CHANGES revision b3a6e12c9577d9dfc6529bc5ad908f2073810df1
f743002678eb67b99bbc29fee116b65d9530fec0wrowe -*- coding: utf-8 -*-
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankgChanges with Apache 2.5.0
2c487ac43b583db869e743772a7a10b278aa2bcfminfrin *) mod_ssl: fix merging of global and vhost-level settings with the
2c487ac43b583db869e743772a7a10b278aa2bcfminfrin SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
2c487ac43b583db869e743772a7a10b278aa2bcfminfrin directives. PR 56353. [Kaspar Brand]
2c487ac43b583db869e743772a7a10b278aa2bcfminfrin *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
c19a9170a908e0a3ae67d0dc4ef04624cc6c316csf (and logging garbled file names). PR 56306. [Kaspar Brand]
c19a9170a908e0a3ae67d0dc4ef04624cc6c316csf *) mod_proxy_fcgi: Fix sending of response without some HTTP headers
dbf5f584c62fe6030d81121fdddeb7588b78b867sf that might be set by filters. [Jim Riggs <jim riggs.me>]
15320dc646e41d3eb38736978500349c4d66dc0dsf *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
15320dc646e41d3eb38736978500349c4d66dc0dsf allow spaces in backreferences to be encoded as %20 instead of '+'.
691db92094897494d6c31326108da20088bc175etrawick [Eric Covener]
691db92094897494d6c31326108da20088bc175etrawick *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
92108a6c4fd7ca6e9acc94d2485920436763e491sf no longer send warning-level unrecognized_name(112) alerts,
92108a6c4fd7ca6e9acc94d2485920436763e491sf and limit startup warnings to cases where an OpenSSL version
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener without TLS extension support is used. PR 56241. [Kaspar Brand]
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener *) mod_proxy_html: Do not delete the wrong data from HTML code when a
5c43d2fb853f84497b5ece2d414ef9484aa87e5fsf "http-equiv" meta tag specifies a Content-Type behind any other
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes "http-equiv" meta tag. PR 56287 [Micha Lenk <micha lenk info>]
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq *) mod_expires: don't add Expires header to error responses (4xx/5xx),
26c5829347f6a355c00f1ba0301d575056b69536niq be they generated or forwarded. PR 55669. [ Yann Ylavic ]
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq *) mod_rewrite: Support an optional list of characters to escape in the
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq argument for the 'B' (escape backreferences) flag. [Eric Covener]
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq OCSP requests should use a nonce to be checked against the responder's
413ee814748f37be168ff12407fa6dba0ceeabe6trawick one. PR 56233. [ Yann Ylavic ]
c12917da693bae4028a1d5a5e8224bceed8c739dsf *) mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
eeb7898b9c087040d44550f8a6b1a257783c9f0ahumbedooh under the Event MPM. PR56216. [Frank Meier <frank meier ergon ch>]
7705103518c61f7cdcd4041fe871cb45114f31a5rpluem *) mod_lua: Add r:wspeek for checking if there is any data waiting on the line
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf [Daniel Gruno]
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf *) mod_proxy: Do not try to parse the regular expressions passed by
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf ProxyPassMatch as URL as they do not follow their syntax.
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf PR 56074. [Ruediger Pluem]
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf *) mod_dir: Default to 2.2-like behavior and skip execution when method is
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf *) mod_rewrite: Rename the handler that does per-directory internal
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf redirects to "rewrite-redirect-handler" from "redirect-handler" so
9811aed12bbc71783d2e544ccb5fecd193843eadsf it is less ambiguous and less likely to be reused. [Eric Covener]
9811aed12bbc71783d2e544ccb5fecd193843eadsf *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
d58a822aff1dfda25384d3d009f88f1883c95436kbrand default limit of 10000 iterations, and allowing each rule to change its
d58a822aff1dfda25384d3d009f88f1883c95436kbrand limit. [Eric Covener]
e02ff627c1e63137247e20493f6ef44b3bb1a095sf *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
e02ff627c1e63137247e20493f6ef44b3bb1a095sf [Jeff Trawick]
1366443dc565c33e7b449ae428bbfc4c86f33935drh *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
1366443dc565c33e7b449ae428bbfc4c86f33935drh [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
bd3f5647b96d378d9c75c954e3f13582af32c643sf 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
bd3f5647b96d378d9c75c954e3f13582af32c643sf *) mod_auth_form: Add a debug message when the fields on a form are not
bd3f5647b96d378d9c75c954e3f13582af32c643sf recognised. [Graham Leggett]
2a7beea91d46beb41f043a84eaad060047ee04aafabien *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
2a7beea91d46beb41f043a84eaad060047ee04aafabien configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
2a7beea91d46beb41f043a84eaad060047ee04aafabien [Jan Kaluza]
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf *) mod_headers: Allow the "value" parameter of Header and RequestHeader to
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf contain an ap_expr expression if prefixed with "expr=". [Eric Covener]
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf *) Add suspend_connection and resume_connection hooks to notify modules
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf when the thread/connection relationship changes. (Currently implemented
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf only for the Event MPM; should be implemented for all async MPMs.)
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf [Jeff Trawick]
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
132ee6ac1c26d6e8953836316ba50734eefab47bsf to support write completion. [Graham Leggett]
132ee6ac1c26d6e8953836316ba50734eefab47bsf *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
fc1459657a1fde206a847f9028930725d715f8b4trawick to allow providers to check the ErrorLog argument. [Jan Kaluza]
fc1459657a1fde206a847f9028930725d715f8b4trawick *) mod_cgid: Use the servers Timeout for each read from a CGI script,
85eacfc96a04547ef25aabbc06440039715084c2jorton allow override with new CGIDRequestTimeout directive. PR43494
85eacfc96a04547ef25aabbc06440039715084c2jorton [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
68ba377fc3b124baa759662077c48077ebadb186minfrin *) core: Add missing Reason-Phrase in HTTP response headers.
68ba377fc3b124baa759662077c48077ebadb186minfrin PR 54946. [Rainer Jung]
68ba377fc3b124baa759662077c48077ebadb186minfrin *) core: ensure any abnormal exit is reported to stderr if it's a tty.
d776b0a2d2889ce1d13494873368f34327a2e1bbtrawick PR 55670 [Nick Kew]
f4ca9f6f002fece336168a16355434ca966f96a9trawick *) mod_auth_form: Make sure the optional functions are loaded even when
78f94f1d06c4e6828ce04d618221e0fcecb57849humbedooh the AuthFormProvider isn't specified. [Graham Leggett]
78f94f1d06c4e6828ce04d618221e0fcecb57849humbedooh *) mod_lua: Let the Inter-VM get/set functions work with a global
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick shared memory pool instead of a per-process pool. [Daniel Gruno]
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick *) ldap: Support ldaps when using the Microsoft LDAP SDK.
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick PR 54626. [Jean-Frederic Clere]
985a4368b93c3e9171a57897ad9454c8dbf4cdf6jorton *) mod_proxy: Add ap_connection_reusable() for checking if a connection
70caa242e6b90e0d6f0fabb56b8c5c2fb51717b3jorton is reusable as of this point in processing. [Jeff Trawick]
109e2a09790de3fb315d36d6232a14ab66c8eb0ahumbedooh *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
109e2a09790de3fb315d36d6232a14ab66c8eb0ahumbedooh to avoid performance problems when subgroups aren't in use. [Eric Covener]
74e7a30182af5e68f14ccb8d57918b22b982db8bhumbedooh *) mod_syslog: New module implementing syslog ap_error_log provider.
74e7a30182af5e68f14ccb8d57918b22b982db8bhumbedooh Previously, this code was part of core, now it's in separate module.
74e7a30182af5e68f14ccb8d57918b22b982db8bhumbedooh [Jan Kaluza]
10961a2f60207cb873d889bb28b1f0ef707a4311humbedooh *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
10961a2f60207cb873d889bb28b1f0ef707a4311humbedooh syslog support from core to new mod_syslog. [Jan Kaluza]
0448378b899e8df0c060360f17c0af692adf17bchumbedooh *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
0448378b899e8df0c060360f17c0af692adf17bchumbedooh save the socket for reuse by the next worker as if it were an
60a765cccbd3f3b5997b65b0034220c79f78369etrawick APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
60a765cccbd3f3b5997b65b0034220c79f78369etrawick *) mod_status, mod_echo: Fix the display of client addresses.
e7ca863b04ee2a7aea7738cadbf51ce5e6c5245dhumbedooh They were truncated to 31 characters which is not enough for IPv6 addresses.
e7ca863b04ee2a7aea7738cadbf51ce5e6c5245dhumbedooh PR 54848 [Bernhard Schmidt <berni birkenwald de>]
e7ca863b04ee2a7aea7738cadbf51ce5e6c5245dhumbedooh *) mod_authnz_fcgi: New module to enable FastCGI authorizer
91654e263480f0fdc2a03d782ff23f8dad07cf79humbedooh applications to authenticate and/or authorize clients.
91814c869ca39ce45dfe147307d2a831cac6ecbehumbedooh [Jeff Trawick]
79c5787b92ac5f0e1cc82393816c77a006399316trawick *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
79c5787b92ac5f0e1cc82393816c77a006399316trawick [Jeff Trawick]
79c5787b92ac5f0e1cc82393816c77a006399316trawick *) mod_unique_id: Use output of the PRNG rather than IP address and
c967bf3bc89e8aa60dbd30d9da388e448ddc1cc4trawick pid, avoiding sleep() call and possible DNS issues at startup,
79c5787b92ac5f0e1cc82393816c77a006399316trawick plus improving randomness for IPv6-only hosts.
79c5787b92ac5f0e1cc82393816c77a006399316trawick [Jan Kaluza <jkaluza redhat.com>]
79c5787b92ac5f0e1cc82393816c77a006399316trawick *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
79c5787b92ac5f0e1cc82393816c77a006399316trawick filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton filter "none" to be specified in AuthLDAPURL. [Eric Covener]
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton *) mod_file_cache: mod_file_cache should be able to serve files that
7b395e4e878c28a4784919cfd2e704ddd14a3390jorton haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
536e48c08d674acac5d44929318f2ad928edc361jorton *) core: merge AllowEncodedSlashes from the base configuration into
e81785da447b469da66f218b3f0244aab507958djorton virtual hosts. [Eric Covener]
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
3e4e54d4e3fc0123c63d57aa84ac7ad7a8c73ff8jorton [Eric Covener]
53e9b27aba029b18be814df40bcf6f0428771d1efuankg *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
53e9b27aba029b18be814df40bcf6f0428771d1efuankg [Eric Covener]
53e9b27aba029b18be814df40bcf6f0428771d1efuankg *) mod_deflate: permit compilation of mod_deflate against a zlib that has
53e9b27aba029b18be814df40bcf6f0428771d1efuankg been configured with -D Z_PREFIX, which redefines the token "deflate".
6bb524f1895f30265a1431afc460977d391cb36bsf [Eric Covener]
ca61ccd0c306c2c72df153688ba1b49f3eceed80sf *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
6bb524f1895f30265a1431afc460977d391cb36bsf previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin *) mod_auth_digest: Use the secret when generating nonces in all cases and
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin not only when AuthName is used in .htaccess files (this change may cause
e6dd71992459d05a676b98b7963423dc5dc1e24aminfrin problems if used with round robin load balancers). Don't regenerate the
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin secret on graceful restarts. PR 54637 [Stefan Fritsch]
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin *) core: Remove apr_brigade_flatten(), buffering and duplicated code
23f1535d6a60817d2846bac0aea230ea475d7dccminfrin from the HTTP_IN filter, parse chunks in a single pass with zero copy.
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung Reduce memory usage by 48 bytes per request. [Graham Leggett]
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung *) core: Stop the HTTP_IN filter from attempting to write error buckets
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung to the output filters, which is bogus in the proxy case. Create a
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung clean mapping from APR codes to HTTP status codes, and use it where
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung needed. [Graham Leggett]
ec7520b24cd80d34d82bbcaca153cbb23cc04bc0rjung *) mod_proxy: Ensure network errors detected by the proxy are returned as
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
6249dfa569d3b4f1f539665b979a80c6e335d93etrawick *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
ae600ca541efc686b34f8b1f21bd3d0741d37674covener [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim *) core, mod_ssl: Enable the ability for a module to reverse the sense of
cfa64348224b66dd1c9979b809406c4d15b1c137fielding a poll event from a read to a write or vice versa. This is a step on
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim the way to allow mod_ssl taking full advantage of the event MPM.
cfa64348224b66dd1c9979b809406c4d15b1c137fielding [Graham Leggett]
cfa64348224b66dd1c9979b809406c4d15b1c137fielding *) mod_ldap: LDAP connections used for authentication were not respecting
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim LDAPConnectionPoolTimeout. PR 54587
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: