CHANGES revision dc681b5cee49eb24c3ae8d6f50c4c9c9c05faa52
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews -*- coding: utf-8 -*-
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterChanges with Apache 2.3.0
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater [Remove entries to the current 2.0 and 2.2 section below, when backported]
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater *) mod_proxy_balancer: Do not overwrite the status of initialized workers and
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater respect the configured status of uninitilized workers when creating a new
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater child process. [Ruediger Pluem]
cd0aa2d941d1438fabb5337f1f38c49478edf71dAutomatic Updater *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_ajp: Support common headers of the AJP protocol in responses.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>, Ruediger Pluem]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Reject invalid Expect header immediately. PR 38123.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Ruediger Pluem]
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater *) Authz: Add the new module mod_authn_core that will provide common
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
58be84825d7f5de30e50eb7206b37227ecd8055bAutomatic Updater 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater into mod_authn_core. [Brad Nicholes]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Authz: Mark the directives 'Order', 'Allow', 'Deny' and 'Satisfy' as
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater deprecated and move them into the new module mod_access_compat which
831f79c4310a7d38fc3475ccfff531b2b2535641Automatic Updater can be loaded to provide backwards compatibility for these directives.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Brad Nicholes]
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) Authz: Move the 'Require' directive from the core module as well as
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater logic into the authorization processing. [Brad Nicholes]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) Authz: Add the new module mod_authz_core which acts as the
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater authorization provider vector and contains common authz
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater directives. [Brad Nicholes]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater host-based access control provided by mod_authz_host and invoked
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater through the 'Require' directive. [Brad Nicholes]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt *) Authz: Convert all of the authz modules from hook based to
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater provider based. [Brad Nicholes]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt *) mod_cache: Add CacheMinExpire directive to set the minimum time in
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater seconds to cache a document.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) Refactored ap_read_request() to provide a foundation for
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater nonblocking reads of requests. [Brian Pane]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater *) If a connection is aborted while waiting for a chunked line, flag the
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater connection as errored out. [Justin Erenkrantz]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) mod_proxy: If we get an error reading the upstream response,
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater close the connection.
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews [Justin Erenkrantz, Roy T. Fielding, Jim Jagielski, Ruediger Pluem]
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fix typo in ProxyStatus syntax error message.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater *) Asynchronous write completion for the Event MPM. [Brian Pane]
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater *) Added an End-Of-Request bucket type. The logging of a request and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater This has the effect of delaying the logging until right after the last
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater of the response is sent; ap_core_output_filter() calls the access logger
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews indirectly when it destroys the EOR bucket. [Brian Pane]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater and the format of statistical output has changed. [Colm MacCarthaigh]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) Added new connection states for handler and write completion
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) New module: mod_authn_dbd [Nick Kew]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater [Justin Erenkrantz]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater allowing string-valued client certificate attributes to be used for
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater [Martin Kraemer, David Reid]
b1265b5a06df36d490d4bdf54284fb133a1f5a84Automatic UpdaterChanges with Apache 2.2.1
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) SECURITY: CVE-2005-3357 (cve.mitre.org)
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont mod_ssl: Fix a possible crash during access control checks if a
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater non-SSL request is processed for an SSL vhost (such as the
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater "HTTP request received on SSL port" error message when an 400
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont ErrorDocument is configured, or if using "SSLEngine optional").
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews PR 37791. [R�diger Pl�m, Joe Orton]
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater *) SECURITY: CVE-2005-3352 (cve.mitre.org)
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews mod_imagemap: Escape untrusted referer header before outputting
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews in HTML to avoid potential cross-site scripting. Change also
08e3b6797706a13054bad749dea04e94b514b8e7Automatic Updater made to ap_escape_html so we escape quotes. Reported by JPCERT.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
b29e5c56eb74a6de1a84c29879afc90ffc6b1436Automatic Updater [Ruediger Pluem]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) Modify apr[util] .h detection to avoid breakage on VPATH builds
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews using Solaris make (amoung others) and avoid breakage in ./buildconf
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when srclib/apr[-util] are symlinks rather than directories proper.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater [William Rowe]
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater *) Chunk filter: Fix chunk filter to create correct chunks in the case that
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater a flush bucket is surrounded by data buckets. [Ruediger Pluem]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater *) Fix syntax error in httpd.h with strict compilers. PR 38740.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater [Per Olausson <pao darkheim.freeserve.co.uk>]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) Preserve the Content-Length header for a proxied HEAD response.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater PR 18757. [Greg Ames]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) Fix recursive ErrorDocument handling. PR 36090.
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater [Chris Darroch <chrisd pearsoncmg.com>]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) Don't hang on error return from post_read_request. PR37790 [Nick Kew]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) Fix off-by-one error in proxy_balancer. PR37753
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater [Kazuhiro Osawa <ko yappo ne jp>]
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic UpdaterChanges with Apache 2.2.0
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater *) mod_negotiation: Minor performance tweak by reusing already calculated
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) Remove support for 'On' and 'Off' for AuthBasicProvider and
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater AuthDigestProvider. [Joshua Slive, Justin Erenkrantz]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Add in new UseCanonicalPhysicalPort directive, which controls
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater whether or not Apache will ever use the actual physical port
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when constructing the canonical port number. [Jim Jagielski]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater *) mod_dav: Fix a null pointer dereference in an error code path during the
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater handling of MKCOL.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater *) Fix DESTDIR=... installation when using bundled copy of APR.
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater [Torsten Foertsch <torsten.foertsch gmx.net>]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) mod_proxy_balancer: When finding best worker, use case insensitive
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater match for scheme and host, but case sensitive for the rest of
f4029eb7463e99df00618de89f0bee5ac062a237Automatic Updater the path. [Jim Jagielski, Ruediger Pluem]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterChanges with Apache 2.1.9
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater *) mod_proxy_ajp: Do not spool the entire response from AJP backend before
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater sending it up the filter chain. PR37100. [Ruediger Pluem]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater subrequests to non local resources work again. [Ruediger Pluem]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) mod_proxy: Do not lowercase the entire worker name of a BalancerMember
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater since this breaks case sensitive URI's. PR36906. [Ruediger Pluem]
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater *) core: AddOutputFilterByType is ignored for proxied requests. PR31226.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joe Orton, Ruediger Pluem]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy_http: Prevent data corruption of POST request bodies when
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater client accesses proxied resources with SSL. PR37145.
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater [Ruediger Pluem, William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy_balancer: BalancerManager and proxies correctly handle
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater member workers with paths. PR36816. [Ruediger Pluem, Jim Jagielski]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_log_config: %{hextid}P will log the thread id in hex with APR
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater versions 1.2.0 or higher. [Jeff Trawick]
7262eb86f2b465822206122921e2f357218f0cfdAutomatic Updater *) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews in 1.3. [Jeff Trawick]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Support dbd connections tied to the conn_rec [Nick Kew]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Move mod_dbd to /modules/database/ [Nick Kew]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Move mod_filter and mod_charset_lite to /modules/filters/ [Nick Kew]
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater *) Fix mod_dbd's config [Brian J. France <list firehawksystems.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater connections. PR36883.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [William Barker <william.barker wilshire.com>, Ruediger Pluem]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater *) Elimiated the NET_TIME filter, restructuring the timeout logic.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews This provides a working mod_echo on all platforms, and ensures any
f7c88d61cc1ad2435b0b7cfaedfc9d5248c0be25Automatic Updater custom protocol module is at least given an initial timeout value
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews based on the <VirtualHost > context's Timeout directive.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [William Rowe]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_proxy: Run the request_status hook also if there are no free workers
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater or all workers are in error state.
995eaa289ba9709c64ef89b3776e53c36adc0010Automatic Updater [Ruediger Pluem, Brian Akins <brian.akins turner.com>]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) mod_proxy_balancer: mod_proxy_balancer does not handle sticky sessions
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with tomcat correctly. PR36507. [Ruediger Pluem]
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater *) mod_proxy_connect: Fix high CPU loop on systems like UnixWare which
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater trigger POLL_ERR or POLL_HUP on a terminated connection. PR 36951.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater [Jeff Trawick, Ruediger Pluem]
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater *) SECURITY: CVE-2005-2970 (cve.mitre.org)
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater worker MPM: Fix a memory leak which can occur after an aborted
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson connection in some limited circumstances. [Greg Ames]
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater *) Doxygen fixup [Neale Ranns <neale ranns.org>, Ian Holsman]
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater *) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater mod_dir from serving indexes correctly with mod_cache enabled.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Colm MacCarthaigh]
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark AndrewsChanges with Apache 2.1.8
7858b0168b866c0c2878fc4ea31fb5e581c1a6a9Automatic Updater *) Fix lingering close implementation to match 1.3.x behaviour.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews PR 35292. [Joe Orton]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_ssl: Support limited buffering of request bodies to allow
e2caa7536302de34de6cc04025abcd53dc3a499aAutomatic Updater per-location renegotiation to proceed. PR 12355. [Joe Orton]
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater *) Fix regression since 2.0.x in AllowOverride Options handling.
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews PR 35330. [kabe <kabe sra-tohoku.co.jp>]
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews *) mod_ssl: Fix memory leak in ssl_util_algotypeof().
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews PR 25659. [David Blake <dblake hp com>, Martin Kraemer]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) prefork, worker and event MPMs: Support a graceful-stop procedure:
b109432c3a939bff66a463be86c371bd88efe3aaAutomatic Updater Server will wait until existing requests are finished or until
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater "GracefulShutdownTimeout" number of seconds before exiting.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Colm MacCarthaigh, Ken Coar, Bill Stoddard]
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews *) prefork, worker and event MPMs: Prevent children from holding open
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater listening ports upon graceful restart or stop. PR 28167.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
3351ccbd5c1961404044f8273d54dad405f53960Mark Andrews *) SECURITY: CVE-2005-2700 (cve.mitre.org)
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater mod_ssl: Fix a security issue where "SSLVerifyClient" was not
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews enforced in per-location context if "SSLVerifyClient optional"
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews was configured in the vhost configuration. [Joe Orton]
0b57424d28c9a67018107133f9fbc0a7dcf057e2Mark Andrews *) mod_ssl: Catch parse errors from misconfigured or malformed
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater CRLs. PR 36438. [Joe Orton]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater *) mod_proxy/mod_proxy_balancer: lbmethods now implemented as
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater providers. Prevent problems when no Vhost containers were
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater configured with proxy balancers. [Jim Jagielski]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater *) New provider function to list all available provider names in a
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater specific group and version (ap_list_provider_names). [Jim Jagielski]
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater *) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington per-protocol, per-host and per-path basis. Intended for proxy
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater configurations. [Colm MacCarthaigh]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_disk_cache: Canonicalise the storage key, for improved hit/miss
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater ratio. [Colm MacCarthaigh]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cgid: Append .PID to the script socket filename and remove the
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews script socket on exit. [Colm MacCarthaigh, Jim Jagielski]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) mod_cgid: run the get_suexec_identity hook within the request-handler
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews instead of within cgid. PR 36410. [Colm MacCarthaigh]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonChanges with Apache 2.1.7
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) SECURITY: CVE-2005-2491 (cve.mitre.org):
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews Fix integer overflows in PCRE in quantifier parsing which could
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews be triggered by a local user through use of a carefully-crafted
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington regex in an .htaccess file. [Philip Hazel]
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater *) mod_proxy/mod_proxy_balancer: Provide a simple, functional
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater interface to add additional balancer lb selection methods
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater without requiring code changes to mod_proxy/mod_proxy_balancer;
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater these can be implemented via sub-modules now. [Jim Jagielski]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Fix incorrectly served 304 responses when expired cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater entity is valid, but cache is unwritable and headers cannot be
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater updated. [Colm MacCarthaigh <colm stdlib.net>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_cache: Remove entities from the cache when re-validation
b1265b5a06df36d490d4bdf54284fb133a1f5a84Automatic Updater receives a 404 or other content-no-longer-present error.
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater [Rüdiger Plüm ruediger.pluem vodafone.com]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) mod_disk_cache: Properly remove files from cache when needed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_disk_cache: Support htcacheclean removing directories.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Andreas Steinmetz]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) htcacheclean: Add -t option to remove empty directories.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Colm MacCarthaigh <colm stdlib.net>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington links for clients not using an Authorization header. [Graham Leggett,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Jon Snow <jsnow27 gatesec.net>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Restore the HTTP status of cached responses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Store varied contents all in the same prefix for a varied URI.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington filters. [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_negotiation: Correctly report 404 instead of 403 for missing files.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) new hook (request_status) that gets ran in proxy_handler just before
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the final return. This gives modules an opportunity to do something
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington based on the proxy status. (minor MMN bump)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Brian Akins <bakins turner.com>, Ian Holsman]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add additional SSLSessionCache option, 'nonenotnull', which is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington similar to 'none' (disabling any external shared cache) but forces
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington OpenSSL to provide a non-null session ID. [Jim Jagielski]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the negotiated compression. [Georg v. Zezschwitz <gvz 2scale.de>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fixed complaints about unpackaged files within the RPM build
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington after changes to the config files. [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington just closing the socket, a HTTP request is made, to make sure the child is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington always awakened. [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian WellingtonChanges with Apache 2.1.6
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix htdbm password validation for records which included comments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener <covener gmail.com>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater [Steve Kemp <steve steve.org.uk>]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic UpdaterChanges with Apache 2.1.5
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) mod_ssl: Setting the Protocol to 'https' can replace the use of the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater 'SSLEngine on' command. [Paul Querna]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) core: Refactor the mapping of Accept Filters to Sockets. Add the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater AcceptFilter and Protocol directives to aid in mapping filter types.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater Extend the Listen directive to optionally take a protocol name.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) mod_disk_cache: Support storing multiple variations of one URL. PR 35211.
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews *) mod_disk_cache: Atomically create the header data file. [Paul Querna]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [Paul Querna]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Paul Querna]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_mime_magic: Handle CRLF-format magic files so that it works with
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington the default installation on Windows. [Jeff Trawick]
348040cb2675f1c3711672dadfc29f5ddfd2bb23Automatic Updater *) core: Allow multiple modules to register interest in a single
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration command. [Paul Querna]
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater *) authn_provider_alias: Adds the configuration block tag
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <AuthnProviderAlias baseProvider Alias>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Authentication directives contained within this block can be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington referenced as a new authProvider using the AuthBasicProvider or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington AuthDigestProvider directive. These directives will be merged in to
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater the per_dir configuration just before the base provider is called.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) ap_getword_conf: Fix backslashes at the end of configuration directives.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 34834. [Timo Viipuri <viipuri dlc.fi>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater Provide module hooks for apr_dbd; optimise for httpd
e01f44b37ba11c9d34f4a8394f950efae5c07f33Automatic Updater threaded and non-threaded arch [Nick Kew]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) ab: SSL support rewritten, improved, and enabled if SSL is enabled
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater during the build; -f and -Z arguments added to specify SSL protocol
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater options. [Masaoki Kobayashi <masaoki techfirm.co.jp>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_info: Show the Quick Handler [Paul Querna]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ldap: Add the directive LDAPVerifyServerCert to specify
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater whether to force verification of the server certificate when
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington establishing an SSL connection to the LDAP server.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Brad Nicholes]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington hook. [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) ap_get_local_host() rewritten for APR. [Jim Jagielski]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add the ap_vhost_iterate_given_conn function to expose the information
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington used in Name Based Virtual Hosting. (minor MMN bump)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Remove the never working ap_method_list_do and ap_method_list_vdo.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Added makefile and doc for building mod_ssl on the NetWare
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington platform. [Guenter Knauf, Brad Nicholes]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington applications that send the Vary Header themselves, and also apply
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_deflate as an output filter. [Paul Querna]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Change the default (when not present in the config file) setting
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for UseCanonicalName to Off.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Joshua Slive]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_userdir: The module no longer does any remapping unless the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater UserDir directive is present in the config file.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joshua Slive]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Massively simplify the distributed httpd.conf by removing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington many features and many directives that are at their default
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews setting. Add a selection of example config excerpts for adding
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews extra features in the conf/extra/ directory. Install the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington distributed config and the extra config examples in the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington conf/original/ directory during make install.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Joshua Slive, Justin Erenkrantz]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_userdir and mod_autoindex as shared modules rather than
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington built-in modules within the NetWare build.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Brad Nicholes]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Rename mod_imap to mod_imagemap.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul Querna]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) util_ldap: Eliminate the load ordering of mod_ldap and mod_authnz_ldap
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews by changing the mod_ldap exported functions to optional functions.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Brad Nicholes]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsChanges with Apache 2.1.4
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Don't let a subrequest inherit headers describing the original request's
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington body. [Greg Ames]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix Windows CompContext buff size miscalculation
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Allan Edwards]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add ReceiveBufferSize directive to control the TCP receive buffer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener <covener gmail.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington end of the request body to work with really old HTTP servers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) util_ldap: Keep track of the number of attributes retrieved from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington LDAP so that all the values can be properly cached even if the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater value is NULL. PR 33901 [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Fix error where incoming Cache-Control would be ignored.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Correctly handle originally conditional requests.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Sander Striker]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_disk_cache: Correctly update cached headers on revalidated responses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Sander Striker, Justin Erenkrantz]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) worker MPM/mod_status: Support per-worker tracking of pid and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington generation in the scoreboard so that mod_status can accurately
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews represent workers in processes which are gracefully terminating.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (major MMN bump)
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Jeff Trawick]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) Correctly export all mod_dav public functions.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Branko Čibej <brane xbc.nu>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark AndrewsChanges with Apache 2.1.3
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Add ssl_ext_lookup optional function for accessing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington certificate extensions. [David Reid, Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Add support for use of an external PCRE library; pass the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington --with-pcre flag to configure. PR 27550. [Joe Orton,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Andres Salomon <dilinger voxel.net>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Renamed regex interfaces to be namespace-safe, and moved from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington pcreposix.h header to ap_regex.h: regex_t->ap_regex_t,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington regmatch_t->ap_regmatch_t; REG_*->AP_REG_*; functions
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington reg*->ap_reg*. PR 27550. [Andres Salomon <dilinger voxel.net>,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Only recompile buildmark.c when we have to relink httpd.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Fix up handling of revalidated responses.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Justin Erenkrantz]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater *) mod_disk_cache: Properly load cached ETag from on-disk structures.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_authnz_ldap: Added an optional second parameter to AuthLDAPURL
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to allow it to override the connection type set in mod_ldap. This
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater parameter can be set to NONE, SSL or TLS | STARTTLS.
b0d566a2ce0f5a67f537ee7f8233f82f2584cc61Automatic Updater [Brad Nicholes]
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Max Bowsher <maxb ukf.net>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater [Rici Lake <rici ricilake.net>]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater *) mod_proxy: Fix ap_proxy_canonenc API.
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater PR 32459. [Jim Jagielski]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater *) mod_cache: Add CacheStorePrivate and CacheStoreNoStore directive.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [Justin Erenkrantz]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater *) Add --enable-pie flag to configure, to build httpd as a Position
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater Independent Executable where supported (GCC/binutils).
e8c17c74535be290abaaa160a434ed80bf0ad2feMark Andrews *) proxy_balancer: Add in load-balancing via weighted traffic
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater byte count. [Jim Jagielski]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) mod_disk_cache: Cache r->err_headers_out headers. This allows CGI
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater scripts to be properly cached. [Justin Erenkrantz, Sander Striker]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option()
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater API for the setting of server and client SSL certificates. Replaced
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater LDAPTrustedCA directive with LDAPTrustedGlobalCert and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater LDAPTrustedClientCert directives to correctly support global certs
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater (CA certs / Netware client certs) and per connection client certs
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater as supported by Netware, OpenLDAP and Netscape/Mozilla.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_cache: Remove unimplemented CacheForceCompletion directive.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Justin Erenkrantz]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) support/check_forensic: Fix temp file usage
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_ssl: Add SSLCADNRequestFile and SSLCADNRequestPath directives
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater which can be used to configure a specific list of CA names to send
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater in a client certificate request. PR 32848.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) --with-module can now take more than one module to be statically
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater If the <modtype>-subdirectory doesn't exist it will be created and
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater populated with a standard Makefile.in. [Erik Abele]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) Remove some compiler warnings within the LDAP modules [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) Add a build script to create a solaris package. [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) ap_http_scheme() replaced with ap_http_method() - this function
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater returns the scheme (http v.s. https).
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [William Rowe]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_proxy: Fix a request corruption problem and a buffering problem
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater which sometimes prevented proxy-sendchunks from working.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Jeff Trawick]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) Fix the RPM spec file so that an RPM build now works. An RPM
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater build now requires system installations of APR and APR-util.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) Significantly simplify the load balancer scheduling algorithm
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater for the proxy BalancerMember weighting. loadfactors (lbfactors)
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater are now normalized with respect to each other. [Jim Jagielski]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_dumpio: Added to the available module suite; it is an
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater I/O logging/dumping module. Placed in the (new) debug module
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater subdirectory. mod_bucketeer moved to that directory as well.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Jim Jagielski]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) core: Add support for APR_TCP_DEFER_ACCEPT to defer accepting
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater of a connection until data is available.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterChanges with Apache 2.1.2
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews *) mod_proxy: Respect errors reported by pre_connection hooks.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews [Jeff Trawick]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) core: Error out on sections that are missing an argument instead of
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater silently consuming the section. PR 25460.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater [Geoffrey Young, Paul Querna]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) mod_cache/mod_mem_cache/mod_disk_cache: Move out of experimental.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) Upgraded PCRE to version 5.0. [Brian Pane]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_cgid: Catch configuration problem where two web server instances
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater share same ServerRoot but admin forgot to use ScriptSock.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater [Jeff Trawick]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) mod_cgi: Ensure that all stderr is logged for a script which returns
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater a Location header to generate a non-local redirect. PR 20111.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) Added the Event MPM to more efficiently handle clients during a
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater Keep Alive request.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater [Paul Querna, Greg Ames]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterChanges with Apache 2.1.1
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_proxy_http: Stream content better - always flush buffered data to
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater the client before blocking waiting for new data. PR 19954.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater will dump the filenames of all configured SSL certificates to stdout.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_disk_cache: Remove a bunch of non-implemented garbage collection
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater and cache size directives that are now available through htcacheclean.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater [Justin Erenkrantz]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) Add htcacheclean to support/ for assistance with mod_disk_cache.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Andreas Steinmetz]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington allows the module to authorize a user based on a complex LDAP
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington search filter. [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_usertrack: Run the fixups hook before other modules.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington PR 29755. [Paul Querna]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Allow mod_authnz_ldap authorization functionality to be used
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater without requiring the user to also be authenticated through
0fde13e46fef2ac9d8250adb92263f436425a914Automatic Updater mod_authnz_ldap. This allows other authentication modules to
0fde13e46fef2ac9d8250adb92263f436425a914Automatic Updater take advantage of LDAP authorization only [PR 28253]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jari Ahonen jah progress.com, Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Log the client IP address when an error occurs disabling nagle on a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater connection, but log at a severity of debug since this error
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater generally means that the connection was dropped before data was
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater sent. Log the client IP address when reporting errors in the core
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater output filter. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core: Add a warning message if the request line read fails.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) mod_rewrite: Removed the MaxRedirects option in favor of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater core LimitInternalRecursion directive. [André Malo]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) mod_info: Added listing of the Request Hooks and added more build
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater information like 'httpd -V' contains. Changed output to XHTML.
ff62ab3c2e6274f19190ded15548c723d38bbbe3Automatic Updater *) mod_info: Rewrote config tree walk using a recursive function.
ff62ab3c2e6274f19190ded15548c723d38bbbe3Automatic Updater Added ?config option. Added printout of config filename and line numbers.
ff62ab3c2e6274f19190ded15548c723d38bbbe3Automatic Updater [Rici Lake <rici ricilake.net>, Paul Querna]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater *) mod_proxy: Fix type error that prevents proxy-sendchunks from working.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy: Fix data corruption by properly setting aside buckets.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater [Justin Erenkrantz]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_proxy: If a request has a blank body and has a 0 Content-Length
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater headers, pass that to the proxy. [Justin Erenkrantz]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Recognize QSA flag in mod_rewrite again.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Restructured mod_auth_ldap to fit the new authentication model.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater The module is now called authnz_ldap and has been moved out of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the modules/experimental area and into modules/aaa with the other
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater auth modules. Both the authn_ldap provider and the authz_ldap
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater handler are contained within the authnz_ldap module. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington authz_ldap handler introduces 3 new "requires" values for handling
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authorization. These handlers are ldap-user, ldap-group and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ldap-dn. [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix some compiler warnings in proxy
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Geoffrey Young <geoff@modperlcookbook.org>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number of days until the client cert expires. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Add test_config hook, run only if httpd is invoked using -t.
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater *) Improve error handling for corrupted pid files. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (for backwards compatibility):
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater Avoids mod_ssl.h (not included in 2.0-HEAD) and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater use apr_socket_create_ex for 0.9.x
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Added proxy_ajp.c module for proxy support to ajp:// backends.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [Jean Frederic Clere]
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater *) Fixes the build of proxy on Windows. Since the proxy_module is declared
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater is a LNK2001 error when building proxy_http. [Mladen Turk]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater [Graham Leggett]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater *) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater *) perchild MPM: Fix thread safety problem in the use of longjmp().
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater *) Add load balancer support to the scoreboard in preparation for
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater load balancing support in mod_proxy. [Mladen Turk]
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews allow a non-secure connection to be upgraded to secure connections
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews [Brad Nicholes]
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews *) core: Add Options= syntax to AllowOverride to specify which options
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews may be overridden in .htaccess files. PR 29310.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater [Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) ab: Handle long URLs with an error instead of an buffer overflow.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_so, core: Add new command line options to print all loaded
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater modules. '-t -D DUMP_MODULES' and '-M' will show all static
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater and shared modules as loaded from the configuration file.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_autoindex: Add ShowForbidden to IndexOptions to list files
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater that are not shown because the subrequest returned 401 or 403.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater PR 10575. [Paul Querna]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_headers: implement "Early" processing option in post_read_request
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater to enable Header and RequestHeader directives to be used to set up
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater testcases for pre-fixups request phases [Nick Kew]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_proxy: multiple bugfixes, principally support cookies in
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater ProxyPassReverse, and don't canonicalise URL passed to backend.
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater Documentation correspondingly updated. [Nick Kew <nick webthing.com>]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_deflate: support gzip flags in inflate_out_filter
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater [Nick Kew <nick webthing.com>]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Drop the ErrorHeader directive which turned out to be a misnomer.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater Instead there's a new optional flag for the Header directive
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ('always'), which keeps the former ErrorHeader functionality.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_deflate: Don't deflate responses with zero length
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington e.g. proxied 304's [Allan Edwards]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) <IfModule> now recognizes the module identifier in addition to the
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater file name. PR 29003. [Edward Rudd <eddie omegaware.com>, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater OpenSSL 0.9.7 flag which uses the server's cipher order rather
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater than the client's. PR 28665.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jim Schneider <jschneid netilla.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Drop support for the CompatEnvVars argument to
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein SSLOptions, which was never actually implemented in 2.0.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix bug in mod_deflate that unconditionally sent deflate'd output
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater even when Accept-Encoding is not present. [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Pass environment variables through to piped loggers and start
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater them via the shell, resolving regressions since 1.3. PR 28815
5acd63107041b5b0bed444e2bc29f4bca0c13e28Automatic Updater [Ken Coar, Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) External rewrite map responses are no longer limited to 2048
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater bytes. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Proxy server was deleting cookies that Apache had already
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater assigned if the origin server had set any cookies. PR 27023.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater [Jim Jagielski]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) Removed old and unmaintained ap_add_named_module API and changed
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater the following APIs to return an error instead of hard exiting:
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater and ap_process_resource_config. [André Malo]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) mod_headers: Allow %% in header values to represent a literal %.
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater *) mod_headers: Allow 'echo' also for ErrorHeaders. [André Malo]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) mod_deflate: New option for DEFLATE output file (force-gzip),
5acd63107041b5b0bed444e2bc29f4bca0c13e28Automatic Updater new output filter 'INFLATE' for uncompressing responses.
664917bedafa65dee4349c84324a31731aa1e228Francis Dupont [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Added new module mod_version, which provides version dependent
f4029eb7463e99df00618de89f0bee5ac062a237Automatic Updater configuration containers. [André Malo]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington format is used. PR 27787. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Allow Digest providers to return AUTH_DENIED to propagate a 401
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater status and terminate the provider chain prior to checking the password.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [Geoffrey Young]
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
f8a9a38ee40c139a8d145ac76ecbff3a0f986453Mark Andrews Don't place script socket inside default server root instead of
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater actual server root. PR 27886. [Jeff Trawick]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_proxy: Fix handling of non-200 success status codes when
9d80d23172c30fd63e5046a7e69b8445e564ff31Automatic Updater "ProxyErrorOverride On" is configured. PR 20183.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater [Marcus Janson <marcus.janson tre.se>, Joe Orton]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews directive (previously NetWare-only) to override default thread
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews stack size for threads which handle client connections. Required
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews for some third-party modules on platforms with small default
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews thread stack size. [Jeff Trawick]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews now populates r->user with the (possibly unauthenticated) user,
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews and mod_auth_digest returns 500 when a provider returns
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews AUTH_GENERAL_ERROR.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews [Geoffrey Young]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) The whole codebase was relicensed and is now available under
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews the Apache License, Version 2.0 (http://www.apache.org/licenses).
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews [Apache Software Foundation]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) Delete some make-generated files in the server directory during
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews "make clean" processing. PR 26552. [Jeff Trawick]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) Add core version query function (ap_get_server_revision) and
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews accompanying ap_version_t structure (minor MMN bump).
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews [André Malo]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) mod_rewrite: EOLs sent by external rewritemaps are now consumed
8c9c79e5fea0cb698026a74821695907c8312a46Mark Andrews as whole. That way, on systems with more than one EOL character
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater rewritemap programs no longer need to switch stdout to binary
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater mode. PR 25635. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_rewrite: Introduce the ability to force a content handler via
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater the [handler=...] flag. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_rewrite: Introduce the RewriteCond -x check, which returns
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews true if the pattern is a file with execution permissions.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews [André Malo]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_rewrite: Allow proxying and RewriteRules in directory context
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for subrequests. PR 14648, 15114. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Allow setting of any valid HTTP response code.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 25917. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Cookie creation now works locale independent.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add support for distributed session cache using 'distcache'.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Geoff Thorpe <geoff geoffthorpe.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_dav: Disallow requests with an unescaped hash character in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater attaches a body to the 302 response and a wrong Content-Length header.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Bring ErrorHeader concept forward from 1.3, so that response
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater header fields can be set for return even on errors or external
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater redirects. [Ken Coar]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in the initial container. PR 25414.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Geoffrey Young <geoff apache.org>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Clean up httpd -V output: Instead of displaying the MPM source
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington directory, display the MPM name and some MPM properties.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Geoffrey Young <geoff apache.org>]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater *) mod_ssl/mod_status: Re-enable support for output of SSL session
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater cache information in server-status page. [Joe Orton]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater *) mod_ssl: Remove the shmht session cache, shmcb should be used
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater instead. [Joe Orton]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater *) mod_logio: Account for some bytes handed to the network layer prior to
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater dropped connections. [Jeff Trawick]
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington *) mod_autoindex: new directive IndexStyleSheet
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington *) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Chris Knight <Christopher.D.Knight nasa.gov>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Log an error when requests for URIs which fail to map to a valid
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater filesystem name are rejected with 403. [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Switch to APR 1.0 API.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Major overhaul of mod_include's filter parser. The new parser code
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington is expected to be more robust and should catch all of the edge cases
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that were not handled by the previous one. This includes a binary
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater incompatible change of mod_include's external API. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Allow forced mimetypes [T=...] to get expanded.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 14223. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously
f65d2e1c04c806a185bf9f3120e80692f5ccd5e6Automatic Updater the current rewrite state was just used as lookup path, which lead to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington strange and often useless results. Related to PR 8493. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Change Listen directive to bind to all addresses when a hostname is
bbb069be941f649228760edcc241122933c066d2Automatic Updater not specified. [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Correct failure with Listen directives on machines with IPv6 enabled.
e062b72f783cdb436a1a57a630bdff471dbb3038Mark Andrews [Colm MacCárthaigh <colm stdlib.net>, Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a link failure in mod_ssl when the OpenSSL libraries contain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the ENGINE functions but the engine header files are missing.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Cliff Woolley]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: RewriteRules in server context using the force
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater type feature [T=...] no longer disable MultiViews. [André Malo]
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson *) mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson *) mod_authz_groupfile: Strip trailing spaces of group names. This
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hopefully saves some hours of searching for typos. PR 12863.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_actions: Propagate the handler name to the action script via
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the REDIRECT_HANDLER environment variable. [André Malo]
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater *) mod_actions: Introduce the "virtual" modifier to the Action directive,
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater which allows the use of handlers for virtual locations. PR 8431.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_speling: Recognize AcceptPathInfo setting for the particular
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater location. Default is to reject path information. PR 21059.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ext_filter: Add the ability to filter request bodies.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Philipp Reisner <philipp.reisner linbit.com>]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) Fix some broken log messages in WinNT MPM.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) prefork MPM: Use the right permissions for the directory created
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater for gprof support. [Jim Carlson <jcarlson jnous.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a compile failure with recent OpenSSL and picky compilers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) OpenSSL headers should be included as "openssl/ssl.h", and not rely on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the INCLUDE path to be defined properly.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater PR 11310. [Geoff Thorpe <geoff geoffthorpe.net>]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [Geoff Thorpe <geoff geoffthorpe.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) change directive name from 'compressionlevel' to 'deflatecompressionlevel'
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Ian Holsman, André Malo]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) mod_negotiation: quality values are now parsed independent from
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the current locale. level values are now really parsed as integers.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater PR 17564. [André Malo]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) Extend mod_negotiation to evaluate the environment variables
47ce374fcf4bac7a56bb69f5dae1d30be5b4376dAutomatic Updater no-gzip and gzip-only-text/html the same way as mod_deflate does.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater *) mod_rewrite: Fix some problems reporting errors with mapping
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater programs (RewriteMap prg:/something). [Jeff Trawick]
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater *) Return 413 if chunk-ext-header is too long rather than reading from
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater the truncated line. PR 15857. [Justin Erenkrantz]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater *) Allow restart of httpd to occur even with syntax errors in the config
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file. PR 16813. [Justin Erenkrantz]
fd8fb4df8499e292daeac765f599ac7c507d9ca3Mark Andrews *) Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679.
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater [Justin Erenkrantz]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) Remove files on 'make distclean' that should be. PR 15592.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater [Justin Erenkrantz]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) Allow apachectl to perform status with links and elinks as well.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater [Justin Erenkrantz]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) mod_log_config change optional hook to return previous handler
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater *) Forward port of mod_actions' ability to handle arbitrary methods
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater with the Script directive. [André Malo]
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater *) Let suexec send a message to stderr, if it failed or its policy
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater was violated. This message appears in the error log and allows
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater *) Modify buildconf to copy all required files into httpd's tree.
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater [Thom May <thom planetarytramp.net>]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater *) Allow mod_dav to do weak entity comparison functions.
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews [Justin Erenkrantz]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Move RFC 1413 ident requests from core to new module mod_ident.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Add mod_authz_owner - a forward port of "Require file-owner"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater and "Require file-group", which was already present in version
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater 1.3.21. [André Malo]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Add mod_dav_lock - a generic subset of the DAV locking implementation.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Justin Erenkrantz]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Replace some of the mutex locking in the worker MPM with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater atomic operations for higher concurrency. [Brian Pane]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Allow 'make depend' to work with non-GCC compilers.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Justin Erenkrantz]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) If an httpd.conf has commented out AddModule directives,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater apxs -i -a will add an un-commented AddModule directive for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the new module, which breaks the config.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR: 11212 [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) Move the check of the Expect request header field after the hook
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater for ap_post_read_request, since that is the only opportunity for
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater modules to handle Expect extensions. [Justin Erenkrantz]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Rewrite of aaa modules to an authn/authz model.
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater [Dirk-Willem van Gulik, Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Apache 2.1.0-dev includes those bug fixes and changes with the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Apache 2.0.xx tree as documented, and except as noted, below.]
19dbf2e20df03f2b81ed1f347e27718084374059Automatic UpdaterChanges with Apache 2.0.56
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater *) Chunk filter: Fix chunk filter to create correct chunks in the case that
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater a flush bucket is surrounded by data buckets. [Ruediger Pluem]
6de27e27ad6056d7c049feb912df5a6b9a56d1b8Automatic Updater *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater respond to OPTIONS directly rather than via server default.
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater [Roy Fielding] PR 15242
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic UpdaterChanges with Apache 2.0.55
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater *) SECURITY: CVE-2005-2088 (cve.mitre.org)
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater proxy: Correctly handle the Transfer-Encoding and Content-Length
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater headers. Discard the request Content-Length whenever T-E: chunked
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater is used, always passing one of either C-L or T-E: chunked whenever
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the request includes a request body. Resolves an entire class of
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Added TraceEnable [on|off|extended] per-server directive to alter
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the behavior of the TRACE method. This addresses a flaw in proxy
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater conformance to RFC 2616 - previously the proxy server would accept
2f76b9339e44a89cc5195e9c18ea6b01d71c85deAutomatic Updater a TRACE request body although the RFC prohibited it. The default
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater remains 'TraceEnable on'. [William Rowe]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) Add ap_log_cerror() for logging messages associated with particular
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater client connections. [Jeff Trawick]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) Correct mod_cgid's argv[0] so that the full path can be delved by the
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater invoked cgi application, to conform to the behavior of mod_cgi.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater [Pradeep Kumar S <pradeep.smani gmail.com>]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) mod_include: Fix possible environment variable corruption when
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater using nested includes. PR 12655. [Joe Orton]
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt *) Support the suppress-error-charset setting, as with Apache 1.3.x.
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt PR 31274. [Jeff Trawick]
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt *) EBCDIC: Handle chunked input from client or, with proxy, origin
5645e0c82a55b05abb975bd91b9566823dc5efb0Evan Hunt server. [Jeff Trawick]
af3e516f771c8ba376a8cd954a7233badfce8cdcAutomatic Updater *) Fix bad globbing comparison which could result in getting
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews a directory listing when a file was requested. PR 34512.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews [sean <infamous41md hotmail.com>]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews was called even if mod_auth_ldap_check_user_id() was not
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews (or if it didn't succeed) for non-authoritative cases.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews [Jim Jagielski]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) SECURITY: CVE-2005-2728 (cve.mitre.org)
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Fix cases where the byterange filter would buffer responses
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews into memory. PR 29962. [Joe Orton]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 15207. [Jim Jagielski]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_ldap: Fix various shared memory cache handling bugs.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 34209. [Joe Orton]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) Fix a file descriptor leak when starting piped loggers. PR 33748.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_ldap: Avoid segfaults when opening connections if using a version
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews of OpenLDAP older than 2.2.21. PR 34618. [Brad Nicholes]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2005-2088 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater core: If a request contains both Transfer-Encoding and Content-Length
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater headers, remove the Content-Length, mitigating some HTTP Request
af3e516f771c8ba376a8cd954a7233badfce8cdcAutomatic Updater Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater *) proxy HTTP: If a response contains both Transfer-Encoding and a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Content-Length, remove the Content-Length and don't reuse the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater connection, mitigating some HTTP Response Splitting attacks.
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater [Jeff Trawick]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) Prevent hangs of child processes when writing to piped loggers at
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater the time of graceful restart. PR 26467. [Jeff Trawick]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) SECURITY: CVE-2005-1268 (cve.mitre.org)
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater mod_ssl: Fix off-by-one overflow whilst printing CRL information
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington at "LogLevel debug" which could be triggered if configured
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to use a "malicious" CRL. PR 35081. [Marc Stern <mstern csc.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_userdir: Fix possible memory corruption issue. PR 34588.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [David Leonard <dleonard vintela.com>]
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews *) worker mpm: don't take down the whole server for a transient
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater thread creation failure. PR 34514 [Greg Ames]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_rewrite: use buffered I/O to improve performance with large
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater RewriteMap txt: files. [Greg Ames]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) proxy HTTP: Rework the handling of request bodies to handle
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater chunked input and input filters which modify content length, and
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater avoid spooling arbitrary-sized request bodies in memory.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater PR 15859. [Jeff Trawick]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic UpdaterChanges with Apache 2.0.54
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_cache: Add CacheIgnoreHeaders directive. PR 30399.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater the ldap socket connection timeout value.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater [Brad Nicholes]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) Correctly export all mod_dav public functions.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater [Branko Čibej <brane xbc.nu>]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) Add a build script to create a solaris package. [Graham Leggett]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) worker MPM: Fix a problem which could cause httpd processes to
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater remain active after shutdown. [Jeff Trawick]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) Unix MPMs: Shut down the server more quickly when child processes are
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater slow to exit. [Joe Orton, Jeff Trawick]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) Remove formatting characters from ap_log_error() calls. These
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater were escaped as fallout from CVE-2003-0020.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater [Eric Covener <ecovener gmail.com>]
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews *) mod_ssl: If SSLUsername is used, set r->user earlier. PR 31418.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) htdigest: Fix permissions of created files. PR 33765. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core_input_filter: Move buckets to a persistent brigade instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington creating a new brigade. This stop a memory leak when proxying a
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater Streaming Media Server. PR 33382. [Paul Querna]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hiccups from additional path information passed in non-utf-8 format.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Richard Donkin <rd9 donkin.org]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterChanges with Apache 2.0.53
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Max Bowsher <maxb ukf.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Rici Lake <rici ricilake.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy: Respect errors reported by pre_connection hooks.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) --with-module can now take more than one module to be statically
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater If the <modtype>-subdirectory doesn't exist it will be created and
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater populated with a standard Makefile.in. [Erik Abele]
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington *) Fix the RPM spec file so that an RPM build now works. An RPM
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater build now requires system installations of APR and APR-util.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Remove some arbitrary moving around of binaries - the RPM now
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater maps to the ASF build of httpd.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater [Graham Leggett]
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater *) mod_dumpio, an I/O logging/dumping module, added to the
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater modules/expermimental subdirectory. [Jim Jagielski]
6c6a121295b30772cbf3dd75a51fb9d883051a0eAutomatic Updater *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater library handles special characters. PR 24437. [Jess Holle]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) Win32 MPM: Correct typo in debugging output. [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) conf: Remove AddDefaultCharset from the default configuration because
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater setting a site-wide default does more harm than good. PR 23421.
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater [Roy Fielding]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) Add charset to example CGI scripts. [Roy Fielding]
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater *) mod_ssl: fail quickly if SSL connection is aborted rather than
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) Remove compiled-in upper limit on LimitRequestFieldSize.
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater [Bill Stoddard]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Start keeping track of time-taken-to-process-request again for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_status if ExtendedStatus is enabled. [Jim Jagielski]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy: Handle client-aborted connections correctly. PR 32443.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Janne Hietamäki, Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix handling of files >2Gb on all platforms (or builds) where
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_include: Fix bug which could truncate variable expansions
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of N*64 characters by one byte. PR 32985. [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Correct handling of certain bucket types in ap_save_brigade, fixing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington possible segfaults in mod_cgi with #include virtual. PR 31247.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Allow for the use of --with-module=foo:bar where the ./modules/foo
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directory is local only. Assumes, of course, that the required
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater files are in ./modules/foo, but makes it easier to statically
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington build/log "external" modules. [Jim Jagielski]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater ldap authorization only modules have access to the util_ldap
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater user cache without having to require ldap authentication as well.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater allows the module to only authorize a user if the attribute value
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified matches the value of the user object. PR 31913
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson [Ryan Morgan <rmorgan pobox.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2004-0942 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Fix for memory consumption DoS in handling of MIME folded request
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater headers. [Joe Orton]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) SECURITY: CVE-2004-0885 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington bypassed during an SSL renegotiation. PR 31505.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Fail at startup rather than segfault at runtime if a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater client cert is configured with an encrypted private key.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 24030. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: CacheDisable will only disable the URLs it was meant to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater disable, not all caching. PR 31128.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Edward Rudd <eddie omegaware.com>, Paul Querna]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater cache responses. [Justin Erenkrantz]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_rewrite: Handle per-location rules when r->filename is unset.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Previously this would segfault or simply not match as expected,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater depending on the platform. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Fix 0 bytes write into random memory position.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 31036. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_disk_cache: Do not store aborted content. PR 21492.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_disk_cache: Correctly store cached content type. PR 30278.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater statistics display. PR 29216. [Graham Leggett]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) mod_ldap: fix a bogus error message to tell the user which file
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is causing a potential problem with the LDAP shared memory cache.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 31431 [Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2004-1834 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix the re-linking issue when purging elements from the LDAP cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 24801. [Jess Holle <jessh ptc.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) Fix Expires handling in mod_cache. [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Alter mod_expires to run at a different filter priority to allow
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington proper Expires storage by mod_cache. [Justin Erenkrantz]
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic UpdaterChanges with Apache 2.0.52
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
a26b22914b7bf25f065afb8cdef983766dcd672bAutomatic Updater *) Fix the global mutex crash when the global mutex is never allocated
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
17198e77b87667f796e910d31a4f47a80e256d09Mark Andrews *) Fix a segfault in the LDAP cache when it is configured switched
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater off. [Jess Holle <jessh ptc.com>]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) SECURITY: CVE-2004-0811 (cve.mitre.org)
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater Fix merging of the Satisfy directive, which was applied to
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater the surrounding context and could allow access despite configured
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater authentication. PR 31315. [Rici Lake <rici ricilake.net>]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater is enabled. Previously, such urls would still be rejected.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater [Jeff Trawick, Bill Stoddard]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) mod_mem_cache: Fixed race condition causing segfault because of memory being
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater freed twice, or reused after being freed.
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater [J. Clar, W. Stoddard, G. Ames]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) Add -l option to rotatelogs to let it use local time rather than
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) mod_log_config: Fix a bug which prevented request completion time
de73ef7ecdb9e009155993a6fa8dee5cd1bde319Mark Andrews from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater processing. PR 29696. [Alois Treindl <alois astro.ch>]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic UpdaterChanges with Apache 2.0.51
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) SECURITY: CVE-2004-0786 (cve.mitre.org)
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater Fix an input validation issue in apr-util which could be
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater triggered by malformed IPv6 literal addresses. [Joe Orton]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) SECURITY: CVE-2004-0747 (cve.mitre.org)
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater Fix buffer overflow in expansion of environment variables in
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater configuration file parsing. [André Malo]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) SECURITY: CVE-2004-0809 (cve.mitre.org)
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater mod_dav_fs: Fix a segfault in the handling of an indirect lock
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater refresh. PR 31183. [Joe Orton]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) mod_include no longer checks for recursion, because that's done
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater in the core. This allows for careful usage of recursive SSI.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [chunyan sheng <shengperson yahoo.com>, André Malo]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Include directives no longer refuse to process symlinks on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington directories. Instead there's now a maximum nesting level
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater of included directories (128 as distributed). This is configurable
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater PR 28492. [André Malo]
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater *) Win32: apache -k start|restart|install|config can leave stranded
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater piped logger processes (eg, rotatelogs.exe) due to improper
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews server shutdown on these code paths.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Bill Stoddard]
4d95e549ed8f84373e5eb7346a0c7ab7f3b0e9a8Automatic Updater *) SECURITY: CVE-2004-0751 (cve.mitre.org)
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews mod_ssl: Fix a segfault in the SSL input filter which could be
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews triggered if using "speculative" mode, for instance by a
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater proxy request to an SSL server. PR 30134. [Joe Orton]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews PR 30464. [Joe Orton, Madhusudan Mathihalli]
71ba75c604df3604673232828a68bb28c420e698Mark Andrews *) mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) Prevent CGI script output which includes a Content-Range header
510f19039bcd402dff28c85114551179670f482aAutomatic Updater from being passed through the byterange filter. [Joe Orton]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) Satisfy directives now can be influenced by a surrounding <Limit>
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater container. PR 14726. [André Malo]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater PR 27985. [André Malo]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) mod_disk_cache: Implement binary format for on-disk header files.
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt *) mod_disk_cache: Optimize network performance of disk cache subsystem by
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater allowing zero-copy (sendfile) writes and other miscellaneous fixes.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater [Justin Erenkrantz]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater switch to the provider API instead of hooks. [Justin Erenkrantz]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater *) mod_autoindex: Don't truncate the directory listing if a stat()
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater call fails (for instance on a >2Gb file). PR 17357.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) Makefile fix: httpd is linked against LIBS given to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 'make' invocation. PR 7882. [Joe Orton]
3a9593055ead76cbbb417aee2d2e656c2c92cf46Automatic Updater *) WinNT MPM: Fix a broken log message at termination. PR 28063.
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater [Eider Oliveira <eider bol.com.br>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Prevent Win32 pool corruption at startup [Allan Edwards]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews chosen SSL environment variable. PR 20957.
7932a7637170550bc53b38c35db9a0187dcb3d3bAutomatic Updater [Martin v. Loewis <martin v.loewis.de>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) apachectl: Fix a problem finding envvars if sbindir != bindir.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
a3fdc395a6f4811b536066801d5468399224be25Automatic Updater *) SECURITY: CVE-2004-0748 (cve.mitre.org)
b13d89bd89878137c81b36a36596cca3920f27a4Automatic Updater mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 18989. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_userdir: Ensure that the userdir identity is used for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater suexec userdir access in a virtual host which has suexec configured.
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater PR 18156. [Joshua Slive]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews *) mod_rewrite no longer confuses the RewriteMap caches if
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews different maps defined in different virtual hosts use the
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews same map name. PR 26462. [André Malo]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews *) mod_setenvif: Remove "support" for Remote_User variable which
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews never worked at all. PR 25725. [André Malo]
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater again the functionality of the ErrorHeader directive. But instead
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews using this misnomer additional flags to the Header directive were
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater introduced ("always" and "onsuccess", defaulting to the latter).
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater PR 28657. [André Malo]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews *) Use the higher performing 'httpready' Accept Filter on all platforms
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews except FreeBSD < 4.1.1. [Paul Querna]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) mod_usertrack: Escape the cookie name before pasting into the
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater regexp. [André Malo]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) Extend the SetEnvIf directive to capture subexpressions of the
fbfdea68e4a66d25286de4172ac63df869bd569aAutomatic Updater matched value. [André Malo]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) Recursive Include directives no longer crash. The server stops
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater including configuration files after a certain nesting level (128
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater as distributed). This is configurable at compile time using the
ede7b1df75ac53a9530bbbc9fc9db534cab82f44Automatic Updater -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) mod_dir: the trailing-slash behaviour is now configurable using the
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater DirectorySlash directive. [André Malo]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) Allow proxying of resources that are invoked via DirectoryIndex.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater PR 14648, 15112, 29961. [André Malo]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) util_ldap: Switched the lock types on the shared memory cache
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews from thread reader/writer locks to global mutexes in order to
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews provide cross process cache protection. [Brad Nicholes]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) util_ldap: Reworked the cache locking scheme to eliminate duplicate
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews cache entries in the credentials cache due to race conditions.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews [Brad Nicholes]
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater *) util_ldap: Enhanced the util_ldap cache-info display to show more
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater detail about the contents and current state of the cache.
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater [Brad Nicholes]
2ec4ab21838e218863d052ebfa3e106e04f50820Evan Hunt *) Enable the option to support anonymous shared memory in mod_ldap.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews This makes the cache work on Linux again. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Enable special ErrorDocument value 'default' which restores the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews canned server response for the scope of the directive.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Geoffrey Young, André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is set in r->subprocess_env allow mismatched query strings to pass.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 27758. [Paul Querna, Geoffrey Young]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Accept URLs for the ServerAdmin directive. If the supplied
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews argument is not recognized as an URL, assume it's a mail address.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 28174. [André Malo, Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) initialize server arrays prior to calling ap_setup_prelinked_modules
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews so that static modules can push Defines values when registering
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Small fix to allow reverse proxying to an ftp server. Previously
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews an attempt to do this would try and connect to 0.0.0.0, regardless
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews of the server specified. PR 24922
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Pascal Terjan <pterjan@linuxfr.org>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Add the NOTICE file to the rpm spec file in compliance with the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Apache v2.0 license. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) RPM spec file changes: changed default dependancy to link to db4
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews instead of db3. Fixed complaints about unpackaged files.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsChanges with Apache 2.0.50
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) SECURITY: CVE-2004-0493 (cve.mitre.org)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Close a denial of service vulnerability identified by Georgi
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Guninski which could lead to memory exhaustion with certain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews input data. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_cgi: Handle output on stderr during script execution on Unix
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews platforms; preventing deadlock when stderr output fills pipe buffer.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Also fixes case where stderr from nph- scripts could be lost.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 22030, 18348. [Joe Orton, Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_alias now emits a warning if it detects overlapping *Alias*
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews directives. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_rewrite no longer turns forward proxy requests into reverse proxy
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews requests. PR 28125 [ast domdv.de, André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews exported on Win32 and Netware as well (minor MMN bump). PR 28523.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Edward Rudd <eddie omegaware.com>, André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Restore the ability to disable the use of AcceptEx on Win9x systems
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews automatically (broken in 2.0.49). PR 28529. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) <VirtualHost myhost> now applies to all IP addresses for myhost
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews instead of just the first one reported by the resolver. This
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews corrects a regression since 1.3. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews against ServerRoot PR#26602 [Brad Nicholes]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) SECURITY: CVE-2004-0488 (cve.mitre.org)
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews (trusted) client certificate subject DN which exceeds 6K in length.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews caused issues for the Eclipse WebDAV extension.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 29034. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_deflate: Fix memory consumption (which was proportional to the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews response size). PR 29318. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Log the errors returned on failure to load or initialize
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a crypto accelerator engine. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Allow RequestHeader directives to be conditional. PR 27951.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Vincent Deffontaines <vincent gryzor.com>, André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Allow LimitRequestBody to be reset to unlimited. PR 29106
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix a bunch of cases where the return code of the regex compiler
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews was not checked properly. This affects: mod_setenvif, mod_usertrack,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Remove 2Gb log file size restriction on some 32-bit platforms.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 13511. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_logio no longer removes the EOS bucket. PR 27928.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Bojan Smojver <bojan rexursive.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) htpasswd no longer refuses to process files that contain empty
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews lines. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Regression from 1.3: At startup, suexec now will be checked for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews availability, the setuid bit and user root. The works only if
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews httpd is compiled with the shipped APR version (0.9.5).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 28287. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Unix MPMs: Stop dropping connections when the file descriptor
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is at least FD_SETSIZE. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_isapi: send_response_header() failed to copy status string's
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix a segfault when requests for shared memory fails and returns
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews NULL. Fix a segfault caused by a lack of bounds checking on the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews cache. PR 24801. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Throw an error message if an attempt is made to use the LDAPTrustedCA
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews or LDAPTrustedCAType directives in a VirtualHost. PR 26390
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Brad Nicholes]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix a potential segfault if the bind password in the LDAP cache
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Quotes cannot be used around require group and require dn
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews directives, update the documentation to reflect this. Also add
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews quotes around the dn and group within debug messages, to make it
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews more obvious why authentication is failing if quotes are used in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews error. PR 19304. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews from escaping filters twice when the backslash character is used.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 24437. [Jess Holle <jessh ptc.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews functions leave the connections in a sane state after errors have
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 27271 [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ldap calls ldap_simple_bind_s() to validate the user
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews credentials. If the bind fails, the connection is left
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews in an unbound state. Make sure that the ldap connection
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews record is updated to show that the connection is no longer
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews bound. [Brad Nicholes]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Ensure that lines in the request which are too long are
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater properly terminated before logging.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Update the bind credentials for the cached LDAP connection to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews reflect the last bind. This prevents util_ldap from creating
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unnecessary connections rather than reusing cached connections.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Brad Nicholes]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_isapi: GetServerVariable returned improperly terminated header
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Jesse Pelton <jsp pkc.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews size. PR 20617. [Jesse Pelton <jsp pkc.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_dav: Fix a problem that could cause crashes when manipulating
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews locks on some platforms. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_headers no longer crashes if an empty header value should
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews be added. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix segfault in mod_expires, which occured under certain
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews circumstances. PR 28047. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) htpasswd: use apr_temp_dir_get() and general cleanup
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Guenter Knauf <eflash gmx.net>, Thom May]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Fix memory leak in session cache handling. PR 26562
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Madhusudan Mathihalli]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews a pool cleanup. PR 27945. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Add forensic logging module (mod_log_forensic).
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Ben Laurie]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) logresolve: Allow size of log line buffer to be overridden at
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews build time (MAXLINE). PR 27793. [Jeff Trawick]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix the comment delimiter in htdbm so that it correctly parses the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews username comment. Also add a terminate function to allow NetWare
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to pause the output before the screen is destroyed.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Fix crash when Apache was started with no Listen directives.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Michael Corcoran <mcorcoran warpsolutions.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core_output_filter: Fix bug that could result in sending
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews garbage over the network when module handlers construct
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews bucket brigades containing multiple file buckets all referencing
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews the same open file descriptor. [Bojan Smojver]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) Fix memory corruption problem with ap_custom_response() function.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews The core per-dir config would later point to request pool data
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews that would be reused for different purposes on different requests.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) Win32: Tweak worker thread accounting routines to eliminate
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews server hang when number of Listen directives in httpd.conf
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews is greater than or equal to the setting of ThreadsPerChild.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews [Bill Stoddard]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark AndrewsChanges with Apache 2.0.49
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) SECURITY: CVE-2004-0174 (cve.mitre.org)
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Fix starvation issue on listening sockets where a short-lived
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews connection on a rarely-accessed listening socket will cause a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews child to hold the accept mutex and block out new connections until
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews another connection arrives on that rarely-accessed listening socket.
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews With Apache 2.x there is no performance concern about enabling the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews logic for platforms which don't need it, so it is enabled everywhere
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews except for Win32. [Jeff Trawick]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater [Jeff Trawick]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater *) Win32: find_read_listeners was not correctly handling multiple
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater [Manni Wood <manniwood planet-save.com>]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater *) Fix some piped log problems: bogus "piped log program '(null)'
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater failed" messages during restart and problem with the logger
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater respawning again after Apache is stopped. PR 21648, PR 24805.
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater [Jeff Trawick]
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater *) Fixed file extensions for real media files and removed rpm extension
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Remove compile-time length limit on request strings. Length is
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson now enforced solely with the LimitRequestLine config directive.
309b912841e8b97bf0b0df0d96c3eaf16990c080Automatic Updater [Paul J. Reder]
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater *) mod_ssl: Send the Close Alert message to the peer before closing
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews *) SECURITY: CVE-2004-0113 (cve.mitre.org)
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews PR 27106. [Joe Orton]
94df856897945fe58f130ba78765c57308bc5400Automatic Updater *) mod_ssl: Fix bug in passphrase handling which could cause spurious
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews failures in SSL functions later. PR 21160. [Joe Orton]
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews *) mod_log_config: Fix corruption of buffered logs with threaded
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater MPMs. PR 25520. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix mod_include's expression parser to recognize strings correctly
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews even if they start with an escaped token. [André Malo]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) Add fatal exception hook for use by diagnostic modules. The hook
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews is only available if the --enable-exception-hook configure parm
da93950363b307b718d156514b95b9df93a63776Mark Andrews is used and the EnableExceptionHook directive has been set to
da93950363b307b718d156514b95b9df93a63776Mark Andrews "on". [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Allow mod_auth_digest to work with sub-requests with different
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater methods than the original request. PR 25040.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Josh Dady <jpd indecisive.com>]
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
f6056ad06781c95198505ae3a361e6dd98df4b91Automatic Updater argumentless containers.
e23256e740b238bddb4ba41ffac5f81a01c92245Automatic Updater ["Philippe M. Chiasson" <gozer cpan.org>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Glenn Nielsen <glenn apache.org>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) The whole codebase was relicensed and is now available under
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater the Apache License, Version 2.0 (http://www.apache.org/licenses).
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Apache Software Foundation]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Fixed cache-removal order in mod_mem_cache.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Jean-Jacques Clar, Cliff Woolley]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_setenvif: Fix the regex optimizer, which under circumstances
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater treated the supplied regex as literal string. PR 24219.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater instead of mmn. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater could lead to a 400 (Bad Request) response. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Keep focus of ITERATE and ITERATE2 on the current module when
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater the module chooses to return DECLINE_CMD for the directive.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater PR 22299. [Geoffrey Young <geoff apache.org>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Add support for IMT minor-type wildcards (e.g., text/*) to
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater ExpiresByType. PR#7991 [Ken Coar]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Fix segfault in mod_mem_cache cache_insert() due to cache size
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater becoming negative. PR: 21285, 21287
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) core.c: If large file support is enabled, allow any file that is
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater greater than AP_MAX_SENDFILE to be split into multiple buckets.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater This allows Apache to send files that are greater than 2gig.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater Otherwise we run into 32/64 bit type mismatches in the file size.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Brad Nicholes]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) proxy_http fix: mod_proxy hangs when both KeepAlive and
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater ProxyErrorOverride are enabled, and a non-200 response without a
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater body is generated by the backend server. (e.g.: a client makes a
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater request containing the "If-Modified-Since" and "If-None-Match"
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater headers, to which the backend server respond with status 304.)
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_dav: Reject requests which include an unescaped fragment in the
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Build array of allowed methods with proper dimensions, fixing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater possible memory corruption. [Jeff Trawick]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater PR 15057. [Otmar Lendl <lendl nic.at>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_usertrack no longer inspects the Cookie2 header for
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_usertrack no longer overwrites other cookies.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater PR 26002. [Scott Moore <apache nopdesign.com>]
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater *) worker MPM: fix stack overlay bug that could cause the parent
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater process to crash. [Jeff Trawick]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Win32: Add Win32DisableAcceptEx directive. This Windows
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater NT/2000/CP directive is useful to work around bugs in some
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater third party layered service providers like virus scanners,
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater VPN and firewall products, that do not properly handle
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater WinSock 2 APIs. Use this directive if your server is issuing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater AcceptEx failed messages.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Make REMOTE_PORT variable available in mod_rewrite.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater PR 25772. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Fix a long delay with CGI requests and keepalive connections on
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater AIX. [Jeff Trawick]
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater *) mod_autoindex: Add 'XHTML' option in order to allow switching between
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater *) mod_ssl: Advertise SSL library version as determined at run-time rather
0b580e05aec89f501a9c20cc00ceb42d043d3928Automatic Updater than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Fix build with parallel make. PR 24643. [Joe Orton]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) mod_rewrite: In external rewrite maps lookup keys containing
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater a newline now cause a lookup failure. PR 14453.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Backport major overhaul of mod_include's filter parser from 2.1.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater The new parser code is expected to be more robust and should
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater catch all of the edge cases that were not handled by the previous one.
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater The 2.1 external API changes were hidden by a wrapper which is
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater expected to keep the API backwards compatible. [André Malo]
f8e61212a1b83e60f521577cc522e8bc1509c8cfAutomatic Updater *) Add a hook (insert_error_filter) to allow filters to re-insert
0ece47f7c1cf03718726d9dff183b02fa35115e6Mark Andrews themselves during processing of error responses. Enable mod_expires
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to use the new hook to include Expires headers in valid error
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater responses. This addresses an RFC violation. It fixes PRs 19794,
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews 24884, and 25123. [Paul J. Reder]
db854396212d4195bbbf9de89951d9c2a5770e91Automatic Updater *) Add Polish translation of error messages. PR 25101.
db854396212d4195bbbf9de89951d9c2a5770e91Automatic Updater [Tomasz Kepczynski <tomek jot23.org>]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater Bill Stoddard]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Add mod_status hook to allow modules to add to the mod_status
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater report. [Joe Orton]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Fix htdbm to generate comment fields in DBM files correctly.
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater [Justin Erenkrantz]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dav: Use bucket brigades when reading PUT data. This avoids
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater problems if the data stream is modified by an input filter. PR 22104.
644973f327e9db74779e7c0426db90909173b284Automatic Updater [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix RewriteBase directive to not add double slashes. [André Malo]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Improve 'configure --help' output for some modules. [Astrid Keßler]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Correct UseCanonicalName Off to properly check incoming port number.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater [Jim Jagielski]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater if any property values were set which defined namespaces these
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater came out mangled in the PROPFIND response. PR 11637.
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater [Amit Athavale <amit_athavale persistent.co.in>]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater the destination resource gives a 401. PR 15571. [Joe Orton]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) SECURITY: CVE-2003-0020 (cve.mitre.org)
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater Escape arbitrary data before writing into the errorlog. Unescaped
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater errorlogs are still possible using the compile time switch
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_autoindex / core: Don't fail to show filenames containing
418cc932318b1d67f88a36904d88d8a5a0a2ba09Automatic Updater special characters like '%'. PR 13598. [André Malo]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_status: Report total CPU time accurately when using a threaded
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews MPM. PR 23795. [Jeff Trawick]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Fix memory leak in handling of request bodies during reverse
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Win32 MPM: Implement MaxMemFree to enable setting an upper
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews limit on the amount of storage used by the bucket brigades
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews in each server thread. [Bill Stoddard]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Modified the cache code to be header-location agnostic. Also
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews fixed a number of other cache code bugs related to PR 15852.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Includes a patch submitted by Sushma Rai <rsushma novell.com>.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews closing the PR since that is what they are using. [Paul J. Reder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) complain via error_log when mod_include's INCLUDES filter is
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews enabled, but the relevant Options flag allowing the filter to run
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews for the specific resource wasn't set, so that the filter won't
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater silently get skipped. next remove itself, so the warning will be
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_info: HTML escape configuration information so it displays
68e1b398b5b1b417723e90b5e52b9148f8f93294Automatic Updater correctly. PR 24232. [Thom May]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Restore the ability to add a description for directories that
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews don't contain an index file. (Broken in 2.0.48) [André Malo]
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews *) Fix a problem with the display of empty variables ("SetEnv foo") in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_log_config: Log the minutes component of the timezone correctly.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) mod_proxy: Fix cases where an invalid status-line could be sent
cff0e0b52cf0928123bad6f3bccf56e22bbc07f5Automatic Updater to the client. PR 23998. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews are also loaded. [Joe Orton]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater thread-safe interface for retrieving error strings. [Joe Orton]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews avoid reporting an Internal Server error if it is used without
90eba8a49d580f9e718983fa39d8e5ee483558c9Automatic Updater having been set in the httpd.conf file. PR: 23748, 24459
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [André Malo, Liam Quinn <liam htmlhelp.com>]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_include no longer allows an ETag header on 304 responses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) EBCDIC: Convert header fields to ASCII before sending (broken
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington since 2.0.44). [Martin Kraemer]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix the inability to log errors like exec failure in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_ext_filter/mod_cgi script children. This was broken after
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington such children stopped inheriting the error log handle.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix mod_info to use the real config file name, not the default
cff0e0b52cf0928123bad6f3bccf56e22bbc07f5Automatic Updater config file name. [Aryeh Katz <aryeh secured-services.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Set the scoreboard state to indicate logging prior to running
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater logging hooks so that server-status will show 'L' for hung loggers
644973f327e9db74779e7c0426db90909173b284Automatic Updater instead of 'W'. [Jeff Trawick]
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark AndrewsChanges with Apache 2.0.48
6c68e68fc550c947100581eb7b5340b81c062c94Andreas Gustafsson *) SECURITY: CVE-2003-0789 (cve.mitre.org)
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews communicate with the cgid daemon and the CGI script.
5f7e0eb1cb917b788906d3e2aa01bfc4885dcae4Mark Andrews [Jeff Trawick]
15ae68f3db8261770fc33b8e0f83f5d8c7021e84Mark Andrews *) SECURITY: CVE-2003-0542 (cve.mitre.org)
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews Fix buffer overflows in mod_alias and mod_rewrite which occurred
0190c262f99d8afa4cece60e3775d76840826f68Automatic Updater if one configured a regular expression with more than 9 captures.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_include: fix segfault which occured if the filename was not
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews set, for example, when processing some error conditions.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater PR 23836. [Brian Akins <bakins web.turner.com>, André Malo]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) fix the config parser to support <Foo>..</Foo> containers (no
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater arguments in the opening tag) supported by httpd 1.3. Without
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater this change mod_perl 2.0's <Perl> sections are broken.
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater ["Philippe M. Chiasson" <gozer cpan.org>]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) mod_cgid: fix a hash table corruption problem which could
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater result in the wrong script being cleaned up at the end of a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews request. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Update httpd-*.conf to be clearer in describing the connection
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater between AddType and AddEncoding for defining the meaning of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater compressed file extensions. [Roy Fielding]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson PR 23416. [André Malo]
10640b2e3efc7bc8034108136d7487f7407fbf37Andreas Gustafsson *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater rewritten request using "proxy:". The code was adding multiple "proxy:"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater fields in the rewritten URI. PR: 13946.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [Eider Oliveira <eider bol.com.br>]
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
bf46736ab182c4663beb5a08cb2ebf7c364e0aa9Automatic Updater expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater *) Ensure that ssl-std.conf is generated at configure time, and switch
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater to using the expanded config variables to work the same as
e77e6219d3e6442f8c585378794c3d7b61d3879fAutomatic Updater *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_autoindex: If a directory contains a file listed in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DirectoryIndex directive, the folder icon is no longer replaced
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater by the icon of that file. PR 9587.
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater [David Shane Holden <dpejesh yahoo.com>]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) Fixed mod_usertrack to not get false positive matches on the
b109432c3a939bff66a463be86c371bd88efe3aaAutomatic Updater user-tracking cookie's name. PR 16661.
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater [Manni Wood <manniwood planet-save.com>]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) mod_cache: Fix the cache code so that responses can be cached
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater if they have an Expires header but no Etag or Last-Modified
7d12a6b412fe47e6d6582923fd6954ab8cd0baebAutomatic Updater headers. PR 23130.
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
3de6db3208d51de1e138b63b9670430c03f99694Automatic Updater were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) Modify ap_get_client_block() to note if it has seen EOS.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [Justin Erenkrantz]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater content if the Accept-Encoding header contained only other tokens than
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Avoid an infinite recursion, which occured if the name of an included
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews config file or directory contained a wildcard character. PR 22194.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) mod_ssl: Fix a problem setting variables that represent the
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater client certificate chain. PR 21371 [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Unix: Handle permissions settings for flock-based mutexes in
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater unixd_set_global|proc_mutex_perms(). Allow the functions to be
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater called for any type of mutex. PR 20312 [Jeff Trawick]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) Fix a misleading message from the some of the threaded MPMs when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MaxClients has to be lowered due to the setting of ServerLimit.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick]
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater *) Lower the severity of the "listener thread didn't exit" message
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater to debug, as it is of interest only to developers. PR 9011
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater [Jeff Trawick]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Cliff Woolley, Jean-Jacques Clar]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Install config.nice into the build/ directory to make
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater minor version upgrades easier. [Joshua Slive]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) Fix mod_deflate so that it does not call deflate() without checking
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater first whether it has something to deflate. (Currently this causes
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater deflate to generate a fatal error according to the zlib spec.)
8c6328ab5890aa79d84b86ed672e185dc111bb68Automatic Updater PR 22259. [Stas Bekman]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater identity spoof is encountered.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [Sander Striker]
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater containing the .htaccess file is requested without a trailing slash.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater PR 20195. [André Malo]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) ab: Overlong credentials given via command line no longer clobber
d7a77415c13bb2fc2d1acb857486d97e4466e3b8Automatic Updater the buffer. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_deflate: Don't attempt to hold all of the response until we're
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater done. [Justin Erenkrantz]
3f802a977eb8ac127c1d6d0d76b8e38d032403daAutomatic Updater *) Assure that we block properly when reading input bodies with SSL.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
ca904804e43f663f08eb1ac9d6d617930b9a3cd3Automatic Updater *) mod_ext_filter: Set additional environment variables for use by
233f603cc1e6dd17b8912796f3fff5cfbbb76c90Automatic Updater the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
713a5e3080f112b3efde9235e9c92035056ff966Automatic Updater *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater *) Remember an authenticated user during internal redirects if the
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater redirection target is not access protected and pass it
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater to scripts using the REDIRECT_REMOTE_USER environment variable.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 10678, 11602. [André Malo]
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater *) mod_include: Fix a trio of bugs that would cause various unusual
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater sequences of parsed bytes to omit portions of the output stream.
c3fd32ed29e9e419bb56583f4272a506773b1ea0Automatic Updater PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Update the header token parsing code to allow LWS between the
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater token word and the ':' seperator. [PR 16520]
099b86fb8136a7dff81df85cf395978c16eb254cAutomatic Updater [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joe Schaefer <joe+gmane sunstarsys.com>]
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic Updater *) Added FreeBSD directory layout. PR 21100.
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updater [Sander Holthaus <info orangexl.com>, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
c453a50776145e9c1c3fc9c846cfa11f42505081Automatic Updater response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Perform child initialization on the rewrite log lock.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater This fixes a log corruption issue when flock-based serialization
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater is used (e.g., FreeBSD). [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Don't respect the Server header field as set by modules and CGIs.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater As with 1.3, for proxy requests any such field is from the origin
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews server; otherwise it will have our server info as controlled by
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the ServerTokens directive. [Jeff Trawick]
572cb2c1c931f6bc6a4a019c103ae88239b0eb96Automatic UpdaterChanges with Apache 2.0.47
bb93c8542756719b53096b9939e4041d0966026fAutomatic Updater *) SECURITY: CVE-2003-0192 (cve.mitre.org)
2bb3422dc683c013db7042f5736240de6b86f182Automatic Updater Fixed a bug whereby certain sequences of per-directory
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater renegotiations and the SSLCipherSuite directive being used to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater upgrade from a weak ciphersuite to a strong one could result in
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater the weak ciphersuite being used in place of the strong one.
59edd79b878b51ce5572cb2c6efe38b82242f108Automatic Updater *) SECURITY: CVE-2003-0253 (cve.mitre.org)
3e79333aa37d3b88959372431a02af8a3eb7cfd9Automatic Updater Fixed a bug in prefork MPM causing temporary denial of service
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater when accept() on a rarely accessed port returns certain errors.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater Reported by Saheed Akhtar <S.Akhtar talis.com>. [Jeff Trawick]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) SECURITY: CVE-2003-0254 (cve.mitre.org)
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater Fixed a bug in ftp proxy causing denial of service when target
885f47576842cf3c569315b9a48bd9f0ca03f203Automatic Updater host is IPv6 but proxy server can't create IPv6 socket. Fixed by
205c10066a0acfeac52d1a135671f41d207b8557Automatic Updater the reporter. [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) SECURITY [VU#379828] Prevent the server from crashing when entering
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater infinite loops. The new LimitInternalRecursion directive configures
16a8f020ff1fe2fa6e40c2ed72fcf87d08f59ff7Automatic Updater limits of subsequent internal redirects and nested subrequests, after
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater which the request will be aborted. PR 19753 (and probably others).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [William Rowe, Jeff Trawick, André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core_output_filter: don't split the brigade after a FLUSH bucket if
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater it's the last bucket. This prevents creating unneccessary empty
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater brigades which may not be destroyed until the end of a keepalive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Add support for "streamy" PROPFIND responses.
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater [Ben Collins-Sussman <sussman collab.net>]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) mod_cgid: Eliminate a double-close of a socket. This resolves
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater various operational problems in a threaded MPM, since on the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater second attempt to close the socket, the same descriptor was
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater often already in use by another thread for another purpose.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater [Jeff Trawick]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) mod_negotiation: Introduce "prefer-language" environment variable,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which allows to influence the negotiation process on request basis
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater to prefer a certain language. [André Malo]
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater *) Make mod_expires' ExpiresByType work properly, including for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater dynamically-generated documents. [Ken Coar, Bill Stoddard]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterChanges with Apache 2.0.46
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2003-0245 (cve.mitre.org)
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater Fixed a bug causing apr_pvsprintf() to crash by sending an overly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater long string. This can be triggered remotely through mod_dav,
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater mod_ssl, and other mechanisms.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Reported by David Endler <DEndler iDefense.com>. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2003-0189 (cve.mitre.org)
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater Fixed a denial-of-service vulnerability affecting basic
59b277af9d9aac08d16be63aed5ae60ac9eef0d5Automatic Updater authentication on Unix platforms related to thread-safety in
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater apr_password_validate().
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Reported by John Hughes <john.hughes entegrity.com>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater when a MKACTIVITY request comes in.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Ben Collins-Sussman <sussman collab.net>]
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater *) Perform run-time query in apxs for apr and apr-util's includes.
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [Justin Erenkrantz]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) run libtool from the apr install directory (in case that is different
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from the apache install directory) [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) If mod_mime_magic does not know the content-type, do not attempt to
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater caching. PR 17864.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) Add a delete flag to htpasswd.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater now work scheme dependent and the query string will only be
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater appended if supported by the particular scheme. [André Malo]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) Add another check for already compressed content in mod_deflate.
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) Fixes for VPATH builds; copying special.mk and any future .mk files
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from the source tree as well as the build tree (now creates a usable
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater configuration for apxs), and eliminated redundant -I'nclude paths.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater for SSLC and OpenSSL toolkit compatibility. Still work remains to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be done to cripple features based on the limitations of RSA's binary
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater distribution of their SSL-C toolkit.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Linux 2.4+: If Apache is started as root and you code
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) ap_get_mime_headers_core: allocate space for the trailing null
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater when folding is in effect.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_log_config: Add the ability to log the id of the thread
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater processing the request via new %P formats. [Jeff Trawick]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) Use appropriate language codes for Czech (cs) and Traditional Chinese
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (zh-tw) in default config files. PR 9427. [André Malo]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_auth_ldap: Use generic whitespace character class when parsing
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater "require" directives, instead of literal spaces only. PR 17135.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Hook mod_rewrite's type checker before mod_mime's one. That way the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater RewriteRule [T=...] Flag should work as expected now. PR 19626.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) htpasswd: Check the processed file on validity. If a line is not empty
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater and not a comment, it must contain at least one colon. Otherwise exit
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a problem that caused httpd to be linked with incorrect flags
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater on some platforms when mod_so was enabled by default, breaking
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater DSOs on AIX. PR 19012 [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) By default, use the same CC and CPP with which APR was built.
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater The user can override with CC and CPP environment variables.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix ap_construct_url() so that it surrounds IPv6 literal address
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater strings with []. This fixes certain types of redirection.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 19207. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) forward port of buffer overflow fixes for htdigest. [Thom May]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Added AllowEncodedSlashes directive to permit control of whether
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater the server will accept encoded slashes ('%2f') in the URI path.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Default condition is off (the historical behaviour). This permits
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater environments in which the path-info needs to contain encoded
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) When using Redirect in directory context, append requested query
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater string if there's no one supplied by configuration. PR 10961.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater the pattern will not always match as desired. PR 12596.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) mod_autoindex now emits and accepts modern query string parameter
2178b22c8f4a20a0dfc17c93f67789d58530b6e6Automatic Updater delimiters (;). Thus column headers no longer contain unescaped
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater ampersands. PR 10880 [André Malo]
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater *) Enable ap_sock_disable_nagle for Windows. This along with the
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater to be disabled for Windows. [Allan Edwards]
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater This patch reverts us to pre-2.0.46 behavior, using the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was never compiled on Win32. [Allan Edwards, William Rowe]
765c97d56ccddc9d7904c7d9ff2e2d825d9687e4Automatic Updater *) Fix a build problem with passing unsupported --enable-layout
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater args to apr and apr-util. This broke binbuild.sh as well as
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater user-specified layout parameters. PR 18649 [Justin Erenkrantz,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) If a Date response header was already set in the headers array,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater this value was ignored in favour of the current time. This meant
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater that Date headers on proxied requests where rewritten when they
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater should not have been. PR: 14376 [Graham Leggett]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Add code to buildconf that produces an httpd.spec file from
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater httpd.spec.in, using build/get-version.sh from APR.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Graham Leggett]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fixed a segfault when multiple ProxyBlock directives were used.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) SECURITY: CVE-2003-0134 (cve.mitre.org)
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater OS2: Fix a Denial of Service vulnerability identified and
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater reported by Robert Howard <rihoward rawbw.com> that where device
0098207a9aa183e7a0c4707e3d0f375bccc3aaedAutomatic Updater names faulted the running OS2 worker process. The fix is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater actually in APR 0.9.4. [Brian Havard]
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updater *) SECURITY: CVE-2003-0083 (cve.mitre.org)
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater Forward port: Escape special characters (especially control
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater characters) in mod_log_config to make a clear distinction between
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater client-supplied strings (with special characters) and server-side
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater strings. This was already introduced in version 1.3.25.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) mod_deflate: Check also err_headers_out for an already set
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson Content-Encoding: gzip header. This prevents gzip compressed content
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews from a CGI script from being compressed once more. PR 17797.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas GustafssonChanges with Apache 2.0.45
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix possible segfaults under obscure error conditions within the
e6a6028987f9b57473bb321be55304c7dbf19d8bAutomatic Updater cgid daemon. [Jeff Trawick, William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2003-0132 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Close a Denial of Service vulnerability identified by David
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Endler <DEndler iDefense.com> on all platforms. An unlimited
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater stream of newlines were acceptable between requests where each
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater <lf> would allocate an 80 byte buffer, leading very quickly to
8a507eb20351ee478e8c05620c6899f0a04c1853Automatic Updater memory exahustion. [Brian Pane]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Added an rpm build script.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Graham Leggett, Joe Orton <jorton redhat.com>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Simpler, faster code path for request header scanning [Brian Pane]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) SECURITY: Eliminated leaks of several file descriptors to child
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater processes, such as CGI scripts. This fix depends on the APR library
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater release 0.9.2 or later (0.9.3 was distributed with the httpd
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater source tarball for Apache 2.0.45.) PR 17206
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fix path handling of mod_rewrite, especially on non-unix systems.
8a507eb20351ee478e8c05620c6899f0a04c1853Automatic Updater There was some confusion between local paths and URL paths.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater PR 12902. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Prevent endless loops of internal redirects in mod_rewrite by
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater aborting after exceeding a limit of internal redirects. The
47ff70af9e842bf0f69d209433995216f560fe4aAutomatic Updater limit defaults to 10 and can be changed using the RewriteOptions
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater directive. PR 17462. [André Malo]
06f5acb11f1c32228d93eefd1eb841dbfb1c7f4dAutomatic Updater *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
8a507eb20351ee478e8c05620c6899f0a04c1853Automatic Updater all worker threads are busy.
06f5acb11f1c32228d93eefd1eb841dbfb1c7f4dAutomatic Updater [Igor Nazarenko <igor_nazarenko hotmail.com>]
06f5acb11f1c32228d93eefd1eb841dbfb1c7f4dAutomatic Updater *) Keep the subrequest filter in place when a subrequest is
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater redirected. PR 15423. [Jeff Trawick]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) you can now specify the compression level for mod_deflate.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Michael Schroepl <Michael.Schroepl telekurs.de>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_deflate: Extend the DeflateFilterNote directive to
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater allow accurate logging of the filter's in- and outstream.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Allow SSLMutex to select/use the full range of APR locking
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater mechanisms available to it. Also, fix the bug that SSLMutex uses
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Martin Kutschker <martin.t.kutschker blackbox.net>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Restore the ability of htdigest.exe to create files that contain
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater more than one user. PR 12910. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Improve binary compatibility of the core between debug (aka
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater maintainer-mode) and a non-debug compile.
7fc3b88c3a6e18f8a085406c36fddc2af63619efMark Andrews [Sander Striker]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) mod_usertrack: don't set the cookie in subrequests. This works
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater around the problem that cookies were set twice during fast internal
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater redirects. PR 13211. [André Malo]
da24e725ff982595d74da7e75e9fbd6a696367ccAutomatic Updater *) mod_autoindex no longer forgets output format and enabled version
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater sort in linked column headers. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Use .sv instead of .se as extension for Swedish documents in the
5a28dc400e0e85382e83a479ca60ca3054e6cfccAutomatic Updater default configuration. PR 12877. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater and standardized the LDAP SSL support across the various LDAP SDKs.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater Isolated the SSL functionality to mod_ldap rather than speading it
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater and LDAPTrustedCAType directives to mod_ldap to allow for a more
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater common method of specifying the SSL certificate.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater [Dave Ward, Brad Nicholes]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater skip the first cert of the chain by default. This misbehavior
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater be started on Unix because of such problems as bad permissions,
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater bad shebang line, etc. [Jeff Trawick]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fix 64-bit problem in mod_ssl input logic.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [Justin Erenkrantz]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [Justin Erenkrantz]
603cf17f33da24d460616389ec40d6f2a6e110a0Automatic Updater *) Fix segfault which occurred when a section in an included
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater configuration file was not closed. PR 17093. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Enhance the behavior of mod_isapi's WriteClient() callback to
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater provide better emulation for isapi modules that presume that the
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater first WriteClient() call may send status and headers. An example
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater of WriteClient() abuse is the foxisapi module, which relies on
55aec75784a22e9d06d52b2b8a7d5aa42d31dc00Automatic Updater that assumpion and now works. [William Rowe, Milan Kosina]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) Check the return value of ap_run_pre_connection(). So if the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater pre_connection phase fails (without setting c->aborted)
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater ap_run_process_connection is not executed. [Stas Bekman]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fixed a problem with mod_ldap which caused it to fault when caching
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater was disabled. Needed to make sure that the code did not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater attempt to use the cache if it didn't exist. Also fixed some memory
db5b7e2cdf150c46e8242d3e2e3ad3f5c7300258Automatic Updater leaks which were due to not releasing LDAP resources on error
995eaa289ba9709c64ef89b3776e53c36adc0010Automatic Updater conditions. [Brad Nicholes]
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater mod_rewrite proxied URLs will not be escaped accidentally by
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater mod_proxy's fixup. PR 16368 [André Malo]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) While processing filters on internal redirects, remember seen EOS
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater buckets also in the request structure of the redirect issuer(s). This
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater prevents filters (such as mod_deflate) from adding garbage to the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater response. PR 14451. [André Malo]
67f4b01f01bc7fd1ddf938be8367f6b0ce29a520Automatic Updater *) suexec: Be more pedantic when cleaning environment. Clean it
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews immediately after startup. PR 2790, 10449.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Stewart <jws purdue.edu>, André Malo]
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater *) Fix apxs to insert LoadModule directives only outside of sections.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater PR 8712, 9012. [André Malo]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fix suexec compile error under SUNOS4, where strerror() doesn't
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater exist. PR 5913, 9977.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix If header parsing when a non-mod_dav lock token is passed to it.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 16452. [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater not specified. Now it assumes "/" as already documented. PR 16937.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Try to log an error if a piped log program fails. Try to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater restart a piped log program in more failure situations. Fix an
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater existing problem with error handling in piped_log_spawn(). Use
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater new APR apr_proc_create() features to prevent Apache from starting
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater on Unix* in most cases where a piped log program can be started,
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater and add log messages for the other situations. *Other platforms
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater already failed Apache initialization if a piped log program
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater couldn't be started. PR 15761 [Jeff Trawick]
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater *) Fix mod_cern_meta to not create empty metafiles when the
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater metafile searched for does not exist. PR 12353
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Owen Rees <owen_rees hp.com>]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) Introduce debugging symbols for Win32 release builds, both .pdb
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and .dbg files (older debuggers and Dr. Watson-type utilities
83d29eff2912ef967596eb5ed148de7668b35564Automatic Updater on WinNT or Win9x don't support the newer .pdb flavor.)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Allen Edwards, William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater information (and more). Related to PR 9076. [André Malo]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) mod_file_cache: fix segfault serving mmaped cached files.
129090f0f6f91753b4a085ab635e28549fd018adAutomatic Updater [Bill Stoddard]
098097efb95046a4a5285b6dae95dea3e3b70853Automatic Updater *) mod_file_cache: fixed a segfault when multiple MMapFile directives
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater were used. PR 16313. [Cliff Woolley]
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
78bc8fdc2488c92d7228e8de19827e2c114c56caAutomatic Updater an incompatible pointer type to mmap_bucket_destroy(void*).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Gerard Eviston <geviston bigpond.net.au>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Enable the -n name parameter on NetWare to allow the
9d80d23172c30fd63e5046a7e69b8445e564ff31Automatic Updater administrator to rename the Apache console screen
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater support by default in APR. More development is required
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater to deploy OTHER_CHILD on Win32. [William Rowe]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater *) Use saner default config values for suexec. PR 15713.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Thom May <thom planetarytramp.net>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) apxs: Include any special APR ld flags when linking the DSO.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater This resolves problems on AIX when building a DSO with apxs+gcc.
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater [Jeff Trawick]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) Added character set support to mod_auth_LDAP to allow it to
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater convert extended characters used in the user ID to UTF-8
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater before authenticating against the LDAP directory. The new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater directive AuthLDAPCharsetConfig is used to specify the config
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file that contains the character set conversion table.
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Don't remove the Content-Length from responses in mod_proxy
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater PR: 8677 [Brian Pane]
b1265b5a06df36d490d4bdf54284fb133a1f5a84Automatic Updater *) Ensure LDAP version is set to v3 on every bind. PR 14235.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Sergey A. Lipnevich <sergeyli pisem.net>]
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater *) Fix mod_ldap to open an existing shared memory file should one
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater already exist. PR 12757. [Scooter Morris <scooter gene.com>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater *) Change the ulimit command used by apachectl on AIX so that it
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater works in all locales. [Jeff Trawick]
8f1b19fb7ee72b09e360531691c5e5e941ef2d4eAutomatic Updater *) mod_ext_filter: Fix a problem building argument lists which
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater occasionally caused exec to fail. PR 15491. [Jeff Trawick]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic UpdaterChanges with Apache 2.0.44
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater from Apache 1.3. PR 14276
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [David Shane Holden <dpejesh yahoo.com>, William Rowe]
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Reorder the definitions for mod_ldap and mod_auth_ldap within
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater config.m4 to make sure the parent mod_ldap is defined first.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater This ensures that mod_ldap comes before mod_auth_ldap in the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater httpd.conf file, which is necessary for mod_auth_ldap to load.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater PR 14256 [Graham Leggett]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Fix the building of cgi command lines when the query string
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>,
8a507eb20351ee478e8c05620c6899f0a04c1853Automatic Updater *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater implementation of MCacheMaxStreamingBuffer from mod_cache to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington eliminate the need for explicitly coding MCacheMaxStreamingBuffer
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater in most configurations. [Bill Stoddard]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a redirect occurs. The code was passing a format string and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater integer to apr_pstrcat. Changed to apr_psprintf.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Paul J. Reder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as set by apr-util in util_ldap.c. This should allow mod_ldap
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater <somme oslo.westerngeco.slb.com>, Graham Leggett]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Fix critical bug in new --enable-v4-mapped configure option
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater implementation which broke IPv4 listening sockets on some
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
3493b4e0ef537798b40223472f10158b5032ac70Automatic Updater *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
b16e2045ac28229c31f1ea3ebad15cbcb13e1d24Automatic Updater patterns [André Malo <nd perlig.de>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Add version string to provider API. [Justin Erenkrantz]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews *) build: './configure && make' now works without an in-tree
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater apr and apr-util. [Wilfredo Sanchez]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_negotiation: Set the appropriate mime response headers
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (Content-Type, charset, Content-Language and Content-Encoding)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater for negotated type-map "Body:" responses (such as the error
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater pages.) [André Malo <nd perlig.de>]
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater *) mod_log_config: Allow '%%' escaping in CustomLog format
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater strings to insert a literal, single '%'.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [André Malo <nd perlig.de>]
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater *) mod_autoindex: AddDescription directives for directories
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater now work as in Apache 1.3, where no trailing '/' is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specified on the directory name. Previously, the trailing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater '/' *had* to be specified, which was incompatible with
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater Apache 1.3. PR 7990 [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix for PR 14556. The expiry calculations in mod_cache were
b4cebdb6ccde66a8f3e397a1b90b0cf788519d69Automatic Updater trying to perform "now + ((date - lastmod) * factor)" where
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater date == lastmod resulting in "now + 0". The code now follows
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater the else path (using the default expiration) if date is
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater default calling convention is not the same as the one used by
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) mod_cache: Don't cache response header fields designated
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
0ce87e5749aabb8eef1e0a37e4bd6e6ffa1d7196Automatic Updater [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cgid: Handle environment variables containing newlines.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Move mod_ext_filter out of experimental and into filters.
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews [Jeff Trawick]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Fixed a memory leak in mod_deflate with dynamic content.
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater PR 14321 [Ken Franken <kfranken decisionmark.com>]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) Add --[enable|disable]-v4-mapped configure option to control
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater whether or not Apache expects to handle IPv4 connections
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater on IPv6 listening sockets. Either setting will work on
90ff38a0d8deaf5f9c2aa5916d99b2e572d28738Automatic Updater systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater must be used on systems that always allow IPv4 connections on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater [Jeff Trawick]
78d7186253dfed549ec0ce2d7c2b08a7978ede9cAutomatic Updater *) This fixes a problem where the underlying cache code
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater indicated that there was one more element on the cache
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater than there actually was. This happened since element 0
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews exists but is not used. This code allocates the correct
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater number of useable elements and reports the number of
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews actually used elements. The previous code only allowed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater MCacheMaxObjectCount-1 objects to be stored in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater cache. [Paul J. Reder]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_setenvif: Add SERVER_ADDR special keyword to allow
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater envariable setting according to the server IP address
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which received the request. [Ken Coar]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cgid: Terminate CGI scripts when the client connection
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater drops. PR 8388 [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Rearrange OpenSSL engine initialization to support RAND
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater redirection on crypto accelerator.
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater [Frederic DONNAT <frederic.donnat zencod.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Always emit Vary header if mod_deflate is involved in the
681beefc668253b3e469a1de282fbc33a3752422Automatic Updater request. [André Malo <nd perlig.de>]
ce0fd07045292942bfa3e755d9ce596941528a63Automatic Updater *) mod_isapi: Stop unsetting the 'empty' query string result with
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater a NULL argument in ecb->lpszQueryString, eliminating segfaults
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater for some ISAPI modules. PR 14399
96713299d08c0735c18ebe8772dd2cc1ecd4356aAutomatic Updater *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater notification is received before the HttpExtensionProc() returns
97669cab1f7e6f953dbf39ef1b2c4206ecb50d9eAutomatic Updater HSE_STATUS_PENDING. This only affected isapi .dll's configured
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater with the ISAPIFakeAsync on directive. PR 11918
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_isapi: Fix the issue where all results from mod_isapi would
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater run through the core die handler resulting in invalid responses
c6517a807173827b8f638d31303805ee4c1d8054Automatic Updater or access log entries. PR 10216 [William Rowe]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) Improves the user friendliness of the CacheRoot processing
6a6965084d061016f7ba44637c7c50e096cac36aAutomatic Updater over my last pass. This version avoids the pool allocations
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater but doesn't avoid all of the runtime checks. It no longer
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater terminates during post-config processing. An error is logged
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater once per worker, indicating that the CacheRoot needs to be set.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Paul J. Reder]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Fix a bug where we keep files open until the end of a
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater keepalive connection, which can result in:
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (24)Too many open files: file permissions deny server access
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater especially on threaded servers. [Greg Ames, Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a bug in which mod_proxy sent an invalid Content-Length
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when a proxied URL was invoked as a server-side include within
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater a page generated in response to a form POST. [Brian Pane]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) Added code to process min and max file size directives and to
0c42fc3acc95ea284cf1bfdf6869d1836756ebb9Automatic Updater init the expirychk flag in mod_disk_cache. Added a clarifying
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater comment to cache_util. [Paul J. Reder]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) The value emitted by ServerSignature now mimics the Server HTTP
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater *) Gracefully handly retry situations in the SSL input filter,
098097efb95046a4a5285b6dae95dea3e3b70853Automatic Updater by following the SSL libraries' retry semantics.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Terminate CGI scripts when the client connection drops. This
98215f712033f868cc65cc2e54894bf770517883Automatic Updater fix only applies to some normal paths in mod_cgi. mod_cgid
71bd43eebd9d6e42dbcae62b730f5b6508d5acd8Automatic Updater is still busted. PR 8388 [Jeff Trawick]
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) Fix a bug where 416 "Range not satisfiable" was being
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater returned for content that should have been redirected.
3e5340279d8875d136a4dd815cccad0044aa2644Automatic Updater *) Fix memory leak in mod_ssl from internal SSL library allocations
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater within SSL_get_peer_certificate and X509_get_pubkey.
0429fc942ef48b8ab07a01648b22f98174a2ae6fAutomatic Updater Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater *) mod_ssl uses free() inappropriately in several places, to free
7f79131f9a8e804b93c57f3c679065cce878b726Automatic Updater memory which has been previously allocated inside OpenSSL.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater Such memory should be freed with OPENSSL_free(), not with free().
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [Nadav Har'El <nyh math.technion.ac.il>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) Emit a message to the error log when we return 404 because
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the URI contained '%2f'. (This was previously nastily silent
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and difficult to debug.) [Ken Coar]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix streaming output from an nph- CGI script. CGI:IRC now
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater works. PR 8482 [Jeff Trawick]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) More accurate logging of bytes sent in mod_logio when
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater the client terminates the connection before the response
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is completely sent [Bojan Smojver <bojan rexursive.com>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Fix some problems in the perchild MPM.
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater [Jonas Eriksson <jonas webkonsulterna.com>]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Change the CacheRoot processing to check for a required
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater value at config time. This saves a lot of wasted processing
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater if the mod_disk_cache module is loaded but no CacheRoot
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater was provided. This fix also adds code to log an error
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater and avoid useless pallocs and procesing when the computed
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater cache file name cannot be opened. This also updates the
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater docs accordingly. [Paul J. Reder]
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater *) Introduce the EnableSendfile directive, allowing users of NFS
30cd5217f750e75c24b4fe4b5ecf92e832ba64c3Automatic Updater shares to disable sendfile mechanics when they either fail
40696c4c389a780082fb77840c173b201ce696d6Automatic Updater outright or provide intermitantly corrupted data. PR
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Resolve the error "An operation was attempted on something
5a28dc400e0e85382e83a479ca60ca3054e6cfccAutomatic Updater that is not a socket. : winnt_accept: AcceptEx failed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Attempting to recover." for users of various firewall and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater anti-virus software on Windows. PR 8325 [William Rowe]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) Add the ProxyBadHeader directive, which gives the admin some
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater control on how mod_proxy should handle bogus HTTP headers from
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater desired. [Jim Jagielski]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Change the LDAP modules to export their symbols correctly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater during a Windows build. Add dsp files for Windows. Update
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater README.ldap file for Windows build instructions.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Performance improvements for the code that generates HTTP
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater response headers [Brian Pane]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Add -S as a synonym for -t -DDUMP_VHOSTS.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Thom May <thom planetarytramp.net>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a bug with dbm rewrite maps which caused the wrong value to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be used when the key was not found in the dbm. PR 13204
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a problem with streaming script output and mod_cgid.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) Add ap_register_provider/ap_lookup_provider API.
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater [John K. Sterling <john sterls.com>, Justin Erenkrantz]
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic UpdaterChanges with Apache 2.0.43
be7f27304337afbf078e8bd8db0f951a33abe33bAndreas Gustafsson *) SECURITY: CVE-2002-0840 (cve.mitre.org)
22efac94468806d25459fa9d4faa6b1eb16c30a8Automatic Updater HTML-escape the address produced by ap_server_signature() against
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater this cross-site scripting vulnerability exposed by the directive
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater 'UseCanonicalName Off'. Also HTML-escape the SERVER_NAME
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater environment variable for CGI and SSI requests. It's safe to
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington escape as only the '<', '>', and '&' characters are affected,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater which won't appear in a valid hostname. Reported by Matthew
11ba7973f989b3657cbb27447bdcdd976c71ac56Brian Wellington Murphy <mattmurphy kc.rr.com>. [Brian Pane]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) Fix a core dump in mod_cache when it attemtped to store uncopyable
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater buckets. This happened, for instance, when a file to be cached
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater contained SSI tags to execute a CGI script (passed as a pipe
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater bucket). [Paul J. Reder]
e5fe07a7ebff18f7ed4ac434b37daff6c8ee5d5bAutomatic Updater *) Ensure that output already available is flushed to the network
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater when the content-length filter realizes that no new output will
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater be available for a while. This helps some streaming CGIs as
229ea4644b3a7d9c7fdaa43888e7f55ba01e2ee3Automatic Updater well as some other dynamically-generated content. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a mutex problem in mod_ssl session cache support which
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater could lead to an infinite loop. PR 12705
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) SECURITY: CVE-2002-1156 (cve.mitre.org)
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater Fix the exposure of CGI source when a POST request is sent to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater a location where both DAV and CGI are enabled. [Ryan Bloom]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Allow the UserDir directive to accept a list of directories.
5a28dc400e0e85382e83a479ca60ca3054e6cfccAutomatic Updater This matches what Apache 1.3 does. Also add documentation for
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater this feature. [Jay Ball <jay veggiespam.com>]
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater *) New Module: mod_logio. adds the ability to log bytes sent and
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater received. [Bojan Smojver <bojan rexursive.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SuExec needs to use the same default directory as the rest of
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [SangBeom han <sbhan os.korea.ac.kr>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Make sure the contents of the WWW-Authenticate header is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater passed on a 4xx error by proxy. Previously all headers
a900e4f99ff134b567b6df5ac2c841c7d0c551d3Automatic Updater were dropped, resulting in the browser being unable to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater <gwiseman fscinternet.com>, David Henderson
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Make mod_cache's CacheMaxStreamingBuffer directive work
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater properly for virtual hosts that override server-wide mod_cache
faa406d25d1d73b04a1351d1e62ab55557ed61ebAutomatic Updater setttings. [Matthieu Estrade <estrade-m ifrance.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Add -p option to apxs to allow programs to be compiled with apxs.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Justin Erenkrantz]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterChanges with Apache 2.0.42
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_dav: Check for versioning hooks before using them.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterChanges with Apache 2.0.41
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) The protocol version (eg: HTTP/1.1) in the request line parsing
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater is now case insensitive. [Jim Jagielski]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) Allow AddOutputFilterByType to add multiple filters per directive.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Justin Erenkrantz]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fixed mod_disk_cache's generation of 304s
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Add support for using fnmatch patterns in the final path
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews segment of an Include statement (eg.. include /foo/bar/*.conf).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and remove the noise on stderr during config dir processing.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Joe Orton <jorton redhat.com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cache: cache_storage.c. Add the hostname and any request
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews args to the key generated for caching. This provides a unique
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews key for each virtual host and for each request with unique
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews args. [Paul J. Reder, args code provided by Kris Verbeeck]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) mod_cache: Do not cache responses to GET requests with query
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews URLs if the origin server does not explicitly provide an
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Expires header on the response (RFC 2616 Section 13.9)
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [Kris Verbeeck <krisv be.ubizen.com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Update OpenSSL detection to work on Darwin.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Sander Temme <sctemme covalent.net>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Update the xslt and css to give the documentation a more
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews modern style.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fix some bucket memory leaks in the chunking code
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews [Joe Schaefer <joe+apache sunstarsys.com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cache: added support for caching streamed responses (proxy,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Ian Holsman, Peter Bieringer <pb bieringer.de>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fix FileETags none operation. PR 12207.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Restored the experimental leader/followers MPM to working
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews condition and converted its thread synchronization from
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews mutexes to atomic CAS. [Brian Pane]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fix Logic on non-html file removal in mod_deflate
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix "ab -g"'s truncated year: the last digit was cut off.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Leon Brocard <acme astray.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite can now sets cookies in err_headers, uses the correct
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson expiry date, and can now set the path as well
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 12132,12181,12172.
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson *) The content-length filter no longer tries to buffer up
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the entire output of a long-running request before sending
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater anything to the client. [Brian Pane]
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson *) Win32: Lower the default stack size from 1MB to 256K. This will
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater allow around 8000 threads to be started per child process.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater 'EDITBIN /STACK:size apache.exe' can be used to change this
34729dbcb3526974cf98ee03ec20a107d9458417Andreas Gustafsson value directly in the apache.exe executable.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Bill Stoddard]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Win32: Implement ThreadLimit directive in the Windows MPM.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Bill Stoddard]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Remove CacheOn config directive since it is set but never checked.
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater No sense wasting cycles on unused code. Besides, the only truly
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson bug free code is deleted code. :) [Paul J. Reder]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) BufferLogs are now run-time enabled, and the log_config now has 2 new
02973ab41430678c285ef7ae6d1183003469a3bcAutomatic Updater callbacks to allow a 3rd party module to actually do the writing of the
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater log file [Ian Holsman]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [André Malo, Astrid Keßler <kess kess-net.de>]
713c3d5b18463f2479973e4d14f73248e60a5df7Mark Andrews *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Fix a null pointer dereference in the merge_env_dir_configs
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington function of the mod_env module. PR 11791
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Paul J. Reder]
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater *) New option to ServerTokens 'maj[or]'. Only show the major version
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Also Surfaced this directive in the standard config (default FULL)
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
2fd97723b2ec7fc1975672780ab0c1c9a8c369d6Automatic Updater RewriteMap directive. PR 10644 [Jeff Trawick]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater pairs will no longer get out of sync with each other. PR 9534
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Cliff Woolley]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fixes required to get quoted and escaped command args working in
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson mod_ext_filter. PR 11793 [Paul J. Reder]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater *) mod-proxy: handle proxied responses with no status lines
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix bug where environment or command line arguments containing
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews non-ASCII-7 characters would cause the Win32 child process creation
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to fail. PR 11854 [William Rowe]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Bug #11213.. make module loading error messages more informative
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Ian Darwin <Ian779 darwinsys.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) mod_disk_cache works much better. This module should still
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews be considered experimental. [Eric Prud'hommeaux]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Performance improvement for keepalive requests: when setting
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater aside a small file for potential concatenation with the next
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater response on the connection, set aside the file descriptor rather
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater than copying the file into the heap. [Brian Pane]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Modified version check on openssl so that it finds the executable
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews first and then performs a check of the version, only warning the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews user if they chose, or we selected, an old version of OpenSSL.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews This change also allows the code to work for non-openssl libraries
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews selected via the --with-ssl=dir option, which can override the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews automated library check in any case. [Roy Fielding]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsChanges with Apache 2.0.40
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) SECURITY: CVE-2002-0661 (cve.mitre.org)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Close a very significant security hole that
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews applies only to the Win32, OS2 and Netware platforms. Unix was not
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews affected, Cygwin may be affected. Certain URIs will bypass security
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews and allow users to invoke or access any file depending on the system
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews configuration. Without upgrading, a single .conf change will close
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the vulnerability. Add the following directive in the global server
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews httpd.conf context before any other Alias or Redirect directives;
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews RedirectMatch 400 "\\\.\."
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Reported by Auriemma Luigi <bugtest sitoverde.com>.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Brad Nicholes]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) SECURITY: CVE-2002-0654 (cve.mitre.org)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Close a path-revealing exposure in multiview type
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater map negotiation (such as the default error documents) where the
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews module would report the full path of the typemapped .var file when
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater multiple documents or no documents could be served based on the mime
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [William Rowe]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) SECURITY: CVE-2002-0654 (cve.mitre.org)
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Close a path-revealing exposure in cgi/cgid when we
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater fail to invoke a script. The modules would report "couldn't create
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater child process /path-to-script/script.pl" revealing the full path
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater of the script. Reported by Jim Race <jrace qualys.com>.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Bill Stoddard]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Set aside the apr-iconv and apr_xlate() features for the Win32
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater build of 2.0.40 so development can be completed. A patch, from
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews will be available for those that wish to work with apr-iconv.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [William Rowe]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fix proxy so that it is possible to access ftp: URLs via a proxy
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater set to 1, so we can exclude things from the general case with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Accept multiple leading /'s for requests within the DocumentRoot.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Solved the reports of .pdf byterange failures on Win32 alone.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater APR's sendfile for the win32 platform collapses header and trailer
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews buffers into a single buffer. However, we destroyed the pointers
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to the header buffer if a trailer buffer was present. PR 10781
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [William Rowe]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_ext_filter: Add the ability to enable or disable a filter via
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews an environment variable. Add the ability to register a filter of
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Restore the ability to specify host names on Listen directives.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) When deciding on the default address family for listening sockets,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews make sure we can actually bind to an AF_INET6 socket before
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews deciding that we should default to AF_INET6. This fixes a startup
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Replace usage of atol() to parse strings when we might want a
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews larger-than-long value with apr_atoll(), which returns long long.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews This allows HTTPD to deal with larger files correctly.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Shantonu Sen <ssen apple.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) mod_ext_filter: Ignore any content-type parameters when checking if
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the response should be filtered. Previously, "intype=text/html"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews wouldn't match something like "text/html;charset=8859_1".
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) mod_ext_filter: Set up environment variables for external programs.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Craig Sebenik <craig netapp.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Modified the HTTP_IN filter to immediately append the EOS (end of
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews stream) bucket for C-L POST bodies, saving a roundtrip and allowing
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater the caller to determine that no content remains without prefetching
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews additional POST body. [William Rowe]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Changes to the internationalized error documents:
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Comment them out in the default config file to make the default
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews install as simple as possible; Correct the english 500 error to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews be more understandable; Add a Swedish translation.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Thomas Sjogren <thomas northernsecurity.net>,
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Increase the limit on file descriptors per process in apachectl.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Brian Pane]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fix a dependency error when building ApacheMonitor, so that Win32
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews and MSVC now trust that the project is current (when it is).
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [James Cox <imajes php.net>]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) APR-Util Renames pending have been completed [Thom May]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Performance improvements for the code that reads request
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews headers (ap_rgetline_core() and related functions) [Brian Pane]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to configure the maximum amount of memory the allocators will
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews hold on to for reuse. Anything over the MaxMemFree threshold
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews will be free()d. This directive is useful when uncommon large
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews peaks occur in memory usage. It should _not_ be used to mask
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews defective modules' memory use. [Sander Striker]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews scripts would not result in a truncated response.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Add a filter_init parameter to the filter registration functions
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews so that a filter can execute arbitrary code before the handlers
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews are invoked. This resolves a problem where mod_include requests
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews would incorrectly return a 304. [Justin Erenkrantz]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix a long-standing bug in 2.0, CGI scripts were being called
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews with relative paths instead of absolute paths. Apache 1.3 used
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews absolute paths for everything except for SuExec, this brings back
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews that standard. [Ryan Bloom]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix infinite loop due to two HTTP_IN filters being present for
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater internally redirected requests. PR 10146. [Justin Erenkrantz]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Justin Erenkrantz]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix mod_ext_filter to look in the main server for filter definitions
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater when running in a vhost if the filter definition is not found in
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the vhost. PR 10147 [Jeff Trawick]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Support WinNT CGI invocation through ScriptInterpreterSource
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater 'registry' for script interpreter paths and names with non-ascii
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater characters in the executable filepath. [William Rowe]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Support the -w flag on to keep the Win32 console open on error.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [William Rowe]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Normalize the hostname value in the request_rec to all-lowercase
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Perry Harrington <pedward webcom.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews extended characters (non US-ASCII) in non-utf8 format. This brings
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Win32 back into CGI/1.1 compliance, and leaves charset decoding up
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to the cgi application itself. [William Rowe]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews modules to bring them up to the current apr/apr-util APIs.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [William Rowe]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix segfault in mod_mem_cache most frequently observed when
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews serving the same file to multiple clients on an MP machine.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Bill Stoddard]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain])
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fix perchild to work with apachectl by adding -k support to perchild.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews PR 10074 [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix a silly htpasswd.c logic error that incorrectly reported that
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews both -c and -n had been used. PR 9989 [Cliff Woolley]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fixed a mod_include error case in which no HTTP response was sent
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to the client if an shtml document contained an unterminated SSI
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater directive [Brian Pane]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Improve ap_get_client_block implementation by using APR-util brigade
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater helper functions and relying on current filter assumptions.
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Justin Erenkrantz]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsChanges with Apache 2.0.39
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fixed a build problem in htpasswd.c on Win32.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsChanges with Apache 2.0.38
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Rewrite htpasswd to use APR. The removes the annoying warning about
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews tmpnam being unsafe. [Ryan Bloom]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) We must set the MIME-type for .shtml files to text/html if we want them
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews to be parsed for SSI tags. Add the config for that to the default
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews config file so that it is easier to enable .shtml parsing.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Dave Dyer <ddyer real-me.net>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fixed a problem with 'make install' on ReliantUnix.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Make the default_handler catch all requests that aren't served by
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews another handler. This also gets us to return a 404 if a directory
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews is requested, there is no DirectoryIndex, and mod_autoindex isn't
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews loaded. [Justin Erenkrantz]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fixed the handling of nested if-statements in shtml files.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews PR 9866 [Brian Pane]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Allow 'make install DESTDIR=/path'. This allows packagers to install
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews into a directory different from the one that was configured. This
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews also mirrors the root= feature from 1.3. We cannot use prefix=,
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater because both APR and APR-util resolve their installation paths at
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater configuration time. This means that there is no variable prefix
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to replace. [Andreas Hasenack <andreas netbank.com.br>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews These levels of AIX don't have a thundering herd problem with
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater accept(). [Jeff Trawick]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) prefork MPM: Ignore mutex errors during graceful restart. For
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater certain types of mutexes (particularly SysV semaphores), we
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews should expect to occasionally fail to obtain or release the
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater mutex during restart processing. [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix install-bindist.sh so that it finds any perl instead of just
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews early perl 5.x versions. This is consistent with a build/install
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews from source, and it allows the perl scripts installed by a bindist
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater to work on systems with perl 5.6. [Jeff Trawick]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews Tru64 (and probably some other platforms). [Jeff Trawick]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Allow CGI scripts to return their Content-Length. This also fixes a
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater hang on HEAD requests seen on certain platforms (such as FreeBSD).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Justin Erenkrantz]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Added log rotation based on file size to the RotateLog support
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews utility. [Brad Nicholes]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix some casting in mod_rewrite which broke random maps.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark AndrewsChanges with Apache 2.0.37
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) allow POST method over SSL when per-directory client cert
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews authentication is used with 'SSLOptions +OptRenegotiate' enabled
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews and a client cert was found in the ssl session cache.
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews session cache when there is no cert chain in the cache. prior to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews the fix this situation would result in a FORBIDDEN response and
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews error message "Cannot find peer certificate chain"
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews [Doug MacEachern]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews one was already sent. PR 9644 [Jeff Trawick]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix the display of the default name for the mime types config
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews *) Fix the working directory *for WinNT/2K/XP services only* to
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews change to the Apache directory (one level above the location
e9ab17d95e4288ab5ddedb7c89a9588c13c74bddMark Andrews of Apache.exe, in the case that Apache.exe resides in bin/.)
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater Solves the case of ServerRoot /foo paths where /foo was not
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater on the same drive as /winnt/system32. [William Rowe]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Make 2.0's "AcceptMutex" startup message now "completely"
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater match how 1.3 does it. [Jim Jagielski]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Implement a fixed size memory cache using a priority queue
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Fix apxs to allow "apxs -q installbuilddir" and to allow
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater querying certain other variables from config_vars.mk. PR 9316
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater [Jeff Trawick]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater *) Added the "detached" attribute to the cgi_exec_info_t internals
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews so that Win32 and Netware won't create a new window or console
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater for each CGI invoked. PR 8387
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater [Brad Nicholes, William Rowe]
2f60dbd3787caa91e8ab1d7ae39ea312ad5ba31fAutomatic Updater *) Consolidated the command line parameters and attributes that are
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater manipulated by the optional function ap_cgi_build_command() in
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_cgi into a single structure.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Get rid of uninitialized value errors with "apxs -q" on certain
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater variables. [Stas Bekman <stas stason.org>]
782b50b4ebbd48d570831f66d8ffc550e0db340cAutomatic Updater *) Fix apxs to allow it to work when the build directory is somewhere
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Jeff Trawick and a host of others]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) Allow ap_discard_request_body to be called multiple times in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater same request. Essentially, ap_http_filter keeps track of whether
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater it has sent an EOS bucket up the stack, if so, it will only ever
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater send an EOS bucket for this request.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Ryan Bloom, Justin Erenkrantz, Greg Stein]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Remove all special mod_ssl URIs. This also fixes the bug where
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater redirecting (.*) will allow an SSL protected page to be viewed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater without SSL. [Ryan Bloom]
96249c843a6d0df50c583579b0be030e323acc37Automatic Updater *) Fix the binary build install script so that the build logic
3f616e6f846be57b1717c6beaba0f74de9d5a7c6Automatic Updater created by "apxs -g" will work when the user has a binary
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater build. [Jeff Trawick]
63d98873e29dee9608c27f40613cb69d130a56e7Mark Andrews *) Allow instdso.sh to work with full paths to the shared module.
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater [Justin Erenkrantz]
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews *) NetWare: Enabled CGI functionality and added mod_cgi as a built
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater in module for NetWare [Brad Nicholes]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Changed cgi and piped log behavior to accept 65536 characters
72628f51c75245fa522fc27ac982392891e7bf87Automatic Updater on Win32 (matching Linux) before deadlocking between outputing
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater client stdin, slurping the output from stdout and then the stderr
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater stream. PR 8179 [William Rowe]
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater *) Fixed Win32 wintty.exe support to assure the window title is valid.
*) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
[James Tait <JTait wyrddreams.demon.co.uk>]
*) Fix problem where mod_cache/mod_disk_cache was incorrectly
PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
[Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
"<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
[Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
[Kazuhisa ASADA <kaz asada.sytes.net>]
"make certificate" feature of mod_ssl for Apache 1.3.x. Test
may now be specified to the <File/Directory > container, rather
rather than MS APIs (using our own mod_isapi.h headers for ISAPI
[Andreas Sundström <sunkan zappa.cx>]
[Asada Kazuhisa <kaz asada.sytes.net>]
that Alias/ScriptAlias will override Userdir. PR 8841
[Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
*) Remove autom4te.cache in 'make distclean'.
[Thom May <thom planetarytramp.net>]
*) Fix generated httpd.conf to respect layout for LoadModule lines.
PR 8170. [Thom May <thom planetarytramp.net>]
*) Reverted a minor optimization in mod_ssl.c that used the vhost ID
program in SSLLog "| /path/to/program". [Cliff Woolley]
*-std.conf files. [Aaron Bannert]
[Colm <colmmacc redbrick.dcu.ie>]
*) Fix Win32 'short name' aliases in httpd.conf directives.
*) Fix generation of default httpd.conf when the layout paths are
experimental directory. [Scott Lamb <slamb slamb.org>]
ap_uname2id. [Scott Lamb <slamb slamb.org>]
*) SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803]
underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
*) Change instdso.sh to use libtool --install everywhere and then
and the old instdso.sh logic to simply cp the DSO didn't handle
directory. [Thom May <thom planetarytramp.net>]
located in server/mpm/experimental. [Justin Erenkrantz]
[Andreas Hasenack <andreas netbank.com.br>]
rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
*) Deprecated the apr_lock.h API. Please see the following files
[Ryan Morgan <rmorgan covalent.net>]
*) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
*) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
[Sung Kim <hunkim cse.ucsc.edu>]
*) Allow all Perchild directives to accept either numerical UID/GID
by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
so that we can stop using malloc/free so frequently.
[Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
*) Added exp_foo and rel_foo variables to config_vars.mk for
*) Fix some restart/terminate problems in the worker MPM. Don't
*) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
RFC 3253. Improved the method name/number mapping functions.
*) remove sock_enable_linger from connection.c [Ian Holsman]
has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
*) Fix apxs -g handling. Move config_vars.mk from the top build
*) Add a missing manualdir entry in the Debian config.layout.
[Thom May <thom planetarytramp.net>]
*) Modify receive/send loop in proxy_http and proxy_ftp so that
[Aaron Bannert, James LewisMoss <dres lewismoss.net>]
*) Add a missing errordir entry in the Debian config.layout. PR: 10067
[Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
Thom May <thom planetarytramp.net>]
HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
--bindir, etc. [Thom May <thom planetarytramp.net>]
[Thom May <thom planetarytramp.net>]
*) Change mod_ssl to always do a full startup/teardown on restarts.
*) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
to one of the following new lock APIs: apr_thread_mutex.h,
use the apr_lock.h API, as the old API will soon be deprecated.
[Ryan Morgan <rmorgan covalent.net>]
non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
[Jos Backus <josb cncdsl.com>, Aaron Bannert]
[Adam Sussman <myddryn vishnu.vidya.com>]
[David MacKenzie <djm pix.net>]
[David MacKenzie <djm pix.net>]
created. [Adam Sussman <myddryn vishnu.vidya.com>]
Content-Lengths. [Sander Striker <striker apache.org>]
behavior without changes to the httpd.conf. [William Rowe]
and apr_file_dup2 functions. Win2K/XP services have no handles
associated for stdin/out/err, which caused unpredictable behavior
[Brian Reid <breid customlogic.com>,
Zvi Har'El <rl math.technion.ac.il>]
*) binbuild.sh: Make sure that we use the expat from our source
"LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
of a file retrieval. Example: ftp://user@host/httpd/server/*.c
[Joe Orton <joe manyfish.co.uk>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
filter stack when handling a GET request. The mod_dav/provider
duplicating the appropriate .h files such as os.h into the include
Use SSL functions/macros instead of directly dereferencing SSL
Add $SSL/include to configure search path.
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
[albert chin <china thewrittenword.com>]
modules (e.g., the identifer for mod_log_config was previously
[James Watson <ap2bug sowega.org>]
*) Change core code to allow an MPM to set hard thread/server
working with more than one vhost/uid. [Aaron Bannert]
mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
*) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
[Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
Gomez Henri <hgomez slib.fr>]
configured [John Sterling <sterling covalent.net>]
*) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
[Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
done being generated. [Brian Pane <bpane pacbell.net>]
[John Sterling <sterling covalent.net>]
*) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
do. [Brian Pane <bpane pacbell.net>]
[Brian Pane <bpane pacbell.net>]
*) Fix infinite loop in mod_cgid.c.
SSL/plain, and depending also on the current setting of
AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
*) Introduce htdbm, a user management utility for db/dbm authorization
databases. [Mladen Turk <mturk mappingsoft.com>]
[Brian Pane <bpane pacbell.net>]
the port string. [Zvi Har'El <rl math.technion.ac.il>]
*) Add the support/checkgid helper app, which checks the run-time
*) Fix some bungling of the remote port in rfc1413.c so that
[Brian Pane <bpane pacbell.net>]
input and/or output filters to the request to the origin. While
the default httpd.conf for any module that was compiled
as a DSO. [Aaron Bannert <aaron clove.org>]
[Aaron Bannert <aaron clove.org>]
WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
[Aaron Bannert <aaron clove.org>]
and add commonly used audio/x-mpegurl for m3u extensions.
[Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
relocated. [Aaron Bannert <aaron clove.org>]
*) Update the mime.types file to the registered media types as
[Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Ian Holsman <ianh cnet.com>]
*) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
[Brian Pane <bpane pacbell.net>]
[Aaron Bannert <aaron clove.org>]
segments for. [Aaron Bannert <aaron clove.org>]
*) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
roll build_command_line/build_argv_list into a unified, overrideable
*) Back out the 1.45 change to util_script.c. This change made
[Taketo Kabe <kabe sra-tohoku.co.jp>]
compute variables. [Brian Pane <bpane pacbell.net>]
the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
than per character. [Brian Pane <bpane pacbell.net>]
(which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
This is not to be confused with support for the WinNT/Win32
cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
but refused to check the mime.types file if AddType wasn't given
without setting the AddType text/html html would cause Apache to
[Aaron Bannert <aaron clove.org>]
an explicit request. E.g., if the .Z extension is associated with
an unzip filter, the user request somefile.Z.html, mod_negotiation
.html extension is associated with ContentType text/html.
shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
get/set/delete sessions using mod_ssl's callbacks
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
Geoff Thorpe <geoff geoffthorpe.net>]
pools more cleanly. [Aaron Bannert <aaron clove.org>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[John Sterling <sterling covalent.net>]
[Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
associated filename (e.g., we're filtering the error document for
*) Added the common error/ tree to the build/install targets
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Dave Carrigan <dave rudedog.org>, Graham Leggett]
[Mladen Turk <mturk mappingsoft.com>, William Rowe]
*) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
[Cody Sherr <csherr covalent.net>]
*) We have always used the obsolete/deprecated Netscape syntax
in a dependency list (e.g., OS/390 make, certain levels of GNU
*) Install the SSL headers. [John Sterling <sterling covalent.net>]
[Cody Sherr <csherr covalent.net>]
[Mladen Turk <mturk mappingsoft.com>]
[Richard Labennett <rlabenn us.ibm.com>]
(e.g. for mod_dir) but none can be served. mod_negotation now
*) Add a handler to mod_includes.c. This handler is designed to
and have those methods <limit>able in the httpd.conf. It uses
the same bit mask/shifted offset as the original HTTP methods
an int provides. [Cody Sherr <csherr covalent.net>]
Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
*) Add a single listener/multiple worker MPM. This MPM is
*) Apache/Win32 now fills in the service description with Apache's
create the proper cgi-bin examples, including a test-cgi.bat, and
fix the perl shebang line for printenv.pl, when installing from
*) Fix a segfault in threaded.c caused by passing uninitialized
*) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
[Günter Knauf <eflash gmx.net>]
#ifdefs. This has bitten us many times in generating the exports.c
[Sander Striker <striker apache.org>]
[Cody Sherr <csherr covalent.net>]
*) Performance improvement to mod_mime.c. find_ct() in mod_mime,
httpd.conf, the tables for languages and charsets are somewhat
a nice speedup. [Brian Pane <bpane pacbell.net>]
[Harrie Hazewinkel <harrie covalent.net>]
with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
[Ian Holsman <ianh cnet.com>]
*) Fix seg faults and/or missing output from mod_include. The
*) Automatically generate httpd.exp for AIX.
[Ryan Morgan <rmorgan covalent.net>]
add/append/set headers based on this envar thusly:
*) Optimise reset_filter() in http_protocol.c. [Greg Stein]
*) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
This prevented the inclusion of apr_compat.h. PR #7773
[Oleg Broytmann <phd phd.pp.ru>]
been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
[Barrie Slaymaker <barries slaysys.com>]
and moving hints.m4 inline. [Roy Fielding]
[Ian Holsman <IanH cnet.com>]
[Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
*) Get mod_tls to compile/work better on Windows. PR #7612
*) Fix shutdown/restart hangs in the threaded MPM.
[John K. Sterling <sterling covalent.net>]
[Graham Leggett <minfrin sharp.fm>]
required into the core. [Harrie Hazewinkel <harrie covalent.net>]
[jun-ichiro hagino <itojun iijlab.net>]
[Ryan Morgan <rmorgan covalent.net>]
[Justin Erenkrantz <jerenkrantz ebuilt.com>]
Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
[<giles nemeton.com.au>]
--with-module=module_type:/path/to/module.c
The configure script will copy the module.c file to
modules/module_type, and it will be added to the relevant Makefiles.
*) Change the default installation directory to /usr/local/apache2,
as now defined by the "Apache" layout in config.layout. [Marc Slemko]
*) Make generic hooks to work, with mod_generic_hook_import/export
us use a consistent location for the config.layout file, and it
[jun-ichiro hagino <itojun iijlab.net>]
csv/gnuplot format, rudimentary ssl support and various other tweaks
apache. Often by a order of magnitude :-) See talk/paper of Sander
[Taketo Kabe <kabe sra-tohoku.co.jp>]
libtool muck that is now under srclib/apr/build. [Roy Fielding]
*) Fix bug in the Unix threaded.c MPM that allowed child processes
PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
[Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
*) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
[Graham Leggett <minfrin sharp.fm>]
[Jon Travis <jtravis covalent.net>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
[Ryan Morgan <rmorgan covalent.net>]
[Dan Rench <drench xnet.com>]
one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
[Mike Abbot <mja trudge.engr.sgi.com>]
[Jon Travis <jtravis covalent.net>]
*) Fix a seg fault in mod_userdir.c. We used to use the pw structure
[Taketo Kabe <kabe sra-tohoku.co.jp> and
Cliff Woolley <cliffwoolley yahoo.com>]
[Jon Travis <jtravis covalent.net>]
versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
[Taketo Kabe <kabe sra-tohoku.co.jp>]
current hooks better. [Ryan Morgan <rmorgan covalent.net>]
added feature of allowing a uid/gid per child process. If no
uid/gid is specified, then Perchild behaves exactly like dexter.
[Gomez Henri <new-httpd slib.fr>]
*) Add a very early prototype of SSL support (in mod_tls.c). It is
vital that you read modules/tls/README before attempting to build
to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
[Paul J. Reder <rederpj raleigh.ibm.com>]
*) Correct a typo in httpd.conf.
[Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
PR#7170 [Danek Duvall <dduvall eng.sun.com>]
*) Adopt apr user/group name features for mod_rewrite. Eliminates some
'extra' stat's for user/group since they should never occur, and now
Win32/OS2 exceptions without hiccuping. [William Rowe]
*) Modify the apr_stat/lstat/getfileinfo calls within apache to use
*) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
mpm_common.c. These functions are only valid on some platforms,
*) Update highperformance.conf to work with either prefork or
i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
hints.m4) of various compilation flags (eg: CFLAGS). Also,
*) Allow the buildconf process to find the config.m4 files in the correct
the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
[Cliff Woolley <cliffwoolley yahoo.com>]
server root from the Apache.exe path.
loadable modules, dynamic libs are all named libfoo.dll, and the
makefile.win populates the include, lib and libexec directories.
numeric address strings (e.g., "Listen [fe80::1]:8080").
*) Get the functions in server/linked into the server, regardless of
be loadable into the server. Our new build/install mechanism expects
to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
and installs the conf, htdocs and htdocs/manual directories.
[Paul J. Reder <rederpj raleigh.ibm.com>]
time, and that list is then used to generate the exports.c file.
[Sander van Zoest <sander covalent.net>]
*) Added lib/aputil/ as a placeholder for utility functions which are not
[Paul Reder <rederpj raleigh.ibm.com>]
rotatelogs.c code, and no longer churn log processes for this
[B. W. Fitzpatrick <fitz red-bean.com>]
hostname resolution/address string parsing and building
[Markus Gyger <mgyger itr.ch>]
*) Mod_info.c has now been ported to Apache 2.0. As a part of this
[Ryan Morgan <rmorgan covalent.net>]
[Branko Čibej <brane xbc.nu>]
[Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
*) APR read/write functions and bucket read functions now operate
code in mod_log_config.c
*) In the Apache/Win32 console window, accept Ctrl+C to stop the
since we don't compute digests of filtered (e.g., translated)
*) Update the mime.types file to the registered media types as
*) Namespace protect some macros declared in ap_config.h
[Tomas Ögren <stric ing.umu.se>]
[Cliff Woolley <cliffwoolley yahoo.com>]
*) Add support for /, //, //servername and //server/sharename
*) Fix another bug in the send_the_file() read/write loop. A partial
*) Reimplement core_output_filter to buffer/save bucket brigades
[Mike Abbott <mja sgi.com>]
*) send_the_file now falls back to a read/write loop on platforms that
*) APR now has UUID generation/formatting/parsing support.
-add rules for cross-compiling in rules.mk. Okay, rule to check for
-add missing "AR=@AR@" to severaly Makefile.in's
[Rüdiger Kuhlmann <Tadu gmx.de>]
[Rüdiger Kuhlmann <Tadu gmx.de>]
*) Fix building on BSD/OS using its native make. The build system
hook in http_core.c. This removes the need to add the filter in
*) SECURITY: CVE-2000-0913 (cve.mitre.org)
update allows the user to clear or preserve pw/groups/comment.
<IfModule mod_kilroy.c>
<IfModule mod_lovejoy.c>
*) Fix some compile warnings in mod_mmap_static.c
[Mike Abbott <mja sgi.com>]
*) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
[Mike Abbott <mja sgi.com>]
*) Fix compile break on some platforms for mod_mime_magic.c
[John K. Sterling <sterling covalent.net>]
PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
platforms to hints.m4, which contains (or should contain)
*) Add tables with non-string/binary values to APR.
[Rob Simonson <simo us.ibm.com>]
configuration file started with an IfModule/IfDefine container,
[Gregory Nicholls <gnicholls level8.com>]
[Gregory Nicholls <gnicholls level8.com>]
code was being returned. [Gregory Nicholls <gnicholls level8.com>]
not terminated with cr/lf sequences in Win32. [William Rowe]
*) Move all strings functions in APR to src/lib/apr/strings and create
apr_strings.h for the prototypes. [Ryan Bloom]
*) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
*) Update the lib/expat-lite/ library (bring forward changes from
[Dave Hill <ddhill zk3.dec.com>]
timeouts (i.e, if a timeout was specified, the pipe reverted to
3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
[Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
*) SECURITY: CVE-2000-1204 (cve.mitre.org)
and a user makes a request like http://www.example.com//cgi-bin/cgi
as reported in <news:960999105.344321 ernani.logica.co.uk>
*) Yet another update to saferead/halfduplex stuff -- need to ensure
to the configured User/Group (like other httpd processes)
if the len was negative. Use <sys/un.h> for struct sockaddr_un
doesn't seem to have a problem but /bin/sh on Solaris does.
ContentDigest enabled and we can't/don't mmap the file.
related bugs, and changed shmem/locking to use apr API. Shared-mem
would be errors generating ap_config_auto.h later in the configure
*) Organize http_main.c as independent code, such that no code or
[William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
[Ask Bjoern Hansen <ask valueclick.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
in 1.3's ebcdic.c. [Jeff Trawick]
buffer if the implementation knows how to use it (i.e., if L_tmpnam
*) Configure creates config.nice now containing your configure
options. Syntax: ./config.nice [--more-options]
*) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
[Tim Costello <timcostello ozemail.com.au>]
[Chia-liang Kao <clkao CirX.ORG>]
*) The ab program in the src/support directory is now portable using
*) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
Apache.dsw created to bring together all the pieces. Create new file
os/win32/BaseAddr.ref to define module base addresses (to prevent
*) More FAQs and answers from comp.infosystems.www.servers.unix.
[Joshua Slive <slive finance.commerce.ubc.ca>]
in the field. [William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[Brian Martin <bmartin penguincomputing.com>]
fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
we can use ReadFileScatter and WriteFileGather in readwrite.c.
[Allan Edwards <ake raleigh.ibm.com>]
[Brian Martin <bmartin penguincomputing.com>]
fixes to mod_so.c.
[Joshua Slive <slive finance.commerce.ubc.ca>]
[Jon Travis <jtravis covalent.net>]
[Paul Reder <rederpj raleigh.ibm.com>]
[Allan Edwards <ake raleigh.ibm.com>]
[William Rowe <wrowe lnd.com>]
[William Rowe <wrowe lnd.com>]
Makefile.win includes the same user interface as the old
[William Rowe <wrowe lnd.com>] PR#3715
[Allen Prescott <allen clanprescott.com>]
[Jeff Trawick <trawick us.ibm.com>]
*) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
it does this on a line by line basis; i.e. if the envvar
ErrorDocument XXX /local/uri
ErrorDocument XXX http://valid/url
*) Changed 'CacheNegotiatedDocs' from its present/not-present
done with --with-module=/path/to/module. Modules can only be added
[Jeff Trawick <trawick us.ibm.com>]
*) Enable Apache to use sendfile/TransmitFile API
*) Make file I/O and network I/O writev/sendv APIs consistent.
bytes_read/bytes_written is always valid (never -1). Plus
some fixes to buff.c to correct problems introduced by the
*) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
[Paul Reder <rederpj raleigh.ibm.com>]
[John Zedlewski <zedlwski Princeton.EDU>]
*) buff.c has been converted to no longer use errno.
[Dilip Khandekar <dilip cup.hp.com>]
automatically for developers from src/Configure.
*) Fixed building of src/support/htpasswd.c
*) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
*) Support line-continuation feature in config.option file and
*) Implement WINNT Win32 MPM from original Win32 code in http_main.c
(per default used the config.option file).
*) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
calling order to be specified on a per-hook/per-module basis.
*) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
*) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
of alloc.c for now. [Dean Gaudet]
based on IP/port. [Ben Laurie]
["Michael H. Voase" <mvoase midcoast.com.au>]
*) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
docs/initial_blurb.txt. [Dean Gaudet]
[James Morris <jmorris intercode.com.au>]
an absolute path to the ./libexec directory where the libhttp.ep file
routines are now called ap_base64* and are 'plain' (i.e., no
pool access or anything clever). Inside util.c the routines acting
*) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch]
src/support/httpd.exp. [Bill Stoddard, Randy Terbush]
*) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
[Tom Vaughan <tvaughan aventail.com>, Roy Fielding]
*) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
[Ian Turner <iant sequent.com>] PR#4735
*) Local struct mmap in http_core.c conflicted with system structure
*) Added updated mod_digest as modules/experimental/mod_auth_digest.
[Ronald Tschalär <ronald innovation.ch>]
up across restarts. [David Harris <dharris drh.net>]
*) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
["Paul J. Reder" <rederpj raleigh.ibm.com>] PR#4770
*) RewriteLock/RewriteMap didn't work properly with virtual hosts.
[Dmitry Khrustalev <dima bog.msu.su>] PR#3874
*) PORT: Support for compaq/tandem/com.
Netscape servers. See support/SHA1 for more information.
Caused the separation of ap_md5.c into md5, sha1 and a general
ap_checkpass.c with just a validate_passwd routine. Added a
couple of flags to support/htpasswd. Some reuse of the to64()
[Dirk-Willem van Gulik, Clinton Wong <clintdw netcom.com>]
with ASCII/EBCDIC conversions in "ident" query.
[David McCreedy <McCreedy us.ibm.com>]
are combined, and duplicate tokens (e.g., "Vary: host, host" or
*) Portability changes for BeOS. [David Reid <abb37 dial.pipex.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
[Roy Fielding, Joe Orton <jeo101 york.ac.uk>] PR#4499, PR#3806
install the DSO; useful for editing httpd.conf with apxs. Fix
create duplicate LoadModule/AddModule entries; apxs can now be
used to re- enable/disable a module. [Wilfredo Sanchez]
Win 95 users may need to update their TCP/IP stack to pick up
Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
[Bill Stoddard <stoddard raleigh.ibm.com>]
error.log when CGI scripts fail. This makes Apache on Win32
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
*) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
[Randy Terbush <randy covalent.net>]
*) Add the new mass-vhost module (mod_vhost_alias.c) developed and
used by Demon Internet, Ltd. [Tony Finch <fanf demon.net>]
[Rasmus Lerdorf <rasmus raleigh.ibm.com>]
[Bill Stoddard <stoddard raleigh.ibm.com>]
parent/child process management code.
[Bill Stoddard <stoddard raleigh.ibm.com>]
[John Giannandrea <jg meer.net>] PR#4122
*) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which
has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
[Henri Gomez <gomez slib.fr>, Ralf S. Engelschall]
*) Determine AP_BYTE_ORDER for ap_config_auto.h and already
content-types are "text/html;parameters". PR#4524 [Ken Coar]
*void. When the OS/platform/compiler supports quads, ap_snprintf()
[Aidan Cully <aidan panix.com>] PR#4456
*) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
library. [Jens-Uwe Mager <jum helios.de>, Ralf S. Engelschall]
(e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
[Ralf S. Engelschall, Rex Dieter <rdieter math.unl.edu>] PR#3997
[Jan Gallo <gallo pvt.sk>] PR#3690, PR#4373
*) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
[Todd Vierling <tv pobox.com>] PR#4310
[Petr Lampa <lampa fee.vutbr.cz>] PR#4366, 679
[Raymond S Brand <rsbx rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
the struct stat. [Ed Korthof <ed bitmechanic.com>]
[Salvador Ortiz Garcia <sog msg.com.mx>]
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2579
*) mod_include's fsize/flastmod should allow only relative paths, just
like "include file". [Jaroslav Benkovsky <benkovsk pha.pvt.cz>]
*) Add iconsdir, htdocsdir, and cgidir to config.layout.
*) Fix minor but annoying bug with the test for Configuration.tmpl
in unix/os.c, and don't install the dyld error handlers, which
*) Add functionality to the install-bindist.sh script created by
binbuild.sh to use tar when copying distribution files to the
install-bindist.sh now detects the local perl5 path to install
[Randy Terbush, Covalent Technologies, <randy covalent.net>]
src/modules/proxy_util.c where a NULL filepointer and
[Graham Leggett <minfrin sharp.fm>,
Tim Costello <tjcostel socs.uts.edu.au>] PR#3178
[Graham Leggett <minfrin sharp.fm>]
have assurance about how string manipulators (e.g., tr) will
[Ken Coar, Dmitry Khrustalev <dima zippy.machaon.ru>] PR#4118
[Raymond S Brand <rsbx rsbx.net>]
[Raymond S Brand <rsbx rsbx.net>] PR#4248
*) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
<rsbx rsbx.net>]
[Yitzchak Scott-Thoennes <sthoenna efn.org>, Ralf S. Engelschall] PR#4269
[Joe Moenich <moenich us.ibm.com>]
*) Fix number of bytes copied by read_connection() in src/support/ab.c
[Jim Cox <jc superlink.net>] PR#4271
[Bob Finch <bob nas.com>]
[Paul Sutton <paul awe.com>]
*) Make sure RewriteLock can be used only in the global context, (i.e.
<mariav icgeb.trieste.it>] PR#4260
uncompress/gzip, but those tools sometimes do not produce
[Marcin Cieslak <saper system.pl>] PR#4097
line. [<inkling firstnethou.com>] PR#3770
redirects. [Jose KAHAN <kahan w3.org>] PR#3910, 3806, 3575
[Jacques Distler <distler golem.ph.utexas.edu>] PR#4130
*) PORT: deal with UTS compiler error in http_protocol.c
[Dave Dykstra <dwd bell-labs.com>] PR#4189
*) Add ap_vrprintf() function. [John Tobey <jtobey banta-im.com>] PR#4246
by "Peter 'Luna' Altberg <peter altberg.nu>" and PR#3422
[Peter 'Luna' Altberg <peter altberg.nu>, Ronald Tschalär]
binary (e.g., image file) in the first place.
[David McCreedy <mccreedy us.ibm.com>]
*) support/htpasswd now permits the password to be specified on the
apache -n apache1 -i -f c:/httpd.conf
Installs apache as service 'apache1' and associates c:/httpd.conf
Installs apache as service 'apache2'. httpd.conf is located under
the default server root (/apache/conf/httpd.conf).
apache -n apache3 -i -d c:/program files/apache
c:/program files/apache.
*) Correct the signed/unsigned character handling for the MD5 routines;
*) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
*) proxy ftp: instead of using the hardwired string "text/plain" as
<Directory proxy:ftp://some.host>
DefaultType gargle/blurb
*) Be more smart in APACI's configure script when determining the UID/GID
the number of fork()s from one/request to just the odd one an hour.
*) Added proxy, auth and header support to src/support/ab.c. Added a
README file to src/support/
*) Fix sed-substitutions in `make install': path elements like `httpd/conf'
(for instance from an APACI configure --sysconfdir=/etc/httpd/conf
*) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
[Ronald Tschalär <ronald innovation.ch>] PR#3411
the reboot prompt (which is only given if MSVCRT.DLL system
*) WIN32: Apache.exe now contains an icon. [Paul Sutton]
*) Using APACI, the main config file (usually httpd.conf) was
<wsanchez apple.com>]
[Ryan Bloom <rbb raleigh.ibm.com>]
[Dean Gaudet, Jeff Lewis <lewis stanford.edu>] PR#3872
*) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
DSO/DLL section because it's a directive from mod_status and isn't
[Martin POESCHL <mpoeschl gmx.net>] PR#3936
option more clear. [Jan Wolter <janc wwnet.net>] PR#3995
[John Tobey <jtobey banta-im.com>] PR#3983
against libap.a and use its ap_snprintf() instead of sprintf() to avoid
*) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
*) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
[Michael van Elst <mlelstv serpens.swb.de>, Lars Eilebrecht] PR#3160
*) Use proper pid_t type for saving PIDs in alloc.c. [John Bley]
%v). Useful for mass vhosting. [Tony Finch <dot dotat.at>]
more reliable logs with multiline entries. [Tony Finch <dot dotat.at>]
*) Fixed a few compiler nits. [John Bley <jbb6 acpub.duke.edu>]
in http_core.c. [John Bley, Roy Fielding]
calls. [John Bley <jbb6 acpub.duke.edu>, Jim Jagielski]
[Brian Havard <brianh kheldar.apana.org.au>]
[Joshua Slive <slive finance.commerce.ubc.ca>] PR#2497
*) src/support/: The ApacheBench benchmark program was overhauled by
[David N. Welton <davidw prosa.it>]
*) Added -S option to install.sh so that options can be passed to
the test case of no modules being selected. [<chaz reliant.com>]
is *not* given in the argument list; i.e., the logical negation
*) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
to util.c for parsing an HTTP header field value to extract the next
code different from 500. This allows the proxy to, e.g., return
and no Accept-Language. [James Treacy <treacy debian.org>] PR#3299, 3688
as "com.name" to be served. [Paul Sutton] PR#3769.
make subtasking easier on the OSD/POSIX mainframe environment.
*) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
[Ryan Bloom <rbb Raleigh.IBM.Com>]
impossible to exploit.) [Rick Perry <perry ece.vill.edu>]
*) Let src/Configure be aware of CFLAGS options starting with plus
signs as it's the case for the HP/UX compiler.
[Doug Yatcilla <yatcilda umdnj.edu>] PR#3681
and this makes its functions available to things in src/support.
*) WIN32: Created new makefiles Makefile_win32.txt (normal build)
and Makefile_win32_debug.txt (debug build) that work on Win95.
nmake /f Makefile_win32.txt # compiles normal build
nmake /f Makefile_win32.txt install # compiles and installs
nmake /f Makefile_win32.txt clean # removes compiled junk
nmake /f Makefile_win32_debug.txt # compiles debug build
nmake /f Makefile_win32_debug.txt install
nmake /f Makefile_win32_debug.txt clean
for FreeBSD 3.0). [Todd Vierling <tv pobox.com>] PR#2462
*) Small fix for mod_env.html: The module was documented as to be _not_
Apache per default. [Sim Harbert <sim mindspring.com>] PR#3572
*) Instead of fixing a bug in the generation procedure for config.status (a
making sure the src/support/ tools are _forced_ to be build last (they
*) Fix installation procedure: Now that os-inline.c is actually used (a
recently fixed bug prevented this) we need to also install os-include.c
`escape' and `unescape' were added which can be used to escape/unescape
to/from hex-encodings in URLs parts (this is especially useful in
*) Major overhaul of mod_negotiation.c, part 2.
- added ap_array_pstrcat() to alloc.c for efficient concatenation
*) Major overhaul of mod_negotiation.c, part 1.
revision (draft-ietf-http-v11-spec-rev-06.txt).
e.g. no feature negotiation). Removed old experimental version.
negotiation results are consistent across backup/restores and mirrors
*) RFC2396 allows the syntax http://host:/path (with no port number)
[David Kristol <dmk bell-labs.com>] PR#3530
*) When modules update/modify the file name in the configfile_t structure,
[Fabien Coelho <coelho cri.ensmp.fr>] PR#3573
CASE_BLIND_FILESYSTEM. [Brian Havard <brianh kheldar.apana.org.au>]
*) The hashbang emulation code in ap_execve.c would interpret
#!/hashbang/scripts correctly, but failed to fall back to a
*) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg lentil.org>]
and another was incorrect. [Mark Anderson <mda discerning.com>] PR#3553
wasn't defined. [Rick Franchuk <rickf transpect.net>]
o fixed auto-suffix handling now that config.layout exists.
config.layout and every path now can be marked this way (not only the
SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
of ap_config.h to allow serialized accept for multiport listens.
*) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
of ap_config.h that would skip several defines if DEFAULT_GROUP
strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
*) Fix ordering of definitions in ap_config.h so that ap_inline is
[Tom Serkowski <tks bsdi.com>] PR#3453
*) Make generation of src/Configuration.apaci more robust: It failed to
another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
*) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
[Ralf S. Engelschall, Wilfredo Sanchez <wsanchez apple.com>]
[Paul Ausbeck <paula alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
*) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
IS to the compiler/linker command. [Ralf S. Engelschall]
config.layout. Custom layouts are possible by using FILE:ID as the
The config.layout file consists of <Layout ID>..</Layout> sections
extension (e.g., .fr, .de) can be labelled as being some other
*) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
rather than OPT_INCLUDES [Rainer Schoepf <schoepf uni-mainz.de>]
[Ronald Tschalär <ronald innovation.ch>] PR#3409
[Martin Plechsmid <plechsmi karlin.mff.cuni.cz>] PR#1987
[Andrew Pimlott <pimlott math.harvard.edu>] PR#3340
[David MacKenzie <djm uu.net>] PR#3394
*) Updated mime.types to reflect current Internet media types
Improved mod_actions.c so that it can use any of the methods
defined in httpd.h. Added ap_method_number_of(method) for
*) PORT: Add a port to the TPF OS. [Joe Moenich <moenich us.ibm.com> and
*) Fix problems with handling of UNC names (e.g., \\host\path)
on Win32. [Ken Parzygnat <kparz us.ibm.com>]
robust, and works. [Ken Parzygnat <kparz us.ibm.com>]
[Manoj Kasichainula, Ken Parzygnat <kparz us.ibm.com>]
*) Move a typedef to fix compile problems on Linux with 1.x kernels.
*) http_config.c would respond with 501 (Method Not Implemented) if a
should have been a 500 response. Likewise, mod_proxy.c would responsd
on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
mod_foo with the begin of the module list, i.e. it `moves' the module to
which permutes mod_foo with the end of the module list, i.e. it `moves'
synchronisation (Win32). [Ken Parzygnat <kparz raleigh.ibm.com>]
on container start lines (e.g., it wouldn't spot
"<Directory /" as a syntax error). [Ryan Bloom <rbbloom us.ibm.com>]
[Ryan Bloom <rbbloom us.ibm.com>] PR#1799.
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2078, 2303.
[Ivan Richwalski <ivan seppuku.net>] PR#3249
*) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
parameter. [Ron Klatchko <ron ckm.ucsf.edu>] PR#3171
[Ralf S. Engelschall, Ron Record <rr sco.com>]
httpd.conf-dist* files. The srm and access files now contain
only comments, and httpd.conf has all the combined contents in
*) PORT: DSO/ELF support for FreeBSD 3.0.
[Ralf S. Engelschall, Dirk Froemberg <ibex physik.TU-Berlin.DE>]
do this. [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
[Wilfredo Sanchez <wsanchez apple.com>]
of "-". [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>, Marc Slemko]
*) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker jetair.be>]
[M. Laak <maert proinv.ee>] PR#3108
[Dave Dykstra <dwd bell-labs.com>] PR#3055
but not tabs). [James Morris <jmorris intercode.com.au>,
[James Grinter <jrg blodwen.demon.co.uk>] PR#3111
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3095
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3096
*) Fix http://localhost/ hints in top-level INSTALL document.
[Rob Jenson <robjen spotch.com>, Ralf S. Engelschall] PR#3088
[Wilfredo Sanchez <wsanchez apple.com>]
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2884, 2910
<kparz raleigh.ibm.com>] PR#3001
[Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074
ap_config.h. [Brian Havard]
*) PORT: Add Pyramid DC/OSx support to configuration mechanism.
[Earle Ake <akee wpdiss1.wpafb.af.mil>]
*) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
[Dave Dykstra <dwd bell-labs.com>] PR#3054
*) Correct comment in mod_log_config.c about its internals.
[Elf Sternberg <elf halcyon.com>]
handle the creation of modules.c [Jim Jagielski]
and to avoid problems under platforms where only version 2.x is present.
[Dan Jacobowitz <drow false.org>, Ralf S. Engelschall]
[Bill Stoddard <stoddard raleigh.ibm.com>]
*) Remove redundant substitutions in top-level Makefile.tmpl.
platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
the possibility to override it manually via APACI or src/Configuration.
existance of the file under /usr/include, too.
[Wilfredo Sanchez <wsanchez apple.com>]
[Charles Randall <crandall matchlogic.com>] PR#2947
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2991
[Karl Berry <karl gnu.org>] PR#2994
[Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2992
*) Fix possible buffer overflow situation in suexec.c.
[Jeff Stewart <jws purdue.edu>] PR#2790
[Ronald Record <rr sco.com>] PR#2533
*) Fix documentation of ProxyPass/ProxyPassReverse according to the
trailing slash problem. [Jon Drukman <jsd gamespot.com>] PR#2933
[Marc Slemko, Paul Phillips <paulp go2net.com>]
SCO OpenServer. [David Coelho <drc ppt.com>]
in /home/user, not in /, therefore clicking on "../" in the
dump core for replies with invalid headers (e.g., duplicate
plop gmon.out profile data for each child [Doug MacEachern]
config.status script to be immune against arguments with whitespaces.
[Yves Arrouye <yves apple.com>] PR#2866
script `buildinfo.sh' which is both more flexible and already proofed to
*) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
*) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
[Youichirou Koga <y-koga jp.FreeBSD.ORG>] PR#2895
[Kurt Sussman <kls best.com>] PR#2871
*) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
variables in one RewriteRule and had to patch mod_rewrite.h for every
*) Make sure the config.status file is not overridden when just
See include/ap_mmn.h for more details. [Randy Terbush]
*) SECURITY: CVE-1999-1199 (cve.mitre.org)
*) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
directory was renamed to src/os/os2/ for consistency.
linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is
*) Add correct `model' MIME types from RFC2077 to mime.types file.
*) Fixed examples in mod_rewrite.html document.
[Youichirou Koga <y-koga jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
[MATSUURA Takanori <t-matsuu protein.osaka-u.ac.jp>]
programs under Win32. [Marco De Michele <mdemichele tin.it>] PR#2483
*) Update the mod_rewrite.html document to correctly reflect the situation
Makefile.tmpl: The umask+cp approach didn't work as expected (especially
*) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
src/helper/mkdir.sh script. [Ralf S. Engelschall]
`search' entries in /etc/resolv.conf.
INSTALL file because a lot of users don't read htdocs/manual/dso.html
(compilers complained) and the .so.V.R.P filename extension was adjusted
[Manoj Kasichainula <manojk raleigh.ibm.com>] PR#2355
*) Disable the incorrect entry for application/msword in the
*) Fix broken RANLIB handling in src/Configure (the entry from
src/Configuration.tmpl was ignored) and additionally force RANLIB to
[Steve VanDevender <stevev darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
*) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
TestCompile) instead of defining them manually in conf.h based on less
OS-type and/or OS-version identifiers to discover whether a system header
[Glen Parker <glenebob nwlink.com>] PR#2277
required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
[Anna Shergold <anna inext.co.uk>]
[John Van Essen <jve gamers.org>] PR#2529
*) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
[Ronald Record <rr sco.com>] PR#2533
[Charles Levert <charles comm.polymtl.ca>] PR#2551
[Vadim Kostoglodoff <vadim olly.ru>] PR#2463
*) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
[Ben Laurie, Bill Stoddard <wgstodda us.ibm.com>] PR#2274
*) PORT: remove broken test for MAP_FILE in http_main.c.
[Wilfredo Sanchez <wsanchez apple.com>]
*) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
but case-insensitive platforms). New #define for this added to conf.h
*) Enable DSO support for OpenBSD in general, not only for 2.x, because it
also works for OpenBSD 1.x. [Ralf S. Engelschall]
[Sam Kington <sam illuminated.co.uk>] PR#2443
reponse. [Ralf S. Engelschall, Charles Fu <ccwf bacchus.com>]
output of Awk. [Bill Houle <bhoule sandiegoca.ncr.com>] PR#2435
of a config.status script (as GNU Autoconf does) which remembers the used
*) Correct initialization of variable `allowed_globals' in http_main.c
[Justin Bradford <justin ukans.edu>] PR#2400
multipart/x-mixed-replace;boundary=ThisRandomString.
[Sean Boudreau <seanb qnx.com>] PR#2390
modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
[David MacKenzie <djm va.pubnix.com>] PR#2384
main server. [Christof Damian <damian mediaconsult.com>] PR#2090
[Klaus Weber <kweber chephren.germany.ncr.com>] PR#1973
<Directory /> section of the default access.conf-dist
[Dave Dykstra <dwd bell-labs.com>] PR#2320
*) Fix symbol export list (src/support/httpd.exp) after recent
[Jens-Uwe Mager <jum helios.de>]
solved by another helper script findprg.sh which searches for Perl and
*) Remove the system() call from htpasswd.c, which eliminates a system
[Rex Dieter <rdieter math.unl.edu>] PR#2293, 2316
O_NDELAY on various systems. [Dave Dykstra <dwd bell-labs.com>] PR#2313
*) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
*) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
[Dave Dykstra <dwd bell-labs.com>, Ralf S. Engelschall] PR#2319
configure and src/Configure depend on this.
*) Changes usage of perror/fprintf to stderr to more proper ap_log_error
*) Various OS/2 cleanups ["Brian Havard" <brianh kheldar.apana.org.au>]
*) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
[Rob Saccoccio <robs InfiniteTechnology.com>] PR#2295, 2296
[W G Stoddard <wgstodda us.ibm.com>]
[W G Stoddard <wgstodda us.ibm.com>] PR#2294
spawn_child was obsoleted and moved to compat.h
memory. [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2252
*) Fix src/support/httpd.exp (DSO export file which is currently only
``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
*) Fix discrepancy in proxy_ftp.c which was causing failures when
[Rick Ohnemus <rick ecompcon.com>]
*) Improve RFC1413 support. [Bob Beck <beck bofh.ucs.ualberta.ca>]
[Ben Laurie and Bill Stoddard <wgstodda us.ibm.com>] PR#1129, 1607
[Ernst Kloppenburg <kloppen isr.uni-stuttgart.de>] PR#2094
*) Support for the NCR MP/RAS 3.0
[John Withers <withers semi.kcsc.mwr.irs.gov>]
*) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
not retrieved in src/Configure and thus was not useable.
- SUBDIRS is now generated in src/Makefile only and not in
Makefile.config because it is a local define for this location.
- update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
- replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
- replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
of xxx.lo as GNU libtool does with its PIC objects
- reduce local complexity in modules Makefile.tmpl by moving the last
*) WIN32: Make Win32 work again after the /dev/null DoS fix.
*) When opening "configuration" files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
necessary. Long-term fix is to either serialize the chdir/spawn combo
htdocs/manual/suexec.html document before using the suexec-related
and htdocs/manual/suexec.html documents.
UID/GID and safe PATH, too.
- overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
*) Add a note to httpd.conf-dist that apache will on some systems fail
and not the original statically list from modules.c
confusion with the next point and reduces the Makefile.tmpl complexity
6. The modules.c generation was extended to now contain two
of loading/linking (we use load=link+load & link=activate instead of
*) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
*) Add a comment to mod_example.c showing the format of a FLAG command
places in the code (e.g. DATE_GMT). PR#1551
zone information in their tm struct. [Paul Eggert <eggert twinsun.com>]
*) get/set_module_config are trivial enough to be better off inline. Worth
*) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
*) Fix debug log messages for BS2000/OSD: instead of logging the whole
[Michael Anderson's <mka redes.int.com.mx>]
*) Make sure the referer_log and agent_log entries in the default httpd.conf
*) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
from mod_so.c to Configure because first it needs $PLAT etc. and second
[Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165
[Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158
AIX variants should work fine, too. Even AIX 3.x should work). This is
which we put into a os/unix/os-dso-aix.c file.
*) Fix two bugs in select() handling in http_main.c.
side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
"make root=/tmp/apache install" for rolling the package without bristling
*) Workaround braindead AWK's when generating ap_config.h: The split() and
*) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
*) Make sure that "make install" doesn't overwrite the `mime.types' and
*) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
variables) to avoid side-effects in "src/Configure" when the user
*) Provide backward compatibility from some old src/Configuration.tmpl
*) NeXT required strdup() in support/logresolve.c
[Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082
*) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>]
ap_snprintf, and ap_psprintf). See include/ap.h for docs.
*) Because /usr/local/apache is the default prefix the ``configure
to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
*) PORT: Make sure some AWK's don't fail in src/Configure with "string too
long" errors when generating the MODULES entry for src/Makefile
*) Make sure src/Configure doesn't complain about the old directory
/usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
*) Adding DSO support for the HP/UX platform by emulating the dlopen-style
interface via the similar but proprietary HP/UX shl_xxx-style system
APACI Makefile.tmpl "install" target more robust for sensible UnixWare
- Apache provided general functions (e.g., ap_cpystrn)
- Public API functions (e.g., palloc, bgets)
cross-object usage) but should be (e.g., new_connection)
For backward source compatibility a new header file named compat.h was
dummy.so file (containing dummy references to all global symbols) the
Placing the Apache core code itself into a DSO library named libhttpd.so.
where we perhaps exploit this libhttpd.so mechanism for providing nifty
inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
[Todd Eigenschink <eigenstr mixi.net>] PR#2045
to the mak/dsp files. [Alexei Kosut]
*) Add documentation file and src/Configuration.tmpl entry for the
*) Now src/Configure uses a fallback strategy for the shared object support
and installation of the support tools from the src/support/ area.
dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
Apache C header files (PREFIX/include) and the new APXS tool
(SBINDIR/apxs). The intend is to provide a handy tool for third-party
modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
*) Modify the log directives in httpd.conf-dist files to use CustomLog
script and a corresponding top-level "Makefile.tmpl" file. The goal is
the old src/Configure stuff in batch and additionally installs the
routines. Use this to replace http_bprintf.c. Add new routines
is necessary on at least Solaris where the /etc/rc?.d scripts
[Rein Tollevik <reint sys.sol.no>] PR#2009
[Rein Tollevik <reint sys.sol.no>] PR#2010
[Jürgen Keil <jk tools.de>] PR#2000
http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
[Tim Costello <tjcostel socs.uts.edu.au>] PR#1890
the mod_proxy.html and corrected the hyperlink to it in the
new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
*) Fix a bug in the src/helpers/fp2rp script and make it a little bit
*) Add the new ApacheBench program "ab" to src/support/: This is derived
*) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
*) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
*) util.c cleanup and speedup. [Dean Gaudet]
[Dmitry Khrustalev <dima bog.msu.su>]
TZ variable. [Jay Soffian <jay cimedia.com>] PR#1888
[Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900
[Tony Finch <fanf demon.net>] PR#1925
modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
*) The Configure script now generates src/include/ap_config.h which
[Joel Truher <truher wired.com>]
"http://host" url is treated as if a similar "Host:" header had been
supplied. This change was made to support future HTTP/1.x protocols
*) API: Cleanup of code in http_vhost.c, and remove vhost matching
[Chia-liang Kao <clkao cirx.org>] PR#1531
[Konstantin Morshnev <moko design.ru>] PR#1771
address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885
*) API: A new source module main/util_uri.c; It contains a routine
user; /* user name, as in http://user:passwd@host:port/ */
password; /* password, as in http://user:passwd@host:port/ */
a username can contain when trying to expand it via /etc/passwd.
Jay Soffian <jay cimedia.com>] PR#1631
*) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
<luomat peak.org>]
<ache nagual.pp.ru> and Jim] PR#1450
Alvaro Martinez Echevarria <alvaro lander.es>]
[Charles Fu <ccwf klab.caltech.edu>] PR#1847
directive. [Enrik Berkhan <enrik inka.de>] PR#1816
[Lauri Jesmin <jesmin ut.ee>] PR#1701
*) Source file dependencies in Makefile.tmpl files throughout the
htdocs/manual/known_client_problems.html are in the default
(like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
[Michael Douglass <mikedoug texas.net>, Dean Gaudet]
header files are in the src/include directory. The -Imain -Iap
and mod_rewrite) have not been moved to src/include; nor have
calls that use too small an initial guess, see alloc.c.
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
because the key/value is a constant, or the value has been built
Note that it is easy to get code subtly wrong if you pass a key/value
safe thing to do is to pass key/values which are in the pool of
i.e. if the table is part of a subrequest, a value from the main
usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
[Dmitry Khrustalev <dima bog.msu.su>, Dean Gaudet]
[Martin Kraemer, with code from Peter Wemm <peter zeus.dialix.oz.au>
*) API: "typedef array_header table" removed from alloc.h, folks should
HAVE_MMAP/SHMGET #defines strictly are informational that the
Unixware 1.x appears to have the same SIGHUP bug as solaris does with
[Tom Hughes <thh cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
*) PORT: A/UX can handle single-listen accepts without mutex
[Paul Eggert <eggert twinsun.com>] PR#1343
*) suexec errors now include the errno/description. [Marc Slemko] PR#1543
[Keith Severson <keith sssd.navy.mil>] PR#1613
[Keith Severson <keith sssd.navy.mil>] PR#1614
*) Some const declarations in mod_imap.c that were added for debugging
*) The src/main/*.h header files have had #ifndef wrappers added to
multiple paths (e.g., in .c files as well as other .h files).
src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
but before the header file contents. [John Van Essen <jve gamers.org>]
set with SetEnv/BrowserMatch and similar directives.
was found. Noticed by <robinton amtrash.comlink.de> (Soeren Ziehe)
[Soeren Ziehe <robinton amtrash.comlink.de>, Martin Kraemer]
(the Siemens BS2000/OSD family) in the POSIX subsystem
Located in libap.a. [Jim Jagielski]
[Stephen Scheck <sscheck infonex.net>, Ben Laurie] PR#1604
alloc.c (affects win32 only). [Ben Hyde]
[Ben Reser <breser regnow.com>] PR#1366
[Gregory A Lundberg <lundberg vr.net>]
server itself (like the src/support tools). [Ken Coar]
[Igor Tatarinov <tatarino prairie.NoDak.edu>]
It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
[<malcolm mgdev.demon.co.uk>] PR#1378
set errno. [Igor Tatarinov <tatarino prairie.NoDak.edu>]
*) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti net4all.be>] PR#1523
[Frank Faubert <frank sane.com>]
can be used by items in src/support among other things.
(e.g., <Directory>) where they're invalid. [Martin Kraemer]
for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
read the file. [Ben Hyde <bhyde gensym.com>]
the display. [Ken Coar, suggested by Brian Tiemann <btman pacific.net>]
*) PORT: Update the LynxOS port. [Marius Groeger <mag sysgo.de>]
[David Chambers <davidc flosun.salk.edu>] PR#1294
[M.D.Parker] PR#1352
*) Inherit a bugfix to fnmatch.c from FreeBSD sources.
[Андрей Чернов <ache nagual.pp.ru>] PR#1311
sources as Unix now. [Brian Havard <brianh kheldar.apana.org.au>]
[Paul Eggert <eggert twinsun.com>] PR#1342
*) A mild SIGTERM/SIGALRM race condition was eliminated.
*) Warn user that default path has changed if /usr/local/etc/httpd
*) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
[David Schuler <schuld btv.ibm.com>] PR#1317
Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
*) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
[John Line <jml4 cam.ac.uk>] PR#1321
*) Default pathname has been changed everywhere to /usr/local/apache
[Sameer <sameer c2.net>]
[David Bronder <David-Bronder uiowa.edu>] PR#849
[David Schuler <schuld btv.ibm.com>] PR#1267
[Philippe Vanhaesendonck <pvanhaes be.oracle.com>,
Omar Del Rio <al112263 academ01.lag.itesm.mx>] PR#482, 1246
[Chris Craft <ccraft cncc.cc.co.us>] PR#977
*) PORT: UnixWare 2.x requires -lgen for syslog.
[Hans Snijder <hs meganet.nl>] PR#1249
["Pavel Yakovlev (Paul McHacker)" <hac tomcat.olly.ru>]
*) New support tool: src/support/split-logfile, a sample Perl script which
*) Makefile.tmpl was not using $CFLAGS in the link phase.
*) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
Purify. See main/alloc.c for more details. [Dean Gaudet]
be used for whatever reason is appropriate (i.e. format() warnings
gcc >= 2.7.x (so that we have fewer support issues with older
Also removed the auto-generated link to www.apache.org that was the
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107, 987, 588
*) Fixed error in proxy_util.c when looping through multiple host IP
buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
*) API: New register_other_child() API (see http_main.h) which allows
*) API: New piped_log API (see http_log.h) which implements piped logs,
Some things (like RewriteMaps) were checked/performed even if they
*) Removal of mod_auth_msql.c from the distribution. There are many
http://modules.apache.org/ It would be nice to offer a generic
Makefile on the fly based on Makefile.tmpl and Configuration.
Encore's UMAX V: Arieh Markel <amarkel encore.com>
Acorn RISCiX: Stephen Borrill <sborrill xemplar.co.uk>
*) support/httpd_monitor is no longer distributed because the
the headers/contents of the request. It does not run during subrequests
USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
- Linux 2.x uses flock instead of fcntl
- Solaris 2.x uses pthreads
*) PORT: The semantics of accept/select make it very desirable to use
Modules can be dropped into modules/extra, or in their own
modules/standard. All other source code is in main. OS-specific
match "/home/a/andrew/public_html", now it only matches things
[Dean Gaudet, Dave Hankins <dhankins sugarat.net>]
/dev/tty, etc.)
[Jason Venner <jason idiom.com>] PR#667
and cidr syntax (i.e. 10.1.0.0/16). PR#762
Apache would omit the chunk header/footer on the next block. Cleaned
e.g. when max_requests_per_child is reached, etc.
[Alexander L Jones <alex systems-options.co.uk>] PR#732
*) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
[Igor N Kovalenko <infoh mail.wplus.net>] PR#683
setting. The define MAX_SPAWN_RATE can be used to raise/lower
in a language that by default does buffering (e.g. perl) this
*) PORT: Allow for use of n32bit libraries under IRIX 6.x
[derived from patch from Jeff Hayes <jhayes aw.sgi.com>]
*) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
*) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
[Igor N Kovalenko <infoh mail.wplus.net>]
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
rect /url.hrm 10 20 30 40
["Chris O'Byrne" <obyrne iol.ie>] PR#807
["Darren O'Shaughnessy" <darren aaii.oz.au>] PR#846
the output of mod_info. ["Lou D. Langholtz" <ldl usi.utah.edu>]
braindead SunOS 4.1.x, allow env variables to be set even on rules with
i.e. now mod_rewrite no longer has a shared copyright. Instead is is
See http_config.h for more details. [Dean Gaudet]
LoadModule/LoadFile directives. Note that module DLLs must be
Module autoindex_module mod_autoindex.o
*) popendir/pclosedir created to properly protect directory scanning.
["Lou D. Langholtz" <ldl usi.utah.edu>]
command. [Ian Kluft <ikluft cisco.com>]
*) Makefile.nt added - to build all the bits from the command line:
nmake -f Makefile.nt
httpd.h. [Dean Gaudet]
the SFIO library calls sfread/sfwrite if B_SFIO is defined at
work however.) [Alexander Spohr <aspohr netmatic.com>] PR#444
*) Turn off chunked encoding after sending terminating chunk/footer
[Stanley Gambarin <gambarin OpenMarket.com>]
[Ben Laurie and Ambarish Malpani <ambarish valicert.com>]
*) SECURITY: When a client connects to a particular port/addr, and
*) Support virtual hosts with wildcard port and/or multiple ports
properly. [Ed Korthof <ed organic.com>]
and mod_include.c. [Dean Gaudet]
[Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>]
<sscheck infonex.net>, Ben Laurie] PR#1604
cases. [Ben Reser <breser regnow.com>] PR#1366
Also removed the auto-generated link to www.apache.org that was the
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
*) #ifdef wrap a few #defines in httpd.h to make life easier on
*) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
should consider comparing against src/modules/standard/mod_include.c
Michal Zalewski <lcamtuf boss.staszic.waw.pl> for reporting
[Brian Slesinsky <bslesins wired.com>] PR#1139
[Jay Bloodworth <jay pathways.sde.state.sc.us>]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>]
[Rick Franchuk <rickf transpect.net>] PR#1107
minus WIN32/NT stuff, but plus copyright removement.
[Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815
an HTTP/0.9 server. [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#813,814
[Skip Montanaro <skip calendar.com>, Marc Slemko] PR#797
under Solaris 2.x (up through 2.5.1). It has been fixed.
lockfile in any location. It previously defaulted to /usr/tmp/htlock.
*) Add a placeholder in modules/Makefile to avoid errors with certain
*) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
redirect flag, e.g. R=permanent, the permanent status was lost.
[Lawrence Rosenman <ler lerctr.org>] PR#511
*) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim tandem.com>] PR#327
[David DeSimone <fox convex.com>] PR#399
["P. Alejandro Lopez-Valencia" <alejolo ideam.gov.co>] PR#388
*) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
*) PORT: fix problem compiling http_bprintf.c with gcc under SCO
*) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
change submitted by Jozsef Hollosi <hollosi sbcm.com>.
directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value
of DEFAULT_TYPE to match the documented default (text/plain).
*) In mod_proxy.c, check return values for proxy_host2addr() when reading
the connection (e.g., when user presses Stop). Apache will now stop
*) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
htdocs/manual/stopping.html for details on stopping and
*) The default handler now logs invalid methods or URIs (i.e. PUT on an
buffer or write inside buff.c or fread'ing from a CGI's output,
*) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
*) Add UnixWare compile/install instructions. [Chuck Murcko]
*) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
*) More signed/unsigned port fixes. [Dean Gaudet]
*) suexec.c doesn't close the log file, allowing CGIs to continue writing
*) Improved generation of modules/Makefile to be more generic for
*) Fixed overlaying of request/sub-request notes and headers in
when nalloc==0. [Kai Risku <krisku tf.hut.fi> and Roy Fielding]
*) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
- Changed send_dir() to remove user/passwd from displayed URL.
[Marc Slemko, reported by Onno Witvliet <onno tc.hsa.nl>]
select/accept and keep-alive requests, fixed several bugs regarding
[Ben Laurie, reported by <geddis tesserae.com>]
*) Tweak byteserving code (e.g. serving PDF files) to work around
Emit Content-Length header when sending multipart/byteranges.
*) Port to HI-UX/WE2. [Nick Maclaren]
[Mark Bixby <markb cccd.edu>]
regex/regcomp.c since that file also used a NEXT define.
*) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
*) Remove mod_fastcgi.c from the distribution. This module appears
continue to be easily available at http://www.fastcgi.com/
*) Fixed bug in modules/Makefile that wouldn't allow building in more
- execution restricted to UID/GID > 100
*) Replace references to make in Makefile.tmpl with $(MAKE).
*) Add ProxyBlock directive w/IP address caching. Add IP address
[<mgyger itr.ch>, Adrian Filipi-Martin]
[Roy Fielding, after useful PR from <adrian virginia.edu>]
*) Remove requirement for ResourceConfig/AccessConfig if not using
2. initgroups() on Linux 2.0.x clobbers gr->grid.
*) Reset timeout while reading via get_client_block() in mod_cgi.c
*) Add the ability to pass different Makefile.tmpl files to Configure
*) proxy_http.c bugfixes: [Chuck Murcko]
1) fixes possible NULL pointer reference w/NoCache
*) mod_include.c bugfixes:
3) Patch to fix compiler warnings [<perrot lal.in2p3.fr>]
[Ben Yoshino <ben wiliki.eng.hawaii.edu>]
*) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
http_protocol.c [Roy Fielding]
*) Replaced use of index() in mod_expires.c with more appropriate
*) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
*) Updated helpers/GuessOS for ...
SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
and fixed something in helpers/PrintPath [Ben Laurie]
*) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
*) mod_env now turned on by default in Configuration.tmpl.
c) Leading colons were stripped from passwords [<osm interguide.com>]
d) Another fix to multi-method Limit problem [<jk tools.de>]
b) truncated hostnames/ip address in the logs
*) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
*) Internal redirects which occur in mod_dir.c now preserve the
*) Fix for POSIX compliance in waiting for processes in alloc.c.
which works similar to PidFile (in httpd.conf) [Rob Hartill]
*) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
*) the pstrcat call in mod_cookies.c didn't have an ending NULL,
*) Add strerror function to util.c for SunOS4 [Randy Terbush]
*) patch to get Apache compiled on UnixWare 2.x, recommended as
a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
*) past changes to http_config.c to only use the
*) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
and the server provider uses relative links; as file.html
*) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
*) Fixed potential FILE* leak in http_main.c [Ben Laurie]
*) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
*) Nuked bogus #define in httpd.h [David Robinson]
*) gcc -Wall no longer complains about an unused variable when util.c
*) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
*) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
subprocesses, including the SIGTERM/pause/SIGKILL routine, until
causing certain extremely marginal cases (e.g., ScriptAlias of a
*particular* index.html file) to fail. [David Robinson]
*) Cleaned up compiler warning from mod_access.c [Robert Thau]
*) Cleaned up comments in mod_cgi.c [Robert Thau]
"/path/to/some/link/" follows the link. [Thau, Fielding]
*) Doesn't reset DirectoryIndex to 'index.html' when
*) Clarified init code and nuked bogus warning in mod_access.c
*) Corrected several directives in sample srm.conf
*) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
mod_alias.c, merging it almost completely with handling of Alias, and
using a special file created for the purpose in /usr/tmp, and
which try to print out the last-modified date). [Eric Hagberg/Robert
*) <!--exec cgi="/some/uri/here"--> always treats the item named by the
*) POST to CGI works on A/UX [Jim Jagielski]
it seems to work well enough without it (even in a 10 hits/sec
workout), and the overhead for the locking under A/UX is
*) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
*) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian
Behlendorf/Eric Hagberg]
*) More improvements to default Configuration for A/UX [Jim Jagielski]
*) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
*) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
properly. (One-line fix to http_protocol.c).
*) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut]
*) Nuked Shambhala name from src/README; had already cleaned it out
*) Set config file locations properly if not set in httpd.conf
*) Fixed mod_imap.c --- relative paths with base_uri referer don't
be nice if mod_dir.c was robust enough to handle that, but for now,
/tmp/htstatus.*, on which each process has an independent file
*) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
*) Incidental code cleanups in http_main.c --- stop dragging
*) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
Also, fixed auth typo in http_protocol.c unmasked by this fix.
*) Reordered modules in modules.c so that Redirect takes priority
the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
*) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
*) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
memory area every time). Fix is in mod_dir.c. [Paul Sutton]
*) Changes to http_main.c --- root server no longer plays silly
*) mod_dir.c bug fixes: ReadmeName and HeaderName
*) http_request.c now calls unescape_url() more places where it
*) Generalized cleanup interface in alloc.c --- any function can be
registered with alloc.c as a cleanup for a resource pool;
*) More changes in alloc.c --- new cleanup_for_exec() function,
registered with the alloc.c machinery before the server exec()s a
*) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
in alloc.c [rst]