CHANGES revision 1497efa2a5ac0d441f73f23947ef7611a9e44515
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering -*- coding: utf-8 -*-
7c66aeba0f28cb82027d6015405ed71afa3b6059Kay SieversChanges with Apache 2.3.0
7c66aeba0f28cb82027d6015405ed71afa3b6059Kay Sievers [Remove entries to the current 2.0 and 2.2 section below, when backported]
c904f64d84db8c4eebedf210ba10893f19ba05edLennart Poettering
c904f64d84db8c4eebedf210ba10893f19ba05edLennart Poettering *) mod_authnz_ldap: Add an AuthLDAPRemoteUserAttribute directive. If
05677bb78079c3fa0283101aac2c07581f4873f1Lennart Poettering set, REMOTE_USER will be set to this attribute, rather than the
73090dc815390f4fca4e3ed8a7e1d3806605daaaLennart Poettering username supplied by the user. Useful for example when you want users
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers to log in using an email address, but need to supply a userid instead
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers to the backend. [Graham Leggett]
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers *) Allow mod_dumpio to log at other than DEBUG levels via
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering the new DumpIOLogLevel directive. [Jim Jagielski]
9a36607584bbd1d78775353e022a51794b4e27b1Lennart Poettering
a40593a0d0d740efa387e35411e1e456a6c5aba7Lennart Poettering *) mod_disk_cache: Implement read-while-caching.
20ffc4c4a9226b0e45cc02ad9c0108981626c0bbKay Sievers [Niklas Edmundsson <nikke acc.umu.se>]
4ce849853c46b1e857df3c6c9e7752159a58ddf1Lennart Poettering
4ce849853c46b1e857df3c6c9e7752159a58ddf1Lennart Poettering *) mod_disk_cache: NULL fd pointers when closing them, fix missing
c3090674833c8bd34fbdb0e743f1c47d85dd14fbLennart Poettering close/flush, remove some unneccessary code duplication instead
c3090674833c8bd34fbdb0e743f1c47d85dd14fbLennart Poettering of calling the right helper in replace_brigade_with_cache().
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering [Niklas Edmundsson <nikke acc.umu.se>]
822e5dd1d6a1e9b549234281dc3a746768e7e13dLennart Poettering
95b4be171988fc2ea33377b1b4450e5d410add7bLennart Poettering *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
95b4be171988fc2ea33377b1b4450e5d410add7bLennart Poettering the first bucket from the brigade, finds it not to be a FILE
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering bucket and barfs. The fix is to pass a bucket rather than a brigade.
2d0b0528ace89d378051c280bf3be367b2a7d2deLennart Poettering [Niklas Edmundsson <nikke acc.umu.se>]
373d8fccc1b3becdd0dbbdf6ade6ffa6530febb4Lennart Poettering
373d8fccc1b3becdd0dbbdf6ade6ffa6530febb4Lennart Poettering *) mod_disk_cache: Do away with the write-to-file-then-move-in-place
499519c6499e92d1953fd79b99a805b9278d5ea1Lennart Poettering mentality. [Niklas Edmundsson <nikke acc.umu.se>]
499519c6499e92d1953fd79b99a805b9278d5ea1Lennart Poettering
499519c6499e92d1953fd79b99a805b9278d5ea1Lennart Poettering *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
499519c6499e92d1953fd79b99a805b9278d5ea1Lennart Poettering
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering *) Fix issue which could cause piped loggers to be orphaned and never
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering terminate after a graceful restart. PR 40651. [Joe Orton,
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering Ruediger Pluem]
490b7e47093d491a2bdb1084fe92b796f4e07eefLennart Poettering
8403cbbe7beb846be6752e1c50c547769a2878f3Lennart Poettering *) mod_headers: support regexp-based editing of HTTP headers [Nick Kew]
2eb8ca3b3ef37c601b3938f2656e379abd5c23d4Lennart Poettering
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering *) mod_cache: Eliminate a bogus error in the log when a filter returns
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering AP_FILTER_ERROR. [Niklas Edmundsson <nikke acc.umu.se>]
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering *) mod_disk_cache: Make caching of large files possible on 32bit machines
a624aa9e3d150e7c38f6a3fdf6343a1c3587ed2fLennart Poettering by determining whether the cached file should be copied on disk rather
a624aa9e3d150e7c38f6a3fdf6343a1c3587ed2fLennart Poettering than loaded into RAM. PR39380 [Niklas Edmundsson <nikke acc.umu.se>]
9b4a54740884c60e40a2643b535f197b01038850Lennart Poettering
9b4a54740884c60e40a2643b535f197b01038850Lennart Poettering *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions
e41814846c19a48f4490169d82e359e005c4db45Lennart Poettering by creating a root pool for object persistence across requests. This
e41814846c19a48f4490169d82e359e005c4db45Lennart Poettering also eliminates the need for custom serialization code.
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering [Davi Arnaut <davi haxent.com.br>]
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering *) mod_mem_cache: Memory leak fix: Unconditionally free the buffer.
e9fd44b728ff1fc0d1f24fccb87a767f6865df27Lennart Poettering [Davi Arnaut <davi haxent.com.br>]
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering *) mod_cache: From RFC3986 (section 6.2.3.) if a URI contains an
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering authority component and an empty path, the empty path is to be equivalent
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering to "/". It explicitly cites the following four URIs as equivalents:
78db35f37172f64bfc62cbb2aa364345b7cff0a3Lennart Poettering http://example.com
78db35f37172f64bfc62cbb2aa364345b7cff0a3Lennart Poettering http://example.com/
78db35f37172f64bfc62cbb2aa364345b7cff0a3Lennart Poettering http://example.com:/
78db35f37172f64bfc62cbb2aa364345b7cff0a3Lennart Poettering http://example.com:80/
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering [Davi Arnaut <davi haxent.com.br>]
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering *) mod_cache: Don't cache requests with a expires date in the past;
8ed206517c2be381324ac5832bf34cc14024270eLennart Poettering otherwise mod_cache will always try to cache the URL. This bug
e6c6e7afffa80ad74efdb1ddfa815294624f1608Lennart Poettering might lead to numerous rename() errors on win32 if the URL was
e6c6e7afffa80ad74efdb1ddfa815294624f1608Lennart Poettering previously cached. [Davi Arnaut <davi haxent.com.br>]
8e6054f732b4bc980d3af3e1386ca94b3a602eb8Lennart Poettering
8e6054f732b4bc980d3af3e1386ca94b3a602eb8Lennart Poettering *) mod_disk_cache: Make sure that only positive integers are accepted
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering for the CacheMaxFileSize and CacheMinFileSize parameters in the
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering config file. PR39380 [Niklas Edmundsson <nikke acc.umu.se>]
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering *) mod_proxy_balancer: Set the new environment variable BALANCER_ROUTE_CHANGED
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering if a worker with a route different from the one supplied by the client
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering had been chosen or if the client supplied no routing information for
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering a balancer with sticky sessions. [Ruediger Pluem]
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering
7361c3b4e1e28a7eb4354a3da354b22e79782141Lennart Poettering *) mod_proxy: Print the correct error message for erroneous configured
8b04b925e587ff56568c62ff5ad3f2ea2b34ca7aLennart Poettering ProxyPass directives. PR 40439. [serai lans-tv.com]
7361c3b4e1e28a7eb4354a3da354b22e79782141Lennart Poettering
7361c3b4e1e28a7eb4354a3da354b22e79782141Lennart Poettering *) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering statically like the older support programs.
e673ad0415d89c322e5b1a121e411f1b1d8075c0Lennart Poettering [Eric Covener <covener gmail.com>]
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers *) ap_get_server_version() has been removed. Third-party modules must
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers now use ap_get_server_banner() or ap_get_server_description().
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers [Jeff Trawick]
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers *) mod_proxy_balancer: Extract stickysession routing information contained as
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers parameter in the URL correctly. PR 40400.
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers [Ruediger Pluem, Tomokazu Harada <harada sysrdc.ns-sol.co.jp>]
f6113d42d015ad9f3a9e702a09eb8006511a4424Kay Sievers
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers *) mod_ext_filter: Handle filter names which include capital letters.
7a43e910ce00eef22fd42925ae4c85cbea1b1320Kay Sievers PR 40323. [Jeff Trawick]
d2e83c23f5f0cdd3b6ec05c5c40209708721e704Kay Sievers
c55b1b59b837dfd924b704d457ed77c55f8bfeabLennart Poettering *) mod_deflate: Rework inflate output and deflate output filter to fix several
822e5dd1d6a1e9b549234281dc3a746768e7e13dLennart Poettering issues: Incorrect handling of flush buckets, potential memory leaks,
822e5dd1d6a1e9b549234281dc3a746768e7e13dLennart Poettering excessive memory usage in inflate output filter for large compressed
822e5dd1d6a1e9b549234281dc3a746768e7e13dLennart Poettering content. PR 39854. [Ruediger Pluem, Nick Kew, Justin Erenkrantz]
822e5dd1d6a1e9b549234281dc3a746768e7e13dLennart Poettering
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers *) All MPMs: Introduce a check_config phase between pre_config and
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers open_logs, to allow modules to review interdependent configuration
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers directive values and adjust them while messages can still be logged
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers to the console. Handle relevant MPM directives during this phase
6c1703cc35b3a5f93ad3cc813fea10cb9a636102Kay Sievers and format messages for both the console and the error log, as
08f9588885c5d65694b324846b0ed19211d2c178Lennart Poettering appropriate. [Chris Darroch]
9ec82de1725ddaab333149171b790d62c47ae133Lennart Poettering
9ec82de1725ddaab333149171b790d62c47ae133Lennart Poettering *) mod_proxy: Don't try to use dead backend connection. PR 37770.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering [Olivier BOEL <ob dorrboel.com>]
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering *) mod_proxy: don't URLencode tilde in path component
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering [Stijn Hoop <stijn sandcat.nl>]
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering *) mpm_winnt: Fix return values from wait_for_many_objects.
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering The return value is index to the signaled thread in the
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering creted_threads array. We can not use WAIT_TIMEOUT because
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering his value is defined as 258, thus limiting the MaxThreads
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering to that value. [Mladen Turk]
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering
220369cc0c3e167af2eee8bdac95a6157e0e2b62Lennart Poettering *) SECURITY: CVE-2006-3747 (cve.mitre.org)
220369cc0c3e167af2eee8bdac95a6157e0e2b62Lennart Poettering mod_rewrite: Fix an off-by-one security problem in the ldap scheme
220369cc0c3e167af2eee8bdac95a6157e0e2b62Lennart Poettering handling. For some RewriteRules this could lead to a pointer being
220369cc0c3e167af2eee8bdac95a6157e0e2b62Lennart Poettering written out of bounds. Reported by Mark Dowd of McAfee.
54728c372afe83ad7650201ce7b61d0fa110657cLennart Poettering [Mark Cox]
a73d88fa024b5668ed7dde681e99547d41e6a864Lennart Poettering
f2d433e178df7df01a836e95775261e1d85ec60dZbigniew Jędrzejewski-Szmek *) mod_cache: While serving a cached entity ensure that filters that have
f2d433e178df7df01a836e95775261e1d85ec60dZbigniew Jędrzejewski-Szmek been applied to this cached entity before saving it to the cache are not
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering applied again. PR 40090. [Ruediger Pluem]
f2d433e178df7df01a836e95775261e1d85ec60dZbigniew Jędrzejewski-Szmek
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering *) mod_proxy_ajp: Added cping/cpong support for the AJP protocol.
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering A new worker directive ping=timeout will cause CPING packet
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering to be send expecting CPONG packet within defined timeout.
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering In case the backend is too busy this will fail instead
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering sending the full header. [Mladen Turk]
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering to circumvent the symbolic link checks imposed by FollowSymLinks and
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering *) mod_proxy: Support environment variable interpolation in reverse
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering proxying directives. [Nick Kew]
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering *) core: Add the filename of the configuration file to the warning message
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering about the useless use of AllowOverride. PR 39992.
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering [Darryl Miles <darryl darrylmiles.org>]
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering
1cb88f2c61f590083847d65cd5a518e834da87d3Lennart Poettering *) mod_proxy_balancer: Add information about the route, the sticky session
603cd8fe07cb03e8b11722d1a732e569e5a46347Lennart Poettering and the worker used during a request as environment variables. PR 39806.
06bf461193b4e7f9936abf7582e8b82e39e187c8Lennart Poettering [Brian <brectanu gmail.com>]
06bf461193b4e7f9936abf7582e8b82e39e187c8Lennart Poettering
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering support. Also corrects the slashes for Windows. PR 15993. [William Rowe]
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering token parser worked while the resulting length was misinterpreted.
936d6fcb6c4fc8839d28f8585af6ba733a7e1a1aLennart Poettering PR 29098 [Brock Bland <bbland serena.com>]
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering attempts to stream the response at the client. PR 30022 [William Rowe]
6d0274f11547a0f11200bb82bf598a5a253e12cfLennart Poettering
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering *) mod_isapi: Ensure we walk through all the methods the developer may have
a7a3f28be404875eff20443a0fa8088bcc4c18dfLennart Poettering employed to report their HTTP status result code.
9a526a06bd22ccaf6641d11323fb04a0512a0e49Lennart Poettering PR 16637 30033 28089 [Matt Lewandowsky <matt iamcode.net>, William Rowe]
9a526a06bd22ccaf6641d11323fb04a0512a0e49Lennart Poettering
a8985ba3c2ad428bf572c636f9d64c4ce52bfbe7Lennart Poettering *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
a8985ba3c2ad428bf572c636f9d64c4ce52bfbe7Lennart Poettering configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
9b27910bb0c23e5225fc1177176e4f9bf9bf787bLennart Poettering The default is none as this is far greater debugging resolution than
9b27910bb0c23e5225fc1177176e4f9bf9bf787bLennart Poettering the typical administrator is prepared to untangle. [William Rowe]
b03bfa212dd23397871e36ea32c35cdd8fe43506Lennart Poettering
b03bfa212dd23397871e36ea32c35cdd8fe43506Lennart Poettering *) mod_disk_cache: If possible, check if the size of an object to cache is
935fb723ba7370abaf793914fb5a722f7f5e41e1Lennart Poettering within the configured boundaries before actually saving data.
b03bfa212dd23397871e36ea32c35cdd8fe43506Lennart Poettering [Niklas Edmundsson <nikke acc.umu.se>]
b03bfa212dd23397871e36ea32c35cdd8fe43506Lennart Poettering
b03bfa212dd23397871e36ea32c35cdd8fe43506Lennart Poettering *) mod_cache: Convert all values to seconds before comparing them when
935fb723ba7370abaf793914fb5a722f7f5e41e1Lennart Poettering checking whether to send a Warning header for a stale response.
08f9588885c5d65694b324846b0ed19211d2c178Lennart Poettering PR 39713. [Owen Taylor <otaylor redhat.com>]
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers final name. [Davi Arnaut <davi haxent.com.br>]
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers *) Worker and event MPMs: Remove improper scoreboard updates which were
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers performed in the event of a fork() failure. [Chris Darroch]
7d8197d1f25c1291855bb6cffc705444978c6d8dKay Sievers
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers *) Add support for fcgi:// proxies to mod_rewrite.
9ee58bddeb6eb044753167e0047fe836479ca5dbKay Sievers [Markus Schiegl <ms schiegl.com>]
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering *) Remove incorrect comments from scoreboard.h regarding conditional
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering loading of worker_score structure with mod_status, and remove unused
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering definitions relating to old life_status field.
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering [Chris Darroch <chrisd pearsoncmg.com>]
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering
71ef24d09573874c0f7bc323c07c3aec2a458707Lennart Poettering *) Remove allocation of memory for unused array of lb_score pointers
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
1b89884ba31cbe98f159ce2c7d6fac5f6a57698fLennart Poettering
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering [Garrett Rooney, Jim Jagielski, Paul Querna]
15abdb9a6f34628b04b887e0b9649fa582d6cd37Lennart Poettering
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering [Chris Darroch <chrisd pearsoncmg.com>]
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering *) mod_charset_lite: Remove Content-Length when output filter can
1920e37ef9fec04a1fd882f66bfa7a9a5b91c536Lennart Poettering invalidate it. Warn when input filter can invalidate it.
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering [Jeff Trawick]
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering *) mod_ssl: Fix spurious hostname mismatch warning for valid
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering wildcard certificates. PR 37911. [Nick Burch <nick torchbox.com>]
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering
a07fdfa376add41d9101d39db25fb2ecb17d5fcaLennart Poettering *) Authz: Add the new module mod_authn_core that will provide common
f801968466fed39d50d410b30ac828c26722cc95Lennart Poettering authn directives such as 'AuthType', 'AuthName'. Move the directives
f801968466fed39d50d410b30ac828c26722cc95Lennart Poettering 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
f801968466fed39d50d410b30ac828c26722cc95Lennart Poettering into mod_authn_core. [Brad Nicholes]
409133be63387fc04d927e8aecd2f6ba03d2f143Lennart Poettering
409133be63387fc04d927e8aecd2f6ba03d2f143Lennart Poettering *) Authz: Mark the directives 'Order', 'Allow', 'Deny' and 'Satisfy' as
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering deprecated and move them into the new module mod_access_compat which
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering can be loaded to provide backwards compatibility for these directives.
178cc7700c23ac088cd7190d7854282075028d91Lennart Poettering [Brad Nicholes]
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering
de34a42bcad31f0648ac0f249801310e0dbf83f9Lennart Poettering *) Authz: Move the 'Require' directive from the core module as well as
98a77df5fe8591034c48e5d56d903ee268de37f9Lennart Poettering add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
98a77df5fe8591034c48e5d56d903ee268de37f9Lennart Poettering logic into the authorization processing. [Brad Nicholes]
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering
41f9172f427bdbb8221c64029f78364b8dd4e527Lennart Poettering *) Authz: Add the new module mod_authz_core which acts as the
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering authorization provider vector and contains common authz
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering directives. [Brad Nicholes]
424a19f8a2061c6b058283228734010b2fa24db4Lennart Poettering
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
a1cccad1fe88ddd6943e18af97cf7f466296970fLennart Poettering 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering host-based access control provided by mod_authz_host and invoked
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering through the 'Require' directive. [Brad Nicholes]
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering
8556879e0d14925ce897875c6c264368e2d048c2Lennart Poettering *) Authz: Convert all of the authz modules from hook based to
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering provider based. [Brad Nicholes]
4a30847b9d71e0381948d68279c8f775b9de7850Lennart Poettering
b5b46d599524341ddd7407e5dff1021af8ff5089Lennart Poettering *) mod_cache: Add CacheMinExpire directive to set the minimum time in
b5b46d599524341ddd7407e5dff1021af8ff5089Lennart Poettering seconds to cache a document.
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
5e8b28838e493b59628322b69580097ef7dd9384Lennart Poettering
d87be9b0af81a6e07d4fb3028e45c4409100dc26Lennart Poettering *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
d87be9b0af81a6e07d4fb3028e45c4409100dc26Lennart Poettering
438bacd18e0b8766c5add47f28b04876272daa97Lennart Poettering *) Fix typo in ProxyStatus syntax error message.
438bacd18e0b8766c5add47f28b04876272daa97Lennart Poettering [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering *) Asynchronous write completion for the Event MPM. [Brian Pane]
cb7ed9dfca647198bce95f503552710eae22da37Lennart Poettering
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering *) Added an End-Of-Request bucket type. The logging of a request and
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering the freeing of its pool are now done when the EOR bucket is destroyed.
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering This has the effect of delaying the logging until right after the last
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering of the response is sent; ap_core_output_filter() calls the access logger
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering indirectly when it destroys the EOR bucket. [Brian Pane]
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering *) Rewrite of logresolve support utility: IPv6 addresses are now supported
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen and the format of statistical output has changed. [Colm MacCarthaigh]
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
38a60d7112d33ffd596b23e8df53d75a7c09e71bLennart Poettering
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering *) Added new connection states for handler and write completion
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering [Brian Pane]
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering
d8b78264a5245307babbf5af8e39d6d4a1ae095fLennart Poettering *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering [Justin Erenkrantz]
7560fffcd2531786b9c1ca657667a43e90331326Lennart Poettering
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering allowing string-valued client certificate attributes to be used for
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering [Martin Kraemer, David Reid]
5a7e959984788cf89719dec31999409b63bb802bLennart Poettering
5a7e959984788cf89719dec31999409b63bb802bLennart PoetteringChanges with Apache 2.2.4
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering *) mod_echo: Fix precedence problem in if statement. PR 40658.
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering [Larry Cipriani <lvc lucent.com>]
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen *) mod_mime_magic: Fix precedence problem in if statement. PR 40656.
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering [Larry Cipriani <lvc lucent.com>]
0790b9fed42eefc4e22dbbe2337cba9713b7848cLennart Poettering
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering *) The full server version information is now included in the error log at
df1c8f6ac8a45913104b5eeb44f4574689fedd50Lennart Poettering startup as well as server status reports, irrespective of the setting
5aea932fd54db835b77709ddeba30732648aae53Lennart Poettering of the ServerTokens directive. ap_get_server_version() is now
5aea932fd54db835b77709ddeba30732648aae53Lennart Poettering deprecated, and is replaced by ap_get_server_banner() and
918943c75fbd9dee87ff396de3a7c63a8d228433Lennart Poettering ap_get_server_description(). [Jeff Trawick]
918943c75fbd9dee87ff396de3a7c63a8d228433Lennart Poettering
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart Poettering *) mod_proxy_balancer: Workers can now be defined as part of
fd4d89b2c0b31da01d134301e30916931ae3c7d9Lennart Poettering a balancer cluster "set" in which members of a lower-numbered set
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering are preferred over higher numbered ones. [Jim Jagielski]
8230e26dc954a40d8c9dbc8ddd9376117021f9d2Lennart Poettering
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering *) mod_proxy_balancer: Workers can now be defined as "hot standby" which
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering will only be used if all other workers are unusable (eg: in
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering error or disabled). Also, the balancer-manager displays the election
dcfc4b2e5c1af6375488c00bdc6fb8122f86c4d7Lennart Poettering count and I/O counts of all workers. [Jim Jagielski]
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering
4d9909c93e9c58789c71b34555a1908307c6849eLennart Poettering *) mod_proxy_ajp: Close connection to backend if reading of request body
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering fails. PR 40310. [Ian Abel <ianabel mxtelecom.com>]
47ae7201b1df43bd3da83a19e38483b0e5694c99Lennart Poettering
88a6c5894c9d3f85d63b87b040c130366b4006ceKay Sievers *) mod_proxy_balancer: Retry worker chosen by route / redirect worker if
8351ceaea9480d9c2979aa2ff0f4982cfdfef58dLennart Poettering it is in error state before sending "Service Temporarily Unavailable".
6a7353684b65f0107cbdfa0a16ab7717ba257b61Lennart Poettering PR 38962. [Christian Boitel <cboitel lfdj.com>]
6a7353684b65f0107cbdfa0a16ab7717ba257b61Lennart Poettering
6b78f9b4354010f8af2fe48c783ffd52b2db8f57Lennart PoetteringChanges with Apache 2.2.3
6b78f9b4354010f8af2fe48c783ffd52b2db8f57Lennart Poettering
9f8d29834ba97052403e50ec9b358c0470fa4cebLennart Poettering *) mod_authn_alias: Add a check to make sure that the base provider and the
9f8d29834ba97052403e50ec9b358c0470fa4cebLennart Poettering alias names are different and also that the alias has not been registered
9f8d29834ba97052403e50ec9b358c0470fa4cebLennart Poettering before. PR 40051. [Brad Nicholes]
9f8d29834ba97052403e50ec9b358c0470fa4cebLennart Poettering
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering *) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
68f160039eb78fe122cfe0d4c49695ae91f6f0d1Lennart Poettering client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
b7def684941808600c344f0be7a2b9fcdda97e0fLennart Poettering [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
b7def684941808600c344f0be7a2b9fcdda97e0fLennart Poettering
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering *) mod_cache: Do not overwrite the Content-Type in the cache, for
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering successfully revalidated cached objects. PR 39647. [Ruediger Pluem]
c649f72baed31c54c8384c3ca1d203fab6e98d08David Strauss
c649f72baed31c54c8384c3ca1d203fab6e98d08David Strauss *) mod_speling: Add directive to deal with case corrections only
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering and ignore other misspellings [Olivier Thereaux <ot w3.org>]
c66d36e5b5ae81f3c5297d6dacadc13c88c530f6Lennart Poettering
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering *) mod_dbd: Fix dependence on virtualhost configuration in
be0aa78406c73a6625308dc0672b5ff27ec6f9a8Lennart Poettering defining prepared statements (possible segfault at startup
461b1822321d6be0d7fd8be29bf3b4993ebd1b85Lennart Poettering in user modules such as mod_authn_dbd). [Nick Kew]
461b1822321d6be0d7fd8be29bf3b4993ebd1b85Lennart Poettering
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering *) Add optional 'scheme://' prefix to ServerName directive,
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering allowing correct determination of the canonical server URL
9946996cda11a18b44d82344676e5a0e96339408Lennart Poettering for use behind a proxy or offload device handling SSL; fixing
d1970645411ea1cc083ea1668e0d446252dc1505Lennart Poettering redirect generation in those cases. PR 33398. [Sander Temme]
d1970645411ea1cc083ea1668e0d446252dc1505Lennart Poettering
b4efdf97203ddf781c17f77be84cc61516a077d2Lennart Poettering *) Added server_scheme field to server_rec for above. Minor MMN bump.
b4efdf97203ddf781c17f77be84cc61516a077d2Lennart Poettering [Sander Temme]
b4efdf97203ddf781c17f77be84cc61516a077d2Lennart Poettering
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593.
3471bedc005fab03f40b99bf6599645330adcd9eLennart Poettering [Ruediger Pluem, Joe Orton]
eeb875144e5a80d0521461a139f13fc8014d77d8Lennart Poettering
eeb875144e5a80d0521461a139f13fc8014d77d8Lennart Poettering *) Worker MPM: On graceless shutdown or restart, send signals to
a32f224aafaf47d3489a730259a47ef45781193eLennart Poettering each worker thread to wake them up if they're polling on a
a32f224aafaf47d3489a730259a47ef45781193eLennart Poettering Keep-Alive connection. PR 38737. [Chris Darroch]
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen
a32f224aafaf47d3489a730259a47ef45781193eLennart Poettering *) worker and event MPMs: fix excessive forking if fork() or child_init
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen take a long time. PR 39275.
a32f224aafaf47d3489a730259a47ef45781193eLennart Poettering [Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ]
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers *) configure: Add "--with-included-apr" flag to force use of the
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers bundled version of APR at build time. [Joe Orton]
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers *) Respect GracefulShutdownTimeout in the worker and event MPMs.
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers [Chris Darroch, Garrett Rooney]
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers *) mod_mem_cache: Set content type correctly when delivering data from
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers cache. PR 39266. [Ruediger Pluem]
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers *) mod_autoindex: Fix filename escaping with FancyIndexing disabled.
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers PR 38910. [Robby Griffin <rmg terc.edu>]
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers
347e1b6df028ebb1589146c167add8d37a3d4244Kay Sievers *) mod_charset_lite: Bypass translation when the source and dest charsets
166503dada92d7ca3570a653e07a51ed826b7c8aLennart Poettering are the same. [Jeff Trawick]
59cea26a349cfa8db906b520dac72563dd773ff2Lennart Poettering
35eb6b124ebdf82bd77aad6e44962a9a039c4d33Lennart PoetteringChanges with Apache 2.2.2
9473414219330b9febc1d0712bbf49ad74cf962fLennart Poettering
f1a8e221ecacea23883df57951e291a910463948Lennart Poettering *) mod_deflate: Allow mod_deflate to handle internal redirects.
069cfc85f876bb6966cb5a9bbe0235f5064622cdLennart Poettering [Brian J. France <list firehawksystems.com>]
069cfc85f876bb6966cb5a9bbe0235f5064622cdLennart Poettering
7b63bde1ed0d4f30c799c9b4737fa926465929f9Lennart Poettering *) mod_proxy_balancer: Initialize members of a balancer correctly.
7b63bde1ed0d4f30c799c9b4737fa926465929f9Lennart Poettering PR 38227. [James A. Robinson <jim.robinson stanford.edu>]
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering
5b40d33761376354116a8cddb9b9fbdb6c4727d6Lennart Poettering *) mod_proxy: Do not release connections from connection pool twice.
f7f21d33db5dfe88dc8175c61dada44013347729Lennart Poettering PR 38793. [Ruediger Pluem, matthias <mk-asf gigacodes.de>]
f7f21d33db5dfe88dc8175c61dada44013347729Lennart Poettering
27b5482cc08b7fac1b6b15d980d42ae04f3ae1caLennart Poettering *) core: Prevent reading uninitialized memory while reading a line of
27b5482cc08b7fac1b6b15d980d42ae04f3ae1caLennart Poettering protocol input. PR 39282. [Davi Arnaut <davi haxent.com.br>]
27b5482cc08b7fac1b6b15d980d42ae04f3ae1caLennart Poettering
27b5482cc08b7fac1b6b15d980d42ae04f3ae1caLennart Poettering *) mod_dbd: Update defaults, improve error reporting.
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering [Chris Darroch <chrisd pearsoncmg com>, Nick Kew]
b86fa936ce36976cd6a96034cf14ea267695bcb2Lennart Poettering
a26336da875a6657d404d1e44b86ae067c34b110Kay Sievers *) mod_dbd: Create own pool and mutex to avoid problem use of
a26336da875a6657d404d1e44b86ae067c34b110Kay Sievers process pool in request processing.
e85647f73e235c2a6ea412cb8d841e092c373501Lennart Poettering [Chris Darroch <chrisd pearsoncmg com>]
eecd1362f7f4de432483b5d77c56726c3621a83aLennart Poettering
eecd1362f7f4de432483b5d77c56726c3621a83aLennart Poettering *) HTML-escape the Expect error message. Not classed as security as
14038c2e83001abfbcdc3f9f2402189a9b3d2f0cLennart Poettering an attacker has no way to influence the Expect header a victim will
14038c2e83001abfbcdc3f9f2402189a9b3d2f0cLennart Poettering send to a target site. Reported by Thiago Zaninotti
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering <thiango nstalker.com>. [Mark Cox]
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering [Jeff Trawick]
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering
465349c06d994dd2cc6b6fc4109ac0b9952d500aLennart Poettering *) htdbm: Warn the user when adding a plaintext password on a platform
06dab8e18aebf822392c7ca66c5bf3c1200fdec8Lennart Poettering where it wouldn't work with the server (i.e., anywhere that has
06dab8e18aebf822392c7ca66c5bf3c1200fdec8Lennart Poettering crypt()). [Jeff Trawick]
7e2668c6fd5720ae4d2d55eb8a062739687516afLennart Poettering
7e2668c6fd5720ae4d2d55eb8a062739687516afLennart Poettering *) mod_proxy: don't reuse a connection that may be to the wrong backend
e85647f73e235c2a6ea412cb8d841e092c373501Lennart Poettering PR 39253 [Ruediger Pluem]
e85647f73e235c2a6ea412cb8d841e092c373501Lennart Poettering
e01a15b71e18bf2008aec7e75041ffa42eb80b80Kay Sievers *) Default handler: Don't return output filter apr_status_t values.
a888b352eb53b07daa24fa859ceeb254336b293dLennart Poettering PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
3b2d5b02ae231f1d3eb0d96eb980155d7797304eLennart Poettering
3b2d5b02ae231f1d3eb0d96eb980155d7797304eLennart PoetteringChanges with Apache 2.2.1
0f0dbc46ccf5aaaf3131446d0a4d78bc97a37295Lennart Poettering
0f0dbc46ccf5aaaf3131446d0a4d78bc97a37295Lennart Poettering *) SECURITY: CVE-2005-3357 (cve.mitre.org)
3d9a412243035beeaaf3465a62065444a5adf21cLennart Poettering mod_ssl: Fix a possible crash during access control checks if a
3d9a412243035beeaaf3465a62065444a5adf21cLennart Poettering non-SSL request is processed for an SSL vhost (such as the
98ef27df896f36f0407eaa7ed9e295203b9c271bLennart Poettering "HTTP request received on SSL port" error message when an 400
a0a3844815b0f346dba03f41245c620f432e462fLennart Poettering ErrorDocument is configured, or if using "SSLEngine optional").
9efaf380a7c7fa16f44b1aa15b967e99f331203aLennart Poettering PR 37791. [Rüdiger Plüm, Joe Orton]
9efaf380a7c7fa16f44b1aa15b967e99f331203aLennart Poettering
4ee717820208a4c8e92383d0dbefa401827fab38Kay Sievers *) SECURITY: CVE-2005-3352 (cve.mitre.org)
4ee717820208a4c8e92383d0dbefa401827fab38Kay Sievers mod_imagemap: Escape untrusted referer header before outputting
5ba2dc259f3cdd8fddef68cfd28380a32534e49aKay Sievers in HTML to avoid potential cross-site scripting. Change also
5ba2dc259f3cdd8fddef68cfd28380a32534e49aKay Sievers made to ap_escape_html so we escape quotes. Reported by JPCERT.
5ba2dc259f3cdd8fddef68cfd28380a32534e49aKay Sievers [Mark Cox]
20ffc4c4a9226b0e45cc02ad9c0108981626c0bbKay Sievers
b45f770f0049fbdf3f6c9db0ab11deeff4ccd86dKay Sievers *) mod_proxy_ajp: Flushing of the output after each AJP chunk is now
b45f770f0049fbdf3f6c9db0ab11deeff4ccd86dKay Sievers configurable at runtime via the 'flushpackets' and 'flushwait' worker
b45f770f0049fbdf3f6c9db0ab11deeff4ccd86dKay Sievers params. Minor MMN bump. [Jim Jagielski]
b8217b7bd5fd171916a095b150fad4c3a37f5a41Kay Sievers
08f23fd29c9df9c8b4e874933eb39711f069754bLennart Poettering *) mod_proxy: Fix incorrect usage of local and shared worker init.
08f23fd29c9df9c8b4e874933eb39711f069754bLennart Poettering PR 38403. [Jim Jagielski]
18b754d345ecb0b15e369978aaffa72e9814b86aKay Sievers
068665b6fd9839f27bcace7e8f56c0baa6935272Lennart Poettering *) mod_isapi: Fix compiler errors on Unix platforms.
231931ffba1bca9d8759bbd6f797e56f8c6971faLennart Poettering [William Rowe]
231931ffba1bca9d8759bbd6f797e56f8c6971faLennart Poettering
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering *) mod_proxy_http: Send HTTP Keep-Alive Headers. PR 38524.
169c4f65131fbc7bcb51e7d5487a715cdcd0e0ebLennart Poettering [Rüdiger Plüm, Joe Orton]
bd08f2422491169e92dc0899d5ba848fcae4c15cLennart Poettering
bd08f2422491169e92dc0899d5ba848fcae4c15cLennart Poettering *) mod_disk_cache: Return the correct error codes from bucket read
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering failures, instead of APR_EGENERAL.
fb0864e7b9c6d26269ccea6ec5c0fd921c029781Lennart Poettering [Brian Akins <brian.akins turner.com>]
18da49531e4c6b31bd2439b4d738dc1bb9660af1Lennart Poettering
18da49531e4c6b31bd2439b4d738dc1bb9660af1Lennart Poettering *) Add APR/APR-Util Compiled and Runtime Version numbers to the
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering output of 'httpd -V'. [William Rowe]
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering *) http: If a connection is aborted while waiting for a chunked line,
9586cdfab6a2638078702b7fea7e16b3a71899e2Lennart Poettering flag the connection as errored out. [Justin Erenkrantz]
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering
7f110ff9b8828b477e87de7b28c708cf69a3d008Lennart Poettering *) core: Reject invalid Expect header immediately. PR 38123.
edca2e2348b314e2d892fe6f8ae276fdc223f014Thomas Hindoe Paaboel Andersen [Ruediger Pluem]
101f077676e9fbe1a66c8b2dc4864a8d7a94c372Lennart Poettering
f7f964eb3625e4cca7f16377fa12aa7a760243e7Lennart Poettering *) mod_proxy: Fix KeepAlives not being allowed and set to
f7f964eb3625e4cca7f16377fa12aa7a760243e7Lennart Poettering backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering *) mod_proxy: If we get an error reading the upstream response,
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering close the connection. [Justin Erenkrantz, Roy T. Fielding,
d0e5a33374cee92962af33dfc03873e470b014f6Lennart Poettering Jim Jagielski, Ruediger Pluem]
53ed2eeb2e709a6c0d152d7bdf2d9a4b9f997a16Lennart Poettering
53ed2eeb2e709a6c0d152d7bdf2d9a4b9f997a16Lennart Poettering *) mod_proxy_ajp: Support common headers of the AJP protocol in responses.
680a1dbc354b2f437b4e06e27d4c43217977efdfLennart Poettering PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>]
680a1dbc354b2f437b4e06e27d4c43217977efdfLennart Poettering
a6e87e90ede66815989ba2db92a07102a69906feLennart Poettering *) mod_proxy_balancer: Do not overwrite the status of initialized workers and
88f89a9b6d25dfcb89691727c8cdaf01f4090b72Lennart Poettering respect the configured status of uninitilized workers when creating a new
c4aa65e7147dc742886edf25593e10466b02fc3aLennart Poettering child process. [Ruediger Pluem]
7e64c73a93cdcc7068280f3e3ba8adbd6c6f8f84Lennart Poettering
a558d00381291afd6a81f7df07269fe76eeae556Lennart Poettering *) mod_proxy_ajp: Crosscheck the length of the body chunk with the length of
a558d00381291afd6a81f7df07269fe76eeae556Lennart Poettering the ajp message to prevent mod_proxy_ajp from reading beyond the buffer
a558d00381291afd6a81f7df07269fe76eeae556Lennart Poettering boundaries and thus revealing possibly sensitive memory contents to the
a558d00381291afd6a81f7df07269fe76eeae556Lennart Poettering client. [Ruediger Pluem]
05aa9edde0f9f4077b8120389c93cb0134eda9c5Lennart Poettering
05aa9edde0f9f4077b8120389c93cb0134eda9c5Lennart Poettering *) Ensure that the proper status line is written to the client, fixing
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering incorrect status lines caused by filters which modify r->status without
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering resetting r->status_line, such as the built-in byterange filter.
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering [Jeff Trawick]
87a8baa35d6d65ac3b58ae8e26e338e67f8ae8edLennart Poettering
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick]
5ba081b0fb02380cee4c2ff5bc7e05f869eb8415Lennart Poettering
b3fa47e0819b08ea32e69e19e6d88ce2daca069dLennart Poettering *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
b3fa47e0819b08ea32e69e19e6d88ce2daca069dLennart Poettering [Ruediger Pluem]
7f3e62571a63ac90de6ac5eefeeb8d3e9aa6f49eLennart Poettering
7f3e62571a63ac90de6ac5eefeeb8d3e9aa6f49eLennart Poettering *) Modify apr[util] .h detection to avoid breakage on VPATH builds
7f3e62571a63ac90de6ac5eefeeb8d3e9aa6f49eLennart Poettering using Solaris make (amoung others) and avoid breakage in ./buildconf
7f3e62571a63ac90de6ac5eefeeb8d3e9aa6f49eLennart Poettering when srclib/apr[-util] are symlinks rather than directories proper.
4cbd9ecf45f64c3a9acc99d473fbf3be3687ae24Lennart Poettering [William Rowe]
4cbd9ecf45f64c3a9acc99d473fbf3be3687ae24Lennart Poettering
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering *) Chunk filter: Fix chunk filter to create correct chunks in the case that
65c0cf7108ae3537a357c74b4586a783baba82f9Lennart Poettering a flush bucket is surrounded by data buckets. [Ruediger Pluem]
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers *) Fix syntax error in httpd.h with strict compilers. PR 38740.
f957632b960a0a42999b38ded7089fa602b41745Kay Sievers [Per Olausson <pao darkheim.freeserve.co.uk>]
a2f5666d06fe8233025738047115bb9e3959df3eLennart Poettering
a2f5666d06fe8233025738047115bb9e3959df3eLennart Poettering *) Preserve the Content-Length header for a proxied HEAD response.
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering PR 18757. [Greg Ames]
ad740100d108282d0244d5739d4dcc86fe4c5fdeLennart Poettering
c821bd28c2ecce8d35248d61949fe1c0c3030b6cLennart Poettering *) Fix recursive ErrorDocument handling. PR 36090.
c821bd28c2ecce8d35248d61949fe1c0c3030b6cLennart Poettering [Chris Darroch <chrisd pearsoncmg.com>]
de6c78f8795743894431a099d26ec562a8acf3dfLennart Poettering
7d441ddb5ca090b5a97f58ac4b4d97b3e84fa81eLennart Poettering *) Don't hang on error return from post_read_request. PR37790 [Nick Kew]
14e639ae7a1dbf156273ce697d30fbc6c6594209Lennart Poettering
14e639ae7a1dbf156273ce697d30fbc6c6594209Lennart Poettering *) Fix off-by-one error in proxy_balancer. PR37753
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering [Kazuhiro Osawa <ko yappo ne jp>]
ff01d048b4c1455241c894cf7982662c9d28fd34Lennart Poettering
d3c7d7dd77b2b72315164b672462825cef6c0f9aKay SieversChanges with Apache 2.2.0
72b9ed828bd22f3ddd74b6853c183eebf006d6d8Lennart Poettering
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering *) mod_negotiation: Minor performance tweak by reusing already calculated
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering strlen.
1d6702e8d3877c0bebf3ac817dc45ff72f5ecfa9Lennart Poettering [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering *) Remove support for 'On' and 'Off' for AuthBasicProvider and
97f73ffb04947acf0a5854e3a7bdbb7a0105f6faLennart Poettering AuthDigestProvider. [Joshua Slive, Justin Erenkrantz]
97f73ffb04947acf0a5854e3a7bdbb7a0105f6faLennart Poettering
85f248b26653f5322c26735661d63d4e8460c30eLennart Poettering *) Add in new UseCanonicalPhysicalPort directive, which controls
85f248b26653f5322c26735661d63d4e8460c30eLennart Poettering whether or not Apache will ever use the actual physical port
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering when constructing the canonical port number. [Jim Jagielski]
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering
1258097cd3cdbc5dd3d264850119e553a29c5068Lennart Poettering *) mod_dav: Fix a null pointer dereference in an error code path during the
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering handling of MKCOL.
a4c279f87451186b8beb1b8cc21c7cad561ecf4bLennart Poettering [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]
d3fc81bd6a5a046b22600ac1204df220c93d2c15Lennart Poettering
d3fc81bd6a5a046b22600ac1204df220c93d2c15Lennart Poettering *) Fix DESTDIR=... installation when using bundled copy of APR.
7c697168102cb64c5cb65a542959684014da99c7Lennart Poettering [Torsten Foertsch <torsten.foertsch gmx.net>]
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering *) mod_proxy_balancer: When finding best worker, use case insensitive
8d0e38a2b966799af884e78a54fd6a2dffa44788Lennart Poettering match for scheme and host, but case sensitive for the rest of
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering the path. [Jim Jagielski, Ruediger Pluem]
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart PoetteringChanges with Apache 2.1.9
f28f1daf754a9a07de90e6fc4ada581bf5de677dLennart Poettering
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering *) Add mod_authn_dbd (SQL-based authentication) [Nick Kew]
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering
88a07670cfa974a605c7c7b520b8a3135fce37f9Lennart Poettering *) mod_proxy_ajp: Do not spool the entire response from AJP backend before
916abb21d0a6653e0187b91591e492026886b0a4Lennart Poettering sending it up the filter chain. PR37100. [Ruediger Pluem]
916abb21d0a6653e0187b91591e492026886b0a4Lennart Poettering
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering *) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which
916abb21d0a6653e0187b91591e492026886b0a4Lennart Poettering only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that
b23de6af893c11da4286bc416455cd0926d1532eLennart Poettering subrequests to non local resources work again. [Ruediger Pluem]
b23de6af893c11da4286bc416455cd0926d1532eLennart Poettering
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering *) mod_proxy: Do not lowercase the entire worker name of a BalancerMember
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering since this breaks case sensitive URI's. PR36906. [Ruediger Pluem]
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering
9534ce54858c67363b841cdbdc315140437bfdb4Lennart Poettering *) core: AddOutputFilterByType is ignored for proxied requests. PR31226.
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering [Joe Orton, Ruediger Pluem]
796b06c21b62d13c9021e2fbd9c58a5c6edb2764Kay Sievers
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering *) mod_proxy_http: Prevent data corruption of POST request bodies when
68c7d001f4117f0c3d0a4582e32cbb03ae5fac57Lennart Poettering client accesses proxied resources with SSL. PR37145.
7a2a0b907b5cc60f5d9a871997d7d6e7f62bf4d8Lennart Poettering [Ruediger Pluem, William Rowe]
253ee27a0c7a410d27d490bb79ea97caed6a2b68Lennart Poettering
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering *) mod_proxy_balancer: BalancerManager and proxies correctly handle
5d0fcd7c8d29340ac9425c309e8ac436a9af699cLennart Poettering member workers with paths. PR36816. [Ruediger Pluem, Jim Jagielski]
8bbabc447b1d913bd21faf97c7b17d20d315d2b4Lennart Poettering
f530371f1f85a070d7d0fb5112146a43533ae00bLennart Poettering *) mod_log_config: %{hextid}P will log the thread id in hex with APR
e707c49485b8f4f2ec040d3da232d39153e650b9Lennart Poettering versions 1.2.0 or higher. [Jeff Trawick]
a19554ed92a7460b4e709cc40c558cde827ab85bLennart Poettering
a73d88fa024b5668ed7dde681e99547d41e6a864Lennart Poettering *) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as
3040728b6691ea2e9df3a2060e2d49a792bbaedaLennart Poettering in 1.3. [Jeff Trawick]
5965984d6b9f7751d6281028142ecf3ca475f156Lennart Poettering
73090dc815390f4fca4e3ed8a7e1d3806605daaaLennart Poettering *) Support dbd connections tied to the conn_rec [Nick Kew]
44143309dd0b37d61d7d842ca58f01a65646ec71Kay Sievers
3d57c6ab801f4437f12948e29589e3d00c3ad9dbLennart Poettering *) Move mod_dbd to /modules/database/ [Nick Kew]
935fb723ba7370abaf793914fb5a722f7f5e41e1Lennart Poettering
b9a2a36b519ccd79c4198e7dda4e657d597a14adLennart Poettering *) Move mod_filter and mod_charset_lite to /modules/filters/ [Nick Kew]
ba1a55152c50dfbcd3d4a64353b95f4a2f37985eLennart Poettering
9408a2d295a312a5472345090e28e0502570494bLennart Poettering *) Fix mod_dbd's config [Brian J. France <list firehawksystems.com>]
71092d70af35567dd154d3de2ce04ce62e157a7cLennart Poettering
3f7a8c4e9f1d3ce48919e24eb2c9d56dd6fd88d8Kay Sievers *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
f9276855a1d270b6c3f857cdaf2c4b49920c2228Lennart Poettering connections. PR36883.
f9276855a1d270b6c3f857cdaf2c4b49920c2228Lennart Poettering [William Barker <william.barker wilshire.com>, Ruediger Pluem]
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering *) Elimiated the NET_TIME filter, restructuring the timeout logic.
260abb780a135e4cae8c10715c7e85675efc345aLennart Poettering This provides a working mod_echo on all platforms, and ensures any
2791a8f8dc8764a9247cdba3562bd4c04010f144Lennart Poettering custom protocol module is at least given an initial timeout value
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering based on the <VirtualHost > context's Timeout directive.
a8f11321c209830a35edd0357e8def5d4437d854Lennart Poettering [William Rowe]
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering
21bdae12e11ae20460715475d8a0c991f15464acLennart Poettering *) mod_proxy: Run the request_status hook also if there are no free workers
Error!

 

There was an error!

null

java.lang.NullPointerException