fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat -*- coding: utf-8 -*-

fc1821fee2e1f208a4b5ff3e229e97b87979208arugratChanges with Apache 2.5.0

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) SECURITY: CVE-2012-2687 (cve.mitre.org)

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg mod_negotiation: Escape filenames in variant list to prevent an

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg possible XSS for a site where untrusted users can upload files to

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_ssl: If exiting during initialization because of a fatal error,

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat log a message to the main error log pointing to the appropriate

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat virtual host error log. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_ldap: Treat the "server unavailable" condition as a transient

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat Christophe Renou, Peter Sylvester]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Paul Wouters <pwouters redhat.com>, Joe Orton]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

2df1fe9ca32bb227b9158c67f5c00b54c20b10fdrandyf *) mod_ssl: Add new directive SSLCompression to disable TLS-level

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat ap_pregcomp() abort if out of memory. This raises the minimum PCRE

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat requirement to version 6.0. PR 53284. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) suexec: Add --enable-suexec-capabilites support on Linux, to use

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat setuid/setgid capability bits rather than a setuid root binary.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Joe Orton]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) suexec: Add support for logging to syslog as an alternative to logging

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat to a file; configure --without-suexec-logfile --with-suexec-syslog.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Joe Orton]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]

2df1fe9ca32bb227b9158c67f5c00b54c20b10fdrandyf

2df1fe9ca32bb227b9158c67f5c00b54c20b10fdrandyf *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat forwarding to SSL backends. PR 53134.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Matthew Steele <mdsteele google.com>]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_so: If a filename without slashes is specified for LoadFile or

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat LoadModule and the file cannot be found in the server root directory,

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat try to use the standard dlopen() search path. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) various modules, rotatelogs: Replace use of apr_file_write() with

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat apr_file_write_full() to prevent incomplete writes. PR 53131.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Nicolas Viennot <apache viennot biz>, Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat be compiled by the build compiler instead of the host compiler.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat PR 51257. [Guenter Knauf]

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg PR 53048. [Stefan Fritsch]

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg *) core: Fix error handling in ap_scan_script_header_err_brigade() if there

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg PR 48272. [Stefan Fritsch]

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg

bb25c06cca41ca78e5fb87fbb8e81d55beb18c95jg *) mod_proxy_fcgi: If there is an error reading the headers from the

7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe backend, send an error to the client. PR 52879. [Stefan Fritsch]

7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe

7014882c6a3672fd0e5d60200af8643ae53c5928Richard Lowe *) mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat PR 53023. [Axel Reinhold <apache freakout.de>, André Malo]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) Fix MPM DSO load failure on AIX. [Jeff Trawick]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) core: Add the port number to the vhost's name in the scoreboard.

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mpm_event: Don't do a blocking write when starting a lingering close

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat from the listener thread. PR 52229. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) core: In maintainer mode, replace apr_palloc with a version that

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat initializes the allocated memory with non-zero values, except if

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_authnz_ldap: Don't try a potentially expensive nested groups

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat search before exhausting all AuthLDAPGroupAttribute checks on the

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat current group. PR52464 [Eric Covener]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_policy: Add a new testing module to help server administrators

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat enforce a configurable level of protocol compliance on their

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat servers and application servers behind theirs. [Graham Leggett]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_firehose: Add a new debugging module able to record traffic

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat passing through the server in such a way that connections and/or

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat requests be reconstructed and replayed. [Graham Leggett]

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_noloris

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) APREQ

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) Simple MPM

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat *) mod_serf

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat

fc1821fee2e1f208a4b5ff3e229e97b87979208arugrat [Apache 2.5.0-dev includes those bug fixes and changes with the

Apache 2.4.xx tree as documented below, except as noted.]

Changes with Apache 2.4.x and later:

*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup

Changes with Apache 2.2.x and later:

*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup

Changes with Apache 2.0.x and later:

*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup