CHANGES revision 3e31296f734b08ad1e536cf6a1198b8cdb6d0d22
4c342614f80d867bba23e63795ec6ee79dd6395dMark Andrews -*- coding: utf-8 -*-
4c342614f80d867bba23e63795ec6ee79dd6395dMark AndrewsChanges with Apache 2.3.0
e72d4d8929fec51153e4fd0d1cf632cd59335495Mark Andrews [Remove entries to the current 2.0 and 2.2 section below, when backported]
0ae34c3f6222ece01e0f710c7c0311f5cf9d9c0fMark Andrews *) prefork: Support a graceful-stop procedure. Server will wait until
0ae34c3f6222ece01e0f710c7c0311f5cf9d9c0fMark Andrews existing requests are finished or until "GracefulShutdownTimeout"
4eaf7590c82871637d1380be59000d8684db649cMark Andrews before exiting. [Colm MacCarthaigh, Ken Coar]
6c6673405c7e29c1d91d07b326d0fe1d7b52e478Mark Andrews *) mod_cgid: Append .PID to the script socket filename and remove the
bb6936058eb88eadff030462a347c10895c61a9aMark Andrews script socket on exit. [Colm MacCarthaigh]
bb6936058eb88eadff030462a347c10895c61a9aMark Andrews *) prefork and worker MPM's: Prevent children from holding open listening
bb6936058eb88eadff030462a347c10895c61a9aMark Andrews ports upon graceful restart. PR28167.
0ad5cb4782cd419b089bcab28d2fd9e140dbcc59Mark Andrews [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
0ad5cb4782cd419b089bcab28d2fd9e140dbcc59Mark Andrews *) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
7c5d5a7932b8ac27281eeff64506dff8220bb3eaMark Andrews of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh]
7c5d5a7932b8ac27281eeff64506dff8220bb3eaMark Andrews *) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a
1aed0905a50ff8d2bdc4d253b38ae24afe3bab1cDanny Mayer per-protocol, per-host and per-path basis. Intended for proxy
1aed0905a50ff8d2bdc4d253b38ae24afe3bab1cDanny Mayer configurations. [Colm MacCarthaigh]
1aed0905a50ff8d2bdc4d253b38ae24afe3bab1cDanny Mayer *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
1a9c000f54e6204fb49d785fd0bbb7a8e590dc99Mark Andrews allowing string-valued client certificate attributes to be used for
1a9c000f54e6204fb49d785fd0bbb7a8e590dc99Mark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
3cea35d9159b36eac43d32082a0b98f2cd82fc2eDanny Mayer [Martin Kraemer, David Reid]
53f1312c61fa8618852584bcdf9f35530282eb08Mark AndrewsChanges with Apache 2.1.7
53f1312c61fa8618852584bcdf9f35530282eb08Mark Andrews *) SECURITY: CAN-2005-2491 (cve.mitre.org):
53f1312c61fa8618852584bcdf9f35530282eb08Mark Andrews Fix integer overflows in PCRE in quantifier parsing which could
7d011946d27152e6ee1e0f56e380abafddd9cfdbMark Andrews be triggered by a local user through use of a carefully-crafted
7d011946d27152e6ee1e0f56e380abafddd9cfdbMark Andrews regex in an .htaccess file. [Philip Hazel]
7d011946d27152e6ee1e0f56e380abafddd9cfdbMark Andrews *) mod_proxy/mod_proxy_balancer: Provide a simple, functional
7d011946d27152e6ee1e0f56e380abafddd9cfdbMark Andrews interface to add additional balancer lb selection methods
87f4715d6c0a22f3449eb3291c91aa45ba86c955Mark Andrews without requiring code changes to mod_proxy/mod_proxy_balancer;
7d011946d27152e6ee1e0f56e380abafddd9cfdbMark Andrews these can be implemented via sub-modules now. [Jim Jagielski]
1431917c7cddbac7442cb910e83cb058fea59fb5Mark Andrews *) mod_cache: Fix incorrectly served 304 responses when expired cache
e809f3fb3f8567b2777fd100bffe2c0072e03942Mark Andrews entity is valid, but cache is unwritable and headers cannot be
3733c24efa7eaa65455153702c3fb71c9233eafbMark Andrews updated. [Colm MacCarthaigh <colm stdlib.net>]
012a2b979e011b13ba0d291c279dc65a167c039eMark Andrews *) mod_cache: Remove entities from the cache when re-validation
f6ff00810196d0c0973f62c7917b9975011fa45aMark Andrews receives a 404 or other content-no-longer-present error.
ec3984e9df6fd9b7811daa0dacb1b3dd1423ebf3Mark Andrews *) mod_disk_cache: Properly remove files from cache when needed.
b972ff033b3efd52e747683face674dc4d2e431bMark Andrews *) mod_disk_cache: Support htcacheclean removing directories.
b972ff033b3efd52e747683face674dc4d2e431bMark Andrews [Andreas Steinmetz]
fa4e1438016331502e6d665588021aa7ffef8cc2Mark Andrews *) htcacheclean: Add -t option to remove empty directories.
fa4e1438016331502e6d665588021aa7ffef8cc2Mark Andrews [Colm MacCarthaigh <colm stdlib.net>]
f0471ca4b7bca6e907130ec84e36cf69f2b79a5aMark Andrews *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
f0471ca4b7bca6e907130ec84e36cf69f2b79a5aMark Andrews links for clients not using an Authorization header. [Graham Leggett,
f0471ca4b7bca6e907130ec84e36cf69f2b79a5aMark Andrews Jon Snow <jsnow27 gatesec.net>]
638fe804a524ee0c028863c0301b999c79de7651Mark Andrews *) mod_cache: Restore the HTTP status of cached responses.
638fe804a524ee0c028863c0301b999c79de7651Mark Andrews [Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]
9db3d9d14e2f3641d696dadc59c40c52b6f888bcMark Andrews *) mod_cache: Store varied contents all in the same prefix for a varied URI.
9db3d9d14e2f3641d696dadc59c40c52b6f888bcMark Andrews [Paul Querna]
e412f05a4e5ab7727f024c95e2a7515c07107b02Mark Andrews *) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content
e2cf0e8ff9ff37121518af5b34b9e4de7abbb47cMark Andrews filters. [Paul Querna]
0b75a2dd3bd81a69e2d68fe446cacb46be04c1f1Mark Andrews *) mod_negotiation: Correctly report 404 instead of 403 for missing files.
0b75a2dd3bd81a69e2d68fe446cacb46be04c1f1Mark Andrews [Paul Querna]
c54c1eaf26d5a7fc123c4af3712353156a766df1Mark Andrews *) new hook (request_status) that gets ran in proxy_handler just before
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews the final return. This gives modules an opportunity to do something
0d993c02babc1e00516272783b310e83bb292d5cMark Andrews based on the proxy status. (minor MMN bump)
0d993c02babc1e00516272783b310e83bb292d5cMark Andrews [Brian Akins <bakins turner.com>, Ian Holsman]
4d9f3f00d93fcb8743b1105e8cf82e862be220d1Mark Andrews *) SECURITY: CAN-2005-2088
4d9f3f00d93fcb8743b1105e8cf82e862be220d1Mark Andrews proxy: Correctly handle the Transfer-Encoding and Content-Length
4d9f3f00d93fcb8743b1105e8cf82e862be220d1Mark Andrews headers. Discard the request Content-Length whenever T-E: chunked
4d9f3f00d93fcb8743b1105e8cf82e862be220d1Mark Andrews is used, always passing one of either C-L or T-E: chunked whenever
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews the request includes a request body. Resolves an entire class of
86f6b92e35c7bdb5fc1fd1021af75b981863313eMark Andrews proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Added TraceEnable [on|off|extended] per-server directive to alter
25276bd1ecb372b82c9235648e5defab0655dcd5Mark Andrews the behavior of the TRACE method. This addresses a flaw in proxy
25276bd1ecb372b82c9235648e5defab0655dcd5Mark Andrews conformance to RFC 2616 - previously the proxy server would accept
25276bd1ecb372b82c9235648e5defab0655dcd5Mark Andrews a TRACE request body although the RFC prohibited it. The default
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews remains 'TraceEnable on'. [William Rowe]
320d6ee24ea59c0dbcb2c08038586ef03c6a191dMark Andrews *) Add additional SSLSessionCache option, 'nonenotnull', which is
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews similar to 'none' (disabling any external shared cache) but forces
475fe52dc33d8d8344e8b1e48fa7bb6643f7ca66Mark Andrews OpenSSL to provide a non-null session ID. [Jim Jagielski]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
5af560664daaa984f98cec6925518a3e06c4ab4fMark Andrews [Paul Querna]
0f8f42a09eb102fa88e4d2caacdafbeda931f94cMark Andrews *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews the negotiated compression. [Georg v. Zezschwitz <gvz 2scale.de>]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Fixed complaints about unpackaged files within the RPM build
8d77066ba0feb1353a7c85f929c365c5103f3976Mark Andrews after changes to the config files. [Graham Leggett]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of
3e7b37e01ba3efc873486140734fd24788092a30Mark Andrews just closing the socket, a HTTP request is made, to make sure the child is
3e7b37e01ba3efc873486140734fd24788092a30Mark Andrews always awakened. [Paul Querna]
54532c54130de8f374465bb23d5576fc3257ea96Mark AndrewsChanges with Apache 2.1.6
020f7361a49c5b1cda91927cf8206c1283fc7496Mark Andrews *) Fix htdbm password validation for records which included comments.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Eric Covener <covener gmail.com>]
1c0927d8a091effcf9b2dc5baa533927c113bd5cMark Andrews *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Steve Kemp <steve steve.org.uk>]
446ff1959cc3e963778c8770204b72c9e7c7df5aMark AndrewsChanges with Apache 2.1.5
70f8c70cdd3ca68edcf9d448eb508abf3697719aMark Andrews *) mod_ssl: Setting the Protocol to 'https' can replace the use of the
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews 'SSLEngine on' command. [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) core: Refactor the mapping of Accept Filters to Sockets. Add the
ac65e45126dda424b5cc9d2865b353dc0ec23e1eMark Andrews AcceptFilter and Protocol directives to aid in mapping filter types.
ac65e45126dda424b5cc9d2865b353dc0ec23e1eMark Andrews Extend the Listen directive to optionally take a protocol name.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_disk_cache: Support storing multiple variations of one URL. PR 35211.
d9e0458a890c49f977fdcf9d995681f546f7c427Mark Andrews [Paul Querna]
de4976142190ae84ed3e4099f3e0fc07781748a3Mark Andrews *) mod_disk_cache: Atomically create the header data file. [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
5758e9adfb009286b2b719ff83eb284f1019c589Mark Andrews [Paul Querna]
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark Andrews *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) proxy FTP: Fix confusion about globbing characters which could lead
e0fa16fe191d619d2cd05a039067414409329878Mark Andrews to getting a directory listing when a file was requested. PR 34512.
e0fa16fe191d619d2cd05a039067414409329878Mark Andrews [Sean <infamous41md hotmail.com>]
93da96c1cfd5f3c47169855867dd18db00c8a386Mark Andrews *) mod_mime_magic: Handle CRLF-format magic files so that it works with
93da96c1cfd5f3c47169855867dd18db00c8a386Mark Andrews the default installation on Windows. [Jeff Trawick]
7d389c324cc032475f9d219a12ab84bacbd7fbaaMark Andrews *) core: Allow multiple modules to register interest in a single
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews configuration command. [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) EBCDIC: Handle chunked input from client or, with proxy, origin
dcd371be7d481b242d277d735e4c2d974297c164Mark Andrews server. [Jeff Trawick]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) authn_provider_alias: Adds the configuration block tag
cc4928ec7116a064223f60639ca1a80f25ba350fMark Andrews <AuthnProviderAlias baseProvider Alias>
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews Authentication directives contained within this block can be
e2cf63c5df79eb7c8b86b6278289883fa760cda5Mark Andrews referenced as a new authProvider using the AuthBasicProvider or
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews AuthDigestProvider directive. These directives will be merged in to
c3184b4e2a1f238f4615d36fee79df82b1711344Mark Andrews the per_dir configuration just before the base provider is called.
c3184b4e2a1f238f4615d36fee79df82b1711344Mark Andrews [Brad Nicholes]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) ap_getword_conf: Fix backslashes at the end of configuration directives.
9b7c023fe6dc88ba1e69ace1f7c3ade40c6475f9Mark Andrews PR 34834. [Timo Viipuri <viipuri dlc.fi>]
9b7c023fe6dc88ba1e69ace1f7c3ade40c6475f9Mark Andrews *) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews Provide module hooks for apr_dbd; optimise for httpd
0a1fa37641b59c56d02f5390917a49e4987f0f75Mark Andrews threaded and non-threaded arch [Nick Kew]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) ab: SSL support rewritten, improved, and enabled if SSL is enabled
c61ec97ae0b859914ee26e213fe792f86a157990Mark Andrews during the build; -f and -Z arguments added to specify SSL protocol
c61ec97ae0b859914ee26e213fe792f86a157990Mark Andrews options. [Masaoki Kobayashi <masaoki techfirm.co.jp>]
49f7d1585e0e4f1ffa1667391dd7ae1c4d3d4e81Mark Andrews *) Support the suppress-error-charset setting, as with Apache 1.3.x.
49f7d1585e0e4f1ffa1667391dd7ae1c4d3d4e81Mark Andrews PR 31274. [Jeff Trawick]
0b1af13f680a865521105a77ee192024b5af33c4Mark Andrews *) Prevent hangs of child processes when writing to piped loggers at
0b1af13f680a865521105a77ee192024b5af33c4Mark Andrews the time of graceful restart. PR 26467. [Jeff Trawick]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_info: Show the Quick Handler [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_ldap: Add the directive LDAPVerifyServerCert to specify
5ed4b0d4452967d9b3aaf7a22a2956a6ee67a614Mark Andrews whether to force verification of the server certificate when
5ed4b0d4452967d9b3aaf7a22a2956a6ee67a614Mark Andrews establishing an SSL connection to the LDAP server.
5ed4b0d4452967d9b3aaf7a22a2956a6ee67a614Mark Andrews [Brad Nicholes]
c549b3a4d5fedba2ae960df667864e824acb1ef9Mark Andrews *) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
c549b3a4d5fedba2ae960df667864e824acb1ef9Mark Andrews hook. [Paul Querna]
a483e67c4cdcbfc29ddc62b5a2d0d99b1c542fadMark Andrews *) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump)
a483e67c4cdcbfc29ddc62b5a2d0d99b1c542fadMark Andrews [Paul Querna]
d73de275987d29627dc11d5bd4a22874a29f7874Mark Andrews *) ap_get_local_host() rewritten for APR. [Jim Jagielski]
8f9664521724eefc39728c092d0bc6be527e1496Mark Andrews *) Add the ap_vhost_iterate_given_conn function to expose the information
8f9664521724eefc39728c092d0bc6be527e1496Mark Andrews used in Name Based Virtual Hosting. (minor MMN bump)
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Paul Querna]
da091cda77fa951e682119c3df84f60a62bed702Mark Andrews *) Remove the never working ap_method_list_do and ap_method_list_vdo.
da091cda77fa951e682119c3df84f60a62bed702Mark Andrews [Paul Querna]
d8d489cd8efc45b06a232ac07a636b3d36cc7e8fMark Andrews *) Added makefile and doc for building mod_ssl on the NetWare
d8d489cd8efc45b06a232ac07a636b3d36cc7e8fMark Andrews platform. [Guenter Knauf, Brad Nicholes]
bdb1394788a677d0b6e8499ba1ece17a73f476c7Mark Andrews *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
bdb1394788a677d0b6e8499ba1ece17a73f476c7Mark Andrews applications that send the Vary Header themselves, and also apply
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews mod_deflate as an output filter. [Paul Querna]
c8aa2c83113229a59069cbd05c735896f51b886bMark Andrews *) Change the default (when not present in the config file) setting
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews for UseCanonicalName to Off.
a1edcd1b8d430650d85ec0962cd32efde76a71fbMark Andrews [Joshua Slive]
5b1627d469d07c5bfe7f193e3ddd85d0dd6ad4b0Mark Andrews *) mod_userdir: The module no longer does any remapping unless the
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews UserDir directive is present in the config file.
7c23b791f4ae8f0c4c2982a91d13c0ecb15ee798Mark Andrews [Joshua Slive]
7c23b791f4ae8f0c4c2982a91d13c0ecb15ee798Mark Andrews *) Massively simplify the distributed httpd.conf by removing
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews many features and many directives that are at their default
8989de1059c6292fc43ce507df4991224af2d789Mark Andrews setting. Add a selection of example config excerpts for adding
8989de1059c6292fc43ce507df4991224af2d789Mark Andrews extra features in the conf/extra/ directory. Install the
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews distributed config and the extra config examples in the
acc8b7ac3d16538bf223545bbf71899b9accaebbMark Andrews conf/original/ directory during make install.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Joshua Slive, Justin Erenkrantz]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap,
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews mod_userdir and mod_autoindex as shared modules rather than
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews built-in modules within the NetWare build.
b9efcf0a377381b29960137e54ecaf4db85a35c8Mark Andrews [Brad Nicholes]
8e5893c36cdccc706f9632f51e0c8d390d2a8d06Mark Andrews *) Rename mod_imap to mod_imagemap.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Paul Querna]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) util_ldap: Eliminate the load ordering of mod_ldap and mod_authnz_ldap
9549a96654ead15b264c9159d48eb485e4f9db55Mark Andrews by changing the mod_ldap exported functions to optional functions.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Brad Nicholes]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark AndrewsChanges with Apache 2.1.4
88aa68f478c1634f5f10034fb6ea4158efa20ff4Mark Andrews *) Don't let a subrequest inherit headers describing the original request's
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews body. [Greg Ames]
4c83dd7f22b19c75afdd311684f6ba0faa24e8d8Mark Andrews *) Fix Windows CompContext buff size miscalculation
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Allan Edwards]
5f4098e478ae913cdc1bb8851599b8f2431050d3Mark Andrews *) Add ReceiveBufferSize directive to control the TCP receive buffer.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Eric Covener <covener gmail.com>]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the
26cf4737b3e84c3a686a5eacebf22ac39e57d4caMark Andrews end of the request body to work with really old HTTP servers.
26cf4737b3e84c3a686a5eacebf22ac39e57d4caMark Andrews [Justin Erenkrantz]
34e5a08809dda3276252269ebddd1616e62081a2Mark Andrews *) util_ldap: Keep track of the number of attributes retrieved from
34e5a08809dda3276252269ebddd1616e62081a2Mark Andrews LDAP so that all the values can be properly cached even if the
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews value is NULL. PR 33901 [Brad Nicholes]
0cd36f1d15caf6622ec3128544d4238ad180a300Mark Andrews *) mod_cache: Fix error where incoming Cache-Control would be ignored.
0cd36f1d15caf6622ec3128544d4238ad180a300Mark Andrews [Justin Erenkrantz]
93649589d470624e9e1c34403ad076b3a1a4c5c3Mark Andrews *) mod_cache: Correctly handle originally conditional requests.
93649589d470624e9e1c34403ad076b3a1a4c5c3Mark Andrews [Sander Striker]
29f5bb81e2d1d72fc6e44c87404bd4598a34df94Mark Andrews *) mod_disk_cache: Correctly update cached headers on revalidated responses.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Sander Striker, Justin Erenkrantz]
ddc592d128cdde85ada64efbda95981c10c4c03cMark Andrews *) worker MPM/mod_status: Support per-worker tracking of pid and
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews generation in the scoreboard so that mod_status can accurately
88c2b83cc548a217cc92a2bf75ca1ef1d4237d4fMark Andrews represent workers in processes which are gracefully terminating.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews (major MMN bump)
bd6ad47c3dbc52a54f240432878b6832bd6dd6e2Mark Andrews [Jeff Trawick]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Correctly export all mod_dav public functions.
c7c1bf7dc167ff164193bc04f33a22109e4c0829Mark Andrews [Branko Čibej <brane xbc.nu>]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark AndrewsChanges with Apache 2.1.3
9e205a3c51e68d19a7ed03244d45b14b3e0d69afMark Andrews *) mod_ssl: Add ssl_ext_lookup optional function for accessing
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews certificate extensions. [David Reid, Joe Orton]
e823642ec0c167af8f7db01c96ba0279165a61f3Mark Andrews *) Add support for use of an external PCRE library; pass the
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews --with-pcre flag to configure. PR 27550. [Joe Orton,
93e6ebcd0a0f044ba2add424c265b5e0bb4c8afdMark Andrews Andres Salomon <dilinger voxel.net>]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) Renamed regex interfaces to be namespace-safe, and moved from
8ac1acc30d0f405222ffa7b2b93131d9d4e18599Mark Andrews pcreposix.h header to ap_regex.h: regex_t->ap_regex_t,
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews regmatch_t->ap_regmatch_t; REG_*->AP_REG_*; functions
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews reg*->ap_reg*. PR 27550. [Andres Salomon <dilinger voxel.net>,
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews *) Only recompile buildmark.c when we have to relink httpd.
c99d9017ba00099bfa89e1ed53e63a5cb07d28d5Mark Andrews [Justin Erenkrantz]
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews *) mod_cache: Fix up handling of revalidated responses.
c4a9ce445c48a57eed5aa16582b1964cf8cedf87Mark Andrews [Justin Erenkrantz]
a04a323f9a1ebd4766fc577e11bf3c22bdaf5516Mark Andrews *) mod_disk_cache: Properly load cached ETag from on-disk structures.
a04a323f9a1ebd4766fc577e11bf3c22bdaf5516Mark Andrews [Justin Erenkrantz]
dd0228908543562781a4c0d8773ae87d4c530633Mark Andrews *) mod_authnz_ldap: Added an optional second parameter to AuthLDAPURL
dd0228908543562781a4c0d8773ae87d4c530633Mark Andrews to allow it to override the connection type set in mod_ldap. This
dd0228908543562781a4c0d8773ae87d4c530633Mark Andrews parameter can be set to NONE, SSL or TLS | STARTTLS.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Brad Nicholes]
810e8d27763c5d8557239ab321eb125163af9236Mark Andrews *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
b907c35b33a5a57e95ac021fb6a0086dbe369840Mark Andrews [Max Bowsher <maxb ukf.net>]
15f358ed4ea081793041bbfba70849be472236d3Mark Andrews *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
94323de0419d68fe8c48af7ae14a2f1a1cd274a8Mark Andrews [Rici Lake <rici ricilake.net>]
984c39beed2fee49dda75c4c8a37b7f32bf434bfMark Andrews *) mod_proxy: Fix incorrect decoding/unescaping for reverse proxies.
94323de0419d68fe8c48af7ae14a2f1a1cd274a8Mark Andrews PR 32459, 15207. [Jim Jagielski]
c311ed52d45334e182a093efad827fe4cbe7e686Mark Andrews *) mod_cache: Add CacheStorePrivate and CacheStoreNoStore directive.
c311ed52d45334e182a093efad827fe4cbe7e686Mark Andrews [Justin Erenkrantz]
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews *) Add --enable-pie flag to configure, to build httpd as a Position
79a6a33184abff1999ba13b10922ccb34a2758a5Mark Andrews Independent Executable where supported (GCC/binutils).
5d26560e2b93e1aa0334931ec6ccb6045c3581fcMark Andrews *) proxy_balancer: Add in load-balancing via weighted traffic
5d26560e2b93e1aa0334931ec6ccb6045c3581fcMark Andrews byte count. [Jim Jagielski]
2b1c71b134eb92f2e297a56f778838e42f41c880Mark Andrews *) mod_disk_cache: Cache r->err_headers_out headers. This allows CGI
2b1c71b134eb92f2e297a56f778838e42f41c880Mark Andrews scripts to be properly cached. [Justin Erenkrantz, Sander Striker]
2b1c71b134eb92f2e297a56f778838e42f41c880Mark Andrews *) mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option()
d6fbfd28ea82e425740de903ddc67f7d9e9f82e7Mark Andrews API for the setting of server and client SSL certificates. Replaced
d6fbfd28ea82e425740de903ddc67f7d9e9f82e7Mark Andrews LDAPTrustedCA directive with LDAPTrustedGlobalCert and
d6fbfd28ea82e425740de903ddc67f7d9e9f82e7Mark Andrews LDAPTrustedClientCert directives to correctly support global certs
7791dd06ea69d0fb2494788ad4c24d568f40bcdfMark Andrews (CA certs / Netware client certs) and per connection client certs
7791dd06ea69d0fb2494788ad4c24d568f40bcdfMark Andrews as supported by Netware, OpenLDAP and Netscape/Mozilla.
091b098b49a4f84f459abd46451955a18abd6d40Mark Andrews [Graham Leggett]
091b098b49a4f84f459abd46451955a18abd6d40Mark Andrews *) mod_cache: Remove unimplemented CacheForceCompletion directive.
7d3458a972a902740eb142044655aba6c6ffb9acMark Andrews [Justin Erenkrantz]
7d3458a972a902740eb142044655aba6c6ffb9acMark Andrews *) support/check_forensic: Fix temp file usage
7c441b7f4afdedb6e5a99f113a4f926a005fa950Mark Andrews [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
7c441b7f4afdedb6e5a99f113a4f926a005fa950Mark Andrews *) mod_ssl: Add SSLCADNRequestFile and SSLCADNRequestPath directives
7c441b7f4afdedb6e5a99f113a4f926a005fa950Mark Andrews which can be used to configure a specific list of CA names to send
f0ffc28f61a68b350fef9257f5f50e1ac866e0abMark Andrews in a client certificate request. PR 32848.
7f20fd8ebb0cabc8f935381d958f8371990c9212Mark Andrews *) --with-module can now take more than one module to be statically
7f20fd8ebb0cabc8f935381d958f8371990c9212Mark Andrews linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrews If the <modtype>-subdirectory doesn't exist it will be created and
8695d7b357789bedff63e5b19c5ab25cd58fcd4bMark Andrews populated with a standard Makefile.in. [Erik Abele]
f76c4ebaf586a693521f018fbc617c292c1555d7Mark Andrews *) Remove some compiler warnings within the LDAP modules [Graham Leggett]
b597abd9cc44c7b9ecd0ff67df59a21ff45e88d5Mark Andrews *) Add a build script to create a solaris package. [Graham Leggett]
b597abd9cc44c7b9ecd0ff67df59a21ff45e88d5Mark Andrews *) ap_http_scheme() replaced with ap_http_method() - this function
b597abd9cc44c7b9ecd0ff67df59a21ff45e88d5Mark Andrews returns the scheme (http v.s. https).
81e302788a444b81231a7cda721548a020ae5660Brian Wellington [William Rowe]
81e302788a444b81231a7cda721548a020ae5660Brian Wellington *) mod_proxy: Fix a request corruption problem and a buffering problem
c00a1eb423623442aff428336bb55590f79013bbMark Andrews which sometimes prevented proxy-sendchunks from working.
c00a1eb423623442aff428336bb55590f79013bbMark Andrews [Jeff Trawick]
1e258716acade52396a8f260b5e19cbf6ca0290aMark Andrews *) Fix the RPM spec file so that an RPM build now works. An RPM
d972fa317829804a692e46a34b6f27a33f861d9dMark Andrews build now requires system installations of APR and APR-util.
d972fa317829804a692e46a34b6f27a33f861d9dMark Andrews [Graham Leggett]
4b171ebd702d72200a4d7609f11c5f79d6b6f964Brian Wellington *) Significantly simplify the load balancer scheduling algorithm
4b171ebd702d72200a4d7609f11c5f79d6b6f964Brian Wellington for the proxy BalancerMember weighting. loadfactors (lbfactors)
cceca51fec3b4af660d28e2d3df7242823312eb6Brian Wellington are now normalized with respect to each other. [Jim Jagielski]
03fae7ef2173cdf32918853b047d95d9046574ccMark Andrews *) mod_dumpio: Added to the available module suite; it is an
03fae7ef2173cdf32918853b047d95d9046574ccMark Andrews I/O logging/dumping module. Placed in the (new) debug module
03fae7ef2173cdf32918853b047d95d9046574ccMark Andrews subdirectory. mod_bucketeer moved to that directory as well.
03fae7ef2173cdf32918853b047d95d9046574ccMark Andrews [Jim Jagielski]
ad611e746d6fdcbb9e67da361a3a039c226a9236Mark Andrews *) core: Add support for APR_TCP_DEFER_ACCEPT to defer accepting
603d1d1e20fbffc986b3aec93379bb4f6ac37afcMark Andrews of a connection until data is available.
603d1d1e20fbffc986b3aec93379bb4f6ac37afcMark Andrews [Paul Querna]
94323de0419d68fe8c48af7ae14a2f1a1cd274a8Mark AndrewsChanges with Apache 2.1.2
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews *) mod_proxy: Respect errors reported by pre_connection hooks.
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews [Jeff Trawick]
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews *) core: Error out on sections that are missing an argument instead of
1fb264ed3aa861a67d7bab9aeb5aea5836e03c14Mark Andrews silently consuming the section. PR 25460.
1fb264ed3aa861a67d7bab9aeb5aea5836e03c14Mark Andrews [Geoffrey Young, Paul Querna]
608c703d1231e0b1f291637ca5361b773afcdbf1Mark Andrews *) mod_cache/mod_mem_cache/mod_disk_cache: Move out of experimental.
608c703d1231e0b1f291637ca5361b773afcdbf1Mark Andrews *) Upgraded PCRE to version 5.0. [Brian Pane]
feb8ae093115b36ac061e23d0227ea06f51950a3Mark Andrews *) mod_cgid: Catch configuration problem where two web server instances
27151990b2b48f027f7f01972fe8e0dfa1df52d3Mark Andrews share same ServerRoot but admin forgot to use ScriptSock.
27151990b2b48f027f7f01972fe8e0dfa1df52d3Mark Andrews [Jeff Trawick]
6b610836bc081fdadf7bc7a16ce27f422c6b5638Brian Wellington *) mod_cgi: Ensure that all stderr is logged for a script which returns
6b610836bc081fdadf7bc7a16ce27f422c6b5638Brian Wellington a Location header to generate a non-local redirect. PR 20111.
2211bec6a0626b681fdf5a8e4406555ef76ddf70Mark Andrews *) Added the Event MPM to more efficiently handle clients during a
2211bec6a0626b681fdf5a8e4406555ef76ddf70Mark Andrews Keep Alive request.
fcb2ecdb52a594a5c0d07c2e98e67c14708c16dfMark Andrews [Paul Querna, Greg Ames]
fcb2ecdb52a594a5c0d07c2e98e67c14708c16dfMark AndrewsChanges with Apache 2.1.1
3561e645d77448b20b1676680b08c76d559e5335Mark Andrews *) mod_proxy_http: Stream content better - always flush buffered data to
b9c80c8bddbb88384d7baef297a873b5f8715e49Mark Andrews the client before blocking waiting for new data. PR 19954.
b9c80c8bddbb88384d7baef297a873b5f8715e49Mark Andrews *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which
b9c80c8bddbb88384d7baef297a873b5f8715e49Mark Andrews will dump the filenames of all configured SSL certificates to stdout.
faf23095be9a0b5e2696f2b1f1a260af16e9ebeaMark Andrews *) mod_disk_cache: Remove a bunch of non-implemented garbage collection
27269e9dd45b619160f90db1a0f6b2b3f6f4bbb8Mark Andrews and cache size directives that are now available through htcacheclean.
faf23095be9a0b5e2696f2b1f1a260af16e9ebeaMark Andrews [Justin Erenkrantz]
f38c274c217d0a5b791786877422306a0e477e10Mark Andrews *) Add htcacheclean to support/ for assistance with mod_disk_cache.
84ef147b1fa0aed15cade55478ed647d15f7b094Mark Andrews [Andreas Steinmetz]
84ef147b1fa0aed15cade55478ed647d15f7b094Mark Andrews *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that
e53a5a116fc531f730df0adb091278ff8a941dffMark Andrews allows the module to authorize a user based on a complex LDAP
e53a5a116fc531f730df0adb091278ff8a941dffMark Andrews search filter. [Brad Nicholes]
fc7fbdf6e66fb496442ec4f99f5a84669ea4c6d3Mark Andrews *) mod_usertrack: Run the fixups hook before other modules.
fc7fbdf6e66fb496442ec4f99f5a84669ea4c6d3Mark Andrews PR 29755. [Paul Querna]
fc7fbdf6e66fb496442ec4f99f5a84669ea4c6d3Mark Andrews *) Allow mod_authnz_ldap authorization functionality to be used
986be654feec852eb9da0d15599f18d0035e569bMark Andrews without requiring the user to also be authenticated through
986be654feec852eb9da0d15599f18d0035e569bMark Andrews mod_authnz_ldap. This allows other authentication modules to
986be654feec852eb9da0d15599f18d0035e569bMark Andrews take advantage of LDAP authorization only [PR 28253]
3703473c4a2672af58b4f141e92067e969fd978eBrian Wellington [Jari Ahonen jah progress.com, Brad Nicholes]
c26c65b7a0d036e78bfc73f3e7e0817adb0365c0Mark Andrews *) Log the client IP address when an error occurs disabling nagle on a
43733a83ed92359555c0dcc766e04216ba858309Mark Andrews connection, but log at a severity of debug since this error
43733a83ed92359555c0dcc766e04216ba858309Mark Andrews generally means that the connection was dropped before data was
43733a83ed92359555c0dcc766e04216ba858309Mark Andrews sent. Log the client IP address when reporting errors in the core
bda64555f62216c3e785338f372a7ad9b79c197cMark Andrews output filter. [Jeff Trawick]
bda64555f62216c3e785338f372a7ad9b79c197cMark Andrews *) Add ap_log_cerror() for logging messages associated with particular
39c2b741427eedafe5054909773c2e121c078b72Mark Andrews client connections. [Jeff Trawick]
39c2b741427eedafe5054909773c2e121c078b72Mark Andrews *) core: Add a warning message if the request line read fails.
de36c606c52ad51e5abca6e42faf655937e5ed10Mark Andrews [Paul Querna]
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews *) mod_rewrite: Removed the MaxRedirects option in favor of the
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews core LimitInternalRecursion directive. [André Malo]
23cb957a81a51a9656917ea98d0ae56b7abdcaccMark Andrews *) mod_info: Added listing of the Request Hooks and added more build
28d8b4118da7abed531ca09136a6d1402837d721Mark Andrews information like 'httpd -V' contains. Changed output to XHTML.
28d8b4118da7abed531ca09136a6d1402837d721Mark Andrews [Paul Querna]
d6c0627d1e4d841eac9576427f2d4a0cf9a47e2cMark Andrews *) mod_info: Rewrote config tree walk using a recursive function.
d6c0627d1e4d841eac9576427f2d4a0cf9a47e2cMark Andrews Added ?config option. Added printout of config filename and line numbers.
d6c0627d1e4d841eac9576427f2d4a0cf9a47e2cMark Andrews [Rici Lake <rici ricilake.net>, Paul Querna]
eeede5be4b3ff940b622799a04951e0dc45ad45fAndreas Gustafsson *) mod_proxy: Fix type error that prevents proxy-sendchunks from working.
eeede5be4b3ff940b622799a04951e0dc45ad45fAndreas Gustafsson [Justin Erenkrantz]
8f63de30293716a22054e7db47f27e81bab545c5Mark Andrews *) mod_proxy: Fix data corruption by properly setting aside buckets.
8f63de30293716a22054e7db47f27e81bab545c5Mark Andrews [Justin Erenkrantz]
caa8797a00ccb1a02f1690dda5b4aeda9a1db5a7Mark Andrews *) mod_proxy: If a request has a blank body and has a 0 Content-Length
caa8797a00ccb1a02f1690dda5b4aeda9a1db5a7Mark Andrews headers, pass that to the proxy. [Justin Erenkrantz]
9ae90732df942a7ffcbaa26ba254b55248ce79a5Mark Andrews *) Recognize QSA flag in mod_rewrite again.
9ae90732df942a7ffcbaa26ba254b55248ce79a5Mark Andrews [Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
c1567cb58cbf2eb816320ff49f000afafea02a85Mark Andrews *) Restructured mod_auth_ldap to fit the new authentication model.
f3222d48cc3d81706d198faa00dea9720eb0768dMark Andrews The module is now called authnz_ldap and has been moved out of
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews the modules/experimental area and into modules/aaa with the other
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews auth modules. Both the authn_ldap provider and the authz_ldap
c73c1c33ec9569c8f9ffd205b48f044f9b03795bMark Andrews handler are contained within the authnz_ldap module. The
e95cc59f90d35f2d482b6f9c19ba96818275335cMark Andrews authz_ldap handler introduces 3 new "requires" values for handling
0062c1ddfe0b2f0a4e206a5d460d8e7d58e29b80Brian Wellington authorization. These handlers are ldap-user, ldap-group and
0062c1ddfe0b2f0a4e206a5d460d8e7d58e29b80Brian Wellington ldap-dn. [Brad Nicholes]
0062c1ddfe0b2f0a4e206a5d460d8e7d58e29b80Brian Wellington *) Fix some compiler warnings in proxy
48b0f5ff87f0a5a138129bcd855fd72908491321Andreas Gustafsson [Geoffrey Young <geoff@modperlcookbook.org>]
48b0f5ff87f0a5a138129bcd855fd72908491321Andreas Gustafsson *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
0b809e3e23f9f3d9697def5f447aa57d5aeef56bAndreas Gustafsson number of days until the client cert expires. [Joe Orton]
cde7dfea4c1267a2b526114f4ea80fe9db1fc557Brian Wellington *) Add test_config hook, run only if httpd is invoked using -t.
fca9cc33ad4299e58e53aa5273d805477267e27aBrian Wellington *) Improve error handling for corrupted pid files. [Jeff Trawick]
2ca2e1a1ceec59a40f977f01ba8e8f4c0424c484Brian Wellington *) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD
2ca2e1a1ceec59a40f977f01ba8e8f4c0424c484Brian Wellington (for backwards compatibility):
2ca2e1a1ceec59a40f977f01ba8e8f4c0424c484Brian Wellington Avoids mod_ssl.h (not included in 2.0-HEAD) and
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington use apr_socket_create_ex for 0.9.x
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington [Mladen Turk]
683f10428e292811317df38fa324f242abbf7384Mark Andrews *) Added proxy_ajp.c module for proxy support to ajp:// backends.
683f10428e292811317df38fa324f242abbf7384Mark Andrews [Jean Frederic Clere]
5da1e589c2288dbe87002f771005a78d80a2e258Mark Andrews *) Fixes the build of proxy on Windows. Since the proxy_module is declared
5da1e589c2288dbe87002f771005a78d80a2e258Mark Andrews as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there
5da1e589c2288dbe87002f771005a78d80a2e258Mark Andrews is a LNK2001 error when building proxy_http. [Mladen Turk]
5da1e589c2288dbe87002f771005a78d80a2e258Mark Andrews *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
5da1e589c2288dbe87002f771005a78d80a2e258Mark Andrews [Graham Leggett]
852fa3b2e32719d094f3ad6513238841ae1f078bMark Andrews *) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz]
8569ab045a4cf6ecd1b5a3354ddb1c93ef34ea57Brian Wellington *) perchild MPM: Fix thread safety problem in the use of longjmp().
8569ab045a4cf6ecd1b5a3354ddb1c93ef34ea57Brian Wellington [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
a5c077e40c784cf9e25c95a1ab94db2faab04ae9Brian Wellington *) Add load balancer support to the scoreboard in preparation for
a5c077e40c784cf9e25c95a1ab94db2faab04ae9Brian Wellington load balancing support in mod_proxy. [Mladen Turk]
a5c077e40c784cf9e25c95a1ab94db2faab04ae9Brian Wellington *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to
2ca556300b09a94f0937b303386d29b95ef057ddBrian Wellington allow a non-secure connection to be upgraded to secure connections
2ca556300b09a94f0937b303386d29b95ef057ddBrian Wellington [Brad Nicholes]
2ca556300b09a94f0937b303386d29b95ef057ddBrian Wellington *) core: Add Options= syntax to AllowOverride to specify which options
97527fc03cdb061759e2c9529c670ac1c190ef84Brian Wellington may be overridden in .htaccess files. PR 29310.
97527fc03cdb061759e2c9529c670ac1c190ef84Brian Wellington [Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna]
e1c2a8b9c120bcfc2f56e866ca3069b8a90c38dbMark Andrews *) ab: Handle long URLs with an error instead of an buffer overflow.
e1c2a8b9c120bcfc2f56e866ca3069b8a90c38dbMark Andrews PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
b7064914ca566fdd67cf0fe7e82d586cbb596470Mark Andrews *) mod_so, core: Add new command line options to print all loaded
b7064914ca566fdd67cf0fe7e82d586cbb596470Mark Andrews modules. '-t -D DUMP_MODULES' and '-M' will show all static
3e67a87fc6be516ec12afa5aa31c2c04d5a6ae17Brian Wellington and shared modules as loaded from the configuration file.
3e67a87fc6be516ec12afa5aa31c2c04d5a6ae17Brian Wellington [Paul Querna]
49f62849e5f80add0ee36b0f9b42cdce8de9748aMark Andrews *) mod_autoindex: Add ShowForbidden to IndexOptions to list files
e9472e9f18f1c4f1279be2b3147be13a2bb731d0Mark Andrews that are not shown because the subrequest returned 401 or 403.
e9472e9f18f1c4f1279be2b3147be13a2bb731d0Mark Andrews PR 10575. [Paul Querna]
e9472e9f18f1c4f1279be2b3147be13a2bb731d0Mark Andrews *) mod_headers: implement "Early" processing option in post_read_request
e9472e9f18f1c4f1279be2b3147be13a2bb731d0Mark Andrews to enable Header and RequestHeader directives to be used to set up
d073663cb45bef2fff5f9a43b9b6006edfc52483Mark Andrews testcases for pre-fixups request phases [Nick Kew]
d073663cb45bef2fff5f9a43b9b6006edfc52483Mark Andrews *) mod_proxy: multiple bugfixes, principally support cookies in
d83346263dc68358d73de2a8be60846c9c92950eAndreas Gustafsson ProxyPassReverse, and don't canonicalise URL passed to backend.
cad61731f8e960d9d99034a2a6eaafe1069c405cMark Andrews Documentation correspondingly updated. [Nick Kew <nick webthing.com>]
54469c2b2262f6a3f09610df69e16e9c75fd1fe5Mark Andrews *) mod_deflate: support gzip flags in inflate_out_filter
54469c2b2262f6a3f09610df69e16e9c75fd1fe5Mark Andrews [Nick Kew <nick webthing.com>]
90e303b114e56db5809fdd19805243457fa43cd9Olafur Gudmundsson *) Drop the ErrorHeader directive which turned out to be a misnomer.
90e303b114e56db5809fdd19805243457fa43cd9Olafur Gudmundsson Instead there's a new optional flag for the Header directive
90e303b114e56db5809fdd19805243457fa43cd9Olafur Gudmundsson ('always'), which keeps the former ErrorHeader functionality.
adbb11147cd5d97d140485fa37e85e66e15cf594Mark Andrews [André Malo]
adbb11147cd5d97d140485fa37e85e66e15cf594Mark Andrews *) mod_deflate: Don't deflate responses with zero length
9ab461a6ffed2ae2fe0380c30b69052db7473405Mark Andrews e.g. proxied 304's [Allan Edwards]
b627356826f7b22e2ef396b80e8394eac76bc109Mark Andrews *) <IfModule> now recognizes the module identifier in addition to the
77467267d97c781f3f3d050e229a874831e59c3dMark Andrews file name. PR 29003. [Edward Rudd <eddie omegaware.com>, André Malo]
13ba983cc86bc7d80d5f66ba09002f7d510a6631Mark Andrews *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
3036da01090c0d1e11cddc26af16630d6d9c1f39Mark Andrews OpenSSL 0.9.7 flag which uses the server's cipher order rather
84d8c0166ddc63ad5ce64e7d354553de38b9aabdAndreas Gustafsson than the client's. PR 28665.
da5d1cf1b1aa29ae53a0427be49291b04bd60549Mark Andrews [Jim Schneider <jschneid netilla.com>]
66291de2060a1569de3fe9c5f0c1225448868f7aMark Andrews *) mod_ssl: Drop support for the CompatEnvVars argument to
6c06bc591a830023e5e7a41cc4b37978b98c0c51Mark Andrews SSLOptions, which was never actually implemented in 2.0.
58d943711575376b05b3b3b303922a8a9d7ce9c1Mark Andrews *) Fix bug in mod_deflate that unconditionally sent deflate'd output
c36f45e354c0d5b6ab9f821bfe315d0ce9d95a29Mark Andrews even when Accept-Encoding is not present. [Justin Erenkrantz]
9cec4ca6cac428a46c6d64197c64831dcc02f506Andreas Gustafsson *) Pass environment variables through to piped loggers and start
9cec4ca6cac428a46c6d64197c64831dcc02f506Andreas Gustafsson them via the shell, resolving regressions since 1.3. PR 28815
23fb770906bf1fd98210f16ad660078274242963Mark Andrews [Ken Coar, Jeff Trawick]
23fb770906bf1fd98210f16ad660078274242963Mark Andrews *) External rewrite map responses are no longer limited to 2048
0cb27602e5690baa9ab61c7c1430e507536adca7Brian Wellington bytes. [André Malo]
0cb27602e5690baa9ab61c7c1430e507536adca7Brian Wellington *) Proxy server was deleting cookies that Apache had already
ff1b064f5e2bf19c8e25f8927d23df5714e666edMark Andrews assigned if the origin server had set any cookies. PR 27023.
ff1b064f5e2bf19c8e25f8927d23df5714e666edMark Andrews [Jim Jagielski]
8e40433e347bc487cd70f02487fc7ce947a2422aMark Andrews *) Removed old and unmaintained ap_add_named_module API and changed
8e40433e347bc487cd70f02487fc7ce947a2422aMark Andrews the following APIs to return an error instead of hard exiting:
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
880723fb130841459d45695b387651cacd6c9bb8Mark Andrews and ap_process_resource_config. [André Malo]
8f44fd4f8d5cefc227ab0fe59cbcbc3979fbc9caAndreas Gustafsson *) mod_headers: Allow %% in header values to represent a literal %.
8f44fd4f8d5cefc227ab0fe59cbcbc3979fbc9caAndreas Gustafsson *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
fefbb64a751f23c9dcf8bb1e62c6ed40a6a04fb2Mark Andrews [André Malo]
fefbb64a751f23c9dcf8bb1e62c6ed40a6a04fb2Mark Andrews *) mod_headers: Allow 'echo' also for ErrorHeaders. [André Malo]
b938d2af619822a8262c86223cad958511e716a9Andreas Gustafsson *) mod_deflate: New option for DEFLATE output file (force-gzip),
111e3433d289e8b4ea1260add39baa78c2a46891Mark Andrews new output filter 'INFLATE' for uncompressing responses.
cf300e03de3df3ff422db922520bf07c686c86daMark Andrews [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
cf300e03de3df3ff422db922520bf07c686c86daMark Andrews *) Added new module mod_version, which provides version dependent
9ac8796f1653d89af589753a3e42c694f35ddd8aMark Andrews configuration containers. [André Malo]
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson format is used. PR 27787. [André Malo]
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson *) Allow Digest providers to return AUTH_DENIED to propagate a 401
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson status and terminate the provider chain prior to checking the password.
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson [Geoffrey Young]
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson Don't place script socket inside default server root instead of
242bba8991b030b7764f0bdca3922d75c34ea51eAndreas Gustafsson actual server root. PR 27886. [Jeff Trawick]
02bdc23f8e3ca0f710e0a40daa15941ab1db6bb2Mark Andrews *) mod_proxy: Fix handling of non-200 success status codes when
45fe575607b91147ed753d175a7255198f14f197Andreas Gustafsson "ProxyErrorOverride On" is configured. PR 20183.
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews [Marcus Janson <marcus.janson tre.se>, Joe Orton]
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews directive (previously NetWare-only) to override default thread
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews stack size for threads which handle client connections. Required
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews for some third-party modules on platforms with small default
ef29912666cc6160f7165558bef017ab3849c5e1Mark Andrews thread stack size. [Jeff Trawick]
0cfa2fb26df42f781eca8c4c856d2d0165055bebMark Andrews *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
0cfa2fb26df42f781eca8c4c856d2d0165055bebMark Andrews now populates r->user with the (possibly unauthenticated) user,
0cfa2fb26df42f781eca8c4c856d2d0165055bebMark Andrews and mod_auth_digest returns 500 when a provider returns
06a949d2ce8d4b4cbfbf4e7a0335316520aafa46Andreas Gustafsson AUTH_GENERAL_ERROR.
06a949d2ce8d4b4cbfbf4e7a0335316520aafa46Andreas Gustafsson [Geoffrey Young]
0b81e99ddfb01746e667797dedc291fc550d14d3Brian Wellington *) The whole codebase was relicensed and is now available under
0b81e99ddfb01746e667797dedc291fc550d14d3Brian Wellington the Apache License, Version 2.0 (http://www.apache.org/licenses).
0b81e99ddfb01746e667797dedc291fc550d14d3Brian Wellington [Apache Software Foundation]
3638017bd3cb8e30874f708a125d1541b680b25eBrian Wellington *) Delete some make-generated files in the server directory during
3638017bd3cb8e30874f708a125d1541b680b25eBrian Wellington "make clean" processing. PR 26552. [Jeff Trawick]
8771fbe4a2cee7bebd785a486824833d741c7315Brian Wellington *) Add core version query function (ap_get_server_revision) and
8771fbe4a2cee7bebd785a486824833d741c7315Brian Wellington accompanying ap_version_t structure (minor MMN bump).
f59d47928ed33d1546e8f982370086429f727e85Andreas Gustafsson *) mod_rewrite: EOLs sent by external rewritemaps are now consumed
f59d47928ed33d1546e8f982370086429f727e85Andreas Gustafsson as whole. That way, on systems with more than one EOL character
b541c10d0442d9804d94567a97956cec3bd2912dBrian Wellington rewritemap programs no longer need to switch stdout to binary
c01237c6bc5ec25063b4aae1799fe4de01a7455bAndreas Gustafsson mode. PR 25635. [André Malo]
c01237c6bc5ec25063b4aae1799fe4de01a7455bAndreas Gustafsson *) mod_rewrite: Introduce the ability to force a content handler via
60213f2815a7e6584a2285546d05633fa7b6f5b4Mark Andrews the [handler=...] flag. [André Malo]
60213f2815a7e6584a2285546d05633fa7b6f5b4Mark Andrews *) mod_rewrite: Introduce the RewriteCond -x check, which returns
c52806164c335f89e1980af836470b6daffe4f82Andreas Gustafsson true if the pattern is a file with execution permissions.
6c8abf481df85a67c3f32f5f107b554d3ff5a3edMark Andrews *) mod_rewrite: Allow proxying and RewriteRules in directory context
c52806164c335f89e1980af836470b6daffe4f82Andreas Gustafsson for subrequests. PR 14648, 15114. [André Malo]
1e4bfff1855795853648f507422b96fc8fecbff1Mark Andrews *) mod_rewrite: Allow setting of any valid HTTP response code.
6b31d9c56874d3bd58b420cbe6cd64be502dbe08Andreas Gustafsson PR 25917. [André Malo]
6b31d9c56874d3bd58b420cbe6cd64be502dbe08Andreas Gustafsson *) mod_rewrite: Cookie creation now works locale independent.
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews *) mod_ssl: Add support for distributed session cache using 'distcache'.
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrews [Geoff Thorpe <geoff geoffthorpe.net>]
d9d6d2f77fe54831dec9cde8ca03ae1f825599f9Andreas Gustafsson *) mod_dav: Disallow requests with an unescaped hash character in
d9d6d2f77fe54831dec9cde8ca03ae1f825599f9Andreas Gustafsson the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
9b2c0d29248ad5f86b47319239a06c783e1b5307Andreas Gustafsson *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
eb2c518a3871932e86268e7c6ddae2b2a00d72fdMark Andrews attaches a body to the 302 response and a wrong Content-Length header.
4072dfb9b865c82c24a72e734d54da51a20dfc1eMark Andrews PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
92094d44a2d0cb2b1be58a87299903ba7c436a0cAndreas Gustafsson *) Bring ErrorHeader concept forward from 1.3, so that response
92094d44a2d0cb2b1be58a87299903ba7c436a0cAndreas Gustafsson header fields can be set for return even on errors or external
92094d44a2d0cb2b1be58a87299903ba7c436a0cAndreas Gustafsson redirects. [Ken Coar]
11fe3dcfe2a5fbefd0cfe445872dc4c595506204Andreas Gustafsson *) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
11fe3dcfe2a5fbefd0cfe445872dc4c595506204Andreas Gustafsson in the initial container. PR 25414.
d1abb8bb020aacd1ce0da65c2d5d8f7c96ebd52aMark Andrews [Geoffrey Young <geoff apache.org>]
b4aeceec736cd16d4c4e98f519c8df79b15fbe45Andreas Gustafsson *) Clean up httpd -V output: Instead of displaying the MPM source
b4aeceec736cd16d4c4e98f519c8df79b15fbe45Andreas Gustafsson directory, display the MPM name and some MPM properties.
307ba34fa07db768c3a899844f248a2c1d7dcc7fAndreas Gustafsson [Geoffrey Young <geoff apache.org>]
307ba34fa07db768c3a899844f248a2c1d7dcc7fAndreas Gustafsson *) mod_ssl/mod_status: Re-enable support for output of SSL session
307ba34fa07db768c3a899844f248a2c1d7dcc7fAndreas Gustafsson cache information in server-status page. [Joe Orton]
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington *) mod_ssl: Remove the shmht session cache, shmcb should be used
b6b9d8b8434e4eaab74b69cd14fcacf448055ca5Brian Wellington instead. [Joe Orton]
31f6e44dcaad33d66d607e3a919d4aa59cdbaec5Andreas Gustafsson *) mod_logio: Account for some bytes handed to the network layer prior to
31f6e44dcaad33d66d607e3a919d4aa59cdbaec5Andreas Gustafsson dropped connections. [Jeff Trawick]
af36ecc41ae6bd73553aacd006ae55474e193b07Andreas Gustafsson *) mod_autoindex: new directive IndexStyleSheet
af36ecc41ae6bd73553aacd006ae55474e193b07Andreas Gustafsson [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
0b07b9482c00060d1ddd551a5dcb8cecbe2c1f65Mark Andrews *) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
af36ecc41ae6bd73553aacd006ae55474e193b07Andreas Gustafsson [Chris Knight <Christopher.D.Knight nasa.gov>]
c0fe9b0d1b01a9a0883977a362ce4128723a56d6Mark Andrews *) Log an error when requests for URIs which fail to map to a valid
c0fe9b0d1b01a9a0883977a362ce4128723a56d6Mark Andrews filesystem name are rejected with 403. [Jeff Trawick]
2869504d83e84a91dbc822e8a243e837f5c0374dAndreas Gustafsson *) Switch to APR 1.0 API.
138cc7f283889367b11840ff77a9ea08e17a9daeAndreas Gustafsson *) Major overhaul of mod_include's filter parser. The new parser code
ce6caa07591b3723968c22f5aa13740f9609135aAndreas Gustafsson is expected to be more robust and should catch all of the edge cases
138cc7f283889367b11840ff77a9ea08e17a9daeAndreas Gustafsson that were not handled by the previous one. This includes a binary
138cc7f283889367b11840ff77a9ea08e17a9daeAndreas Gustafsson incompatible change of mod_include's external API. [André Malo]
ac1a59e95cfd035f38222e739affd43eafa9eeefMark Andrews *) mod_rewrite: Allow forced mimetypes [T=...] to get expanded.
58930ca9802e772afe9f5ccb30f236d201cf60e0Danny Mayer PR 14223. [André Malo]
58930ca9802e772afe9f5ccb30f236d201cf60e0Danny Mayer *) mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously
e3e94dd137c5f9d3d5c5179863f674b27aa0cc02Andreas Gustafsson the current rewrite state was just used as lookup path, which lead to
e3e94dd137c5f9d3d5c5179863f674b27aa0cc02Andreas Gustafsson strange and often useless results. Related to PR 8493. [André Malo]
e3e94dd137c5f9d3d5c5179863f674b27aa0cc02Andreas Gustafsson *) Change Listen directive to bind to all addresses when a hostname is
7c014c5bf41dc38802e8889c0a9110204eb1a552Andreas Gustafsson not specified. [Justin Erenkrantz]
7c014c5bf41dc38802e8889c0a9110204eb1a552Andreas Gustafsson *) Correct failure with Listen directives on machines with IPv6 enabled.
7c014c5bf41dc38802e8889c0a9110204eb1a552Andreas Gustafsson [Colm MacCárthaigh <colm stdlib.net>, Justin Erenkrantz]
3e42bdfdc901b6b921b02028bd51ca2af8e84adcMark Andrews *) Fix a link failure in mod_ssl when the OpenSSL libraries contain
3e42bdfdc901b6b921b02028bd51ca2af8e84adcMark Andrews the ENGINE functions but the engine header files are missing.
2053e8c26cd69600132632fbee247601ce8c9e8cAndreas Gustafsson [Cliff Woolley]
b20eef7ab022dd984e2e9c12f6a7edf35661d3b0Mark Andrews *) mod_rewrite: RewriteRules in server context using the force
b20eef7ab022dd984e2e9c12f6a7edf35661d3b0Mark Andrews type feature [T=...] no longer disable MultiViews. [André Malo]
b20eef7ab022dd984e2e9c12f6a7edf35661d3b0Mark Andrews *) mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot.
b20eef7ab022dd984e2e9c12f6a7edf35661d3b0Mark Andrews [André Malo]
b20eef7ab022dd984e2e9c12f6a7edf35661d3b0Mark Andrews *) mod_authz_groupfile: Strip trailing spaces of group names. This
ea01b618d981e58f85071a40550bc7f7565d4509Andreas Gustafsson hopefully saves some hours of searching for typos. PR 12863.
bad3251d3f7ffccdec39ccfe04d94308985fb36eAndreas Gustafsson *) mod_actions: Propagate the handler name to the action script via
80dd46d7aab16c42a8c1acf6156c95406a9f20a4Mark Andrews the REDIRECT_HANDLER environment variable. [André Malo]
993572b2495561c57b556621dd9fe493e8c6dd1bDanny Mayer *) mod_actions: Introduce the "virtual" modifier to the Action directive,
78bf1ca89505820ed7b03be4bf0c0b53b557f3cdAndreas Gustafsson which allows the use of handlers for virtual locations. PR 8431.
78bf1ca89505820ed7b03be4bf0c0b53b557f3cdAndreas Gustafsson *) mod_speling: Recognize AcceptPathInfo setting for the particular
088eaf3878580eebbbd2b020411532af278aae5aAndreas Gustafsson location. Default is to reject path information. PR 21059.
6b13908f7030e09fb4573f3c2f8d7a5edc70e0b5Mark Andrews [André Malo]
3842a051baf34ffc4e428cd6f2d4a641e548e6f6Mark Andrews *) mod_ext_filter: Add the ability to filter request bodies.
46ba6046bcb3b534346de13a4ff5c1513e72936bAndreas Gustafsson *) Fix some broken log messages in WinNT MPM.
04f158ce9a12746eb216892b2bf8259749db254eAndreas Gustafsson *) prefork MPM: Use the right permissions for the directory created
04f158ce9a12746eb216892b2bf8259749db254eAndreas Gustafsson for gprof support. [Jim Carlson <jcarlson jnous.com>]
04f158ce9a12746eb216892b2bf8259749db254eAndreas Gustafsson *) Fix a compile failure with recent OpenSSL and picky compilers
62c1fe7b450916acdaf4a3fe65a9b691d5d32f3fBrian Wellington (e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick]
62c1fe7b450916acdaf4a3fe65a9b691d5d32f3fBrian Wellington *) OpenSSL headers should be included as "openssl/ssl.h", and not rely on
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews the INCLUDE path to be defined properly.
712bf9b0cc4ed34f4bf33b437f8b0e45853b93ceMark Andrews PR 11310. [Geoff Thorpe <geoff geoffthorpe.net>]
7e2f4ceafaae4eac1deddc87f906b29a922fff9dAndreas Gustafsson *) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
2053e8c26cd69600132632fbee247601ce8c9e8cAndreas Gustafsson *) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using
72499be79fbb68140bd31e0e4ded18a70a5b523bMark Andrews autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
90c5477ca11a94b0e7d8071181d69544e1ab9be9Mark Andrews [Geoff Thorpe <geoff geoffthorpe.net>]
90c5477ca11a94b0e7d8071181d69544e1ab9be9Mark Andrews *) change directive name from 'compressionlevel' to 'deflatecompressionlevel'
552a117791c17878c5c1b94b0fc3ac4e8491543eMark Andrews [Ian Holsman, André Malo]
f3e4c3d6c536973bae92611402ba55277069eba2Mark Andrews *) mod_negotiation: quality values are now parsed independent from
f3e4c3d6c536973bae92611402ba55277069eba2Mark Andrews the current locale. level values are now really parsed as integers.
6fb633bc3fddba07fc9460ffd245b7ee2d459285Mark Andrews PR 17564. [André Malo]
6fb633bc3fddba07fc9460ffd245b7ee2d459285Mark Andrews *) Extend mod_negotiation to evaluate the environment variables
ca033e166ca9f9dc7bf010065a93af668a09fd44Mark Andrews no-gzip and gzip-only-text/html the same way as mod_deflate does.
ca033e166ca9f9dc7bf010065a93af668a09fd44Mark Andrews [André Malo]
f9321a16fb8dce8999a43a6d4008c54845305401Mark Andrews *) mod_rewrite: Fix some problems reporting errors with mapping
c8bedec446212b07511ded85ba04a9a3d5965ba8Mark Andrews programs (RewriteMap prg:/something). [Jeff Trawick]
7a104af70fb3071e7949c4e0e585af18ab362db5Mark Andrews *) Return 413 if chunk-ext-header is too long rather than reading from
7a104af70fb3071e7949c4e0e585af18ab362db5Mark Andrews the truncated line. PR 15857. [Justin Erenkrantz]
7a104af70fb3071e7949c4e0e585af18ab362db5Mark Andrews *) Allow restart of httpd to occur even with syntax errors in the config
923de3bb9cf4d619de206544975986a22b18196fMark Andrews file. PR 16813. [Justin Erenkrantz]
2359261a252b339f3cef046cefa10ee1e1d4564dMark Andrews *) Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679.
2359261a252b339f3cef046cefa10ee1e1d4564dMark Andrews [Justin Erenkrantz]
769cd7d5dd677434c3dfa27cbfdd8cb76296fcdcMark Andrews *) Remove files on 'make distclean' that should be. PR 15592.
769cd7d5dd677434c3dfa27cbfdd8cb76296fcdcMark Andrews [Justin Erenkrantz]
6bad645917a026dfa4662dd0a3a78b9efc3f4c36Mark Andrews *) Allow apachectl to perform status with links and elinks as well.
11931cc68d6c8139f507a724e7ca9814eed8b552Mark Andrews [Justin Erenkrantz]
11931cc68d6c8139f507a724e7ca9814eed8b552Mark Andrews *) mod_log_config change optional hook to return previous handler
11931cc68d6c8139f507a724e7ca9814eed8b552Mark Andrews *) Forward port of mod_actions' ability to handle arbitrary methods
d91d025deffd075db2507d44fab04b79920b3e91Mark Andrews with the Script directive. [André Malo]
d91d025deffd075db2507d44fab04b79920b3e91Mark Andrews *) Let suexec send a message to stderr, if it failed or its policy
985b4f1c8653c6dfaa46652c412838850c0ffb1cMark Andrews was violated. This message appears in the error log and allows
985b4f1c8653c6dfaa46652c412838850c0ffb1cMark Andrews for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo]
1d556695ef3c7918ba5061d7d846122d60f5f6c5Mark Andrews *) Modify buildconf to copy all required files into httpd's tree.
e9ca87459a20f5e6721b9bd0b28c95fc3d6b843cMark Andrews [Thom May <thom planetarytramp.net>]
ca690f98020f75758bc26f4b5ef1ccf0472a27c3Mark Andrews *) Allow mod_dav to do weak entity comparison functions.
ca690f98020f75758bc26f4b5ef1ccf0472a27c3Mark Andrews [Justin Erenkrantz]
137a1f98e3862577ae9ccbb6b735ef63a51c456eMark Andrews *) Move RFC 1413 ident requests from core to new module mod_ident.
137a1f98e3862577ae9ccbb6b735ef63a51c456eMark Andrews [André Malo]
5cd7e9d4db393c314dd1a761c52d2cb3a4da9b72Andreas Gustafsson *) Add mod_authz_owner - a forward port of "Require file-owner"
5f4804c7e47e3cfe7237d27a354d268b0b7ea73bAndreas Gustafsson and "Require file-group", which was already present in version
5cd7e9d4db393c314dd1a761c52d2cb3a4da9b72Andreas Gustafsson 1.3.21. [André Malo]
cc8e8b59d6780889739657226a95e23ca1ecadb1Andreas Gustafsson *) Add mod_dav_lock - a generic subset of the DAV locking implementation.
1418d7292da7ebaba1ba389d60192023c0170245Andreas Gustafsson [Justin Erenkrantz]
65775fe205e8ac935313c42062c75460e0bc1514Andreas Gustafsson *) Replace some of the mutex locking in the worker MPM with
65775fe205e8ac935313c42062c75460e0bc1514Andreas Gustafsson atomic operations for higher concurrency. [Brian Pane]
65775fe205e8ac935313c42062c75460e0bc1514Andreas Gustafsson *) Allow 'make depend' to work with non-GCC compilers.
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson [Justin Erenkrantz]
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson *) If an httpd.conf has commented out AddModule directives,
17b687ef360ba8c07201dc6511a3c975cc1bb2a8Andreas Gustafsson apxs -i -a will add an un-commented AddModule directive for
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews the new module, which breaks the config.
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews PR: 11212 [Joe Orton]
998358fa900393378c70ad598c2b2e67385089d4Mark Andrews *) Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz]
bc508906db43dda7eab0988348dd0ae3f3023a9bMark Andrews *) Move the check of the Expect request header field after the hook
bc508906db43dda7eab0988348dd0ae3f3023a9bMark Andrews for ap_post_read_request, since that is the only opportunity for
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson modules to handle Expect extensions. [Justin Erenkrantz]
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson *) Rewrite of aaa modules to an authn/authz model.
b352902413608d0eb310c4bb45412fa45734afbcAndreas Gustafsson [Dirk-Willem van Gulik, Justin Erenkrantz]
72e8c079c4c6dc66d565cf89ebf6feb5fa2dea33Mark Andrews [Apache 2.1.0-dev includes those bug fixes and changes with the
72e8c079c4c6dc66d565cf89ebf6feb5fa2dea33Mark Andrews Apache 2.0.xx tree as documented, and except as noted, below.]
c8ab83c08e5227b5146295a9ef4a96d61b066b67Andreas GustafssonChanges with Apache 2.0.55
c8ab83c08e5227b5146295a9ef4a96d61b066b67Andreas Gustafsson *) SECURITY: CAN-2005-2088
4e57d3ff7d92abdef4b0b6aebc23a9dfae2ba040Andreas Gustafsson core: If a request contains both Transfer-Encoding and Content-Length
4e57d3ff7d92abdef4b0b6aebc23a9dfae2ba040Andreas Gustafsson headers, remove the Content-Length, mitigating some HTTP Request
4e57d3ff7d92abdef4b0b6aebc23a9dfae2ba040Andreas Gustafsson Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
be9932698bf35d0f34e65b5ffbb81bedddd76636Mark Andrews *) proxy HTTP: If a response contains both Transfer-Encoding and a
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews Content-Length, remove the Content-Length and don't reuse the
d352f188cb9e3820054b7451384a3d910619b4a1Andreas Gustafsson connection, mitigating some HTTP Response Splitting attacks.
d352f188cb9e3820054b7451384a3d910619b4a1Andreas Gustafsson [Jeff Trawick]
3d38596530c389610494e6a6ba70d9f5dc9717c5Andreas Gustafsson *) SECURITY: CAN-2005-1268 (cve.mitre.org)
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews mod_ssl: Fix off-by-one overflow whilst printing CRL information
3d38596530c389610494e6a6ba70d9f5dc9717c5Andreas Gustafsson at "LogLevel debug" which could be triggered if configured
a7cb695600c3c14ac12676f0fb1e179690c5883cMark Andrews to use a "malicious" CRL. PR 35081. [Marc Stern <mstern csc.com>]
a7cb695600c3c14ac12676f0fb1e179690c5883cMark Andrews *) mod_userdir: Fix possible memory corruption issue. PR 34588.
479c6fc4584e062088ceee037690cdff85fc349bAndreas Gustafsson [David Leonard <dleonard vintela.com>]
1500a4fe5da9475d5918b27b566a1278ec6b54ebAndreas Gustafsson *) worker MPM: don't take down the whole server for a transient
1500a4fe5da9475d5918b27b566a1278ec6b54ebAndreas Gustafsson thread creation failure. PR 34514. [Greg Ames]
1255d388f034dc556d235a002527101781dbeb29Mark Andrews *) mod_rewrite: use buffered I/O to improve performance with large
c615c2ddce6c08e5a26d9ca61742a20fa8dc1938Mark Andrews RewriteMap txt: files. [Greg Ames]
c615c2ddce6c08e5a26d9ca61742a20fa8dc1938Mark Andrews *) proxy HTTP: Rework the handling of request bodies to handle
31d3464c0c0a35236c7924f698c5a8a66a9ed534Mark Andrews chunked input and input filters which modify content length, and
31d3464c0c0a35236c7924f698c5a8a66a9ed534Mark Andrews avoid spooling arbitrary-sized request bodies in memory.
31d3464c0c0a35236c7924f698c5a8a66a9ed534Mark Andrews PR 15859. [Jeff Trawick]
f04c15adc7e62deb2f53cc53f32d890936007903Andreas GustafssonChanges with Apache 2.0.54
53c07ca2164f8a083aa97591345bf4339a8573bdAndreas Gustafsson *) mod_cache: Add CacheIgnoreHeaders directive. PR 30399.
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson the ldap socket connection timeout value.
32d248107a5bc92b4bf9fc77deaa55b3da969ba2Andreas Gustafsson [Brad Nicholes]
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson *) worker MPM: Fix a problem which could cause httpd processes to
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson remain active after shutdown. [Jeff Trawick]
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson *) Unix MPMs: Shut down the server more quickly when child processes are
4574714ad44ba97f53425fe8d21b7ecb00ac83b9Andreas Gustafsson slow to exit. [Joe Orton, Jeff Trawick]
8d8c145175370d2fd8dbdf425b5ac2a9dc19da96Mark Andrews *) Remove formatting characters from ap_log_error() calls. These
07eaf0b8d0c3c93d8139c413bf9cc8bba7db9432Mark Andrews were escaped as fallout from CAN-2003-0020.
cf70df7d0e24401a358f0b9c1a616ad0e8c783a6Mark Andrews [Eric Covener <ecovener gmail.com>]
cf70df7d0e24401a358f0b9c1a616ad0e8c783a6Mark Andrews *) mod_ssl: If SSLUsername is used, set r->user earlier. PR 31418.
9234d92d4e274791eff42cc4ea5766ed7a281b17Mark Andrews [David Reid]
9234d92d4e274791eff42cc4ea5766ed7a281b17Mark Andrews *) htdigest: Fix permissions of created files. PR 33765. [Joe Orton]
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson *) core_input_filter: Move buckets to a persistent brigade instead of
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson creating a new brigade. This stop a memory leak when proxying a
0cf9ce19cc05a60f85ec610106a983fe806ebb77Andreas Gustafsson Streaming Media Server. PR 33382. [Paul Querna]
2ba574f329c14376d26d7c0f22c89d7a978a2625Mark Andrews *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
2ba574f329c14376d26d7c0f22c89d7a978a2625Mark Andrews hiccups from additional path information passed in non-utf-8 format.
3c3fe072252aecffae43e6349125663c315b092dAndreas Gustafsson [Richard Donkin <rd9 donkin.org]
3c3fe072252aecffae43e6349125663c315b092dAndreas GustafssonChanges with Apache 2.0.53
64ea5fd972c9946a3fe56cbc0bf897266d3f8747Andreas Gustafsson *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
64ea5fd972c9946a3fe56cbc0bf897266d3f8747Andreas Gustafsson [Max Bowsher <maxb ukf.net>]
3ad07fa335d40330cd1859da42e67f2457443990Andreas Gustafsson *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
3ad07fa335d40330cd1859da42e67f2457443990Andreas Gustafsson [Rici Lake <rici ricilake.net>]
1094dec52a86e57df53f6167d86de94360a7a382Mark Andrews *) mod_proxy: Respect errors reported by pre_connection hooks.
1094dec52a86e57df53f6167d86de94360a7a382Mark Andrews [Jeff Trawick]
1094dec52a86e57df53f6167d86de94360a7a382Mark Andrews *) --with-module can now take more than one module to be statically
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson If the <modtype>-subdirectory doesn't exist it will be created and
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson populated with a standard Makefile.in. [Erik Abele]
fa2fb620c7c0a907b220c257007d8fb6d38bb3a4Andreas Gustafsson *) Fix the RPM spec file so that an RPM build now works. An RPM
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson build now requires system installations of APR and APR-util.
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson Remove some arbitrary moving around of binaries - the RPM now
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson maps to the ASF build of httpd.
62a3dbe63e833f2eaf613393399ea4667d8de28dAndreas Gustafsson [Graham Leggett]
248732d66fffb557e84264c2bb2fb43ac766163fAndreas Gustafsson *) mod_dumpio, an I/O logging/dumping module, added to the
9bdb01e6c382e897572791b12190472955994d87Mark Andrews modules/expermimental subdirectory. [Jim Jagielski]
e69b9ffb0f8b4d1117a682908c9143ebe3efcd6bAndreas Gustafsson *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
e69b9ffb0f8b4d1117a682908c9143ebe3efcd6bAndreas Gustafsson library handles special characters. PR 24437. [Jess Holle]
417872b98aec720d587a9ef0197e25e78a2b7ee9Mark Andrews *) Win32 MPM: Correct typo in debugging output. [William Rowe]
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson *) conf: Remove AddDefaultCharset from the default configuration because
a77ad145d0109081c5da6ac40a2303369db89735Andreas Gustafsson setting a site-wide default does more harm than good. PR 23421.
8ba4e82f5358815fd94f34fde408ffd047ba3430Andreas Gustafsson [Roy Fielding]
61d5bfc06be978ea962b1c64309894ac80351771Mark Andrews *) Add charset to example CGI scripts. [Roy Fielding]
ada9b8ab20b81716c7ff1f4f3365929b2f7c8ff8Mark Andrews *) mod_ssl: fail quickly if SSL connection is aborted rather than
ada9b8ab20b81716c7ff1f4f3365929b2f7c8ff8Mark Andrews making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
3c9b2e62502460c34c2e0ceba1a5d138b3a13cc1Andreas Gustafsson *) Remove compiled-in upper limit on LimitRequestFieldSize.
3c9b2e62502460c34c2e0ceba1a5d138b3a13cc1Andreas Gustafsson [Bill Stoddard]
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson *) Start keeping track of time-taken-to-process-request again for
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson mod_status if ExtendedStatus is enabled. [Jim Jagielski]
bb60abb44549428414cd55a022f2b8cc4488f7adAndreas Gustafsson *) mod_proxy: Handle client-aborted connections correctly. PR 32443.
024face21cdfbfc7a862a3be061e6780533ef755Andreas Gustafsson [Janne Hietamäki, Joe Orton]
024face21cdfbfc7a862a3be061e6780533ef755Andreas Gustafsson *) Fix handling of files >2Gb on all platforms (or builds) where
1beaa9e45738ad18cb7cae55aea95a1b16a14f94Andreas Gustafsson apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
1beaa9e45738ad18cb7cae55aea95a1b16a14f94Andreas Gustafsson *) mod_include: Fix bug which could truncate variable expansions
f953788d75c7df2db43907c68da18ed75c235dd3Andreas Gustafsson of N*64 characters by one byte. PR 32985. [Joe Orton]
f953788d75c7df2db43907c68da18ed75c235dd3Andreas Gustafsson *) Correct handling of certain bucket types in ap_save_brigade, fixing
9df7cf8ea31d8d26f9c1be55f2cdafdc68d63c53Andreas Gustafsson possible segfaults in mod_cgi with #include virtual. PR 31247.
4fa5d53e750b4e34e19b9648900d489315b185eaAndreas Gustafsson *) Allow for the use of --with-module=foo:bar where the ./modules/foo
4fa5d53e750b4e34e19b9648900d489315b185eaAndreas Gustafsson directory is local only. Assumes, of course, that the required
fbdde79262a4ba2bdf4bfae61167026b3220488aAndreas Gustafsson files are in ./modules/foo, but makes it easier to statically
fbdde79262a4ba2bdf4bfae61167026b3220488aAndreas Gustafsson build/log "external" modules. [Jim Jagielski]
a7e1dcd84ada7e4e4c78f3f281e8a4d99adaf4d1Andreas Gustafsson *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
a7e1dcd84ada7e4e4c78f3f281e8a4d99adaf4d1Andreas Gustafsson ldap authorization only modules have access to the util_ldap
a7e1dcd84ada7e4e4c78f3f281e8a4d99adaf4d1Andreas Gustafsson user cache without having to require ldap authentication as well.
3fc4c1434d7ac377c720640e2e925a3af567cccbMark Andrews PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
2975d0f819762614526c650b9c2077ef22f81328Andreas Gustafsson *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
0aba41458d345ea901cf945d47162e5f23647de9Mark Andrews allows the module to only authorize a user if the attribute value
0bd2ea544e95601e0f0b056acfa079c99d5f6b57Andreas Gustafsson specified matches the value of the user object. PR 31913
0bd2ea544e95601e0f0b056acfa079c99d5f6b57Andreas Gustafsson [Ryan Morgan <rmorgan pobox.com>]
5f7516bee5ace9542701f23fc7723a3e3196802aMark Andrews *) SECURITY: CAN-2004-0942 (cve.mitre.org)
79432444e84d2d104119fe6a3d5cbc04b1375bd4Andreas Gustafsson Fix for memory consumption DoS in handling of MIME folded request
79432444e84d2d104119fe6a3d5cbc04b1375bd4Andreas Gustafsson headers. [Joe Orton]
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson *) SECURITY: CAN-2004-0885 (cve.mitre.org)
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
3c17010ba5a6b8dd8a2bbc550813c7f051f45a08Andreas Gustafsson bypassed during an SSL renegotiation. PR 31505.
d5169236b7260d447e672db8256fdd7c70f5ee1dMark Andrews [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews *) mod_ssl: Fail at startup rather than segfault at runtime if a
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews client cert is configured with an encrypted private key.
df7596a03eea7f1c2df89bd63d3bd4b73f274565Mark Andrews PR 24030. [Joe Orton]
f08782f0923d11227983a352c26301cf703383cfMark Andrews *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
ed2cefaf0ea367ee408cb7f6a54a413814240fa7Andreas Gustafsson *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
ed2cefaf0ea367ee408cb7f6a54a413814240fa7Andreas Gustafsson [Jeff Trawick]
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson *) mod_cache: CacheDisable will only disable the URLs it was meant to
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson disable, not all caching. PR 31128.
b923e278535b4e8d264998a85a6ae1eb4b3aa4c6Andreas Gustafsson [Edward Rudd <eddie omegaware.com>, Paul Querna]
edf97be2b54cbdc4f3f3a46776df3e912892e960Andreas Gustafsson *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
edf97be2b54cbdc4f3f3a46776df3e912892e960Andreas Gustafsson cache responses. [Justin Erenkrantz]
9e46f410e716f73abb345be215ccb4c61782b718Andreas Gustafsson *) mod_rewrite: Handle per-location rules when r->filename is unset.
9e46f410e716f73abb345be215ccb4c61782b718Andreas Gustafsson Previously this would segfault or simply not match as expected,
9e46f410e716f73abb345be215ccb4c61782b718Andreas Gustafsson depending on the platform. [Jeff Trawick]
769ef0b7bdc9520dd62d2f440ea36bc020e88934Andreas Gustafsson *) mod_rewrite: Fix 0 bytes write into random memory position.
b09f4e054cbe67b93a5ff62d511ee25945038943Mark Andrews PR 31036. [André Malo]
b09f4e054cbe67b93a5ff62d511ee25945038943Mark Andrews *) mod_disk_cache: Do not store aborted content. PR 21492.
3d3445447225ab63f49fc24362963ea49ce94901Andreas Gustafsson *) mod_disk_cache: Correctly store cached content type. PR 30278.
96ea98af241ef00395f4e61de7e2dacfd9941afcMark Andrews *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
3dff229f5dd223568476acec4df1f513acb00b1dAndreas Gustafsson statistics display. PR 29216. [Graham Leggett]
54c4aa0f62aebeb01b6861ee068c1044433fe8feMark Andrews *) mod_ldap: fix a bogus error message to tell the user which file
792de65053d8a48d05746b35a21a9fa1792e71acAndreas Gustafsson is causing a potential problem with the LDAP shared memory cache.
792de65053d8a48d05746b35a21a9fa1792e71acAndreas Gustafsson PR 31431 [Graham Leggett]
808b909f27c30d36b27efb5aa5ef2d18f83b6d4bAndreas Gustafsson *) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
3e934267660cb13029bcdbddf318fe1cc27b6718Andreas Gustafsson *) Fix the re-linking issue when purging elements from the LDAP cache
3e934267660cb13029bcdbddf318fe1cc27b6718Andreas Gustafsson PR 24801. [Jess Holle <jessh ptc.com>]
7655e78c366cc0d25e24e2a96ba58e04a96042faAndreas Gustafsson *) mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
7655e78c366cc0d25e24e2a96ba58e04a96042faAndreas Gustafsson *) Fix Expires handling in mod_cache. [Justin Erenkrantz]
6859033d425170380bcfac4809257bc6e9b60383Andreas Gustafsson *) Alter mod_expires to run at a different filter priority to allow
6859033d425170380bcfac4809257bc6e9b60383Andreas Gustafsson proper Expires storage by mod_cache. [Justin Erenkrantz]
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas GustafssonChanges with Apache 2.0.52
ff4322d44f8404683b6fb6c86a38a2bc14f6c083Andreas Gustafsson *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
ff4322d44f8404683b6fb6c86a38a2bc14f6c083Andreas Gustafsson *) Fix the global mutex crash when the global mutex is never allocated
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson *) Fix a segfault in the LDAP cache when it is configured switched
8d146b6e1156f5b562af9a4a9aba76b09650412cAndreas Gustafsson off. [Jess Holle <jessh ptc.com>]
808b909f27c30d36b27efb5aa5ef2d18f83b6d4bAndreas Gustafsson *) SECURITY: CAN-2004-0811 (cve.mitre.org)
808b909f27c30d36b27efb5aa5ef2d18f83b6d4bAndreas Gustafsson Fix merging of the Satisfy directive, which was applied to
595a14576ea14884c35b3726f054f2065365620bMark Andrews the surrounding context and could allow access despite configured
595a14576ea14884c35b3726f054f2065365620bMark Andrews authentication. PR 31315. [Rici Lake <rici ricilake.net>]
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
d9e690eb71bde3c748208733ba40a34e9d0ba29dAndreas Gustafsson is enabled. Previously, such urls would still be rejected.
d9e690eb71bde3c748208733ba40a34e9d0ba29dAndreas Gustafsson [Jeff Trawick, Bill Stoddard]
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson *) mod_mem_cache: Fixed race condition causing segfault because of memory being
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson freed twice, or reused after being freed.
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson [J. Clar, W. Stoddard, G. Ames]
640923da589bc5b8492ac407ef89ea1ee9a1c358Andreas Gustafsson *) Add -l option to rotatelogs to let it use local time rather than
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews *) mod_log_config: Fix a bug which prevented request completion time
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
aa30ee42c4b6da9bab4fb84d6cbbda6036a4d426Mark Andrews processing. PR 29696. [Alois Treindl <alois astro.ch>]
01446841be2b73f9a2ead74056df2d5342414041Andreas GustafssonChanges with Apache 2.0.51
01446841be2b73f9a2ead74056df2d5342414041Andreas Gustafsson *) SECURITY: CAN-2004-0786 (cve.mitre.org)
01446841be2b73f9a2ead74056df2d5342414041Andreas Gustafsson Fix an input validation issue in apr-util which could be
28cf7340b9c82fc62ca1a1782cb1bd7b0de11aebAndreas Gustafsson triggered by malformed IPv6 literal addresses. [Joe Orton]
28cf7340b9c82fc62ca1a1782cb1bd7b0de11aebAndreas Gustafsson *) SECURITY: CAN-2004-0747 (cve.mitre.org)
1de63e34f163b7a4708a6ad1779f93ae7636b92eAndreas Gustafsson Fix buffer overflow in expansion of environment variables in
1de63e34f163b7a4708a6ad1779f93ae7636b92eAndreas Gustafsson configuration file parsing. [André Malo]
feb1f6a4ac42988558ecb8dc5dc0c974ec1f0509Brian Wellington *) SECURITY: CAN-2004-0809 (cve.mitre.org)
ea34bcc6376555296a08e4c9e2f9c2cbe58378a9Andreas Gustafsson mod_dav_fs: Fix a segfault in the handling of an indirect lock
ea34bcc6376555296a08e4c9e2f9c2cbe58378a9Andreas Gustafsson refresh. PR 31183. [Joe Orton]
5e4c83cfec3f267ea8f22fbb535c61434c94d43cDanny Mayer *) mod_include no longer checks for recursion, because that's done
06f12c290c7904f0723094b5cbd11e2a1d49e95eAndreas Gustafsson in the core. This allows for careful usage of recursive SSI.
6e1b2ebcd65c6d0cc90d7789f884aea11184eb5dAndreas Gustafsson *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson [chunyan sheng <shengperson yahoo.com>, André Malo]
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews *) Include directives no longer refuse to process symlinks on
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews directories. Instead there's now a maximum nesting level
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews of included directories (128 as distributed). This is configurable
a5aca6df165c601d755b8c5f5727048078bf0db5Andreas Gustafsson at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
43efd9fa56b03e3e285fb58859efc9348c7f4a9fMark Andrews PR 28492. [André Malo]
43efd9fa56b03e3e285fb58859efc9348c7f4a9fMark Andrews *) Win32: apache -k start|restart|install|config can leave stranded
5c831a1a1b14470037de6d8bc0501aea5dc6cacdAndreas Gustafsson piped logger processes (eg, rotatelogs.exe) due to improper
36e37042c6c9252cdf6eb99bd71ccb6e6c43ba6dBrian Wellington server shutdown on these code paths.
98e231525fda817d393ef0c529b50bfc08cebe47Mark Andrews [Bill Stoddard]
98e231525fda817d393ef0c529b50bfc08cebe47Mark Andrews *) SECURITY: CAN-2004-0751 (cve.mitre.org)
d4196128b31d511c8513edacc70dea7e8d0c053aMark Andrews mod_ssl: Fix a segfault in the SSL input filter which could be
d4196128b31d511c8513edacc70dea7e8d0c053aMark Andrews triggered if using "speculative" mode, for instance by a
d4196128b31d511c8513edacc70dea7e8d0c053aMark Andrews proxy request to an SSL server. PR 30134. [Joe Orton]
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson PR 30464. [Joe Orton, Madhusudan Mathihalli]
4a20a92f4f96cf2b2fd77898c6afec6c45e481b3Andreas Gustafsson *) mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
56d69016f4fae2eda4d39c92fe13595251aaadd3Mark Andrews *) Prevent CGI script output which includes a Content-Range header
e60b3717f0e6f28d6fb2c5124ffb3bd31cc3a746Mark Andrews from being passed through the byterange filter. [Joe Orton]
0262406cea5802a717539247cbaa596ac808efa9Mark Andrews *) Satisfy directives now can be influenced by a surrounding <Limit>
3d8ab44d14f3de797b8454fc2edb7421a6bfc874Andreas Gustafsson container. PR 14726. [André Malo]
3d8ab44d14f3de797b8454fc2edb7421a6bfc874Andreas Gustafsson *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
3426f7118c92cab8714a7fddc9e721ff09554447Andreas Gustafsson PR 27985. [André Malo]
db235e65884c04058cc6e99ca485170d67cf9538Andreas Gustafsson *) mod_disk_cache: Implement binary format for on-disk header files.
3426f7118c92cab8714a7fddc9e721ff09554447Andreas Gustafsson [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson *) mod_disk_cache: Optimize network performance of disk cache subsystem by
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson allowing zero-copy (sendfile) writes and other miscellaneous fixes.
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson [Justin Erenkrantz]
64a5004a66accd190bfd5ddf115667726537be50Andreas Gustafsson *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
b1ae7a591a4b99a26036e919b87247b65abfcd77Mark Andrews switch to the provider API instead of hooks. [Justin Erenkrantz]
b1ae7a591a4b99a26036e919b87247b65abfcd77Mark Andrews *) mod_autoindex: Don't truncate the directory listing if a stat()
b1ae7a591a4b99a26036e919b87247b65abfcd77Mark Andrews call fails (for instance on a >2Gb file). PR 17357.
cab0ee644db604d56b45ec39429d505d635da347Andreas Gustafsson *) Makefile fix: httpd is linked against LIBS given to the
cab0ee644db604d56b45ec39429d505d635da347Andreas Gustafsson 'make' invocation. PR 7882. [Joe Orton]
7780a3e5a4659bb8fc44f8915d20a8d3ffa33e00Andreas Gustafsson *) WinNT MPM: Fix a broken log message at termination. PR 28063.
7780a3e5a4659bb8fc44f8915d20a8d3ffa33e00Andreas Gustafsson [Eider Oliveira <eider bol.com.br>]
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson *) Prevent Win32 pool corruption at startup [Allan Edwards]
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson chosen SSL environment variable. PR 20957.
6dbc6fae496db1f584c055e63bcd7afd332fe8f6Andreas Gustafsson [Martin v. Loewis <martin v.loewis.de>]
a24d253a3f4e6f4036800744b348fba858d4959eMark Andrews *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson *) apachectl: Fix a problem finding envvars if sbindir != bindir.
3f543c371fff724d1fb05eb564f732476e946b5bBrian Wellington PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
847169dab2d0496df1d66842b2cce67c66bf9680Andreas Gustafsson *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews *) SECURITY: CAN-2004-0748 (cve.mitre.org)
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
ed03e26c44347ec20aff6608de6082e3594d95fbMark Andrews *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
9aba20edee4e704433a464ae43b070b0775de506Mark Andrews PR 18989. [Joe Orton]
e8d86192fc424f49e43df9cee439ca5c793e6000Mark Andrews *) mod_userdir: Ensure that the userdir identity is used for
e8d86192fc424f49e43df9cee439ca5c793e6000Mark Andrews suexec userdir access in a virtual host which has suexec configured.
bae5d9fcb4616005fbc861e327b0a48b7bd4d89aMark Andrews PR 18156. [Joshua Slive]
e8d86192fc424f49e43df9cee439ca5c793e6000Mark Andrews *) mod_rewrite no longer confuses the RewriteMap caches if
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson different maps defined in different virtual hosts use the
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson same map name. PR 26462. [André Malo]
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson *) mod_setenvif: Remove "support" for Remote_User variable which
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson never worked at all. PR 25725. [André Malo]
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
98a5dc52bf668b093cda7901c057f7b54e18a2fcAndreas Gustafsson again the functionality of the ErrorHeader directive. But instead
452b30ddb32dd9370b2e5ee10427dd3758ef98b4Mark Andrews using this misnomer additional flags to the Header directive were
452b30ddb32dd9370b2e5ee10427dd3758ef98b4Mark Andrews introduced ("always" and "onsuccess", defaulting to the latter).
452b30ddb32dd9370b2e5ee10427dd3758ef98b4Mark Andrews PR 28657. [André Malo]
6668eca26bf3123750afda48b69991bd29d83807Mark Andrews *) Use the higher performing 'httpready' Accept Filter on all platforms
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson except FreeBSD < 4.1.1. [Paul Querna]
773e64ec150c33269e748d96dd95726ed7e0d842Mark Andrews *) mod_usertrack: Escape the cookie name before pasting into the
06a960c681566a163af5b9a655cf36023075ddcbMark Andrews regexp. [André Malo]
1eaad22e111709254c70953a4dc768b6d4d31646Mark Andrews *) Extend the SetEnvIf directive to capture subexpressions of the
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson matched value. [André Malo]
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson *) Recursive Include directives no longer crash. The server stops
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson including configuration files after a certain nesting level (128
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson as distributed). This is configurable at compile time using the
cad3210bb95057a37aaed20bc8a1542e0534422cAndreas Gustafsson -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer *) mod_dir: the trailing-slash behaviour is now configurable using the
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer DirectorySlash directive. [André Malo]
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer *) Allow proxying of resources that are invoked via DirectoryIndex.
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer PR 14648, 15112, 29961. [André Malo]
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer *) util_ldap: Switched the lock types on the shared memory cache
afeded2289de8d193b072da2b44a2d580cc235c1Danny Mayer from thread reader/writer locks to global mutexes in order to
f462b9aed23b77bda867301f80ead6990df6f4f8Andreas Gustafsson provide cross process cache protection. [Brad Nicholes]
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson *) util_ldap: Reworked the cache locking scheme to eliminate duplicate
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson cache entries in the credentials cache due to race conditions.
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson [Brad Nicholes]
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson *) util_ldap: Enhanced the util_ldap cache-info display to show more
aa9a67adeb48069f5c2e5d8936a8ed5aac7d6ad7Andreas Gustafsson detail about the contents and current state of the cache.
73ac1894ea64bc50aff7406872d0e9c5df6d9cf6Mark Andrews [Brad Nicholes]
330b421487d7c3a5e699472fe889aa633772057fMark Andrews *) Enable the option to support anonymous shared memory in mod_ldap.
e22dca2a9ad30d493a869586abed86f7268204f9Mark Andrews This makes the cache work on Linux again. [Graham Leggett]
e22dca2a9ad30d493a869586abed86f7268204f9Mark Andrews *) Enable special ErrorDocument value 'default' which restores the
2c0b26955ee32fcee1757ec1be5a8caf8fe695a6Mark Andrews canned server response for the scope of the directive.
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson [Geoffrey Young, André Malo]
2449f41e75d3b3f1c0ec3f05b1603fd8f80d8ae0Mark Andrews *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson is set in r->subprocess_env allow mismatched query strings to pass.
2449f41e75d3b3f1c0ec3f05b1603fd8f80d8ae0Mark Andrews PR 27758. [Paul Querna, Geoffrey Young]
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson *) Accept URLs for the ServerAdmin directive. If the supplied
6f7660093e70d3a7c80738b681ac0f5c1b661c00Mark Andrews argument is not recognized as an URL, assume it's a mail address.
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson PR 28174. [André Malo, Paul Querna]
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews *) initialize server arrays prior to calling ap_setup_prelinked_modules
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews so that static modules can push Defines values when registering
a1898260ad19d02e88ab76c1855d33c67add9defMark Andrews hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer *) Small fix to allow reverse proxying to an ftp server. Previously
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer an attempt to do this would try and connect to 0.0.0.0, regardless
305b0eda33b16493355db1f1c86313a6f5fbfc3bDanny Mayer of the server specified. PR 24922
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson [Pascal Terjan <pterjan@linuxfr.org>]
d16b4e8ba885a45933dc6a46f340b76811d60c74Andreas Gustafsson *) Add the NOTICE file to the rpm spec file in compliance with the
de9833be77ef92c17b35c02d138a0ad8df34dd91Mark Andrews Apache v2.0 license. [Graham Leggett]
de9833be77ef92c17b35c02d138a0ad8df34dd91Mark Andrews *) RPM spec file changes: changed default dependancy to link to db4
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson instead of db3. Fixed complaints about unpackaged files.
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson [Graham Leggett]
4e400cb7a2edd25af98ebc25fcbb5b36ca08f9a0Mark AndrewsChanges with Apache 2.0.50
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson *) SECURITY: CAN-2004-0493 (cve.mitre.org)
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson Close a denial of service vulnerability identified by Georgi
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson Guninski which could lead to memory exhaustion with certain
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson input data. [Jeff Trawick]
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson *) mod_cgi: Handle output on stderr during script execution on Unix
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson platforms; preventing deadlock when stderr output fills pipe buffer.
c0b6c1a5ab50722793cb99b0d8a1e9e910c146a5Andreas Gustafsson Also fixes case where stderr from nph- scripts could be lost.
ec5a06ccf7b15f07d20fd872c3dc1ab8f82f2ceaMark Andrews PR 22030, 18348. [Joe Orton, Jeff Trawick]
907ec2c618d08d8322b04729779b24bd778d49e7Mark Andrews *) mod_alias now emits a warning if it detects overlapping *Alias*
907ec2c618d08d8322b04729779b24bd778d49e7Mark Andrews directives. [André Malo]
0a532842050020a1b0577c65f91f38bd022daa78Andreas Gustafsson *) mod_rewrite no longer turns forward proxy requests into reverse proxy
0a532842050020a1b0577c65f91f38bd022daa78Andreas Gustafsson requests. PR 28125 [ast domdv.de, André Malo]
0a532842050020a1b0577c65f91f38bd022daa78Andreas Gustafsson *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
23a020bc1312fc35e7c4ea36df846c550cb13634Andreas Gustafsson exported on Win32 and Netware as well (minor MMN bump). PR 28523.
23a020bc1312fc35e7c4ea36df846c550cb13634Andreas Gustafsson [Edward Rudd <eddie omegaware.com>, André Malo]
44c141f9471a6bb1fac0cba7880ba768ede2f0c8Brian Wellington *) Restore the ability to disable the use of AcceptEx on Win9x systems
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson automatically (broken in 2.0.49). PR 28529. [André Malo]
e1a153c3f095e217eea29958950fea36e54862ceAndreas Gustafsson *) <VirtualHost myhost> now applies to all IP addresses for myhost
e1a153c3f095e217eea29958950fea36e54862ceAndreas Gustafsson instead of just the first one reported by the resolver. This
7250c1a2616761395bdb9ae7cd1ba43f20d3edc4Andreas Gustafsson corrects a regression since 1.3. [Jeff Trawick]
7250c1a2616761395bdb9ae7cd1ba43f20d3edc4Andreas Gustafsson *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
ab3eaa20e9a7e56208408563c79b4f8ac01d5e84Andreas Gustafsson against ServerRoot PR#26602 [Brad Nicholes]
4d77dbcfa052c065a87d2d35b116f17b74bae573Andreas Gustafsson *) SECURITY: CAN-2004-0488 (cve.mitre.org)
c38b92000c0f1a95daaad5468777e165b8047de9Mark Andrews mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
c38b92000c0f1a95daaad5468777e165b8047de9Mark Andrews (trusted) client certificate subject DN which exceeds 6K in length.
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson caused issues for the Eclipse WebDAV extension.
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson PR 29034. [Joe Orton]
ee3ab6063dd13b5947d3fbe88b9ce8f38d65df9dBrian Wellington *) mod_deflate: Fix memory consumption (which was proportional to the
9261ca5fc8a564968f34e108eb862157471ca50eAndreas Gustafsson response size). PR 29318. [Joe Orton]
d81622b537be1971530cfb459acdbbe7d82d883bBrian Wellington *) mod_ssl: Log the errors returned on failure to load or initialize
d81622b537be1971530cfb459acdbbe7d82d883bBrian Wellington a crypto accelerator engine. [Joe Orton]
9261ca5fc8a564968f34e108eb862157471ca50eAndreas Gustafsson *) Allow RequestHeader directives to be conditional. PR 27951.
aec9f4d0723b0cffcfa9152533fb8f616ec7313bAndreas Gustafsson [Vincent Deffontaines <vincent gryzor.com>, André Malo]
2da0b7dfbd02fab454b8ba60f1fdb7e2a5cbd2dbMark Andrews *) Allow LimitRequestBody to be reset to unlimited. PR 29106
2da0b7dfbd02fab454b8ba60f1fdb7e2a5cbd2dbMark Andrews [André Malo]
1cb6e8cbe41afade950837319e04da4ccf8649e0Brian Wellington *) Fix a bunch of cases where the return code of the regex compiler
9261ca5fc8a564968f34e108eb862157471ca50eAndreas Gustafsson was not checked properly. This affects: mod_setenvif, mod_usertrack,
1cb6e8cbe41afade950837319e04da4ccf8649e0Brian Wellington mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
6443201354efa09f16ada26dab99e9b7f8271521Andreas Gustafsson *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
6443201354efa09f16ada26dab99e9b7f8271521Andreas Gustafsson small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
e980502db40155234b4e8d320b748b34dbaba3a2Brian Wellington *) Remove 2Gb log file size restriction on some 32-bit platforms.
5419c0c2d0b77682021084c69f2a5c5e2f9a5525Andreas Gustafsson PR 13511. [Joe Orton]
e980502db40155234b4e8d320b748b34dbaba3a2Brian Wellington *) mod_logio no longer removes the EOS bucket. PR 27928.
ecd1addb86319bacc6c0bff2c68373619eebbffcMark Andrews [Bojan Smojver <bojan rexursive.com>]
0176adc7c58bb8bd60ec71eeae94dbfbbc4018a8Mark Andrews *) htpasswd no longer refuses to process files that contain empty
0176adc7c58bb8bd60ec71eeae94dbfbbc4018a8Mark Andrews lines. [André Malo]
ea20115e347264b9bc1c686d6dfc1b5af3a5516bAndreas Gustafsson *) Regression from 1.3: At startup, suexec now will be checked for
ea20115e347264b9bc1c686d6dfc1b5af3a5516bAndreas Gustafsson availability, the setuid bit and user root. The works only if
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews httpd is compiled with the shipped APR version (0.9.5).
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews PR 28287. [André Malo]
aa0dc8d920a1f79626c3564408db9c5c9a5319a7Andreas Gustafsson *) Unix MPMs: Stop dropping connections when the file descriptor
aa0dc8d920a1f79626c3564408db9c5c9a5319a7Andreas Gustafsson is at least FD_SETSIZE. [Jeff Trawick]
47d48791fc352fcdf9019200070221be41a8d77cMark Andrews *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson *) mod_isapi: send_response_header() failed to copy status string's
0d5e7cd0afaee07302f8364aa454f09b4c63ea79Andreas Gustafsson last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson *) Fix a segfault when requests for shared memory fails and returns
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson NULL. Fix a segfault caused by a lack of bounds checking on the
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson cache. PR 24801. [Graham Leggett]
22815444822da17fab82d4ab115da6e055ea1754Brian Wellington *) Throw an error message if an attempt is made to use the LDAPTrustedCA
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson or LDAPTrustedCAType directives in a VirtualHost. PR 26390
22815444822da17fab82d4ab115da6e055ea1754Brian Wellington [Brad Nicholes]
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson *) Fix a potential segfault if the bind password in the LDAP cache
35db8a8eda6a889675138eb125d366c8851f68a5Andreas Gustafsson is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
c6de6524d777c90ae8011af8b10f5cac044081e5Mark Andrews *) Quotes cannot be used around require group and require dn
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington directives, update the documentation to reflect this. Also add
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington quotes around the dn and group within debug messages, to make it
5e88852b94830bf71e37dc700d568cb35e2e6f7eAndreas Gustafsson more obvious why authentication is failing if quotes are used in
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington error. PR 19304. [Graham Leggett]
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
bd6504aa9aa16a912412fbe010046aaf4bf23621Brian Wellington from escaping filters twice when the backslash character is used.
e9596e1fb3dfa560216776acdbfac3cf5ef97157Mark Andrews PR 24437. [Jess Holle <jessh ptc.com>]
1e289d3cca5cdd01dda650fa6e4c1de1aa8b4196Andreas Gustafsson *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley functions leave the connections in a sane state after errors have
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
c54210716ee55b55e22d8dad56fd696a641fc98dBob Halley 27271 [Graham Leggett]
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington *) mod_ldap calls ldap_simple_bind_s() to validate the user
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson credentials. If the bind fails, the connection is left
3fcf6b956f47405750724bd84e1b2290b61c9186Brian Wellington in an unbound state. Make sure that the ldap connection
1e289d3cca5cdd01dda650fa6e4c1de1aa8b4196Andreas Gustafsson record is updated to show that the connection is no longer
1e289d3cca5cdd01dda650fa6e4c1de1aa8b4196Andreas Gustafsson bound. [Brad Nicholes]
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson *) Ensure that lines in the request which are too long are
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson properly terminated before logging.
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson *) Update the bind credentials for the cached LDAP connection to
96ed62425310854fd6f6f06bfb7651b3e4c17ee7Andreas Gustafsson reflect the last bind. This prevents util_ldap from creating
5733d25b06b46067b3751d10436d82aef09cd705Brian Wellington unnecessary connections rather than reusing cached connections.
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson [Brad Nicholes]
5733d25b06b46067b3751d10436d82aef09cd705Brian Wellington *) mod_isapi: GetServerVariable returned improperly terminated header
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
5733d25b06b46067b3751d10436d82aef09cd705Brian Wellington [Jesse Pelton <jsp pkc.com>]
debff476ad3512687a354499c25d2793e2009acdBrian Wellington *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson size. PR 20617. [Jesse Pelton <jsp pkc.com>]
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson *) mod_dav: Fix a problem that could cause crashes when manipulating
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson locks on some platforms. [Jeff Trawick]
eb6e3b04169a766d2b968bcc978191605c2ef24cAndreas Gustafsson *) mod_headers no longer crashes if an empty header value should
7d8c3693d0426b56750b14d80c47df5e42fc75e4Andreas Gustafsson be added. [André Malo]
82c65f4f62819340ef8198932d3eab8a308a4874Andreas Gustafsson *) Fix segfault in mod_expires, which occured under certain
fed846067d265db1037483d81d01f3651c8a3f28Brian Wellington circumstances. PR 28047. [André Malo]
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson *) htpasswd: use apr_temp_dir_get() and general cleanup
a26ad011f382d12058478704cb5e90e6f4366d01Andreas Gustafsson [Guenter Knauf <eflash gmx.net>, Thom May]
57188b5ff2397c0517e55f622879e69ee547918dAndreas Gustafsson *) mod_ssl: Fix memory leak in session cache handling. PR 26562
7d8c3693d0426b56750b14d80c47df5e42fc75e4Andreas Gustafsson [Madhusudan Mathihalli]
7d8c3693d0426b56750b14d80c47df5e42fc75e4Andreas Gustafsson *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
9a72459b6040b30d043c5fd9e283441b847e569aAndreas Gustafsson a pool cleanup. PR 27945. [Joe Orton]
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson *) Add forensic logging module (mod_log_forensic).
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson *) logresolve: Allow size of log line buffer to be overridden at
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson build time (MAXLINE). PR 27793. [Jeff Trawick]
07c336a9a85791dff886b1e28514589a25d9b720Andreas Gustafsson *) Fix the comment delimiter in htdbm so that it correctly parses the
712fa28946312882a60b0c6a913914d3e8c69867Mark Andrews username comment. Also add a terminate function to allow NetWare
712fa28946312882a60b0c6a913914d3e8c69867Mark Andrews to pause the output before the screen is destroyed.
f2a16ec2e8970615d39f8fe339b215ad0a893b85Mark Andrews [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence *) Fix crash when Apache was started with no Listen directives.
f8644da8d948dbc973f6dd4c94a79774e16ec07bDavid Lawrence [Michael Corcoran <mcorcoran warpsolutions.com>]
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence *) core_output_filter: Fix bug that could result in sending
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence garbage over the network when module handlers construct
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence bucket brigades containing multiple file buckets all referencing
9bfa90768ab83ea5a8571c98d3774377da4bdcbeDavid Lawrence the same open file descriptor. [Bojan Smojver]
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence *) Fix memory corruption problem with ap_custom_response() function.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence The core per-dir config would later point to request pool data
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence that would be reused for different purposes on different requests.
2d67c2474475acf52c8251dc48bfb7565ee5f2ffDavid Lawrence [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
6a7a69e9f764812872ec2db775be2ac8bb073102Andreas Gustafsson *) Win32: Tweak worker thread accounting routines to eliminate
6a7a69e9f764812872ec2db775be2ac8bb073102Andreas Gustafsson server hang when number of Listen directives in httpd.conf
0a9a3d8c6daf9ffcfb62dbe366e26f521cbb9736Brian Wellington is greater than or equal to the setting of ThreadsPerChild.
8bcf7a157900c3a05168aaec708b8c664b96d797Andreas Gustafsson [Bill Stoddard]
f5ebf2f0c9e9d2068ace1dbcc2ef2ed3ebdbfde5Andreas GustafssonChanges with Apache 2.0.49
34d5676aac483e00e16056a6834a27b52bed42f0Brian Wellington *) SECURITY: CAN-2004-0174 (cve.mitre.org)
1d9ab721315555ac75e7d4f57585323909283688Andreas Gustafsson Fix starvation issue on listening sockets where a short-lived
1d9ab721315555ac75e7d4f57585323909283688Andreas Gustafsson connection on a rarely-accessed listening socket will cause a
1d9ab721315555ac75e7d4f57585323909283688Andreas Gustafsson child to hold the accept mutex and block out new connections until
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence another connection arrives on that rarely-accessed listening socket.
ef8d97818f0d30a4e09db97af695f504b311372cMark Andrews With Apache 2.x there is no performance concern about enabling the
112d9875bf33e2382f9a986d3e58fce08f1935fcOlafur Gudmundsson logic for platforms which don't need it, so it is enabled everywhere
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence except for Win32. [Jeff Trawick]
63fd201fde27ce408cde1c73a054e401fcfb9e3bDavid Lawrence *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
6af5c66df334c4e275e07b03c9b35e40dbaa4f31Andreas Gustafsson [Jeff Trawick]
519f8475ff8218e3981ae2b249eb1403da7c52f6Andreas Gustafsson *) Win32: find_read_listeners was not correctly handling multiple
edc1c60621b44fbc8131ad1542f657dd129f9a30Andreas Gustafsson listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
edc1c60621b44fbc8131ad1542f657dd129f9a30Andreas Gustafsson *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
edc1c60621b44fbc8131ad1542f657dd129f9a30Andreas Gustafsson [Manni Wood <manniwood planet-save.com>]
41626c0997c89dcdecf67c931f0031aadd507977Andreas Gustafsson *) Fix some piped log problems: bogus "piped log program '(null)'
41626c0997c89dcdecf67c931f0031aadd507977Andreas Gustafsson failed" messages during restart and problem with the logger
4f4e44c98f315bfadc6dded1b86b465222a83967David Lawrence respawning again after Apache is stopped. PR 21648, PR 24805.
464c2e4bb960d15bd60d53c3ef3ae7414b129037David Lawrence [Jeff Trawick]
464c2e4bb960d15bd60d53c3ef3ae7414b129037David Lawrence *) Fixed file extensions for real media files and removed rpm extension
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence *) Remove compile-time length limit on request strings. Length is
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence now enforced solely with the LimitRequestLine config directive.
6112718b0dbb01ffbfd3fabc61e30c7e4485b0a7David Lawrence [Paul J. Reder]
04260c5c48d234734863f0222e207b6564cd41a8David Lawrence *) mod_ssl: Send the Close Alert message to the peer before closing
04260c5c48d234734863f0222e207b6564cd41a8David Lawrence the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
f479c9ff5576b3d138c7e52cfc2319b185b7ebcfDavid Lawrence *) SECURITY: CVE-2004-0113 (cve.mitre.org)
f479c9ff5576b3d138c7e52cfc2319b185b7ebcfDavid Lawrence mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
f479c9ff5576b3d138c7e52cfc2319b185b7ebcfDavid Lawrence PR 27106. [Joe Orton]
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence *) mod_ssl: Fix bug in passphrase handling which could cause spurious
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence failures in SSL functions later. PR 21160. [Joe Orton]
504f7802d4c9b43db4820f496c4d00e078effa18David Lawrence *) mod_log_config: Fix corruption of buffered logs with threaded
6af5c66df334c4e275e07b03c9b35e40dbaa4f31Andreas Gustafsson MPMs. PR 25520. [Jeff Trawick]
3b6bcedffe1d326fd9f6aa3bfb1537af0975fab8Brian Wellington *) Fix mod_include's expression parser to recognize strings correctly
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson even if they start with an escaped token. [André Malo]
3b6bcedffe1d326fd9f6aa3bfb1537af0975fab8Brian Wellington *) Add fatal exception hook for use by diagnostic modules. The hook
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson is only available if the --enable-exception-hook configure parm
f808bd34fbd3dd9508e8183e8025635bc330c34aAndreas Gustafsson is used and the EnableExceptionHook directive has been set to
f808bd34fbd3dd9508e8183e8025635bc330c34aAndreas Gustafsson "on". [Jeff Trawick]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson *) Allow mod_auth_digest to work with sub-requests with different
f808bd34fbd3dd9508e8183e8025635bc330c34aAndreas Gustafsson methods than the original request. PR 25040.
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson [Josh Dady <jpd indecisive.com>]
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
841179549b6433e782c164a562eb3422f603533dAndreas Gustafsson argumentless containers.
6c6a6c9f5e2b3c6fd72263eac155e4feddb77316Brian Wellington ["Philippe M. Chiasson" <gozer cpan.org>]
6c6a6c9f5e2b3c6fd72263eac155e4feddb77316Brian Wellington *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
2445d14b1a95132a473aa30076d0ce1762027e76Mark Andrews [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
2445d14b1a95132a473aa30076d0ce1762027e76Mark Andrews *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
4585aeb2cc84c0e0602da5abf47c31f92ec3b6b2Mark Andrews [Glenn Nielsen <glenn apache.org>]
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson *) The whole codebase was relicensed and is now available under
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson the Apache License, Version 2.0 (http://www.apache.org/licenses).
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson [Apache Software Foundation]
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson *) Fixed cache-removal order in mod_mem_cache.
711c2be7d9d99ee4415bc4e41ebe4f7f31947b3bAndreas Gustafsson [Jean-Jacques Clar, Cliff Woolley]
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson *) mod_setenvif: Fix the regex optimizer, which under circumstances
56877490bc70e4004f6b5e4a16067750ca64be85Andreas Gustafsson treated the supplied regex as literal string. PR 24219.
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson instead of mmn. [André Malo]
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson could lead to a 400 (Bad Request) response. [André Malo]
ed0e1ae6bc3df39389a24d72cf544b2437bf8340Andreas Gustafsson *) Keep focus of ITERATE and ITERATE2 on the current module when
6cefb60af55912df4411389bccfc38a74e992332Mark Andrews the module chooses to return DECLINE_CMD for the directive.
6cefb60af55912df4411389bccfc38a74e992332Mark Andrews PR 22299. [Geoffrey Young <geoff apache.org>]
02e81689e3eff98a8d70c98a7cc45c150472316aBrian Wellington *) Add support for IMT minor-type wildcards (e.g., text/*) to
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson ExpiresByType. PR#7991 [Ken Coar]
02e81689e3eff98a8d70c98a7cc45c150472316aBrian Wellington *) Fix segfault in mod_mem_cache cache_insert() due to cache size
99a8d30559834dc12bd80f4f164fa6375f73cb62Mark Andrews becoming negative. PR: 21285, 21287
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence *) core.c: If large file support is enabled, allow any file that is
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence greater than AP_MAX_SENDFILE to be split into multiple buckets.
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence This allows Apache to send files that are greater than 2gig.
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence Otherwise we run into 32/64 bit type mismatches in the file size.
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence [Brad Nicholes]
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence *) proxy_http fix: mod_proxy hangs when both KeepAlive and
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence ProxyErrorOverride are enabled, and a non-200 response without a
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence body is generated by the backend server. (e.g.: a client makes a
dccd7f8459d811141fde04d4a307b9b695cf58b1David Lawrence request containing the "If-Modified-Since" and "If-None-Match"
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews headers, to which the backend server respond with status 304.)
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews *) mod_dav: Reject requests which include an unescaped fragment in the
afb0a628efd8ecf40f66f6b8d0711bca62be2a9aMark Andrews Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
17dba29ba5db791976e505114baee53a1dde88aaBrian Wellington *) Build array of allowed methods with proper dimensions, fixing
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson possible memory corruption. [Jeff Trawick]
17dba29ba5db791976e505114baee53a1dde88aaBrian Wellington *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
b5a86fe434c7d58d28af3b5c70c1743979f13aaeMark Andrews PR 15057. [Otmar Lendl <lendl nic.at>]
b5a86fe434c7d58d28af3b5c70c1743979f13aaeMark Andrews *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
3042b3e2711d00b7fd9ffbf51443ad761d30427fMark Andrews *) mod_usertrack no longer inspects the Cookie2 header for
fb13bc029f62193a07d92384a910a0317fc7e0b0Brian Wellington the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) mod_usertrack no longer overwrites other cookies.
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson PR 26002. [Scott Moore <apache nopdesign.com>]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) worker MPM: fix stack overlay bug that could cause the parent
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence process to crash. [Jeff Trawick]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Win32: Add Win32DisableAcceptEx directive. This Windows
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence NT/2000/CP directive is useful to work around bugs in some
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence third party layered service providers like virus scanners,
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence VPN and firewall products, that do not properly handle
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence WinSock 2 APIs. Use this directive if your server is issuing
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence AcceptEx failed messages.
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Make REMOTE_PORT variable available in mod_rewrite.
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence PR 25772. [André Malo]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Fix a long delay with CGI requests and keepalive connections on
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence AIX. [Jeff Trawick]
74cc9d733ca94d43310ff3df84d7a4644c0950f9Andreas Gustafsson *) mod_autoindex: Add 'XHTML' option in order to allow switching between
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) mod_ssl: Advertise SSL library version as determined at run-time rather
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Fix build with parallel make. PR 24643. [Joe Orton]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) mod_rewrite: In external rewrite maps lookup keys containing
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence a newline now cause a lookup failure. PR 14453.
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
adcd8c93196ad0a3516252d80597c3c52472ffb2David Lawrence *) Backport major overhaul of mod_include's filter parser from 2.1.
5455f30a7532738d750252c00e649890c694ee30Brian Wellington The new parser code is expected to be more robust and should
5455f30a7532738d750252c00e649890c694ee30Brian Wellington catch all of the edge cases that were not handled by the previous one.
e2fd12f3a020ca8c5de168a44fb72e339cdaa3e9Brian Wellington The 2.1 external API changes were hidden by a wrapper which is
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson expected to keep the API backwards compatible. [André Malo]
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington *) Add a hook (insert_error_filter) to allow filters to re-insert
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington themselves during processing of error responses. Enable mod_expires
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington to use the new hook to include Expires headers in valid error
cf74d05a50e342e5b3870005c04ae5ed8013ab3eBrian Wellington responses. This addresses an RFC violation. It fixes PRs 19794,
2ae4dd0dbd50b3159476537c60ccdc8b64364356Mark Andrews 24884, and 25123. [Paul J. Reder]
2ae4dd0dbd50b3159476537c60ccdc8b64364356Mark Andrews *) Add Polish translation of error messages. PR 25101.
4fbd6a13a5ba6ec1e9bd080cba86c74b3b92c894Mark Andrews [Tomasz Kepczynski <tomek jot23.org>]
f3ac8ee19231ae3018ec21756f19b1bd639ce7e7Andreas Gustafsson *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
f3ac8ee19231ae3018ec21756f19b1bd639ce7e7Andreas Gustafsson supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
af0be81b2f6ea700dd882d3b18468c7815bd5ef2Andreas Gustafsson Bill Stoddard]
0b135de5a52acec5bb42f96b4e79484d1629fd93Brian Wellington *) Add mod_status hook to allow modules to add to the mod_status
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson report. [Joe Orton]
5ce23ccf3f324dc90ab9b4426b1da6284b0e2abfAndreas Gustafsson *) Fix htdbm to generate comment fields in DBM files correctly.
5ce23ccf3f324dc90ab9b4426b1da6284b0e2abfAndreas Gustafsson [Justin Erenkrantz]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson *) mod_dav: Use bucket brigades when reading PUT data. This avoids
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson problems if the data stream is modified by an input filter. PR 22104.
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson *) Fix RewriteBase directive to not add double slashes. [André Malo]
508d17362c2c43ddf95ddc87ae6a8c5f32f35323Andreas Gustafsson *) Improve 'configure --help' output for some modules. [Astrid Keßler]
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson *) Correct UseCanonicalName Off to properly check incoming port number.
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson [Jim Jagielski]
e7a4f58d55042cbc981a70b5071aaea46b9ebf7fAndreas Gustafsson *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
5fdc9aaf401f6816df65d0e9cf701872f345c558Andreas Gustafsson *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
5fdc9aaf401f6816df65d0e9cf701872f345c558Andreas Gustafsson if any property values were set which defined namespaces these
5fdc9aaf401f6816df65d0e9cf701872f345c558Andreas Gustafsson came out mangled in the PROPFIND response. PR 11637.
6060b0ac76667afae3c9132ab6e3568a7a693f5dAndreas Gustafsson [Amit Athavale <amit_athavale persistent.co.in>]
50097b38c075be55a73bb3737d091c503c70061dBrian Wellington *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
50097b38c075be55a73bb3737d091c503c70061dBrian Wellington the destination resource gives a 401. PR 15571. [Joe Orton]
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley *) SECURITY: CVE-2003-0020 (cve.mitre.org)
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley Escape arbitrary data before writing into the errorlog. Unescaped
af1a99a13d73126760b755d63ff7ef8c28ca9070Bob Halley errorlogs are still possible using the compile time switch
751aa24c98fea02215cad95a08411af547d70e41Bob Halley "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
fd5847ef0954117d5f905dbbfb68f1e67e4f285fAndreas Gustafsson *) mod_autoindex / core: Don't fail to show filenames containing
fd5847ef0954117d5f905dbbfb68f1e67e4f285fAndreas Gustafsson special characters like '%'. PR 13598. [André Malo]
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson *) mod_status: Report total CPU time accurately when using a threaded
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson MPM. PR 23795. [Jeff Trawick]
82e991b8ed4e0ed3b010d191e0cadfd60226c2d9Andreas Gustafsson *) Fix memory leak in handling of request bodies during reverse
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews *) Win32 MPM: Implement MaxMemFree to enable setting an upper
f08f3c6caeb8460cb679a8687f61da61fff69fb0Mark Andrews limit on the amount of storage used by the bucket brigades
69d44b2f5ac8e35bdb0b80aeb304f5cb62197892Mark Andrews in each server thread. [Bill Stoddard]
8fbd23c0aaacdde1348b6457c5db14c433096fd2Andreas Gustafsson *) Modified the cache code to be header-location agnostic. Also
8fbd23c0aaacdde1348b6457c5db14c433096fd2Andreas Gustafsson fixed a number of other cache code bugs related to PR 15852.
8fbd23c0aaacdde1348b6457c5db14c433096fd2Andreas Gustafsson Includes a patch submitted by Sushma Rai <rsushma novell.com>.
5f539d5fc68ca056bd1791e3156b0fe6b28cde16Brian Wellington This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson closing the PR since that is what they are using. [Paul J. Reder]
76477bd0e0a8f150f06f45c347d286b782cfa679Brian Wellington *) complain via error_log when mod_include's INCLUDES filter is
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson enabled, but the relevant Options flag allowing the filter to run
76477bd0e0a8f150f06f45c347d286b782cfa679Brian Wellington for the specific resource wasn't set, so that the filter won't
76477bd0e0a8f150f06f45c347d286b782cfa679Brian Wellington silently get skipped. next remove itself, so the warning will be
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson *) mod_info: HTML escape configuration information so it displays
e491ef29043ae77d3d78fb7a59328f143fcf70feAndreas Gustafsson correctly. PR 24232. [Thom May]
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley *) Restore the ability to add a description for directories that
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley don't contain an index file. (Broken in 2.0.48) [André Malo]
1a286a6613d385b443030a8c932e40ac9e9c301fBob Halley *) Fix a problem with the display of empty variables ("SetEnv foo") in
3242899a56da9c245956979d5be9c92b2cf0ee24Andreas Gustafsson mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
3242899a56da9c245956979d5be9c92b2cf0ee24Andreas Gustafsson *) mod_log_config: Log the minutes component of the timezone correctly.
ecaedd50f4e6b8cff110f9981a0a33a34269d421Mark Andrews PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
296253a3b9dec61190cce77e8b551e05ff514fcdAndreas Gustafsson *) mod_proxy: Fix cases where an invalid status-line could be sent
de8717a7218a4f034144ad7b8755ad43e3fd45c9David Lawrence to the client. PR 23998. [Joe Orton]
de8717a7218a4f034144ad7b8755ad43e3fd45c9David Lawrence *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
6f115bdb61672871bd822bdcd09cb1a3aad38aa0David Lawrence are also loaded. [Joe Orton]
6f115bdb61672871bd822bdcd09cb1a3aad38aa0David Lawrence *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
1ac6cf2f7ae95e4c915cba7038e61930d7c4ba2aAndreas Gustafsson thread-safe interface for retrieving error strings. [Joe Orton]
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson avoid reporting an Internal Server error if it is used without
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson having been set in the httpd.conf file. PR: 23748, 24459
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson [André Malo, Liam Quinn <liam htmlhelp.com>]
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
5e194abb5b548524e5c0fd2bb4627ec698b75e2bAndreas Gustafsson option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
09ae77ca30eb17ee32d3f7720ca796a72259cde6Andreas Gustafsson *) mod_include no longer allows an ETag header on 304 responses.
09ae77ca30eb17ee32d3f7720ca796a72259cde6Andreas Gustafsson PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
cedd0ab1e812ec7cf05d57c3e602db41b79f0a2aAndreas Gustafsson *) EBCDIC: Convert header fields to ASCII before sending (broken
8c3989000a19f88415d094eb5984f7cf6ba2340cBrian Wellington since 2.0.44). [Martin Kraemer]
8c3989000a19f88415d094eb5984f7cf6ba2340cBrian Wellington *) Fix the inability to log errors like exec failure in
ac6afcd0caf72aaa2a537e0003de30b363b4a68bBrian Wellington mod_ext_filter/mod_cgi script children. This was broken after
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson such children stopped inheriting the error log handle.
ac6afcd0caf72aaa2a537e0003de30b363b4a68bBrian Wellington [Jeff Trawick]
c20ffa38dee7efa0dc01822d4bac5e41729b9b61Brian Wellington *) Fix mod_info to use the real config file name, not the default
9ffcab1e9a398e431c10c9936c28e4166c2e82e0Andreas Gustafsson config file name. [Aryeh Katz <aryeh secured-services.com>]
9ffcab1e9a398e431c10c9936c28e4166c2e82e0Andreas Gustafsson *) Set the scoreboard state to indicate logging prior to running
2b7a77a68e27fc7991a857d403cb34b2ae90fc0bMark Andrews logging hooks so that server-status will show 'L' for hung loggers
4df51a8f53381d57b3dd75dd84615abd4cf9e969Andreas Gustafsson instead of 'W'. [Jeff Trawick]
76873278a44e5ac36ac61b070035ca6d1f353f59Andreas GustafssonChanges with Apache 2.0.48
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson *) SECURITY: CAN-2003-0789 (cve.mitre.org)
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson communicate with the cgid daemon and the CGI script.
aed6a8ed2e706404ccca0f31faf110fd6efd34e6Andreas Gustafsson [Jeff Trawick]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson *) SECURITY: CAN-2003-0542 (cve.mitre.org)
f8b3c627949bd4bc2f6aafb3dab2f56e3aa9ba06Brian Wellington Fix buffer overflows in mod_alias and mod_rewrite which occurred
f8b3c627949bd4bc2f6aafb3dab2f56e3aa9ba06Brian Wellington if one configured a regular expression with more than 9 captures.
55ddb88e53838693370c213930beda1652b8a583Brian Wellington *) mod_include: fix segfault which occured if the filename was not
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington set, for example, when processing some error conditions.
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson PR 23836. [Brian Akins <bakins web.turner.com>, André Malo]
3efd6904134ef6c4866a633eabeb55d1c86be7bbBrian Wellington *) fix the config parser to support <Foo>..</Foo> containers (no
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson arguments in the opening tag) supported by httpd 1.3. Without
3efd6904134ef6c4866a633eabeb55d1c86be7bbBrian Wellington this change mod_perl 2.0's <Perl> sections are broken.
70d08aea0a693c6ca62c2f7bb33bfddf9e427601Brian Wellington ["Philippe M. Chiasson" <gozer cpan.org>]
70d08aea0a693c6ca62c2f7bb33bfddf9e427601Brian Wellington *) mod_cgid: fix a hash table corruption problem which could
907620b5e0d898da324192cbbe5a5b518f55d175Bob Halley result in the wrong script being cleaned up at the end of a
907620b5e0d898da324192cbbe5a5b518f55d175Bob Halley request. [Jeff Trawick]
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington *) Update httpd-*.conf to be clearer in describing the connection
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington between AddType and AddEncoding for defining the meaning of
2c9db9314993504064c1a71f4a059ff9493a75caBrian Wellington compressed file extensions. [Roy Fielding]
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence PR 23416. [André Malo]
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence rewritten request using "proxy:". The code was adding multiple "proxy:"
9027e1bcf1b245226e3053a75d16c5351d7e60caDavid Lawrence fields in the rewritten URI. PR: 13946.
668f8d91db59f4dd89a0b54206f87879354339f5Brian Wellington [Eider Oliveira <eider bol.com.br>]
d7ba3622ffa20c653ef6c8cfae42d8cd26465b7fBrian Wellington *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
c0968380c4fb0b8196aafb8de225531bd847bb6dBrian Wellington *) Ensure that ssl-std.conf is generated at configure time, and switch
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson to using the expanded config variables to work the same as
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
c1ff0308f3f67bf148f96ca952db081eb5fd8383Brian Wellington *) mod_autoindex: If a directory contains a file listed in the
b879ed05f4fb8209add6c19a509c984b6c8b3a98Andreas Gustafsson DirectoryIndex directive, the folder icon is no longer replaced
b52a5b063050f209b0f47379178a1e7ae7404624Andreas Gustafsson by the icon of that file. PR 9587.
b52a5b063050f209b0f47379178a1e7ae7404624Andreas Gustafsson [David Shane Holden <dpejesh yahoo.com>]
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson *) Fixed mod_usertrack to not get false positive matches on the
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson user-tracking cookie's name. PR 16661.
34613b2e39478a83076f6a626a4b855cebb19533Andreas Gustafsson [Manni Wood <manniwood planet-save.com>]
eb059776a206e9be778de0f196a0304b558a779cAndreas Gustafsson *) mod_cache: Fix the cache code so that responses can be cached
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson if they have an Expires header but no Etag or Last-Modified
6eccf5bd07eb9abf65cc08fec4a8fc97b62c0e1bBrian Wellington headers. PR 23130.
3d1483d86dce11fffd03c5b6c93be2e689f522abAndreas Gustafsson *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
3bd8e7cf1c082cd1021e5a6cae1cf21911217858Brian Wellington were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
3d1483d86dce11fffd03c5b6c93be2e689f522abAndreas Gustafsson *) Modify ap_get_client_block() to note if it has seen EOS.
b8a85202af814468421a6541b4c935bd14773c53Brian Wellington [Justin Erenkrantz]
b879ed05f4fb8209add6c19a509c984b6c8b3a98Andreas Gustafsson *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
b879ed05f4fb8209add6c19a509c984b6c8b3a98Andreas Gustafsson content if the Accept-Encoding header contained only other tokens than
48565891e8f2f8c77b87908b4893f693a08e9ba9Brian Wellington "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson *) Avoid an infinite recursion, which occured if the name of an included
b0390aab30438a13f533cccae9389945214b1421Brian Wellington config file or directory contained a wildcard character. PR 22194.
b0390aab30438a13f533cccae9389945214b1421Brian Wellington *) mod_ssl: Fix a problem setting variables that represent the
eb059776a206e9be778de0f196a0304b558a779cAndreas Gustafsson client certificate chain. PR 21371 [Jeff Trawick]
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson *) Unix: Handle permissions settings for flock-based mutexes in
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson unixd_set_global|proc_mutex_perms(). Allow the functions to be
4c03e69ab845f703c1ffa3b7772938ca98cce44dAndreas Gustafsson called for any type of mutex. PR 20312 [Jeff Trawick]
225a66da7ea2671a3e4db3cc4337f97ff67be647Brian Wellington *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
225a66da7ea2671a3e4db3cc4337f97ff67be647Brian Wellington *) Fix a misleading message from the some of the threaded MPMs when
d9112843333472bb7700c02a10d18e2b253b2708Bob Halley MaxClients has to be lowered due to the setting of ServerLimit.
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson [Jeff Trawick]
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson *) Lower the severity of the "listener thread didn't exit" message
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson to debug, as it is of interest only to developers. PR 9011
279de54fe3a0ac10b64762b18a4569c07b15d742Andreas Gustafsson [Jeff Trawick]
04cb6056a6539539e0fc2ed695298f7fa7b1d632Brian Wellington *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
17789c880460c0bca3f3693c759be2214b936e69Brian Wellington [Cliff Woolley, Jean-Jacques Clar]
55b62439233d930152690b9eba97b06d9dc13d23Mark Andrews *) Install config.nice into the build/ directory to make
02e7e0ba65a26a5f8728b0ee256f7253795cf839Brian Wellington minor version upgrades easier. [Joshua Slive]
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence *) Fix mod_deflate so that it does not call deflate() without checking
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence first whether it has something to deflate. (Currently this causes
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence deflate to generate a fatal error according to the zlib spec.)
590233519e14f3cf49840a93d2648d5560dd957eDavid Lawrence PR 22259. [Stas Bekman]
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson identity spoof is encountered.
123a3dddc94534d3a6c6f81c118a5b63dc5994c3Andreas Gustafsson [Sander Striker]
5ea0d11ca45bfd1ea9db8db07f18fbb02f500661Brian Wellington *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
88a790c39176f72a8f98f134b83df92e09a8c56bAndreas Gustafsson containing the .htaccess file is requested without a trailing slash.
5ea0d11ca45bfd1ea9db8db07f18fbb02f500661Brian Wellington PR 20195. [André Malo]
d25dd5b0567f67ecf40b7ed1cb20e0dce7b41c49Brian Wellington *) ab: Overlong credentials given via command line no longer clobber
d25dd5b0567f67ecf40b7ed1cb20e0dce7b41c49Brian Wellington the buffer. [André Malo]
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews *) mod_deflate: Don't attempt to hold all of the response until we're
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley done. [Justin Erenkrantz]
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley *) Assure that we block properly when reading input bodies with SSL.
7c058f1c384ebdba74231111f9358cf08109a5dbBob Halley PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
4e3f8e480f220ef8a87fd28d02f9001b8fc6f423Bob Halley *) mod_ext_filter: Set additional environment variables for use by
f9e1aa0c440b6c6938967ed5356ec025ea40502eBrian Wellington the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
f9e1aa0c440b6c6938967ed5356ec025ea40502eBrian Wellington *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson *) Remember an authenticated user during internal redirects if the
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson redirection target is not access protected and pass it
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson to scripts using the REDIRECT_REMOTE_USER environment variable.
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson PR 10678, 11602. [André Malo]
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson *) mod_include: Fix a trio of bugs that would cause various unusual
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson sequences of parsed bytes to omit portions of the output stream.
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson *) Update the header token parsing code to allow LWS between the
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson token word and the ':' seperator. [PR 16520]
dc2e09d48b49d96a0572a971180718f680140cf0Andreas Gustafsson [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
620de5a4b1f23dc9b4ec30d30c0607ff389be0daBob Halley [Joe Schaefer <joe+gmane sunstarsys.com>]
68b952dc98a9e02b269c0712da120cd773679652Brian Wellington *) Added FreeBSD directory layout. PR 21100.
68b952dc98a9e02b269c0712da120cd773679652Brian Wellington [Sander Holthaus <info orangexl.com>, André Malo]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson *) mod_rewrite: Perform child initialization on the rewrite log lock.
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson This fixes a log corruption issue when flock-based serialization
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson is used (e.g., FreeBSD). [Jeff Trawick]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson *) Don't respect the Server header field as set by modules and CGIs.
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson As with 1.3, for proxy requests any such field is from the origin
ed0a4f1a302a5e543a9a2e4f8e61ca8a0673c6a7Mark Andrews server; otherwise it will have our server info as controlled by
ed0a4f1a302a5e543a9a2e4f8e61ca8a0673c6a7Mark Andrews the ServerTokens directive. [Jeff Trawick]
a93cf7e83be621d3d68f51e37121a47a70a6757bMark AndrewsChanges with Apache 2.0.47
a97b72bac75dd2b4294108f59e1273f50495583cAndreas Gustafsson *) SECURITY: CAN-2003-0192 (cve.mitre.org)
c05eeed3c915d55a4949f5c2ce8700a0b0f9381bAndreas Gustafsson Fixed a bug whereby certain sequences of per-directory
1c1156b6e71555e593ed4bbca2284055c9f6fa45Andreas Gustafsson renegotiations and the SSLCipherSuite directive being used to
1c1156b6e71555e593ed4bbca2284055c9f6fa45Andreas Gustafsson upgrade from a weak ciphersuite to a strong one could result in
c05eeed3c915d55a4949f5c2ce8700a0b0f9381bAndreas Gustafsson the weak ciphersuite being used in place of the strong one.
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington *) SECURITY: CAN-2003-0253 (cve.mitre.org)
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington Fixed a bug in prefork MPM causing temporary denial of service
14c615e979f674aa61b0ca65c6a252009e521dd8Brian Wellington when accept() on a rarely accessed port returns certain errors.
3bb043a8b8b15eece3794ec31ad0ccab103a1c21Brian Wellington Reported by Saheed Akhtar <S.Akhtar talis.com>. [Jeff Trawick]
d1cc210d2091916df6f9858fae20a1c760f3b257Andreas Gustafsson *) SECURITY: CAN-2003-0254 (cve.mitre.org)
df0f58959ed82a2a43ca8d816ce9592541df9f2fMark Andrews Fixed a bug in ftp proxy causing denial of service when target
4d35b6836eb57387a9da6b103331b59cc988b827Mark Andrews host is IPv6 but proxy server can't create IPv6 socket. Fixed by
903e9d41ef730f098d38da9588f2824f37b7d73cMark Andrews the reporter. [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) SECURITY [VU#379828] Prevent the server from crashing when entering
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley infinite loops. The new LimitInternalRecursion directive configures
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley limits of subsequent internal redirects and nested subrequests, after
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley which the request will be aborted. PR 19753 (and probably others).
f4b5a0f43481026ea27bd96e3584ca0e92542f0dBob Halley [William Rowe, Jeff Trawick, André Malo]
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson *) core_output_filter: don't split the brigade after a FLUSH bucket if
4e605108c6533c2ec6311ee7a466582392656dddAndreas Gustafsson it's the last bucket. This prevents creating unneccessary empty
6211baaa66d7cac28a21b6426681e597ff04ca9eAndreas Gustafsson brigades which may not be destroyed until the end of a keepalive
ea544b0511a66bc5f3700d56a72dcd808fdf22e8Brian Wellington *) Add support for "streamy" PROPFIND responses.
a012d6dbfb100390efa7d0d4be64ada0210b09ddBrian Wellington [Ben Collins-Sussman <sussman collab.net>]
a012d6dbfb100390efa7d0d4be64ada0210b09ddBrian Wellington *) mod_cgid: Eliminate a double-close of a socket. This resolves
c44ab73a0f37fa8c8a52069ca20dd060492dbafdAndreas Gustafsson various operational problems in a threaded MPM, since on the
7ae7d499f353549162ddcf6fed957ea21e4fa52bMark Andrews second attempt to close the socket, the same descriptor was
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson often already in use by another thread for another purpose.
1e50dad10da55802152d00d5573f8b7d49d752a6Bob Halley [Jeff Trawick]
1e50dad10da55802152d00d5573f8b7d49d752a6Bob Halley *) mod_negotiation: Introduce "prefer-language" environment variable,
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson which allows to influence the negotiation process on request basis
1e50dad10da55802152d00d5573f8b7d49d752a6Bob Halley to prefer a certain language. [André Malo]
c8d185ad5827bf2cf9982075e3336f680759a260Andreas Gustafsson *) Make mod_expires' ExpiresByType work properly, including for
40c1177517ca5312371da6cc697d813576cfe5a8Andreas Gustafsson dynamically-generated documents. [Ken Coar, Bill Stoddard]
22cafd0ece9c8d22a1218f000afdbceda21fe8afBrian WellingtonChanges with Apache 2.0.46
2cb74c5bc52ef415a771fafe0bf504eab609feadBrian Wellington *) SECURITY: CAN-2003-0245 (cve.mitre.org)
2cb74c5bc52ef415a771fafe0bf504eab609feadBrian Wellington Fixed a bug causing apr_pvsprintf() to crash by sending an overly
3d60fe9bafbf633e3a7811c11227baebb17878a4Brian Wellington long string. This can be triggered remotely through mod_dav,
3d60fe9bafbf633e3a7811c11227baebb17878a4Brian Wellington mod_ssl, and other mechanisms.
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington Reported by David Endler <DEndler iDefense.com>. [Joe Orton]
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington *) SECURITY: CAN-2003-0189 (cve.mitre.org)
218c8472e6c8c1a014e412615cc97bb93c0ef9c2Brian Wellington Fixed a denial-of-service vulnerability affecting basic
f24c135e09214c3843a49fd32ebef2f6a436ba8eBrian Wellington authentication on Unix platforms related to thread-safety in
f24c135e09214c3843a49fd32ebef2f6a436ba8eBrian Wellington apr_password_validate().
d77312050f1fb1d41b450d4fe6908ea155264d08Brian Wellington Reported by John Hughes <john.hughes entegrity.com>.
4b9f0fd0791cb9cb31087789a03fa3a28dd4b583Andreas Gustafsson *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
02940eaf0f732c28c0b39ed114a3803074a80138Andreas Gustafsson when a MKACTIVITY request comes in.
02940eaf0f732c28c0b39ed114a3803074a80138Andreas Gustafsson [Ben Collins-Sussman <sussman collab.net>]
dc1453b15d6656cd0661d5bec56359efa649268dAndreas Gustafsson *) Perform run-time query in apxs for apr and apr-util's includes.
9a7d163f6f305d48771b4c56d8d18efc6dfc8fc3Mark Andrews [Justin Erenkrantz]
31039b15173fb3e375269991920e4843f664457eMark Andrews *) run libtool from the apr install directory (in case that is different
31039b15173fb3e375269991920e4843f664457eMark Andrews from the apache install directory) [Jeff Trawick]
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
aa23a35d81a9618a40c4a9b44be48009553e4777Andreas Gustafsson *) If mod_mime_magic does not know the content-type, do not attempt to
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
019fefd77d7e77f3c841808ab604f8ce31679d2dBrian Wellington *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson caching. PR 17864.
91425b5e7204b05165e2c5b244f3dad502f9627dBrian Wellington [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
91425b5e7204b05165e2c5b244f3dad502f9627dBrian Wellington *) Add a delete flag to htpasswd.
b18a5b6730dcb062cf7f47c6b3cb909030b58f36Brian Wellington *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
e880677f633f726b7df11ba3e59d4406e22256aaMark Andrews now work scheme dependent and the query string will only be
e880677f633f726b7df11ba3e59d4406e22256aaMark Andrews appended if supported by the particular scheme. [André Malo]
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson *) Add another check for already compressed content in mod_deflate.
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson *) Fixes for VPATH builds; copying special.mk and any future .mk files
328b080b4af258fdd4d3a2ea1558b48706bd8116Andreas Gustafsson from the source tree as well as the build tree (now creates a usable
9e560b59a722d06a62b5aed761e71fec72638a7cBrian Wellington configuration for apxs), and eliminated redundant -I'nclude paths.
9e560b59a722d06a62b5aed761e71fec72638a7cBrian Wellington [William Rowe]
f91dc72b422479b5a0caf1fe54c4054d25ae6055Brian Wellington *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson for SSLC and OpenSSL toolkit compatibility. Still work remains to
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson be done to cripple features based on the limitations of RSA's binary
7e361074bc8a2df7a0891a7040eea02ca3a5e286Andreas Gustafsson distribution of their SSL-C toolkit.
d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28Bob Halley [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28Bob Halley *) Linux 2.4+: If Apache is started as root and you code
d6b3d06db7ce3b9229dc30cc0e3a72ba2603da28Bob Halley CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
8e68489885e744ab48907414b4199c36858c27ddMark Andrews *) ap_get_mime_headers_core: allocate space for the trailing null
c17c59662f0969a5e52e8b7529cbde1a7c746095Andreas Gustafsson when folding is in effect.
c17c59662f0969a5e52e8b7529cbde1a7c746095Andreas Gustafsson PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
c17c59662f0969a5e52e8b7529cbde1a7c746095Andreas Gustafsson *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
d8d95c7d2eae28c5adbde097e88efa115bae6f35Andreas Gustafsson *) mod_log_config: Add the ability to log the id of the thread
651421a5db8a9edf39c76fd8cf859409eb8c373bAndreas Gustafsson processing the request via new %P formats. [Jeff Trawick]
651421a5db8a9edf39c76fd8cf859409eb8c373bAndreas Gustafsson *) Use appropriate language codes for Czech (cs) and Traditional Chinese
651421a5db8a9edf39c76fd8cf859409eb8c373bAndreas Gustafsson (zh-tw) in default config files. PR 9427. [André Malo]
7427490a67b9547242b57c255254f7e146127c48Bob Halley *) mod_auth_ldap: Use generic whitespace character class when parsing
7427490a67b9547242b57c255254f7e146127c48Bob Halley "require" directives, instead of literal spaces only. PR 17135.
7427490a67b9547242b57c255254f7e146127c48Bob Halley [André Malo]
fbe35d126f2c4df000f50662ed9d90ced13188c3Andreas Gustafsson *) Hook mod_rewrite's type checker before mod_mime's one. That way the
dfa0badebe5a8260281228d94dbe28e4314a9df6Andreas Gustafsson RewriteRule [T=...] Flag should work as expected now. PR 19626.
dfa0badebe5a8260281228d94dbe28e4314a9df6Andreas Gustafsson *) htpasswd: Check the processed file on validity. If a line is not empty
2d0627005d48b7657fa11792c123466b4f974b61Mark Andrews and not a comment, it must contain at least one colon. Otherwise exit
2d0627005d48b7657fa11792c123466b4f974b61Mark Andrews with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
b1b3495eba72ea2b7270c5cd62b0bb824de74e05Mark Andrews *) Fix a problem that caused httpd to be linked with incorrect flags
b1b3495eba72ea2b7270c5cd62b0bb824de74e05Mark Andrews on some platforms when mod_so was enabled by default, breaking
80ddc8b22bf2ede60038393be5cad9da99d3f03fAndreas Gustafsson DSOs on AIX. PR 19012 [Jeff Trawick]
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington *) By default, use the same CC and CPP with which APR was built.
94baac869a70b529a24ff23d8dc899faa5d4fdc4Brian Wellington The user can override with CC and CPP environment variables.
1ac2c28488fb5de80b3ce9aac3500d215cb61728Brian Wellington [Jeff Trawick]
1ac2c28488fb5de80b3ce9aac3500d215cb61728Brian Wellington *) Fix ap_construct_url() so that it surrounds IPv6 literal address
a1cad3b231800ca928751ff8889bdc6d312d1f88Andreas Gustafsson strings with []. This fixes certain types of redirection.
a1cad3b231800ca928751ff8889bdc6d312d1f88Andreas Gustafsson PR 19207. [Jeff Trawick]
702a69f04a89422968ef8fc6fc271fac058e03efBrian Wellington *) forward port of buffer overflow fixes for htdigest. [Thom May]
702a69f04a89422968ef8fc6fc271fac058e03efBrian Wellington *) Added AllowEncodedSlashes directive to permit control of whether
0f537d1c63f643924355ff9ca2cf72c547101aa4Brian Wellington the server will accept encoded slashes ('%2f') in the URI path.
e4aeba32725a79e295c2ceed1919cba076530ba3Andreas Gustafsson Default condition is off (the historical behaviour). This permits
0f537d1c63f643924355ff9ca2cf72c547101aa4Brian Wellington environments in which the path-info needs to contain encoded
9ee323b64bc9dcd73f9a0a0e69a31475026721daAndreas Gustafsson slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
9ee323b64bc9dcd73f9a0a0e69a31475026721daAndreas Gustafsson *) When using Redirect in directory context, append requested query
c27148868266dd718b6677c794b3e6dca53c3bdcAndreas Gustafsson string if there's no one supplied by configuration. PR 10961.
c27148868266dd718b6677c794b3e6dca53c3bdcAndreas Gustafsson *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
80ddc8b22bf2ede60038393be5cad9da99d3f03fAndreas Gustafsson the pattern will not always match as desired. PR 12596.
f8a44ed40032e034883019ac556f3bb732491a32Mark Andrews [André Malo]
f1007e99b7db3f4e65663d348530f078adb48ccbMark Andrews *) mod_autoindex now emits and accepts modern query string parameter
07d6480b684d3745e645f35a8b95dae9bda982a3Mark Andrews delimiters (;). Thus column headers no longer contain unescaped
07d6480b684d3745e645f35a8b95dae9bda982a3Mark Andrews ampersands. PR 10880 [André Malo]
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson *) Enable ap_sock_disable_nagle for Windows. This along with the
ea6709ec8a66e3ffef9c9466613df499567c57f8Brian Wellington addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
ea6709ec8a66e3ffef9c9466613df499567c57f8Brian Wellington to be disabled for Windows. [Allan Edwards]
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson This patch reverts us to pre-2.0.46 behavior, using the
c2c275f5f4ead0943c76b6463cf7a93095559c64Andreas Gustafsson ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson was never compiled on Win32. [Allan Edwards, William Rowe]
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson *) Fix a build problem with passing unsupported --enable-layout
634784cb66a1c9ddee0c448f71580f024c8fe40bAndreas Gustafsson args to apr and apr-util. This broke binbuild.sh as well as
ce1269825c9d9c4bca42ae9750a7a2fd93a45557Mark Andrews user-specified layout parameters. PR 18649 [Justin Erenkrantz,
e8af4e152413190e5553c2fb3074a1cc689c6cefAndreas Gustafsson *) If a Date response header was already set in the headers array,
4d30acbac52fcb20a4f0ab4f8508f24861386fe7Brian Wellington this value was ignored in favour of the current time. This meant
4d30acbac52fcb20a4f0ab4f8508f24861386fe7Brian Wellington that Date headers on proxied requests where rewritten when they
4d30acbac52fcb20a4f0ab4f8508f24861386fe7Brian Wellington should not have been. PR: 14376 [Graham Leggett]
131d5feb05fce60143bc17dab73df20753d9301fBrian Wellington *) Add code to buildconf that produces an httpd.spec file from
131d5feb05fce60143bc17dab73df20753d9301fBrian Wellington httpd.spec.in, using build/get-version.sh from APR.
131d5feb05fce60143bc17dab73df20753d9301fBrian Wellington [Graham Leggett]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) Fixed a segfault when multiple ProxyBlock directives were used.
76c9d2f6c0a5d6ea8bcc35fc3228d2019507b2bbBrian Wellington PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
187a97287e626b2f2e9774479e145dfbf1eba66cBrian Wellington *) SECURITY: CAN-2003-0134 (cve.mitre.org)
187a97287e626b2f2e9774479e145dfbf1eba66cBrian Wellington OS2: Fix a Denial of Service vulnerability identified and
49576ae7a481415d5e815ff59b71c76203259619Andreas Gustafsson reported by Robert Howard <rihoward rawbw.com> that where device
49576ae7a481415d5e815ff59b71c76203259619Andreas Gustafsson names faulted the running OS2 worker process. The fix is
7ed2d93fa4e12e0ceaa0c7c0da3a89e7a5d78296Andreas Gustafsson actually in APR 0.9.4. [Brian Havard]
1ec527b71267747cc3ae4d9849aa4f6362c78ea9Brian Wellington *) Forward port: Escape special characters (especially control
1ec527b71267747cc3ae4d9849aa4f6362c78ea9Brian Wellington characters) in mod_log_config to make a clear distinction between
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington client-supplied strings (with special characters) and server-side
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington strings. This was already introduced in version 1.3.25.
bfd14616fa53e2572e7492a21467fad239deeae7Andreas Gustafsson *) mod_deflate: Check also err_headers_out for an already set
7ed2d93fa4e12e0ceaa0c7c0da3a89e7a5d78296Andreas Gustafsson Content-Encoding: gzip header. This prevents gzip compressed content
14bb9cccae74676e25ae145dc14a3681cc3022b9Mark Andrews from a CGI script from being compressed once more. PR 17797.
14bb9cccae74676e25ae145dc14a3681cc3022b9Mark Andrews [André Malo]
01b8865b1462ba219c90cf6c00f1bf0fdf780d9bBrian WellingtonChanges with Apache 2.0.45
3b77946b751f39bd4db5a7d1fe48a81e6b1e7a28Bob Halley *) Fix possible segfaults under obscure error conditions within the
fcc3c131e03cb7e844eaecf74d4f9b7fd38c8398Andreas Gustafsson cgid daemon. [Jeff Trawick, William Rowe]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) SECURITY: CAN-2003-0132 (cve.mitre.org)
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson Close a Denial of Service vulnerability identified by David
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington Endler <DEndler iDefense.com> on all platforms. An unlimited
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington stream of newlines were acceptable between requests where each
7017ede939a5d3e7f2dc113061887a9e81fe8627Brian Wellington <lf> would allocate an 80 byte buffer, leading very quickly to
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson memory exahustion. [Brian Pane]
66921d6dd259c4486a07aba19eee2b8349698575Brian Wellington *) Added an rpm build script.
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson [Graham Leggett, Joe Orton <jorton redhat.com>]
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson *) Simpler, faster code path for request header scanning [Brian Pane]
c50895694ef939f287aaa7505e0fcf634903bd34Mark Andrews *) SECURITY: Eliminated leaks of several file descriptors to child
be387fd057ee54ae5d84904e69587d6e29bd3950Mark Andrews processes, such as CGI scripts. This fix depends on the APR library
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson release 0.9.2 or later (0.9.3 was distributed with the httpd
d72269740049af28b091ba81d68a067c88f53547Mark Andrews source tarball for Apache 2.0.45.) PR 17206
6d3e8dffb447b9a961360f7f4fd77b0bdb81de76Andreas Gustafsson [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
7dbb39a417a28f61ba13e6e066c2f9c711f61471Mark Andrews *) Fix path handling of mod_rewrite, especially on non-unix systems.
a51f77a70bba62f227fb15fe72ecf959893e3f0fMark Andrews There was some confusion between local paths and URL paths.
a51f77a70bba62f227fb15fe72ecf959893e3f0fMark Andrews PR 12902. [André Malo]
5e16689bd396d261779526345a1c5207e3308477Andreas Gustafsson *) Prevent endless loops of internal redirects in mod_rewrite by
f7321615eaaf63461bd682513d2873d97ae31771Mark Andrews aborting after exceeding a limit of internal redirects. The
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson limit defaults to 10 and can be changed using the RewriteOptions
7dec36c225ad044a6546a4e232888f3412c030a8Brian Wellington directive. PR 17462. [André Malo]
7dec36c225ad044a6546a4e232888f3412c030a8Brian Wellington *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson all worker threads are busy.
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson [Igor Nazarenko <igor_nazarenko hotmail.com>]
ff7f1dc0393cfc8a033be7e94aa56cd57c97d174Andreas Gustafsson *) Keep the subrequest filter in place when a subrequest is
725fec8d79ff36402b0f90a7a05aafa7964e387fBrian Wellington redirected. PR 15423. [Jeff Trawick]
9b0c4bf7003db929fe00a345fc96fb97677d29e0Brian Wellington *) you can now specify the compression level for mod_deflate.
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
19c7cce8555ccc0c95455a0c35dedd017d420d05Mark Andrews Michael Schroepl <Michael.Schroepl telekurs.de>]
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson *) mod_deflate: Extend the DeflateFilterNote directive to
576f85e5fdb8805307f318db79dfc0d19e390d1aAndreas Gustafsson allow accurate logging of the filter's in- and outstream.
0c70ab306505d89983186e9f8bb8647de55b5d04Mark Andrews *) Allow SSLMutex to select/use the full range of APR locking
0c70ab306505d89983186e9f8bb8647de55b5d04Mark Andrews mechanisms available to it. Also, fix the bug that SSLMutex uses
0c70ab306505d89983186e9f8bb8647de55b5d04Mark Andrews APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
32e64787d9bd84a012ddac506f88fbc677b49377Brian Wellington Martin Kutschker <martin.t.kutschker blackbox.net>]
32e64787d9bd84a012ddac506f88fbc677b49377Brian Wellington *) Restore the ability of htdigest.exe to create files that contain
fa5a42fbad42f4e033376d5d4624e29d018d97b7Brian Wellington more than one user. PR 12910. [André Malo]
fa5a42fbad42f4e033376d5d4624e29d018d97b7Brian Wellington *) Improve binary compatibility of the core between debug (aka
fa5a42fbad42f4e033376d5d4624e29d018d97b7Brian Wellington maintainer-mode) and a non-debug compile.
12acad068846c11ad7bb9adb23f02a6fc37b4e17Andreas Gustafsson [Sander Striker]
523dd6a979865b8b1b8f1ecc81e5ce47a168c63fBrian Wellington *) mod_usertrack: don't set the cookie in subrequests. This works
5bb4ceb2a67fd558962f8a786c93daedc148a599Mark Andrews around the problem that cookies were set twice during fast internal
5bb4ceb2a67fd558962f8a786c93daedc148a599Mark Andrews redirects. PR 13211. [André Malo]
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington *) mod_autoindex no longer forgets output format and enabled version
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington sort in linked column headers. [André Malo]
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington *) Use .sv instead of .se as extension for Swedish documents in the
3f8ad70264645ebd6a2a8bc7e923271eb5bf8416Brian Wellington default configuration. PR 12877. [André Malo]
9b0e404e5fc71a2bd4fba8a66296477f815af7d5Brian Wellington *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
fff07c1022643da7274d4ba1b086c9c218762dc9Brian Wellington and standardized the LDAP SSL support across the various LDAP SDKs.
fff07c1022643da7274d4ba1b086c9c218762dc9Brian Wellington Isolated the SSL functionality to mod_ldap rather than speading it
fff07c1022643da7274d4ba1b086c9c218762dc9Brian Wellington across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson and LDAPTrustedCAType directives to mod_ldap to allow for a more
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson common method of specifying the SSL certificate.
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson [Dave Ward, Brad Nicholes]
c26c349eab7ca0499786c2091f0e407ec90eee6bAndreas Gustafsson *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson skip the first cert of the chain by default. This misbehavior
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
4817a0628785835abb57d06f2f616b4a6515ac2fAndreas Gustafsson be started on Unix because of such problems as bad permissions,
228c679d7a269423019f7c528db92e855f08240bMark Andrews bad shebang line, etc. [Jeff Trawick]
8c6058d00f89792733b5c8d4ceee84ab5025857bAndreas Gustafsson *) Fix 64-bit problem in mod_ssl input logic.
8c6058d00f89792733b5c8d4ceee84ab5025857bAndreas Gustafsson [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
d31498a54482c8d5d934875d3fdeaa621c962d6fBrian Wellington *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
d31498a54482c8d5d934875d3fdeaa621c962d6fBrian Wellington [Justin Erenkrantz]
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
a2a7eaf89cd68acdb16177bb05701107ceab52b9Brian Wellington [Justin Erenkrantz]
54ce9b2e29aafe1cb5f898a0983fb66e450e9559Brian Wellington *) Fix segfault which occurred when a section in an included
175ba246fb074ae8caca0e76ecc8055517ab486cBrian Wellington configuration file was not closed. PR 17093. [André Malo]
54ce9b2e29aafe1cb5f898a0983fb66e450e9559Brian Wellington *) Enhance the behavior of mod_isapi's WriteClient() callback to
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington provide better emulation for isapi modules that presume that the
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington first WriteClient() call may send status and headers. An example
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington of WriteClient() abuse is the foxisapi module, which relies on
7357590beef5f671cfdd4ec4304e5210adfb0d8aBrian Wellington that assumpion and now works. [William Rowe, Milan Kosina]
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews *) Check the return value of ap_run_pre_connection(). So if the
8dd5237a27e2e824d18f835dc711573aeb23a173Mark Andrews pre_connection phase fails (without setting c->aborted)
3b5102fc018a29e52befde5991844843c7b70786Michael Sawyer ap_run_process_connection is not executed. [Stas Bekman]
3b5102fc018a29e52befde5991844843c7b70786Michael Sawyer *) Fixed a problem with mod_ldap which caused it to fault when caching
61470ed14b20c55c0730461165faa582a3775eb8Mark Andrews was disabled. Needed to make sure that the code did not
bbd3d20d0843165a74698166a3180897fd019e18Andreas Gustafsson attempt to use the cache if it didn't exist. Also fixed some memory
3b5102fc018a29e52befde5991844843c7b70786Michael Sawyer leaks which were due to not releasing LDAP resources on error
f7e900edbc368275aa7cec7ebec0986e45aeadd7Mark Andrews conditions. [Brad Nicholes]
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington mod_rewrite proxied URLs will not be escaped accidentally by
ec772e873bd7f24418049b5b1b5d7c44ff781356Brian Wellington mod_proxy's fixup. PR 16368 [André Malo]
abfbf760f3bc2a6744b0249a31ca5153234b49e8Brian Wellington *) While processing filters on internal redirects, remember seen EOS
abfbf760f3bc2a6744b0249a31ca5153234b49e8Brian Wellington buckets also in the request structure of the redirect issuer(s). This
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley prevents filters (such as mod_deflate) from adding garbage to the
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley response. PR 14451. [André Malo]
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley *) suexec: Be more pedantic when cleaning environment. Clean it
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley immediately after startup. PR 2790, 10449.
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley [Jeff Stewart <jws purdue.edu>, André Malo]
065958bd3d26dbc25ff313cfcee07bb6a77ee47eBrian Wellington *) Fix apxs to insert LoadModule directives only outside of sections.
75768d5fa2c6c5c441b849ca4efa649a7c2a9e88Bob Halley PR 8712, 9012. [André Malo]
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence *) Fix suexec compile error under SUNOS4, where strerror() doesn't
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson exist. PR 5913, 9977.
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson *) Fix If header parsing when a non-mod_dav lock token is passed to it.
22dbaf9ad8065127fd93eff0f239fd9c548d18b6Andreas Gustafsson PR 16452. [Justin Erenkrantz]
184867e88b5a30bbc29f17edbc7b50a6c8a944e7David Lawrence *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
184867e88b5a30bbc29f17edbc7b50a6c8a944e7David Lawrence not specified. Now it assumes "/" as already documented. PR 16937.
fa280ff02ad0c29616a0c3a22ef02cbb3f6db7efDavid Lawrence *) Try to log an error if a piped log program fails. Try to
046a9aca49bdc25bd57d75fd0dd34c021722f095Mark Andrews restart a piped log program in more failure situations. Fix an
f4e4111795ceb13066d09c38723afacb04e33ad4Mark Andrews existing problem with error handling in piped_log_spawn(). Use
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson new APR apr_proc_create() features to prevent Apache from starting
f4e4111795ceb13066d09c38723afacb04e33ad4Mark Andrews on Unix* in most cases where a piped log program can be started,
253ab81bf2760d3d7f68512b43710afc02d788daMark Andrews and add log messages for the other situations. *Other platforms
253ab81bf2760d3d7f68512b43710afc02d788daMark Andrews already failed Apache initialization if a piped log program
253ab81bf2760d3d7f68512b43710afc02d788daMark Andrews couldn't be started. PR 15761 [Jeff Trawick]
be171be1799e0ba8cdd35d4f67b772ff086d0d81Andreas Gustafsson *) Fix mod_cern_meta to not create empty metafiles when the
9f28451bca8377ef6c9ea3b0a49bf342c9fa6800Mark Andrews metafile searched for does not exist. PR 12353
9f28451bca8377ef6c9ea3b0a49bf342c9fa6800Mark Andrews [Owen Rees <owen_rees hp.com>]
af5dc286ff4b750deec50d1c006aae5fc38019c0Mark Andrews *) Introduce debugging symbols for Win32 release builds, both .pdb
af5dc286ff4b750deec50d1c006aae5fc38019c0Mark Andrews and .dbg files (older debuggers and Dr. Watson-type utilities
ef9f9001fca9445ef315b1e76a66fc84fef6fdc6Andreas Gustafsson on WinNT or Win9x don't support the newer .pdb flavor.)
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington [Allen Edwards, William Rowe]
ee303f481dfefcd4e4994f8b8b17f2de32aa4d69Brian Wellington *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
9b2a2a9016980fbed6b2025d365a8ae99897608cDavid Lawrence information (and more). Related to PR 9076. [André Malo]
9b2a2a9016980fbed6b2025d365a8ae99897608cDavid Lawrence *) mod_file_cache: fix segfault serving mmaped cached files.
86b8c485762daa54a96d033110f6f41ea96e5213David Lawrence [Bill Stoddard]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence *) mod_file_cache: fixed a segfault when multiple MMapFile directives
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence were used. PR 16313. [Cliff Woolley]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
2115bc7d6433c92499d8e4f67e1c1dfa42ecd6f0David Lawrence an incompatible pointer type to mmap_bucket_destroy(void*).
2115bc7d6433c92499d8e4f67e1c1dfa42ecd6f0David Lawrence [Gerard Eviston <geviston bigpond.net.au>]
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington *) Enable the -n name parameter on NetWare to allow the
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington administrator to rename the Apache console screen
02e38214502c3a946cdfe87e16525747617a1150Brian Wellington [Brad Nicholes]
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence support by default in APR. More development is required
f8da2d95835c5216570a45e9000f740321503ae3David Lawrence to deploy OTHER_CHILD on Win32. [William Rowe]
fdb2cda3ed366699d70aaf67ee5ae7fcd2ca7561David Lawrence *) Use saner default config values for suexec. PR 15713.
6094a7774954463e312f7266c8d4d3f26aa07d4aAndreas Gustafsson [Thom May <thom planetarytramp.net>]
8dc3d2006f679d0a291f7a20612c37e2a7146096Brian Wellington *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo]
a110543bb4d2e53caa40f83c2b45786a1efe63efAndreas Gustafsson *) apxs: Include any special APR ld flags when linking the DSO.
ef9f9001fca9445ef315b1e76a66fc84fef6fdc6Andreas Gustafsson This resolves problems on AIX when building a DSO with apxs+gcc.
bd5f2ac1880f5f2e96b291378c3dff296fc011f1Mark Andrews [Jeff Trawick]
24c5978e0b32137305c2bef2c6e116ee7680a610Andreas Gustafsson *) Added character set support to mod_auth_LDAP to allow it to
f0f61db621eed0c453e31bb85f6803c550e19a6bAndreas Gustafsson convert extended characters used in the user ID to UTF-8
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington before authenticating against the LDAP directory. The new
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington directive AuthLDAPCharsetConfig is used to specify the config
63612a0fe1abbeb8ab6d727a4cfe46831c481387Brian Wellington file that contains the character set conversion table.
9be0c3d823200bed1286cff6bddf2a8c639f5287Brian Wellington [Brad Nicholes]
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence *) Don't remove the Content-Length from responses in mod_proxy
125a916d1a0c01f139ced5736145703df28d07cfDavid Lawrence PR: 8677 [Brian Pane]
32bb863ea960caa650105b60dcd45e3db6840a6fAndreas Gustafsson *) Ensure LDAP version is set to v3 on every bind. PR 14235.
32bb863ea960caa650105b60dcd45e3db6840a6fAndreas Gustafsson [Sergey A. Lipnevich <sergeyli pisem.net>]
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington *) Fix mod_ldap to open an existing shared memory file should one
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington already exist. PR 12757. [Scooter Morris <scooter gene.com>,
736aab3076e9bec708cec073f5cf8e6c4b588886Brian Wellington Graham Leggett]
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
7cb10f77890fe36b14079c7beb848ec390a53e44Andreas Gustafsson *) Change the ulimit command used by apachectl on AIX so that it
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson works in all locales. [Jeff Trawick]
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson *) mod_ext_filter: Fix a problem building argument lists which
bb1cf189bb9fd9059cf13b785d15b0e50c0be8fbAndreas Gustafsson occasionally caused exec to fail. PR 15491. [Jeff Trawick]
f53848e17123569387b279578f0100dca5407da5Mark AndrewsChanges with Apache 2.0.44
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington from Apache 1.3. PR 14276
d46bf932ed5e1f58a4c424ce1ce7525963354482Brian Wellington [David Shane Holden <dpejesh yahoo.com>, William Rowe]
1599bd6998f54b2b34804d7332f543744368a586Mark Andrews *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
acc63b06d9e4e2137950dabddcccd17d8b336ca0Olafur Gudmundsson *) Reorder the definitions for mod_ldap and mod_auth_ldap within
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington config.m4 to make sure the parent mod_ldap is defined first.
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington This ensures that mod_ldap comes before mod_auth_ldap in the
c8fc692fa1445ccfc39b68902546cdfc7ee30d3eBrian Wellington httpd.conf file, which is necessary for mod_auth_ldap to load.
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson PR 14256 [Graham Leggett]
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson *) Fix the building of cgi command lines when the query string
f19771c55d7e7d5bb38160e710185e6e61749d16Andreas Gustafsson contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>,
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson implementation of MCacheMaxStreamingBuffer from mod_cache to
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
f1d427043e94371cdf1f21b3cbd65917adbcff25Andreas Gustafsson eliminate the need for explicitly coding MCacheMaxStreamingBuffer
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson in most configurations. [Bill Stoddard]
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson a redirect occurs. The code was passing a format string and
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson integer to apr_pstrcat. Changed to apr_psprintf.
6c29053a20f7614167bafa4388c666644a095349Andreas Gustafsson [Paul J. Reder]
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence as set by apr-util in util_ldap.c. This should allow mod_ldap
3d509f54ac6bbcc19de5aa6d1ce37e001821dc7bDavid Lawrence to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence <somme oslo.westerngeco.slb.com>, Graham Leggett]
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence *) Fix critical bug in new --enable-v4-mapped configure option
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence implementation which broke IPv4 listening sockets on some
a59ed6543bbc13e7c784d6badce7b757c2620e28David Lawrence systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence patterns [André Malo <nd perlig.de>]
91b191a90cae9b162b8c68a3b4820031e129b37bBrian Wellington *) Add version string to provider API. [Justin Erenkrantz]
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington *) build: './configure && make' now works without an in-tree
bf00f50cf43a43a999b5ab054cab652f7775dce6Brian Wellington apr and apr-util. [Wilfredo Sanchez]
253f774e358dba38742a484426a4cadf4f248817Brian Wellington *) mod_negotiation: Set the appropriate mime response headers
253f774e358dba38742a484426a4cadf4f248817Brian Wellington (Content-Type, charset, Content-Language and Content-Encoding)
253f774e358dba38742a484426a4cadf4f248817Brian Wellington for negotated type-map "Body:" responses (such as the error
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington pages.) [André Malo <nd perlig.de>]
2de31518c3da27092120b40fc373cecf600d64e6Brian Wellington *) mod_log_config: Allow '%%' escaping in CustomLog format
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson strings to insert a literal, single '%'.
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson [André Malo <nd perlig.de>]
4ae3a03bb7dbb050adddc051a5df6f3de057eb27Andreas Gustafsson *) mod_autoindex: AddDescription directives for directories
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson now work as in Apache 1.3, where no trailing '/' is
10e22ebcc3629be94d37bf408157e2c5ee5740e0Andreas Gustafsson specified on the directory name. Previously, the trailing
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington '/' *had* to be specified, which was incompatible with
2732332fe53d00592109ef69c0075fcc2ad09db9Brian Wellington Apache 1.3. PR 7990 [Jeff Trawick]
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer *) Fix for PR 14556. The expiry calculations in mod_cache were
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer trying to perform "now + ((date - lastmod) * factor)" where
8fa78d9ad5f5ab6c69d1d52b00b1ffcdf1bd5bebMichael Sawyer date == lastmod resulting in "now + 0". The code now follows
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence the else path (using the default expiration) if date is
e544b507b8019a62c5d2716281f6832519a8791dDavid Lawrence equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington default calling convention is not the same as the one used by
09de21079e902c7356d936ef4f2a31060b36e5f3Brian Wellington AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>]
ee4429e13e08f30c366cdc5d10585388b8a9f212Michael Sawyer *) mod_cache: Don't cache response header fields designated
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
b74896ead5671943135727b50d86d1040d7ffbf3David Lawrence *) mod_cgid: Handle environment variables containing newlines.
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
8aff41ca8ac8dbd9671f3da824406a8783db49d1Brian Wellington *) Move mod_ext_filter out of experimental and into filters.
c9d7e543d0da2996d1cc52d3c5920141df49a4ecBrian Wellington [Jeff Trawick]
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington *) Fixed a memory leak in mod_deflate with dynamic content.
6dbf9cbe6a39a00de910ef843b9f864abf68bc40Brian Wellington PR 14321 [Ken Franken <kfranken decisionmark.com>]
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington *) Add --[enable|disable]-v4-mapped configure option to control
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington whether or not Apache expects to handle IPv4 connections
833535ea78ec7a15376b862fd288ffd00f808666Brian Wellington on IPv6 listening sockets. Either setting will work on
17aac384e029f5dd3314876058c7501f4d84b90bBrian Wellington systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington must be used on systems that always allow IPv4 connections on
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
23f64ea0dcd7f5b7094ae6ade2a002fb7dde1466Brian Wellington [Jeff Trawick]
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson *) This fixes a problem where the underlying cache code
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson indicated that there was one more element on the cache
3c7ce471aa8a1a9c5bc0ca9e41f406bdc9f0b2aeAndreas Gustafsson than there actually was. This happened since element 0
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington exists but is not used. This code allocates the correct
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington number of useable elements and reports the number of
3562c9dc12f06eb964ccefd3291a012f4e6b1743Brian Wellington actually used elements. The previous code only allowed
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson MCacheMaxObjectCount-1 objects to be stored in the
f437f6ffae28f88334cf47ce8f948cbf40331ffaAndreas Gustafsson cache. [Paul J. Reder]
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington *) mod_setenvif: Add SERVER_ADDR special keyword to allow
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington envariable setting according to the server IP address
704d6eeab1d8d6a2aeb99c37fa5a97322d9340fcBrian Wellington which received the request. [Ken Coar]
ed8ba54e644957e0ebd51601552193275299ca8dAndreas Gustafsson *) mod_cgid: Terminate CGI scripts when the client connection
ed8ba54e644957e0ebd51601552193275299ca8dAndreas Gustafsson drops. PR 8388 [Jeff Trawick]
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson *) Rearrange OpenSSL engine initialization to support RAND
4d5c668a91c6e5a26653031dd137292bfc03da52Andreas Gustafsson redirection on crypto accelerator.
7789eb1345bef03773a2530dce7f2709cc50aa2aAndreas Gustafsson [Frederic DONNAT <frederic.donnat zencod.com>]
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson *) Always emit Vary header if mod_deflate is involved in the
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson request. [André Malo <nd perlig.de>]
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson *) mod_isapi: Stop unsetting the 'empty' query string result with
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson a NULL argument in ecb->lpszQueryString, eliminating segfaults
9c566a852f31c3a5d0b9d6eaf11463114339c01dAndreas Gustafsson for some ISAPI modules. PR 14399
4c08b67a5f01eda472a9dfee4c73dbbac49c0065Mark Andrews *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
4c08b67a5f01eda472a9dfee4c73dbbac49c0065Mark Andrews notification is received before the HttpExtensionProc() returns
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews HSE_STATUS_PENDING. This only affected isapi .dll's configured
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews with the ISAPIFakeAsync on directive. PR 11918
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson *) mod_isapi: Fix the issue where all results from mod_isapi would
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson run through the core die handler resulting in invalid responses
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson or access log entries. PR 10216 [William Rowe]
1addbb84718fdb7635459ed05f060be086e88f35Andreas Gustafsson *) Improves the user friendliness of the CacheRoot processing
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson over my last pass. This version avoids the pool allocations
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson but doesn't avoid all of the runtime checks. It no longer
d3be9a9c6ef76a5d7671b0962785ca025b153d2bAndreas Gustafsson terminates during post-config processing. An error is logged
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews once per worker, indicating that the CacheRoot needs to be set.
e9fce1415f8be4cd38d528950c92c481bd105254Mark Andrews [Paul J. Reder]
483958540f0034d543f0564beb7877326f15a45bMark Andrews *) Fix a bug where we keep files open until the end of a
483958540f0034d543f0564beb7877326f15a45bMark Andrews keepalive connection, which can result in:
59e1a928bc4253b91ead0f7c46be7d3984cb3016Bob Halley (24)Too many open files: file permissions deny server access
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson especially on threaded servers. [Greg Ames, Jeff Trawick]
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson *) Fix a bug in which mod_proxy sent an invalid Content-Length
90cd33e0baf23574a88a4c967afec8b95a1801deAndreas Gustafsson when a proxied URL was invoked as a server-side include within
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews a page generated in response to a form POST. [Brian Pane]
517950ae99fa271b034a5cfec1c9fbb62696f975Mark Andrews *) Added code to process min and max file size directives and to
f9870620b346ed267023dc98ee81adcfef2e16b7Andreas Gustafsson init the expirychk flag in mod_disk_cache. Added a clarifying
f9870620b346ed267023dc98ee81adcfef2e16b7Andreas Gustafsson comment to cache_util. [Paul J. Reder]
19ff7edc1a6388085193f5487e1599f45aa62648Mark Andrews *) The value emitted by ServerSignature now mimics the Server HTTP
19ff7edc1a6388085193f5487e1599f45aa62648Mark Andrews header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews *) Gracefully handly retry situations in the SSL input filter,
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews by following the SSL libraries' retry semantics.
8a0ff6c15cb20c903f9e16a3d5c2cab603478bc3Mark Andrews [William Rowe]
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson *) Terminate CGI scripts when the client connection drops. This
42928d936e79dbda7ea00bbcab6e5d8034a95bf8Andreas Gustafsson fix only applies to some normal paths in mod_cgi. mod_cgid
0c0619cc1983ff58e855c5159d8892e46dddac5eBrian Wellington is still busted. PR 8388 [Jeff Trawick]
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson *) Fix a bug where 416 "Range not satisfiable" was being
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson returned for content that should have been redirected.
c472ead4a932f93251eddaa41e120c3bfc4f95a4Andreas Gustafsson *) Fix memory leak in mod_ssl from internal SSL library allocations
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson within SSL_get_peer_certificate and X509_get_pubkey.
a6dbd6b6604e27ae3c7190de20dbcaaa6e5a1fd8Andreas Gustafsson Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) mod_ssl uses free() inappropriately in several places, to free
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley memory which has been previously allocated inside OpenSSL.
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley Such memory should be freed with OPENSSL_free(), not with free().
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley [Nadav Har'El <nyh math.technion.ac.il>,
383665e42ad838046472e847b16c4e0d3f1aaf76Bob Halley Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley *) Emit a message to the error log when we return 404 because
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley the URI contained '%2f'. (This was previously nastily silent
6b5a6fbe1cc0ceb7e2b516aaada596b79360a5b8Bob Halley and difficult to debug.) [Ken Coar]
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson *) Fix streaming output from an nph- CGI script. CGI:IRC now
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson works. PR 8482 [Jeff Trawick]
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson *) More accurate logging of bytes sent in mod_logio when
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson the client terminates the connection before the response
ba6fd2580863759baedd9c47153602b19006a324Andreas Gustafsson is completely sent [Bojan Smojver <bojan rexursive.com>]
86a4d80e0624a10b1824d25018246e1ea63f55d2Andreas Gustafsson *) Fix some problems in the perchild MPM.
850d70818503ca1b0f98c9c70b16b51e789fd705Andreas Gustafsson [Jonas Eriksson <jonas webkonsulterna.com>]
dd16d9d9e77c2d906ee5ffa3dd9f71cacfbcb081Brian Wellington *) Change the CacheRoot processing to check for a required
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson value at config time. This saves a lot of wasted processing
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson if the mod_disk_cache module is loaded but no CacheRoot
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson was provided. This fix also adds code to log an error
d3a86da2e8f09e2c3f55721aae537b9cacc7e537Andreas Gustafsson and avoid useless pallocs and procesing when the computed
850d70818503ca1b0f98c9c70b16b51e789fd705Andreas Gustafsson cache file name cannot be opened. This also updates the
850d70818503ca1b0f98c9c70b16b51e789fd705Andreas Gustafsson docs accordingly. [Paul J. Reder]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence *) Introduce the EnableSendfile directive, allowing users of NFS
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence shares to disable sendfile mechanics when they either fail
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence outright or provide intermitantly corrupted data. PR
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence [William Rowe]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence *) Resolve the error "An operation was attempted on something
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence that is not a socket. : winnt_accept: AcceptEx failed.
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence Attempting to recover." for users of various firewall and
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence anti-virus software on Windows. PR 8325 [William Rowe]
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence *) Add the ProxyBadHeader directive, which gives the admin some
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence control on how mod_proxy should handle bogus HTTP headers from
3c82f274bd880a33fdaf211af4fe8f6b3d6ca556David Lawrence proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson desired. [Jim Jagielski]
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington *) Change the LDAP modules to export their symbols correctly
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington during a Windows build. Add dsp files for Windows. Update
78d78f05d91205cbde33ca87d24b8d13aa2d8d66Brian Wellington README.ldap file for Windows build instructions.
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson *) Performance improvements for the code that generates HTTP
5afc10d6d8278c9ab34b9f6c82ef7bb3bfefd0efAndreas Gustafsson response headers [Brian Pane]
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington *) Add -S as a synonym for -t -DDUMP_VHOSTS.
3f01dde0bd24561fc3a6c2f7e259a58af4457a86Brian Wellington [Thom May <thom planetarytramp.net>]
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson *) Fix a bug with dbm rewrite maps which caused the wrong value to
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson be used when the key was not found in the dbm. PR 13204
626b221f7113479a0709f0bb0a8193c0ab0dcf84Andreas Gustafsson [Jeff Trawick]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) Fix a problem with streaming script output and mod_cgid.
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas Gustafsson [Jeff Trawick]
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson *) Add ap_register_provider/ap_lookup_provider API.
ebfcb6cf66283096ebda1503b6cc042ce86b6bedBrian Wellington [John K. Sterling <john sterls.com>, Justin Erenkrantz]
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas GustafssonChanges with Apache 2.0.43
c379c1bddb2d84c9219ab6c394b33aa866b9f3bfAndreas Gustafsson *) SECURITY: CVE-2002-0840 (cve.mitre.org)
066faef1195d539f575816ccab87ff3e85b1b13eBrian Wellington HTML-escape the address produced by ap_server_signature() against
dffdc24ffd76ef3d8c8141671e89fb39428fef06Brian Wellington this cross-site scripting vulnerability exposed by the directive
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews 'UseCanonicalName Off'. Also HTML-escape the SERVER_NAME
17442ccc2b2e9c3b3bfc337f0fdfad6186fbb123Mark Andrews environment variable for CGI and SSI requests. It's safe to
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer escape as only the '<', '>', and '&' characters are affected,
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer which won't appear in a valid hostname. Reported by Matthew
61b0df9eb522f13aef13cc2704728e799cbc251aMichael Sawyer Murphy <mattmurphy kc.rr.com>. [Brian Pane]
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer *) Fix a core dump in mod_cache when it attemtped to store uncopyable
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer buckets. This happened, for instance, when a file to be cached
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer contained SSI tags to execute a CGI script (passed as a pipe
369bb68c2c7709c7fd8b0d6c1d1f8abc6422a7e2Michael Sawyer bucket). [Paul J. Reder]
3dcb97b199693012d12e978b8f577a339e434361Andreas Gustafsson *) Ensure that output already available is flushed to the network
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson when the content-length filter realizes that no new output will
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson be available for a while. This helps some streaming CGIs as
a3e41e3c03a32b00fc243fce538a39ddc7237885Andreas Gustafsson well as some other dynamically-generated content. [Jeff Trawick]
4ec1a96d90784f70380bdec66f8a0bd6718a5b71Mark Andrews *) Fix a mutex problem in mod_ssl session cache support which
fa3cbea8bfba19d1c11f9a6ad20f40a2c15377f0Brian Wellington could lead to an infinite loop. PR 12705
fa3cbea8bfba19d1c11f9a6ad20f40a2c15377f0Brian Wellington [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
0fc89c4ee660e825ac66774f2d4912cfc396386aMark Andrews *) SECURITY: CVE-2002-1156 (cve.mitre.org)
e21d199dca95aff5d50f133d6b064309e209af00Brian Wellington Fix the exposure of CGI source when a POST request is sent to
e21d199dca95aff5d50f133d6b064309e209af00Brian Wellington a location where both DAV and CGI are enabled. [Ryan Bloom]
c03298d879554fc5dc197c28fd4b686e0d880ee3Mark Andrews *) Allow the UserDir directive to accept a list of directories.
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews This matches what Apache 1.3 does. Also add documentation for
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews this feature. [Jay Ball <jay veggiespam.com>]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews *) New Module: mod_logio. adds the ability to log bytes sent and
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews received. [Bojan Smojver <bojan rexursive.com>]
04c22ceaf2d3812eaab69d79958d0e0d62048cd2Mark Andrews *) SuExec needs to use the same default directory as the rest of
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence [SangBeom han <sbhan os.korea.ac.kr>]
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence *) Make sure the contents of the WWW-Authenticate header is
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews passed on a 4xx error by proxy. Previously all headers
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews were dropped, resulting in the browser being unable to
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
7789eb1345bef03773a2530dce7f2709cc50aa2aAndreas Gustafsson Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
b65f2ab14abb4b6ef906d7d02064fba158f07b1eDavid Lawrence <gwiseman fscinternet.com>, David Henderson
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews *) Make mod_cache's CacheMaxStreamingBuffer directive work
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews properly for virtual hosts that override server-wide mod_cache
389c749a5ee18f1c0d6278ae49f2aae5d5f0d2dcMark Andrews setttings. [Matthieu Estrade <estrade-m ifrance.com>]
09671f9551077f9eae8c41619b61272cb9821100Andreas Gustafsson *) Add -p option to apxs to allow programs to be compiled with apxs.
72fa265baa3d138b43427bcb5c0838740f807045Mark Andrews [Justin Erenkrantz]
a5aca6df165c601d755b8c5f5727048078bf0db5Andreas GustafssonChanges with Apache 2.0.42
4b6d5b2312d1482cc406fe58fa3269dd7a915b3fMark Andrews *) SECURITY: CAN-2002-1593 (cve.mitre.org) [CERT VU#406121]
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews mod_dav: Check for versioning hooks before using them.
29c818c7d40fc8898b062903ec703851328a4deaMark Andrews [Greg Stein]
b1cde6bf3a8e3a77eb77caf97df0d7ec5c8450dfBrian WellingtonChanges with Apache 2.0.41
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews *) The protocol version (eg: HTTP/1.1) in the request line parsing
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews is now case insensitive. [Jim Jagielski]
f8abaa0fae7f75d9601c10b6a4af8dd907494d45Mark Andrews *) Allow AddOutputFilterByType to add multiple filters per directive.
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson [Justin Erenkrantz]
37d1c8ee546ae89720c3e17e57ee3a05e9cdc7b9Brian Wellington *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson *) Fixed mod_disk_cache's generation of 304s
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson *) Add support for using fnmatch patterns in the final path
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson segment of an Include statement (eg.. include /foo/bar/*.conf).
28b7844ee93231da831ba3c090e1677bb1be5f18Andreas Gustafsson and remove the noise on stderr during config dir processing.
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington [Joe Orton <jorton redhat.com>]
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington *) mod_cache: cache_storage.c. Add the hostname and any request
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington args to the key generated for caching. This provides a unique
78db9e8f4b686fde6dfa0ec85a68c06cc9d4bf28Brian Wellington key for each virtual host and for each request with unique
b20ee662a7c847c9ef7b96ab9e5e34543efe5c0dMark Andrews args. [Paul J. Reder, args code provided by Kris Verbeeck]
b20ee662a7c847c9ef7b96ab9e5e34543efe5c0dMark Andrews *) mod_cache: Do not cache responses to GET requests with query
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson URLs if the origin server does not explicitly provide an
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson Expires header on the response (RFC 2616 Section 13.9)
450995b90c8cb66d82c2377d4f9bd9812a132c30Andreas Gustafsson [Kris Verbeeck <krisv be.ubizen.com>]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence *) Update OpenSSL detection to work on Darwin.
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence [Sander Temme <sctemme covalent.net>]
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence *) Update the xslt and css to give the documentation a more
190fbe9738bd0c1b9b13732bb8bd56b2b7c71640David Lawrence modern style.
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington *) Fix some bucket memory leaks in the chunking code
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley [Joe Schaefer <joe+apache sunstarsys.com>]
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley *) mod_cache: added support for caching streamed responses (proxy,
c40085afa75a5eae732ec1198384dd5cb24400b6Bob Halley CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
7b438bdb9b821f9f1c96443762072e137716048dBrian Wellington [Ian Holsman, Peter Bieringer <pb bieringer.de>]
86c270cbb24117976d6cd3098c3010e067915c24Andreas Gustafsson *) Fix FileETags none operation. PR 12207.
86c270cbb24117976d6cd3098c3010e067915c24Andreas Gustafsson [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews *) Restored the experimental leader/followers MPM to working
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews condition and converted its thread synchronization from
b38ebe307cb2411535c79afd441870a99cc50eddMark Andrews mutexes to atomic CAS. [Brian Pane]
8217f91f8d2dd6e94a2bf893284506ea47cd294aAndreas Gustafsson *) Fix Logic on non-html file removal in mod_deflate
588b63e1a86fb707172830e14897da624ed380edMark Andrews *) Fix "ab -g"'s truncated year: the last digit was cut off.
588b63e1a86fb707172830e14897da624ed380edMark Andrews [Leon Brocard <acme astray.com>]
bb17aa91c14de959b191a200df61afb6a68f110fBrian Wellington *) mod_rewrite can now sets cookies in err_headers, uses the correct
bb17aa91c14de959b191a200df61afb6a68f110fBrian Wellington expiry date, and can now set the path as well
452d75b18f9d050086964fa39c326cf388517396Mark Andrews PR 12132,12181,12172.
452d75b18f9d050086964fa39c326cf388517396Mark Andrews [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
2b4db0b6d4b5a0307cecbafdd1d34d6f61b7dbadMark Andrews *) The content-length filter no longer tries to buffer up
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington the entire output of a long-running request before sending
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington anything to the client. [Brian Pane]
6850cdd4497424c9d42ade487edfde9fb9a47de9Brian Wellington *) Win32: Lower the default stack size from 1MB to 256K. This will
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews allow around 8000 threads to be started per child process.
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews 'EDITBIN /STACK:size apache.exe' can be used to change this
2a37aa188c2297e0c0856c3e5740c43dd426a432Mark Andrews value directly in the apache.exe executable.
6c87cf19970a9eef43c1e38227cd23b3a2f6151aMark Andrews [Bill Stoddard]
7869b99dc815e3b863351b8095d1b71b3f583541Brian Wellington *) Win32: Implement ThreadLimit directive in the Windows MPM.
7869b99dc815e3b863351b8095d1b71b3f583541Brian Wellington [Bill Stoddard]
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews *) Remove CacheOn config directive since it is set but never checked.
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews No sense wasting cycles on unused code. Besides, the only truly
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews bug free code is deleted code. :) [Paul J. Reder]
df1e829dde71ab960545453e4ae439ae601d5a9eMark Andrews *) BufferLogs are now run-time enabled, and the log_config now has 2 new
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer callbacks to allow a 3rd party module to actually do the writing of the
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer log file [Ian Holsman]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson [André Malo, Astrid Keßler <kess kess-net.de>]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer *) Fix a null pointer dereference in the merge_env_dir_configs
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer function of the mod_env module. PR 11791
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer [Paul J. Reder]
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer *) New option to ServerTokens 'maj[or]'. Only show the major version
fb04db11ee6aad3ac3e023ab89b5f9d8a4d5674dMichael Sawyer Also Surfaced this directive in the standard config (default FULL)
e65fe7af00935a0a81d4b0b0ed51c7f6c89f5c3bAndreas Gustafsson *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson RewriteMap directive. PR 10644 [Jeff Trawick]
4bb3a1a63d7943564f30bf9efd312283141439a2Andreas Gustafsson *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson pairs will no longer get out of sync with each other. PR 9534
e2b52099918681498136fc82df192d256cc3cdd3Brian Wellington [Cliff Woolley]
389ec663f262cc219e986d6600eec9707ef2cb24Brian Wellington *) Fixes required to get quoted and escaped command args working in
e549eb1242b69ee050440e7205a5633cb56199b3Mark Andrews mod_ext_filter. PR 11793 [Paul J. Reder]
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews *) mod-proxy: handle proxied responses with no status lines
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews *) Fix bug where environment or command line arguments containing
88cef4408ab6b4c48702ed1b3ae27e20f485d864Mark Andrews non-ASCII-7 characters would cause the Win32 child process creation
fce9a9550e8e7a6dff4093d4815ec41fae2d7b55Mark Andrews to fail. PR 11854 [William Rowe]
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson *) Bug #11213.. make module loading error messages more informative
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson [Ian Darwin <Ian779 darwinsys.com>]
693ddf84daa745a0ea8ca311a8154dfa03eabc43Andreas Gustafsson *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson *) mod_disk_cache works much better. This module should still
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson be considered experimental. [Eric Prud'hommeaux]
ff7e6f2791cc5ad7c5f401a184b88343fde5ec3cAndreas Gustafsson *) Performance improvement for keepalive requests: when setting
2bebe117bf96d7e24df4d703d6488d61a5179bcaMark Andrews aside a small file for potential concatenation with the next
2bebe117bf96d7e24df4d703d6488d61a5179bcaMark Andrews response on the connection, set aside the file descriptor rather
4da10bce4bf64b574b59aa4fb5be0f237d0d41edBrian Wellington than copying the file into the heap. [Brian Pane]
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington *) Modified version check on openssl so that it finds the executable
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington first and then performs a check of the version, only warning the
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer user if they chose, or we selected, an old version of OpenSSL.
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer This change also allows the code to work for non-openssl libraries
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer selected via the --with-ssl=dir option, which can override the
16ea60d0dbbaf1206f4800cb16744ef568fd7be8Michael Sawyer automated library check in any case. [Roy Fielding]
85b23709431b1a84924fe2844f5cf657d1689eefMichael SawyerChanges with Apache 2.0.40
85b23709431b1a84924fe2844f5cf657d1689eefMichael Sawyer *) SECURITY: CAN-2002-0661 (cve.mitre.org)
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson Close a very significant security hole that
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson applies only to the Win32, OS2 and Netware platforms. Unix was not
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson affected, Cygwin may be affected. Certain URIs will bypass security
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson and allow users to invoke or access any file depending on the system
d15f51c600ed29b2dc379c433fb226c3a13ac0bbAndreas Gustafsson configuration. Without upgrading, a single .conf change will close
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson the vulnerability. Add the following directive in the global server
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson httpd.conf context before any other Alias or Redirect directives;
aa2c453d3c6e416b56b29247bedd9a0af2721e93Mark Andrews RedirectMatch 400 "\\\.\."
e412ae947df6de858883564b8676a9650df70d9aMark Andrews Reported by Auriemma Luigi <bugtest sitoverde.com>.
e412ae947df6de858883564b8676a9650df70d9aMark Andrews [Brad Nicholes]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson *) SECURITY: CAN-2002-0654 (cve.mitre.org)
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews Close a path-revealing exposure in multiview type
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews map negotiation (such as the default error documents) where the
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews module would report the full path of the typemapped .var file when
07a926724c0a91d85b85a94441938d0094e88cffMark Andrews multiple documents or no documents could be served based on the mime
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
90023730de34721b8cd8f3b5d059a28b7a65cf04Andreas Gustafsson [William Rowe]
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson *) SECURITY: CAN-2002-0654 (cve.mitre.org)
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson Close a path-revealing exposure in cgi/cgid when we
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson fail to invoke a script. The modules would report "couldn't create
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson child process /path-to-script/script.pl" revealing the full path
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson of the script. Reported by Jim Race <jrace qualys.com>.
280747fa7c1d4597d47f7be8ec5fb7c8980c1952Andreas Gustafsson [Bill Stoddard]
0e07026a21dfcaf57dc789e7ece20182dc36029cMark Andrews *) Set aside the apr-iconv and apr_xlate() features for the Win32
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson build of 2.0.40 so development can be completed. A patch, from
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson will be available for those that wish to work with apr-iconv.
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson [William Rowe]
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson *) Fix proxy so that it is possible to access ftp: URLs via a proxy
337ca1838428c52bca3c72288342ce3dee550a04Andreas Gustafsson chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson set to 1, so we can exclude things from the general case with
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
6b0ce7d29fac9df84ed34aa2d4634e754aec750dAndreas Gustafsson *) Accept multiple leading /'s for requests within the DocumentRoot.
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson *) Solved the reports of .pdf byterange failures on Win32 alone.
27d725f2b0f8d176d4625dc8b2ed71269b25c9a7Andreas Gustafsson APR's sendfile for the win32 platform collapses header and trailer
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson buffers into a single buffer. However, we destroyed the pointers
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson to the header buffer if a trailer buffer was present. PR 10781
c89ac488df58cf6a37918cd00236eedf015830f8Andreas Gustafsson [William Rowe]
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington *) mod_ext_filter: Add the ability to enable or disable a filter via
46a7e707fee6d7ba6ca6dae200ff6e0230f4d2f1Brian Wellington an environment variable. Add the ability to register a filter of
eb059776a206e9be778de0f196a0304b558a779cAndreas Gustafsson type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
9d3ef72b37c7d23ce3aaaaa5cd0434b4e5ed5c12Mark Andrews *) Restore the ability to specify host names on Listen directives.
a7c76f1924d5fc914c579fd3b0276ffbddd2f65aMark Andrews PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews *) When deciding on the default address family for listening sockets,
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews make sure we can actually bind to an AF_INET6 socket before
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews deciding that we should default to AF_INET6. This fixes a startup
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews *) Replace usage of atol() to parse strings when we might want a
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews larger-than-long value with apr_atoll(), which returns long long.
c50a002bd1e36d13e95d74b43ed4a2b5d6fdcec3Mark Andrews This allows HTTPD to deal with larger files correctly.
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence [Shantonu Sen <ssen apple.com>]
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson *) mod_ext_filter: Ignore any content-type parameters when checking if
566155f16e43fe5f1550456e534b31b0cc36d243David Lawrence the response should be filtered. Previously, "intype=text/html"
051beeafa6547440da17985665b31952b85ede56Brian Wellington wouldn't match something like "text/html;charset=8859_1".
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson [Jeff Trawick]
07a46d6dca37ef96b6e9c1fc0c2789983d91819cAndreas Gustafsson *) mod_ext_filter: Set up environment variables for external programs.
cd73a1c823bc9feea603803a96a9e5f5da8bf33dMichael Sawyer [Craig Sebenik <craig netapp.com>]
6d85ebc2d2ccbb8ef01c3ac1659686d3c2be0377Brian Wellington *) Modified the HTTP_IN filter to immediately append the EOS (end of
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson stream) bucket for C-L POST bodies, saving a roundtrip and allowing
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson the caller to determine that no content remains without prefetching
4a0b04961653b4153402dabd71dfd8474b6c230dAndreas Gustafsson additional POST body. [William Rowe]
98b8d49c0c0bbace27966eed5811bc81255ce297Brian Wellington *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
cc7420cb3b8eb2c48a00384784701bfee37cc96fAndreas Gustafsson *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
3291587f23b940c986f41cf37b2e531f618ec2bdMichael Sawyer *) Changes to the internationalized error documents:
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson Comment them out in the default config file to make the default
a94948ad5b3b258ce9503b7322bdf82c0baabcabAndreas Gustafsson install as simple as possible; Correct the english 500 error to
abb38b673379d6dae7cbb495f814d73a4afe5c8bAndreas Gustafsson be more understandable; Add a Swedish translation.
3291587f23b940c986f41cf37b2e531f618ec2bdMichael Sawyer [Thomas Sjogren <thomas northernsecurity.net>,
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews *) Increase the limit on file descriptors per process in apachectl.
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews *) Fix a dependency error when building ApacheMonitor, so that Win32
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews and MSVC now trust that the project is current (when it is).
2868291ab5d4deba4d61c110f92dc397807702c7Mark Andrews [James Cox <imajes php.net>]
be1d71fd17c92b0acee36ba43ebe4daa498e8014Mark Andrews *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
b374727d513049b4bfcb9eb021002595fe6a7c63Mark Andrews [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson *) APR-Util Renames pending have been completed [Thom May]
8e732de92e9814e3fa54e36d2154939ea6086b16Andreas Gustafsson *) Performance improvements for the code that reads request
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson headers (ap_rgetline_core() and related functions) [Brian Pane]
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
afd2f40b3cff8c3c307155bdc27e5b60e9115545Andreas Gustafsson to configure the maximum amount of memory the allocators will
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews hold on to for reuse. Anything over the MaxMemFree threshold
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews will be free()d. This directive is useful when uncommon large
c605f30cd7d540243509c86cf31b01bdd4fe19feMark Andrews peaks occur in memory usage. It should _not_ be used to mask
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley defective modules' memory use. [Sander Striker]
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley scripts would not result in a truncated response.
3302ed8d6eaef8f598338f5682477c5f6acd583cBob Halley [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer *) Add a filter_init parameter to the filter registration functions
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson so that a filter can execute arbitrary code before the handlers
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson are invoked. This resolves a problem where mod_include requests
d03bffc40e68ddb63d278946fd9f7f1ad784f5bcMichael Sawyer would incorrectly return a 304. [Justin Erenkrantz]
91ac60fe11b3ebd095c5fed0db343b2c9a97e646Mark Andrews *) Fix a long-standing bug in 2.0, CGI scripts were being called
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley with relative paths instead of absolute paths. Apache 1.3 used
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley absolute paths for everything except for SuExec, this brings back
83d2840b6f1a5ec898e441be148ddd3211f11583Bob Halley that standard. [Ryan Bloom]
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff *) Fix infinite loop due to two HTTP_IN filters being present for
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff internally redirected requests. PR 10146. [Justin Erenkrantz]
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
42e31e6ef7689e0c0569a1f9a5c250d73870b073Michael Graff [Justin Erenkrantz]
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson *) Fix mod_ext_filter to look in the main server for filter definitions
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson when running in a vhost if the filter definition is not found in
a405a53d536521e6c93f47485aacd7c1a1ffb29eAndreas Gustafsson the vhost. PR 10147 [Jeff Trawick]
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson *) Support WinNT CGI invocation through ScriptInterpreterSource
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson 'registry' for script interpreter paths and names with non-ascii
53df51bf458da9b04074b6b62b5639c926a751e4Andreas Gustafsson characters in the executable filepath. [William Rowe]
ba43c53451d5c38765f376eeede457178b36951aBob Halley *) Support the -w flag on to keep the Win32 console open on error.
ba43c53451d5c38765f376eeede457178b36951aBob Halley [William Rowe]
b9dead30b1806bcfcca9a47dfa3f5078c6377910Mark Andrews *) Normalize the hostname value in the request_rec to all-lowercase
056141f2878d1046306ef0ba035263a00de57f98Mark Andrews [Perry Harrington <pedward webcom.com>]
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
5126112bc3639b9dae5726c3148d6699d277e789Mark Andrews extended characters (non US-ASCII) in non-utf8 format. This brings
668278867ba063995988507b6b28724ebb9f9391Mark Andrews Win32 back into CGI/1.1 compliance, and leaves charset decoding up
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff to the cgi application itself. [William Rowe]
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson modules to bring them up to the current apr/apr-util APIs.
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson [William Rowe]
72c815ed1780b9039b9ad0d31faf68b3b5c05637Andreas Gustafsson *) Fix segfault in mod_mem_cache most frequently observed when
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson serving the same file to multiple clients on an MP machine.
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson [Bill Stoddard]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain])
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson *) Fix perchild to work with apachectl by adding -k support to perchild.
b7e031d5173476224027407d8e23eaa7557fc396Andreas Gustafsson PR 10074 [Jeff Trawick]
7ec4367f3d578170a9495ff3c851b248c1656f08Andreas Gustafsson *) Fix a silly htpasswd.c logic error that incorrectly reported that
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson both -c and -n had been used. PR 9989 [Cliff Woolley]
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson *) Fixed a mod_include error case in which no HTTP response was sent
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson to the client if an shtml document contained an unterminated SSI
2c9c7c5bb5975a18925c30aeb33a26094902f1c1Andreas Gustafsson directive [Brian Pane]
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson *) Improve ap_get_client_block implementation by using APR-util brigade
94361d586755d4de09b717782f7002e9dd282c89Andreas Gustafsson helper functions and relying on current filter assumptions.
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff [Justin Erenkrantz]
4440f995911810aaa98d8985ac1a8192095879f2Michael GraffChanges with Apache 2.0.39
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff *) Fixed a build problem in htpasswd.c on Win32.
4440f995911810aaa98d8985ac1a8192095879f2Michael Graff [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
4440f995911810aaa98d8985ac1a8192095879f2Michael GraffChanges with Apache 2.0.38
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington *) Rewrite htpasswd to use APR. The removes the annoying warning about
abaec24086f0cc3d7c0994ca9d2247b40eb6aaedBrian Wellington tmpnam being unsafe. [Ryan Bloom]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson *) We must set the MIME-type for .shtml files to text/html if we want them
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley to be parsed for SSI tags. Add the config for that to the default
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley config file so that it is easier to enable .shtml parsing.
3ad16d4c3a5029662d4ec804f7644739d011d03dBob Halley [Dave Dyer <ddyer real-me.net>]
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington *) Fixed a problem with 'make install' on ReliantUnix.
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
32b2cdf212de957e3f9b0efca59f098ed4fb42deBrian Wellington *) Make the default_handler catch all requests that aren't served by
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson another handler. This also gets us to return a 404 if a directory
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson is requested, there is no DirectoryIndex, and mod_autoindex isn't
b42a7e9d80e293a5104d9de6ddabd29676918aa5Andreas Gustafsson loaded. [Justin Erenkrantz]
3113e4dac81fa7b9f0ee5d663d54fbb8ed92738dBob Halley *) Fixed the handling of nested if-statements in shtml files.
3113e4dac81fa7b9f0ee5d663d54fbb8ed92738dBob Halley PR 9866 [Brian Pane]
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff *) Allow 'make install DESTDIR=/path'. This allows packagers to install
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff into a directory different from the one that was configured. This
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff also mirrors the root= feature from 1.3. We cannot use prefix=,
8cf8a04209c3b6c8d4f0936f1dce06b629605c81Michael Graff because both APR and APR-util resolve their installation paths at
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian Wellington configuration time. This means that there is no variable prefix
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson to replace. [Andreas Hasenack <andreas netbank.com.br>]
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
1fc26319b5d69d19a7a31c8d0ab1afc2beef0c41Andreas Gustafsson These levels of AIX don't have a thundering herd problem with
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff accept(). [Jeff Trawick]
cef18335b7f37bf02bc9e9f2c8750a3a9dcd718aAndreas Gustafsson *) prefork MPM: Ignore mutex errors during graceful restart. For
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff certain types of mutexes (particularly SysV semaphores), we
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff should expect to occasionally fail to obtain or release the
7da0286b540515c82ea83163d6cba59a64fa3eddMichael Graff mutex during restart processing. [Jeff Trawick]
c4ec2c3190175705df255aa3d5e842a96137a5a1Andreas Gustafsson *) Fix install-bindist.sh so that it finds any perl instead of just
8529c3cdc6abdf3514cb0127313a976bbc3b3936Andreas Gustafsson early perl 5.x versions. This is consistent with a build/install
8529c3cdc6abdf3514cb0127313a976bbc3b3936Andreas Gustafsson from source, and it allows the perl scripts installed by a bindist
87ecd67dae468cf5c9bae213c6fa321449b2ebc2Andreas Gustafsson to work on systems with perl 5.6. [Jeff Trawick]
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson Tru64 (and probably some other platforms). [Jeff Trawick]
f38a84ce830efefe48838425ab281e0ae2a91d0eAndreas Gustafsson *) Allow CGI scripts to return their Content-Length. This also fixes a
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington hang on HEAD requests seen on certain platforms (such as FreeBSD).
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington [Justin Erenkrantz]
1b32bc7da1da9059abd68d6dd15b23e8a442afa3Brian Wellington *) Added log rotation based on file size to the RotateLog support
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson utility. [Brad Nicholes]
0d00f4bb92090ff64d49ae803a2e75b3f299f547Andreas Gustafsson *) Fix some casting in mod_rewrite which broke random maps.
4187398298c1916f409b44e0457f60e551f5ea1bAndreas Gustafsson PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
4b809ba3464c9fb6bb08e9153b9286a8f8a37b01Brian WellingtonChanges with Apache 2.0.37
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson *) allow POST method over SSL when per-directory client cert
a69cebac84ec223b908e056678fa7c1181785b20Andreas Gustafsson authentication is used with 'SSLOptions +OptRenegotiate' enabled
d9ec31a329a14588127b0a15618dec53ca41c73eAndreas Gustafsson and a client cert was found in the ssl session cache.
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
e5d0f6d61e2349e1512c40922305b28c69cb4d3fBrian Wellington session cache when there is no cert chain in the cache. prior to
e5d0f6d61e2349e1512c40922305b28c69cb4d3fBrian Wellington the fix this situation would result in a FORBIDDEN response and
37a8fbab3a1fe6d513b767118cba7515152c2b9bBrian Wellington error message "Cannot find peer certificate chain"
37a8fbab3a1fe6d513b767118cba7515152c2b9bBrian Wellington [Doug MacEachern]
a38f86ea5bb9f924b5912d8444862000a1323082Andreas Gustafsson *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
a38f86ea5bb9f924b5912d8444862000a1323082Andreas Gustafsson one was already sent. PR 9644 [Jeff Trawick]
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson *) Fix the display of the default name for the mime types config
7d8d82cee0910a0252e1c37bace732e996789772Andreas Gustafsson file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
cdc2d4a065b6b1a00f0b07aae94bc7cb380d15bcAndreas Gustafsson *) Fix the working directory *for WinNT/2K/XP services only* to
ec4060d3104e8bec28406232eb7338c81bb1b1c1Mark Andrews change to the Apache directory (one level above the location
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson of Apache.exe, in the case that Apache.exe resides in bin/.)
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson Solves the case of ServerRoot /foo paths where /foo was not
2c7097eac0aed3b0b3387082cb783db64f2d7765Andreas Gustafsson on the same drive as /winnt/system32. [William Rowe]
d70e2f3652fcbcfb2cfa0781a71e2bd2396871f3Andreas Gustafsson *) Make 2.0's "AcceptMutex" startup message now "completely"
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson match how 1.3 does it. [Jim Jagielski]
9139e153da3ffa88457d3e035e2f0132c63a4a71Andreas Gustafsson *) Implement a fixed size memory cache using a priority queue
30e6ea9dedbe0738f9729833b1b59042dbebc4dfBrian Wellington [Ian Holsman]
1aae88078f409b39c24e2313ffdd767ed29ac787Brian Wellington *) Fix apxs to allow "apxs -q installbuilddir" and to allow
1aae88078f409b39c24e2313ffdd767ed29ac787Brian Wellington querying certain other variables from config_vars.mk. PR 9316
17a28c1f02c5093b207a3b64201aa9e71df78ebaAndreas Gustafsson [Jeff Trawick]
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson *) Added the "detached" attribute to the cgi_exec_info_t internals
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson so that Win32 and Netware won't create a new window or console
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson for each CGI invoked. PR 8387
b5232b135db580a2c16666e74a82f11130e0731fAndreas Gustafsson [Brad Nicholes, William Rowe]
87075c90f668f4c2f7a709a6bd32bb8e013ae73dBrian Wellington *) Consolidated the command line parameters and attributes that are
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington manipulated by the optional function ap_cgi_build_command() in
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington mod_cgi into a single structure.
cea88d887559f209ae9d993e0a8fb58d03f60e77Brian Wellington [Brad Nicholes]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson *) Get rid of uninitialized value errors with "apxs -q" on certain
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson variables. [Stas Bekman <stas stason.org>]
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson *) Fix apxs to allow it to work when the build directory is somewhere
a7705f38e91cc6afaba0426f6b452c9ae5a4efeaAndreas Gustafsson [Jeff Trawick and a host of others]
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson *) Allow ap_discard_request_body to be called multiple times in the
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson same request. Essentially, ap_http_filter keeps track of whether
735fb4ffa6a76413f85101d7d625a4776d6ee6cdAndreas Gustafsson it has sent an EOS bucket up the stack, if so, it will only ever
e1368a7770744cbeadcdc27967f855196988eceaAndreas Gustafsson send an EOS bucket for this request.
e1368a7770744cbeadcdc27967f855196988eceaAndreas Gustafsson [Ryan Bloom, Justin Erenkrantz, Greg Stein]
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson *) Remove all special mod_ssl URIs. This also fixes the bug where
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson redirecting (.*) will allow an SSL protected page to be viewed
a3365e361f0066609d250005e2b1082cb2ba35fdAndreas Gustafsson without SSL. [Ryan Bloom]
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson *) Fix the binary build install script so that the build logic
e32394a2ac3466a2235f79ee32c247a11be42a8dAndreas Gustafsson created by "apxs -g" will work when the user has a binary
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews build. [Jeff Trawick]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews *) Allow instdso.sh to work with full paths to the shared module.
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews [Justin Erenkrantz]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews *) NetWare: Enabled CGI functionality and added mod_cgi as a built
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews in module for NetWare [Brad Nicholes]
031f9084fc1ca8b258c151f428677e7226556ad0Mark Andrews *) Changed cgi and piped log behavior to accept 65536 characters
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews on Win32 (matching Linux) before deadlocking between outputing
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews client stdin, slurping the output from stdout and then the stderr
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews stream. PR 8179 [William Rowe]
44215b932d4f0ce5257d794cb6f76b9282455eb1Mark Andrews *) Fixed Win32 wintty.exe support to assure the window title is valid.
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson Elimiates possible gpfault or garbage title without the -t option.
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson [William Rowe]
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
405ffb1f0d2c12d199f85f03973d1a02ac12e000Andreas Gustafsson brigades and input filters. [Justin Erenkrantz]
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson body. [Justin Erenkrantz]
6d8568cb45240974da0ee1b653b28e3fdfffe93eAndreas Gustafsson *) NetWare: Piping log entries through RotateLogs using the
e3402551ac9be809eeb3a4b7b30d023ba67dad28Brian Wellington CustomLogs directive is finally supported now that we have
6d3f954c572db02159deedd444373161fda47a88Brian Wellington the pipes and spawning functionality working.
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington [Brad Nicholes]
b0f941a50f24656b3523609f86cead41b0269c7aBrian Wellington *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
ea419adc4eca4c3e44f2c282035b5dce6b795fe2Andreas Gustafsson Detect overflow when reading the hex bytes forming a chunk line.
3f31c8c2954f857e375db8e943a35f6aa5e230b4Andreas Gustafsson [Aaron Bannert]
ff59f0e4feaefb45a49427bd91775058b4b4f2d0Andreas Gustafsson *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464.
ff59f0e4feaefb45a49427bd91775058b4b4f2d0Andreas Gustafsson [James Tait <JTait wyrddreams.demon.co.uk>]
8af0b86ade4c15a7db207bd7643f8a9f6cb5a648David Lawrence *) Correctly return 413 when an invalid chunk size is given on
8af0b86ade4c15a7db207bd7643f8a9f6cb5a648David Lawrence input. Also modify ap_discard_request_body to not do anything
886b96ebfd555cfeaf37ae46fc08421a41c61392Andreas Gustafsson on sub-requests or when the connection will be dropped.
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington [Justin Erenkrantz]
674f1cfb1d7dfa92e52db950dbe80e60ef8f5cddBrian Wellington *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469.
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson [Cliff Woolley]
69d17bea6be937b92f3375e6249b5677c90f4fe2Andreas Gustafsson *) Ensure that apr_brigade_write() flushes in all of the cases that
da76a8046e01e1c1c2e6f75772afb2c4f202cc25Brian Wellington it should to avoid conditions in some modules that could cause
cd7ffa4c1286a48c10056632be3fb0b64c575c35Brian Wellington large amounts of data to be buffered. [Cliff Woolley]
cd7ffa4c1286a48c10056632be3fb0b64c575c35Brian Wellington *) Fix problem where mod_cache/mod_disk_cache was incorrectly
0cff88818a96197995c3533f6cbfb1a0efc06db0Brian Wellington stripping the content_type from cached responses.
0cff88818a96197995c3533f6cbfb1a0efc06db0Brian Wellington [Bill Stoddard]
5bba7216f3263dc49dd4db2ac64b6203a9e2b180Andreas Gustafsson *) apachectl passes through any httpd options. Note: apachectl
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence should be used in preference to httpd since it ensures that any
40817ed9c13782a7844e15dde24432611c4694acDavid Lawrence appropriate environment variables have been set up.
e06aebbe7b5b3128f99b16d6756a074b4de28d37Mark Andrews [Jeff Trawick]
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
40b1b44ed65b9655a135fc867ed9f0374c247ad4Andreas Gustafsson PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
ab8668fb583a92df0698f5cdac7e7b12ead614aaBrian Wellington *) Fix suexec execution of CGI scripts from mod_include.
ab8668fb583a92df0698f5cdac7e7b12ead614aaBrian Wellington PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson *) Fix segfaults at startup on some platforms when mod_auth_digest,
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson mod_suexec, or mod_ssl were used as DSO's due to the way they
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson were tracking the current init phase since DSO's get completely
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson unloaded and reloaded between phases. PR 9413.
575db903aabb08137a757d1c60ebb0d286ecff56Andreas Gustafsson [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
a4c55a3d0813e00e3d7846cc9736110c61d0a2baAndreas Gustafsson *) Fix mod_include's handling of regular expressions in
a4c55a3d0813e00e3d7846cc9736110c61d0a2baAndreas Gustafsson "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
c851f1cc2187b59687af94725fbacac022987d05Andreas Gustafsson *) Fix the worker MPM deadlock problem [Brian Pane]
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson *) Modify the module documentation to allow for translations.
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson [Yoshiki Hayashi, Joshua Slive]
91614f2bc498ef7eea22e449c91951f4598c8223Andreas Gustafsson *) Fix a file permissions problem which prevented mod_disk_cache
e0a9b524614889ca9b75f846cb6101fc448a60dcAndreas Gustafsson from working on Unix. [Jeff Trawick]
512661edd7d51c8c179cce89a855df6cec2fcdcdMark Andrews *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
385a9cb48a70b329e507c39d043fa9a44c659913James Brister MPMs. These have semantics very similar to the old apachectl
385a9cb48a70b329e507c39d043fa9a44c659913James Brister commands of the same name. [Justin Erenkrantz, Jeff Trawick]
385a9cb48a70b329e507c39d043fa9a44c659913James Brister *) Make sure that the runtime dir is created by make install.
3cb0de1c667237085c6a805715c31ddc5fdc9c4dBrian Wellington PR 9233. [Jeff Trawick]
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington *) Fix an unusual set of ./configure arguments that could cause
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington mod_http to be built as a DSO, which it currently doesn't
bd77de5fcaea4dcf2f0250ded32adfccd3a38256Brian Wellington support. PR 9244.
e5f5ec73a710d21067d4721a9e82f2399f2f6c25David Lawrence [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
e5f5ec73a710d21067d4721a9e82f2399f2f6c25David Lawrence of the %X, %b and %B logformat options. PR 8253, 8996.
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer [Bill Stoddard]
9594482ba300a4d694162fa62ba636c7dd00d3b6Brian Wellington *) If content-encoding is already present, do not run deflate (PR 9222)
47ddde42728034854444cf17e278cebaea06f666Michael Graff [Kazuhisa ASADA <kaz asada.sytes.net>]
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence It is currently ignored and it will be removed in a future release
edf8c55546efa9fb42da1c055ce02462a5c709c0David Lawrence of Apache. [Jeff Trawick]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence *) Removed documentation references to the no-longer-supported
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence "make certificate" feature of mod_ssl for Apache 1.3.x. Test
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence certificates, if truly desired, can be generated using openssl
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence commands. PR 8724. [Cliff Woolley]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence *) Remove SSLLog and SSLLogLevel directives in favor of having
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
c5944292e9ebee4a39fe939b9a16fe5596808556David Lawrence *) OS/390: LIBPATH no longer has to be manually uncommented in
36e0c379080343a0272dc076b7d7795ded04ee1dBrian Wellington envvars to get apachectl to set up httpd properly. [Jeff Trawick]
529a6b5224d751504027293a766a4c8b81241869Brian Wellington *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
529a6b5224d751504027293a766a4c8b81241869Brian Wellington may now be specified to the <File/Directory > container, rather
529a6b5224d751504027293a766a4c8b81241869Brian Wellington than by vhost. [William Rowe]
186ba80b8e391cf8421872f26771324644e45d83Andreas Gustafsson *) mod_isapi: Experimental support for faux async support for ISAPI
862a026a7d752fbc8b376df6f7a9080d7c778b49Brian Wellington modules. [William Rowe]
677045ed612e1c26a32b5700479e26c25bcede58Brian Wellington *) mod_isapi: Major refactoring of the code to rely on apr internals
677045ed612e1c26a32b5700479e26c25bcede58Brian Wellington rather than MS APIs (using our own mod_isapi.h headers for ISAPI
febf5f8b55abb2e6e840488a29a5ef4e20654f67David Lawrence symbol definitions.) [William Rowe]
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson *) mod_isapi: Fixed the return string length from GetServerVariable
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson callback, it was not including the trailing null in the consumed
c34bdef6bd197a04990e52469ad68481532dd35aAndreas Gustafsson buffer size. This was particularly bad for Delphi 6.0 users.
05f6d0c0381d19eec721e11f6fd88caef25dacd8Andreas Gustafsson PR 8934 [Sebastian Hantsch <sebastian.hantsch gmx.de>]
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson [William Rowe]
a32738e3e4ed9619c8ace22cd119e6769176b22cAndreas Gustafsson *) Make apxs look in the correct directory for envvars. It was
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington broken when sbindir != bindir. PR 8869
6dc130c7c95107748fff5f767161c2bb742f9f87Brian Wellington [Andreas Sundström <sunkan zappa.cx>]
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson *) Fix mod_deflate corruption when using multiple buckets. PR 9014.
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson [Asada Kazuhisa <kaz asada.sytes.net>]
49855f0856a0f6f9fed80af88faddf38f3e74eefAndreas Gustafsson *) Performance enhancements for access logger when using
ffea7c2e73a0771c80b32df93cf4547fcea64eaeAndreas Gustafsson default timestamp formatting [Brian Pane]
dc2c974dcf954a0a238d1afb886c445d06b1aa8bBrian Wellington *) Added EnableMMAP config directive to enable the server
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson administrator to disable memory-mapping of delivered files
55bfdb0a1491f0668bb279826ee864f4a7425e22Andreas Gustafsson on a per-directory basis. [Brian Pane]
d4ab9cd94f0fe0cf24ba36d21240215ae648c8d5James Brister *) Performance enhancements for mod_setenvif [Brian Pane]
080a4fe83c3ad208073bffbce1a2af8fe444214fMichael Sawyer *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick]
36007b707f28f36864e8d76f11379b22e9737538Michael Sawyer *) Fixed If-Modified-Since on Win32, which would give false positives
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer because of the sub-second resolution of file timestamps on that
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer platform. [Cliff Woolley]
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer *) Reverse the hook ordering for mod_userdir and mod_alias so
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer that Alias/ScriptAlias will override Userdir. PR 8841
375f19cfb2f9cf5a9efbc65b557a8ce865de85c2Michael Sawyer [Joshua Slive]
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson *) Move mod_deflate out of experimental and into filters.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [Justin Erenkrantz]
9bef4575d71a084edf59ac681e53e35ae1b72166Andreas Gustafsson *) Get proxy CONNECT basically working. [Jeff Trawick]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson *) Fix mod_rewrite hang when APR uses SysV Semaphores and
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson RewriteLogLevel is set to anything other than 0. PR: 8143
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson [Aaron Bannert, Cliff Woolley]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson *) Fix byterange requests from returning 416 when using dynamic data
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson (such as filters like mod_include). [Justin Erenkrantz]
87f4c7933fd2962cca3b9b7e046327f3c6306b84Andreas Gustafsson *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence to be extended by third-party modules via an optional function.
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence *) Fix mod_include expression parser's handling of unquoted strings
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence followed immediately by a closing paren. PR 8462. [Brian Pane]
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence *) Remove autom4te.cache in 'make distclean'.
10e6498d6d7b2cfd8d822788d817fc9a3e0b0c3aDavid Lawrence [Thom May <thom planetarytramp.net>]
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson *) Fix generated httpd.conf to respect layout for LoadModule lines.
dae5ce6ddb0a3c425865d3b6f0f13c4126eacc17Andreas Gustafsson PR 8170. [Thom May <thom planetarytramp.net>]
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson *) Win32: During a graceful restart, threads in the new process
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson were accessing scoreboard slots still in use by active threads in
9a8fea7bc8fb79ff1d31f0a2ba3c9694041c6f3aAndreas Gustafsson the old process. [Bill Stoddard]
663841abe0bb1cc8040e552597ef721c35b799e5Brian WellingtonChanges with Apache 2.0.36
c49e3222b0912479015161e8b54a67a1abf9a0ffAndreas Gustafsson *) Fix some minor formatting issues with ab. Part of this is
c49e3222b0912479015161e8b54a67a1abf9a0ffAndreas Gustafsson in reference to PR 8544, the rest I noticed while testing
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson the PR fix. [Paul J. Reder]
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson *) Fix a case where an invalid pass phrase is entered and an
bf68c5151b5c4f7d6b2783584434e61045a88d7fAndreas Gustafsson error message is given, but the prompt is not shown again.
178f73169a27ac031f58863ae12cdb33dc15f6c4Brian Wellington This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
178f73169a27ac031f58863ae12cdb33dc15f6c4Brian Wellington *) Close sockets on worker MPM when doing a graceless restart.
9c4cba349f52bb8176c3858b2b5b340f13603802Brian Wellington [Aaron Bannert]
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
0e65062acb2b0d14ab64e0c7ae7eb4137758339bAndreas Gustafsson as the session id context rather that a MD5 hash of that vhost ID,
0e65062acb2b0d14ab64e0c7ae7eb4137758339bAndreas Gustafsson because it caused very long vhost id's to be unusable with mod_ssl.
64024eaa4d029b0bd090c435b8b02b45eef5cd89Andreas Gustafsson PR 8572. [Cliff Woolley]
da527e4ff6a013364826637963e7ac372e024f33David Lawrence *) Fix the link to the description of the CoredumpDirectory
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson directive in the server-wide document. PR 8643. [Jeff Trawick]
db6fa2e944b3a0682168e9ee145b86c81a6a5321Andreas Gustafsson *) Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley]
db6fa2e944b3a0682168e9ee145b86c81a6a5321Andreas Gustafsson *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
30576c592b538cab293cf6e1f6265d376cd5a12cAndreas Gustafsson - Avoid SIGBUS on sparc machines with SHMCB session caches
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence - Allow whitespace between the pipe and the name of the
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence program in SSLLog "| /path/to/program". [Cliff Woolley]
ce2be9b7211ab5bacaa10fe74ef35def3a3f6089David Lawrence *) Introduce mod_ext_filter and mod_deflate experimental modules
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence to the Win32 build (zlib sources must be in srclib\zlib.)
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence [William Rowe]
f4d9f465cd29963a99554bbe2936509ea3568c89James Brister *) Changes to the worker MPM's queue management and thread
f4d9f465cd29963a99554bbe2936509ea3568c89James Brister synchronization code to reduce mutex contention [Brian Pane]
adade77942b069127a7094df419b3ad39dafb385James Brister *) Don't install *.in configuration files since we already install
9bf765ab3a5203b854d32266e6162e547791383cDavid Lawrence *-std.conf files. [Aaron Bannert]
adade77942b069127a7094df419b3ad39dafb385James Brister *) Many improvements to the threadpool MPM. [Aaron Bannert]
5c0a406664065d54824675e3d2f795ea9e2a56b8Mark Andrews *) Fix subreqs that are promoted via fast_redirect from having invalid
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson frec->r structures. This would cause subtle errors later on in
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson request processing such as seen in PR 7966. [Justin Erenkrantz]
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson *) More efficient pool recycling logic for the worker MPM [Brian Pane]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Modify the worker MPM to not accept() new connections until
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson there is an available worker thread. This prevents queued
ea01648cb950b8d4b5625a8a91a4c1c019dec885Andreas Gustafsson connections from starving for processing time while long-running
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson connections were hogging all the available threads. [Aaron Bannert]
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson [Aaron Bannert]
7d7bd1b4f0270691f434d37b1052259a13185663Andreas Gustafsson *) Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick]
ce8d0fffea20fe03fd0f075263f529ad55f82aacAndreas Gustafsson *) Allow mod_unique_id to work on systems with no IPv4 address
81f11a70588c6929d1aefd529b940efb70747fc2Andreas Gustafsson corresponding to their host name. [Jeff Trawick]
81f11a70588c6929d1aefd529b940efb70747fc2Andreas Gustafsson *) Fix suexec behavior with user directories. PR 7810.
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson [Colm <colmmacc redbrick.dcu.ie>]
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson *) Reject a blank UserDir directive since it is ambiguous. PR 8472.
04d58db32739157df6c44e3f37ecb83816fd3f75Andreas Gustafsson [Justin Erenkrantz]
5096958739769958dd7a6b69356bf41260033873David Lawrence *) Make mod_mime use case-insensitive matching when examining
5096958739769958dd7a6b69356bf41260033873David Lawrence extensions on all platforms. PR 8223. [Justin Erenkrantz]
5096958739769958dd7a6b69356bf41260033873David Lawrence *) Add an intelligent error message should no proxy submodules be
5096958739769958dd7a6b69356bf41260033873David Lawrence valid to handle a request. PR 8407 [Graham Leggett]
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence *) Major improvements in concurrent processing for AB by enabling
84f4e4a656926a795f3bae40b2a6308bebb48b49David Lawrence non-blocking connect()s and preventing APR from doing blocking
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence read()s. Also implement fatal error checking for apr_recv().
838281ed55d0d3939c2f510559d5852872ed4ddbDavid Lawrence [Aaron Bannert]
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence *) Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe]
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence *) Fix Win32 'short name' aliases in httpd.conf directives.
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence PR 8009 [William Rowe]
280942843277ca894571ca94c1e431ba079d0ca0Mark Andrews *) Fix generation of default httpd.conf when the layout paths are
d1e971ba027a8d320cc87a02a71158970bd03308Mark Andrews disjoint. PR 7979, 8227. [Justin Erenkrantz]
d1e971ba027a8d320cc87a02a71158970bd03308Mark Andrews *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence that downgraded responses can have force-response. PR 8357.
89e57b472d87a37aa6c49a5544d1d1dfe9617f5dDavid Lawrence [Justin Erenkrantz]
d8c8722f28ca439b9ca46f109e2804a7eb33a1acBrian Wellington *) Fix perchild MPM so that it can be configured with the move to the
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson experimental directory. [Scott Lamb <slamb slamb.org>]
d8c8722f28ca439b9ca46f109e2804a7eb33a1acBrian Wellington *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington ap_uname2id. [Scott Lamb <slamb slamb.org>]
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
4b7167e96abe79cdf194ac3865760a7139b70090Brian Wellington *) SECURITY: CAN-2002-1592 (cve.mitre.org) [CERT VU#165803]
a4b496f2abd35b0f27761385c8679de1f5714b0dBrian Wellington Added the APLOG_TOCLIENT flag to ap_log_rerror() to
a4b496f2abd35b0f27761385c8679de1f5714b0dBrian Wellington explicitly tell the server that warning messages should be sent
a4b496f2abd35b0f27761385c8679de1f5714b0dBrian Wellington to the client in addition to being recorded in the error log.
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister Prior to this change, ap_log_rerror() always sent warning
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister messages to the client. In one case, a faulty CGI script caused
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister the server to send a warning message to the client that contained
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister the full path to the CGI script. This could be considered a
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister minor security exposure. [Bill Stoddard]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister *) mod_autoindex output when SuppressRules was specified would
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister omit the first carriage return so the first item in the list
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister would appear to the right of the column headings instead of
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister *) Moved the call to apr_mmap_dup outside the error branch so
952e9025b0ecd20e6c7f7852551e36bb9677f713James Brister that it would actually get called. This fixes a core dump
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence at init everytime you use the MMapFile directive. PR 8314
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson [Paul J. Reder]
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson *) Trigger an error when a LoadModule directive attempts to
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson load a module which is built-in. This is a common error when
08133a2dbe88e0715e092fbdeec2431971ec0711Andreas Gustafsson switching from a DSO build to a static build. [Jeff Trawick]
8c1aa8573dd85774ac8921dc0482b91d73e8b8b6Mark Andrews *) Change instdso.sh to use libtool --install everywhere and then
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson clean up some stray files and symlinks that libtool leaves around
8c1aa8573dd85774ac8921dc0482b91d73e8b8b6Mark Andrews on some platforms. This gets subversion building properly since
96ab25294b028270eb1be867613df8a6c999b332David Lawrence it needed a re-link to be performed by libtool at install time,
96ab25294b028270eb1be867613df8a6c999b332David Lawrence and the old instdso.sh logic to simply cp the DSO didn't handle
96ab25294b028270eb1be867613df8a6c999b332David Lawrence that requirement. [Sander Striker]
96ab25294b028270eb1be867613df8a6c999b332David Lawrence *) Allow VPATH builds to succeed when configured from an empty
96ab25294b028270eb1be867613df8a6c999b332David Lawrence directory. [Thom May <thom planetarytramp.net>]
e68de4a7dbf5b6a1b2ff3f4f4dd8adf80b80525bBrian Wellington *) Fix 'control reaches end of non-void function' warning in
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson server/log.c. [Ben Collins-Sussman <sussman collab.net>]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Perchild MPM is now correctly deemed as experimental and is now
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson located in server/mpm/experimental. [Justin Erenkrantz]
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson *) Fix segfault in mod_mem_cache when garabge collecting an expired
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson cache entry. [Bill Stoddard]
5aa96829fdd12f30a2e9f717e66d44a4698b0675Andreas Gustafsson *) Introduced -E startup_logfile_name option to httpd to allow admins
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington to begin logging errors immediately. This provides Win32 users
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington an alternative to sending startup errors to the event viewer, and
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington allows other daemon tool authors an alternative to logging to stderr.
e2894b0e5007e49f5b21be9113e41419ca8489a0Brian Wellington [William Rowe]
bc334fc90142b2ca26823a3ed1a3f4f086c7d558Andreas Gustafsson *) Fix subreqs with non-defined Content-Types being served improperly.
845e0b5f968d4ac069ac8b802730467df8cd7136Mark Andrews [Justin Erenkrantz]
c4252cd10ba9a35ef03c53b97961a4c0b15fe44fAndreas Gustafsson *) Merge in latest GNU config.guess and config.sub files. PR 7818.
c4252cd10ba9a35ef03c53b97961a4c0b15fe44fAndreas Gustafsson [Justin Erenkrantz]
6a8832f784bd53aa6afbda22f6187cea6490e1e1Andreas Gustafsson *) Move 100 - Continue support to the HTTP_IN filter so that filters
1318ddb52d8a8a22eae47f7d82137e74b9beacf1Mark Andrews are guaranteed to support 100 - Continue logic without any
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence intervention. [Justin Erenkrantz]
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence *) Add HTTP chunked input trailer support. [Justin Erenkrantz]
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence *) Rename and export get_mime_headers as ap_get_mime_headers.
de8e189332e884db065b921f84e3ee4922ad10e3David Lawrence [Justin Erenkrantz]
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence *) Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson *) Properly substitute sbindir as httpd's location in apachectl. PR 7840.
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence [Andreas Hasenack <andreas netbank.com.br>]
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson *) Allow Win32 shebang scripts to follow the path (or omit the .exe
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson suffix from the shebang command), and allow ScriptInterpreterSource
1c823819b73f17cbfd188d35962da196a48190fbAndreas Gustafsson Registry or RegistryStrict to override shebang lines, as 1.3 did.
e405739af20dcdc6c7f604548e78806a0d1515c5Brian Wellington PR 8004 [William Rowe]
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson *) worker MPM: Fix a situation where a child exited without releasing
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson the accept mutex. Depending on the OS and mutex mechanism this
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson could result in a hang. [Jeff Trawick]
b719a598e77aada962b3a05cb00179dc929d3939Andreas Gustafsson *) Update the instructions for how to get started with mod_example.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson *) Fix PidFile to default to rel_runtimedir instead of
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson *) Win32: Fix problem that caused rapid performance degradation
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson when number of connecting clients exceeded ThreadsPerChild.
428b78e56dc10ea220fadfed11242ceb1d51d0e3Andreas Gustafsson [Bill Stoddard]
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews *) Fixed a segfault parsing large SSIs on non-mmap systems.
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews [Brian Havard]
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews *) Proxy was bombing out every second keepalive request, caused by a
b74e73c5b4b299da20a6b196b68b9068d376ff35Mark Andrews stray CRLF before the second response's status line. Proxy now
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence tries to read one more line if it encounters a CRLF where it
323b6387ce2575627427859b8668e7f27f090c4cMark Andrews expected a status. PR 10010 [Graham Leggett]
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson *) Deprecated the apr_lock.h API. Please see the following files
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson for the improved thread and process locking and signaling:
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert]
d68e4b66b1075e556b480f8bfb607aeba5da46f6Andreas Gustafsson *) Change mod_status to use scoreboard accessor functions so it can
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson be used in any MPM without having to be recompiled.
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson [Ryan Morgan <rmorgan covalent.net>]
e44d56866bd609e066380cbef414e6ce11a08976Andreas Gustafsson *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
4ebb4093f80e32e4a57ff3769f7fd4ad2217ee44Andreas Gustafsson handle declarations are recognized. This fixes problems loading
84c4c99c9e2cf14fb9ef6f6815a9fdb824475423Michael Sawyer mod_autoindex on some platforms. [Brian Havard]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence *) Remind the admin about the User and Group directives when we are
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence unable to set permissions on a semaphore. PR 7812 [Jeff Trawick]
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence [Doug MacEachern]
0df2335526caaebd8639129fd0327a6cc97060eaDavid Lawrence *) fix possible infinite loop in mod_ssl triggered by certain
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence netscape clients [Doug MacEachern]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) fix ProxyPass when frontend is https and backend is http
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson [Doug MacEachern]
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson *) Add DASL support to mod_dav
8b31f5630f6345f686449f8a84c33c0813283e42Andreas Gustafsson [Sung Kim <hunkim cse.ucsc.edu>]
13c32cb589e571e9204dbb091e145809288c9c21David LawrenceChanges with Apache 2.0.35
13c32cb589e571e9204dbb091e145809288c9c21David Lawrence *) mod_rewrite: updated to use the new APR global mutex type.
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson [Aaron Bannert]
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson *) Fixes for mod_include errors on boundary conditions in which
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson "<!--#" occurs at the very end of a bucket
822f118444dcaddaf977bc73e958b2f755e4ddfdAndreas Gustafsson [Paul Reder, Brian Pane]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence cause the Apache parent process to run in the foreground (similar to
8775909be9fc67180fc480115716f88174e74471James Brister -DNO_DETACH except that it doesn't switch session ids).
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington for those platforms that support it. If using the default
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington implementation, this is between pthread and sysvsem in priority.
a797a75953e21b514427d188bf5d5051419c10adBrian Wellington This implies it's the new default for Darwin. [Jim Jagielski]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence environment variables in the envvars file. [Jeff Trawick]
17d91fddb33cc6e0bf2dfacf7156bb1ebba197d8David Lawrence *) worker MPM: Don't create a listener thread until we have a worker
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence thread. Otherwise, in situations where we'll have to wait a while
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to take over scoreboard slots from a previous generation, we'll be
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence accepting connections we can't process yet. [Jeff Trawick]
a38e5f0695a8ddf0b3cbb70b5a172a5c6dce994bDavid Lawrence *) Allow worker MPM to build on systems without pthread_kill().
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Pier Fumagalli, Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Prevent ap_add_output_filters_by_type from being called in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence ap_set_content_type if the content-type hasn't changed.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Justin Erenkrantz]
abeb505bb6c1400dde1a40d0bff7b3a435666e1cMark Andrews *) Performance: implemented the bucket allocator made possible by the
abeb505bb6c1400dde1a40d0bff7b3a435666e1cMark Andrews API change in 2.0.34. [Cliff Woolley]
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas Gustafsson *) Don't allow initialization to succeed if we can't get a socket
57b3597444bc8716459f0fb3022b2c12f4eee2aeAndreas Gustafsson corresponding to one of the Listen statements. [Jeff Trawick]
727eef0cbc8bf889ddb3b58eb89e9ea2c3b4b047Andreas GustafssonChanges with Apache 2.0.34
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson *) Allow all Perchild directives to accept either numerical UID/GID
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson or logical user/group names. [Scott Lamb <slamb slamb.org>]
26c86a6fc85c89447d23d4a3e34b11157a2ff6f4Andreas Gustafsson *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson *) implement ssl proxy to support ProxyPass / https:// and the
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson SSLProxy* directives [Doug MacEachern]
b3157263ee12a5792737f09b708d3fc65ca99e01Andreas Gustafsson *) Update mod_cgid to not do single-byte socket reads for CGI headers
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington *) Made AB's use of the Host: header rfc2616 compliant
b90d3f516fd62514ff0b06a6ee0311d7ab5fbbb4Brian Wellington by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
b35a009df86b4aa3793e87602c95af2a503ec0eeMark Andrews *) The old, legacy (and unused) code in which the scoreboard was totally
b35a009df86b4aa3793e87602c95af2a503ec0eeMark Andrews and completely contained in a file (SCOREBOARD_FILE) has been
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson removed. This does not affect scoreboards which are *mapped* to
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson files using named-shared-memory. [Jim Jagielski]
7bb1e299e133de5d530aa4cb545f4130aabf5235Andreas Gustafsson *) Change bucket brigades API to allow a "bucket allocator" to be
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence passed in at certain points. This allows us to implement freelists
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson so that we can stop using malloc/free so frequently.
482b9dae17bc5dc4e51b78d3c5b1a18c7c1adae9Andreas Gustafsson [Cliff Woolley, Brian Pane]
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer *) Add support for macro expansion within the variable names in
34ea3c6fd940a8514b5ec609491f823263a735c7Michael Sawyer <!--#echo--> and <!--#set--> directives [Brian Pane]
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]
3c671ac666de8a7dcd7bd02afa20968da0b85bbdMark Andrews *) Add a new parameter to the quick_handler hook to instruct
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister quick handlers to optionally do a lookup rather than actually
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister serve content. This is the first of several changes required fix
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister several problems with how quick handlers work with subrequests.
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister [Bill Stoddard]
58c42ee18c186b2151ced62f64aa4ca23cff4a1dJames Brister *) worker MPM: Get MaxRequestsPerChild to work again. [Jeff Trawick]
7789eb1345bef03773a2530dce7f2709cc50aa2aAndreas Gustafsson *) [APR-related] The ordering of the default accept mutex method has
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews been changed to better match what's done in Apache 1.3. The ordering
5dc6a24e8b6808f03e7a9bc6530d646ebba927dbMark Andrews is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
242dfd9cc6901a5e02dae94acdecdb91e78ea07cMark Andrews [Jim Jagielski]
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington *) Ensure that the build/ directory is created when using VPATH.
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington [Justin Erenkrantz]
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister *) Add some popular types to the mime magic file. PR 7730.
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
0d5d8e2bbf2c0c129f0416f24758a0925ce12be8James Brister *) Remove the single-byte socket reads for CGI headers [Brian Pane]
99f3a24e69edbb19e4fe7f2fb0a72c478f8c3cafJames Brister *) When a proxied site was being served, Apache was replacing
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson the original site Server header with it's own, which is not
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson allowed by RFC2616. Fixed. [Graham Leggett]
1299e93989afbe1fee0739811b05fd1641ea14aeAndreas Gustafsson *) Fix a mod_cgid problem that left daemon processes stranded
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson in some server restart scenarios. [Jeff Trawick]
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson *) Added exp_foo and rel_foo variables to config_vars.mk for
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson all Apache and Autoconf path variables (like --sysconfdir,
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson --sbindir, etc). exp_foo is the "expanded" version, which means
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson that all internal variable references have been interpolated.
aa79283a0d97d5d77d3c17bcb1756035eabe647aAndreas Gustafsson rel_foo is the same as $exp_foo, only relative to $prefix if they
f204bdd8e6703ff0ef1adf0a2c407202418a936dDavid Lawrence share a common path. [Aaron Bannert]
0bfcec250f9705a1211d0374f0fc1049960de84bMark Andrews *) Fix some restart/terminate problems in the worker MPM. Don't
b5f24a6988e04710bee0281b03b7e168358ac868Andreas Gustafsson drop connections during graceful restart. [Jeff Trawick]
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister *) Change the header merging behaviour in proxy, as some headers
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister (like Set-Cookie) cannot be unmerged due to stray commas in
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister dates. [Graham Leggett]
0df2335526caaebd8639129fd0327a6cc97060eaDavid Lawrence *) Be more vocal about what AcceptMutex values we allow, to make
379bd2c19cec393f56a2e9c42cc87fc8213a1b62James Brister us closer to how 1.3 does it. [Jim Jagielski]
c24265935e70d17279153b3cde43e3f6c3527577Andreas Gustafsson *) Get nph- CGI scripts working again. PRs 8902, 8907, 9983
c24265935e70d17279153b3cde43e3f6c3527577Andreas Gustafsson [Jeff Trawick]
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister *) Upgraded PCRE library to latest version 3.9 [Brian Pane]
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister *) Add accessor function to set r->content_type. From now on,
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister ap_rset_content_type() should be used to set r->content_type.
bedfa169b4cc5511b34c0c4a54c5b8aae364babeJames Brister This change is required to properly implement the
d85552c450141012e7cbeaacc77fb9575b0bb4cbJames Brister AddOutputFilterByType configuration directive.
d85552c450141012e7cbeaacc77fb9575b0bb4cbJames Brister [Bill Stoddard, Sander Striker, Ryan Bloom]
47c196192afa37b2dea728e52579779f190bf07fJames Brister *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
47c196192afa37b2dea728e52579779f190bf07fJames Brister RFC 3253. Improved the method name/number mapping functions.
adf82221858138f295bce732e86dcac34645692eJames Brister *) remove sock_enable_linger from connection.c [Ian Holsman]
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson *) Fix for virtual host processing where the requested hostname
f3b52d9fe5e7e851adecad4eec8952cceda47592Brian Wellington has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson *) mod_dav's APIs for REPORT response handling was changed so that
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson providers can generate the content directly into the output filter
94c5757a7a2d98b4de3e7a68cfe330d59450f09eAndreas Gustafsson stack, rather than buffering the response into memory. [Greg Stein]
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister *) Fix a hang condition with graceful restart and prefork MPM
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister in the situation where MaxClients is very high but
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister much fewer servers are actually started at the time of the
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister restart. [Jeff Trawick]
71a4339351de0d8233d61025a667ec4dc3e0f868James Brister *) Small performance fixes for mod_include [Brian Pane]
0380c44d0238a88e167526954d630d071739ed28Mark Andrews *) Performance improvement for the error logger [Brian Pane]
0380c44d0238a88e167526954d630d071739ed28Mark Andrews *) Change configure so that Solaris 8 and above have
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews according to sun people solaris 8+ doesn't have a thundering
a6733246eafeb43755ce6d7ec3627ac4209cbccbMark Andrews herd problem [Ian Holsman]
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington *) Allow URIs specifying CGI scripts to include '/' at the end
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
36bcb04af27e050ddc04b2ff37dbeafc84538fd4Brian Wellington which ignore '/' at the end of the names of non-directories).
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence PR 10138 [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix apxs -g handling. Move config_vars.mk from the top build
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence directory to the build directory. PR 10163 [Jeff Trawick]
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence *) Fix some mod_include problems which broke evaluation of some
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence expressions. PR 10108 [Jeff Trawick]
c78dc8b001ba46ef1edb784635c3ba7b3e4456ceJames Brister *) Fix the calculation of request time in mod_status. [Stas Bekman]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Fix the calculation of thread_num in the worker score structure.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [Stas Bekman]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Use apr_atomic operations in managing the mod_mem_cache
d5399cc351a549db957185993b320a3bffa40e41James Brister cache_objects for SMP scalability. (see USE_ATOMICS
d5399cc351a549db957185993b320a3bffa40e41James Brister preprocessor directive in mod_file_cache)
d5399cc351a549db957185993b320a3bffa40e41James Brister [Bill Stoddard]
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister preprocessor directive in mod_file_cache)
40f349ad1f2f0a63ef2784b8affcd44dc660b39cJames Brister [Bill Stoddard]
ac3b769801d794993e9eb6065b2f7144ffcfc9acMark Andrews *) Implement prototype mod_disk_cache for use with mod_cache.
69b691c9624f31e59b8d128ada902a82127c15a3James Brister [Bill Stoddard]
69b691c9624f31e59b8d128ada902a82127c15a3James Brister *) Add a missing manualdir entry in the Debian config.layout.
69b691c9624f31e59b8d128ada902a82127c15a3James Brister [Thom May <thom planetarytramp.net>]
dba20696eb808075d849e5a4cc8d854555869fb2Brian Wellington *) Stop installing libtool for APR and tell APR where it should place
dba20696eb808075d849e5a4cc8d854555869fb2Brian Wellington its copy of libtool (via our installbuildpath layout variable).
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [Justin Erenkrantz]
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister *) New directive ProxyIOBufferSize. Sets the size of the buffer used
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister when reading from a remote HTTP server in proxy. [Graham Leggett]
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister *) Modify receive/send loop in proxy_http and proxy_ftp so that
98c2f9a11185b8a5dd601798990612beb6d1578eJames Brister should it be necessary, the remote server socket is closed before
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence transmitting the last buffer (set by ProxyIOBufferSize) to the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence client. This prevents the backend server from being forced to hang
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence around while the last few bytes are transmitted to a slow client.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Fix the case where no error checking was performed on the final
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence brigade in the loop. [Graham Leggett]
705cb05a187558959d20ec2c31e06de8e96f61b2David Lawrence *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
a3c0a79b61edfd6a021c080d4b368c9c962fcad6Andreas Gustafsson CacheMaxExpire and CacheDefaultExpire to use seconds rather than
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence hours. [Graham Leggett, Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence for a undefined variable. [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when we can't get a socket in the specified address family. We may
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence have gotten back an IPv6 address first and yet our system is not
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence configured to allow IPv6 sockets. [Jeff Trawick]
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence *) Be more careful about recursively removing CVS directories. Make
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence sure that we aren't cd'ing to their home directory first. PR: 9993
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Aaron Bannert, James LewisMoss <dres lewismoss.net>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add a missing errordir entry in the Debian config.layout. PR: 10067
174a4f7b80af7f7a33cd9a098c13af23e5ec2a28David Lawrence [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson *) Rename the filter ordering priorities. The recent filtering fixes
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson have showcased problems with their usage. Therefore, we need to
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson rename them to increase the clarity. (CONTENT->RESOURCE,
dccfe96a449d135d1b3806a9ab8fd7481d017c8bAndreas Gustafsson HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael GraffChanges with Apache 2.0.33
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff *) Fix a problem in the new --enable-layout functionality where
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington it wouldn't allow overrides from variables like --prefix,
d03d4524993ecf5da72694907cb8581eadbe5c4dBrian Wellington --bindir, etc. [Thom May <thom planetarytramp.net>]
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington no longer hangs around waiting for the socket to close before
75f6c57d9544aa77a3b1a04587b4702c07343c90Brian Wellington returning exhaustive data. [Aaron Bannert]
c8df84cb389994b4eaf549f5851e70d18e2d063fAndreas Gustafsson *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
f34984369fbc87f6cc5c5d1059303377a1724d79James Brister [Thom May <thom planetarytramp.net>]
b092aef75539b462d24b460b67ac49edb79aaff8Andreas Gustafsson *) Change mod_ssl to always do a full startup/teardown on restarts.
7cd4c3ddd1baf5f2b204562fdba3da37c716cc78Andreas Gustafsson this allows mod_ssl to be added to a server that is already
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson running and makes it possible to add/change certs/keys after the
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson server has been started. [Doug MacEachern]
76a191c4202a4839e4ce598ec91f0c0d12f630aaAndreas Gustafsson *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence This pipe must be a bidirectional 'console' style relay, which
fef059dcec0f7f83b09b9ce30b91b21a51d9c481Andreas Gustafsson mod_ssl prints all prompts to the pipe's stdin, and reads the
fef059dcec0f7f83b09b9ce30b91b21a51d9c481Andreas Gustafsson passphrases from the pipe's stdout. [William Rowe]
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington *) Fix bug where --sysconfdir and --localstatedir were being
5f80c1428b9b7235fc9c1c80aa505457c3043504Brian Wellington ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
af602636644fdfaabc331bd926b0aabb9432e152Brian Wellington *) Fix --enable-layout to work again. Caution: When specifying
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson --enable-layout, common arguments like --prefix, --exec-prefix,
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson etc. will be ignored and the settings from the layout will be
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson PR 9124, 9873, 9885
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
b3aaa872e12e5c8658271bde8e4dd85d015e823fAndreas Gustafsson regex pattern matching for the determination of which requests
389f2ccc2f5f00a11a14114d40492f7ac8249fa7Olafur Gudmundsson to use the remote proxy for. [Jim Jagielski]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix CustomLog bytes-sent with HTTP 0.9. [Justin Erenkrantz]
6deb631b20b7e212d9a350759e472fa60f9e92e4David Lawrence *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence cruft in piped logs and rewritemap child processes.
b1d234eb75e2804e09d89178a76df39c321db51bBrian Wellington [William Rowe]
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington *) All instances of apr_lock_t have been removed and converted
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellington to one of the following new lock APIs: apr_thread_mutex.h,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence apr_proc_mutex.h, or apr_global_mutex.h. No new code should
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence use the apr_lock.h API, as the old API will soon be deprecated.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Ralf S. Engelschall, Cliff Woolley]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) mod-include: make it handle flush'es and fix the 'false-alarm'
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Justin Erenkrantz, Brian Pane, Ian Holsman]
7ffc4c63ac8841d127c2d77c8716cc0dc483badcDavid Lawrence *) ap_get_*_filter_handle() functions to allow 3rd party modules
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to lookup filter handles so they can bypass the filter name
19d1b1667d073850d4366352aaf8319efc5debeeBrian Wellington lookup when adding filters to a request (via ap_add_*_filter_handle())
19d1b1667d073850d4366352aaf8319efc5debeeBrian Wellington [Ryan Morgan <rmorgan covalent.net>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix for multiple file buckets on Win32, where the first file
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence bucket would cause the immediate closure of the socket on any
20b20b23948b90cb2f7d7f402da99d09f837efd0David Lawrence non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson *) Correct Win32 failure of mmap of a segment beyond start of the
a89b06a49cc61cdce2ce0ea0f62b514998fa16d9Andreas Gustafsson file; fixes large SSL and similar transfers. [William Rowe]
9c987b20b9246a34f38af8ed3cd22c61040933a7Andreas Gustafsson *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson multi-process mode to not "daemonize" while detaching from the
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson controlling terminal. This is necessary for Apache to work with
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson process-management tools like AIX's "System Resource Controller"
7e9bfde7951c4e35bcbd0d3439790cc823a6794cAndreas Gustafsson as well as Dan Bernstein's "daemontools".
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson [Jos Backus <josb cncdsl.com>, Aaron Bannert]
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson *) Convert mod_auth_digest to use the new apr_global_mutex_t
4c9406964425ecc33fac38bb093e236b43b449e6Andreas Gustafsson type. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) fix bug in mod-include where it wouldn't send a unmatched
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff part if it was at the end of a bucket [Ian Holsman]
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff *) worker MPM: Improve logging of errors with the interface between
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff the listener thread and worker threads. [Jeff Trawick]
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson *) Some browsers ignore cookies that have been merged into a
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
533131b93b69c4534b5f1f9138b59211670e6e6dMichael Graff are now unmerged in the http proxy before being sent to the
0e7da7ac26cb234763ff03c3a9bc06e3c22e546fAndreas Gustafsson client. [Graham Leggett]
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson *) Fix a problem with proxy where each entry of a duplicated
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson header such as Set-Cookie would overwrite and obliterate the
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson previous value of the header, resulting in multiple header
73abbeb5823a9b3e01b05a8878db915eb6beccdaAndreas Gustafsson values (like cookies) going missing.
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson [Graham Leggett, Joshua Slive]
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson *) Add the server-limit and thread-limit values to the scoreboard
538971e27d45861c937331f52b0e96d3a5157d8eAndreas Gustafsson for the sake of third-party applications.
7ffc4c63ac8841d127c2d77c8716cc0dc483badcDavid Lawrence [Adam Sussman <myddryn vishnu.vidya.com>]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister *) OS/390: Get make install to properly copy DSO modules.
8977ab7ca0ed63a39a8cd0b915ab9cb1254dcd3fJames Brister [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Win32: Fix bug in mod_status with displaying "Restart Time"
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence and "Server uptime".
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [Bill Stoddard]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson *) Fix IPv6 name-based virtual hosts. [Jeff Trawick]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson *) Introduce AddOutputFilterByType directive. [Justin Erenkrantz]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson *) Fix DEBUG_CGI support in mod_cgi. PR 9670, 9671.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson [David MacKenzie <djm pix.net>]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson *) Fix incorrect check for script_in in mod_cgi. PR 9669.
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson [David MacKenzie <djm pix.net>]
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson *) Fix segfault and display error when SSLMutex file can not be
95be83b467e2384d414693982318a5c06cccf1d7Andreas Gustafsson created. [Adam Sussman <myddryn vishnu.vidya.com>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add reference counting to mod_mem_cache cache objects to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence better manage removing objects from the cache.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Change the verbage on the ScoreBoardFile in our default configs.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Also change the default to be commented out (unspecified) so we
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence get anonymous shared memory by default. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Implement new ScoreBoardFile directive logic. This affects how
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence we create the scoreboard's shared memory segment. If the directive
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence is present, a name-based segment is created. If the directive is
6fa1cb5754695d550a58c6e8978fda65f5146af7David Lawrence not present, first an anonymous segment is created, and if that
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson fails, a name-based segment is created from a file of the name
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson DEFAULT_SCOREBOARD. This gives third-party applications the
52b784e2a662038b833e4f9ad7bff881faf52a85Andreas Gustafsson ability to access our scoreboard. [Aaron Bannert]
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews *) Allow mod_deflate to work with non-GET requests and properly send
edb8ffbbf3e4b3c16a10fdd45720d97706e6bf50Mark Andrews Content-Lengths. [Sander Striker <striker apache.org>]
59abb512d344bfa09012cc11b7d814966f035da4Mark Andrews *) Fix ap_directory_merge() to correctly merge configs when there is
59abb512d344bfa09012cc11b7d814966f035da4Mark Andrews no <Directory /> block. [Justin Erenkrantz, William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Remove spurious debug messsages that are normal under HTTP
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence keep-alive logic. [Jeff Trawick, Justin Erenkrantz]
600cfa2ba4c50017581b6c14e3a688a82ecebbe0David Lawrence *) Fix a bug in mod_cgid that would prevent proper shutdown death
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence of the cgid process. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add signal handling back in to the worker MPM for the one_process
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence (-X, -DDEBUG, -DONE_PROCESS) case. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Performance: Reuse per-connection transaction pools in the
a120694df8156f76eb629e4d686d3729362e3c90David Lawrence worker MPM, rather than destroying and recreating them. [Brian Pane]
fcba8f29fedd5a29651579e22c96413b4f37cab9Brian Wellington *) Remove all signals from the worker MPM's child process. Instead,
f6afa4ac95f3a6c86c61c0b122cd0dc6f957649bBrian Wellington the parent uses the Pipe of Death for all communication with the
f6afa4ac95f3a6c86c61c0b122cd0dc6f957649bBrian Wellington child processes. [Ryan Bloom]
34b394b43e2207e8f8f3703f0402422121455638David LawrenceChanges with Apache 2.0.32
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister default if the directive is not specified. This mirrors older
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister behavior without changes to the httpd.conf. [William Rowe]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister the service, mpm and logging code, and bugs in apr_file_open_stderr
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister and apr_file_dup2 functions. Win2K/XP services have no handles
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister associated for stdin/out/err, which caused unpredictable behavior
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister in the prior release. [William Rowe, Bill Stoddard]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister *) Win32: simplify the Application Event Log messages, since there isn't
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister likely to be 'more information in the error log' before an error log
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence has been opened. [William Rowe]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister *) Win32: substantial cleanup to the mpm_winnt code for legibility and
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister to follow the program flow of other MPMs. [Ryan Bloom, William Rowe]
cde7793c7fb83adecf1a60bfc76cde6d1d7db0ebJames Brister *) Win32: apache -k shutdown now behaves like apache -k stop.
c0b06c8275c5ea3cde8cc67f3a6f9cab1bd55d65James Brister [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix prefork to not kill the parent if a child hits a resource shortage
527ea00c176abc167a6daf978e06f52c7e70aa06Andreas Gustafsson on accept(). [Greg Ames]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix seg faults that occur when what should be the httpd request line
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson starts with \r\n followed by garbage. [Greg Ames]
f7d85bae58428b91fde90f87c1e9ef89897acf2eAndreas Gustafsson *) Allow statically linked support binaries with the new
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence --enable-static-support flag, and enable this behavior in
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson the binbuild script. Also add a new --enable-static-htdbm
ec7493d8d1966a3dc5f5306fc0a96519e0de6dceAndreas Gustafsson flag. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow mod_autoindex to serve symlinks if permitted and attempt to
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson do only one stat() call when generating the directory listings.
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson [Justin Erenkrantz]
289fd0daf888e3f7b1733bd750f60891ce90e1e6Andreas Gustafsson *) Fix resolve_symlink to save the original symlink name if known.
bd36d3014e8a82d217ed1c88cdb4c717a25fee09Andreas Gustafsson [Justin Erenkrantz]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews *) Be a bit more sane with regard to CanonicalNames. If the user has
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews specified they want to use the CanonicalName, but they have not
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews configured a port with the ServerName, then use the same port that
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews the original request used. [Ryan Bloom and Ken Coar]
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews *) In core_input_filter, check for an empty brigade after
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews client says it will post some data but we get FIN before any
8adf1b9e749ca303ea8a8ffb29b5101ecbe2ecf6Mark Andrews data arrives. [Jeff Trawick]
c052487cdf42c83bb0fa8e4c0ed135e801ac1e90Mark Andrews *) Not being able to bind to the socket is a fatal error. We should
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson print an error to the console, and return a non-zero status code.
dcd66bf9667816cfc3419f2040e03f5621d88555Andreas Gustafsson With these changes, all of the Unix MPMs do that correctly.
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews *) suexec: Allow HTTPS and SSL_* environment variables to be passed
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews through to CGI scripts. PR 9163
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews [Brian Reid <breid customlogic.com>,
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews Zvi Har'El <rl math.technion.ac.il>]
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews *) binbuild.sh: Make sure that we use the expat from our source
f4f3f2cf3499cf6c32f6329aca08b5c557f507f1Mark Andrews tree so that there aren't any surprises on the target machine.
ff8d15be4e6096329fe6ae8217d0adcabd08c94bOlafur Gudmundsson [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) mod_cgid: Add retry logic for when the daemon can't fork fast
6a13d6f3c687d463a2a88f696a5193a5651612baAndreas Gustafsson enough to keep up with new requests. Start using
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
9dff010bd0224c0eb0046e02c51947bf69cbb718David Lawrence when we can't talk to the daemon. [Jeff Trawick]
9dff010bd0224c0eb0046e02c51947bf69cbb718David Lawrence *) apxs: LTFLAGS envvar can override default libtool options. Try
996f4a8bc34cb0203ce6a40ff82bca8bf32423ccAndreas Gustafsson "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the covers. [Jeff Trawick]
6a13d6f3c687d463a2a88f696a5193a5651612baAndreas Gustafsson *) The Location: response header field, used for external
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence redirect, *must* be an absoluteURI. The Redirect directive
47b26abe77184f9bedc68e36bdad03332cf67570David Lawrence tested for that, but RedirectMatch didn't -- it would allow
c0fcd6b98bc1fe5bbd2bd1a4d729215f65e3d20fJames Brister almost anything through. Now it will try to turn an abs_path
c0fcd6b98bc1fe5bbd2bd1a4d729215f65e3d20fJames Brister into an absoluteURI, but it will correctly varf like Redirect
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark Andrews if the final redirection target isn't an absoluteURI. [Ken Coar]
17d0495c338ca6273cc1e1e3fd9354ab785a9ae9Mark AndrewsChanges with Apache 2.0.31
4c5651ee049cbace08d5350e3d23a0d6da491fa8James Brister *) Create the scoreboard (in the parent) in a global pool context,
4c5651ee049cbace08d5350e3d23a0d6da491fa8James Brister so it survives graceful restarts. This fixes a SEGV during
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence graceful restarts. [Aaron Bannert]
e06abf2270cc397e6a1ab8e25055e9c05f256beeJames Brister *) Add a timeout option to the proxy code 'ProxyTimeout'
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Ian Holsman]
e411a986b94276c28e6a971f9c3b61d45c635456James Brister *) FTP directory listings are now always retrieved in ASCII mode.
e411a986b94276c28e6a971f9c3b61d45c635456James Brister The FTP proxy properly escapes URI's and HTML in the generated
e411a986b94276c28e6a971f9c3b61d45c635456James Brister listing, and escapes the path components when talking to the FTP
e411a986b94276c28e6a971f9c3b61d45c635456James Brister server. It is now possible to browse the root directory by using
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
c6ce77b4dccb15297f78de9e0c00d40f40ce8aa4Mark Andrews Also, the last path component may contain wildcard characters
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence '*' and '?', and if they do, a directory listing is created instead
76a33ffee5be9a1001c27c103e6d98983443cbfdAndreas Gustafsson of a file retrieval. Example: ftp://user@host/httpd/server/*.c
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson [Martin Kraemer]
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews *) Added single-listener unserialized accept support to the
5159c427839689d5070e2f9c6c9a0168dd9f6583Mark Andrews worker MPM [Brian Pane]
41da7fdc551c50cddebf2c5311e322efd793fd3bDavid Lawrence *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
41da7fdc551c50cddebf2c5311e322efd793fd3bDavid Lawrence the incoming host header through to the proxied server
1d7172079ddd7aaad66a135a814d0013c6503837Andreas Gustafsson *) New Directive Option for ProxyPass. It now can block a location
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson from being proxied [Jukka Pihl <jukka.pihl entirem.com>]
3364cad7e4699aff0b2d5090ab09a6da9733a118Andreas Gustafsson *) Don't let the default handler try to serve a raw directory. At
3364cad7e4699aff0b2d5090ab09a6da9733a118Andreas Gustafsson best you get gibberish. Much worse things can happen depending
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence on the OS. [Jeff Trawick]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister *) Change the pre_config hook to return a value. Modules can now emit
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister an error message and then cause the server to quit gracefully during
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson startup. This required a bump to the MMN. [Aaron Bannert]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister *) Fix some unix socket descriptor leaks in the handler side of
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister mod_cgid (the part that runs in the server process). Whack a
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister silly "close(-1)" in the handler too. [Jeff Trawick]
dd3fc76a33569ee9d5d30effc0d975651a4567f5Andreas Gustafsson *) Change the pre_mpm hook to return a value, so that scoreboard
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister init errors percolate up to code that knows how to exit
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence cleanly. This required a bump to the MMN. [Jeff Trawick]
e2cf9c2db3fd484d160d3b7850f5e4d9c19945faJames Brister *) Add the socket back to the conn_rec and remove the create_connection
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence hook. The create_connection hook had a design flaw that did not
36357e4304862fb47e9fae03c704cb6720310c45James Brister allow creating connections based on vhost info. [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Resolves the common case of using negotation to resolve the request
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence /script/foo for /script.cgi/foo. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Added new functions ap_add_(input|output)_filter_handle to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence allow modules to bypass the usual filter name lookup when
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence adding hard-coded filters to a request [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) caching should now work on subrequests (still very experimental)
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Ian Holsman]
b09983678f5d116d3c8387aaeab4f2dc4deb0454David Lawrence *) The Win32 mpm_winnt now has a shared scoreboard. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Refactor ap_rgetline so that it does not use an internal brigade.
014892d86d30b7eceb0003d51788f9b5cadfc1bfAndreas Gustafsson Change ap_rgetline's prototype to return errors. [Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Remove mod_auth_db. [Justin Erenkrantz]
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson *) Do not install unnecessary pcre headers like config.h and internal.h.
97f75286ada13a1b06a424607e638bde5ebfb3caAndreas Gustafsson [Joe Orton <joe manyfish.co.uk>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Change in quick_hanlder behavior for subrequests. it now passes DONE
b905ff7cbe3737d3c76115fa71c340a8ce439120David Lawrence (as it does for a normal request). quick_handled sub-requests now work
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in mod-include [Ian Holsman]
23a09704774241d2dba059e4d9231cd3d28bb116David Lawrence *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence 'CONTENT' one, as it needs to run AFTER all content headers
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
358628c8f4804a2db52be0f6d03a66137fab4884David Lawrence [Lars Eilebrecht]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Split out blocking from the mode in the input filters.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Justin Erenkrantz]
54a2e7e8a21ee765f41bd995101995613bff9e8cDavid Lawrence *) Fix a segfault in mod_include. [Justin Erenkrantz, Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Cause Win32 to capture all child-worker process errors in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Apache to the main server error log, until the child can
027212247d59c05452abb7a8b253efe52d14459eDavid Lawrence open its own error logs. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) HPUX 11.*: Do not kill the child process when accept()
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a problem in the parsing of the <Proxy foo> directive.
344e909ce9c59422a70105aba498e68b2d42623bDavid Lawrence [Jeff Trawick]
738922ba7bb10b206f6f54931aed068e3dcb950dDavid Lawrence *) rewrite of mod_ssl input filter for better performance and less
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence memory usage [Doug MacEachern]
eefea43215016bce437ab4a7441b2851fd182960David Lawrence *) allow quick_handler to be run on subrequests. [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) mod_dav now asks its provider to place content directly into the
9c4f33b6718407e94d50dbfb4977e16d3f83de9dDavid Lawrence filter stack when handling a GET request. The mod_dav/provider
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence API has changed, so providers need to be updated. [Greg Stein]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Clear the output socket descriptor in unixd_accept() to make sure
c403d3f7d6cb17406e9be03a330ed5cf91619abcDavid Lawrence we don't supply a bogus socket to the caller if the accept fails.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence This caused problems with the worker MPM, which tried to process
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson the returned socket if it was non-NULL. [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Move a check for an empty brigade to the start of core input filter
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to avoid segfaults. [Justin Erenkrantz, Jeff Trawick]
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley *) Add FileETag directive to allow configurable control of what
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley data are used to form ETag values for file-based URIs. MMN
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley bumped to 20020111 because of fields added to the end of
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley the core_dir_config structure. [Ken Coar]
e3b3a046bf653d39cb5b92534a6a36fce1702d20Bob Halley *) Fix a segfault in mod_rewrite's logging code caused by passing the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence wrong config to ap_get_remote_host(). [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow mod_cgid to work from a binary distribution install by
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence using 755 for the permissions on the log directory instead of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence 750. [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fixed a segfault that happened during graceful shutdown (or when
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington the httpd ran out of file descriptors) with the worker MPM [Brian Pane]
1a7f6c3898266854db100fb2cb36418d650de8e7Brian Wellington *) Split all Win32 modules [excluding the core components mod_core,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence mod_so, mod_win32 and the winnt mpm] into individual loadable
56433595bb938c21fd3b07a0f7c565d942bb8780David Lawrence modules, so the administrator may individually disable the former
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence compiled-in modules by simply commenting out their LoadModule
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence directives. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Saved Win32 module authors and porters many future headaches, by
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence duplicating the appropriate .h files such as os.h into the include
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence directory, including in the build tree. [William Rowe]
7896e45912df15d07eb99f885b9d9c15ad5f3f68David Lawrence *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Use SSL functions/macros instead of directly dereferencing SSL
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence structures wherever possible.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Add type-casts for the cases where functions return a generic pointer.
32eddfc189108fa93e31761e13150594c7a79d2bDavid Lawrence Add $SSL/include to configure search path.
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
b8dd48ecf83142f6ee7238cbd68fec455e527fc8Mark Andrews *) Moved several pointers out of the shared Scoreboard so it is
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff more portable, and will present the vhost name across server
68e4926b2262571e004b4be00b905ec776c01d9cMichael Graff generation restarts. [William Rowe]
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
6c7e680943ccdb75f23b050a7bc5ac0825e5244aMark Andrews [Doug MacEachern]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid LawrenceChanges with Apache 2.0.30
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Fix the main bug for FreeBSD and threaded MPM's. There are
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence still issues (see STATUS) but at least the server will now
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence run without crashing the machine.
61e9c1cdbe29683bb2db388e4fc6a6fd59315cefDavid Lawrence [David Reid, Aaron Bannert, Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a typo in mod_deflate's m4 config section.
8b11f3debd9a9494d5aec60ea228ab393fbdc26eDavid Lawrence [albert chin <china thewrittenword.com>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a couple of mod_proxy problems forwarding HTTP connections
2cc1d2536d5834fbe20281068b8bd34dd1ee5337David Lawrence and handling CONNECT:
140d92622430165001bd91ba2e7d516992faeb2fMichael Sawyer (1) PR #9190 Proxy failed to connect to IPv6 hosts.
140d92622430165001bd91ba2e7d516992faeb2fMichael Sawyer (2) Proxy failed to connect when the first IP address returned by
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the resolver was unreachable but a secondary IP address was.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix the module identifer as shown in the docs for various core
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence modules (e.g., the identifer for mod_log_config was previously
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence listed as config_log_module). PR #9338
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [James Watson <ap2bug sowega.org>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix LimitRequestBody directive by placing it in the HTTP
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence filter. [Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix mod_proxy seg fault when the proxied server returns
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence an HTTP/0.9 response or a bogus status line.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Adam Sussman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Prevent mod_proxy from truncating one character off the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence end of the status line returned from the proxied server.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Adam Sussman, Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Eliminate loop in ap_proxy_string_read().
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Adam Sussman, Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Provide $0..$9 results from mod_include regex parsing.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow mod-include to look for alternate start & end tags [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Introduced the ForceLanguagePriority directive, to prevent
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence when using Multiviews. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a problem which prevented mod_cgid and suexec from working
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence together reliably [Greg Ames]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Remove the call to exit() from within mod_auth_digest's post_config
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence phase. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a problem in mod_auth_digest that could potentially cause
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence problems with initialized static data on a system that uses DSOs.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a segfault in the worker MPM that could happen during
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence child process exits. [Brian Pane, Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix matching of vhosts by ip address so we find IPv4
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence vhost address when target address is v4-mapped form of
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence that address. [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) More performance tweaks to the BNDM string-search algorithm
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence used to find "<!--#" tokens in mod_include [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Miscellaneous small performance fixes: optimized away various
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence string copy operations and removed large temp buffers from
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the stack [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fixed startup segfault that occurred when a VirtualHost
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence directive had a port but no address [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow htdbm to work with multiple DBM types [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence if oslevel < WINNT. This should fix several problems reported
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Against 2.0.28 on Windows 98 [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to fail. [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Change core code to allow an MPM to set hard thread/server
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence limits at startup. prefork, worker, and perchild MPMs now have
16a107c904a30a687a08efec86a26a2f9398d2edAndreas Gustafsson directives to set these limits. [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Win32: The async AcceptEx() event should be autoreset upon
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence successful completion of a wait (WaitForSingleObject). This
33e927bf8622db6d3e5ecfd871f517db47fa722bDavid Lawrence eliminates a number of spurious
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Bill Stoddard]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Move any load library path environment variables out of
947bd6c648bd29bc226971324de1b30230a56a22David Lawrence apachectl and into a separate environment variable file which
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence can be more easily tailored by the admin. The environment
878363c06b3d42f8fa4acca0c4aec9252b7844d9David Lawrence variable file as built by Apache may have additional system-
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence specific settings. For example, on OS/390 we tailor the heap
cc5547dbcb04bdc498cf050c6104a1974f68c6eaAndreas Gustafsson settings to allow lots of threads. [Jeff Trawick]
b8957f3496b6a900df9ca263864a47dbb1cb8978David Lawrence *) Use the new APR pool code to reduce pool-related lock
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence contention in the worker MPM. [Sander Striker]
c7f22f83aac9e61dafee191cad040e9c42652cc8David Lawrence *) The POD no longer assumes the child is listening on 127.0.0.1
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence and now pulls the first hostname in the list of listeners to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence perform the dummy connect on. This fixes a bug when the user
c4717613e45323ed23dc6e9162cba89f1f83830cDavid Lawrence had configured the Listen directive for an IP other than
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson 127.0.0.1. This would result in undead children and error
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson messages such as "Connection refused: connect to listener".
f6d6835ed5bb14f7d87cb9b736deadf9de2085ddAndreas Gustafsson [Aaron Bannert]
d41c9885ecfb4be7382fd32a58ae4a9fb2056b81David Lawrence *) The worker MPM now respects the LockFile setting, needed to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence avoid locking problems with NFS. [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix segfault when worker MPM receives SIGHUP.
38feb01f1b0a3ac65897ae63c22c27c72e8cfda1David Lawrence [Ian Holsman, Aaron Bannert, Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix bug that could potentially prevent the perchild MPM from
802aa6f2b70cc0b4e69ef0a1dcab0a8d68a0fdeaDavid Lawrence working with more than one vhost/uid. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Change make install and apxs -i processing of DSO modules to
5b27fa26dd1288f61de9ace6f4ec56be63858048David Lawrence perform special handling on platforms where libtool doesn't install
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence which prevented standard LoadModule statements from working.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Jeff Trawick]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley *) Whenever mod_so is enabled (not just when there are DSOs for
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley our modules), do whatever special magic is required for compiling/
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley loading third-party modules. This allows third-party DSOs to
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley be used on an AIX build when there were no built-in modules
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley built as DSOs. (This should help on OS/390 and BeOS as well.)
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley [Jeff Trawick]
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley *) Allow apxs to be used to build DSOs on AIX without requiring the
32d7adf5ee52c5a86122ee3d9e35a894fc5ed0a6Bob Halley user to hard-code the list of import files. (This should help
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence on OS/390 and BeOS as well.) [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence PR 8563, 8919 [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Get binary builds working when libapr and libaprutil are built
7ce81e15fa98db5b13fba06d54526e8679ac064cDavid Lawrence shared [Greg Ames]
8fedfa7b45989d3c1715e414637bc1a96331fd14David Lawrence *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix the handling of SSI directives in which the ">" of the
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence terminating "-->" is the last byte in a file [Brian Pane]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
32eeec855957c3dd38f0d6c98ca79b67a71300b6Brian Wellington message that we had back in apache-1.3 and still have scattered
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence throughout our docs. [Aaron Bannert]
f3f88c6802df4cfee59439b19a1c49637b70342dDavid Lawrence *) Prevent the Win32 port from continuing after encountering an
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence error in the command line args to apache. [William Rowe]
77f372eed39827f5efef476602de7c0505f99b91David Lawrence *) On a error in the proxy, make it write a line to the error log
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Ian Holsman]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Various mod_ssl performance improvements [Doug MacEachern]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid LawrenceChanges with Apache 2.0.29
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add buffering in core_output_filter to ensure that long
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence lists of small buckets don't cause small packet writes.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Brian Pane, Ryan Bloom]
cabcfd3e90a647c7bab3c5cc3ef7b36f49830787David Lawrence *) Fix the installation target to make sure that the manual is
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence installed in the correct location.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Gomez Henri <hgomez slib.fr>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix the cmd command for mod_include. When we are processing
d111a46c88adda33a93839f4934e127b6147d87dBob Halley a cmd command, we do not want to use the r->filename to set
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence the command name. The command comes from the SSI tag. To do this,
e4e183af576855f4ccc9fc28084ffe095aaa5b55Andreas Gustafsson I added a variable to the function that builds the command line
e4e183af576855f4ccc9fc28084ffe095aaa5b55Andreas Gustafsson in mod_cgi. This allows the include_cmd function to specify
e49a98d47fea220023c22bcc7204f13f7f0b07feBrian Wellington the command line itself. [Ryan Bloom]
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff *) Change open_logs hook to return a value, allowing you
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff to flag a error while opening logs
195da2b26542b85d60308b2af35ea9966df9c3bbMichael Graff [Ian Holsman, Doug MacEachern]
e9a9ae4fc627f24cb960a3008f2723ba9a55b274Brian Wellington *) Change post_config hook to return a value, allowing you
e9a9ae4fc627f24cb960a3008f2723ba9a55b274Brian Wellington to flag a error post config
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Ian Holsman, Jeff Trawick]
d1bdeae7bb7a0642170d5476c2fd901db3028143Andreas Gustafsson *) Allow SUEXEC_BIN (the path to the suexec binary that is
d111a46c88adda33a93839f4934e127b6147d87dBob Halley hard-coded into the server) to be specified to the configure
d111a46c88adda33a93839f4934e127b6147d87dBob Halley script by the --with-suexec-bin parameter. [Aaron Bannert]
d111a46c88adda33a93839f4934e127b6147d87dBob Halley *) Fix segv in worker MPM following accept on pipe-of-death
585529aaeb95a71cd3d95df2602a4688fc7c3292David Lawrence *) Add mod_deflate to experimental.
9e53cbca72767d0c91962b7a01650ea07d7398ddMark Andrews [Ian Holsman, Justin Erenkrantz]
2d0c5f1eada2015324cb89c11c7c5c11cccb493fAndreas Gustafsson *) Bail out at configure time if an invalid MPM was specified.
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
3bb3b7ac462a90c2b8b1fb783324d800e2ba748cMichael Graff *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
c6adcd09c8d5c0acd47a8dccb8061bb1105cad95Michael Graff configured [John Sterling <sterling covalent.net>]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington *) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley *) Fix a problem with IPv6 vhosts. PR #8118 [Jeff Trawick]
15a0ed30600ea88fe1227233155586f0c3c6cc34Bob Halley *) Optimization for the BNDM string-search function in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence mod_include. [Brian Pane]
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington *) Fixed the behavior of the XBitHack directive.
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington *) The threaded MPM for Unix has been removed. Use the worker
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington MPM instead. [various]
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson *) APR-ize the resolver logic in mod_unique_id. This fixes a bug
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson in logging the error from a failed DNS lookup. [Jeff Trawick]
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
3ae757933270e8298a6c1c5f9dfd30a4d852972cAndreas Gustafsson [Cliff Woolley]
b61bbad878d0ac563a093525aa826cdba0fd43bfMark Andrews *) Get mod_cgid killed when a MPM exits due to a fatal error.
b61bbad878d0ac563a093525aa826cdba0fd43bfMark Andrews [Jeff Trawick]
4716e94840921878b26e493576f84afe4fe08752Mark Andrews *) Fix a file descriptor leak in mod_include. When we include a
4716e94840921878b26e493576f84afe4fe08752Mark Andrews file, we use a sub-request, but we didn't destroy the sub-request
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence immediately, instead we waited until the original request was
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence done. This patch closes the sub-request as soon as the data is
622af581bd08a61d12c70f80b1d40d0d9c8a1fa3David Lawrence done being generated. [Brian Pane <bpane pacbell.net>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Allow modules that add sockets to the ap_listeners list to
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley define the function that should be used to accept on that
0e9c5d24d25cb77a6935abf9247734b576626c9fBob Halley socket. Each MPM can define their own function to use for
0e9c5d24d25cb77a6935abf9247734b576626c9fBob Halley the accept function with the MPM_ACCEPT_FUNC macro. This
3886e748a4086b813e3453232a742903762fedadBob Halley also abstracts out all of the Unix accept error handling
3886e748a4086b813e3453232a742903762fedadBob Halley logic, which has become out of synch across Unix MPMs.
3886e748a4086b813e3453232a742903762fedadBob Halley [Ryan Bloom]
3886e748a4086b813e3453232a742903762fedadBob Halley *) Fix a bug which would cause the response headers to be omitted
3886e748a4086b813e3453232a742903762fedadBob Halley when sending a negotiated ErrorDocument because the required
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley filters were attached to the wrong request_rec.
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley [John Sterling <sterling covalent.net>]
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley *) Remove commas from the end of the macros that define
b4b032ab5a3d0e96e7c752e232e3050e8806b8cbBob Halley directives that are used by MPMs. Prior to this patch,
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington you would use these macros without commas, which was unlike
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington the macros for any other directives. Now, the caller provides
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington the comma rather than the macro providing it. This makes
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington the macros look more like the rest of the directives.
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington [Ryan Bloom and Cliff Woolley]
ce0004744d2c232581af53cbc6201f4ec4cf1f1cBrian Wellington *) Add 'redirect-carefully' environment option to disable sending
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson redirects under special circumstances. This is helpful for
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson Microsoft's WebFolders when accessing a directory resource via
b4b4adc097365bd3f980b30bc7cc30199f4b8456Andreas Gustafsson DAV methods. [Justin Erenkrantz]
83a39d3f3c9b9966bc060d46e8e419adb004888aAndreas Gustafsson *) Begin to abstract out the underlying transport layer.
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley The first step is to remove the socket from the conn_rec,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley the server now lives in a context that is passed to the
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley core's input and output filters. This forces us to be very
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley careful when adding calls that use the socket directly,
83a39d3f3c9b9966bc060d46e8e419adb004888aAndreas Gustafsson because the socket isn't available in most locations.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Really reset the MaxClients value in worker and threaded
0f7045b0c437b158c61c195c319d2762882ece83Andreas Gustafsson when the configured value is not a multiple of the number
0f7045b0c437b158c61c195c319d2762882ece83Andreas Gustafsson of threads per child. We said we did previously but we
7c0e50b5623a6ffc9e3986e129f8ca6bae9aabfaBrian Wellington forgot to. [Jeff Trawick]
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson *) If shared modules are requested and mod_so is not available,
a25310fd1dce652cdebba2b3dbc5d38cc3706745Andreas Gustafsson produce a fatal config-time error. [Justin Erenkrantz]
42712a426dd62518ca7c36982867e5622f7265e7Michael Graff *) Improve http2env's performance by cutting the work it has to
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence do. [Brian Pane <bpane pacbell.net>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) use new 'apr_hash_merge' function in mod_mime (performance fix)
e6a6c0a5d6393d3a7f75b486f16e4ef15c4857bbDavid Lawrence [Brian Pane <bpane pacbell.net>]
11a898e05092e8477fbfe1a245c1c5871a846638Andreas GustafssonChanges with Apache 2.0.28
5d4f11b265c396d71ec2162a632e620425481a9eDavid Lawrence *) Fix infinite loop in mod_cgid.c.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]
b295930144c8782e84528dcd355153ae5a5d66e8David Lawrence *) When no port is given in a "ServerName host" directive, the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence server_rec->port is now set to zero, not 80. That allows for
0bcb1d4d630f8d7547ee62870e1b059827cc1c8aDavid Lawrence run-time deduction of the correct server port (depending on
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence SSL/plain, and depending also on the current setting of
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister UseCanonicalName). This change makes redirections
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister work, even with https:// connections. As in Apache-1.3, the
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister connection's actual port number is never used, only the ServerName
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister setting or the client's Host: setting. Documentation updated
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister to reflect the change. [Martin Kraemer]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister *) Add a '%{note-name}e' argument to mod-headers, which works in
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister the same way as mod_log_confg. [Ian Holsman]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister MPMs. [Cliff Woolley]
ce3be21d63d1e06b222ecb66b4eae909b4658d53James Brister *) Introduce htdbm, a user management utility for db/dbm authorization
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence databases. [Mladen Turk <mturk mappingsoft.com>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Optimize usage of strlen and strcat in ap_directory_walk.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence [Brian Pane <bpane pacbell.net>]
9e7c9ad159b581714c67148c3c698c12730d7ef7James BristerChanges with Apache 2.0.27
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson *) Introduce an Apache mod_ssl initial configuration template
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson *) Fixed a memory leak in the getline parsing code that could
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson be triggered by arbitrarily large header lines. Requests
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson from the core input filter for single lines are now limited
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert]
bf062442eeef2fe404d728891b1317b01fbb7908Andreas Gustafsson *) Fix a truncation bug in how we print the port on the Via: header.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence The routine that prints the Via: header now takes a length for
404e3e4738e97d5dff48fab1e76839e963cb16a6Brian Wellington the port string. [Zvi Har'El <rl math.technion.ac.il>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Some syntax errors in mod_mime_magic's magic file can result
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence in a 500 error, which previously was unlogged. Now we log the
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence error. [Jeff Trawick]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Add the support/checkgid helper app, which checks the run-time
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence validity of group identifiers usable in the Group directive.
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington *) Various --enable-so options have been fixed: --enable-so is
7d1d130f4fe1b7485142c4f55a4ef3760b5fa30aBrian Wellington treated as "static"; explicit --enable-so=shared issues an error;
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley and explicit --enable-so fails with error on systems without
d9cc295339982d8d86075ab4285cc700d354e2eeBob Halley APR_HAS_DSO. [Aaron Bannert]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix a segfault in the core input filter when the client socket
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence gets disconnected unexpectedly. [Cliff Woolley]
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister *) Fix the reporting for child processes that die. This removes
a6a0b5e9b7078887a73ecec8be2935daa287a389James Brister all of the non-portable W* macros from Apache.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [Jeff Trawick and Ryan Bloom]
be768c2e952c34438025999125f984995a2c675fBob Halley *) Win32: Track and display "Parent Server Generation:" in
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence mod_status output. The generation will be bumped at
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley server graceful restart, when the child process exits
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley by hitting MaxRequestsPerChild or if the child
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley process exits abnormally. [Bill Stoddard]
da6affdf7dd677a636155e4a41f6de416a2d815bBob Halley *) Win32: Fix problem where MaxRequestsPerChild directive was
be768c2e952c34438025999125f984995a2c675fBob Halley not being picked up in favor of the default. Enable
be768c2e952c34438025999125f984995a2c675fBob Halley the parent to start up a new child process immediately upon
be768c2e952c34438025999125f984995a2c675fBob Halley the old child starting shutdown.
f00e30e9322fb2170ad3e21c3336c5b81be964c2James Brister [Bill Stoddard]
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley *) Fix some bungling of the remote port in rfc1413.c so that
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley IdentityCheck retrieves the proper user id instead of failing
19e0c849f69ad8b655b4d199e16de0a4a94562d6Bob Halley and thus always returning "nobody."
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley *) Introduced thread saftey for mod_rewrite's internal cache.
01e320c4fb51c802e9fe86c192fbebf4229ca918Bob Halley [Brian Pane <bpane pacbell.net>]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Simplified mod_env's directives to behave as most directives are
dd6132005a5c48dea642c2ed0507bf472c8ee9bbJames Brister expected, in that UnsetEnv will not unset a SetEnv and PassEnv
dd6132005a5c48dea642c2ed0507bf472c8ee9bbJames Brister directive following that UnsetEnv within the same container.
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence Also provides a runtime startup warning if a PassEnv configured
d6d18435cd47a57f43af2eab835d0f6b7a76f2bdAndreas Gustafsson environment value is undefined. [William Rowe]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) The worker MPM is now completely ported to APR's new lock API. It
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister uses native APR types for thread mutexes, cross-process mutexes,
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence and condition variables. [Aaron Bannert]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister *) Sync up documentation to remove all references to the now deprecated
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister Port directive. [Justin Erenkrantz]
3f46e84f9ff264cac8c07c2136a507827afb2760James Brister *) Moved all ldap modules from the core to httpd-ldap sub-project
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley *) Exit when we can't listen on any of the configured ports. This
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley is the same behavior as 1.3, and it avoids having the MPMs to
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley deal with bogus ap_listen_rec structures. [Jeff Trawick]
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley *) Cleanup the proxy code that creates a request to the origin
fdb12d38d325efba64581bdee7fac188466fff55Bob Halley server. This change adds an optional hook, which allows modules
43a5758df763a04d907a8b406e89a96f5c207a9cBrian Wellington to gain control while the request is created if the proxy module
43a5758df763a04d907a8b406e89a96f5c207a9cBrian Wellington is loaded. The purpose of this hook is to allow modules to add
43a5758df763a04d907a8b406e89a96f5c207a9cBrian Wellington input and/or output filters to the request to the origin. While
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington I was at it, I made the core use this hook, so that proxy request
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington creation uses some of the code from the core. This can still be
c73aafe6016ed1a7a6972681148cedf6a48a21bcBrian Wellington greatly improved, but this is a good start. [Ryan Bloom]
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob HalleyChanges with Apache 2.0.26
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley *) Port the MaxClients changes from the worker MPM to the threaded
99b80297d416ebb722b2515023c51b3aacdc1fb9Bob Halley MPM. [Ryan Bloom]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Fix mod_proxy so that it handles chunked transfer-encoding and works
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence with the new input filtering system. [Justin Erenkrantz]
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence *) Introduce the MultiviewsMatch directive, to allow the operator
9151d6e15cb9c639a3dca083d7f6e9094f6b89caDavid Lawrence to be flexible in recognizing Handlers and Filters filename
the default httpd.conf for any module that was compiled
as a DSO. [Aaron Bannert <aaron clove.org>]
[Aaron Bannert <aaron clove.org>]
WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
[Aaron Bannert <aaron clove.org>]
and add commonly used audio/x-mpegurl for m3u extensions.
[Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
relocated. [Aaron Bannert <aaron clove.org>]
*) Update the mime.types file to the registered media types as
[Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Ian Holsman <ianh cnet.com>]
*) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Aaron Bannert <aaron clove.org>]
segments for. [Aaron Bannert <aaron clove.org>]
*) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
roll build_command_line/build_argv_list into a unified, overrideable
*) Back out the 1.45 change to util_script.c. This change made
[Taketo Kabe <kabe sra-tohoku.co.jp>]
compute variables. [Brian Pane <bpane pacbell.net>]
the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
than per character. [Brian Pane <bpane pacbell.net>]
(which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
This is not to be confused with support for the WinNT/Win32
cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
but refused to check the mime.types file if AddType wasn't given
without setting the AddType text/html html would cause Apache to
[Aaron Bannert <aaron clove.org>]
an explicit request. E.g., if the .Z extension is associated with
an unzip filter, the user request somefile.Z.html, mod_negotiation
.html extension is associated with ContentType text/html.
shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
get/set/delete sessions using mod_ssl's callbacks
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
Geoff Thorpe <geoff geoffthorpe.net>]
pools more cleanly. [Aaron Bannert <aaron clove.org>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[John Sterling <sterling covalent.net>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
associated filename (e.g., we're filtering the error document for
*) Added the common error/ tree to the build/install targets
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Mladen Turk <mturk mappingsoft.com>, William Rowe]
*) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
[Cody Sherr <csherr covalent.net>]
*) We have always used the obsolete/deprecated Netscape syntax
in a dependency list (e.g., OS/390 make, certain levels of GNU
*) Install the SSL headers. [John Sterling <sterling covalent.net>]
[Cody Sherr <csherr covalent.net>]
[Mladen Turk <mturk mappingsoft.com>]
[Richard Labennett <rlabenn us.ibm.com>]
(e.g. for mod_dir) but none can be served. mod_negotation now
*) Add a handler to mod_includes.c. This handler is designed to
and have those methods <limit>able in the httpd.conf. It uses
the same bit mask/shifted offset as the original HTTP methods
an int provides. [Cody Sherr <csherr covalent.net>]
Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
*) Add a single listener/multiple worker MPM. This MPM is
*) Apache/Win32 now fills in the service description with Apache's
create the proper cgi-bin examples, including a test-cgi.bat, and
fix the perl shebang line for printenv.pl, when installing from
*) Fix a segfault in threaded.c caused by passing uninitialized
*) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
[Günter Knauf <eflash gmx.net>]
#ifdefs. This has bitten us many times in generating the exports.c
[Sander Striker <striker apache.org>]
[Cody Sherr <csherr covalent.net>]
*) Performance improvement to mod_mime.c. find_ct() in mod_mime,
httpd.conf, the tables for languages and charsets are somewhat
a nice speedup. [Brian Pane <bpane pacbell.net>]
[Harrie Hazewinkel <harrie covalent.net>]
with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
[Ian Holsman <ianh cnet.com>]
*) Fix seg faults and/or missing output from mod_include. The
*) Automatically generate httpd.exp for AIX.
[Ryan Morgan <rmorgan covalent.net>]
add/append/set headers based on this envar thusly:
*) Optimise reset_filter() in http_protocol.c. [Greg Stein]
*) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
This prevented the inclusion of apr_compat.h. PR #7773
[Oleg Broytmann <phd phd.pp.ru>]
been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
[Barrie Slaymaker <barries slaysys.com>]
and moving hints.m4 inline. [Roy Fielding]
[Ian Holsman <IanH cnet.com>]
[Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
*) Get mod_tls to compile/work better on Windows. PR #7612
*) Fix shutdown/restart hangs in the threaded MPM.
[John K. Sterling <sterling covalent.net>]
[Graham Leggett <minfrin sharp.fm>]
required into the core. [Harrie Hazewinkel <harrie covalent.net>]
[jun-ichiro hagino <itojun iijlab.net>]
[Ryan Morgan <rmorgan covalent.net>]
[Justin Erenkrantz <jerenkrantz ebuilt.com>]
Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
[<giles nemeton.com.au>]
--with-module=module_type:/path/to/module.c
The configure script will copy the module.c file to
modules/module_type, and it will be added to the relevant Makefiles.
*) Change the default installation directory to /usr/local/apache2,
as now defined by the "Apache" layout in config.layout. [Marc Slemko]
*) Make generic hooks to work, with mod_generic_hook_import/export
us use a consistent location for the config.layout file, and it
[jun-ichiro hagino <itojun iijlab.net>]
csv/gnuplot format, rudimentary ssl support and various other tweaks
apache. Often by a order of magnitude :-) See talk/paper of Sander
[Taketo Kabe <kabe sra-tohoku.co.jp>]
libtool muck that is now under srclib/apr/build. [Roy Fielding]
*) Fix bug in the Unix threaded.c MPM that allowed child processes
PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
[Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
*) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
[Graham Leggett <minfrin sharp.fm>]
[Jon Travis <jtravis covalent.net>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[Ryan Morgan <rmorgan covalent.net>]
[Dan Rench <drench xnet.com>]
one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
[Mike Abbot <mja trudge.engr.sgi.com>]
[Jon Travis <jtravis covalent.net>]
*) Fix a seg fault in mod_userdir.c. We used to use the pw structure
[Taketo Kabe <kabe sra-tohoku.co.jp> and
Cliff Woolley <cliffwoolley yahoo.com>]
[Jon Travis <jtravis covalent.net>]
versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
[Taketo Kabe <kabe sra-tohoku.co.jp>]
current hooks better. [Ryan Morgan <rmorgan covalent.net>]
added feature of allowing a uid/gid per child process. If no
uid/gid is specified, then Perchild behaves exactly like dexter.
[Gomez Henri <new-httpd slib.fr>]
*) Add a very early prototype of SSL support (in mod_tls.c). It is
vital that you read modules/tls/README before attempting to build
to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
*) Correct a typo in httpd.conf.
[Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
PR#7170 [Danek Duvall <dduvall eng.sun.com>]
*) Adopt apr user/group name features for mod_rewrite. Eliminates some
'extra' stat's for user/group since they should never occur, and now
Win32/OS2 exceptions without hiccuping. [William Rowe]
*) Modify the apr_stat/lstat/getfileinfo calls within apache to use
*) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
mpm_common.c. These functions are only valid on some platforms,
*) Update highperformance.conf to work with either prefork or
i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
hints.m4) of various compilation flags (eg: CFLAGS). Also,
*) Allow the buildconf process to find the config.m4 files in the correct
the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
[Cliff Woolley <cliffwoolley yahoo.com>]
server root from the Apache.exe path.
loadable modules, dynamic libs are all named libfoo.dll, and the
makefile.win populates the include, lib and libexec directories.
numeric address strings (e.g., "Listen [fe80::1]:8080").
*) Get the functions in server/linked into the server, regardless of
be loadable into the server. Our new build/install mechanism expects
to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
and installs the conf, htdocs and htdocs/manual directories.
[Paul J. Reder <rederpj raleigh.ibm.com>]
time, and that list is then used to generate the exports.c file.
[Sander van Zoest <sander covalent.net>]
*) Added lib/aputil/ as a placeholder for utility functions which are not
[Paul Reder <rederpj raleigh.ibm.com>]
rotatelogs.c code, and no longer churn log processes for this
[B. W. Fitzpatrick <fitz red-bean.com>]
hostname resolution/address string parsing and building
[Markus Gyger <mgyger itr.ch>]
*) Mod_info.c has now been ported to Apache 2.0. As a part of this
[Ryan Morgan <rmorgan covalent.net>]
[Branko Čibej <brane xbc.nu>]
[Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
*) APR read/write functions and bucket read functions now operate
code in mod_log_config.c
*) In the Apache/Win32 console window, accept Ctrl+C to stop the
since we don't compute digests of filtered (e.g., translated)
*) Update the mime.types file to the registered media types as
*) Namespace protect some macros declared in ap_config.h
[Tomas Ögren <stric ing.umu.se>]
[Cliff Woolley <cliffwoolley yahoo.com>]
*) Add support for /, //, //servername and //server/sharename
*) Fix another bug in the send_the_file() read/write loop. A partial
*) Reimplement core_output_filter to buffer/save bucket brigades
[Mike Abbott <mja sgi.com>]
*) send_the_file now falls back to a read/write loop on platforms that
*) APR now has UUID generation/formatting/parsing support.
-add rules for cross-compiling in rules.mk. Okay, rule to check for
-add missing "AR=@AR@" to severaly Makefile.in's
[Rüdiger Kuhlmann <Tadu gmx.de>]
[Rüdiger Kuhlmann <Tadu gmx.de>]
*) Fix building on BSD/OS using its native make. The build system
hook in http_core.c. This removes the need to add the filter in
*) SECURITY: CVE-2000-0913 (cve.mitre.org)
update allows the user to clear or preserve pw/groups/comment.
<IfModule mod_kilroy.c>
<IfModule mod_lovejoy.c>
*) Fix some compile warnings in mod_mmap_static.c
[Mike Abbott <mja sgi.com>]
*) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
[Mike Abbott <mja sgi.com>]
*) Fix compile break on some platforms for mod_mime_magic.c
[John K. Sterling <sterling covalent.net>]
PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
platforms to hints.m4, which contains (or should contain)
*) Add tables with non-string/binary values to APR.
[Rob Simonson <simo us.ibm.com>]
configuration file started with an IfModule/IfDefine container,
[Gregory Nicholls <gnicholls level8.com>]
[Gregory Nicholls <gnicholls level8.com>]
code was being returned. [Gregory Nicholls <gnicholls level8.com>]
not terminated with cr/lf sequences in Win32. [William Rowe]
*) Move all strings functions in APR to src/lib/apr/strings and create
apr_strings.h for the prototypes. [Ryan Bloom]
*) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
*) Update the lib/expat-lite/ library (bring forward changes from
[Dave Hill <ddhill zk3.dec.com>]
timeouts (i.e, if a timeout was specified, the pipe reverted to
3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
[Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
*) SECURITY: CAN-2000-1204 (cve.mitre.org)
and a user makes a request like http://www.example.com//cgi-bin/cgi
as reported in <news:960999105.344321 ernani.logica.co.uk>
*) Yet another update to saferead/halfduplex stuff -- need to ensure
to the configured User/Group (like other httpd processes)
if the len was negative. Use <sys/un.h> for struct sockaddr_un
doesn't seem to have a problem but /bin/sh on Solaris does.
ContentDigest enabled and we can't/don't mmap the file.
related bugs, and changed shmem/locking to use apr API. Shared-mem
would be errors generating ap_config_auto.h later in the configure
*) Organize http_main.c as independent code, such that no code or
[William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
[Ask Bjoern Hansen <ask valueclick.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
in 1.3's ebcdic.c. [Jeff Trawick]
buffer if the implementation knows how to use it (i.e., if L_tmpnam
*) Configure creates config.nice now containing your configure
options. Syntax: ./config.nice [--more-options]
*) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
[Tim Costello <timcostello ozemail.com.au>]
[Chia-liang Kao <clkao CirX.ORG>]
*) The ab program in the src/support directory is now portable using
*) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
Apache.dsw created to bring together all the pieces. Create new file
os/win32/BaseAddr.ref to define module base addresses (to prevent
*) More FAQs and answers from comp.infosystems.www.servers.unix.
[Joshua Slive <slive finance.commerce.ubc.ca>]
in the field. [William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[Brian Martin <bmartin penguincomputing.com>]
fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
we can use ReadFileScatter and WriteFileGather in readwrite.c.
[Allan Edwards <ake raleigh.ibm.com>]
[Brian Martin <bmartin penguincomputing.com>]
fixes to mod_so.c.
[Joshua Slive <slive finance.commerce.ubc.ca>]
[Jon Travis <jtravis covalent.net>]
[Paul Reder <rederpj raleigh.ibm.com>]
[Allan Edwards <ake raleigh.ibm.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
Makefile.win includes the same user interface as the old
[William Rowe <wrowe lnd.com>] PR#3715
[Allen Prescott <allen clanprescott.com>]
[Jeff Trawick <trawick us.ibm.com>]
*) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
it does this on a line by line basis; i.e. if the envvar
ErrorDocument XXX /local/uri
ErrorDocument XXX http://valid/url
*) Changed 'CacheNegotiatedDocs' from its present/not-present
done with --with-module=/path/to/module. Modules can only be added
[Jeff Trawick <trawick us.ibm.com>]
*) Enable Apache to use sendfile/TransmitFile API
*) Make file I/O and network I/O writev/sendv APIs consistent.
bytes_read/bytes_written is always valid (never -1). Plus
some fixes to buff.c to correct problems introduced by the
*) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
[John Zedlewski <zedlwski Princeton.EDU>]
*) buff.c has been converted to no longer use errno.
[Dilip Khandekar <dilip cup.hp.com>]
automatically for developers from src/Configure.
*) Fixed building of src/support/htpasswd.c
*) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
*) Support line-continuation feature in config.option file and
*) Implement WINNT Win32 MPM from original Win32 code in http_main.c
(per default used the config.option file).
*) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
calling order to be specified on a per-hook/per-module basis.
*) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
*) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
of alloc.c for now. [Dean Gaudet]
based on IP/port. [Ben Laurie]
["Michael H. Voase" <mvoase midcoast.com.au>]
*) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
docs/initial_blurb.txt. [Dean Gaudet]
[James Morris <jmorris intercode.com.au>]
an absolute path to the ./libexec directory where the libhttp.ep file
routines are now called ap_base64* and are 'plain' (i.e., no
pool access or anything clever). Inside util.c the routines acting
*) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch]
src/support/httpd.exp. [Bill Stoddard, Randy Terbush]
*) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
[Tom Vaughan <tvaughan aventail.com>, Roy Fielding]
*) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
[Ian Turner <iant sequent.com>] PR#4735
*) Local struct mmap in http_core.c conflicted with system structure
*) Added updated mod_digest as modules/experimental/mod_auth_digest.
[Ronald Tschalär <ronald innovation.ch>]
up across restarts. [David Harris <dharris drh.net>]
*) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
["Paul J. Reder" <rederpj raleigh.ibm.com>] PR#4770
*) RewriteLock/RewriteMap didn't work properly with virtual hosts.
[Dmitry Khrustalev <dima bog.msu.su>] PR#3874
*) PORT: Support for compaq/tandem/com.
Netscape servers. See support/SHA1 for more information.
Caused the separation of ap_md5.c into md5, sha1 and a general
ap_checkpass.c with just a validate_passwd routine. Added a
couple of flags to support/htpasswd. Some reuse of the to64()
[Dirk-Willem van Gulik, Clinton Wong <clintdw netcom.com>]
with ASCII/EBCDIC conversions in "ident" query.
[David McCreedy <McCreedy us.ibm.com>]
are combined, and duplicate tokens (e.g., "Vary: host, host" or
*) Portability changes for BeOS. [David Reid <abb37 dial.pipex.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
[Roy Fielding, Joe Orton <jeo101 york.ac.uk>] PR#4499, PR#3806
install the DSO; useful for editing httpd.conf with apxs. Fix
create duplicate LoadModule/AddModule entries; apxs can now be
used to re- enable/disable a module. [Wilfredo Sanchez]
Win 95 users may need to update their TCP/IP stack to pick up
Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
[Bill Stoddard <stoddard raleigh.ibm.com>]
error.log when CGI scripts fail. This makes Apache on Win32
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
*) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
[Randy Terbush <randy covalent.net>]
*) Add the new mass-vhost module (mod_vhost_alias.c) developed and
used by Demon Internet, Ltd. [Tony Finch <fanf demon.net>]
[Rasmus Lerdorf <rasmus raleigh.ibm.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
parent/child process management code.
[Bill Stoddard <stoddard raleigh.ibm.com>]
[John Giannandrea <jg meer.net>] PR#4122
*) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which
has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
[Henri Gomez <gomez slib.fr>, Ralf S. Engelschall]
*) Determine AP_BYTE_ORDER for ap_config_auto.h and already
content-types are "text/html;parameters". PR#4524 [Ken Coar]
*void. When the OS/platform/compiler supports quads, ap_snprintf()
[Aidan Cully <aidan panix.com>] PR#4456
*) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
library. [Jens-Uwe Mager <jum helios.de>, Ralf S. Engelschall]
(e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
[Ralf S. Engelschall, Rex Dieter <rdieter math.unl.edu>] PR#3997
[Jan Gallo <gallo pvt.sk>] PR#3690, PR#4373
*) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
[Todd Vierling <tv pobox.com>] PR#4310
[Petr Lampa <lampa fee.vutbr.cz>] PR#4366, 679
[Raymond S Brand <rsbx rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
the struct stat. [Ed Korthof <ed bitmechanic.com>]
[Salvador Ortiz Garcia <sog msg.com.mx>]
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2579
*) mod_include's fsize/flastmod should allow only relative paths, just
like "include file". [Jaroslav Benkovsky <benkovsk pha.pvt.cz>]
*) Add iconsdir, htdocsdir, and cgidir to config.layout.
*) Fix minor but annoying bug with the test for Configuration.tmpl
in unix/os.c, and don't install the dyld error handlers, which
*) Add functionality to the install-bindist.sh script created by
binbuild.sh to use tar when copying distribution files to the
install-bindist.sh now detects the local perl5 path to install
[Randy Terbush, Covalent Technologies, <randy covalent.net>]
src/modules/proxy_util.c where a NULL filepointer and
[Graham Leggett <minfrin sharp.fm>,
Tim Costello <tjcostel socs.uts.edu.au>] PR#3178
[Graham Leggett <minfrin sharp.fm>]
have assurance about how string manipulators (e.g., tr) will
[Ken Coar, Dmitry Khrustalev <dima zippy.machaon.ru>] PR#4118
[Raymond S Brand <rsbx rsbx.net>]
[Raymond S Brand <rsbx rsbx.net>] PR#4248
*) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
<rsbx rsbx.net>]
[Yitzchak Scott-Thoennes <sthoenna efn.org>, Ralf S. Engelschall] PR#4269
[Joe Moenich <moenich us.ibm.com>]
*) Fix number of bytes copied by read_connection() in src/support/ab.c
[Jim Cox <jc superlink.net>] PR#4271
[Bob Finch <bob nas.com>]
[Paul Sutton <paul awe.com>]
*) Make sure RewriteLock can be used only in the global context, (i.e.
<mariav icgeb.trieste.it>] PR#4260
uncompress/gzip, but those tools sometimes do not produce
[Marcin Cieslak <saper system.pl>] PR#4097
line. [<inkling firstnethou.com>] PR#3770
redirects. [Jose KAHAN <kahan w3.org>] PR#3910, 3806, 3575
[Jacques Distler <distler golem.ph.utexas.edu>] PR#4130
*) PORT: deal with UTS compiler error in http_protocol.c
[Dave Dykstra <dwd bell-labs.com>] PR#4189
*) Add ap_vrprintf() function. [John Tobey <jtobey banta-im.com>] PR#4246
by "Peter 'Luna' Altberg <peter altberg.nu>" and PR#3422
[Peter 'Luna' Altberg <peter altberg.nu>, Ronald Tschalär]
binary (e.g., image file) in the first place.
[David McCreedy <mccreedy us.ibm.com>]
*) support/htpasswd now permits the password to be specified on the
apache -n apache1 -i -f c:/httpd.conf
Installs apache as service 'apache1' and associates c:/httpd.conf
Installs apache as service 'apache2'. httpd.conf is located under
the default server root (/apache/conf/httpd.conf).
apache -n apache3 -i -d c:/program files/apache
c:/program files/apache.
*) Correct the signed/unsigned character handling for the MD5 routines;
*) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
*) proxy ftp: instead of using the hardwired string "text/plain" as
<Directory proxy:ftp://some.host>
DefaultType gargle/blurb
*) Be more smart in APACI's configure script when determining the UID/GID
the number of fork()s from one/request to just the odd one an hour.
*) Added proxy, auth and header support to src/support/ab.c. Added a
README file to src/support/
*) Fix sed-substitutions in `make install': path elements like `httpd/conf'
(for instance from an APACI configure --sysconfdir=/etc/httpd/conf
*) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
[Ronald Tschalär <ronald innovation.ch>] PR#3411
the reboot prompt (which is only given if MSVCRT.DLL system
*) WIN32: Apache.exe now contains an icon. [Paul Sutton]
*) Using APACI, the main config file (usually httpd.conf) was
<wsanchez apple.com>]
[Ryan Bloom <rbb raleigh.ibm.com>]
[Dean Gaudet, Jeff Lewis <lewis stanford.edu>] PR#3872
*) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
DSO/DLL section because it's a directive from mod_status and isn't
[Martin POESCHL <mpoeschl gmx.net>] PR#3936
option more clear. [Jan Wolter <janc wwnet.net>] PR#3995
[John Tobey <jtobey banta-im.com>] PR#3983
against libap.a and use its ap_snprintf() instead of sprintf() to avoid
*) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
*) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
[Michael van Elst <mlelstv serpens.swb.de>, Lars Eilebrecht] PR#3160
*) Use proper pid_t type for saving PIDs in alloc.c. [John Bley]
%v). Useful for mass vhosting. [Tony Finch <dot dotat.at>]
more reliable logs with multiline entries. [Tony Finch <dot dotat.at>]
*) Fixed a few compiler nits. [John Bley <jbb6 acpub.duke.edu>]
in http_core.c. [John Bley, Roy Fielding]
calls. [John Bley <jbb6 acpub.duke.edu>, Jim Jagielski]
[Brian Havard <brianh kheldar.apana.org.au>]
[Joshua Slive <slive finance.commerce.ubc.ca>] PR#2497
*) src/support/: The ApacheBench benchmark program was overhauled by
[David N. Welton <davidw prosa.it>]
*) Added -S option to install.sh so that options can be passed to
the test case of no modules being selected. [<chaz reliant.com>]
is *not* given in the argument list; i.e., the logical negation
*) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
to util.c for parsing an HTTP header field value to extract the next
code different from 500. This allows the proxy to, e.g., return
and no Accept-Language. [James Treacy <treacy debian.org>] PR#3299, 3688
as "com.name" to be served. [Paul Sutton] PR#3769.
make subtasking easier on the OSD/POSIX mainframe environment.
*) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
[Ryan Bloom <rbb Raleigh.IBM.Com>]
impossible to exploit.) [Rick Perry <perry ece.vill.edu>]
*) Let src/Configure be aware of CFLAGS options starting with plus
signs as it's the case for the HP/UX compiler.
[Doug Yatcilla <yatcilda umdnj.edu>] PR#3681
and this makes its functions available to things in src/support.
*) WIN32: Created new makefiles Makefile_win32.txt (normal build)
and Makefile_win32_debug.txt (debug build) that work on Win95.
nmake /f Makefile_win32.txt # compiles normal build
nmake /f Makefile_win32.txt install # compiles and installs
nmake /f Makefile_win32.txt clean # removes compiled junk
nmake /f Makefile_win32_debug.txt # compiles debug build
nmake /f Makefile_win32_debug.txt install
nmake /f Makefile_win32_debug.txt clean
for FreeBSD 3.0). [Todd Vierling <tv pobox.com>] PR#2462
*) Small fix for mod_env.html: The module was documented as to be _not_
Apache per default. [Sim Harbert <sim mindspring.com>] PR#3572
*) Instead of fixing a bug in the generation procedure for config.status (a
making sure the src/support/ tools are _forced_ to be build last (they
*) Fix installation procedure: Now that os-inline.c is actually used (a
recently fixed bug prevented this) we need to also install os-include.c
`escape' and `unescape' were added which can be used to escape/unescape
to/from hex-encodings in URLs parts (this is especially useful in
*) Major overhaul of mod_negotiation.c, part 2.
- added ap_array_pstrcat() to alloc.c for efficient concatenation
*) Major overhaul of mod_negotiation.c, part 1.
revision (draft-ietf-http-v11-spec-rev-06.txt).
e.g. no feature negotiation). Removed old experimental version.
negotiation results are consistent across backup/restores and mirrors
*) RFC2396 allows the syntax http://host:/path (with no port number)
[David Kristol <dmk bell-labs.com>] PR#3530
*) When modules update/modify the file name in the configfile_t structure,
[Fabien Coelho <coelho cri.ensmp.fr>] PR#3573
CASE_BLIND_FILESYSTEM. [Brian Havard <brianh kheldar.apana.org.au>]
*) The hashbang emulation code in ap_execve.c would interpret
#!/hashbang/scripts correctly, but failed to fall back to a
*) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg lentil.org>]
and another was incorrect. [Mark Anderson <mda discerning.com>] PR#3553
wasn't defined. [Rick Franchuk <rickf transpect.net>]
o fixed auto-suffix handling now that config.layout exists.
config.layout and every path now can be marked this way (not only the
SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
of ap_config.h to allow serialized accept for multiport listens.
*) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
of ap_config.h that would skip several defines if DEFAULT_GROUP
strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
*) Fix ordering of definitions in ap_config.h so that ap_inline is
[Tom Serkowski <tks bsdi.com>] PR#3453
*) Make generation of src/Configuration.apaci more robust: It failed to
another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
*) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
[Ralf S. Engelschall, Wilfredo Sanchez <wsanchez apple.com>]
[Paul Ausbeck <paula alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
*) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
IS to the compiler/linker command. [Ralf S. Engelschall]
config.layout. Custom layouts are possible by using FILE:ID as the
The config.layout file consists of <Layout ID>..</Layout> sections
extension (e.g., .fr, .de) can be labelled as being some other
*) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
rather than OPT_INCLUDES [Rainer Schoepf <schoepf uni-mainz.de>]
[Ronald Tschalär <ronald innovation.ch>] PR#3409
[Martin Plechsmid <plechsmi karlin.mff.cuni.cz>] PR#1987
[Andrew Pimlott <pimlott math.harvard.edu>] PR#3340
[David MacKenzie <djm uu.net>] PR#3394
*) Updated mime.types to reflect current Internet media types
Improved mod_actions.c so that it can use any of the methods
defined in httpd.h. Added ap_method_number_of(method) for
*) PORT: Add a port to the TPF OS. [Joe Moenich <moenich us.ibm.com> and
*) Fix problems with handling of UNC names (e.g., \\host\path)
on Win32. [Ken Parzygnat <kparz us.ibm.com>]
robust, and works. [Ken Parzygnat <kparz us.ibm.com>]
[Manoj Kasichainula, Ken Parzygnat <kparz us.ibm.com>]
*) Move a typedef to fix compile problems on Linux with 1.x kernels.
*) http_config.c would respond with 501 (Method Not Implemented) if a
should have been a 500 response. Likewise, mod_proxy.c would responsd
on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
mod_foo with the begin of the module list, i.e. it `moves' the module to
which permutes mod_foo with the end of the module list, i.e. it `moves'
synchronisation (Win32). [Ken Parzygnat <kparz raleigh.ibm.com>]
on container start lines (e.g., it wouldn't spot
"<Directory /" as a syntax error). [Ryan Bloom <rbbloom us.ibm.com>]
[Ryan Bloom <rbbloom us.ibm.com>] PR#1799.
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2078, 2303.
[Ivan Richwalski <ivan seppuku.net>] PR#3249
*) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
parameter. [Ron Klatchko <ron ckm.ucsf.edu>] PR#3171
[Ralf S. Engelschall, Ron Record <rr sco.com>]
httpd.conf-dist* files. The srm and access files now contain
only comments, and httpd.conf has all the combined contents in
*) PORT: DSO/ELF support for FreeBSD 3.0.
[Ralf S. Engelschall, Dirk Froemberg <ibex physik.TU-Berlin.DE>]
do this. [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
[Wilfredo Sanchez <wsanchez apple.com>]
of "-". [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>, Marc Slemko]
*) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker jetair.be>]
[M. Laak <maert proinv.ee>] PR#3108
[Dave Dykstra <dwd bell-labs.com>] PR#3055
but not tabs). [James Morris <jmorris intercode.com.au>,
[James Grinter <jrg blodwen.demon.co.uk>] PR#3111
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3095
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3096
*) Fix http://localhost/ hints in top-level INSTALL document.
[Rob Jenson <robjen spotch.com>, Ralf S. Engelschall] PR#3088
[Wilfredo Sanchez <wsanchez apple.com>]
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2884, 2910
<kparz raleigh.ibm.com>] PR#3001
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
ap_config.h. [Brian Havard]
*) PORT: Add Pyramid DC/OSx support to configuration mechanism.
[Earle Ake <akee wpdiss1.wpafb.af.mil>]
*) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
[Dave Dykstra <dwd bell-labs.com>] PR#3054
*) Correct comment in mod_log_config.c about its internals.
[Elf Sternberg <elf halcyon.com>]
handle the creation of modules.c [Jim Jagielski]
and to avoid problems under platforms where only version 2.x is present.
[Dan Jacobowitz <drow false.org>, Ralf S. Engelschall]
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Remove redundant substitutions in top-level Makefile.tmpl.
platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
the possibility to override it manually via APACI or src/Configuration.
existance of the file under /usr/include, too.
[Wilfredo Sanchez <wsanchez apple.com>]
[Charles Randall <crandall matchlogic.com>] PR#2947
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2991
[Karl Berry <karl gnu.org>] PR#2994
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2992
*) Fix possible buffer overflow situation in suexec.c.
[Jeff Stewart <jws purdue.edu>] PR#2790
[Ronald Record <rr sco.com>] PR#2533
*) Fix documentation of ProxyPass/ProxyPassReverse according to the
trailing slash problem. [Jon Drukman <jsd gamespot.com>] PR#2933
[Marc Slemko, Paul Phillips <paulp go2net.com>]
SCO OpenServer. [David Coelho <drc ppt.com>]
in /home/user, not in /, therefore clicking on "../" in the
dump core for replies with invalid headers (e.g., duplicate
plop gmon.out profile data for each child [Doug MacEachern]
config.status script to be immune against arguments with whitespaces.
[Yves Arrouye <yves apple.com>] PR#2866
script `buildinfo.sh' which is both more flexible and already proofed to
*) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
*) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
[Youichirou Koga <y-koga jp.FreeBSD.ORG>] PR#2895
[Kurt Sussman <kls best.com>] PR#2871
*) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
variables in one RewriteRule and had to patch mod_rewrite.h for every
*) Make sure the config.status file is not overridden when just
See include/ap_mmn.h for more details. [Randy Terbush]
*) SECURITY: CVE-1999-1199 (cve.mitre.org)
*) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
directory was renamed to src/os/os2/ for consistency.
linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is
*) Add correct `model' MIME types from RFC2077 to mime.types file.
*) Fixed examples in mod_rewrite.html document.
[Youichirou Koga <y-koga jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
[MATSUURA Takanori <t-matsuu protein.osaka-u.ac.jp>]
programs under Win32. [Marco De Michele <mdemichele tin.it>] PR#2483
*) Update the mod_rewrite.html document to correctly reflect the situation
Makefile.tmpl: The umask+cp approach didn't work as expected (especially
*) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
src/helper/mkdir.sh script. [Ralf S. Engelschall]
`search' entries in /etc/resolv.conf.
INSTALL file because a lot of users don't read htdocs/manual/dso.html
(compilers complained) and the .so.V.R.P filename extension was adjusted
[Manoj Kasichainula <manojk raleigh.ibm.com>] PR#2355
*) Disable the incorrect entry for application/msword in the
*) Fix broken RANLIB handling in src/Configure (the entry from
src/Configuration.tmpl was ignored) and additionally force RANLIB to
[Steve VanDevender <stevev darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
*) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
TestCompile) instead of defining them manually in conf.h based on less
OS-type and/or OS-version identifiers to discover whether a system header
[Glen Parker <glenebob nwlink.com>] PR#2277
required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
[Anna Shergold <anna inext.co.uk>]
[John Van Essen <jve gamers.org>] PR#2529
*) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
[Ronald Record <rr sco.com>] PR#2533
[Charles Levert <charles comm.polymtl.ca>] PR#2551
[Vadim Kostoglodoff <vadim olly.ru>] PR#2463
*) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
[Ben Laurie, Bill Stoddard <wgstodda us.ibm.com>] PR#2274
*) PORT: remove broken test for MAP_FILE in http_main.c.
[Wilfredo Sanchez <wsanchez apple.com>]
*) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
but case-insensitive platforms). New #define for this added to conf.h
*) Enable DSO support for OpenBSD in general, not only for 2.x, because it
also works for OpenBSD 1.x. [Ralf S. Engelschall]
[Sam Kington <sam illuminated.co.uk>] PR#2443
reponse. [Ralf S. Engelschall, Charles Fu <ccwf bacchus.com>]
output of Awk. [Bill Houle <bhoule sandiegoca.ncr.com>] PR#2435
of a config.status script (as GNU Autoconf does) which remembers the used
*) Correct initialization of variable `allowed_globals' in http_main.c
[Justin Bradford <justin ukans.edu>] PR#2400
multipart/x-mixed-replace;boundary=ThisRandomString.
[Sean Boudreau <seanb qnx.com>] PR#2390
modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
[David MacKenzie <djm va.pubnix.com>] PR#2384
main server. [Christof Damian <damian mediaconsult.com>] PR#2090
[Klaus Weber <kweber chephren.germany.ncr.com>] PR#1973
<Directory /> section of the default access.conf-dist
[Dave Dykstra <dwd bell-labs.com>] PR#2320
*) Fix symbol export list (src/support/httpd.exp) after recent
[Jens-Uwe Mager <jum helios.de>]
solved by another helper script findprg.sh which searches for Perl and
*) Remove the system() call from htpasswd.c, which eliminates a system
[Rex Dieter <rdieter math.unl.edu>] PR#2293, 2316
O_NDELAY on various systems. [Dave Dykstra <dwd bell-labs.com>] PR#2313
*) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
*) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
[Dave Dykstra <dwd bell-labs.com>, Ralf S. Engelschall] PR#2319
configure and src/Configure depend on this.
*) Changes usage of perror/fprintf to stderr to more proper ap_log_error
*) Various OS/2 cleanups ["Brian Havard" <brianh kheldar.apana.org.au>]
*) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2295, 2296
[W G Stoddard <wgstodda us.ibm.com>]
[W G Stoddard <wgstodda us.ibm.com>] PR#2294
spawn_child was obsoleted and moved to compat.h
memory. [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2252
*) Fix src/support/httpd.exp (DSO export file which is currently only
``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
*) Fix discrepancy in proxy_ftp.c which was causing failures when
[Rick Ohnemus <rick ecompcon.com>]
*) Improve RFC1413 support. [Bob Beck <beck bofh.ucs.ualberta.ca>]
[Ben Laurie and Bill Stoddard <wgstodda us.ibm.com>] PR#1129, 1607
[Ernst Kloppenburg <kloppen isr.uni-stuttgart.de>] PR#2094
*) Support for the NCR MP/RAS 3.0
[John Withers <withers semi.kcsc.mwr.irs.gov>]
*) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
not retrieved in src/Configure and thus was not useable.
- SUBDIRS is now generated in src/Makefile only and not in
Makefile.config because it is a local define for this location.
- update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
- replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
- replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
of xxx.lo as GNU libtool does with its PIC objects
- reduce local complexity in modules Makefile.tmpl by moving the last
*) WIN32: Make Win32 work again after the /dev/null DoS fix.
*) When opening "configuration" files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
necessary. Long-term fix is to either serialize the chdir/spawn combo
htdocs/manual/suexec.html document before using the suexec-related
and htdocs/manual/suexec.html documents.
UID/GID and safe PATH, too.
- overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
*) Add a note to httpd.conf-dist that apache will on some systems fail
and not the original statically list from modules.c
confusion with the next point and reduces the Makefile.tmpl complexity
6. The modules.c generation was extended to now contain two
of loading/linking (we use load=link+load & link=activate instead of
*) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
*) Add a comment to mod_example.c showing the format of a FLAG command
places in the code (e.g. DATE_GMT). PR#1551
zone information in their tm struct. [Paul Eggert <eggert twinsun.com>]
*) get/set_module_config are trivial enough to be better off inline. Worth
*) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
*) Fix debug log messages for BS2000/OSD: instead of logging the whole
[Michael Anderson's <mka redes.int.com.mx>]
*) Make sure the referer_log and agent_log entries in the default httpd.conf
*) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
from mod_so.c to Configure because first it needs $PLAT etc. and second
[Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165
[Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158
AIX variants should work fine, too. Even AIX 3.x should work). This is
which we put into a os/unix/os-dso-aix.c file.
*) Fix two bugs in select() handling in http_main.c.
side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
"make root=/tmp/apache install" for rolling the package without bristling
*) Workaround braindead AWK's when generating ap_config.h: The split() and
*) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
*) Make sure that "make install" doesn't overwrite the `mime.types' and
*) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
variables) to avoid side-effects in "src/Configure" when the user
*) Provide backward compatibility from some old src/Configuration.tmpl
*) NeXT required strdup() in support/logresolve.c
[Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082
*) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>]
ap_snprintf, and ap_psprintf). See include/ap.h for docs.
*) Because /usr/local/apache is the default prefix the ``configure
to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
*) PORT: Make sure some AWK's don't fail in src/Configure with "string too
long" errors when generating the MODULES entry for src/Makefile
*) Make sure src/Configure doesn't complain about the old directory
/usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
*) Adding DSO support for the HP/UX platform by emulating the dlopen-style
interface via the similar but proprietary HP/UX shl_xxx-style system
APACI Makefile.tmpl "install" target more robust for sensible UnixWare
- Apache provided general functions (e.g., ap_cpystrn)
- Public API functions (e.g., palloc, bgets)
cross-object usage) but should be (e.g., new_connection)
For backward source compatibility a new header file named compat.h was
dummy.so file (containing dummy references to all global symbols) the
Placing the Apache core code itself into a DSO library named libhttpd.so.
where we perhaps exploit this libhttpd.so mechanism for providing nifty
inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
[Todd Eigenschink <eigenstr mixi.net>] PR#2045
to the mak/dsp files. [Alexei Kosut]
*) Add documentation file and src/Configuration.tmpl entry for the
*) Now src/Configure uses a fallback strategy for the shared object support
and installation of the support tools from the src/support/ area.
dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
Apache C header files (PREFIX/include) and the new APXS tool
(SBINDIR/apxs). The intend is to provide a handy tool for third-party
modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
*) Modify the log directives in httpd.conf-dist files to use CustomLog
script and a corresponding top-level "Makefile.tmpl" file. The goal is
the old src/Configure stuff in batch and additionally installs the
routines. Use this to replace http_bprintf.c. Add new routines
is necessary on at least Solaris where the /etc/rc?.d scripts
[Rein Tollevik <reint sys.sol.no>] PR#2009
[Rein Tollevik <reint sys.sol.no>] PR#2010
[Jürgen Keil <jk tools.de>] PR#2000
http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
[Tim Costello <tjcostel socs.uts.edu.au>] PR#1890
the mod_proxy.html and corrected the hyperlink to it in the
new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
*) Fix a bug in the src/helpers/fp2rp script and make it a little bit
*) Add the new ApacheBench program "ab" to src/support/: This is derived
*) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
*) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
*) util.c cleanup and speedup. [Dean Gaudet]
[Dmitry Khrustalev <dima bog.msu.su>]
TZ variable. [Jay Soffian <jay cimedia.com>] PR#1888
[Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900
[Tony Finch <fanf demon.net>] PR#1925
modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
*) The Configure script now generates src/include/ap_config.h which
[Joel Truher <truher wired.com>]
"http://host" url is treated as if a similar "Host:" header had been
supplied. This change was made to support future HTTP/1.x protocols
*) API: Cleanup of code in http_vhost.c, and remove vhost matching
[Chia-liang Kao <clkao cirx.org>] PR#1531
[Konstantin Morshnev <moko design.ru>] PR#1771
address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885
*) API: A new source module main/util_uri.c; It contains a routine
user; /* user name, as in http://user:passwd@host:port/ */
password; /* password, as in http://user:passwd@host:port/ */
a username can contain when trying to expand it via /etc/passwd.
Jay Soffian <jay cimedia.com>] PR#1631
*) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
<luomat peak.org>]
<ache nagual.pp.ru> and Jim] PR#1450
Alvaro Martinez Echevarria <alvaro lander.es>]
[Charles Fu <ccwf klab.caltech.edu>] PR#1847
directive. [Enrik Berkhan <enrik inka.de>] PR#1816
[Lauri Jesmin <jesmin ut.ee>] PR#1701
*) Source file dependencies in Makefile.tmpl files throughout the
htdocs/manual/known_client_problems.html are in the default
(like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
[Michael Douglass <mikedoug texas.net>, Dean Gaudet]
header files are in the src/include directory. The -Imain -Iap
and mod_rewrite) have not been moved to src/include; nor have
calls that use too small an initial guess, see alloc.c.
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
because the key/value is a constant, or the value has been built
Note that it is easy to get code subtly wrong if you pass a key/value
safe thing to do is to pass key/values which are in the pool of
i.e. if the table is part of a subrequest, a value from the main
usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
[Dmitry Khrustalev <dima bog.msu.su>, Dean Gaudet]
[Martin Kraemer, with code from Peter Wemm <peter zeus.dialix.oz.au>
*) API: "typedef array_header table" removed from alloc.h, folks should
HAVE_MMAP/SHMGET #defines strictly are informational that the
Unixware 1.x appears to have the same SIGHUP bug as solaris does with
[Tom Hughes <thh cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
*) PORT: A/UX can handle single-listen accepts without mutex
[Paul Eggert <eggert twinsun.com>] PR#1343
*) suexec errors now include the errno/description. [Marc Slemko] PR#1543
[Keith Severson <keith sssd.navy.mil>] PR#1613
[Keith Severson <keith sssd.navy.mil>] PR#1614
*) Some const declarations in mod_imap.c that were added for debugging
*) The src/main/*.h header files have had #ifndef wrappers added to
multiple paths (e.g., in .c files as well as other .h files).
src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
but before the header file contents. [John Van Essen <jve gamers.org>]
set with SetEnv/BrowserMatch and similar directives.
was found. Noticed by <robinton amtrash.comlink.de> (Soeren Ziehe)
[Soeren Ziehe <robinton amtrash.comlink.de>, Martin Kraemer]
(the Siemens BS2000/OSD family) in the POSIX subsystem
Located in libap.a. [Jim Jagielski]
[Stephen Scheck <sscheck infonex.net>, Ben Laurie] PR#1604
alloc.c (affects win32 only). [Ben Hyde]
[Ben Reser <breser regnow.com>] PR#1366
[Gregory A Lundberg <lundberg vr.net>]
server itself (like the src/support tools). [Ken Coar]
[Igor Tatarinov <tatarino prairie.NoDak.edu>]
It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
[<malcolm mgdev.demon.co.uk>] PR#1378
set errno. [Igor Tatarinov <tatarino prairie.NoDak.edu>]
*) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti net4all.be>] PR#1523
[Frank Faubert <frank sane.com>]
can be used by items in src/support among other things.
(e.g., <Directory>) where they're invalid. [Martin Kraemer]
for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
read the file. [Ben Hyde <bhyde gensym.com>]
the display. [Ken Coar, suggested by Brian Tiemann <btman pacific.net>]
*) PORT: Update the LynxOS port. [Marius Groeger <mag sysgo.de>]
[David Chambers <davidc flosun.salk.edu>] PR#1294
[M.D.Parker] PR#1352
*) Inherit a bugfix to fnmatch.c from FreeBSD sources.
[Андрей Чернов <ache nagual.pp.ru>] PR#1311
sources as Unix now. [Brian Havard <brianh kheldar.apana.org.au>]
[Paul Eggert <eggert twinsun.com>] PR#1342
*) A mild SIGTERM/SIGALRM race condition was eliminated.
*) Warn user that default path has changed if /usr/local/etc/httpd
*) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
[David Schuler <schuld btv.ibm.com>] PR#1317
Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
*) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
[John Line <jml4 cam.ac.uk>] PR#1321
*) Default pathname has been changed everywhere to /usr/local/apache
[Sameer <sameer c2.net>]
[David Bronder <David-Bronder uiowa.edu>] PR#849
[David Schuler <schuld btv.ibm.com>] PR#1267
[Philippe Vanhaesendonck <pvanhaes be.oracle.com>,
Omar Del Rio <al112263 academ01.lag.itesm.mx>] PR#482, 1246
[Chris Craft <ccraft cncc.cc.co.us>] PR#977
*) PORT: UnixWare 2.x requires -lgen for syslog.
[Hans Snijder <hs meganet.nl>] PR#1249
["Pavel Yakovlev (Paul McHacker)" <hac tomcat.olly.ru>]
*) New support tool: src/support/split-logfile, a sample Perl script which
*) Makefile.tmpl was not using $CFLAGS in the link phase.
*) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
Purify. See main/alloc.c for more details. [Dean Gaudet]
be used for whatever reason is appropriate (i.e. format() warnings
gcc >= 2.7.x (so that we have fewer support issues with older
Also removed the auto-generated link to www.apache.org that was the
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107, 987, 588
*) Fixed error in proxy_util.c when looping through multiple host IP
buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
*) API: New register_other_child() API (see http_main.h) which allows
*) API: New piped_log API (see http_log.h) which implements piped logs,
Some things (like RewriteMaps) were checked/performed even if they
*) Removal of mod_auth_msql.c from the distribution. There are many
http://modules.apache.org/ It would be nice to offer a generic
Makefile on the fly based on Makefile.tmpl and Configuration.
Encore's UMAX V: Arieh Markel <amarkel encore.com>
Acorn RISCiX: Stephen Borrill <sborrill xemplar.co.uk>
*) support/httpd_monitor is no longer distributed because the
the headers/contents of the request. It does not run during subrequests
USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
- Linux 2.x uses flock instead of fcntl
- Solaris 2.x uses pthreads
*) PORT: The semantics of accept/select make it very desirable to use
Modules can be dropped into modules/extra, or in their own
modules/standard. All other source code is in main. OS-specific
match "/home/a/andrew/public_html", now it only matches things
[Dean Gaudet, Dave Hankins <dhankins sugarat.net>]
/dev/tty, etc.)
[Jason Venner <jason idiom.com>] PR#667
and cidr syntax (i.e. 10.1.0.0/16). PR#762
Apache would omit the chunk header/footer on the next block. Cleaned
e.g. when max_requests_per_child is reached, etc.
[Alexander L Jones <alex systems-options.co.uk>] PR#732
*) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
[Igor N Kovalenko <infoh mail.wplus.net>] PR#683
setting. The define MAX_SPAWN_RATE can be used to raise/lower
in a language that by default does buffering (e.g. perl) this
*) PORT: Allow for use of n32bit libraries under IRIX 6.x
[derived from patch from Jeff Hayes <jhayes aw.sgi.com>]
*) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
*) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
[Igor N Kovalenko <infoh mail.wplus.net>]
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
rect /url.hrm 10 20 30 40
["Chris O'Byrne" <obyrne iol.ie>] PR#807
["Darren O'Shaughnessy" <darren aaii.oz.au>] PR#846
the output of mod_info. ["Lou D. Langholtz" <ldl usi.utah.edu>]
braindead SunOS 4.1.x, allow env variables to be set even on rules with
i.e. now mod_rewrite no longer has a shared copyright. Instead is is
See http_config.h for more details. [Dean Gaudet]
LoadModule/LoadFile directives. Note that module DLLs must be
Module autoindex_module mod_autoindex.o
*) popendir/pclosedir created to properly protect directory scanning.
["Lou D. Langholtz" <ldl usi.utah.edu>]
command. [Ian Kluft <ikluft cisco.com>]
*) Makefile.nt added - to build all the bits from the command line:
nmake -f Makefile.nt
httpd.h. [Dean Gaudet]
the SFIO library calls sfread/sfwrite if B_SFIO is defined at
work however.) [Alexander Spohr <aspohr netmatic.com>] PR#444
*) Turn off chunked encoding after sending terminating chunk/footer
[Stanley Gambarin <gambarin OpenMarket.com>]
[Ben Laurie and Ambarish Malpani <ambarish valicert.com>]
*) SECURITY: When a client connects to a particular port/addr, and
*) Support virtual hosts with wildcard port and/or multiple ports
properly. [Ed Korthof <ed organic.com>]
and mod_include.c. [Dean Gaudet]
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
<sscheck infonex.net>, Ben Laurie] PR#1604
cases. [Ben Reser <breser regnow.com>] PR#1366
Also removed the auto-generated link to www.apache.org that was the
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
*) #ifdef wrap a few #defines in httpd.h to make life easier on
*) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
should consider comparing against src/modules/standard/mod_include.c
Michal Zalewski <lcamtuf boss.staszic.waw.pl> for reporting
[Brian Slesinsky <bslesins wired.com>] PR#1139
[Jay Bloodworth <jay pathways.sde.state.sc.us>]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107
minus WIN32/NT stuff, but plus copyright removement.
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
an HTTP/0.9 server. [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#813,814
[Skip Montanaro <skip calendar.com>, Marc Slemko] PR#797
under Solaris 2.x (up through 2.5.1). It has been fixed.
lockfile in any location. It previously defaulted to /usr/tmp/htlock.
*) Add a placeholder in modules/Makefile to avoid errors with certain
*) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
redirect flag, e.g. R=permanent, the permanent status was lost.
[Lawrence Rosenman <ler lerctr.org>] PR#511
*) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim tandem.com>] PR#327
[David DeSimone <fox convex.com>] PR#399
["P. Alejandro Lopez-Valencia" <alejolo ideam.gov.co>] PR#388
*) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
*) PORT: fix problem compiling http_bprintf.c with gcc under SCO
*) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
change submitted by Jozsef Hollosi <hollosi sbcm.com>.
directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value
of DEFAULT_TYPE to match the documented default (text/plain).
*) In mod_proxy.c, check return values for proxy_host2addr() when reading
the connection (e.g., when user presses Stop). Apache will now stop
*) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
htdocs/manual/stopping.html for details on stopping and
*) The default handler now logs invalid methods or URIs (i.e. PUT on an
buffer or write inside buff.c or fread'ing from a CGI's output,
*) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
*) Add UnixWare compile/install instructions. [Chuck Murcko]
*) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
*) More signed/unsigned port fixes. [Dean Gaudet]
*) suexec.c doesn't close the log file, allowing CGIs to continue writing
*) Improved generation of modules/Makefile to be more generic for
*) Fixed overlaying of request/sub-request notes and headers in
when nalloc==0. [Kai Risku <krisku tf.hut.fi> and Roy Fielding]
*) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
- Changed send_dir() to remove user/passwd from displayed URL.
[Marc Slemko, reported by Onno Witvliet <onno tc.hsa.nl>]
select/accept and keep-alive requests, fixed several bugs regarding
[Ben Laurie, reported by <geddis tesserae.com>]
*) Tweak byteserving code (e.g. serving PDF files) to work around
Emit Content-Length header when sending multipart/byteranges.
*) Port to HI-UX/WE2. [Nick Maclaren]
[Mark Bixby <markb cccd.edu>]
regex/regcomp.c since that file also used a NEXT define.
*) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
*) Remove mod_fastcgi.c from the distribution. This module appears
continue to be easily available at http://www.fastcgi.com/
*) Fixed bug in modules/Makefile that wouldn't allow building in more
- execution restricted to UID/GID > 100
*) Replace references to make in Makefile.tmpl with $(MAKE).
*) Add ProxyBlock directive w/IP address caching. Add IP address
[<mgyger itr.ch>, Adrian Filipi-Martin]
[Roy Fielding, after useful PR from <adrian virginia.edu>]
*) Remove requirement for ResourceConfig/AccessConfig if not using
2. initgroups() on Linux 2.0.x clobbers gr->grid.
*) Reset timeout while reading via get_client_block() in mod_cgi.c
*) Add the ability to pass different Makefile.tmpl files to Configure
*) proxy_http.c bugfixes: [Chuck Murcko]
1) fixes possible NULL pointer reference w/NoCache
*) mod_include.c bugfixes:
3) Patch to fix compiler warnings [<perrot lal.in2p3.fr>]
[Ben Yoshino <ben wiliki.eng.hawaii.edu>]
*) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
http_protocol.c [Roy Fielding]
*) Replaced use of index() in mod_expires.c with more appropriate
*) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
*) Updated helpers/GuessOS for ...
SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
and fixed something in helpers/PrintPath [Ben Laurie]
*) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
*) mod_env now turned on by default in Configuration.tmpl.
c) Leading colons were stripped from passwords [<osm interguide.com>]
d) Another fix to multi-method Limit problem [<jk tools.de>]
b) truncated hostnames/ip address in the logs
*) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
*) Internal redirects which occur in mod_dir.c now preserve the
*) Fix for POSIX compliance in waiting for processes in alloc.c.
which works similar to PidFile (in httpd.conf) [Rob Hartill]
*) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
*) the pstrcat call in mod_cookies.c didn't have an ending NULL,
*) Add strerror function to util.c for SunOS4 [Randy Terbush]
*) patch to get Apache compiled on UnixWare 2.x, recommended as
a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
*) past changes to http_config.c to only use the
*) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
and the server provider uses relative links; as file.html
*) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
*) Fixed potential FILE* leak in http_main.c [Ben Laurie]
*) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
*) Nuked bogus #define in httpd.h [David Robinson]
*) gcc -Wall no longer complains about an unused variable when util.c
*) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
*) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
subprocesses, including the SIGTERM/pause/SIGKILL routine, until
causing certain extremely marginal cases (e.g., ScriptAlias of a
*particular* index.html file) to fail. [David Robinson]
*) Cleaned up compiler warning from mod_access.c [Robert Thau]
*) Cleaned up comments in mod_cgi.c [Robert Thau]
"/path/to/some/link/" follows the link. [Thau, Fielding]
*) Doesn't reset DirectoryIndex to 'index.html' when
*) Clarified init code and nuked bogus warning in mod_access.c
*) Corrected several directives in sample srm.conf
*) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
mod_alias.c, merging it almost completely with handling of Alias, and
using a special file created for the purpose in /usr/tmp, and
which try to print out the last-modified date). [Eric Hagberg/Robert
*) <!--exec cgi="/some/uri/here"--> always treats the item named by the
*) POST to CGI works on A/UX [Jim Jagielski]
it seems to work well enough without it (even in a 10 hits/sec
workout), and the overhead for the locking under A/UX is
*) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
*) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian
Behlendorf/Eric Hagberg]
*) More improvements to default Configuration for A/UX [Jim Jagielski]
*) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
*) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
properly. (One-line fix to http_protocol.c).
*) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut]
*) Nuked Shambhala name from src/README; had already cleaned it out
*) Set config file locations properly if not set in httpd.conf
*) Fixed mod_imap.c --- relative paths with base_uri referer don't
be nice if mod_dir.c was robust enough to handle that, but for now,
/tmp/htstatus.*, on which each process has an independent file
*) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
*) Incidental code cleanups in http_main.c --- stop dragging
*) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
Also, fixed auth typo in http_protocol.c unmasked by this fix.
*) Reordered modules in modules.c so that Redirect takes priority
the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
*) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
*) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
memory area every time). Fix is in mod_dir.c. [Paul Sutton]
*) Changes to http_main.c --- root server no longer plays silly
*) mod_dir.c bug fixes: ReadmeName and HeaderName
*) http_request.c now calls unescape_url() more places where it
*) Generalized cleanup interface in alloc.c --- any function can be
registered with alloc.c as a cleanup for a resource pool;
*) More changes in alloc.c --- new cleanup_for_exec() function,
registered with the alloc.c machinery before the server exec()s a
*) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
in alloc.c [rst]