CHANGES revision 45932a847f237b4d8f0667b138bd3f8a15fb53ff
52ea316008e2581c8113441c9c341e5c65225f6anilgun -*- coding: utf-8 -*-
52ea316008e2581c8113441c9c341e5c65225f6anilgunChanges with Apache 2.3.3
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) SECURITY: CVE-2009-1191 (cve.mitre.org)
52ea316008e2581c8113441c9c341e5c65225f6anilgun mod_proxy_ajp: Avoid delivering content from a previous request which
52ea316008e2581c8113441c9c341e5c65225f6anilgun failed to send a request body. PR 46949 [Ruediger Pluem]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen defined session identifiers encoded in the URL when caching.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen [Ruediger Pluem]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_rewrite: Fix the error string returned by RewriteRule.
d229f940abfb2490dee17979e9a5ff31b7012eb5rbowen RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
3f08db06526d6901aa08c110b5bc7dde6bc39905nd argument of RewriteRule was not started with "[" or not ended with "]".
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Windows: Fix usage message.
3f08db06526d6901aa08c110b5bc7dde6bc39905nd [Rainer Jung]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) apachectl: When passing through arguments to httpd in
52ea316008e2581c8113441c9c341e5c65225f6anilgun non-SysV mode, use the "$@" syntax to preserve arguments.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Eric Covener]
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
52ea316008e2581c8113441c9c341e5c65225f6anilgun be run when a connection is opened. PR 46827
51b60896224b408a35684bd6ec0fafe5e4abe322rbowen [Marko Kevac <mkevac gmail.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 47037. [Jeff Trawick]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
52ea316008e2581c8113441c9c341e5c65225f6anilgun protocol. [Mladen Turk]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_ajp: Forward remote port information by default.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Rainer Jung]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Allow MPMs to be loaded dynamically, as with most other modules. This
52ea316008e2581c8113441c9c341e5c65225f6anilgun required changes to the MPM interfaces. Removed: mpm.h, mpm_default.h
52ea316008e2581c8113441c9c341e5c65225f6anilgun (as an installed header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
52ea316008e2581c8113441c9c341e5c65225f6anilgun ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
52ea316008e2581c8113441c9c341e5c65225f6anilgun called until after the register-hooks phase. [Jeff Trawick]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
52ea316008e2581c8113441c9c341e5c65225f6anilgun to enable stricter checking of remote server certificates.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Ruediger Pluem]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
52ea316008e2581c8113441c9c341e5c65225f6anilgun returns EINPROGRESS and a subsequent poll() returns only POLLERR.
52ea316008e2581c8113441c9c341e5c65225f6anilgun Observed on HP-UX. [Eric Covener]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
52ea316008e2581c8113441c9c341e5c65225f6anilgun as A/UX, Next, and Tandem. [Jeff Trawick]
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
52ea316008e2581c8113441c9c341e5c65225f6anilgun globbing characters to be retrieved instead of converted into a
52ea316008e2581c8113441c9c341e5c65225f6anilgun directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
52ea316008e2581c8113441c9c341e5c65225f6anilgun of module state across unload/load. [Jeff Trawick]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_substitute: Fix a memory leak. PR 44948
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Dan Poirier <poirier pobox.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgunChanges with Apache 2.3.2
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
52ea316008e2581c8113441c9c341e5c65225f6anilgun HTML injections and HTTP response splitting. PR 46837.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Geoff Keating <geoffk apple.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
52ea316008e2581c8113441c9c341e5c65225f6anilgun development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) ab: Fix maintenance of the pollset to resolve EALREADY errors
52ea316008e2581c8113441c9c341e5c65225f6anilgun with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
52ea316008e2581c8113441c9c341e5c65225f6anilgun pollset implementations. [Jeff Trawick]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_disk_cache: The module now turns off sendfile support if
52ea316008e2581c8113441c9c341e5c65225f6anilgun 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_deflate: Adjust content metadata before bailing out on 304
52ea316008e2581c8113441c9c341e5c65225f6anilgun responses so that the metadata does not differ from 200 response.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Roy T. Fielding]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
52ea316008e2581c8113441c9c341e5c65225f6anilgun that the Etag value is properly quoted when adding the gzip marker.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Peter Harlow]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Disabled DefaultType directive and removed ap_default_type()
52ea316008e2581c8113441c9c341e5c65225f6anilgun from core. We now exclude Content-Type from responses for which
52ea316008e2581c8113441c9c341e5c65225f6anilgun a media type has not been configured via mime.types, AddType,
52ea316008e2581c8113441c9c341e5c65225f6anilgun ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_rewrite: Add IPV6 variable to RewriteCond
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Ryan Phillips <ryan-apache trolocsis.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 46275. [Takashi Sato]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) rotatelogs: Allow size units B, K, M, G and combination of
52ea316008e2581c8113441c9c341e5c65225f6anilgun time and size based rotation. [Rainer Jung]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
52ea316008e2581c8113441c9c341e5c65225f6anilgun [<tlhackque yahoo.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) core: Translate the the status line to ASCII on EBCDIC platforms in
52ea316008e2581c8113441c9c341e5c65225f6anilgun ap_send_interim_response() and for locally generated "100 Continue"
52ea316008e2581c8113441c9c341e5c65225f6anilgun responses. [Eric Covener]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) prefork: Fix child process hang during graceful restart/stop in
52ea316008e2581c8113441c9c341e5c65225f6anilgun configurations with multiple listening sockets. PR 42829. [Joe Orton,
52ea316008e2581c8113441c9c341e5c65225f6anilgun Jeff Trawick]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
52ea316008e2581c8113441c9c341e5c65225f6anilgun set in the global scope. [Graham Leggett]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ext_filter: We need to detect failure to startup the filter
52ea316008e2581c8113441c9c341e5c65225f6anilgun program (a mangled response is not acceptable). Fix to detect
52ea316008e2581c8113441c9c341e5c65225f6anilgun failure, and offer configuration option either to abort or
52ea316008e2581c8113441c9c341e5c65225f6anilgun to remove the filter and continue.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 41120 [Nick Kew]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_session_crypto: Rewrite the session_crypto module against the
52ea316008e2581c8113441c9c341e5c65225f6anilgun apr_crypto API. [Graham Leggett]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
52ea316008e2581c8113441c9c341e5c65225f6anilgun until the main request is cleaned up. [Graham Leggett]
52ea316008e2581c8113441c9c341e5c65225f6anilgunChanges with Apache 2.3.1
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) ap_slotmem: Add in new slot-based memory access API impl., including
52ea316008e2581c8113441c9c341e5c65225f6anilgun 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
52ea316008e2581c8113441c9c341e5c65225f6anilgun Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_include: support generating non-ASCII characters as entities in SSI
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 25202 [Nick Kew]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 25202 [Nick Kew]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_rewrite: fix "B" flag breakage by reverting r5589343
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) CGI: return 504 (Gateway timeout) rather than 500 when a script
52ea316008e2581c8113441c9c341e5c65225f6anilgun times out before returning status line/headers.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 42190 [Nick Kew]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_cgid: fix segfault problem on solaris.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_scgi: Added. [André Malo]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_cache: Introduce 'no-cache' per-request environment variable
52ea316008e2581c8113441c9c341e5c65225f6anilgun to prevent the saving of an otherwise cacheable response.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Eric Covener]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
52ea316008e2581c8113441c9c341e5c65225f6anilgun way that per-directory rewrites append the previous notion of PATH_INFO
52ea316008e2581c8113441c9c341e5c65225f6anilgun to each substitution before evaluating subsequent rules.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 38642 [Eric Covener]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_cgid: Do not add an empty argument when calling the CGI script.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 46380 [Ruediger Pluem]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) scoreboard: Remove unused sb_type from process_score.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
52ea316008e2581c8113441c9c341e5c65225f6anilgun size of the buffer used for the request-body where necessary
52ea316008e2581c8113441c9c341e5c65225f6anilgun during a per-dir renegotiation. PR 39243. [Joe Orton]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_fdpass: New module to pass a client connection over to a separate
52ea316008e2581c8113441c9c341e5c65225f6anilgun process that is reading from a unix daemon socket.
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ssl: Improve environment variable extraction to be more
52ea316008e2581c8113441c9c341e5c65225f6anilgun efficient and to correctly handle DNs with duplicate tags.
52ea316008e2581c8113441c9c341e5c65225f6anilgun PR 45975. [Joe Orton]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Remove the obsolete serial attribute from the RPM spec file. Compile
52ea316008e2581c8113441c9c341e5c65225f6anilgun against the external pcre. Add missing binaries fcgistarter, and
52ea316008e2581c8113441c9c341e5c65225f6anilgun mod_socache* and mod_session*. [Graham Leggett]
52ea316008e2581c8113441c9c341e5c65225f6anilgunChanges with Apache 2.3.0
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Remove X-Pad header which was added as a work around to a bug in
52ea316008e2581c8113441c9c341e5c65225f6anilgun Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) Add DTrace Statically Defined Tracing (SDT) probes.
52ea316008e2581c8113441c9c341e5c65225f6anilgun [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) mod_proxy_balancer: Move all load balancing implementations
52ea316008e2581c8113441c9c341e5c65225f6anilgun as individual, self-contained mod_proxy submodules under
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung *) Rename APIs to include ap_ prefix:
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh find_child_by_pid -> ap_find_child_by_pid
ba543b319188dc1887607f6d59feddc00e38eee2humbedooh suck_in_APR -> ap_suck_in_APR
0d0ba3a410038e179b695446bb149cce6264e0abnd sys_privileges_handlers -> ap_sys_privileges_handlers
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh unixd_accept -> ap_unixd_accept
0d0ba3a410038e179b695446bb149cce6264e0abnd unixd_config -> ap_unixd_config
0d0ba3a410038e179b695446bb149cce6264e0abnd unixd_killpg -> ap_unixd_killpg
0d0ba3a410038e179b695446bb149cce6264e0abnd unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
0d0ba3a410038e179b695446bb149cce6264e0abnd unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
0d0ba3a410038e179b695446bb149cce6264e0abnd unixd_set_rlimit -> ap_unixd_set_rlimit
0d0ba3a410038e179b695446bb149cce6264e0abnd [Paul Querna]
0d0ba3a410038e179b695446bb149cce6264e0abnd *) core: When the ap_http_header_filter processes an error bucket, cleanup
0d0ba3a410038e179b695446bb149cce6264e0abnd the passed brigade before returning AP_FILTER_ERROR down the filter
0d0ba3a410038e179b695446bb149cce6264e0abnd chain. This unambiguously ensures the same error bucket isn't revisited
0d0ba3a410038e179b695446bb149cce6264e0abnd [Ruediger Pluem]
0d0ba3a410038e179b695446bb149cce6264e0abnd *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
0d0ba3a410038e179b695446bb149cce6264e0abnd based on heartbeats. [Paul Querna]
5effc8b39fae5cd169d17f342bfc265705840014rbowen *) mod_heartmonitor: New module to collect heartbeats, and write out a file
d229f940abfb2490dee17979e9a5ff31b7012eb5rbowen so that other modules can load balance traffic as needed. [Paul Querna]
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd *) mod_heartbeat: New module to generate multicast heartbeats to know if a
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd server is online. [Paul Querna]
52ea316008e2581c8113441c9c341e5c65225f6anilgun *) core: Error responses set by filters were being coerced into 500 errors,
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) Export and install the mod_rewrite.h header to ensure the optional
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
*) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
*) configure: Don't reject libtool 2.x
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
PR 44799 [Christian Wenz <christian wenz.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: