CHANGES revision 4c21a9f062e187b87c9cec726023f0fc086008f2
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel -*- coding: utf-8 -*-
657a8c206b913d1ee578fd725f0b25eca5b77253Jan FriedelChanges with Apache 2.5.0
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) SECURITY: CVE-2012-2687 (cve.mitre.org)
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel mod_negotiation: Escape filenames in variant list to prevent an
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel possible XSS for a site where untrusted users can upload files to
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_authz_core: If an expression in "Require expr" returns denied and
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel authorization provider in lua. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel client_ip to match conn_rec. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_lua: Change prototype of vm_construct, to work around gcc bug which
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_ssl: If exiting during initialization because of a fatal error,
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel log a message to the main error log pointing to the appropriate
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel virtual host error log. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_ldap: Treat the "server unavailable" condition as a transient
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel Christophe Renou, Peter Sylvester]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Paul Wouters <pwouters redhat.com>, Joe Orton]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_ssl: Add new directive SSLCompression to disable TLS-level
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel ap_pregcomp() abort if out of memory. This raises the minimum PCRE
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel requirement to version 6.0. PR 53284. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) suexec: Add --enable-suexec-capabilites support on Linux, to use
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel setuid/setgid capability bits rather than a setuid root binary.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) suexec: Add support for logging to syslog as an alternative to logging
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel to a file; configure --without-suexec-logfile --with-suexec-syslog.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel forwarding to SSL backends. PR 53134.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Matthew Steele <mdsteele google.com>]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_so: If a filename without slashes is specified for LoadFile or
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel LoadModule and the file cannot be found in the server root directory,
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel try to use the standard dlopen() search path. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) various modules, rotatelogs: Replace use of apr_file_write() with
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel apr_file_write_full() to prevent incomplete writes. PR 53131.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Nicolas Viennot <apache viennot biz>, Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel be compiled by the build compiler instead of the host compiler.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel PR 51257. [Guenter Knauf]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel PR 53048. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel PR 48272. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_proxy_fcgi: If there is an error reading the headers from the
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel backend, send an error to the client. PR 52879. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel PR 53023. [Axel Reinhold <apache freakout.de>, André Malo]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) Fix MPM DSO load failure on AIX. [Jeff Trawick]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) core: Add the port number to the vhost's name in the scoreboard.
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mpm_event: Don't do a blocking write when starting a lingering close
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel from the listener thread. PR 52229. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) core: In maintainer mode, replace apr_palloc with a version that
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel initializes the allocated memory with non-zero values, except if
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_authnz_ldap: Don't try a potentially expensive nested groups
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel search before exhausting all AuthLDAPGroupAttribute checks on the
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel current group. PR52464 [Eric Covener]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_policy: Add a new testing module to help server administrators
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel enforce a configurable level of protocol compliance on their
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel servers and application servers behind theirs. [Graham Leggett]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_firehose: Add a new debugging module able to record traffic
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel passing through the server in such a way that connections and/or
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel requests be reconstructed and replayed. [Graham Leggett]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) mod_noloris
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) Simple MPM
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel [Apache 2.5.0-dev includes those bug fixes and changes with the
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel Apache 2.4.xx tree as documented below, except as noted.]
657a8c206b913d1ee578fd725f0b25eca5b77253Jan FriedelChanges with Apache 2.4.x and later:
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup
657a8c206b913d1ee578fd725f0b25eca5b77253Jan FriedelChanges with Apache 2.2.x and later:
657a8c206b913d1ee578fd725f0b25eca5b77253Jan Friedel *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
657a8c206b913d1ee578fd725f0b25eca5b77253Jan FriedelChanges with Apache 2.0.x and later: