CHANGES revision 7025945569c7fbb49f2e64e0d26f861d22a54675
f743002678eb67b99bbc29fee116b65d9530fec0wrowe -*- coding: utf-8 -*-
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankgChanges with Apache 2.5.0
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener *) SECURITY: CVE-2012-2687 (cve.mitre.org)
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener mod_negotiation: Escape filenames in variant list to prevent an
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener possible XSS for a site where untrusted users can upload files to
684e0cfc200f66287a93bbd1708d1dd8a92a7eefcovener a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
5c43d2fb853f84497b5ece2d414ef9484aa87e5fsf *) mod_ssl: If exiting during initialization because of a fatal error,
5077eceb48bb505d610bea89067c8569b5174983wrowe log a message to the main error log pointing to the appropriate
5077eceb48bb505d610bea89067c8569b5174983wrowe virtual host error log. [Stefan Fritsch]
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes *) mod_ldap: Treat the "server unavailable" condition as a transient
05a5a9c3e16f21566e1b61f4bd68025ce1b741ccjoes error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
26c5829347f6a355c00f1ba0301d575056b69536niq *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq Christophe Renou, Peter Sylvester]
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
ef82e8fa164e0a1f8b813f7deb6b7ead96018c94niq [Paul Wouters <pwouters redhat.com>, Joe Orton]
4fc0f3118f25efdd3d09b1c53746e92dbcc600f0sf *) mod_ssl: Add new directive SSLCompression to disable TLS-level
4fc0f3118f25efdd3d09b1c53746e92dbcc600f0sf compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
413ee814748f37be168ff12407fa6dba0ceeabe6trawick *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make
c12917da693bae4028a1d5a5e8224bceed8c739dsf ap_pregcomp() abort if out of memory. This raises the minimum PCRE
c12917da693bae4028a1d5a5e8224bceed8c739dsf requirement to version 6.0. PR 53284. [Stefan Fritsch]
eeb7898b9c087040d44550f8a6b1a257783c9f0ahumbedooh *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
7705103518c61f7cdcd4041fe871cb45114f31a5rpluem [Stefan Fritsch]
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf *) suexec: Add --enable-suexec-capabilites support on Linux, to use
eafcc0ebf263d0ba69855b6e10958c4c1a2361bdsf setuid/setgid capability bits rather than a setuid root binary.
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf [Joe Orton]
d7ffd2da16d58b1a0de212e4d56f7aebb72bef26sf *) suexec: Add support for logging to syslog as an alternative to logging
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf to a file; configure --without-suexec-logfile --with-suexec-syslog.
4576c1a9ef54cd1e5555ee07d016a7f559f80338sf [Joe Orton]
9811aed12bbc71783d2e544ccb5fecd193843eadsf *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
9811aed12bbc71783d2e544ccb5fecd193843eadsf one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
d58a822aff1dfda25384d3d009f88f1883c95436kbrand *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
d58a822aff1dfda25384d3d009f88f1883c95436kbrand forwarding to SSL backends. PR 53134.
d58a822aff1dfda25384d3d009f88f1883c95436kbrand [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
e02ff627c1e63137247e20493f6ef44b3bb1a095sf *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
e02ff627c1e63137247e20493f6ef44b3bb1a095sf [Matthew Steele <mdsteele google.com>]
1366443dc565c33e7b449ae428bbfc4c86f33935drh *) mod_so: If a filename without slashes is specified for LoadFile or
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung LoadModule and the file cannot be found in the server root directory,
88fac54d9d64f85bbdab5d7010816f4377f95bd7rjung try to use the standard dlopen() search path. [Stefan Fritsch]
bd3f5647b96d378d9c75c954e3f13582af32c643sf *) various modules, rotatelogs: Replace use of apr_file_write() with
bd3f5647b96d378d9c75c954e3f13582af32c643sf apr_file_write_full() to prevent incomplete writes. PR 53131.
bd3f5647b96d378d9c75c954e3f13582af32c643sf [Nicolas Viennot <apache viennot biz>, Stefan Fritsch]
2a7beea91d46beb41f043a84eaad060047ee04aafabien *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
2a7beea91d46beb41f043a84eaad060047ee04aafabien be compiled by the build compiler instead of the host compiler.
2a7beea91d46beb41f043a84eaad060047ee04aafabien Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
2a7beea91d46beb41f043a84eaad060047ee04aafabien PR 51257. [Guenter Knauf]
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
584a85dd4047e38d3ed3a29b6662fcc9d100ae4csf PR 53048. [Stefan Fritsch]
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
f21e9e3d0bfb7a507ecc5bc963f2159d693503d1sf is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf PR 48272. [Stefan Fritsch]
f6b9c755a0b793e8a3a3aebd327ca20a86478117sf *) mod_proxy_fcgi: If there is an error reading the headers from the
132ee6ac1c26d6e8953836316ba50734eefab47bsf backend, send an error to the client. PR 52879. [Stefan Fritsch]
132ee6ac1c26d6e8953836316ba50734eefab47bsf *) mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.
fc1459657a1fde206a847f9028930725d715f8b4trawick PR 53023. [Axel Reinhold <apache freakout.de>, André Malo]
fc1459657a1fde206a847f9028930725d715f8b4trawick *) Fix MPM DSO load failure on AIX. [Jeff Trawick]
85eacfc96a04547ef25aabbc06440039715084c2jorton *) core: Add the port number to the vhost's name in the scoreboard.
85eacfc96a04547ef25aabbc06440039715084c2jorton [Stefan Fritsch]
68ba377fc3b124baa759662077c48077ebadb186minfrin *) mpm_event: Don't do a blocking write when starting a lingering close
68ba377fc3b124baa759662077c48077ebadb186minfrin from the listener thread. PR 52229. [Stefan Fritsch]
d776b0a2d2889ce1d13494873368f34327a2e1bbtrawick *) core: In maintainer mode, replace apr_palloc with a version that
d776b0a2d2889ce1d13494873368f34327a2e1bbtrawick initializes the allocated memory with non-zero values, except if
f4ca9f6f002fece336168a16355434ca966f96a9trawick AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]
78f94f1d06c4e6828ce04d618221e0fcecb57849humbedooh *) mod_authnz_ldap: Don't try a potentially expensive nested groups
78f94f1d06c4e6828ce04d618221e0fcecb57849humbedooh search before exhausting all AuthLDAPGroupAttribute checks on the
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick current group. PR52464 [Eric Covener]
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick *) mod_policy: Add a new testing module to help server administrators
536d2e7cd1fdec1255b8c3bdf41fdc714c506a54trawick enforce a configurable level of protocol compliance on their
70caa242e6b90e0d6f0fabb56b8c5c2fb51717b3jorton servers and application servers behind theirs. [Graham Leggett]
70caa242e6b90e0d6f0fabb56b8c5c2fb51717b3jorton *) mod_firehose: Add a new debugging module able to record traffic
70caa242e6b90e0d6f0fabb56b8c5c2fb51717b3jorton passing through the server in such a way that connections and/or
109e2a09790de3fb315d36d6232a14ab66c8eb0ahumbedooh requests be reconstructed and replayed. [Graham Leggett]
109e2a09790de3fb315d36d6232a14ab66c8eb0ahumbedooh *) mod_noloris
10961a2f60207cb873d889bb28b1f0ef707a4311humbedooh *) Simple MPM
0448378b899e8df0c060360f17c0af692adf17bchumbedooh [Apache 2.5.0-dev includes those bug fixes and changes with the
0448378b899e8df0c060360f17c0af692adf17bchumbedooh Apache 2.4.xx tree as documented below, except as noted.]
60a765cccbd3f3b5997b65b0034220c79f78369etrawickChanges with Apache 2.4.x and later:
e7ca863b04ee2a7aea7738cadbf51ce5e6c5245dhumbedooh *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup
e7ca863b04ee2a7aea7738cadbf51ce5e6c5245dhumbedoohChanges with Apache 2.2.x and later:
91654e263480f0fdc2a03d782ff23f8dad07cf79humbedooh *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
91654e263480f0fdc2a03d782ff23f8dad07cf79humbedoohChanges with Apache 2.0.x and later: