CHANGES revision 847db8b2f0188cd9c840acbe4fea77a32748b2ed
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering -*- coding: utf-8 -*-
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart PoetteringChanges with Apache 2.3.0
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering[ When backported to 2.2.x, remove entry from this file ]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_proxy_balancer: Move all load balancing implementations
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering as individual, self-contained mod_proxy submodules under
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) Rename APIs to include ap_ prefix:
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering find_child_by_pid -> ap_find_child_by_pid
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering suck_in_APR -> ap_suck_in_APR
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering sys_privileges_handlers -> ap_sys_privileges_handlers
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_accept -> ap_unixd_accept
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_config -> ap_unixd_config
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_killpg -> ap_unixd_killpg
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering unixd_set_rlimit -> ap_unixd_set_rlimit
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core: When the ap_http_header_filter processes an error bucket, cleanup
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering the passed brigade before returning AP_FILTER_ERROR down the filter
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering chain. This unambiguously ensures the same error bucket isn't revisited
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering based on heartbeats. [Paul Querna]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_heartmonitor: New module to collect heartbeats, and write out a file
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering so that other modules can load balance traffic as needed. [Paul Querna]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_heartbeat: New module to generate multicast heartbeats to know if a
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering server is online. [Paul Querna]
31885cd5e38ec9807a6a7ab32660cf8c2fcf48f7Zbigniew Jędrzejewski-Szmek *) core: Error responses set by filters were being coerced into 500 errors,
5841bd803f1b651c0d70c6ae114630723a76d1daZbigniew Jędrzejewski-Szmek sometimes appended to the original error response. Log entry of:
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering 'Handler for (null) returned invalid result code -3'
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Eric Covener]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_buffer: Honour the flush bucket and flush the buffer in the
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering input filter. Make sure that metadata buckets are written to
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering the buffer, not to the final brigade. [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_buffer: Optimise the buffering of heap buckets when the heap
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_buffer: Optional support for buffering of the input and output
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering filter stacks. Can collapse many small buckets into fewer larger
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering buckets, and prevents excessively small chunks being sent over
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering the wire. [Graham Leggett]
5841bd803f1b651c0d70c6ae114630723a76d1daZbigniew Jędrzejewski-Szmek *) mod_privileges: new module to make httpd on Solaris privileges-aware
5841bd803f1b651c0d70c6ae114630723a76d1daZbigniew Jędrzejewski-Szmek and to enable different virtualhosts to run with different
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering privileges and Unix user/group IDs [Nick Kew]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) authn/z: Remove mod_authn_default and mod_authz_default.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) authz: Fix handling of authz configurations, make default authz
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering directives. [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_authn_core: Prevent crash when provider alias created to
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering provider which is not yet registered. [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_authn_core: Add AuthType of None to support disabling
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering authentication. [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core: Allow <Limit> and <LimitExcept> directives to nest, and
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering constrain their use to conform with that of other access control
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering and authorization directives. [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) unixd: turn existing code into a module, and turn the set user/group
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering and chroot into a child_init function. [Nick Kew]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_dir: Support "DirectoryIndex disabled"
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) Export and install the mod_rewrite.h header to ensure the optional
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering available to third party modules. [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_authnz_ldap: don't return NULL-valued environment variables to
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) Don't adjust case in pathname components that are not of interest
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering to mod_mime. Fixes mod_negotiation's use of such components.
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) Be tolerant in what you accept - accept slightly broken
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering status lines from a backend provide they include a valid status code.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) New module mod_sed: filter Request/Response bodies through sed
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering [Basant Kumar Kukreja <basant.kukreja sun.com>]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_auth_form: Make sure that basic authentication is correctly
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering faked directly after login. [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering within the output headers and error output headers, so that the
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering session is maintained across redirects. [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_auth_form: Make sure the logged in user is populated correctly
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering after a form login. Fixes a missing REMOTE_USER variable directly
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering following a login. [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_session_cookie: Make sure that cookie attributes are correctly
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering included in the blank cookie when cookies are removed. This fixes an
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering inability to log out when using mod_auth_form. [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_autoindex: add configuration option to insert string
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering in HTML HEAD. [Nick Kew]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering null value. [David Shane Holden <dpejesh apache.org>]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_headers: Prevent Header edit from processing only the first header
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering of possibly multiple headers with the same name and deleting the
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering remaining ones. PR 45333. [Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core, authn/z: Determine registered authn/z providers directly in
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering ap_setup_auth_internal(), which allows optional functions that just
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering wrapped ap_list_provider_names() to be removed from authn/z modules.
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) authn/z: Convert common provider version strings to macros.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) configure: Don't reject libtool 2.x
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core: When testing for slash-terminated configuration paths in
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering ap_location_walk(), don't look past the start of an empty string
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering such as that created by a <Location ""> directive.
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering [Chris Darroch]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core, mod_proxy: If a kept_body is present, it becomes safe for
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering subrequests to support message bodies. Make sure that safety
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering checks within the core and within the proxy are not triggered
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering when kept_body is present. This makes it possible to embed
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering proxied POST requests within mod_include. [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_auth_form: Make sure the input filter stack is properly set
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering up before reading the login form. Make sure the kept body filter
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering is correctly inserted to ensure the body can be read a second
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering time safely should the authn be successful. [Graham Leggett,
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_request: Insert the KEPT_BODY filter via the insert_filter
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering hook instead of during fixups. Add a safety check to ensure the
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering filters cannot be inserted more than once. [Graham Leggett,
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering Ruediger Pluem]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core: Do not allow Options ALL if not all options are allowed to be
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
df758e98754016119a9c8d49213a636a80ffab22Kay Sievers *) ap_cache_cacheable_headers_out() will (now) always
df758e98754016119a9c8d49213a636a80ffab22Kay Sievers merge an error heaeders _before_ clearing them and _before_
df758e98754016119a9c8d49213a636a80ffab22Kay Sievers merging in the actual entity headers and doing normal
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering hop-by-hop cleansing. [Dirk-Willem van Gulik].
df758e98754016119a9c8d49213a636a80ffab22Kay Sievers *) cache: retire ap_cache_cacheable_hdrs_out() which was used
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering for both in- and out-put headers; and replace it by a single
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering ap_cache_cacheable_headers() wrapped in a in- and out-put
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering specific ap_cache_cacheable_headers_in()/out(). The latter
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering which will also merge error and ensure content-type. To keep
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering cache modules consistent with ease. This API change bumps
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering up the minor MM by one [Dirk-Willem van Gulik].
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering PR 44799 [Christian Wenz <christian wenz.org>]
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering *) Move the KeptBodySize directive, kept_body filters and the
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering ap_parse_request_body function out of the http module and into a
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering new module called mod_request, reducing the size of the core.
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering [Graham Leggett]
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering *) mod_dbd: Handle integer configuration directive parameters with a
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering dedicated function.
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering *) Change the directives within the mod_session* modules to be valid
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering both inside and outside the location/directory sections, as
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering suggested by wrowe. [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_auth_form: Add a module capable of allowing end users to log
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering in using an HTML form, storing the credentials within mod_session.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Graham Leggett]
6301a98cdf26dc073f5317506c806bfa69f74cc8Lennart Poettering *) Add a function to the http filters that is able to parse an HTML
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering form request with the type of application/x-www-form-urlencoded.
b6e8f1f03dc8b7579f8c6b00372f136d74c45232Harald Hoyer [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_session_crypto: Initialise SSL in the post config hook.
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering [Ruediger Pluem, Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_session_dbd: Add a session implementation capable of storing
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering session information in a SQL database via the dbd interface. Useful
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering for sites where session privacy is important. [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_session_crypto: Add a session encoding implementation capable
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering of encrypting and decrypting sessions wherever they may be stored.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering Introduces a level of privacy when sessions are stored on the
0bee65f0622c4faa8ac8ae771cc0c8a936dfa284Lennart Poettering browser. [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) mod_session_cookie: Add a session implementation capable of storing
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering session information within cookies on the browser. Useful for high
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering volume sites where server bound sessions are too resource intensive.
3d141780b8d509e4a6c3083de207cd84cbce187bLennart Poettering [Graham Leggett]
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering *) mod_session: Add a generic session interface to unify the different
aaf7eb81be912e7bed939f31e3bc4c631b2552b3Lennart Poettering attempts at saving persistent sessions across requests.
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering [Graham Leggett]
bd3fa1d2434aa28564251ac4da34d01537de8c4bLennart Poettering *) core, authn/z: Avoid calling access control hooks for internal requests
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: