...] to get expanded.
eda40bb2debf78c913552346127358797665cf7frjung PR 14223. [Andr� Malo]
eda40bb2debf78c913552346127358797665cf7frjung *) mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung the current rewrite state was just used as lookup path, which lead to
53b3e9f9937ca992fb149d02d19223674c81c5a4rjung strange and often useless results. Related to PR 8493. [Andr� Malo]
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung *) Change Listen directive to bind to all addresses when a hostname is
25cc406eca0c99de0dfbd6c8862bec2d5fb6c4farjung not specified. [Justin Erenkrantz]
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung *) Correct failure with Listen directives on machines with IPv6 enabled.
5b43275cebfb0ff9961ac462f3a96f7fe612d327rjung [Colm MacC�rthaigh <colm stdlib.net>, Justin Erenkrantz]
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung *) Fix a link failure in mod_ssl when the OpenSSL libraries contain
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung the ENGINE functions but the engine header files are missing.
3bcb72c0b2797d2ec0b41bb9f4696e58be2c7043rjung [Cliff Woolley]
4acb0cd5536553055c7c6996414cec00b0191e1djim *) mod_rewrite: RewriteRules in server context using the force
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf type feature [T=...] no longer disable MultiViews. [Andr� Malo]
dc610ff4888acc61dc6c8de2b8974a4dce9c074fsf *) mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot.
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf [Andr� Malo]
b08558bf6a64f9501ad3eca34eaf4d978bd928cfsf *) mod_authz_groupfile: Strip trailing spaces of group names. This
70f553c56eda63b353598193c3afc238db9b3c78sf hopefully saves some hours of searching for typos. PR 12863.
70f553c56eda63b353598193c3afc238db9b3c78sf [Andr� Malo]
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf *) mod_actions: Propagate the handler name to the action script via
3fa816e4832a1c70600bdfd6fc5ef60e9f1c18bbsf the REDIRECT_HANDLER environment variable. [Andr� Malo]
0c2193f47081b894ed16f4fc371f44564d28b334jorton *) mod_actions: Introduce the "virtual" modifier to the Action directive,
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim which allows the use of handlers for virtual locations. PR 8431.
950e3163cb42ba1e9c8f9d93f4505f580cbc71f4jorton [Andr� Malo]
55929f765b95e354092ac17238718e471c252ebbsf *) mod_speling: Recognize AcceptPathInfo setting for the particular
55929f765b95e354092ac17238718e471c252ebbsf location. Default is to reject path information. PR 21059.
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf [Andr� Malo]
2ce2fc3287632e20f1b8759aa17e571f68c6fe6dsf *) mod_ext_filter: Add the ability to filter request bodies.
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf *) Fix some broken log messages in WinNT MPM.
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf *) prefork MPM: Use the right permissions for the directory created
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf for gprof support. [Jim Carlson <jcarlson jnous.com>]
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf *) Fix a compile failure with recent OpenSSL and picky compilers
b44ddab21bd6e44ba3c03f7ae8ed08dd23b68b48sf (e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick]
0ab15ffa17f588723d0c310af78b505bf4e8a953sf *) OpenSSL headers should be included as "openssl/ssl.h", and not rely on
0ab15ffa17f588723d0c310af78b505bf4e8a953sf the INCLUDE path to be defined properly.
1dee19645438f8e3cb80fe86e1aaade04d093e45sf PR 11310. [Geoff Thorpe <geoff geoffthorpe.net>]
1dee19645438f8e3cb80fe86e1aaade04d093e45sf *) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf *) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using
9f478b1ce1e6296ad7a244d9d2eaa6af79cfdfbfsf autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf [Geoff Thorpe <geoff geoffthorpe.net>]
9bec939825399ac2816ea0d912d2e3c3b2ed91f4sf *) change directive name from 'compressionlevel' to 'deflatecompressionlevel'
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin [Ian Holsman, Andr� Malo]
5cca2a55e4a1cabdc2ca0db3bee456f27cf4c69eminfrin *) mod_negotiation: quality values are now parsed independent from
33510984c759eb3da154ceb0db9b75fa0031d3b4sf the current locale. level values are now really parsed as integers.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf PR 17564. [Andr� Malo]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf *) Extend mod_negotiation to evaluate the environment variables
33510984c759eb3da154ceb0db9b75fa0031d3b4sf no-gzip and gzip-only-text/html the same way as mod_deflate does.
33510984c759eb3da154ceb0db9b75fa0031d3b4sf [Andr� Malo]
33510984c759eb3da154ceb0db9b75fa0031d3b4sf *) mod_rewrite: Fix some problems reporting errors with mapping
33510984c759eb3da154ceb0db9b75fa0031d3b4sf programs (RewriteMap prg:/something). [Jeff Trawick]
6b15044d54a096e6323ff1540f1a491e8de7622dsf *) Return 413 if chunk-ext-header is too long rather than reading from
6b15044d54a096e6323ff1540f1a491e8de7622dsf the truncated line. PR 15857. [Justin Erenkrantz]
287b17b746df229d6211c624b8a3e1edda21cecdsf *) Allow restart of httpd to occur even with syntax errors in the config
287b17b746df229d6211c624b8a3e1edda21cecdsf file. PR 16813. [Justin Erenkrantz]
de2d327e43e0f17cdb64851beafecba96a0ed962sf *) Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679.
de2d327e43e0f17cdb64851beafecba96a0ed962sf [Justin Erenkrantz]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf *) Remove files on 'make distclean' that should be. PR 15592.
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf [Justin Erenkrantz]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf *) Allow apachectl to perform status with links and elinks as well.
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf [Justin Erenkrantz]
c1ea0100af157a0d4e4a3de323f32dbfac4e5b6esf *) mod_log_config change optional hook to return previous handler
b44565f239485673d9486068588a5fb3af008be9sf [Ian Holsman]
b44565f239485673d9486068588a5fb3af008be9sf *) Forward port of mod_actions' ability to handle arbitrary methods
b44565f239485673d9486068588a5fb3af008be9sf with the Script directive. [Andr� Malo]
bf99d597a964add76124fc185892e04733a02969sf *) Let suexec send a message to stderr, if it failed or its policy
bf99d597a964add76124fc185892e04733a02969sf was violated. This message appears in the error log and allows
876167dba234e2c7065895c87b77a8c57bdcf754sf for easier debugging. PR 5381, 7638, 8255, 10773. [Andr� Malo]
876167dba234e2c7065895c87b77a8c57bdcf754sf *) Modify buildconf to copy all required files into httpd's tree.
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf [Thom May <thom planetarytramp.net>]
9d4ce88bcd21b01619a31c53db11a51c2a1e9717sf *) Allow mod_dav to do weak entity comparison functions.
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim [Justin Erenkrantz]
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim *) Move RFC 1413 ident requests from core to new module mod_ident.
2792ea4d5c772a6bc19dece2e098b8125bf7184cjim [Andr� Malo]
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin *) Add mod_authz_owner - a forward port of "Require file-owner"
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin and "Require file-group", which was already present in version
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin 1.3.21. [Andr� Malo]
59a3c1e7880d3eab0d182735ff47758b9860411fminfrin *) Add mod_dav_lock - a generic subset of the DAV locking implementation.
b3e63c395d671f14a096d7e888dbfd2caf93a663sf [Justin Erenkrantz]
b3e63c395d671f14a096d7e888dbfd2caf93a663sf *) Replace some of the mutex locking in the worker MPM with
b3e63c395d671f14a096d7e888dbfd2caf93a663sf atomic operations for higher concurrency. [Brian Pane]
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf *) Allow 'make depend' to work with non-GCC compilers.
6f88aef8511bf8ccf170bec41b82b6346c8b1ac7sf [Justin Erenkrantz]
83c89da783ba8bdaef50ec1912443f7fad3556acjim *) If an httpd.conf has commented out AddModule directives,
83c89da783ba8bdaef50ec1912443f7fad3556acjim apxs -i -a will add an un-commented AddModule directive for
5152ceef718c8d39291557205cb2a98f436ce87frjung the new module, which breaks the config.
5152ceef718c8d39291557205cb2a98f436ce87frjung PR: 11212 [Joe Orton]
9c67ffea79ab184351b5d554b57814e13285e758jim *) Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz]
3eb3f27d2d93942bd4230c231aab4eb16a316384jim *) Move the check of the Expect request header field after the hook
3eb3f27d2d93942bd4230c231aab4eb16a316384jim for ap_post_read_request, since that is the only opportunity for
3eb3f27d2d93942bd4230c231aab4eb16a316384jim modules to handle Expect extensions. [Justin Erenkrantz]
0a2424312d9f02479a38e96dcbb170a77c218852rjung *) Rewrite of aaa modules to an authn/authz model.
6137a8d5cdc62f1d4dad8cbf720feaa35f42a596covener [Dirk-Willem van Gulik, Justin Erenkrantz]
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic [Apache 2.1.0-dev includes those bug fixes and changes with the
80a98c87d804ac7c0ea52d3f3b4676e559b49087igalic Apache 2.0.xx tree as documented, and except as noted, below.]
925a6d92173ab96cdb0a8976c7aac13ef809e218trawickChanges with Apache 2.0.53
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
925a6d92173ab96cdb0a8976c7aac13ef809e218trawick [Jeff Trawick]
e19d3a1e487aa73e0850658d3773f748aefba7f7sf *) mod_cache: CacheDisable will only disable the URLs it was meant to
e19d3a1e487aa73e0850658d3773f748aefba7f7sf disable, not all caching. PR 31128.
e19d3a1e487aa73e0850658d3773f748aefba7f7sf [Edward Rudd <eddie omegaware.com>, Paul Querna]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf cache responses. [Justin Erenkrantz]
b8e5134b5779bf5505a9e5241cf8c930cc4aac5esf *) mod_rewrite: Handle per-location rules when r->filename is unset.
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf Previously this would segfault or simply not match as expected,
b1677ce80314e41b74bdd8d50c13ac159f3c09f4sf depending on the platform. [Jeff Trawick]
c447f5d2f2a21e8f2df49a113c4637b7f59a6feftrawick *) mod_rewrite: Fix query string handling for proxied URLs. PR 14518.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
31eeb74b832eea054c7a42081c1afdeccd987e5etrawick *) mod_rewrite: Fix 0 bytes write into random memory position.
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf PR 31036. [Andr� Malo]
e9bf808f770605c1f54a9d0fb1c560115c91fd71sf *) mod_disk_cache: Do not store aborted content. PR 21492.
575cc52562c51c0c8bb8de0c6eaa55a60f7f895bsf *) mod_disk_cache: Correctly store cached content type. PR 30278.
03502de2853fcebaf853ed3bcfd5033894c238bbjim *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
03502de2853fcebaf853ed3bcfd5033894c238bbjim statistics display. PR 29216 [Graham Leggett]
03502de2853fcebaf853ed3bcfd5033894c238bbjim *) mod_ldap: fix a bogus error message to tell the user which file
afee7998d5045107a7673f09bc3448a5dc1b6612jim is causing a potential problem with the LDAP shared memory cache.
afee7998d5045107a7673f09bc3448a5dc1b6612jim PR 31431 [Graham Leggett]
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf *) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
6ec154950417d0b32082f6590ffa3acc3e0c3d49sf *) Fix the re-linking issue when purging elements from the LDAP cache
b38e1e2f118f67818f88faee827f4b3a2881e908sf PR 24801 [Jess Holle <jessh ptc.com>]
b38e1e2f118f67818f88faee827f4b3a2881e908sf *) mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
33e53d7c6aa5d004d96ea11d7f3ca35b30e82544trawick *) Fix Expires handling in mod_cache. [Justin Erenkrantz]
027f7b141f164258b254c38319d06452b25d7660trawick *) Alter mod_expires to run at a different filter priority to allow
027f7b141f164258b254c38319d06452b25d7660trawick proper Expires storage by mod_cache. [Justin Erenkrantz]
977c4527be5a21182f24fc22a40a79d576a52f86trawickChanges with Apache 2.0.52
7fef9f66804ea10d5bf343cdd3d607465e8340cajim *) Fix the global mutex crash when the global mutex is never allocated due
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier *) SECURITY: CAN-2004-0811 (cve.mitre.org)
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier Fix merging of the Satisfy directive, which was applied to
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier the surrounding context and could allow access despite configured
3770ed746d69c7a4111cba9966169bd5d7a509a6poirier authentication. PR 31315. [Rici Lake <rici ricilake.net>]
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton is enabled. Previously, such urls would still be rejected.
7bd92b29516bc4bf7351d35aa447dbe68f1e8bb4jorton [Jeff Trawick, Bill Stoddard]
a81c0c1ae464b2063a21b45f80c9da8d89bb840ecovener *) mod_mem_cache: Fixed race condition causing segfault because of memory being
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim freed twice, or reused after being freed.
ffae06377667a5d8f9699ac7512134de7000a83dminfrin [J. Clar, W. Stoddard, G. Ames]
ffae06377667a5d8f9699ac7512134de7000a83dminfrin *) Add -l option to rotatelogs to let it use local time rather than
ffae06377667a5d8f9699ac7512134de7000a83dminfrin UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
efc81fe729a2b7401028387da184b4a98f0b854atrawick *) mod_log_config: Fix a bug which prevented request completion time
efc81fe729a2b7401028387da184b4a98f0b854atrawick from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
efc81fe729a2b7401028387da184b4a98f0b854atrawick processing. PR 29696. [Alois Treindl <alois astro.ch>]
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jimChanges with Apache 2.0.51
d56f48e6d861159b42b8f6eadd66e9e03086ceb9fuankg *) mod_include no longer checks for recursion, because that's done
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg in the core. This allows for careful usage of recursive SSI.
cfd376e3e25eb609c30773a0897c97b2a9a76130fuankg [Andr� Malo]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim [chunyan sheng <shengperson yahoo.com>, Andr� Malo]
29ecbd9db1622e74964264d078336f7604d65093jim *) Include directives no longer refuse to process symlinks on
29ecbd9db1622e74964264d078336f7604d65093jim directories. Instead there's now a maximum nesting level
29ecbd9db1622e74964264d078336f7604d65093jim of included directories (128 as distributed). This is configurable
a503caacf7ab36d5bc42cb7c78256e1221642656jim at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
a503caacf7ab36d5bc42cb7c78256e1221642656jim PR 28492. [Andr� Malo]
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin *) Win32: apache -k start|restart|install|config can leave stranded
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin piped logger processes (eg, rotatelogs.exe) due to improper
da40dfabefd6f8eb8450e9a097c594ee2ab13e3eminfrin server shutdown on these code paths.
59d316b83d42d2a07e25c20d8c35a07b369618bdsf [Bill Stoddard]
59d316b83d42d2a07e25c20d8c35a07b369618bdsf *) SECURITY: CAN-2004-0751 (cve.mitre.org)
59d316b83d42d2a07e25c20d8c35a07b369618bdsf mod_ssl: Fix a segfault in the SSL input filter which could be
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf triggered if using "speculative" mode, for instance by a
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf proxy request to an SSL server. PR 30134. [Joe Orton]
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
8602c898d4e06a7e7b9d6b7cf4b172a8e7310987sf PR 30464. [Joe Orton, Madhusudan Mathihalli]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim *) mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim *) Prevent CGI script output which includes a Content-Range header
4acc1efe19ac2e6f2df0abb4d5bf99bd8ae3c5c6jim from being passed through the byterange filter. [Joe Orton]
3e2582713ed6883683272fbc628a27419d0ed543minfrin *) Satisfy directives now can be influenced by a surrounding <Limit>
3e2582713ed6883683272fbc628a27419d0ed543minfrin container. PR 14726. [Andr� Malo]
3e2582713ed6883683272fbc628a27419d0ed543minfrin *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin PR 27985. [Andr� Malo]
2c132b1e3610da2fb9e6b3594a313efa3ff29e22minfrin *) mod_disk_cache: Implement binary format for on-disk header files.
a46801e6532423aa7bd184471eb49158d7c9ae62sf [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
a46801e6532423aa7bd184471eb49158d7c9ae62sf *) mod_disk_cache: Optimize network performance of disk cache subsystem by
808a26d70f28498b9d7252a70d9fb23def781901minfrin allowing zero-copy (sendfile) writes and other miscellaneous fixes.
808a26d70f28498b9d7252a70d9fb23def781901minfrin [Justin Erenkrantz]
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin switch to the provider API instead of hooks. [Justin Erenkrantz]
6f9bf764bc79571d1da19dfbbd78527fca278a8eminfrin *) mod_autoindex: Don't truncate the directory listing if a stat()
7d59a9f282af9dce031b61062a0d941641101237rpluem call fails (for instance on a >2Gb file). PR 17357.
7d59a9f282af9dce031b61062a0d941641101237rpluem [Joe Orton]
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton *) Makefile fix: httpd is linked against LIBS given to the
e63e8b4b886d2144fed7946d0fbe8d27386be2dcjorton 'make' invocation. PR 7882. [Joe Orton]
223c64b836fbc2bc8611da9604379dfe13f56abasf *) WinNT MPM: Fix a broken log message at termination. PR 28063.
223c64b836fbc2bc8611da9604379dfe13f56abasf [Eider Oliveira <eider bol.com.br>]
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf *) Prevent Win32 pool corruption at startup [Allan Edwards]
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
bf507cc1e6ad55303c3d436c6ca153f46c788be6sf chosen SSL environment variable. PR 20957.
93cf7fc650197b941ae31a7c7e51e901b129e954igalic [Martin v. Loewis <martin v.loewis.de>]
93cf7fc650197b941ae31a7c7e51e901b129e954igalic *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung [Zvi Har'El <rl math.technion.ac.il>]
a1b1c78faf7969affb320f5c8eb270ffa21314c4rjung *) apachectl: Fix a problem finding envvars if sbindir != bindir.
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton *) SECURITY: CAN-2004-0748 (cve.mitre.org)
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
8d6b3720340d0bd7f8d25e2a8563527e97a48df8jorton *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf PR 18989. [Joe Orton]
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf *) mod_userdir: Ensure that the userdir identity is used for
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf suexec userdir access in a virtual host which has suexec configured.
48e4b65042d94992c50f1db6c0b0cdbd99ca77e8sf PR 18156. [Joshua Slive]
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim *) mod_rewrite no longer confuses the RewriteMap caches if
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim different maps defined in different virtual hosts use the
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim same map name. PR 26462. [Andr� Malo]
47ae8ca3c79d279b2e5424d6b8cf5e4e61ea968fjim *) mod_setenvif: Remove "support" for Remote_User variable which
397df70abe0bdd78a84fb6c38c02641bcfeadceasf never worked at all. PR 25725. [Andr� Malo]
397df70abe0bdd78a84fb6c38c02641bcfeadceasf *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf again the functionality of the ErrorHeader directive. But instead
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf using this misnomer additional flags to the Header directive were
9b5fe1d4ec48643fb819bbce9dc80f93f444fb48sf introduced ("always" and "onsuccess", defaulting to the latter).
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf PR 28657. [Andr� Malo]
dd9f60fdfeb73f829fe0b260b7975b4b22be0838sf *) Use the higher performing 'httpready' Accept Filter on all platforms
135e1d6a301398168e3b2e5125508828591e1673niq except FreeBSD < 4.1.1. [Paul Querna]
135e1d6a301398168e3b2e5125508828591e1673niq *) mod_usertrack: Escape the cookie name before pasting into the
135e1d6a301398168e3b2e5125508828591e1673niq regexp. [Andr� Malo]
135e1d6a301398168e3b2e5125508828591e1673niq *) Extend the SetEnvIf directive to capture subexpressions of the
135e1d6a301398168e3b2e5125508828591e1673niq matched value. [Andr� Malo]
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin *) Recursive Include directives no longer crash. The server stops
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin including configuration files after a certain nesting level (128
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin as distributed). This is configurable at compile time using the
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [Andr� Malo]
c7de70e936ac1e36c25676fe62e65dbacb947619minfrin *) mod_dir: the trailing-slash behaviour is now configurable using the
1b1621900bd89ddc496d721c865a726f635ebd7esf DirectorySlash directive. [Andr� Malo]
1b1621900bd89ddc496d721c865a726f635ebd7esf *) Allow proxying of resources that are invoked via DirectoryIndex.
1b1621900bd89ddc496d721c865a726f635ebd7esf PR 14648, 15112, 29961. [Andr� Malo]
4203a35c28d7c60adb7e9ef3be87aad34951c79asf *) util_ldap: Switched the lock types on the shared memory cache
4203a35c28d7c60adb7e9ef3be87aad34951c79asf from thread reader/writer locks to global mutexes in order to
4203a35c28d7c60adb7e9ef3be87aad34951c79asf provide cross process cache protection. [Brad Nicholes]
c094add0a23fe1120fd33711ba2e2d084f5629a1sf *) util_ldap: Reworked the cache locking scheme to eliminate duplicate
c094add0a23fe1120fd33711ba2e2d084f5629a1sf cache entries in the credentials cache due to race conditions.
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf [Brad Nicholes]
12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300sf *) util_ldap: Enhanced the util_ldap cache-info display to show more
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim detail about the contents and current state of the cache.
26f56d4a3c12077d605362e97490e34522fa4814covener [Brad Nicholes]
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic *) Enable the option to support anonymous shared memory in mod_ldap.
2cef7e294acb5d8b8b5dcb21a55438da0b73f63figalic This makes the cache work on Linux again. [Graham Leggett]
2d2de64c25c1519122a76150a7daf2c05f53fd9asf *) Enable special ErrorDocument value 'default' which restores the
2d2de64c25c1519122a76150a7daf2c05f53fd9asf canned server response for the scope of the directive.
2d2de64c25c1519122a76150a7daf2c05f53fd9asf [Geoffrey Young, Andr� Malo]
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener is set in r->subprocess_env allow mismatched query strings to pass.
27c5ebb7d411a214f5b6b55a881086ce086d3dd3covener PR 27758. [Paul Querna, Geoffrey Young]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Accept URLs for the ServerAdmin directive. If the supplied
7697b1b7376a532163c621e050b70c90dcb15d66covener argument is not recognized as an URL, assume it's a mail address.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim PR 28174. [Andr� Malo, Paul Querna]
7697b1b7376a532163c621e050b70c90dcb15d66covener *) initialize server arrays prior to calling ap_setup_prelinked_modules
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic so that static modules can push Defines values when registering
9e0536cd66a389bdaa758a825b8bbd8fea665a3eigalic hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
862bbb262644e8aefae1bf352552b01908ecae0eminfrin *) Small fix to allow reverse proxying to an ftp server. Previously
862bbb262644e8aefae1bf352552b01908ecae0eminfrin an attempt to do this would try and connect to 0.0.0.0, regardless
862bbb262644e8aefae1bf352552b01908ecae0eminfrin of the server specified. PR 24922
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem [Pascal Terjan <pterjan@linuxfr.org>]
dd3b88790af9d18429c732ca7bc83ec4ef43d3ffrpluem *) Add the NOTICE file to the rpm spec file in compliance with the
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf Apache v2.0 license. [Graham Leggett]
5bbabc874e3fcfbea08c199f7a79ee05b4817a70sf *) RPM spec file changes: changed default dependancy to link to db4
8f066564bfc0fd6ddc6ca4b2f2410615554597d1jim instead of db3. Fixed complaints about unpackaged files.
aec9747aa70c1dce98e536e8eef5a6a0ab0f1d6cjim [Graham Leggett]
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovenerChanges with Apache 2.0.50
7b7e8ba34e262064914ceedacd5f7d9201b6575ccovener *) SECURITY: CAN-2004-0493 (cve.mitre.org)
220bc4233b21982d7c51842a1774db0ba6172ca4covener Close a denial of service vulnerability identified by Georgi
220bc4233b21982d7c51842a1774db0ba6172ca4covener Guninski which could lead to memory exhaustion with certain
220bc4233b21982d7c51842a1774db0ba6172ca4covener input data. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_cgi: Handle output on stderr during script execution on Unix
6f2fbf354b34981f398cf0313aa44702ea2a7066covener platforms; preventing deadlock when stderr output fills pipe buffer.
6f2fbf354b34981f398cf0313aa44702ea2a7066covener Also fixes case where stderr from nph- scripts could be lost.
6f2fbf354b34981f398cf0313aa44702ea2a7066covener PR 22030, 18348. [Joe Orton, Jeff Trawick]
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener *) mod_alias now emits a warning if it detects overlapping *Alias*
9e7c7a8fa19c33d1e90f8f7ffab69beacbe72566covener directives. [Andr� Malo]
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener *) mod_rewrite no longer turns forward proxy requests into reverse proxy
a961006b347d6527ccaeab9cf019a4e68d26bfb0covener requests. PR 28125 [ast domdv.de, Andr� Malo]
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim exported on Win32 and Netware as well (minor MMN bump). PR 28523.
e3f43882b4f7ac7d1aa679be4b319cca04fd22eecovener [Edward Rudd <eddie omegaware.com>, Andr� Malo]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Restore the ability to disable the use of AcceptEx on Win9x systems
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim automatically (broken in 2.0.49). PR 28529. [Andr� Malo]
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener *) <VirtualHost myhost> now applies to all IP addresses for myhost
b761a57b4e63006c287823270876ab40d3212160covener instead of just the first one reported by the resolver. This
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim corrects a regression since 1.3. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem against ServerRoot PR#26602 [Brad Nicholes]
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem *) SECURITY: CAN-2004-0488 (cve.mitre.org)
5d92fff82718cd018f0b61a10b9ad4d2b8064c95rpluem mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
01195d035ccef88e72009e9607157d5eddcb6b7drjung (trusted) client certificate subject DN which exceeds 6K in length.
01195d035ccef88e72009e9607157d5eddcb6b7drjung [Joe Orton]
84fbf855118f318dd5e511d8e5b902cecc1177c0jim *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
84fbf855118f318dd5e511d8e5b902cecc1177c0jim caused issues for the Eclipse WebDAV extension.
0ed19acadd3d3dd593759173d87d2243e97914e2sf PR 29034. [Joe Orton]
0ed19acadd3d3dd593759173d87d2243e97914e2sf *) mod_deflate: Fix memory consumption (which was proportional to the
0ed19acadd3d3dd593759173d87d2243e97914e2sf response size). PR 29318. [Joe Orton]
041b426f9b15072b59a32f132e6d04173ab3df68covener *) mod_ssl: Log the errors returned on failure to load or initialize
041b426f9b15072b59a32f132e6d04173ab3df68covener a crypto accelerator engine. [Joe Orton]
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin *) Allow RequestHeader directives to be conditional. PR 27951.
cb838cc4d5fd559efd6c0579a0fcb8f6e5a7af22minfrin [Vincent Deffontaines <vincent gryzor.com>, Andr� Malo]
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin *) Allow LimitRequestBody to be reset to unlimited. PR 29106
15ff8c621815e8337abc10638f2b2853ee6fd076minfrin [Andr� Malo]
21ccb6cd9272c9066a8f5bb3e7785f46115289desf *) Fix a bunch of cases where the return code of the regex compiler
21ccb6cd9272c9066a8f5bb3e7785f46115289desf was not checked properly. This affects: mod_setenvif, mod_usertrack,
21ccb6cd9272c9066a8f5bb3e7785f46115289desf mod_proxy, mod_proxy_ftp and core. PR 28218. [Andr� Malo]
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
b0ac1e83f8582a9b5a72bff798ffb31a419c8adesf small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
b682e60dd82772dba52ba77138e494f15c00a551trawick *) Remove 2Gb log file size restriction on some 32-bit platforms.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim PR 13511. [Joe Orton]
b682e60dd82772dba52ba77138e494f15c00a551trawick *) mod_logio no longer removes the EOS bucket. PR 27928.
b682e60dd82772dba52ba77138e494f15c00a551trawick [Bojan Smojver <bojan rexursive.com>]
79c754eb51681c3389cd966753e902c429f78939trawick *) htpasswd no longer refuses to process files that contain empty
79c754eb51681c3389cd966753e902c429f78939trawick lines. [Andr� Malo]
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin *) Regression from 1.3: At startup, suexec now will be checked for
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin availability, the setuid bit and user root. The works only if
8651de219ec5f595af20afdc9da41ce72aaa50d5minfrin httpd is compiled with the shipped APR version (0.9.5).
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf PR 28287. [Andr� Malo]
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf *) Unix MPMs: Stop dropping connections when the file descriptor
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf is at least FD_SETSIZE. [Jeff Trawick]
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_isapi: send_response_header() failed to copy status string's
d5612bd28e194390b2c74fcf712d564b0e002684sf last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
4ea161d94782fa56f4b36d496f35ff8577c43065covener *) Fix a segfault when requests for shared memory fails and returns
4ea161d94782fa56f4b36d496f35ff8577c43065covener NULL. Fix a segfault caused by a lack of bounds checking on the
b588214d6e6fe09abe709e83e894921fbc7e25c8covener cache. PR 24801. [Graham Leggett]
b588214d6e6fe09abe709e83e894921fbc7e25c8covener *) Throw an error message if an attempt is made to use the LDAPTrustedCA
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener or LDAPTrustedCAType directives in a VirtualHost. PR 26390
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Brad Nicholes]
c64fc4e9830bb1ffdc3491aef5ed3be5b90c466bcovener *) Fix a potential segfault if the bind password in the LDAP cache
ae5efbbf49a7ca6d233209a4d011550989e22556covener is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
ae5efbbf49a7ca6d233209a4d011550989e22556covener *) Quotes cannot be used around require group and require dn
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim directives, update the documentation to reflect this. Also add
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener quotes around the dn and group within debug messages, to make it
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener more obvious why authentication is failing if quotes are used in
8c2bb916633b1eb3dccf91c776363bbc3a6145decovener error. PR 19304. [Graham Leggett]
503bec4c591d28ac6cec7182294cdef2ec6a9829covener *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
503bec4c591d28ac6cec7182294cdef2ec6a9829covener from escaping filters twice when the backslash character is used.
503bec4c591d28ac6cec7182294cdef2ec6a9829covener PR 24437. [Jess Holle <jessh ptc.com>]
c00149c3cb27e0381362d07ccf2143574b4f600dsf *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
c00149c3cb27e0381362d07ccf2143574b4f600dsf functions leave the connections in a sane state after errors have
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
766b0a4793197ccef3dfa202d1fee1e1f929ffa7sf 27271 [Graham Leggett]
97b692bfc8673c8858f03498f81a993ac0c04c01sf *) mod_ldap calls ldap_simple_bind_s() to validate the user
97b692bfc8673c8858f03498f81a993ac0c04c01sf credentials. If the bind fails, the connection is left
97b692bfc8673c8858f03498f81a993ac0c04c01sf in an unbound state. Make sure that the ldap connection
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin record is updated to show that the connection is no longer
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin bound. [Brad Nicholes]
5e6cf205d2b0c848e15c65dab9711805395a5108minfrin *) Ensure that lines in the request which are too long are
df419be6d7d4b68823efa05722375552af49c2b6minfrin properly terminated before logging.
df419be6d7d4b68823efa05722375552af49c2b6minfrin [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
df419be6d7d4b68823efa05722375552af49c2b6minfrin *) Update the bind credentials for the cached LDAP connection to
c03e31374e50a227cb554a0f1d4a9056ce80d99asf reflect the last bind. This prevents util_ldap from creating
c03e31374e50a227cb554a0f1d4a9056ce80d99asf unnecessary connections rather than reusing cached connections.
c03e31374e50a227cb554a0f1d4a9056ce80d99asf [Brad Nicholes]
40b22d3b20454959fe51fdc89907908d77701078minfrin *) mod_isapi: GetServerVariable returned improperly terminated header
40b22d3b20454959fe51fdc89907908d77701078minfrin fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
b4a00883f358625923365ca1560c96edec172a52sf [Jesse Pelton <jsp pkc.com>]
b4a00883f358625923365ca1560c96edec172a52sf *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
b4a00883f358625923365ca1560c96edec172a52sf size. PR 20617. [Jesse Pelton <jsp pkc.com>]
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf *) mod_dav: Fix a problem that could cause crashes when manipulating
0553e62d75ef12d9a6646bb874be1fbf9e4c1dfbsf locks on some platforms. [Jeff Trawick]
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin *) mod_headers no longer crashes if an empty header value should
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin be added. [Andr� Malo]
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin *) Fix segfault in mod_expires, which occured under certain
f58bb3da705eb7ec926f4883597fc2eb1336a360minfrin circumstances. PR 28047. [Andr� Malo]
be192cefa381d5bae6868034687471754cb43175sf *) htpasswd: use apr_temp_dir_get() and general cleanup
be192cefa381d5bae6868034687471754cb43175sf [Guenter Knauf <eflash gmx.net>, Thom May]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin *) mod_ssl: Fix memory leak in session cache handling. PR 26562
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin [Madhusudan Mathihalli]
f4a0825e91eec135b5e41c697439e9a13014fa2cminfrin *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
5876f43a746f688a32b7201bced8591ddf19bd43minfrin a pool cleanup. PR 27945. [Joe Orton]
5876f43a746f688a32b7201bced8591ddf19bd43minfrin *) Add forensic logging module (mod_log_forensic).
5876f43a746f688a32b7201bced8591ddf19bd43minfrin [Ben Laurie]
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq *) logresolve: Allow size of log line buffer to be overridden at
bbba414c5bbf770e505778265bbe7a4a0e4fbdaaniq build time (MAXLINE). PR 27793. [Jeff Trawick]
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin *) Fix the comment delimiter in htdbm so that it correctly parses the
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin username comment. Also add a terminate function to allow NetWare
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin to pause the output before the screen is destroyed.
4aef34911af88f96c5b6d9b71a550a5a97bbc0b6minfrin [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
4cefc38158672f5de8119886d9754cf0609a9371minfrin *) Fix crash when Apache was started with no Listen directives.
4cefc38158672f5de8119886d9754cf0609a9371minfrin [Michael Corcoran <mcorcoran warpsolutions.com>]
4cefc38158672f5de8119886d9754cf0609a9371minfrin *) core_output_filter: Fix bug that could result in sending
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin garbage over the network when module handlers construct
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin bucket brigades containing multiple file buckets all referencing
11d3c510dca5b5178ad4739ffc1567ef2155bda9minfrin the same open file descriptor. [Bojan Smojver]
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf *) Fix memory corruption problem with ap_custom_response() function.
d974a1624c0bb4f1c2e8b36fcf8ba1f12284ed8dsf The core per-dir config would later point to request pool data
1a8c329935111a5059363efe927d631371b78414minfrin that would be reused for different purposes on different requests.
1a8c329935111a5059363efe927d631371b78414minfrin [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin *) Win32: Tweak worker thread accounting routines to eliminate
fac37c9794a18c24d187f4e0f97a9476c4344118minfrin server hang when number of Listen directives in httpd.conf
fc58f0ff708564b67cd578c626b6500d1cd63a51sf is greater than or equal to the setting of ThreadsPerChild.
fc58f0ff708564b67cd578c626b6500d1cd63a51sf [Bill Stoddard]
fc58f0ff708564b67cd578c626b6500d1cd63a51sfChanges with Apache 2.0.49
fc58f0ff708564b67cd578c626b6500d1cd63a51sf *) SECURITY: CAN-2004-0174 (cve.mitre.org)
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf Fix starvation issue on listening sockets where a short-lived
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf connection on a rarely-accessed listening socket will cause a
4e5fe1d203ddf3956a77be3c797c01fd4be8b211sf child to hold the accept mutex and block out new connections until
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin another connection arrives on that rarely-accessed listening socket.
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin With Apache 2.x there is no performance concern about enabling the
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin logic for platforms which don't need it, so it is enabled everywhere
dcb4802d9ea9fc4ba89671e8f8faa70c9535b202minfrin except for Win32. [Jeff Trawick]
ce4dc40a4e87991087488f70d96d3447d7557294sf *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
ce4dc40a4e87991087488f70d96d3447d7557294sf [Jeff Trawick]
ce4dc40a4e87991087488f70d96d3447d7557294sf *) Win32: find_read_listeners was not correctly handling multiple
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
9db0b0ee6ffade769db57b37a06b3f4849b5d367minfrin [Manni Wood <manniwood planet-save.com>]
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin *) Fix some piped log problems: bogus "piped log program '(null)'
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin failed" messages during restart and problem with the logger
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin respawning again after Apache is stopped. PR 21648, PR 24805.
033d82412cc4af9d939b7e1645425b9e7f4ebf60minfrin [Jeff Trawick]
1b390add6886fb1c0acdea82be0ef0920f1158casf *) Fixed file extensions for real media files and removed rpm extension
1b390add6886fb1c0acdea82be0ef0920f1158casf from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
5fd471ec540a088d143a223096d35661bf87c15btrawick *) Remove compile-time length limit on request strings. Length is
5fd471ec540a088d143a223096d35661bf87c15btrawick now enforced solely with the LimitRequestLine config directive.
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe [Paul J. Reder]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_ssl: Send the Close Alert message to the peer before closing
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
f2472b79d241967fa28f8284470b1c5cafee7b12wrowe *) SECURITY: CVE-2004-0113 (cve.mitre.org)
c9201c790435060b1322d86949183085ca5f6c0cwrowe mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
c9201c790435060b1322d86949183085ca5f6c0cwrowe PR 27106. [Joe Orton]
c9201c790435060b1322d86949183085ca5f6c0cwrowe *) mod_ssl: Fix bug in passphrase handling which could cause spurious
c9201c790435060b1322d86949183085ca5f6c0cwrowe failures in SSL functions later. PR 21160. [Joe Orton]
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe *) mod_log_config: Fix corruption of buffered logs with threaded
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe MPMs. PR 25520. [Jeff Trawick]
38bd9dba7627c6b2f331cd0731c272ee6bd876b1wrowe *) Fix mod_include's expression parser to recognize strings correctly
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin even if they start with an escaped token. [Andr� Malo]
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin *) Add fatal exception hook for use by diagnostic modules. The hook
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin is only available if the --enable-exception-hook configure parm
c1ba97f41a4526d84fb7a1596afe3dd11e065a2cminfrin is used and the EnableExceptionHook directive has been set to
97cc46935ec496b83fef9d6feb094d706c895b3bsf "on". [Jeff Trawick]
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf *) Allow mod_auth_digest to work with sub-requests with different
4ed33a14c26d78bbe6bd0b9d5091cdb184e348basf methods than the original request. PR 25040.
97cc46935ec496b83fef9d6feb094d706c895b3bsf [Josh Dady <jpd indecisive.com>]
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
72e3829dbd019a63b1091987fc6e7b1c028b089cminfrin argumentless containers.
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin ["Philippe M. Chiasson" <gozer cpan.org>]
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
1081aff66582e2cac722fb3b6f09da4f524b5962minfrin [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
9f0c32ae318f33c93a47d83f4709242c18339bbcminfrin [Glenn Nielsen <glenn apache.org>]
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin *) The whole codebase was relicensed and is now available under
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin the Apache License, Version 2.0 (http://www.apache.org/licenses).
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin [Apache Software Foundation]
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin *) Fixed cache-removal order in mod_mem_cache.
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin [Jean-Jacques Clar, Cliff Woolley]
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin *) mod_setenvif: Fix the regex optimizer, which under circumstances
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin treated the supplied regex as literal string. PR 24219.
b7557ab9828d2017224a12968f82c3118b6a8c0aminfrin [Andr� Malo]
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
9474e446514b06765775eb0c1ec6645e2c5e50f6minfrin instead of mmn. [Andr� Malo]
e302f38fd646764ce1a1e1c578d794aef514a9e5sf *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
e302f38fd646764ce1a1e1c578d794aef514a9e5sf could lead to a 400 (Bad Request) response. [Andr� Malo]
b32d756dae79045a9bc90e0d0b85582f6f28eaf3sf *) Keep focus of ITERATE and ITERATE2 on the current module when
e302f38fd646764ce1a1e1c578d794aef514a9e5sf the module chooses to return DECLINE_CMD for the directive.
9c233808c898095865fcc0a2dc1cf594d0d8faf3sf PR 22299. [Geoffrey Young <geoff apache.org>]
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin *) Add support for IMT minor-type wildcards (e.g., text/*) to
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin ExpiresByType. PR#7991 [Ken Coar]
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin *) Fix segfault in mod_mem_cache cache_insert() due to cache size
3b41ccdaa163f4e900bbf8a7aa6a366df033822dminfrin becoming negative. PR: 21285, 21287
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin *) core.c: If large file support is enabled, allow any file that is
28587db43bc4bea96a36fbcffdd967e7b422bb97minfrin greater than AP_MAX_SENDFILE to be split into multiple buckets.
5a2dcc476c33985b7681aa72256bcd7266057eddsf This allows Apache to send files that are greater than 2gig.
5a2dcc476c33985b7681aa72256bcd7266057eddsf Otherwise we run into 32/64 bit type mismatches in the file size.
5a2dcc476c33985b7681aa72256bcd7266057eddsf [Brad Nicholes]
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier *) proxy_http fix: mod_proxy hangs when both KeepAlive and
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier ProxyErrorOverride are enabled, and a non-200 response without a
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier body is generated by the backend server. (e.g.: a client makes a
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier request containing the "If-Modified-Since" and "If-None-Match"
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier headers, to which the backend server respond with status 304.)
e08076ca56e6cb68b30846b9e9339061058aae6dpoirier [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
f3a19422957c2e9eb827c8e38e5982f678591aa5minfrin *) mod_dav: Reject requests which include an unescaped fragment in the
b7a2f855b5e31abc24dab2eef28e9e2f985ae25brpluem Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener *) Build array of allowed methods with proper dimensions, fixing
fa1c7ce09927decc1eecd1e9a35cc5331078a052covener possible memory corruption. [Jeff Trawick]
84fbf855118f318dd5e511d8e5b902cecc1177c0jim *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq PR 15057. [Otmar Lendl <lendl nic.at>]
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
ac45a43afbf38aa4a91c1402c6beef6ef8a2696dniq [Joe Orton]
b2b9b7f0644773b50aee41956a841ac884086250niq *) mod_usertrack no longer inspects the Cookie2 header for
b2b9b7f0644773b50aee41956a841ac884086250niq the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
b2b9b7f0644773b50aee41956a841ac884086250niq *) mod_usertrack no longer overwrites other cookies.
b4f348c8e74ba8166410ddeffac03e4887696788niq PR 26002. [Scott Moore <apache nopdesign.com>]
b4f348c8e74ba8166410ddeffac03e4887696788niq *) worker MPM: fix stack overlay bug that could cause the parent
4fda5fb4cc40703a76e261bbf21ec1d6b51b7d3fjim process to crash. [Jeff Trawick]
fa0dc2a4f675a868378a52946e5b244d6bf41196sf *) Win32: Add Win32DisableAcceptEx directive. This Windows
fa0dc2a4f675a868378a52946e5b244d6bf41196sf NT/2000/CP directive is useful to work around bugs in some
0807f6da6091b748ab47c21ba66252fe8da2a966sf third party layered service providers like virus scanners,
0807f6da6091b748ab47c21ba66252fe8da2a966sf VPN and firewall products, that do not properly handle
0807f6da6091b748ab47c21ba66252fe8da2a966sf WinSock 2 APIs. Use this directive if your server is issuing
b92a868b537899a51efd8c200c396fa51c63839dtrawick AcceptEx failed messages.
b92a868b537899a51efd8c200c396fa51c63839dtrawick [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
dc52cac281d8b311dc47d115ed979f923b667679rjung *) Make REMOTE_PORT variable available in mod_rewrite.
dc52cac281d8b311dc47d115ed979f923b667679rjung PR 25772. [Andr� Malo]
2534e869d2ba209bd0c43717ea80992e6de0c51djim *) Fix a long delay with CGI requests and keepalive connections on
2534e869d2ba209bd0c43717ea80992e6de0c51djim AIX. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) mod_autoindex: Add 'XHTML' option in order to allow switching between
f8033d657a57eab45af44368774d8beb3e4f7f35pquerna HTML 3.2 and XHTML 1.0 output. PR 23747. [Andr� Malo]
02fd88c85a9850109753b87612955ad372de1575sf *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
02fd88c85a9850109753b87612955ad372de1575sf [Andr� Malo]
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf *) mod_ssl: Advertise SSL library version as determined at run-time rather
da48ae521bcc2751f8eb8dfb02f7aab0f46943c6sf than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
1374472d83ce061a431b7f6eeb5e5135fb4cd922jim *) Fix build with parallel make. PR 24643. [Joe Orton]
ab7a123efe997d907274eb672ab2b36746bb3f57sf *) mod_rewrite: In external rewrite maps lookup keys containing
ab7a123efe997d907274eb672ab2b36746bb3f57sf a newline now cause a lookup failure. PR 14453.
a44d29a3794110c558c940bd903a1930d717a7d7sf *) Backport major overhaul of mod_include's filter parser from 2.1.
a44d29a3794110c558c940bd903a1930d717a7d7sf The new parser code is expected to be more robust and should
a44d29a3794110c558c940bd903a1930d717a7d7sf catch all of the edge cases that were not handled by the previous one.
70003ce816d7851e49ecb0cdc5137becd647ed18niq The 2.1 external API changes were hidden by a wrapper which is
70003ce816d7851e49ecb0cdc5137becd647ed18niq expected to keep the API backwards compatible. [Andr� Malo]
b5e45168970cefb8b2d0bea709ea69790f3eab96niq *) Add a hook (insert_error_filter) to allow filters to re-insert
815067bc5eff8fc218019e18ee5ea868372917cdsf themselves during processing of error responses. Enable mod_expires
815067bc5eff8fc218019e18ee5ea868372917cdsf to use the new hook to include Expires headers in valid error
9f2c7096ac1f41aca1328d304d54dbaef4ebb06drjung responses. This addresses an RFC violation. It fixes PRs 19794,
2534e869d2ba209bd0c43717ea80992e6de0c51djim 24884, and 25123. [Paul J. Reder]
39d67f66729a7008c1e73d65a81e778ce819a227rjung *) Add Polish translation of error messages. PR 25101.
39d67f66729a7008c1e73d65a81e778ce819a227rjung [Tomasz Kepczynski <tomek jot23.org>]
da20b997bf4652f7597e0a7845db371aab2f7187rjung *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
133cbcba0df4ba0e72f7eaaaebabe119f145f261niq Bill Stoddard]
c8dcde16853eef36b713d4633fac83b66e49aa5eniq *) Add mod_status hook to allow modules to add to the mod_status
c8dcde16853eef36b713d4633fac83b66e49aa5eniq report. [Joe Orton]
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq *) Fix htdbm to generate comment fields in DBM files correctly.
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq [Justin Erenkrantz]
1a7a4f8c6a312cb237e428c77da0792eb165dc7aniq *) mod_dav: Use bucket brigades when reading PUT data. This avoids
927e277b4be750e06960b3d4f1c2b1ca146e0555niq problems if the data stream is modified by an input filter. PR 22104.
927e277b4be750e06960b3d4f1c2b1ca146e0555niq [Tim Robbins <tim robbins.dropbear.id.au>, Andr� Malo]
83de39879307034216ce0af15a47a88a55af11e3rjung *) Fix RewriteBase directive to not add double slashes. [Andr� Malo]
83de39879307034216ce0af15a47a88a55af11e3rjung *) Improve 'configure --help' output for some modules. [Astrid Ke�ler]
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq *) Correct UseCanonicalName Off to properly check incoming port number.
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq [Jim Jagielski]
7cfa48136e3b42a14cdff1a46b60f4e4d2ad5291niq *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
0a4924de8350e2bbfa16a27f42ff0bc61aa52d43rjung if any property values were set which defined namespaces these
8e8568ec7d29f056a2a4942d1d50481e441c25d9covener came out mangled in the PROPFIND response. PR 11637.
4ea8055e720d18f386b8026b546e5836ecccba4arjung [Amit Athavale <amit_athavale persistent.co.in>]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe the destination resource gives a 401. PR 15571. [Joe Orton]
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe *) SECURITY: CVE-2003-0020 (cve.mitre.org)
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe Escape arbitrary data before writing into the errorlog. Unescaped
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe errorlogs are still possible using the compile time switch
bec2a2e375fe46599b68399abfcf67b89b270b57wrowe "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr� Malo]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) mod_autoindex / core: Don't fail to show filenames containing
46fdfef7dfc745effe179387e1dcb8245d3804batrawick special characters like '%'. PR 13598. [Andr� Malo]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) mod_status: Report total CPU time accurately when using a threaded
46fdfef7dfc745effe179387e1dcb8245d3804batrawick MPM. PR 23795. [Jeff Trawick]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) Fix memory leak in handling of request bodies during reverse
46fdfef7dfc745effe179387e1dcb8245d3804batrawick proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) Win32 MPM: Implement MaxMemFree to enable setting an upper
46fdfef7dfc745effe179387e1dcb8245d3804batrawick limit on the amount of storage used by the bucket brigades
46fdfef7dfc745effe179387e1dcb8245d3804batrawick in each server thread. [Bill Stoddard]
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe *) Modified the cache code to be header-location agnostic. Also
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe fixed a number of other cache code bugs related to PR 15852.
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe Includes a patch submitted by Sushma Rai <rsushma novell.com>.
f4845813cd6fa5749dfec8e3bc647b85c1df0980wrowe This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
f55c048e33a905f9f771b3aed309373bdf547944jorton closing the PR since that is what they are using. [Paul J. Reder]
f55c048e33a905f9f771b3aed309373bdf547944jorton *) complain via error_log when mod_include's INCLUDES filter is
f55c048e33a905f9f771b3aed309373bdf547944jorton enabled, but the relevant Options flag allowing the filter to run
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton for the specific resource wasn't set, so that the filter won't
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton silently get skipped. next remove itself, so the warning will be
cddaaa6378c5082e8dff0d11dc21cf6c4928ecbcjorton logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin *) mod_info: HTML escape configuration information so it displays
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin correctly. PR 24232. [Thom May]
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin *) Restore the ability to add a description for directories that
9b2bd9e83cbb6f5debb2edba59a0c12089eb37c3minfrin don't contain an index file. (Broken in 2.0.48) [Andr� Malo]
a89e2c1651aab7734345fa3a6712a757708535ferjung *) Fix a problem with the display of empty variables ("SetEnv foo") in
a89e2c1651aab7734345fa3a6712a757708535ferjung mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung *) mod_log_config: Log the minutes component of the timezone correctly.
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung *) mod_proxy: Fix cases where an invalid status-line could be sent
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung to the client. PR 23998. [Joe Orton]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung are also loaded. [Joe Orton]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung thread-safe interface for retrieving error strings. [Joe Orton]
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
adc9a2e2b2e56a7416c90f949bd0c72ddd6f1793rjung avoid reporting an Internal Server error if it is used without
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf having been set in the httpd.conf file. PR: 23748, 24459
23bc6974af15e69a9aa4b5b3fc06b800b53ca234sf [Andre Malo, Liam Quinn <liam htmlhelp.com>]
298eb744831be682f749ffe1c01c88d82adf215esf *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
298eb744831be682f749ffe1c01c88d82adf215esf option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
298eb744831be682f749ffe1c01c88d82adf215esf *) mod_include no longer allows an ETag header on 304 responses.
298eb744831be682f749ffe1c01c88d82adf215esf PR 19355. [Geoffrey Young <geoff apache.org>, Andr� Malo]
298eb744831be682f749ffe1c01c88d82adf215esf *) EBCDIC: Convert header fields to ASCII before sending (broken
298eb744831be682f749ffe1c01c88d82adf215esf since 2.0.44). [Martin Kraemer]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Fix the inability to log errors like exec failure in
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim mod_ext_filter/mod_cgi script children. This was broken after
f2386b627177c7a80d38fed6ec0aed3c086909c1covener such children stopped inheriting the error log handle.
f2386b627177c7a80d38fed6ec0aed3c086909c1covener [Jeff Trawick]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin *) Fix mod_info to use the real config file name, not the default
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin config file name. [Aryeh Katz <aryeh secured-services.com>]
70d4e28f12f8cc2e130457c841095dc69c67cf31minfrin *) Set the scoreboard state to indicate logging prior to running
1a668f25bc6b4b111822caaba70bb9289d64ade5niq logging hooks so that server-status will show 'L' for hung loggers
1a668f25bc6b4b111822caaba70bb9289d64ade5niq instead of 'W'. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjimChanges with Apache 2.0.48
7a6c86627922e38fa227943b9f888f96109681e5covener *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
7a6c86627922e38fa227943b9f888f96109681e5covener the AF_UNIX socket used to communicate with the cgid daemon and
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener the CGI script. [Jeff Trawick]
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener mod_rewrite which occurred if one configured a regular expression
17efe57eb8d88fa0d371f4ac4939dbbbe78fd09bcovener with more than 9 captures. [Andr� Malo]
8068423ee2d80a7c42b2325a71c24ac9485327cecovener *) mod_include: fix segfault which occured if the filename was not
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim set, for example, when processing some error conditions.
8068423ee2d80a7c42b2325a71c24ac9485327cecovener PR 23836. [Brian Akins <bakins web.turner.com>, Andr� Malo]
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener *) fix the config parser to support <Foo>..</Foo> containers (no
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener arguments in the opening tag) supported by httpd 1.3. Without
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener this change mod_perl 2.0's <Perl> sections are broken.
7703bad94964cc64022e08e2d1ae2c5fbfe2d3c6covener ["Philippe M. Chiasson" <gozer cpan.org>]
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick *) mod_cgid: fix a hash table corruption problem which could
689ee47a7329cf0d0ce4c5a98670b33fcf00d81btrawick result in the wrong script being cleaned up at the end of a
aa8df43397bb42245e1633f12e2300c9715f3a7btrawick request. [Jeff Trawick]
5a2f24f5e41d52e59e1c11e90cd423b8967d4184trawick *) Update httpd-*.conf to be clearer in describing the connection
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier between AddType and AddEncoding for defining the meaning of
19ce7effbcc8a735f1a883f9266e086fde2adb63poirier compressed file extensions. [Roy Fielding]
5d58d0bc1ce35e0ee814b6c2dc21a5286e460b87covener *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim PR 23416. [Andr� Malo]
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
8eac2273e3d5f2dc8464fada76fcfbf33a938a2fcovener rewritten request using "proxy:". The code was adding multiple "proxy:"
c6124d7fde07b58d51785d0f1cb509026eeaa138jim fields in the rewritten URI. PR: 13946.
c6124d7fde07b58d51785d0f1cb509026eeaa138jim [Eider Oliveira <eider bol.com.br>]
c6124d7fde07b58d51785d0f1cb509026eeaa138jim *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
680e7b4c70df00b695883c824947ca6ec15d69ecsf expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
680e7b4c70df00b695883c824947ca6ec15d69ecsf *) Ensure that ssl-std.conf is generated at configure time, and switch
3a49a6c98ef80c71830e66e7f8f46083001b494ctrawick to using the expanded config variables to work the same as
d46dfdce9351f52a971777948d9b02f8fc668ff8niq [Thom May]
6fee4e2faa2e45fe2636d01e35d03c2cf0c9d431minfrin *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
03aa31ad82759363ba1a55589e517b16308ef635minfrin *) mod_autoindex: If a directory contains a file listed in the
03aa31ad82759363ba1a55589e517b16308ef635minfrin DirectoryIndex directive, the folder icon is no longer replaced
03aa31ad82759363ba1a55589e517b16308ef635minfrin by the icon of that file. PR 9587.
03aa31ad82759363ba1a55589e517b16308ef635minfrin [David Shane Holden <dpejesh yahoo.com>]
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin *) Fixed mod_usertrack to not get false positive matches on the
9fe23388f983cb652b5d68e2bd92aa9f0568c574minfrin user-tracking cookie's name. PR 16661.
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe [Manni Wood <manniwood planet-save.com>]
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe *) mod_cache: Fix the cache code so that responses can be cached
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe if they have an Expires header but no Etag or Last-Modified
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe headers. PR 23130.
433d36fd71af86369719893afe09877be4cb4f3asf *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf were sent (e.g. with 304 or 204 response codes). [Astrid Ke�ler]
14e5a8cc15b1dcc26ad5420973304e53a9e5406bsf *) Modify ap_get_client_block() to note if it has seen EOS.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [Justin Erenkrantz]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
46fdfef7dfc745effe179387e1dcb8245d3804batrawick content if the Accept-Encoding header contained only other tokens than
46fdfef7dfc745effe179387e1dcb8245d3804batrawick "gzip" (such as "deflate"). PR 21523. [Joe Orton, Andr� Malo]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) Avoid an infinite recursion, which occured if the name of an included
46fdfef7dfc745effe179387e1dcb8245d3804batrawick config file or directory contained a wildcard character. PR 22194.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick [Andr� Malo]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) mod_ssl: Fix a problem setting variables that represent the
573f949c582f06bd738a96196f40b646b6d540b8rpluem client certificate chain. PR 21371 [Jeff Trawick]
573f949c582f06bd738a96196f40b646b6d540b8rpluem *) Unix: Handle permissions settings for flock-based mutexes in
c44902d07eab7deb803a59e959f57cf3b7d56655poirier unixd_set_global|proc_mutex_perms(). Allow the functions to be
c44902d07eab7deb803a59e959f57cf3b7d56655poirier called for any type of mutex. PR 20312 [Jeff Trawick]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Fix a misleading message from the some of the threaded MPMs when
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener MaxClients has to be lowered due to the setting of ServerLimit.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Jeff Trawick]
ae1981fc94adf2b231e2d0e15d2f895b2138c969covener *) Lower the severity of the "listener thread didn't exit" message
4ac05f9625e37cc421f4ea548422827b4de163d7niq to debug, as it is of interest only to developers. PR 9011
4ac05f9625e37cc421f4ea548422827b4de163d7niq [Jeff Trawick]
4ac05f9625e37cc421f4ea548422827b4de163d7niq *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
4ac05f9625e37cc421f4ea548422827b4de163d7niq [Cliff Woolley, Jean-Jacques Clar]
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener *) Install config.nice into the build/ directory to make
6999a76d8eb5ef6b4b295e51df0b2fb6064bd373covener minor version upgrades easier. [Joshua Slive]
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick *) Fix mod_deflate so that it does not call deflate() without checking
ead0b57bbeaec5acb14f931b5641962f429dabc9trawick first whether it has something to deflate. (Currently this causes
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq deflate to generate a fatal error according to the zlib spec.)
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq PR 22259. [Stas Bekman]
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
77d6f9d5c2a5cab805e9ace265628f3d791b937dniq identity spoof is encountered.
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin [Sander Striker]
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
9f35dd32eedd781d218a85f0315ea5526a8adc84minfrin containing the .htaccess file is requested without a trailing slash.
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin PR 20195. [Andr� Malo]
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin *) ab: Overlong credentials given via command line no longer clobber
5dc4220fc22561537ce1421a03e11846a5b719ebminfrin the buffer. [Andr� Malo]
bd27541a0c96caa881f17a490e23cdd220d480c8poirier *) mod_deflate: Don't attempt to hold all of the response until we're
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick done. [Justin Erenkrantz]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin *) Assure that we block properly when reading input bodies with SSL.
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
68c4447ba8e057cf38cbbec918e0549b817f20b4minfrin *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
e33d0698670fead33dbd7c907363053b9e2be454minfrin *) mod_ext_filter: Set additional environment variables for use by
e33d0698670fead33dbd7c907363053b9e2be454minfrin the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
e33d0698670fead33dbd7c907363053b9e2be454minfrin *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin *) Remember an authenticated user during internal redirects if the
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin redirection target is not access protected and pass it
cf8a8738330694e60bad421fcc8361d80b0e9124minfrin to scripts using the REDIRECT_REMOTE_USER environment variable.
4ea8055e720d18f386b8026b546e5836ecccba4arjung PR 10678, 11602. [Andr� Malo]
a9d359cdeb1cee65cdb9fab5e19ffb4846172183trawick *) mod_include: Fix a trio of bugs that would cause various unusual
4ea8055e720d18f386b8026b546e5836ecccba4arjung sequences of parsed bytes to omit portions of the output stream.
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci PR 21095. [Ron Park <ronald.park cnet.com>, Andr� Malo, Cliff Woolley]
fd80868005a61e747bc45b39df83cae7abb3d151pgollucci *) Update the header token parsing code to allow LWS between the
60a8830541cd85d23a42ccb1639bc4744de9d526poirier token word and the ':' seperator. [PR 16520]
60a8830541cd85d23a42ccb1639bc4744de9d526poirier [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
60a8830541cd85d23a42ccb1639bc4744de9d526poirier *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin [Joe Schaefer <joe+gmane sunstarsys.com>]
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin *) Added FreeBSD directory layout. PR 21100.
5ae15cd9d22fb3bdfd2eb0b9761c4ef07fbf2f96minfrin [Sander Holthaus <info orangexl.com>, Andr� Malo]
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
69fc9805c344b2dd5fd49a4f75cbf55dedeac7d6minfrin response. PR 21085. [Glenn Nielsen <glenn apache.org>, Andr� Malo]
46fdfef7dfc745effe179387e1dcb8245d3804batrawick *) mod_rewrite: Perform child initialization on the rewrite log lock.
46fdfef7dfc745effe179387e1dcb8245d3804batrawick This fixes a log corruption issue when flock-based serialization
46fdfef7dfc745effe179387e1dcb8245d3804batrawick is used (e.g., FreeBSD). [Jeff Trawick]
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf *) Don't respect the Server header field as set by modules and CGIs.
e1c6c1dac26c35ecebe158438bb0c56afbb9bfb0sf As with 1.3, for proxy requests any such field is from the origin
dd90cc3ba2a09e7be46c9d8f5faad90edf18134fsf server; otherwise it will have our server info as controlled by
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf the ServerTokens directive. [Jeff Trawick]
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsfChanges with Apache 2.0.47
38451a13fb80b89e704792ebc0e6f9e5e5877d7dsf *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
505e342aefa9fbccc857f1bc653a310e25511946sf of per-directory renegotiations and the SSLCipherSuite directive
505e342aefa9fbccc857f1bc653a310e25511946sf being used to upgrade from a weak ciphersuite to a strong one
505e342aefa9fbccc857f1bc653a310e25511946sf could result in the weak ciphersuite being used in place of the
505e342aefa9fbccc857f1bc653a310e25511946sf strong one. [Ben Laurie]
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
26734c75baf170a492ef6a82f07b24ee1af7d0b1sf temporary denial of service when accept() on a rarely accessed port
dda254ba84bdff5e236917af1b31693ca4360eabcovener returns certain errors. Reported by Saheed Akhtar
dda254ba84bdff5e236917af1b31693ca4360eabcovener *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna of service when target host is IPv6 but proxy server can't create
bf52162f2d05c1fb1a107c7ef108de73f739b3edpquerna IPv6 socket. Fixed by the reporter. [Yoshioka Tsuneo
cf12a027b0859c14d5c4852efffeff62158cd98dtrawick *) SECURITY [VU#379828] Prevent the server from crashing when entering
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim infinite loops. The new LimitInternalRecursion directive configures
8e5e9b2d4c6cbcd21ca182fe1109d59284239515wrowe limits of subsequent internal redirects and nested subrequests, after
3becbd2611ffb2e8391a8eacce765b43dcb1c669wrowe which the request will be aborted. PR 19753 (and probably others).
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf [William Rowe, Jeff Trawick, Andr� Malo]
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf *) core_output_filter: don't split the brigade after a FLUSH bucket if
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf it's the last bucket. This prevents creating unneccessary empty
9c78f8d71737dfbbbf4da2f9acb397567a10e88bsf brigades which may not be destroyed until the end of a keepalive
4be9c459920a7c1cfe62d654327dae5c4bb6b284sf connection.
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi *) Add support for "streamy" PROPFIND responses.
47ff2654d827dd3596ce2e4099d69cec0f1009b9takashi [Ben Collins-Sussman <sussman collab.net>]
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi *) mod_cgid: Eliminate a double-close of a socket. This resolves
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi various operational problems in a threaded MPM, since on the
b4ae72381175122ebfe42ff0d11db7a7f4162014takashi second attempt to close the socket, the same descriptor was
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem often already in use by another thread for another purpose.
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem [Jeff Trawick]
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem *) mod_negotiation: Introduce "prefer-language" environment variable,
5e1ae35c05125b8b6c6c648c60e576f5796ea061rpluem which allows to influence the negotiation process on request basis
b9a830d395feaa66ab621841a5cd86e1fa2d184brjung to prefer a certain language. [Andr� Malo]
82e6711dc508d2822d9397f07136ba4ddd8764e1niq *) Make mod_expires' ExpiresByType work properly, including for
82e6711dc508d2822d9397f07136ba4ddd8764e1niq dynamically-generated documents. [Ken Coar, Bill Stoddard]
82e6711dc508d2822d9397f07136ba4ddd8764e1niqChanges with Apache 2.0.46
82e6711dc508d2822d9397f07136ba4ddd8764e1niq *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash
82e6711dc508d2822d9397f07136ba4ddd8764e1niq by sending an overly long string. This can be triggered remotely
f43104f173247435cb4ade2b89aa2ca8108aedb7niq through mod_dav, mod_ssl, and other mechanisms. Reported by David
f43104f173247435cb4ade2b89aa2ca8108aedb7niq Endler <DEndler iDefense.com>.
f43104f173247435cb4ade2b89aa2ca8108aedb7niq [Joe Orton <jorton redhat.com>]
1fdcfb04a08e53ce28af657d854922efbbabecf4niq *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
1fdcfb04a08e53ce28af657d854922efbbabecf4niq affecting basic authentication on Unix platforms related to
1fdcfb04a08e53ce28af657d854922efbbabecf4niq thread-safety in apr_password_validate(). The problem was reported
c26aa743a70c2148cdca1e6c637c605d9025b051niq *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
c26aa743a70c2148cdca1e6c637c605d9025b051niq when a MKACTIVITY request comes in.
e076b09731977eafcef2bfc6f5323f3ab7e83b15niq [Ben Collins-Sussman <sussman collab.net>]
3fba96a56fbced0f14edde04f417d74d7f5bdb1eniq *) Perform run-time query in apxs for apr and apr-util's includes.
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq [Justin Erenkrantz]
3a183ee5b8f8129f6d3ec493be51abacda7c6ea7niq *) run libtool from the apr install directory (in case that is different
64dbb5532fba398c5e81efeb21c7fd50c05819d7niq from the apache install directory) [Jeff Trawick]
64dbb5532fba398c5e81efeb21c7fd50c05819d7niq *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq *) If mod_mime_magic does not know the content-type, do not attempt to
d31d6c32262a8d1cbfc63d9f7adccae46002c8f7niq guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
a50db00c3663c2a0d3531965c64d995516b06288niq *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick caching. PR 17864.
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick *) Add a delete flag to htpasswd.
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi now work scheme dependent and the query string will only be
4aa736735709d0434c02ae6cc65b0738eb9882cctakashi appended if supported by the particular scheme. [Andr� Malo]
99d46a23c6eac800f327b29f8009f7d7da986230trawick *) Add another check for already compressed content in mod_deflate.
99d46a23c6eac800f327b29f8009f7d7da986230trawick PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
6c2782f8988f498ad9e5fc84256e202175c3edc9covener *) Fixes for VPATH builds; copying special.mk and any future .mk files
6c2782f8988f498ad9e5fc84256e202175c3edc9covener from the source tree as well as the build tree (now creates a usable
6c2782f8988f498ad9e5fc84256e202175c3edc9covener configuration for apxs), and eliminated redundant -I'nclude paths.
6c2782f8988f498ad9e5fc84256e202175c3edc9covener [William Rowe]
bf27540ecb929632fd82264742045c96006c382cniq *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna for SSLC and OpenSSL toolkit compatibility. Still work remains to
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna be done to cripple features based on the limitations of RSA's binary
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna distribution of their SSL-C toolkit.
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna *) Linux 2.4+: If Apache is started as root and you code
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna [Greg Ames]
bcb567d8f48f5de8aa84e0b19e93357e0a4d970epquerna *) ap_get_mime_headers_core: allocate space for the trailing null
ea6ff3396df1d6d43ee0ecfa3e26ada981d8e9a3sctemme when folding is in effect.
8a0c75e992cc657a98317e78374b800d16963cfatrawick PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
ab1b172430f2d4e1b222b541bb8c1d431c1a7bc7sf *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
8315a125b56710a222167e4d65b96c3c891f4b25sf *) mod_log_config: Add the ability to log the id of the thread
ab1b172430f2d4e1b222b541bb8c1d431c1a7bc7sf processing the request via new %P formats. [Jeff Trawick]
3f985866b9b5b49fb57735b5eb135591163f30dfsf *) Use appropriate language codes for Czech (cs) and Traditional Chinese
7f51e5c395d431b8c20226f77de28efe13272bfasf (zh-tw) in default config files. PR 9427. [Andr� Malo]
7f51e5c395d431b8c20226f77de28efe13272bfasf *) mod_auth_ldap: Use generic whitespace character class when parsing
7f51e5c395d431b8c20226f77de28efe13272bfasf "require" directives, instead of literal spaces only. PR 17135.
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf [Andr� Malo]
17d64c884a44f5ca72f6901afd3e50991bfc1c63sf *) Hook mod_rewrite's type checker before mod_mime's one. That way the
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf RewriteRule [T=...] Flag should work as expected now. PR 19626.
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf [Andr� Malo]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf *) htpasswd: Check the processed file on validity. If a line is not empty
68686064650b23222461014a11558593de194bbctrawick and not a comment, it must contain at least one colon. Otherwise exit
304903af1cf77cbdfa07e8a6482f35f3d9d7b0f3sf with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
a6e4caaa97e433cc2ef78d957bc32756d9c49f79sf *) Fix a problem that caused httpd to be linked with incorrect flags
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf on some platforms when mod_so was enabled by default, breaking
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf DSOs on AIX. PR 19012 [Jeff Trawick]
a96ba81cada826f2a9ab1e24218a77bfadfc31d8sf *) By default, use the same CC and CPP with which APR was built.
4f133508c93204c06e1acba9774ff184e5812606niq The user can override with CC and CPP environment variables.
4f133508c93204c06e1acba9774ff184e5812606niq [Jeff Trawick]
87587593f1a53030e840acc0dec6cc881022ea40covener *) Fix ap_construct_url() so that it surrounds IPv6 literal address
87587593f1a53030e840acc0dec6cc881022ea40covener strings with []. This fixes certain types of redirection.
87587593f1a53030e840acc0dec6cc881022ea40covener PR 19207. [Jeff Trawick]
87587593f1a53030e840acc0dec6cc881022ea40covener *) forward port of buffer overflow fixes for htdigest. [Thom May]
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener *) Added AllowEncodedSlashes directive to permit control of whether
52071e4b9f49c3a1c2c767c7ea80ec92cf9032c9covener the server will accept encoded slashes ('%2f') in the URI path.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim Default condition is off (the historical behaviour). This permits
89b8bbc89404e7071e573c4f0a17f528996e855djorton environments in which the path-info needs to contain encoded
89b8bbc89404e7071e573c4f0a17f528996e855djorton slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
e1d4c4e8366f46dc5dc1e6e24b4c7ac448dfa061sf *) When using Redirect in directory context, append requested query
6bc4f334a04802bab835893d0c42af8bfb9c3c41sf string if there's no one supplied by configuration. PR 10961.
6bc4f334a04802bab835893d0c42af8bfb9c3c41sf [Andr� Malo]
53593dbd8fece82cb66a23f0b7024d8d713d66f1sf *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf the pattern will not always match as desired. PR 12596.
79e3f2f950745953fff4a6a8dfe1f7cce31ce287sf [Andr� Malo]
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem *) mod_autoindex now emits and accepts modern query string parameter
ab2b977442827214b1d884decf3e3f1579fd45e1rpluem delimiters (;). Thus column headers no longer contain unescaped
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf ampersands. PR 10880 [Andr� Malo]
195edf54eccd8c5a436c7dd17f5f604e7074d5d1sf *) Enable ap_sock_disable_nagle for Windows. This along with the
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
3709b26f3370ae89c5324a3c03fab56a93b09ecdsf to be disabled for Windows. [Allan Edwards]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi This patch reverts us to pre-2.0.46 behavior, using the
03577bc320125eaa2b27ee7af78b894ee6dfe121takashi ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin was never compiled on Win32. [Allan Edwards, William Rowe]
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin *) Fix a build problem with passing unsupported --enable-layout
f5119c5d7cfe8c6d53cb29d43f8746684068ed82minfrin args to apr and apr-util. This broke binbuild.sh as well as
f74d35a61a835e15412b99b8aebe4958fe4e94a5takashi user-specified layout parameters. PR 18649 [Justin Erenkrantz,
94713632faf403489b3f8b4e0ed65e1011ac4991takashi Jeff Trawick]
20216b769716c4346cce373f2028d7dbebf03886poirier *) If a Date response header was already set in the headers array,
20216b769716c4346cce373f2028d7dbebf03886poirier this value was ignored in favour of the current time. This meant
20216b769716c4346cce373f2028d7dbebf03886poirier that Date headers on proxied requests where rewritten when they
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf should not have been. PR: 14376 [Graham Leggett]
7317a32e0c621c9a28f6f10e83e6c5dc63e3f3bdsf *) Add code to buildconf that produces an httpd.spec file from
ecc6e723b804fb4b8f858910eff3f88242ec56fasf [Graham Leggett]
ecc6e723b804fb4b8f858910eff3f88242ec56fasf *) Fixed a segfault when multiple ProxyBlock directives were used.
727d68c6009030f56a350b4603384ce4fb844341minfrin *) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability
727d68c6009030f56a350b4603384ce4fb844341minfrin identified and reported by Robert Howard <rihoward rawbw.com> that
727d68c6009030f56a350b4603384ce4fb844341minfrin where device names faulted the running OS2 worker process.
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin The fix is actually in APR 0.9.4. [Brian Havard]
ed6dfb7d7057dc4f42348f12d7bff9fe98fc73cfminfrin *) Forward port: Escape special characters (especially control
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf characters) in mod_log_config to make a clear distinction between
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf client-supplied strings (with special characters) and server-side
4dee28b6fc8fff5efde4e7821aeb6defed3fb84dsf strings. This was already introduced in version 1.3.25.
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf [Andr� Malo]
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf *) mod_deflate: Check also err_headers_out for an already set
23247a8f748077bc788a5fbaf91d5fad34d0b7d1sf Content-Encoding: gzip header. This prevents gzip compressed content
58015652ffe00f004c6404a0631474f23dadc7dasf from a CGI script from being compressed once more. PR 17797.
58015652ffe00f004c6404a0631474f23dadc7dasf [Andr� Malo]
2af38cc44e48753913565b38a7a9f325f898a293minfrinChanges with Apache 2.0.45
745417156908df54538ca284b382ce8d27b30066minfrin *) Fix possible segfaults under obscure error conditions within the
2af38cc44e48753913565b38a7a9f325f898a293minfrin cgid daemon. [Jeff Trawick, William Rowe]
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf *) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability
fc2f0972572614b50523bc5ddb3f866ca4acd2f0sf identified by David Endler <DEndler iDefense.com> on all platforms.
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf An unlimited stream of newlines were acceptable between requests
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf where each <lf> would allocate an 80 byte buffer, leading very
251430bcaff1fa6a77953bfe56475eb6cc7abc78sf quickly to memory exahustion. [Brian Pane]
7b467aa53854c95318a1c709709c1619a4f47118minfrin *) Added an rpm build script.
7b467aa53854c95318a1c709709c1619a4f47118minfrin [Graham Leggett, Joe Orton <jorton redhat.com>]
7ba7402d405dc9e3c1083e34049ed933472ca910poirier *) Simpler, faster code path for request header scanning [Brian Pane]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) SECURITY: Eliminated leaks of several file descriptors to child
7ba7402d405dc9e3c1083e34049ed933472ca910poirier processes, such as CGI scripts. This fix depends on the APR library
7ba7402d405dc9e3c1083e34049ed933472ca910poirier release 0.9.2 or later (0.9.3 was distributed with the httpd
4286d2e267e788d856092bf2ccf461e7ca99570frpluem source tarball for Apache 2.0.45.) PR 17206
4286d2e267e788d856092bf2ccf461e7ca99570frpluem [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
4286d2e267e788d856092bf2ccf461e7ca99570frpluem *) Fix path handling of mod_rewrite, especially on non-unix systems.
43563ad04e4bae7b42f7a34a87b7c60dc69c0c3fpoirier There was some confusion between local paths and URL paths.
5357892a1e367372dc2d4a315156e3e44dc5d56dpoirier PR 12902. [Andr� Malo]
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier *) Prevent endless loops of internal redirects in mod_rewrite by
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier aborting after exceeding a limit of internal redirects. The
b42af5f6edf4fe4b820288c37920a7a6fd65f1f1poirier limit defaults to 10 and can be changed using the RewriteOptions
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin directive. PR 17462. [Andr� Malo]
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
49cea03e96dc4707bce15d6318eb013cb8668d96minfrin all worker threads are busy.
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin [Igor Nazarenko <igor_nazarenko hotmail.com>]
63eaa8ed62d63de0a44346b8af48e08e562db01eminfrin *) Keep the subrequest filter in place when a subrequest is
847b3922f7dcde6830f4aad49d29c84b4569c260minfrin redirected. PR 15423. [Jeff Trawick]
1af2b28846e2647963db788b081676884fb7df8crpluem *) you can now specify the compression level for mod_deflate.
1af2b28846e2647963db788b081676884fb7df8crpluem [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
845258fbf5102b8b09fe9b7f4cb4ea4c089344c3poirier *) mod_deflate: Extend the DeflateFilterNote directive to
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin allow accurate logging of the filter's in- and outstream.
5d36cddfe00d5c6ad18845fcc04e6f7662050fafminfrin [Andr� Malo]
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin *) Allow SSLMutex to select/use the full range of APR locking
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin mechanisms available to it. Also, fix the bug that SSLMutex uses
20aa41f86a5b451529d26d9b901eea69989e5c0aminfrin APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
8c92aeeb75b1b393f61a3e01c495484737a0ff8cminfrin *) Restore the ability of htdigest.exe to create files that contain
1018201f5223624476334c6e23aead02db7c4040minfrin more than one user. PR 12910. [Andr� Malo]
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier *) Improve binary compatibility of the core between debug (aka
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier maintainer-mode) and a non-debug compile.
e5db2522dbe503cbf5399094b6239c88c246a8c5poirier [Sander Striker]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin *) mod_usertrack: don't set the cookie in subrequests. This works
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin around the problem that cookies were set twice during fast internal
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin redirects. PR 13211. [Andr� Malo]
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin *) mod_autoindex no longer forgets output format and enabled version
ad7e5e9fb8f63a5155bb392114162997505ff772minfrin sort in linked column headers. [Andr� Malo]
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin *) Use .sv instead of .se as extension for Swedish documents in the
59cb8d601b8c44476e59310f68b9c373d8fc62a6minfrin default configuration. PR 12877. [Andr� Malo]
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
ec8b1faa56744b338f6d6421144b56c2bb3faae6poirier and standardized the LDAP SSL support across the various LDAP SDKs.
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin Isolated the SSL functionality to mod_ldap rather than speading it
10abdcbd7b30d957d15c61ea8100ba97a627ac95minfrin across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq and LDAPTrustedCAType directives to mod_ldap to allow for a more
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq common method of specifying the SSL certificate.
87e0bf269cc3386ee8e6ab561ff00770151f4f53niq [Dave Ward, Brad Nicholes]
3c67b7956d44501360506a9f13a5011be73b30ecminfrin *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
3c67b7956d44501360506a9f13a5011be73b30ecminfrin skip the first cert of the chain by default. This misbehavior
3c67b7956d44501360506a9f13a5011be73b30ecminfrin was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
97d20d37d21b8d427a920e211858172f0a82427epoirier *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
97d20d37d21b8d427a920e211858172f0a82427epoirier be started on Unix because of such problems as bad permissions,
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq bad shebang line, etc. [Jeff Trawick]
8e04e8ec7d682bff5e6dccdd70c082971a88cb8bniq *) Fix 64-bit problem in mod_ssl input logic.
53c999a82fcca729dabc8a512b3fb996d61fd814niq [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
53c999a82fcca729dabc8a512b3fb996d61fd814niq *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
53c999a82fcca729dabc8a512b3fb996d61fd814niq [Justin Erenkrantz]
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
25d0f8adcab13255494a3572edff1a25f6fbeea3rpluem [Justin Erenkrantz]
dd9ae259e1578c4388739c880ede97c55cec543frpluem *) Fix segfault which occurred when a section in an included
dd9ae259e1578c4388739c880ede97c55cec543frpluem configuration file was not closed. PR 17093. [Andr� Malo]
0938450cadc9a083d112a86bc7dd7ae34f791364trawick *) Enhance the behavior of mod_isapi's WriteClient() callback to
0938450cadc9a083d112a86bc7dd7ae34f791364trawick provide better emulation for isapi modules that presume that the
0938450cadc9a083d112a86bc7dd7ae34f791364trawick first WriteClient() call may send status and headers. An example
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim of WriteClient() abuse is the foxisapi module, which relies on
8bed7ee6d97933b958e97e222f37154d83e384e5jorton that assumpion and now works. [William Rowe, Milan Kosina]
8bed7ee6d97933b958e97e222f37154d83e384e5jorton *) Check the return value of ap_run_pre_connection(). So if the
8bed7ee6d97933b958e97e222f37154d83e384e5jorton pre_connection phase fails (without setting c->aborted)
d33ddda47790d3295f4218f87e3a296cf51a9becmjc ap_run_process_connection is not executed. [Stas Bekman]
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem *) Fixed a problem with mod_ldap which caused it to fault when caching
7a25b029b69f169bd22718165dff3b271114f92eniq was disabled. Needed to make sure that the code did not
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier attempt to use the cache if it didn't exist. Also fixed some memory
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier leaks which were due to not releasing LDAP resources on error
43d051c8401a1f3b4f7853cd897d3565ab814ea7poirier conditions. [Brad Nicholes]
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem mod_rewrite proxied URLs will not be escaped accidentally by
7a25b029b69f169bd22718165dff3b271114f92eniq mod_proxy's fixup. PR 16368 [Andr� Malo]
7a25b029b69f169bd22718165dff3b271114f92eniq *) While processing filters on internal redirects, remember seen EOS
2f34374f6e04b9094a1d13a5ed823f331ba841a3rpluem buckets also in the request structure of the redirect issuer(s). This
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton prevents filters (such as mod_deflate) from adding garbage to the
3e6a46d2fecf446daf0e280a49fa5565f5f635eajorton response. PR 14451. [Andr� Malo]
137e484e5f984ceff1102e1212dda8ac0413231aniq *) suexec: Be more pedantic when cleaning environment. Clean it
0df8f79d2324b131c36955d7e474a735a762f9eeniq immediately after startup. PR 2790, 10449.
0df8f79d2324b131c36955d7e474a735a762f9eeniq [Jeff Stewart <jws purdue.edu>, Andr� Malo]
30e3e760b737f13ce800fa02c5930ade7659ba66niq *) Fix apxs to insert LoadModule directives only outside of sections.
30e3e760b737f13ce800fa02c5930ade7659ba66niq PR 8712, 9012. [Andr� Malo]
80370e62044bea458bcd0545c59cb864ed117b04niq *) Fix suexec compile error under SUNOS4, where strerror() doesn't
e991c6fc032c59eb6cb751d9d382e933a53a2866niq exist. PR 5913, 9977.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem *) Fix If header parsing when a non-mod_dav lock token is passed to it.
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem PR 16452. [Justin Erenkrantz]
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
9a00e2d46c44c111d6952e553a2f1a61b7594eb3rpluem not specified. Now it assumes "/" as already documented. PR 16937.
33d9be77cc6f5fc8734e9c1f526b82d359955152rpluem [Andr� Malo]
172e83c0f024fe6396dd1f3ca3492fd83c304db5jim *) Try to log an error if a piped log program fails. Try to
da128c59ec571c4dff70f41ecba9c8a9974c6cd6niq restart a piped log program in more failure situations. Fix an
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq existing problem with error handling in piped_log_spawn(). Use
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq new APR apr_proc_create() features to prevent Apache from starting
45932a847f237b4d8f0667b138bd3f8a15fb53ffniq on Unix* in most cases where a piped log program can be started,
186e9d990f453d16826ab87a87df7b87e6e05921rpluem and add log messages for the other situations. *Other platforms
186e9d990f453d16826ab87a87df7b87e6e05921rpluem already failed Apache initialization if a piped log program
186e9d990f453d16826ab87a87df7b87e6e05921rpluem couldn't be started. PR 15761 [Jeff Trawick]
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi *) Fix mod_cern_meta to not create empty metafiles when the
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi metafile searched for does not exist. PR 12353
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi [Owen Rees <owen_rees hp.com>]
6861702c2d883e5c0744d5f7528d2060671ad24dtakashi *) Introduce debugging symbols for Win32 release builds, both .pdb
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung and .dbg files (older debuggers and Dr. Watson-type utilities
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung on WinNT or Win9x don't support the newer .pdb flavor.)
f1f779c42f76118102fdecbe8777b47a1fc693a7rjung [Allen Edwards, William Rowe]
292cb7b720095e7bb434d79ae53b02d332aeb99acovener *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
292cb7b720095e7bb434d79ae53b02d332aeb99acovener information (and more). Related to PR 9076. [Andr� Malo]
137e484e5f984ceff1102e1212dda8ac0413231aniq *) mod_file_cache: fix segfault serving mmaped cached files.
137e484e5f984ceff1102e1212dda8ac0413231aniq [Bill Stoddard]
137e484e5f984ceff1102e1212dda8ac0413231aniq *) mod_file_cache: fixed a segfault when multiple MMapFile directives
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim were used. PR 16313. [Cliff Woolley]
4e08c8c1a91e2887b41d8cacd3aa532355d0237drpluem *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem an incompatible pointer type to mmap_bucket_destroy(void*).
d0cd62f11bcd8fa9bf758c5125f55cea5d9038dfrpluem [Gerard Eviston <geviston bigpond.net.au>]
51d55be8bbc6652c13bc80d920f4331f7152dceerjung *) Enable the -n name parameter on NetWare to allow the
51d55be8bbc6652c13bc80d920f4331f7152dceerjung administrator to rename the Apache console screen
51d55be8bbc6652c13bc80d920f4331f7152dceerjung [Brad Nicholes]
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim support by default in APR. More development is required
0af58edfee6112cc3399e0e693340e525b96ab1ctrawick to deploy OTHER_CHILD on Win32. [William Rowe]
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick *) Use saner default config values for suexec. PR 15713.
27c7a7cad9e83eeebad0a4d5a321144394adc3f9trawick [Thom May <thom planetarytramp.net>]
8f2700898323915da289644dc1f3ee11a5e5b4earpluem *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
8f2700898323915da289644dc1f3ee11a5e5b4earpluem (or SymlinksIfOwnermatch) is set. PR 12395. [Andr� Malo]
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener *) apxs: Include any special APR ld flags when linking the DSO.
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener This resolves problems on AIX when building a DSO with apxs+gcc.
e7983ce746b0df56a1b74b42da6d82f5ecb99349covener [Jeff Trawick]
77e28c16c8109d76c3b45717fa66ee74415db042rjung *) Added character set support to mod_auth_LDAP to allow it to
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick convert extended characters used in the user ID to UTF-8
bbcfb8ab8e22f90fdf346e9993bd58ba2203b182trawick before authenticating against the LDAP directory. The new
d1745d6933c22c807cf2388332426defd1b19f03covener directive AuthLDAPCharsetConfig is used to specify the config
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim file that contains the character set conversion table.
d1745d6933c22c807cf2388332426defd1b19f03covener [Brad Nicholes]
b20f76a400e77d3631f3507ff22d68ae6bd25323trawick *) Don't remove the Content-Length from responses in mod_proxy
222834d5a33b915037094af014905f3683cae78btrawick PR: 8677 [Brian Pane]
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem *) Ensure LDAP version is set to v3 on every bind. PR 14235.
2db5d76ac4c75aadecf38e20569bccbfd2360ba7rpluem [Sergey A. Lipnevich <sergeyli pisem.net>]
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna *) Fix mod_ldap to open an existing shared memory file should one
7f4ac5a4cd99a9cae866b5908e358bd932736307chrisd already exist. PR 12757. [Scooter Morris <scooter gene.com>,
1c03114a0f0315ed19a05f654021da9f66005897rjung Graham Leggett]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984rpluem *) Change the ulimit command used by apachectl on AIX so that it
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme works in all locales. [Jeff Trawick]
3e9c0665b06e44cf776528c6954ed3ca34a77c7fsctemme *) mod_ext_filter: Fix a problem building argument lists which
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim occasionally caused exec to fail. PR 15491. [Jeff Trawick]
6707208ba4e9a5841ca1ab830830fd286ea5b7c5trawickChanges with Apache 2.0.44
873c287c391b0bbc4719b68bb84946515811e1batrawick *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
832853bb93c1831daf24e4727c5ca0e1b1786e83lars from Apache 1.3. PR 14276
832853bb93c1831daf24e4727c5ca0e1b1786e83lars [David Shane Holden <dpejesh yahoo.com>, William Rowe]
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding [Brian Pane]
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding *) Reorder the definitions for mod_ldap and mod_auth_ldap within
1782dcd420de504978945e6b812523eeae6d56a2lars config.m4 to make sure the parent mod_ldap is defined first.
1782dcd420de504978945e6b812523eeae6d56a2lars This ensures that mod_ldap comes before mod_auth_ldap in the
d2696ac6757b3d8bdaa27634a141ac8c8a045e08fielding httpd.conf file, which is necessary for mod_auth_ldap to load.
1782dcd420de504978945e6b812523eeae6d56a2lars PR 14256 [Graham Leggett]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Fix the building of cgi command lines when the query string
59dc8d935dbf862712683bbc9e267bd08ced0b14fielding contains '='. PR 13914 [Ville Skytt� <ville.skytta iki.fi>,
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem Jeff Trawick]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem implementation of MCacheMaxStreamingBuffer from mod_cache to
cf8d02ea0c91653917b044529f3133c5a1bb9200fielding mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem eliminate the need for explicitly coding MCacheMaxStreamingBuffer
17ac330ebaa71b24cb77580411a231ee45996e03pquerna in most configurations. [Bill Stoddard]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
9f38f3ec3e8087985d108a24ae796962fef83644takashi a redirect occurs. The code was passing a format string and
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem integer to apr_pstrcat. Changed to apr_psprintf.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [Paul J. Reder]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
9e152751ed380f87c5ecae4fb0221c956e5fbd24rjung as set by apr-util in util_ldap.c. This should allow mod_ldap
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem to work with the Netscape/Mozilla LDAP library. [�yvin S�mme
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem <somme oslo.westerngeco.slb.com>, Graham Leggett]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Fix critical bug in new --enable-v4-mapped configure option
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem implementation which broke IPv4 listening sockets on some
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem patterns [Andr� Malo <nd perlig.de>]
06e6657fd0f376a16db696876f9bff5927cc3cb0trawick *) Add version string to provider API. [Justin Erenkrantz]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) build: './configure && make' now works without an in-tree
0e9dae659943679108357054e9aa7657cdc52dc4minfrin apr and apr-util. [Wilfredo Sanchez]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) mod_negotiation: Set the appropriate mime response headers
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem (Content-Type, charset, Content-Language and Content-Encoding)
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem for negotated type-map "Body:" responses (such as the error
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem pages.) [Andr� Malo <nd perlig.de>]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) mod_log_config: Allow '%%' escaping in CustomLog format
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem strings to insert a literal, single '%'.
a7757dd38bb2a1afc93e241b7ea67b3de85ecc8bminfrin [Andr� Malo <nd perlig.de>]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) mod_autoindex: AddDescription directives for directories
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna now work as in Apache 1.3, where no trailing '/' is
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna specified on the directory name. Previously, the trailing
df46ff21c57d00f6addccaaf9b1484f2b56b8577pquerna '/' *had* to be specified, which was incompatible with
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem Apache 1.3. PR 7990 [Jeff Trawick]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Fix for PR 14556. The expiry calculations in mod_cache were
a5cce34e21a5b472f3806b4526043887bcb7e9eajim trying to perform "now + ((date - lastmod) * factor)" where
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem date == lastmod resulting in "now + 0". The code now follows
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem the else path (using the default expiration) if date is
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
8c3667cd1d0db08647793137c0d1aa7f6526bebfniq default calling convention is not the same as the one used by
6824182b3b8e045db97a228d3127bdfcbdfeb0bcniq *) mod_cache: Don't cache response header fields designated
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
0c26d213d85bc40fc05963c63bf670b42b352d25niq *) mod_cgid: Handle environment variables containing newlines.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Move mod_ext_filter out of experimental and into filters.
9f07b6dc343a4e3eba5f4c47050a77441723ce89nd [Jeff Trawick]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Fixed a memory leak in mod_deflate with dynamic content.
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem PR 14321 [Ken Franken <kfranken decisionmark.com>]
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem *) Add --[enable|disable]-v4-mapped configure option to control
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem whether or not Apache expects to handle IPv4 connections
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim on IPv6 listening sockets. Either setting will work on
abc69b39766c0de3eaf99e9016ea3f35e23c116drpluem systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
1464434c2c104e0ba224644c42552330f5158537covener must be used on systems that always allow IPv4 connections on
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem [Jeff Trawick]
7f4ac5a4cd99a9cae866b5908e358bd932736307chrisd *) This fixes a problem where the underlying cache code
92357fb76d3ad043e29ba2ba2041a7bdb8d13390niq indicated that there was one more element on the cache
8d574b3ac4185e4f71c8b9aae76e7122a78201c4rpluem than there actually was. This happened since element 0
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton exists but is not used. This code allocates the correct
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton number of useable elements and reports the number of
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton actually used elements. The previous code only allowed
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin MCacheMaxObjectCount-1 objects to be stored in the
235b900b78cf6849f8344e377a91ded37d9cc9depquerna cache. [Paul J. Reder]
235b900b78cf6849f8344e377a91ded37d9cc9depquerna *) mod_setenvif: Add SERVER_ADDR special keyword to allow
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton envariable setting according to the server IP address
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton which received the request. [Ken Coar]
66b8ec445dced7a2036bcd3b87b6fc3f08a1ab24jorton *) mod_cgid: Terminate CGI scripts when the client connection
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin drops. PR 8388 [Jeff Trawick]
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin *) Rearrange OpenSSL engine initialization to support RAND
0e2a2eae9b72ac099aa25d7419e55af13b004be9minfrin redirection on crypto accelerator.
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna *) Always emit Vary header if mod_deflate is involved in the
6f33babce8f8bc723f0b2c755aef049cd509504fpquerna request. [Andre Malo <nd perlig.de>]
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna *) mod_isapi: Stop unsetting the 'empty' query string result with
0a12339f39799193ac6866fce812a1deb8f4a1abpquerna a NULL argument in ecb->lpszQueryString, eliminating segfaults
3fb118bc4e1a634f71c1fa509819ceac36c79dcbpquerna for some ISAPI modules. PR 14399
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim notification is received before the HttpExtensionProc() returns
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim HSE_STATUS_PENDING. This only affected isapi .dll's configured
fb59af4ce3fcdd314b848359faeddf1e51bb24c5jim with the ISAPIFakeAsync on directive. PR 11918
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna *) mod_isapi: Fix the issue where all results from mod_isapi would
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna run through the core die handler resulting in invalid responses
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna or access log entries. PR 10216 [William Rowe]
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna *) Improves the user friendliness of the CacheRoot processing
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna over my last pass. This version avoids the pool allocations
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna but doesn't avoid all of the runtime checks. It no longer
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna terminates during post-config processing. An error is logged
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna once per worker, indicating that the CacheRoot needs to be set.
a91a59d0b0ceed7cd5621fe8757eda5ff6a043a8pquerna [Paul J. Reder]
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna *) Fix a bug where we keep files open until the end of a
3ec1e3a35106ec4c8bcf8fae6a20cb623aed0b62pquerna keepalive connection, which can result in:
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna (24)Too many open files: file permissions deny server access
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna especially on threaded servers. [Greg Ames, Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Fix a bug in which mod_proxy sent an invalid Content-Length
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna when a proxied URL was invoked as a server-side include within
97f7daaffd9b6c1031302d7e551d5279fa0d0d72pquerna a page generated in response to a form POST. [Brian Pane]
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin *) Added code to process min and max file size directives and to
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin init the expirychk flag in mod_disk_cache. Added a clarifying
99c8705f69fae71940ad9b091bd2f588a7b9f484minfrin comment to cache_util. [Paul J. Reder]
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin *) The value emitted by ServerSignature now mimics the Server HTTP
9376e7dc573bb2721491c79b92f9c06fdfacebe6minfrin header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin *) Gracefully handly retry situations in the SSL input filter,
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin by following the SSL libraries' retry semantics.
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin [William Rowe]
edaefb8bf78debc86ef7de441c7983d8b05517e1minfrin *) Terminate CGI scripts when the client connection drops. This
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq fix only applies to some normal paths in mod_cgi. mod_cgid
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq is still busted. PR 8388 [Jeff Trawick]
b5cbd7bc65a5c0eda246b0cd32e7d9ed124d66c4niq *) Fix a bug where 416 "Range not satisfiable" was being
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung returned for content that should have been redirected.
2ac474e42b9281e247e7082e30c50c5bef1f2cc3rjung [Greg Ames]
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd *) Fix memory leak in mod_ssl from internal SSL library allocations
6ad55f63504cf5fe5205ed9495664519afeadcd9chrisd within SSL_get_peer_certificate and X509_get_pubkey.
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd [Zvi Har'El <rl math.technion.ac.il>
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd *) mod_ssl uses free() inappropriately in several places, to free
809ec9d7cc8bc12d7dc6fafba24f3acad3e49d81chrisd memory which has been previously allocated inside OpenSSL.
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd Such memory should be freed with OPENSSL_free(), not with free().
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd [Nadav Har'El <nyh math.technion.ac.il>,
f436f5cf34615c3c7d49dd229560ba658033f9eachrisd Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd *) Emit a message to the error log when we return 404 because
ce6098001014d149e90e56ab0e89c1b4aab30136chrisd the URI contained '%2f'. (This was previously nastily silent
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd and difficult to debug.) [Ken Coar]
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd *) Fix streaming output from an nph- CGI script. CGI:IRC now
7245e9b991db85d9d9a587fe5f4051f642ebdc3cchrisd works. PR 8482 [Jeff Trawick]
38b062650152074931a68e933461762c5e233cfcniq *) More accurate logging of bytes sent in mod_logio when
38b062650152074931a68e933461762c5e233cfcniq the client terminates the connection before the response
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim is completely sent [Bojan Smojver <bojan rexursive.com>]
63de18ba5e922ffaab500317d7d1d0ad6b27b7e2covener *) Fix some problems in the perchild MPM.
91ef999a69527d2a64983681c92aaef9270697b4rpluem [Jonas Eriksson <jonas webkonsulterna.com>]
91ef999a69527d2a64983681c92aaef9270697b4rpluem *) Change the CacheRoot processing to check for a required
e82c197ca8872669af89367746826fe6b9955bb3niq value at config time. This saves a lot of wasted processing
e82c197ca8872669af89367746826fe6b9955bb3niq if the mod_disk_cache module is loaded but no CacheRoot
e82c197ca8872669af89367746826fe6b9955bb3niq was provided. This fix also adds code to log an error
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq and avoid useless pallocs and procesing when the computed
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq cache file name cannot be opened. This also updates the
baef4b5261d84ad9bacb2f4e745b33f35534c25aniq docs accordingly. [Paul J. Reder]
742ec45ed2ac00ab03080e898332352220cc1f13niq *) Introduce the EnableSendfile directive, allowing users of NFS
9a06b6b4e83c29429c3a23d34acc41920af2024drjung shares to disable sendfile mechanics when they either fail
a5e068c4aa3d0084a41e178c7c0c1b1ae2f28125jim outright or provide intermitantly corrupted data. PR
742ec45ed2ac00ab03080e898332352220cc1f13niq [William Rowe]
f82568a780e35e8786958c49a1259434e2088b9cniq *) Resolve the error "An operation was attempted on something
f82568a780e35e8786958c49a1259434e2088b9cniq that is not a socket. : winnt_accept: AcceptEx failed.
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin Attempting to recover." for users of various firewall and
56b7c92bac48127bda06d80bf94952258f7e0bd3minfrin anti-virus software on Windows. PR 8325 [William Rowe]
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin *) Add the ProxyBadHeader directive, which gives the admin some
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin control on how mod_proxy should handle bogus HTTP headers from
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
41abbbf0cbaef202fe1ba2dd671ea48990d6e012minfrin desired. [Jim Jagielski]
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin *) Change the LDAP modules to export their symbols correctly
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin during a Windows build. Add dsp files for Windows. Update
6aa239b3d12f531ad9e305b1a81ad5fd671a3493minfrin README.ldap file for Windows build instructions.
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin *) Performance improvements for the code that generates HTTP
d05e6175473332a8433e4ac85edda0d5a33c94b5minfrin response headers [Brian Pane]
13d29a334cfa69f2995b70a48aeacacc1ac7125frpluem *) Add -S as a synonym for -t -DDUMP_VHOSTS.
6951fc02abfd7642e45333902c14855836717fadrpluem [Thom May <thom planetarytramp.net>]
db455cbc662c98dbbf53175393c50086ff63370cchrisd *) Fix a bug with dbm rewrite maps which caused the wrong value to
db455cbc662c98dbbf53175393c50086ff63370cchrisd be used when the key was not found in the dbm. PR 13204
db455cbc662c98dbbf53175393c50086ff63370cchrisd [Jeff Trawick]
2e242dca7111f99d54dd144b7b8418d88d560032chrisd *) Fix a problem with streaming script output and mod_cgid.
7cb45b833e465d46f6b61de983cc68112587d04bchrisd [Jeff Trawick]
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisd [John K. Sterling <john sterls.com>, Justin Erenkrantz]
b6b1df87b7ce62620d48526a7ab630897cdaad90chrisdChanges with Apache 2.0.43
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin ap_server_signature() against this cross-site scripting
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin vulnerability exposed by the directive 'UseCanonicalName Off'.
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin Also HTML-escape the SERVER_NAME environment variable for CGI
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin and SSI requests. It's safe to escape as only the '<', '>',
4cf58054a85830c67dc23890ee613f62e1f7bdc8minfrin and '&' characters are affected, which won't appear in a valid
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin hostname. Reported by Matthew Murphy <mattmurphy kc.rr.com>.
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin [Brian Pane]
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin *) Fix a core dump in mod_cache when it attemtped to store uncopyable
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem buckets. This happened, for instance, when a file to be cached
caaa32f2d2e3b28063c745c2632d3979da7f8326minfrin contained SSI tags to execute a CGI script (passed as a pipe
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin bucket). [Paul J. Reder]
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin *) Ensure that output already available is flushed to the network
66a8e1cc29cc4612cd938bc8fcabc0ef569e5769rpluem when the content-length filter realizes that no new output will
e02cb8f5090d904c054633ff33dfd1111e16e404minfrin be available for a while. This helps some streaming CGIs as
213e520edc00641400771fc8f90b37a967a2d9ebdirkx well as some other dynamically-generated content. [Jeff Trawick]
213e520edc00641400771fc8f90b37a967a2d9ebdirkx *) Fix a mutex problem in mod_ssl session cache support which
213e520edc00641400771fc8f90b37a967a2d9ebdirkx could lead to an infinite loop. PR 12705
a449830d5caa5b9900fe64cc383658b3641f9810dirkx *) SECURITY [CVE-2002-1156] (cve.mitre.org):
a449830d5caa5b9900fe64cc383658b3641f9810dirkx Fix the exposure of CGI source when a POST request is sent to
a449830d5caa5b9900fe64cc383658b3641f9810dirkx a location where both DAV and CGI are enabled. [Ryan Bloom]
a449830d5caa5b9900fe64cc383658b3641f9810dirkx *) Allow the UserDir directive to accept a list of directories.
a449830d5caa5b9900fe64cc383658b3641f9810dirkx This matches what Apache 1.3 does. Also add documentation for
a449830d5caa5b9900fe64cc383658b3641f9810dirkx this feature. [Jay Ball <jay veggiespam.com>]
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin *) New Module: mod_logio. adds the ability to log bytes sent and
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin received. [Bojan Smojver <bojan rexursive.com>]
82632a19f2f9c346fee2b28a65920ba9737b3973minfrin *) SuExec needs to use the same default directory as the rest of
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd server, namely /usr/local/apache2.
0481ff0599c9e3c0c7ad5c1930939dcdac908582chrisd [SangBeom han <sbhan os.korea.ac.kr>]
835d676191444a46d695171e8760d55a66c60fecminfrin *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
835d676191444a46d695171e8760d55a66c60fecminfrin [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
835d676191444a46d695171e8760d55a66c60fecminfrin *) Make sure the contents of the WWW-Authenticate header is
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin passed on a 4xx error by proxy. Previously all headers
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin were dropped, resulting in the browser being unable to
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
723f9f463f1922eaef3d24d00cb289e10daa73ffminfrin Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin <gwiseman fscinternet.com>, David Henderson
c2213b3a46a2666e2e7606ceec509cc4978f187fminfrin *) Make mod_cache's CacheMaxStreamingBuffer directive work
d4562e99f620170ce0bedddc16887b900b34913bminfrin properly for virtual hosts that override server-wide mod_cache
d4562e99f620170ce0bedddc16887b900b34913bminfrin setttings. [Matthieu Estrade <estrade-m ifrance.com>]
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin *) Add -p option to apxs to allow programs to be compiled with apxs.
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrin [Justin Erenkrantz]
fd279fe992f7171dc3f6d4d40d6db5bb74f2d96eminfrinChanges with Apache 2.0.42
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin *) mod_dav: Check for versioning hooks before using them.
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrin [Greg Stein]
fed63d1b62cc7e56aad77b70ee5b5cc7f5c6aademinfrinChanges with Apache 2.0.41
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *) The protocol version (eg: HTTP/1.1) in the request line parsing
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin is now case insensitive. [Jim Jagielski]
abe0d0e38b9705f21a13ac8748bce1e3ed35e488minfrin *) Allow AddOutputFilterByType to add multiple filters per directive.
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin [Justin Erenkrantz]
fb8ee8b7a3a2503b95bf47685f9083e0b9834e6fminfrin *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd *) Fixed mod_disk_cache's generation of 304s
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd *) Add support for using fnmatch patterns in the final path
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd segment of an Include statement (eg.. include /foo/bar/*.conf).
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd and remove the noise on stderr during config dir processing.
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd [Joe Orton <jorton redhat.com>]
78a20a6e7ad3a0229900ee54c7d11a65f647b663niq *) mod_cache: cache_storage.c. Add the hostname and any request
9582ad6e149d28b118d4e8571101ecb6f85e0191niq args to the key generated for caching. This provides a unique
9582ad6e149d28b118d4e8571101ecb6f85e0191niq key for each virtual host and for each request with unique
9582ad6e149d28b118d4e8571101ecb6f85e0191niq args. [Paul J. Reder, args code provided by Kris Verbeeck]
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd *) mod_cache: Do not cache responses to GET requests with query
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd URLs if the origin server does not explicitly provide an
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd Expires header on the response (RFC 2616 Section 13.9)
d56bacbfefa5aa883ce5162a115747372fc38d13chrisd [Kris Verbeeck <krisv be.ubizen.com>]
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
d64dd2fd4516c2b1b664c5e59c0628d9aff26984covener *) Update OpenSSL detection to work on Darwin.
ed0d39878e79220baaa50c15b79b1fdf877cb919niq [Sander Temme <sctemme covalent.net>]
1e911973bcb9df6701a4c16c037771ecf25ade13niq *) Update the xslt and css to give the documentation a more
1e911973bcb9df6701a4c16c037771ecf25ade13niq modern style.
1e911973bcb9df6701a4c16c037771ecf25ade13niq [Andr� Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
1e911973bcb9df6701a4c16c037771ecf25ade13niq *) Fix some bucket memory leaks in the chunking code
a45125b6474e878ba177025a0584b71cee9c8f32trawick [Joe Schaefer <joe+apache sunstarsys.com>]
e47d58d5d983426584c8d16416c50f5c58070746dirkx *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
33aad3911b15cb5d523075f7df829274fe298a13dirkx *) mod_cache: added support for caching streamed responses (proxy,
33aad3911b15cb5d523075f7df829274fe298a13dirkx CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx [Ian Holsman, Peter Bieringer <pb bieringer.de>]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx *) Fix FileETags none operation. PR 12207.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
433dcb1fbaae82d36634f5120bff71a04296904ddirkx *) Restored the experimental leader/followers MPM to working
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj condition and converted its thread synchronization from
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj mutexes to atomic CAS. [Brian Pane]
d7fcc79b0bee660d71b0cccfe9bbc2765ee6420erederpj *) Fix Logic on non-html file removal in mod_deflate
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe *) Fix "ab -g"'s truncated year: the last digit was cut off.
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe [Leon Brocard <acme astray.com>]
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe *) mod_rewrite can now sets cookies in err_headers, uses the correct
65cb7f00eca6689c8a89dc809359991ade1285bcwrowe expiry date, and can now set the path as well
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton PR 12132,12181,12172.
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
c6d33447e28403a90ad817dba4df75fae785be28pquerna *) The content-length filter no longer tries to buffer up
c6d33447e28403a90ad817dba4df75fae785be28pquerna the entire output of a long-running request before sending
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin anything to the client. [Brian Pane]
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin *) Win32: Lower the default stack size from 1MB to 256K. This will
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin allow around 8000 threads to be started per child process.
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin 'EDITBIN /STACK:size apache.exe' can be used to change this
439ccf2a084e1da566548931c585cbcc3a9e7f4cminfrin value directly in the apache.exe executable.
4ede070ca63bd4c48045e35a7192582769770290jorton [Bill Stoddard]
795c9499a77c25695bcb9710ed67bbe51492e181rpluem *) Win32: Implement ThreadLimit directive in the Windows MPM.
795c9499a77c25695bcb9710ed67bbe51492e181rpluem [Bill Stoddard]
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe *) Remove CacheOn config directive since it is set but never checked.
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe No sense wasting cycles on unused code. Besides, the only truly
7a079e0cd696baca90ac43e325f64582e2945c68wrowe bug free code is deleted code. :) [Paul J. Reder]
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq *) BufferLogs are now run-time enabled, and the log_config now has 2 new
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq callbacks to allow a 3rd party module to actually do the writing of the
62c53a0dab4c85bfc6a5ab9abfb1b269d9f7458dniq log file [Ian Holsman]
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
ecc1538af1c08282fc2773d2eb3f1a54251862f9minfrin [Andr� Malo, Astrid Ke�ler <kess kess-net.de>]
9a06b6b4e83c29429c3a23d34acc41920af2024drjung *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj *) Fix a null pointer dereference in the merge_env_dir_configs
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj function of the mod_env module. PR 11791
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj [Paul J. Reder]
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna *) New option to ServerTokens 'maj[or]'. Only show the major version
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme Also Surfaced this directive in the standard config (default FULL)
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Ian Holsman]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton RewriteMap directive. PR 10644 [Jeff Trawick]
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd pairs will no longer get out of sync with each other. PR 9534
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd [Cliff Woolley]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd *) Fixes required to get quoted and escaped command args working in
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd mod_ext_filter. PR 11793 [Paul J. Reder]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd *) mod-proxy: handle proxied responses with no status lines
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton *) Fix bug where environment or command line arguments containing
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim non-ASCII-7 characters would cause the Win32 child process creation
f3a5934ca0fb0f0f813bd9d9d06af8937e3f401fjim to fail. PR 11854 [William Rowe]
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim *) Bug #11213.. make module loading error messages more informative
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim [Ian Darwin <Ian779 darwinsys.com>]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin *) mod_disk_cache works much better. This module should still
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin be considered experimental. [Eric Prud'hommeaux]
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin *) Performance improvement for keepalive requests: when setting
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin aside a small file for potential concatenation with the next
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin response on the connection, set aside the file descriptor rather
50c06405bc48121db2913925549407fd3e79bcedmturk than copying the file into the heap. [Brian Pane]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Modified version check on openssl so that it finds the executable
dec02391360e503cd3437d16bed765dc653b9de5minfrin first and then performs a check of the version, only warning the
dec02391360e503cd3437d16bed765dc653b9de5minfrin user if they chose, or we selected, an old version of OpenSSL.
dec02391360e503cd3437d16bed765dc653b9de5minfrin This change also allows the code to work for non-openssl libraries
dec02391360e503cd3437d16bed765dc653b9de5minfrin selected via the --with-ssl=dir option, which can override the
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq automated library check in any case. [Roy Fielding]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjimChanges with Apache 2.0.40
686ce4eade942e515b1725d0c9751da36b759a6ctrawick *) SECURITY [CAN-2002-0661] (cve.mitre.org):
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick Close a very significant security hole that
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd applies only to the Win32, OS2 and Netware platforms. Unix was not
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd affected, Cygwin may be affected. Certain URIs will bypass security
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd and allow users to invoke or access any file depending on the system
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd configuration. Without upgrading, a single .conf change will close
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd the vulnerability. Add the following directive in the global server
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd httpd.conf context before any other Alias or Redirect directives;
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd RedirectMatch 400 "\\\.\."
8fd638698262130d00458b2c95548f6f94875847rpluem Reported by Auriemma Luigi <bugtest sitoverde.com>.
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem [Brad Nicholes]
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem *) SECURITY [CAN-2002-0654] (cve.mitre.org):
79d4b708d021714647aab8b138ae671ed24765cewrowe Close a path-revealing exposure in multiview type
79d4b708d021714647aab8b138ae671ed24765cewrowe map negotiation (such as the default error documents) where the
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim module would report the full path of the typemapped .var file when
79d4b708d021714647aab8b138ae671ed24765cewrowe multiple documents or no documents could be served based on the mime
79d4b708d021714647aab8b138ae671ed24765cewrowe negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem [William Rowe]
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem *) SECURITY [CAN-2002-0654] (cve.mitre.org):
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem Close a path-revealing exposure in cgi/cgid when we
48fa058fe468025347930610ac2473094fa0f4e4chrisd fail to invoke a script. The modules would report "couldn't create
48fa058fe468025347930610ac2473094fa0f4e4chrisd child process /path-to-script/script.pl" revealing the full path
48fa058fe468025347930610ac2473094fa0f4e4chrisd of the script. Reported by Jim Race <jrace qualys.com>.
3ec4328f079d8867cc323155e59678ad9437914frooneg [Bill Stoddard]
3ec4328f079d8867cc323155e59678ad9437914frooneg *) Set aside the apr-iconv and apr_xlate() features for the Win32
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd build of 2.0.40 so development can be completed. A patch, from
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd will be available for those that wish to work with apr-iconv.
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd [William Rowe]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd *) Fix proxy so that it is possible to access ftp: URLs via a proxy
db78659055df54243bca678c35bd2ce7e31a9237rooneg *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
edf6757df85878dc8ce11fb3840ee4cde6de5b2frooneg set to 1, so we can exclude things from the general case with
db78659055df54243bca678c35bd2ce7e31a9237rooneg browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
95817edd05387a5276f51fcd5db79fc21b89b55brooneg *) Accept multiple leading /'s for requests within the DocumentRoot.
95817edd05387a5276f51fcd5db79fc21b89b55brooneg PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
63689d77e084e36b8194fb6df5adfc0344965e01trawick *) Solved the reports of .pdf byterange failures on Win32 alone.
63689d77e084e36b8194fb6df5adfc0344965e01trawick APR's sendfile for the win32 platform collapses header and trailer
63689d77e084e36b8194fb6df5adfc0344965e01trawick buffers into a single buffer. However, we destroyed the pointers
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes to the header buffer if a trailer buffer was present. PR 10781
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes [William Rowe]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) mod_ext_filter: Add the ability to enable or disable a filter via
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem an environment variable. Add the ability to register a filter of
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes *) Restore the ability to specify host names on Listen directives.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) When deciding on the default address family for listening sockets,
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim make sure we can actually bind to an AF_INET6 socket before
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim deciding that we should default to AF_INET6. This fixes a startup
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim *) Replace usage of atol() to parse strings when we might want a
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim larger-than-long value with apr_atoll(), which returns long long.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes This allows HTTPD to deal with larger files correctly.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes [Shantonu Sen <ssen apple.com>]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) mod_ext_filter: Ignore any content-type parameters when checking if
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes the response should be filtered. Previously, "intype=text/html"
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes wouldn't match something like "text/html;charset=8859_1".
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Jeff Trawick]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) mod_ext_filter: Set up environment variables for external programs.
f7acc4b00a8bf92fea10fce6ac09aa57eafec0ecjim [Craig Sebenik <craig netapp.com>]
a1a615ca49b162d71d88089210395c9a9cfeb539rpluem *) Modified the HTTP_IN filter to immediately append the EOS (end of
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem stream) bucket for C-L POST bodies, saving a roundtrip and allowing
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem the caller to determine that no content remains without prefetching
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem additional POST body. [William Rowe]
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp *) Changes to the internationalized error documents:
a623efbff95aab78da9e030524b0fa69b054f6d0brianp Comment them out in the default config file to make the default
a623efbff95aab78da9e030524b0fa69b054f6d0brianp install as simple as possible; Correct the english 500 error to
a623efbff95aab78da9e030524b0fa69b054f6d0brianp be more understandable; Add a Swedish translation.
a623efbff95aab78da9e030524b0fa69b054f6d0brianp [Thomas Sjogren <thomas northernsecurity.net>,
a623efbff95aab78da9e030524b0fa69b054f6d0brianp Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm *) Increase the limit on file descriptors per process in apachectl.
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm [Brian Pane]
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp *) Fix a dependency error when building ApacheMonitor, so that Win32
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp and MSVC now trust that the project is current (when it is).
ad862ab5716726a2d72a292ba1dfb29566c86153brianp [James Cox <imajes php.net>]
ad862ab5716726a2d72a292ba1dfb29566c86153brianp *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz *) APR-Util Renames pending have been completed [Thom May]
b38565306421ff53e9f7499bc728d6df5cec294dpquerna *) Performance improvements for the code that reads request
b38565306421ff53e9f7499bc728d6df5cec294dpquerna headers (ap_rgetline_core() and related functions) [Brian Pane]
b38565306421ff53e9f7499bc728d6df5cec294dpquerna *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
89cc93f847a5510482d72d21fc38e9edb8e04057rjung to configure the maximum amount of memory the allocators will
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim hold on to for reuse. Anything over the MaxMemFree threshold
cfa64348224b66dd1c9979b809406c4d15b1c137fielding will be free()d. This directive is useful when uncommon large
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim peaks occur in memory usage. It should _not_ be used to mask
cfa64348224b66dd1c9979b809406c4d15b1c137fielding defective modules' memory use. [Sander Striker]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim scripts would not result in a truncated response.
cfa64348224b66dd1c9979b809406c4d15b1c137fielding [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding *) Add a filter_init parameter to the filter registration functions
[Perry Harrington <pedward webcom.com>]
*) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
modules to bring them up to the current apr/apr-util APIs.
[Brian Degenhardt <bmd mp3.com>, Ian Holsman]
*) Fix a silly htpasswd.c logic error that incorrectly reported that
*) Fixed a build problem in htpasswd.c on Win32.
[Guenter Knauf <eflash gmx.net>, Cliff Woolley]
*) We must set the MIME-type for .shtml files to text/html if we want them
[Dave Dyer <ddyer real-me.net>]
to replace. [Andreas Hasenack <andreas netbank.com.br>]
*) Fix install-bindist.sh so that it finds any perl instead of just
file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
on the same drive as /winnt/system32. [William Rowe]
querying certain other variables from config_vars.mk. PR 9316
variables. [Stas Bekman <stas stason.org>]
besides server-root/build. PR 8453
*) Allow instdso.sh to work with full paths to the shared module.
*) Fixed Win32 wintty.exe support to assure the window title is valid.
*) SECURITY [CVE-2002-0392] (cve.mitre.org) [CERT VU#944335]:
[James Tait <JTait wyrddreams.demon.co.uk>]
*) Fix problem where mod_cache/mod_disk_cache was incorrectly
PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
[Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
"<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
[Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
[Kazuhisa ASADA <kaz asada.sytes.net>]
"make certificate" feature of mod_ssl for Apache 1.3.x. Test
may now be specified to the <File/Directory > container, rather
rather than MS APIs (using our own mod_isapi.h headers for ISAPI
[Andreas Sundstr�m <sunkan zappa.cx>]
[Asada Kazuhisa <kaz asada.sytes.net>]
that Alias/ScriptAlias will override Userdir. PR 8841
[Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
*) Remove autom4te.cache in 'make distclean'.
[Thom May <thom planetarytramp.net>]
*) Fix generated httpd.conf to respect layout for LoadModule lines.
PR 8170. [Thom May <thom planetarytramp.net>]
*) Reverted a minor optimization in mod_ssl.c that used the vhost ID
program in SSLLog "| /path/to/program". [Cliff Woolley]
*-std.conf files. [Aaron Bannert]
[Colm <colmmacc redbrick.dcu.ie>]
*) Fix Win32 'short name' aliases in httpd.conf directives.
*) Fix generation of default httpd.conf when the layout paths are
experimental directory. [Scott Lamb <slamb slamb.org>]
ap_uname2id. [Scott Lamb <slamb slamb.org>]
underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
*) Change instdso.sh to use libtool --install everywhere and then
and the old instdso.sh logic to simply cp the DSO didn't handle
directory. [Thom May <thom planetarytramp.net>]
located in server/mpm/experimental. [Justin Erenkrantz]
[Andreas Hasenack <andreas netbank.com.br>]
rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
*) Deprecated the apr_lock.h API. Please see the following files
[Ryan Morgan <rmorgan covalent.net>]
*) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
*) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
[Sung Kim <hunkim cse.ucsc.edu>]
*) Allow all Perchild directives to accept either numerical UID/GID
by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
so that we can stop using malloc/free so frequently.
[Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
*) Added exp_foo and rel_foo variables to config_vars.mk for
*) Fix some restart/terminate problems in the worker MPM. Don't
*) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
RFC 3253. Improved the method name/number mapping functions.
*) remove sock_enable_linger from connection.c [Ian Holsman]
has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
*) Fix apxs -g handling. Move config_vars.mk from the top build
*) Add a missing manualdir entry in the Debian config.layout.
[Thom May <thom planetarytramp.net>]
*) Modify receive/send loop in proxy_http and proxy_ftp so that
[Aaron Bannert, James LewisMoss <dres lewismoss.net>]
*) Add a missing errordir entry in the Debian config.layout. PR: 10067
[Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
Thom May <thom planetarytramp.net>]
HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
--bindir, etc. [Thom May <thom planetarytramp.net>]
[Thom May <thom planetarytramp.net>]
*) Change mod_ssl to always do a full startup/teardown on restarts.
*) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
to one of the following new lock APIs: apr_thread_mutex.h,
use the apr_lock.h API, as the old API will soon be deprecated.
[Ryan Morgan <rmorgan covalent.net>]
non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
[Jos Backus <josb cncdsl.com>, Aaron Bannert]
[Adam Sussman <myddryn vishnu.vidya.com>]
[David MacKenzie <djm pix.net>]
[David MacKenzie <djm pix.net>]
created. [Adam Sussman <myddryn vishnu.vidya.com>]
Content-Lengths. [Sander Striker <striker apache.org>]
behavior without changes to the httpd.conf. [William Rowe]
and apr_file_dup2 functions. Win2K/XP services have no handles
associated for stdin/out/err, which caused unpredictable behavior
[Brian Reid <breid customlogic.com>,
Zvi Har'El <rl math.technion.ac.il>]
*) binbuild.sh: Make sure that we use the expat from our source
"LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
of a file retrieval. Example: ftp://user@host/httpd/server/*.c
[Joe Orton <joe manyfish.co.uk>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
filter stack when handling a GET request. The mod_dav/provider
duplicating the appropriate .h files such as os.h into the include
Use SSL functions/macros instead of directly dereferencing SSL
Add $SSL/include to configure search path.
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
[albert chin <china thewrittenword.com>]
modules (e.g., the identifer for mod_log_config was previously
[James Watson <ap2bug sowega.org>]
*) Change core code to allow an MPM to set hard thread/server
working with more than one vhost/uid. [Aaron Bannert]
mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
*) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
[Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
Gomez Henri <hgomez slib.fr>]
configured [John Sterling <sterling covalent.net>]
*) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
[Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
done being generated. [Brian Pane <bpane pacbell.net>]
[John Sterling <sterling covalent.net>]
*) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
do. [Brian Pane <bpane pacbell.net>]
[Brian Pane <bpane pacbell.net>]
*) Fix infinite loop in mod_cgid.c.
SSL/plain, and depending also on the current setting of
AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
*) Introduce htdbm, a user management utility for db/dbm authorization
databases. [Mladen Turk <mturk mappingsoft.com>]
[Brian Pane <bpane pacbell.net>]
the port string. [Zvi Har'El <rl math.technion.ac.il>]
*) Add the support/checkgid helper app, which checks the run-time
*) Fix some bungling of the remote port in rfc1413.c so that
[Brian Pane <bpane pacbell.net>]
input and/or output filters to the request to the origin. While
the default httpd.conf for any module that was compiled
as a DSO. [Aaron Bannert <aaron clove.org>]
[Aaron Bannert <aaron clove.org>]
WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
[Aaron Bannert <aaron clove.org>]
and add commonly used audio/x-mpegurl for m3u extensions.
[Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
relocated. [Aaron Bannert <aaron clove.org>]
*) Update the mime.types file to the registered media types as
[Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Ian Holsman <ianh cnet.com>]
*) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Aaron Bannert <aaron clove.org>]
segments for. [Aaron Bannert <aaron clove.org>]
*) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
roll build_command_line/build_argv_list into a unified, overrideable
*) Back out the 1.45 change to util_script.c. This change made
[Taketo Kabe <kabe sra-tohoku.co.jp>]
compute variables. [Brian Pane <bpane pacbell.net>]
the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
than per character. [Brian Pane <bpane pacbell.net>]
(which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
This is not to be confused with support for the WinNT/Win32
cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
but refused to check the mime.types file if AddType wasn't given
without setting the AddType text/html html would cause Apache to
[Aaron Bannert <aaron clove.org>]
an explicit request. E.g., if the .Z extension is associated with
an unzip filter, the user request somefile.Z.html, mod_negotiation
.html extension is associated with ContentType text/html.
shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
get/set/delete sessions using mod_ssl's callbacks
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
Geoff Thorpe <geoff geoffthorpe.net>]
pools more cleanly. [Aaron Bannert <aaron clove.org>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[John Sterling <sterling covalent.net>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
associated filename (e.g., we're filtering the error document for
*) Added the common error/ tree to the build/install targets
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Mladen Turk <mturk mappingsoft.com>, William Rowe]
*) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
[Cody Sherr <csherr covalent.net>]
*) We have always used the obsolete/deprecated Netscape syntax
in a dependency list (e.g., OS/390 make, certain levels of GNU
*) Install the SSL headers. [John Sterling <sterling covalent.net>]
[Cody Sherr <csherr covalent.net>]
[Mladen Turk <mturk mappingsoft.com>]
[Richard Labennett <rlabenn us.ibm.com>]
(e.g. for mod_dir) but none can be served. mod_negotation now
*) Add a handler to mod_includes.c. This handler is designed to
and have those methods <limit>able in the httpd.conf. It uses
the same bit mask/shifted offset as the original HTTP methods
an int provides. [Cody Sherr <csherr covalent.net>]
Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
*) Add a single listener/multiple worker MPM. This MPM is
*) Apache/Win32 now fills in the service description with Apache's
create the proper cgi-bin examples, including a test-cgi.bat, and
fix the perl shebang line for printenv.pl, when installing from
*) Fix a segfault in threaded.c caused by passing uninitialized
*) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
[G�nter Knauf <eflash gmx.net>]
#ifdefs. This has bitten us many times in generating the exports.c
[Sander Striker <striker apache.org>]
[Cody Sherr <csherr covalent.net>]
*) Performance improvement to mod_mime.c. find_ct() in mod_mime,
httpd.conf, the tables for languages and charsets are somewhat
a nice speedup. [Brian Pane <bpane pacbell.net>]
[Harrie Hazewinkel <harrie covalent.net>]
with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
[Ian Holsman <ianh cnet.com>]
*) Fix seg faults and/or missing output from mod_include. The
*) Automatically generate httpd.exp for AIX.
[Ryan Morgan <rmorgan covalent.net>]
add/append/set headers based on this envar thusly:
*) Optimise reset_filter() in http_protocol.c. [Greg Stein]
*) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
This prevented the inclusion of apr_compat.h. PR #7773
[Oleg Broytmann <phd phd.pp.ru>]
been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
[Barrie Slaymaker <barries slaysys.com>]
and moving hints.m4 inline. [Roy Fielding]
[Ian Holsman <IanH cnet.com>]
[Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
*) Get mod_tls to compile/work better on Windows. PR #7612
*) Fix shutdown/restart hangs in the threaded MPM.
[John K. Sterling <sterling covalent.net>]
[Graham Leggett <minfrin sharp.fm>]
required into the core. [Harrie Hazewinkel <harrie covalent.net>]
[jun-ichiro hagino <itojun iijlab.net>]
[Ryan Morgan <rmorgan covalent.net>]
[Justin Erenkrantz <jerenkrantz ebuilt.com>]
Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
[<giles nemeton.com.au>]
--with-module=module_type:/path/to/module.c
The configure script will copy the module.c file to
modules/module_type, and it will be added to the relevant Makefiles.
*) Change the default installation directory to /usr/local/apache2,
as now defined by the "Apache" layout in config.layout. [Marc Slemko]
*) Make generic hooks to work, with mod_generic_hook_import/export
us use a consistent location for the config.layout file, and it
[jun-ichiro hagino <itojun iijlab.net>]
csv/gnuplot format, rudimentary ssl support and various other tweaks
apache. Often by a order of magnitude :-) See talk/paper of Sander
[Taketo Kabe <kabe sra-tohoku.co.jp>]
libtool muck that is now under srclib/apr/build. [Roy Fielding]
*) Fix bug in the Unix threaded.c MPM that allowed child processes
PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
[Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
*) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
[Graham Leggett <minfrin sharp.fm>]
[Jon Travis <jtravis covalent.net>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[Ryan Morgan <rmorgan covalent.net>]
[Dan Rench <drench xnet.com>]
one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
[Mike Abbot <mja trudge.engr.sgi.com>]
[Jon Travis <jtravis covalent.net>]
*) Fix a seg fault in mod_userdir.c. We used to use the pw structure
[Taketo Kabe <kabe sra-tohoku.co.jp> and
Cliff Woolley <cliffwoolley yahoo.com>]
[Jon Travis <jtravis covalent.net>]
versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
[Taketo Kabe <kabe sra-tohoku.co.jp>]
current hooks better. [Ryan Morgan <rmorgan covalent.net>]
added feature of allowing a uid/gid per child process. If no
uid/gid is specified, then Perchild behaves exactly like dexter.
[Gomez Henri <new-httpd slib.fr>]
*) Add a very early prototype of SSL support (in mod_tls.c). It is
vital that you read modules/tls/README before attempting to build
to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
*) Correct a typo in httpd.conf.
[Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
PR#7170 [Danek Duvall <dduvall eng.sun.com>]
*) Adopt apr user/group name features for mod_rewrite. Eliminates some
'extra' stat's for user/group since they should never occur, and now
Win32/OS2 exceptions without hiccuping. [William Rowe]
*) Modify the apr_stat/lstat/getfileinfo calls within apache to use
*) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
mpm_common.c. These functions are only valid on some platforms,
*) Update highperformance.conf to work with either prefork or
i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
hints.m4) of various compilation flags (eg: CFLAGS). Also,
*) Allow the buildconf process to find the config.m4 files in the correct
the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
[Cliff Woolley <cliffwoolley yahoo.com>]
server root from the Apache.exe path.
loadable modules, dynamic libs are all named libfoo.dll, and the
makefile.win populates the include, lib and libexec directories.
numeric address strings (e.g., "Listen [fe80::1]:8080").
*) Get the functions in server/linked into the server, regardless of
be loadable into the server. Our new build/install mechanism expects
to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
and installs the conf, htdocs and htdocs/manual directories.
[Paul J. Reder <rederpj raleigh.ibm.com>]
time, and that list is then used to generate the exports.c file.
[Sander van Zoest <sander covalent.net>]
*) Added lib/aputil/ as a placeholder for utility functions which are not
[Paul Reder <rederpj raleigh.ibm.com>]
rotatelogs.c code, and no longer churn log processes for this
[B. W. Fitzpatrick <fitz red-bean.com>]
hostname resolution/address string parsing and building
[Markus Gyger <mgyger itr.ch>]
*) Mod_info.c has now been ported to Apache 2.0. As a part of this
[Ryan Morgan <rmorgan covalent.net>]
[Branko �ibej <brane xbc.nu>]
[Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
*) APR read/write functions and bucket read functions now operate
code in mod_log_config.c
*) In the Apache/Win32 console window, accept Ctrl+C to stop the
since we don't compute digests of filtered (e.g., translated)
*) Update the mime.types file to the registered media types as
*) Namespace protect some macros declared in ap_config.h
[Tomas "�gren" <stric ing.umu.se>]
[Cliff Woolley <cliffwoolley yahoo.com>]
*) Add support for /, //, //servername and //server/sharename
*) Fix another bug in the send_the_file() read/write loop. A partial
*) Reimplement core_output_filter to buffer/save bucket brigades
[Mike Abbott <mja sgi.com>]
*) send_the_file now falls back to a read/write loop on platforms that
*) APR now has UUID generation/formatting/parsing support.
-add rules for cross-compiling in rules.mk. Okay, rule to check for
-add missing "AR=@AR@" to severaly Makefile.in's
["R�diger" Kuhlmann <Tadu gmx.de>]
["R�diger" Kuhlmann <Tadu gmx.de>]
*) Fix building on BSD/OS using its native make. The build system
hook in http_core.c. This removes the need to add the filter in
*) SECURITY [CVE-2000-0913] (cve.mitre.org):
update allows the user to clear or preserve pw/groups/comment.
<IfModule mod_kilroy.c>
<IfModule mod_lovejoy.c>
*) Fix some compile warnings in mod_mmap_static.c
[Mike Abbott <mja sgi.com>]
*) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
[Mike Abbott <mja sgi.com>]
*) Fix compile break on some platforms for mod_mime_magic.c
[John K. Sterling <sterling covalent.net>]
PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
platforms to hints.m4, which contains (or should contain)
*) Add tables with non-string/binary values to APR.
[Rob Simonson <simo us.ibm.com>]
configuration file started with an IfModule/IfDefine container,
[Gregory Nicholls <gnicholls level8.com>]
[Gregory Nicholls <gnicholls level8.com>]
code was being returned. [Gregory Nicholls <gnicholls level8.com>]
not terminated with cr/lf sequences in Win32. [William Rowe]
*) Move all strings functions in APR to src/lib/apr/strings and create
apr_strings.h for the prototypes. [Ryan Bloom]
*) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
*) Update the lib/expat-lite/ library (bring forward changes from
[Dave Hill <ddhill zk3.dec.com>]
timeouts (i.e, if a timeout was specified, the pipe reverted to
3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
[Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
*) SECURITY [CAN-2000-1204] (cve.mitre.org):
and a user makes a request like http://www.example.com//cgi-bin/cgi
as reported in <news:960999105.344321 ernani.logica.co.uk>
*) Yet another update to saferead/halfduplex stuff -- need to ensure
to the configured User/Group (like other httpd processes)
if the len was negative. Use <sys/un.h> for struct sockaddr_un
doesn't seem to have a problem but /bin/sh on Solaris does.
ContentDigest enabled and we can't/don't mmap the file.
related bugs, and changed shmem/locking to use apr API. Shared-mem
would be errors generating ap_config_auto.h later in the configure
*) Organize http_main.c as independent code, such that no code or
[William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
[Ask Bjoern Hansen <ask valueclick.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
in 1.3's ebcdic.c. [Jeff Trawick]
buffer if the implementation knows how to use it (i.e., if L_tmpnam
*) Configure creates config.nice now containing your configure
options. Syntax: ./config.nice [--more-options]
*) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
[Tim Costello <timcostello ozemail.com.au>]
[Chia-liang Kao <clkao CirX.ORG>]
*) The ab program in the src/support directory is now portable using
*) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
Apache.dsw created to bring together all the pieces. Create new file
os/win32/BaseAddr.ref to define module base addresses (to prevent
*) More FAQs and answers from comp.infosystems.www.servers.unix.
[Joshua Slive <slive finance.commerce.ubc.ca>]
in the field. [William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[Brian Martin <bmartin penguincomputing.com>]
fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
we can use ReadFileScatter and WriteFileGather in readwrite.c.
[Allan Edwards <ake raleigh.ibm.com>]
[Brian Martin <bmartin penguincomputing.com>]
fixes to mod_so.c.
[Joshua Slive <slive finance.commerce.ubc.ca>]
[Jon Travis <jtravis covalent.net>]
[Paul Reder <rederpj raleigh.ibm.com>]
[Allan Edwards <ake raleigh.ibm.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
Makefile.win includes the same user interface as the old
[William Rowe <wrowe lnd.com>] PR#3715
[Allen Prescott <allen clanprescott.com>]
[Jeff Trawick <trawick us.ibm.com>]
*) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
it does this on a line by line basis; i.e. if the envvar
ErrorDocument XXX /local/uri
ErrorDocument XXX http://valid/url
*) Changed 'CacheNegotiatedDocs' from its present/not-present
done with --with-module=/path/to/module. Modules can only be added
[Jeff Trawick <trawick us.ibm.com>]
*) Enable Apache to use sendfile/TransmitFile API
*) Make file I/O and network I/O writev/sendv APIs consistent.
bytes_read/bytes_written is always valid (never -1). Plus
some fixes to buff.c to correct problems introduced by the
*) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
[John Zedlewski <zedlwski Princeton.EDU>]
*) buff.c has been converted to no longer use errno.
[Dilip Khandekar <dilip cup.hp.com>]
automatically for developers from src/Configure.
*) Fixed building of src/support/htpasswd.c
*) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
*) Support line-continuation feature in config.option file and
*) Implement WINNT Win32 MPM from original Win32 code in http_main.c
(per default used the config.option file).
*) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
calling order to be specified on a per-hook/per-module basis.
*) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
*) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
of alloc.c for now. [Dean Gaudet]
based on IP/port. [Ben Laurie]
["Michael H. Voase" <mvoase midcoast.com.au>]
*) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
docs/initial_blurb.txt. [Dean Gaudet]
[James Morris <jmorris intercode.com.au>]
an absolute path to the ./libexec directory where the libhttp.ep file
routines are now called ap_base64* and are 'plain' (i.e., no
pool access or anything clever). Inside util.c the routines acting
*) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch]
src/support/httpd.exp. [Bill Stoddard, Randy Terbush]
*) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
[Tom Vaughan <tvaughan aventail.com>, Roy Fielding]
*) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
[Ian Turner <iant sequent.com>] PR#4735
*) Local struct mmap in http_core.c conflicted with system structure
*) Added updated mod_digest as modules/experimental/mod_auth_digest.
[Ronald Tschal�r <ronald innovation.ch>]
up across restarts. [David Harris <dharris drh.net>]
*) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
["Paul J. Reder" <rederpj raleigh.ibm.com>] PR#4770
*) RewriteLock/RewriteMap didn't work properly with virtual hosts.
[Dmitry Khrustalev <dima bog.msu.su>] PR#3874
*) PORT: Support for compaq/tandem/com.
Netscape servers. See support/SHA1 for more information.
Caused the separation of ap_md5.c into md5, sha1 and a general
ap_checkpass.c with just a validate_passwd routine. Added a
couple of flags to support/htpasswd. Some reuse of the to64()
[Dirk-Willem van Gulik, Clinton Wong <clintdw netcom.com>]
with ASCII/EBCDIC conversions in "ident" query.
[David McCreedy <McCreedy us.ibm.com>]
are combined, and duplicate tokens (e.g., "Vary: host, host" or
*) Portability changes for BeOS. [David Reid <abb37 dial.pipex.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
[Roy Fielding, Joe Orton <jeo101 york.ac.uk>] PR#4499, PR#3806
install the DSO; useful for editing httpd.conf with apxs. Fix
create duplicate LoadModule/AddModule entries; apxs can now be
used to re- enable/disable a module. [Wilfredo Sanchez]
Win 95 users may need to update their TCP/IP stack to pick up
Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
[Bill Stoddard <stoddard raleigh.ibm.com>]
error.log when CGI scripts fail. This makes Apache on Win32
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
*) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
[Randy Terbush <randy covalent.net>]
*) Add the new mass-vhost module (mod_vhost_alias.c) developed and
used by Demon Internet, Ltd. [Tony Finch <fanf demon.net>]
[Rasmus Lerdorf <rasmus raleigh.ibm.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
parent/child process management code.
[Bill Stoddard <stoddard raleigh.ibm.com>]
[John Giannandrea <jg meer.net>] PR#4122
*) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which
has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
[Henri Gomez <gomez slib.fr>, Ralf S. Engelschall]
*) Determine AP_BYTE_ORDER for ap_config_auto.h and already
content-types are "text/html;parameters". PR#4524 [Ken Coar]
*void. When the OS/platform/compiler supports quads, ap_snprintf()
[Aidan Cully <aidan panix.com>] PR#4456
*) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
library. [Jens-Uwe Mager <jum helios.de>, Ralf S. Engelschall]
(e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
[Ralf S. Engelschall, Rex Dieter <rdieter math.unl.edu>] PR#3997
[Jan Gallo <gallo pvt.sk>] PR#3690, PR#4373
*) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
[Todd Vierling <tv pobox.com>] PR#4310
[Petr Lampa <lampa fee.vutbr.cz>] PR#4366, 679
[Raymond S Brand <rsbx rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
the struct stat. [Ed Korthof <ed bitmechanic.com>]
[Salvador Ortiz Garcia <sog msg.com.mx>]
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2579
*) mod_include's fsize/flastmod should allow only relative paths, just
like "include file". [Jaroslav Benkovsky <benkovsk pha.pvt.cz>]
*) Add iconsdir, htdocsdir, and cgidir to config.layout.
*) Fix minor but annoying bug with the test for Configuration.tmpl
in unix/os.c, and don't install the dyld error handlers, which
*) Add functionality to the install-bindist.sh script created by
binbuild.sh to use tar when copying distribution files to the
install-bindist.sh now detects the local perl5 path to install
[Randy Terbush, Covalent Technologies, <randy covalent.net>]
src/modules/proxy_util.c where a NULL filepointer and
[Graham Leggett <minfrin sharp.fm>,
Tim Costello <tjcostel socs.uts.edu.au>] PR#3178
[Graham Leggett <minfrin sharp.fm>]
have assurance about how string manipulators (e.g., tr) will
[Ken Coar, Dmitry Khrustalev <dima zippy.machaon.ru>] PR#4118
[Raymond S Brand <rsbx rsbx.net>]
[Raymond S Brand <rsbx rsbx.net>] PR#4248
*) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
<rsbx rsbx.net>]
[Yitzchak Scott-Thoennes <sthoenna efn.org>, Ralf S. Engelschall] PR#4269
[Joe Moenich <moenich us.ibm.com>]
*) Fix number of bytes copied by read_connection() in src/support/ab.c
[Jim Cox <jc superlink.net>] PR#4271
[Bob Finch <bob nas.com>]
[Paul Sutton <paul awe.com>]
*) Make sure RewriteLock can be used only in the global context, (i.e.
<mariav icgeb.trieste.it>] PR#4260
uncompress/gzip, but those tools sometimes do not produce
[Marcin Cieslak <saper system.pl>] PR#4097
line. [<inkling firstnethou.com>] PR#3770
redirects. [Jose KAHAN <kahan w3.org>] PR#3910, 3806, 3575
[Jacques Distler <distler golem.ph.utexas.edu>] PR#4130
*) PORT: deal with UTS compiler error in http_protocol.c
[Dave Dykstra <dwd bell-labs.com>] PR#4189
*) Add ap_vrprintf() function. [John Tobey <jtobey banta-im.com>] PR#4246
by "Peter 'Luna' Altberg <peter altberg.nu>" and PR#3422
[Peter 'Luna' Altberg <peter altberg.nu>, Ronald Tschal�r]
binary (e.g., image file) in the first place.
[David McCreedy <mccreedy us.ibm.com>]
*) support/htpasswd now permits the password to be specified on the
apache -n apache1 -i -f c:/httpd.conf
Installs apache as service 'apache1' and associates c:/httpd.conf
Installs apache as service 'apache2'. httpd.conf is located under
the default server root (/apache/conf/httpd.conf).
apache -n apache3 -i -d c:/program files/apache
c:/program files/apache.
*) Correct the signed/unsigned character handling for the MD5 routines;
*) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
*) proxy ftp: instead of using the hardwired string "text/plain" as
<Directory proxy:ftp://some.host>
DefaultType gargle/blurb
*) Be more smart in APACI's configure script when determining the UID/GID
the number of fork()s from one/request to just the odd one an hour.
*) Added proxy, auth and header support to src/support/ab.c. Added a
README file to src/support/
*) Fix sed-substitutions in `make install': path elements like `httpd/conf'
(for instance from an APACI configure --sysconfdir=/etc/httpd/conf
*) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
[Ronald Tschal�r <ronald innovation.ch>] PR#3411
the reboot prompt (which is only given if MSVCRT.DLL system
*) WIN32: Apache.exe now contains an icon. [Paul Sutton]
*) Using APACI, the main config file (usually httpd.conf) was
<wsanchez apple.com>]
[Ryan Bloom <rbb raleigh.ibm.com>]
[Dean Gaudet, Jeff Lewis <lewis stanford.edu>] PR#3872
*) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
DSO/DLL section because it's a directive from mod_status and isn't
[Martin POESCHL <mpoeschl gmx.net>] PR#3936
option more clear. [Jan Wolter <janc wwnet.net>] PR#3995
[John Tobey <jtobey banta-im.com>] PR#3983
against libap.a and use its ap_snprintf() instead of sprintf() to avoid
*) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
*) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
[Michael van Elst <mlelstv serpens.swb.de>, Lars Eilebrecht] PR#3160
*) Use proper pid_t type for saving PIDs in alloc.c. [John Bley]
%v). Useful for mass vhosting. [Tony Finch <dot dotat.at>]
more reliable logs with multiline entries. [Tony Finch <dot dotat.at>]
*) Fixed a few compiler nits. [John Bley <jbb6 acpub.duke.edu>]
in http_core.c. [John Bley, Roy Fielding]
calls. [John Bley <jbb6 acpub.duke.edu>, Jim Jagielski]
[Brian Havard <brianh kheldar.apana.org.au>]
[Joshua Slive <slive finance.commerce.ubc.ca>] PR#2497
*) src/support/: The ApacheBench benchmark program was overhauled by
[David N. Welton <davidw prosa.it>]
*) Added -S option to install.sh so that options can be passed to
the test case of no modules being selected. [<chaz reliant.com>]
is *not* given in the argument list; i.e., the logical negation
*) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
to util.c for parsing an HTTP header field value to extract the next
code different from 500. This allows the proxy to, e.g., return
and no Accept-Language. [James Treacy <treacy debian.org>] PR#3299, 3688
as "com.name" to be served. [Paul Sutton] PR#3769.
make subtasking easier on the OSD/POSIX mainframe environment.
*) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
[Ryan Bloom <rbb Raleigh.IBM.Com>]
impossible to exploit.) [Rick Perry <perry ece.vill.edu>]
*) Let src/Configure be aware of CFLAGS options starting with plus
signs as it's the case for the HP/UX compiler.
[Doug Yatcilla <yatcilda umdnj.edu>] PR#3681
and this makes its functions available to things in src/support.
*) WIN32: Created new makefiles Makefile_win32.txt (normal build)
and Makefile_win32_debug.txt (debug build) that work on Win95.
nmake /f Makefile_win32.txt # compiles normal build
nmake /f Makefile_win32.txt install # compiles and installs
nmake /f Makefile_win32.txt clean # removes compiled junk
nmake /f Makefile_win32_debug.txt # compiles debug build
nmake /f Makefile_win32_debug.txt install
nmake /f Makefile_win32_debug.txt clean
for FreeBSD 3.0). [Todd Vierling <tv pobox.com>] PR#2462
*) Small fix for mod_env.html: The module was documented as to be _not_
Apache per default. [Sim Harbert <sim mindspring.com>] PR#3572
*) Instead of fixing a bug in the generation procedure for config.status (a
making sure the src/support/ tools are _forced_ to be build last (they
*) Fix installation procedure: Now that os-inline.c is actually used (a
recently fixed bug prevented this) we need to also install os-include.c
`escape' and `unescape' were added which can be used to escape/unescape
to/from hex-encodings in URLs parts (this is especially useful in
*) Major overhaul of mod_negotiation.c, part 2.
- added ap_array_pstrcat() to alloc.c for efficient concatenation
*) Major overhaul of mod_negotiation.c, part 1.
revision (draft-ietf-http-v11-spec-rev-06.txt).
e.g. no feature negotiation). Removed old experimental version.
negotiation results are consistent across backup/restores and mirrors
*) RFC2396 allows the syntax http://host:/path (with no port number)
[David Kristol <dmk bell-labs.com>] PR#3530
*) When modules update/modify the file name in the configfile_t structure,
[Fabien Coelho <coelho cri.ensmp.fr>] PR#3573
CASE_BLIND_FILESYSTEM. [Brian Havard <brianh kheldar.apana.org.au>]
*) The hashbang emulation code in ap_execve.c would interpret
#!/hashbang/scripts correctly, but failed to fall back to a
*) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg lentil.org>]
and another was incorrect. [Mark Anderson <mda discerning.com>] PR#3553
wasn't defined. [Rick Franchuk <rickf transpect.net>]
o fixed auto-suffix handling now that config.layout exists.
config.layout and every path now can be marked this way (not only the
SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
of ap_config.h to allow serialized accept for multiport listens.
*) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
of ap_config.h that would skip several defines if DEFAULT_GROUP
strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
*) Fix ordering of definitions in ap_config.h so that ap_inline is
[Tom Serkowski <tks bsdi.com>] PR#3453
*) Make generation of src/Configuration.apaci more robust: It failed to
another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
*) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
[Ralf S. Engelschall, Wilfredo Sanchez <wsanchez apple.com>]
[Paul Ausbeck <paula alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
*) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
IS to the compiler/linker command. [Ralf S. Engelschall]
config.layout. Custom layouts are possible by using FILE:ID as the
The config.layout file consists of <Layout ID>..</Layout> sections
extension (e.g., .fr, .de) can be labelled as being some other
*) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
rather than OPT_INCLUDES [Rainer Schoepf <schoepf uni-mainz.de>]
[Ronald Tschal�r <ronald innovation.ch>] PR#3409
[Martin Plechsmid <plechsmi karlin.mff.cuni.cz>] PR#1987
[Andrew Pimlott <pimlott math.harvard.edu>] PR#3340
[David MacKenzie <djm uu.net>] PR#3394
*) Updated mime.types to reflect current Internet media types
Improved mod_actions.c so that it can use any of the methods
defined in httpd.h. Added ap_method_number_of(method) for
*) PORT: Add a port to the TPF OS. [Joe Moenich <moenich us.ibm.com> and
*) Fix problems with handling of UNC names (e.g., \\host\path)
on Win32. [Ken Parzygnat <kparz us.ibm.com>]
robust, and works. [Ken Parzygnat <kparz us.ibm.com>]
[Manoj Kasichainula, Ken Parzygnat <kparz us.ibm.com>]
*) Move a typedef to fix compile problems on Linux with 1.x kernels.
*) http_config.c would respond with 501 (Method Not Implemented) if a
should have been a 500 response. Likewise, mod_proxy.c would responsd
on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
mod_foo with the begin of the module list, i.e. it `moves' the module to
which permutes mod_foo with the end of the module list, i.e. it `moves'
synchronisation (Win32). [Ken Parzygnat <kparz raleigh.ibm.com>]
on container start lines (e.g., it wouldn't spot
"<Directory /" as a syntax error). [Ryan Bloom <rbbloom us.ibm.com>]
[Ryan Bloom <rbbloom us.ibm.com>] PR#1799.
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2078, 2303.
[Ivan Richwalski <ivan seppuku.net>] PR#3249
*) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
parameter. [Ron Klatchko <ron ckm.ucsf.edu>] PR#3171
[Ralf S. Engelschall, Ron Record <rr sco.com>]
httpd.conf-dist* files. The srm and access files now contain
only comments, and httpd.conf has all the combined contents in
*) PORT: DSO/ELF support for FreeBSD 3.0.
[Ralf S. Engelschall, Dirk Froemberg <ibex physik.TU-Berlin.DE>]
do this. [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
[Wilfredo Sanchez <wsanchez apple.com>]
of "-". [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>, Marc Slemko]
*) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker jetair.be>]
[M. Laak <maert proinv.ee>] PR#3108
[Dave Dykstra <dwd bell-labs.com>] PR#3055
but not tabs). [James Morris <jmorris intercode.com.au>,
[James Grinter <jrg blodwen.demon.co.uk>] PR#3111
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3095
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3096
*) Fix http://localhost/ hints in top-level INSTALL document.
[Rob Jenson <robjen spotch.com>, Ralf S. Engelschall] PR#3088
[Wilfredo Sanchez <wsanchez apple.com>]
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2884, 2910
<kparz raleigh.ibm.com>] PR#3001
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
ap_config.h. [Brian Havard]
*) PORT: Add Pyramid DC/OSx support to configuration mechanism.
[Earle Ake <akee wpdiss1.wpafb.af.mil>]
*) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
[Dave Dykstra <dwd bell-labs.com>] PR#3054
*) Correct comment in mod_log_config.c about its internals.
[Elf Sternberg <elf halcyon.com>]
handle the creation of modules.c [Jim Jagielski]
and to avoid problems under platforms where only version 2.x is present.
[Dan Jacobowitz <drow false.org>, Ralf S. Engelschall]
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Remove redundant substitutions in top-level Makefile.tmpl.
platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
the possibility to override it manually via APACI or src/Configuration.
existance of the file under /usr/include, too.
[Wilfredo Sanchez <wsanchez apple.com>]
[Charles Randall <crandall matchlogic.com>] PR#2947
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2991
[Karl Berry <karl gnu.org>] PR#2994
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2992
*) Fix possible buffer overflow situation in suexec.c.
[Jeff Stewart <jws purdue.edu>] PR#2790
[Ronald Record <rr sco.com>] PR#2533
*) Fix documentation of ProxyPass/ProxyPassReverse according to the
trailing slash problem. [Jon Drukman <jsd gamespot.com>] PR#2933
[Marc Slemko, Paul Phillips <paulp go2net.com>]
SCO OpenServer. [David Coelho <drc ppt.com>]
in /home/user, not in /, therefore clicking on "../" in the
dump core for replies with invalid headers (e.g., duplicate
plop gmon.out profile data for each child [Doug MacEachern]
config.status script to be immune against arguments with whitespaces.
[Yves Arrouye <yves apple.com>] PR#2866
script `buildinfo.sh' which is both more flexible and already proofed to
*) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
*) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
[Youichirou Koga <y-koga jp.FreeBSD.ORG>] PR#2895
[Kurt Sussman <kls best.com>] PR#2871
*) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
variables in one RewriteRule and had to patch mod_rewrite.h for every
*) Make sure the config.status file is not overridden when just
See include/ap_mmn.h for more details. [Randy Terbush]
*) SECURITY [CVE-1999-1199] (cve.mitre.org):
*) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
directory was renamed to src/os/os2/ for consistency.
linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is
*) Add correct `model' MIME types from RFC2077 to mime.types file.
*) Fixed examples in mod_rewrite.html document.
[Youichirou Koga <y-koga jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
[MATSUURA Takanori <t-matsuu protein.osaka-u.ac.jp>]
programs under Win32. [Marco De Michele <mdemichele tin.it>] PR#2483
*) Update the mod_rewrite.html document to correctly reflect the situation
Makefile.tmpl: The umask+cp approach didn't work as expected (especially
*) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
src/helper/mkdir.sh script. [Ralf S. Engelschall]
`search' entries in /etc/resolv.conf.
INSTALL file because a lot of users don't read htdocs/manual/dso.html
(compilers complained) and the .so.V.R.P filename extension was adjusted
[Manoj Kasichainula <manojk raleigh.ibm.com>] PR#2355
*) Disable the incorrect entry for application/msword in the
*) Fix broken RANLIB handling in src/Configure (the entry from
src/Configuration.tmpl was ignored) and additionally force RANLIB to
[Steve VanDevender <stevev darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
*) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
TestCompile) instead of defining them manually in conf.h based on less
OS-type and/or OS-version identifiers to discover whether a system header
[Glen Parker <glenebob nwlink.com>] PR#2277
required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
[Anna Shergold <anna inext.co.uk>]
[John Van Essen <jve gamers.org>] PR#2529
*) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
[Ronald Record <rr sco.com>] PR#2533
[Charles Levert <charles comm.polymtl.ca>] PR#2551
[Vadim Kostoglodoff <vadim olly.ru>] PR#2463
*) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
[Ben Laurie, Bill Stoddard <wgstodda us.ibm.com>] PR#2274
*) PORT: remove broken test for MAP_FILE in http_main.c.
[Wilfredo Sanchez <wsanchez apple.com>]
*) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
but case-insensitive platforms). New #define for this added to conf.h
*) Enable DSO support for OpenBSD in general, not only for 2.x, because it
also works for OpenBSD 1.x. [Ralf S. Engelschall]
[Sam Kington <sam illuminated.co.uk>] PR#2443
reponse. [Ralf S. Engelschall, Charles Fu <ccwf bacchus.com>]
output of Awk. [Bill Houle <bhoule sandiegoca.ncr.com>] PR#2435
of a config.status script (as GNU Autoconf does) which remembers the used
*) Correct initialization of variable `allowed_globals' in http_main.c
[Justin Bradford <justin ukans.edu>] PR#2400
multipart/x-mixed-replace;boundary=ThisRandomString.
[Sean Boudreau <seanb qnx.com>] PR#2390
modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
[David MacKenzie <djm va.pubnix.com>] PR#2384
main server. [Christof Damian <damian mediaconsult.com>] PR#2090
[Klaus Weber <kweber chephren.germany.ncr.com>] PR#1973
<Directory /> section of the default access.conf-dist
[Dave Dykstra <dwd bell-labs.com>] PR#2320
*) Fix symbol export list (src/support/httpd.exp) after recent
[Jens-Uwe Mager <jum helios.de>]
solved by another helper script findprg.sh which searches for Perl and
*) Remove the system() call from htpasswd.c, which eliminates a system
[Rex Dieter <rdieter math.unl.edu>] PR#2293, 2316
O_NDELAY on various systems. [Dave Dykstra <dwd bell-labs.com>] PR#2313
*) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
*) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
[Dave Dykstra <dwd bell-labs.com>, Ralf S. Engelschall] PR#2319
configure and src/Configure depend on this.
*) Changes usage of perror/fprintf to stderr to more proper ap_log_error
*) Various OS/2 cleanups ["Brian Havard" <brianh kheldar.apana.org.au>]
*) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2295, 2296
[W G Stoddard <wgstodda us.ibm.com>]
[W G Stoddard <wgstodda us.ibm.com>] PR#2294
spawn_child was obsoleted and moved to compat.h
memory. [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2252
*) Fix src/support/httpd.exp (DSO export file which is currently only
``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
*) Fix discrepancy in proxy_ftp.c which was causing failures when
[Rick Ohnemus <rick ecompcon.com>]
*) Improve RFC1413 support. [Bob Beck <beck bofh.ucs.ualberta.ca>]
[Ben Laurie and Bill Stoddard <wgstodda us.ibm.com>] PR#1129, 1607
[Ernst Kloppenburg <kloppen isr.uni-stuttgart.de>] PR#2094
*) Support for the NCR MP/RAS 3.0
[John Withers <withers semi.kcsc.mwr.irs.gov>]
*) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
not retrieved in src/Configure and thus was not useable.
- SUBDIRS is now generated in src/Makefile only and not in
Makefile.config because it is a local define for this location.
- update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
- replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
- replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
of xxx.lo as GNU libtool does with its PIC objects
- reduce local complexity in modules Makefile.tmpl by moving the last
*) WIN32: Make Win32 work again after the /dev/null DoS fix.
*) When opening "configuration" files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
necessary. Long-term fix is to either serialize the chdir/spawn combo
htdocs/manual/suexec.html document before using the suexec-related
and htdocs/manual/suexec.html documents.
UID/GID and safe PATH, too.
- overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
*) Add a note to httpd.conf-dist that apache will on some systems fail
and not the original statically list from modules.c
confusion with the next point and reduces the Makefile.tmpl complexity
6. The modules.c generation was extended to now contain two
of loading/linking (we use load=link+load & link=activate instead of
*) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
*) Add a comment to mod_example.c showing the format of a FLAG command
places in the code (e.g. DATE_GMT). PR#1551
zone information in their tm struct. [Paul Eggert <eggert twinsun.com>]
*) get/set_module_config are trivial enough to be better off inline. Worth
*) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
*) Fix debug log messages for BS2000/OSD: instead of logging the whole
[Michael Anderson's <mka redes.int.com.mx>]
*) Make sure the referer_log and agent_log entries in the default httpd.conf
*) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
from mod_so.c to Configure because first it needs $PLAT etc. and second
[Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165
[Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158
AIX variants should work fine, too. Even AIX 3.x should work). This is
which we put into a os/unix/os-dso-aix.c file.
*) Fix two bugs in select() handling in http_main.c.
side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
"make root=/tmp/apache install" for rolling the package without bristling
*) Workaround braindead AWK's when generating ap_config.h: The split() and
*) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
*) Make sure that "make install" doesn't overwrite the `mime.types' and
*) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
variables) to avoid side-effects in "src/Configure" when the user
*) Provide backward compatibility from some old src/Configuration.tmpl
*) NeXT required strdup() in support/logresolve.c
[Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082
*) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>]
ap_snprintf, and ap_psprintf). See include/ap.h for docs.
*) Because /usr/local/apache is the default prefix the ``configure
to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
*) PORT: Make sure some AWK's don't fail in src/Configure with "string too
long" errors when generating the MODULES entry for src/Makefile
*) Make sure src/Configure doesn't complain about the old directory
/usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
*) Adding DSO support for the HP/UX platform by emulating the dlopen-style
interface via the similar but proprietary HP/UX shl_xxx-style system
APACI Makefile.tmpl "install" target more robust for sensible UnixWare
- Apache provided general functions (e.g., ap_cpystrn)
- Public API functions (e.g., palloc, bgets)
cross-object usage) but should be (e.g., new_connection)
For backward source compatibility a new header file named compat.h was
dummy.so file (containing dummy references to all global symbols) the
Placing the Apache core code itself into a DSO library named libhttpd.so.
where we perhaps exploit this libhttpd.so mechanism for providing nifty
inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
[Todd Eigenschink <eigenstr mixi.net>] PR#2045
to the mak/dsp files. [Alexei Kosut]
*) Add documentation file and src/Configuration.tmpl entry for the
*) Now src/Configure uses a fallback strategy for the shared object support
and installation of the support tools from the src/support/ area.
dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
Apache C header files (PREFIX/include) and the new APXS tool
(SBINDIR/apxs). The intend is to provide a handy tool for third-party
modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
*) Modify the log directives in httpd.conf-dist files to use CustomLog
script and a corresponding top-level "Makefile.tmpl" file. The goal is
the old src/Configure stuff in batch and additionally installs the
routines. Use this to replace http_bprintf.c. Add new routines
is necessary on at least Solaris where the /etc/rc?.d scripts
[Rein Tollevik <reint sys.sol.no>] PR#2009
[Rein Tollevik <reint sys.sol.no>] PR#2010
[J�rgen Keil <jk tools.de>] PR#2000
http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
[Tim Costello <tjcostel socs.uts.edu.au>] PR#1890
the mod_proxy.html and corrected the hyperlink to it in the
new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
*) Fix a bug in the src/helpers/fp2rp script and make it a little bit
*) Add the new ApacheBench program "ab" to src/support/: This is derived
*) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
*) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
*) util.c cleanup and speedup. [Dean Gaudet]
[Dmitry Khrustalev <dima bog.msu.su>]
TZ variable. [Jay Soffian <jay cimedia.com>] PR#1888
[Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900
[Tony Finch <fanf demon.net>] PR#1925
modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
*) The Configure script now generates src/include/ap_config.h which
[Joel Truher <truher wired.com>]
"http://host" url is treated as if a similar "Host:" header had been
supplied. This change was made to support future HTTP/1.x protocols
*) API: Cleanup of code in http_vhost.c, and remove vhost matching
[Chia-liang Kao <clkao cirx.org>] PR#1531
[Konstantin Morshnev <moko design.ru>] PR#1771
address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885
*) API: A new source module main/util_uri.c; It contains a routine
user; /* user name, as in http://user:passwd@host:port/ */
password; /* password, as in http://user:passwd@host:port/ */
a username can contain when trying to expand it via /etc/passwd.
Jay Soffian <jay cimedia.com>] PR#1631
*) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
<luomat peak.org>]
<ache nagual.pp.ru> and Jim] PR#1450
Alvaro Martinez Echevarria <alvaro lander.es>]
[Charles Fu <ccwf klab.caltech.edu>] PR#1847
directive. [Enrik Berkhan <enrik inka.de>] PR#1816
[Lauri Jesmin <jesmin ut.ee>] PR#1701
*) Source file dependencies in Makefile.tmpl files throughout the
htdocs/manual/known_client_problems.html are in the default
(like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
[Michael Douglass <mikedoug texas.net>, Dean Gaudet]
header files are in the src/include directory. The -Imain -Iap
and mod_rewrite) have not been moved to src/include; nor have
calls that use too small an initial guess, see alloc.c.
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
because the key/value is a constant, or the value has been built
Note that it is easy to get code subtly wrong if you pass a key/value
safe thing to do is to pass key/values which are in the pool of
i.e. if the table is part of a subrequest, a value from the main
usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
[Dmitry Khrustalev <dima bog.msu.su>, Dean Gaudet]
[Martin Kraemer, with code from Peter Wemm <peter zeus.dialix.oz.au>
*) API: "typedef array_header table" removed from alloc.h, folks should
HAVE_MMAP/SHMGET #defines strictly are informational that the
Unixware 1.x appears to have the same SIGHUP bug as solaris does with
[Tom Hughes <thh cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
*) PORT: A/UX can handle single-listen accepts without mutex
[Paul Eggert <eggert twinsun.com>] PR#1343
*) suexec errors now include the errno/description. [Marc Slemko] PR#1543
[Keith Severson <keith sssd.navy.mil>] PR#1613
[Keith Severson <keith sssd.navy.mil>] PR#1614
*) Some const declarations in mod_imap.c that were added for debugging
*) The src/main/*.h header files have had #ifndef wrappers added to
multiple paths (e.g., in .c files as well as other .h files).
src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
but before the header file contents. [John Van Essen <jve gamers.org>]
set with SetEnv/BrowserMatch and similar directives.
was found. Noticed by <robinton amtrash.comlink.de> (Soeren Ziehe)
[Soeren Ziehe <robinton amtrash.comlink.de>, Martin Kraemer]
(the Siemens BS2000/OSD family) in the POSIX subsystem
Located in libap.a. [Jim Jagielski]
[Stephen Scheck <sscheck infonex.net>, Ben Laurie] PR#1604
alloc.c (affects win32 only). [Ben Hyde]
[Ben Reser <breser regnow.com>] PR#1366
[Gregory A Lundberg <lundberg vr.net>]
server itself (like the src/support tools). [Ken Coar]
[Igor Tatarinov <tatarino prairie.NoDak.edu>]
It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
[<malcolm mgdev.demon.co.uk>] PR#1378
set errno. [Igor Tatarinov <tatarino prairie.NoDak.edu>]
*) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti net4all.be>] PR#1523
[Frank Faubert <frank sane.com>]
can be used by items in src/support among other things.
(e.g., <Directory>) where they're invalid. [Martin Kraemer]
for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
read the file. [Ben Hyde <bhyde gensym.com>]
the display. [Ken Coar, suggested by Brian Tiemann <btman pacific.net>]
*) PORT: Update the LynxOS port. [Marius Groeger <mag sysgo.de>]
[David Chambers <davidc flosun.salk.edu>] PR#1294
[M.D.Parker] PR#1352
*) Inherit a bugfix to fnmatch.c from FreeBSD sources.
["[KOI8-R] ������ ������" <ache nagual.pp.ru>] PR#1311
sources as Unix now. [Brian Havard <brianh kheldar.apana.org.au>]
[Paul Eggert <eggert twinsun.com>] PR#1342
*) A mild SIGTERM/SIGALRM race condition was eliminated.
*) Warn user that default path has changed if /usr/local/etc/httpd
*) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
[David Schuler <schuld btv.ibm.com>] PR#1317
Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
*) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
[John Line <jml4 cam.ac.uk>] PR#1321
*) Default pathname has been changed everywhere to /usr/local/apache
[Sameer <sameer c2.net>]
[David Bronder <David-Bronder uiowa.edu>] PR#849
[David Schuler <schuld btv.ibm.com>] PR#1267
[Philippe Vanhaesendonck <pvanhaes be.oracle.com>,
Omar Del Rio <al112263 academ01.lag.itesm.mx>] PR#482, 1246
[Chris Craft <ccraft cncc.cc.co.us>] PR#977
*) PORT: UnixWare 2.x requires -lgen for syslog.
[Hans Snijder <hs meganet.nl>] PR#1249
["Pavel Yakovlev (Paul McHacker)" <hac tomcat.olly.ru>]
*) New support tool: src/support/split-logfile, a sample Perl script which
*) Makefile.tmpl was not using $CFLAGS in the link phase.
*) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
Purify. See main/alloc.c for more details. [Dean Gaudet]
be used for whatever reason is appropriate (i.e. format() warnings
gcc >= 2.7.x (so that we have fewer support issues with older
Also removed the auto-generated link to www.apache.org that was the
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107, 987, 588
*) Fixed error in proxy_util.c when looping through multiple host IP
buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
*) API: New register_other_child() API (see http_main.h) which allows
*) API: New piped_log API (see http_log.h) which implements piped logs,
Some things (like RewriteMaps) were checked/performed even if they
*) Removal of mod_auth_msql.c from the distribution. There are many
http://modules.apache.org/ It would be nice to offer a generic
Makefile on the fly based on Makefile.tmpl and Configuration.
Encore's UMAX V: Arieh Markel <amarkel encore.com>
Acorn RISCiX: Stephen Borrill <sborrill xemplar.co.uk>
*) support/httpd_monitor is no longer distributed because the
the headers/contents of the request. It does not run during subrequests
USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
- Linux 2.x uses flock instead of fcntl
- Solaris 2.x uses pthreads
*) PORT: The semantics of accept/select make it very desirable to use
Modules can be dropped into modules/extra, or in their own
modules/standard. All other source code is in main. OS-specific
match "/home/a/andrew/public_html", now it only matches things
[Dean Gaudet, Dave Hankins <dhankins sugarat.net>]
/dev/tty, etc.)
[Jason Venner <jason idiom.com>] PR#667
and cidr syntax (i.e. 10.1.0.0/16). PR#762
Apache would omit the chunk header/footer on the next block. Cleaned
e.g. when max_requests_per_child is reached, etc.
[Alexander L Jones <alex systems-options.co.uk>] PR#732
*) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
[Igor N Kovalenko <infoh mail.wplus.net>] PR#683
setting. The define MAX_SPAWN_RATE can be used to raise/lower
in a language that by default does buffering (e.g. perl) this
*) PORT: Allow for use of n32bit libraries under IRIX 6.x
[derived from patch from Jeff Hayes <jhayes aw.sgi.com>]
*) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
*) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
[Igor N Kovalenko <infoh mail.wplus.net>]
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
rect /url.hrm 10 20 30 40
["Chris O'Byrne" <obyrne iol.ie>] PR#807
["Darren O'Shaughnessy" <darren aaii.oz.au>] PR#846
the output of mod_info. ["Lou D. Langholtz" <ldl usi.utah.edu>]
braindead SunOS 4.1.x, allow env variables to be set even on rules with
i.e. now mod_rewrite no longer has a shared copyright. Instead is is
See http_config.h for more details. [Dean Gaudet]
LoadModule/LoadFile directives. Note that module DLLs must be
Module autoindex_module mod_autoindex.o
*) popendir/pclosedir created to properly protect directory scanning.
["Lou D. Langholtz" <ldl usi.utah.edu>]
command. [Ian Kluft <ikluft cisco.com>]
*) Makefile.nt added - to build all the bits from the command line:
nmake -f Makefile.nt
httpd.h. [Dean Gaudet]
the SFIO library calls sfread/sfwrite if B_SFIO is defined at
work however.) [Alexander Spohr <aspohr netmatic.com>] PR#444
*) Turn off chunked encoding after sending terminating chunk/footer
[Stanley Gambarin <gambarin OpenMarket.com>]
[Ben Laurie and Ambarish Malpani <ambarish valicert.com>]
*) SECURITY: When a client connects to a particular port/addr, and
*) Support virtual hosts with wildcard port and/or multiple ports
properly. [Ed Korthof <ed organic.com>]
and mod_include.c. [Dean Gaudet]
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
<sscheck infonex.net>, Ben Laurie] PR#1604
cases. [Ben Reser <breser regnow.com>] PR#1366
Also removed the auto-generated link to www.apache.org that was the
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
*) #ifdef wrap a few #defines in httpd.h to make life easier on
*) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
should consider comparing against src/modules/standard/mod_include.c
Michal Zalewski <lcamtuf boss.staszic.waw.pl> for reporting
[Brian Slesinsky <bslesins wired.com>] PR#1139
[Jay Bloodworth <jay pathways.sde.state.sc.us>]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107
minus WIN32/NT stuff, but plus copyright removement.
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
an HTTP/0.9 server. [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#813,814
[Skip Montanaro <skip calendar.com>, Marc Slemko] PR#797
under Solaris 2.x (up through 2.5.1). It has been fixed.
lockfile in any location. It previously defaulted to /usr/tmp/htlock.
*) Add a placeholder in modules/Makefile to avoid errors with certain
*) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
redirect flag, e.g. R=permanent, the permanent status was lost.
[Lawrence Rosenman <ler lerctr.org>] PR#511
*) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim tandem.com>] PR#327
[David DeSimone <fox convex.com>] PR#399
["P. Alejandro Lopez-Valencia" <alejolo ideam.gov.co>] PR#388
*) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
*) PORT: fix problem compiling http_bprintf.c with gcc under SCO
*) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
change submitted by Jozsef Hollosi <hollosi sbcm.com>.
directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value
of DEFAULT_TYPE to match the documented default (text/plain).
*) In mod_proxy.c, check return values for proxy_host2addr() when reading
the connection (e.g., when user presses Stop). Apache will now stop
*) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
htdocs/manual/stopping.html for details on stopping and
*) The default handler now logs invalid methods or URIs (i.e. PUT on an
buffer or write inside buff.c or fread'ing from a CGI's output,
*) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
*) Add UnixWare compile/install instructions. [Chuck Murcko]
*) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
*) More signed/unsigned port fixes. [Dean Gaudet]
*) suexec.c doesn't close the log file, allowing CGIs to continue writing
*) Improved generation of modules/Makefile to be more generic for
*) Fixed overlaying of request/sub-request notes and headers in
when nalloc==0. [Kai Risku <krisku tf.hut.fi> and Roy Fielding]
*) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
- Changed send_dir() to remove user/passwd from displayed URL.
[Marc Slemko, reported by Onno Witvliet <onno tc.hsa.nl>]
select/accept and keep-alive requests, fixed several bugs regarding
[Ben Laurie, reported by <geddis tesserae.com>]
*) Tweak byteserving code (e.g. serving PDF files) to work around
Emit Content-Length header when sending multipart/byteranges.
*) Port to HI-UX/WE2. [Nick Maclaren]
[Mark Bixby <markb cccd.edu>]
regex/regcomp.c since that file also used a NEXT define.
*) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
*) Remove mod_fastcgi.c from the distribution. This module appears
continue to be easily available at http://www.fastcgi.com/
*) Fixed bug in modules/Makefile that wouldn't allow building in more
- execution restricted to UID/GID > 100
*) Replace references to make in Makefile.tmpl with $(MAKE).
*) Add ProxyBlock directive w/IP address caching. Add IP address
[<mgyger itr.ch>, Adrian Filipi-Martin]
[Roy Fielding, after useful PR from <adrian virginia.edu>]
*) Remove requirement for ResourceConfig/AccessConfig if not using
2. initgroups() on Linux 2.0.x clobbers gr->grid.
*) Reset timeout while reading via get_client_block() in mod_cgi.c
*) Add the ability to pass different Makefile.tmpl files to Configure
*) proxy_http.c bugfixes: [Chuck Murcko]
1) fixes possible NULL pointer reference w/NoCache
*) mod_include.c bugfixes:
3) Patch to fix compiler warnings [<perrot lal.in2p3.fr>]
[Ben Yoshino <ben wiliki.eng.hawaii.edu>]
*) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
http_protocol.c [Roy Fielding]
*) Replaced use of index() in mod_expires.c with more appropriate
*) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
*) Updated helpers/GuessOS for ...
SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
and fixed something in helpers/PrintPath [Ben Laurie]
*) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
*) mod_env now turned on by default in Configuration.tmpl.
c) Leading colons were stripped from passwords [<osm interguide.com>]
d) Another fix to multi-method Limit problem [<jk tools.de>]
b) truncated hostnames/ip address in the logs
*) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
*) Internal redirects which occur in mod_dir.c now preserve the
*) Fix for POSIX compliance in waiting for processes in alloc.c.
which works similar to PidFile (in httpd.conf) [Rob Hartill]
*) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
*) the pstrcat call in mod_cookies.c didn't have an ending NULL,
*) Add strerror function to util.c for SunOS4 [Randy Terbush]
*) patch to get Apache compiled on UnixWare 2.x, recommended as
a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
*) past changes to http_config.c to only use the
*) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
and the server provider uses relative links; as file.html
*) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
*) Fixed potential FILE* leak in http_main.c [Ben Laurie]
*) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
*) Nuked bogus #define in httpd.h [David Robinson]
*) gcc -Wall no longer complains about an unused variable when util.c
*) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
*) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
subprocesses, including the SIGTERM/pause/SIGKILL routine, until
causing certain extremely marginal cases (e.g., ScriptAlias of a
*particular* index.html file) to fail. [David Robinson]
*) Cleaned up compiler warning from mod_access.c [Robert Thau]
*) Cleaned up comments in mod_cgi.c [Robert Thau]
"/path/to/some/link/" follows the link. [Thau, Fielding]
*) Doesn't reset DirectoryIndex to 'index.html' when
*) Clarified init code and nuked bogus warning in mod_access.c
*) Corrected several directives in sample srm.conf
*) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
mod_alias.c, merging it almost completely with handling of Alias, and
using a special file created for the purpose in /usr/tmp, and
which try to print out the last-modified date). [Eric Hagberg/Robert
*) <!--exec cgi="/some/uri/here"--> always treats the item named by the
*) POST to CGI works on A/UX [Jim Jagielski]
it seems to work well enough without it (even in a 10 hits/sec
workout), and the overhead for the locking under A/UX is
*) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
*) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian
Behlendorf/Eric Hagberg]
*) More improvements to default Configuration for A/UX [Jim Jagielski]
*) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
*) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
properly. (One-line fix to http_protocol.c).
*) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut]
*) Nuked Shambhala name from src/README; had already cleaned it out
*) Set config file locations properly if not set in httpd.conf
*) Fixed mod_imap.c --- relative paths with base_uri referer don't
be nice if mod_dir.c was robust enough to handle that, but for now,
/tmp/htstatus.*, on which each process has an independent file
*) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
*) Incidental code cleanups in http_main.c --- stop dragging
*) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
Also, fixed auth typo in http_protocol.c unmasked by this fix.
*) Reordered modules in modules.c so that Redirect takes priority
the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
*) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
*) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
memory area every time). Fix is in mod_dir.c. [Paul Sutton]
*) Changes to http_main.c --- root server no longer plays silly
*) mod_dir.c bug fixes: ReadmeName and HeaderName
*) http_request.c now calls unescape_url() more places where it
*) Generalized cleanup interface in alloc.c --- any function can be
registered with alloc.c as a cleanup for a resource pool;
*) More changes in alloc.c --- new cleanup_for_exec() function,
registered with the alloc.c machinery before the server exec()s a
*) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
in alloc.c [rst]