CHANGES revision 89691c9bd17f5f53fa0aa8d3fe2e1faee5a5d984
38dc50ae00a1ea57fa41500d74f4e818747e3cefpquerna -*- coding: utf-8 -*-
7d5ac94fda90b837211dadf2585c0fe8c5dc3e5djerenkrantzChanges with Apache 2.3.2
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
62f7716b14b71603a8004434ca3536902bfb8899wrowe HTML injections and HTTP response splitting. PR 46837.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe [Geoff Keating <geoffk apple.com>]
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe *) ab: Fix maintenance of the pollset to resolve EALREADY errors
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe pollset implementations. [Jeff Trawick]
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe *) mod_disk_cache: The module now turns off sendfile support if
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe *) mod_deflate: Adjust content metadata before bailing out on 304
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe responses so that the metadata does not differ from 200 response.
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe [Roy T. Fielding]
366616a5cc6212cbf7134ccf877f965d668c6b04wrowe *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz that the Etag value is properly quoted when adding the gzip marker.
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
80464b326874ee15d74742ae39708ec3f2eae1d7wrowe *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
38dc50ae00a1ea57fa41500d74f4e818747e3cefpquerna [Peter Harlow]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) Disabled DefaultType directive and removed ap_default_type()
af4c982a7cf4515f124935f99a329744035fc699slive from core. We now exclude Content-Type from responses for which
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe a media type has not been configured via mime.types, AddType,
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive *) mod_rewrite: Add IPV6 variable to RewriteCond
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz [Ryan Phillips <ryan-apache trolocsis.com>]
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz PR 46275. [Takashi Sato]
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz *) rotatelogs: Allow size units B, K, M, G and combination of
ecf8d72af432e53e4c0661fb99dfda8061507bfajerenkrantz time and size based rotation. [Rainer Jung]
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
62f7716b14b71603a8004434ca3536902bfb8899wrowe *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
4b62424416882687387923b3130b96241503cbe0jerenkrantz [<tlhackque yahoo.com>]
62f7716b14b71603a8004434ca3536902bfb8899wrowe *) core: Translate the the status line to ASCII on EBCDIC platforms in
45b0e1c775c1cfed6473c9e5304179ccb9609f53stoddard ap_send_interim_response() and for locally generated "100 Continue"
dbec4658981e4f9127e8676457c28d42932be7cdtrawick responses. [Eric Covener]
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas *) prefork: Fix child process hang during graceful restart/stop in
47c81da11264e8870b146dbdf3ac0384d3290ae9jerenkrantz configurations with multiple listening sockets. PR 42829. [Joe Orton,
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez Jeff Trawick]
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas set in the global scope. [Graham Leggett]
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas *) mod_ext_filter: We need to detect failure to startup the filter
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez program (a mangled response is not acceptable). Fix to detect
47c81da11264e8870b146dbdf3ac0384d3290ae9jerenkrantz failure, and offer configuration option either to abort or
0db0abcbe4211435c08e0c0e8f5daa278bed3524wsanchez to remove the filter and continue.
d64eb0a76ec10c2405d14b892b0eb0f7ce27a613stas PR 41120 [Nick Kew]
d64eb0a76ec10c2405d14b892b0eb0f7ce27a613stas *) mod_session_crypto: Rewrite the session_crypto module against the
f6a9b598f78b2e745456bfc4bbc4afd2d1572aa9stas apr_crypto API. [Graham Leggett]
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz until the main request is cleaned up. [Graham Leggett]
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantzChanges with Apache 2.3.1
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz *) ap_slotmem: Add in new slot-based memory access API impl., including
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz *) mod_include: support generating non-ASCII characters as entities in SSI
7718f3d5b4da70eb063877f5300ee361435910f4nd PR 25202 [Nick Kew]
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
38d2c5d41cdb5eb28668d0290b59f8c76ae2a4bfjim PR 25202 [Nick Kew]
b9b0788ea79de3ee230ccb0abf93a0c2c08f6287lars *) mod_rewrite: fix "B" flag breakage by reverting r5589343
b9b0788ea79de3ee230ccb0abf93a0c2c08f6287lars PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz *) CGI: return 504 (Gateway timeout) rather than 500 when a script
7718f3d5b4da70eb063877f5300ee361435910f4nd times out before returning status line/headers.
1af5c0e25a649bb298e25ddfa5418fa18bdcb107aaron PR 42190 [Nick Kew]
82455c2e3b6991846fbcbf0c9e41f57dbc681217brianp *) mod_cgid: fix segfault problem on solaris.
84cbf7ab5adeca6b94c462a46d74f17388b6ff6fjerenkrantz PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz *) mod_proxy_scgi: Added. [André Malo]
1b3f48fd6b1ccb8745f908e40156c5a85ca3c347jerenkrantz *) mod_cache: Introduce 'no-cache' per-request environment variable
b05930e6008f69bd323abe0c10f81f40ffd27983brianp to prevent the saving of an otherwise cacheable response.
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive [Eric Covener]
d96ee8cda2799e1f2743c1603adeb4833ed0e15fslive *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
0723420d6007137272f4f140ffd17035b17c1563nd way that per-directory rewrites append the previous notion of PATH_INFO
0723420d6007137272f4f140ffd17035b17c1563nd to each substitution before evaluating subsequent rules.
0723420d6007137272f4f140ffd17035b17c1563nd PR 38642 [Eric Covener]
0723420d6007137272f4f140ffd17035b17c1563nd *) mod_cgid: Do not add an empty argument when calling the CGI script.
0723420d6007137272f4f140ffd17035b17c1563nd PR 46380 [Ruediger Pluem]
0723420d6007137272f4f140ffd17035b17c1563nd *) scoreboard: Remove unused sb_type from process_score.
0723420d6007137272f4f140ffd17035b17c1563nd [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
0723420d6007137272f4f140ffd17035b17c1563nd *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
0723420d6007137272f4f140ffd17035b17c1563nd size of the buffer used for the request-body where necessary
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz during a per-dir renegotiation. PR 39243. [Joe Orton]
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz *) mod_proxy_fdpass: New module to pass a client connection over to a separate
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz process that is reading from a unix daemon socket.
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz *) mod_ssl: Improve environment variable extraction to be more
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz efficient and to correctly handle DNs with duplicate tags.
56afb23a30271d30e87f225cce6c69969d6dd8bbwrowe PR 45975. [Joe Orton]
016f2545c9375ec7fc5e9cb70aa1ae0cace83c98jerenkrantz *) Remove the obsolete serial attribute from the RPM spec file. Compile
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe against the external pcre. Add missing binaries fcgistarter, and
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe mod_socache* and mod_session*. [Graham Leggett]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wroweChanges with Apache 2.3.0
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) Remove X-Pad header which was added as a work around to a bug in
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) Add DTrace Statically Defined Tracing (SDT) probes.
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) mod_proxy_balancer: Move all load balancing implementations
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe as individual, self-contained mod_proxy submodules under
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe modules/proxy/balancers [Jim Jagielski]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) Rename APIs to include ap_ prefix:
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe find_child_by_pid -> ap_find_child_by_pid
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe suck_in_APR -> ap_suck_in_APR
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe sys_privileges_handlers -> ap_sys_privileges_handlers
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe unixd_accept -> ap_unixd_accept
b05930e6008f69bd323abe0c10f81f40ffd27983brianp unixd_config -> ap_unixd_config
b05930e6008f69bd323abe0c10f81f40ffd27983brianp unixd_killpg -> ap_unixd_killpg
b05930e6008f69bd323abe0c10f81f40ffd27983brianp unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
b05930e6008f69bd323abe0c10f81f40ffd27983brianp unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
b05930e6008f69bd323abe0c10f81f40ffd27983brianp unixd_set_rlimit -> ap_unixd_set_rlimit
4c7dab038d90d7feb67ef8ddbfacc77be8c9dbf0jwoolley [Paul Querna]
4c7dab038d90d7feb67ef8ddbfacc77be8c9dbf0jwoolley *) core: When the ap_http_header_filter processes an error bucket, cleanup
4c7dab038d90d7feb67ef8ddbfacc77be8c9dbf0jwoolley the passed brigade before returning AP_FILTER_ERROR down the filter
bb2a72a6e2327ae4f177c9d26e9d433033cfc27eaaron chain. This unambiguously ensures the same error bucket isn't revisited
8c8fbb8546af54582539898be704411a60058d85trawick [Ruediger Pluem]
8c8fbb8546af54582539898be704411a60058d85trawick *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard based on heartbeats. [Paul Querna]
f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard *) mod_heartmonitor: New module to collect heartbeats, and write out a file
a23b1c5a74208b03884c09a6f9dd5d6c97fa6415trawick so that other modules can load balance traffic as needed. [Paul Querna]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) mod_heartbeat: New module to generate multicast heartbeats to know if a
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe server is online. [Paul Querna]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) core: Error responses set by filters were being coerced into 500 errors,
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe sometimes appended to the original error response. Log entry of:
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe 'Handler for (null) returned invalid result code -3'
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe [Eric Covener]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) mod_buffer: Honour the flush bucket and flush the buffer in the
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe input filter. Make sure that metadata buckets are written to
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe the buffer, not to the final brigade. [Graham Leggett]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) mod_buffer: Optimise the buffering of heap buckets when the heap
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe Ruediger Pluem]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) mod_buffer: Optional support for buffering of the input and output
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe filter stacks. Can collapse many small buckets into fewer larger
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe buckets, and prevents excessively small chunks being sent over
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe the wire. [Graham Leggett]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) mod_privileges: new module to make httpd on Solaris privileges-aware
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb and to enable different virtualhosts to run with different
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb privileges and Unix user/group IDs [Nick Kew]
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb *) mod_mem_cache: this module has been removed. [William Rowe]
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb *) authn/z: Remove mod_authn_default and mod_authz_default.
db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb [Chris Darroch]
5d12baef135b5d3cb94745e007a1575398469724jerenkrantz *) authz: Fix handling of authz configurations, make default authz
5d12baef135b5d3cb94745e007a1575398469724jerenkrantz logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz directives. [Chris Darroch]
f881b8be216de36c6b964324c772450bca38a4e6trawick *) mod_authn_core: Prevent crash when provider alias created to
f881b8be216de36c6b964324c772450bca38a4e6trawick provider which is not yet registered. [Chris Darroch]
0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron *) mod_authn_core: Add AuthType of None to support disabling
0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron authentication. [Chris Darroch]
0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron *) core: Allow <Limit> and <LimitExcept> directives to nest, and
0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron constrain their use to conform with that of other access control
0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron and authorization directives. [Chris Darroch]
33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz *) unixd: turn existing code into a module, and turn the set user/group
33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz and chroot into a child_init function. [Nick Kew]
33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
ff42f83cbf31893bcde9712332a8e5ee970f6a74trawick *) mod_dir: Support "DirectoryIndex disabled"
ff42f83cbf31893bcde9712332a8e5ee970f6a74trawick Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
54e1babd5a5a56c576eeeace54110150769cc916coar OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
54e1babd5a5a56c576eeeace54110150769cc916coar *) Export and install the mod_rewrite.h header to ensure the optional
54e1babd5a5a56c576eeeace54110150769cc916coar rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
54e1babd5a5a56c576eeeace54110150769cc916coar available to third party modules. [Graham Leggett]
54e1babd5a5a56c576eeeace54110150769cc916coar *) mod_authnz_ldap: don't return NULL-valued environment variables to
54e1babd5a5a56c576eeeace54110150769cc916coar other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
54e1babd5a5a56c576eeeace54110150769cc916coar *) Don't adjust case in pathname components that are not of interest
54e1babd5a5a56c576eeeace54110150769cc916coar to mod_mime. Fixes mod_negotiation's use of such components.
54e1babd5a5a56c576eeeace54110150769cc916coar PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) Be tolerant in what you accept - accept slightly broken
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe status lines from a backend provide they include a valid status code.
949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz *) New module mod_sed: filter Request/Response bodies through sed
949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz *) mod_auth_form: Make sure that basic authentication is correctly
949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz faked directly after login. [Graham Leggett]
2b93f4e3bba84578a57e5edcdb510071d2e79ed9pquerna *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
2b93f4e3bba84578a57e5edcdb510071d2e79ed9pquerna within the output headers and error output headers, so that the
07021d9f405849228b859d9fb4b877f20e4fbba3jerenkrantz session is maintained across redirects. [Graham Leggett]
4ca13a5e126946272f02637e268a8e09193c553ecoar *) mod_auth_form: Make sure the logged in user is populated correctly
4ca13a5e126946272f02637e268a8e09193c553ecoar after a form login. Fixes a missing REMOTE_USER variable directly
4ca13a5e126946272f02637e268a8e09193c553ecoar following a login. [Graham Leggett]
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe *) mod_session_cookie: Make sure that cookie attributes are correctly
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe included in the blank cookie when cookies are removed. This fixes an
48c0c81cd6fabac9d3386406d97633780365b839coar inability to log out when using mod_auth_form. [Graham Leggett]
48c0c81cd6fabac9d3386406d97633780365b839coar *) mod_autoindex: add configuration option to insert string
48c0c81cd6fabac9d3386406d97633780365b839coar in HTML HEAD. [Nick Kew]
e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
4ca13a5e126946272f02637e268a8e09193c553ecoar null value. [David Shane Holden <dpejesh apache.org>]
b84f66c93f820824b1d5455181f55598b766319cwrowe *) mod_headers: Prevent Header edit from processing only the first header
b84f66c93f820824b1d5455181f55598b766319cwrowe of possibly multiple headers with the same name and deleting the
b84f66c93f820824b1d5455181f55598b766319cwrowe remaining ones. PR 45333. [Ruediger Pluem]
7fe18c15b669db9d191859695901dc4fcf3829dawrowe *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
7fe18c15b669db9d191859695901dc4fcf3829dawrowe [Tom Donovan]
cc22a72861c58dda7f3768613aec864e4c4e0353striker *) core, authn/z: Determine registered authn/z providers directly in
cc22a72861c58dda7f3768613aec864e4c4e0353striker ap_setup_auth_internal(), which allows optional functions that just
cc22a72861c58dda7f3768613aec864e4c4e0353striker wrapped ap_list_provider_names() to be removed from authn/z modules.
60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe [Chris Darroch]
60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe *) authn/z: Convert common provider version strings to macros.
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe [Chris Darroch]
f610c7c704235bc327dbe9b62982f5b3f8e30a77wrowe *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe *) configure: Don't reject libtool 2.x
60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
19cbe4d7b7c931723e7249de6829bf965a1fee72stoddard *) core: When testing for slash-terminated configuration paths in
b187d568e1507d75139ebc13ca945b38fc05d55cstoddard ap_location_walk(), don't look past the start of an empty string
b187d568e1507d75139ebc13ca945b38fc05d55cstoddard such as that created by a <Location ""> directive.
b187d568e1507d75139ebc13ca945b38fc05d55cstoddard [Chris Darroch]
d2f8b010487ffa990a9c268df5a25579e7291bcdrbb *) core, mod_proxy: If a kept_body is present, it becomes safe for
d2f8b010487ffa990a9c268df5a25579e7291bcdrbb subrequests to support message bodies. Make sure that safety
a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard checks within the core and within the proxy are not triggered
0bff2f28ef945280c17099c142126178a78e1e54manoj when kept_body is present. This makes it possible to embed
35330e0d79ceb8027223bbb8330a381b1f989d6etrawick proxied POST requests within mod_include. [Graham Leggett]
9c09943bad734ebd5c7cc10bd6d63b75c4c6e056stoddard *) mod_auth_form: Make sure the input filter stack is properly set
ff849e4163ed879288f0df15f78b6c9d278ec804fanf up before reading the login form. Make sure the kept body filter
ff849e4163ed879288f0df15f78b6c9d278ec804fanf is correctly inserted to ensure the body can be read a second
447c6ce3ff08073c44f6785d5256271fcb877512wrowe time safely should the authn be successful. [Graham Leggett,
e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar Ruediger Pluem]
e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar *) mod_request: Insert the KEPT_BODY filter via the insert_filter
e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar hook instead of during fixups. Add a safety check to ensure the
6758b07b4b79f898b0f56375016cea7da0bfb495wrowe filters cannot be inserted more than once. [Graham Leggett,
6758b07b4b79f898b0f56375016cea7da0bfb495wrowe Ruediger Pluem]
7fe18c15b669db9d191859695901dc4fcf3829dawrowe *) core: Do not allow Options ALL if not all options are allowed to be
db3ccce11afac4fc1d4f51a65424412f7480c46cgstein overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
48c0c81cd6fabac9d3386406d97633780365b839coar *) ap_cache_cacheable_headers_out() will (now) always
48c0c81cd6fabac9d3386406d97633780365b839coar merge an error headers _before_ clearing them and _before_
48c0c81cd6fabac9d3386406d97633780365b839coar merging in the actual entity headers and doing normal
48c0c81cd6fabac9d3386406d97633780365b839coar hop-by-hop cleansing. [Dirk-Willem van Gulik].
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick *) cache: retire ap_cache_cacheable_hdrs_out() which was used
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick for both in- and out-put headers; and replace it by a single
79d5106a9b65b956d646f5daae4b94bc79e315b8trawick ap_cache_cacheable_headers() wrapped in a in- and out-put
cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein specific ap_cache_cacheable_headers_in()/out(). The latter
cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein which will also merge error and ensure content-type. To keep
cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein cache modules consistent with ease. This API change bumps
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe up the minor MM by one [Dirk-Willem van Gulik].
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein PR 44799 [Christian Wenz <christian wenz.org>]
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein *) Move the KeptBodySize directive, kept_body filters and the
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein ap_parse_request_body function out of the http module and into a
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein new module called mod_request, reducing the size of the core.
823c303d33c9e637a83d82208bcbafaf5f532d7bgstein [Graham Leggett]
e636eba7474e0010b5c7198af1c2fe5ad8652dbbmanoj *) mod_dbd: Handle integer configuration directive parameters with a
e636eba7474e0010b5c7198af1c2fe5ad8652dbbmanoj dedicated function.
281da4c02cf40c663298ded7e4e5b913a8f8b814gstein *) Change the directives within the mod_session* modules to be valid
281da4c02cf40c663298ded7e4e5b913a8f8b814gstein both inside and outside the location/directory sections, as
2f728b2e8555fee1b7cc11e886488692f2575fbddougm suggested by wrowe. [Graham Leggett]
2f728b2e8555fee1b7cc11e886488692f2575fbddougm *) mod_auth_form: Add a module capable of allowing end users to log
27757f6699a924d4b493a1b6cceb27df27a43287dreid in using an HTML form, storing the credentials within mod_session.
b3b4e853e4958357ee2d50e2fe41effecfde9eedwrowe [Graham Leggett]
21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick *) Add a function to the http filters that is able to parse an HTML
21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick form request with the type of application/x-www-form-urlencoded.
21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick [Graham Leggett]
21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick *) mod_session_crypto: Initialise SSL in the post config hook.
21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick [Ruediger Pluem, Graham Leggett]
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay *) mod_session_dbd: Add a session implementation capable of storing
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay session information in a SQL database via the dbd interface. Useful
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay for sites where session privacy is important. [Graham Leggett]
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay *) mod_session_crypto: Add a session encoding implementation capable
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay of encrypting and decrypting sessions wherever they may be stored.
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay Introduces a level of privacy when sessions are stored on the
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay browser. [Graham Leggett]
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay *) mod_session_cookie: Add a session implementation capable of storing
9f95877e5e3f99a43eb6f3f632f87f144da3b8e6pquerna session information within cookies on the browser. Useful for high
1062c731b19eed1efa24e2229e8c3a34240846c6minfrin volume sites where server bound sessions are too resource intensive.
05cd8b63829a8a9047076ffbce8dd6cd1cb2db92thommay [Graham Leggett]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) mod_session: Add a generic session interface to unify the different
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe attempts at saving persistent sessions across requests.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe [Graham Leggett]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) core, authn/z: Avoid calling access control hooks for internal requests
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe with configurations which match those of initial request. Revert to
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe original behaviour (call access control hooks for internal requests
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe with URIs different from initial request) if any access control hooks or
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe providers are not registered as permitting this optimization.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe Introduce wrappers for access control hook and provider registration
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe which can accept additional mode and flag data. [Chris Darroch]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) Introduced ap_expr API for expression evaluation.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe This is adapted from mod_include, which is the first module
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe to use the new API.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) mod_authz_dbd: When redirecting after successful login/logout per
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe AuthzDBDRedirectQuery, do not report authorization failure, and use
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe first row returned by database query instead of last row.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe [Chris Darroch]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) mod_ldap: Correctly return all requested attribute values
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe when some attributes have a null value.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe PR 44560 [Anders Kaseorg <anders kaseorg.com>]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) core: check symlink ownership if both FollowSymlinks and
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe SymlinksIfOwnerMatch are set [Nick Kew]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) core: fix origin checking in SymlinksIfOwnerMatch
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe contain public function declarations which are useful for
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe third party module authors. PR 42431 [Dirk-Willem van Gulik].
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe *) mod_dir, mod_negotiation: pass the output filter information
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe to newly created sub requests; as these are later on used
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe as true requests with an internal redirect. This allows for
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe mod_cache et.al. to trap the results of the redirect.
62f7716b14b71603a8004434ca3536902bfb8899wrowe [Dirk-Willem van Gulik, Ruediger Pluem]
afbd720d176856630fed7c6576cdd3ae25a407edstoddard *) mod_ldap: Add support (taking advantage of the new APR capability)
afbd720d176856630fed7c6576cdd3ae25a407edstoddard for ldap rebind callback while chasing referrals. This allows direct
afbd720d176856630fed7c6576cdd3ae25a407edstoddard searches on LDAP servers (in particular MS Active Directory 2003+)
afbd720d176856630fed7c6576cdd3ae25a407edstoddard using referrals without the use of the global catalog.
28c4fe67d75f8f26504d75b7aa8dc5d868032888wrowe PRs 26538, 40268, and 42557 [Paul J. Reder]
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz *) mod_ssl: Added server name indication support (SNI, RFC 4366).
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz can be created with test/make_sni.sh [Dirk-Willem van Gulik].
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz *) ApacheMonitor.exe: Introduce --kill argument for use by the
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz installer. This will permit the installation tool to remove
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz all running instances before attempting to remove the .exe.
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz [William Rowe]
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz *) mod_ssl: Add support for OCSP validation of client certificates.
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
74def8815c725f8128a4e76ab1f5704df80b024ajerenkrantz *) mod_serf: New module for Reverse Proxying. [Paul Querna]
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard *) core: Add the option to keep aside a request body up to a certain
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard size that would otherwise be discarded, to be consumed by filters
afbd720d176856630fed7c6576cdd3ae25a407edstoddard such as mod_include. When enabled for a directory, POST requests
afbd720d176856630fed7c6576cdd3ae25a407edstoddard to shtml files can be passed through to embedded scripts as POST
afbd720d176856630fed7c6576cdd3ae25a407edstoddard requests, rather being downgraded to GET requests. [Graham Leggett]
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
47c81da11264e8870b146dbdf3ac0384d3290ae9jerenkrantz *) scoreboard: Correctly declare ap_time_process_request.
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard provide the unusual legacy lookup. [William Rowe]
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard *) mpm winnt: fix null pointer dereference
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard PR 42572 [Davi Arnaut]
ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj parameters to the environment. Improve portability to
d5defd5a0c5cdbaf74b85939484dc2b6c8317d19manoj EBCDIC machines by using apr_toupper(). [Martin Kraemer]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj to authorize an authenticated user via a "require ldap-group X" directive
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj where the user is not in group X, but is in a subgroup contained in X.
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj PR 42891 [Paul J. Reder]
6758b07b4b79f898b0f56375016cea7da0bfb495wrowe *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
6758b07b4b79f898b0f56375016cea7da0bfb495wrowe *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj for SDKs that define LDAP_NO_LIMIT to something other than -1.
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein [David Jones <oscaremma gmail.com>]
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein *) apxs: Enhance -q flag to print all known variables and their values
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein when invoked without variable name(s).
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein [William Rowe, Sander Temme]
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein *) apxs: Eliminate run-time check for mod_so. PR 40653.
ec0315cdf832eac2b78e50ad636af84fe4c9118cgstein [David M. Lee <dmlee crossroads.com>]
62f7716b14b71603a8004434ca3536902bfb8899wrowe *) beos MPM: Create pmain pool and run modules' child_init hooks when
62f7716b14b71603a8004434ca3536902bfb8899wrowe entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
62f7716b14b71603a8004434ca3536902bfb8899wrowe [Chris Darroch]
62f7716b14b71603a8004434ca3536902bfb8899wrowe *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
62f7716b14b71603a8004434ca3536902bfb8899wrowe cleanups registered in modules' child_init hooks are performed.
62f7716b14b71603a8004434ca3536902bfb8899wrowe [Chris Darroch]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: