1 -*- coding: utf-8 -*-
2 Changes with Apache 2.0.64
4 *) SECURITY: CVE-2010-1452 (cve.mitre.org)
5 mod_dav: Fix Handling of requests without a path segment.
6 PR: 49246 [Mark Drayton, Jeff Trawick]
8 *) SECURITY: CVE-2009-1891 (cve.mitre.org)
9 Fix a potential Denial-of-Service attack against mod_deflate or other
10 modules, by forcing the server to consume CPU time in compressing a
11 large file after a client disconnects. PR 39605.
12 [Joe Orton, Ruediger Pluem]
14 *) SECURITY: CVE-2009-3095 (cve.mitre.org)
15 mod_proxy_ftp: sanity check authn credentials.
16 [Stefan Fritsch <sf fritsch.de>, Joe Orton]
18 *) SECURITY: CVE-2009-3094 (cve.mitre.org)
19 mod_proxy_ftp: NULL pointer dereference on error paths.
20 [Stefan Fritsch <sf fritsch.de>, Joe Orton]
22 *) SECURITY: CVE-2009-3555 (cve.mitre.org)
23 mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
24 attack when compiled against OpenSSL version 0.9.8m or later. Introduces
25 the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
26 and offer unsafe legacy renegotiation with clients which do not yet
27 support the new secure renegotiation protocol, RFC 5746.
28 [Joe Orton, and with thanks to the OpenSSL Team]
30 *) SECURITY: CVE-2009-3555 (cve.mitre.org)
31 mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
32 for OpenSSL versions prior to 0.9.8l; reject any client-initiated
33 renegotiations. Forcibly disable keepalive for the connection if there
34 is any buffered data readable. Any configuration which requires
35 renegotiation for per-directory/location access control is still
36 vulnerable, unless using openssl 0.9.8l or later.
37 [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>,
40 *) SECURITY: CVE-2010-0434 (cve.mitre.org)
41 Ensure each subrequest has a shallow copy of headers_in so that the
42 parent request headers are not corrupted. Elimiates a problematic
43 optimization in the case of no request body. PR 48359
44 [Jake Scott, William Rowe, Ruediger Pluem]
46 *) SECURITY: CVE-2008-2364 (cve.mitre.org)
47 mod_proxy_http: Better handling of excessive interim responses
48 from origin server to prevent potential denial of service and high
49 memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
50 Joe Orton, Jim Jagielski]
52 *) SECURITY: CVE-2010-0425 (cve.mitre.org)
53 mod_isapi: Do not unload an isapi .dll module until the request
54 processing is completed, avoiding orphaned callback pointers.
55 [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
57 *) SECURITY: CVE-2008-2939 (cve.mitre.org)
58 mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
59 the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
61 *) Fix recursive ErrorDocument handling. PR 36090 [Chris Darroch]
63 *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]
65 *) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
66 through on a 304 response. [Nick Kew]
68 *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
71 Changes with Apache 2.0.63
73 *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
74 to /Device/Nul as the server is starting up, mirroring unix MPM's.
75 PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
77 *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
78 by recreating the bucket allocator each time the trans pool is cleared.
79 PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
81 Changes with Apache 2.0.62 (not released)
83 *) SECURITY: CVE-2007-6388 (cve.mitre.org)
84 mod_status: Ensure refresh parameter is numeric to prevent
85 a possible XSS attack caused by redirecting to other URLs.
86 Reported by SecurityReason. [Mark Cox, Joe Orton]
88 *) SECURITY: CVE-2007-5000 (cve.mitre.org)
89 mod_imap: Fix a cross-site scripting issue. Reported by JPCERT.
92 *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
93 to identify a default, or specific servers or paths which list their
94 contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
96 *) log.c: Ensure Win32 resurrects its lost robust logger processes.
99 *) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
100 shutdown of the server when the MaxClients is higher then 257,
101 in a more responsive manner [Mladen Turk, William Rowe]
103 *) Add explicit charset to the output of various modules to work around
104 possible cross-site scripting flaws affecting web browsers that do not
105 derive the response character set as required by RFC2616. One of these
106 reported by SecurityReason [Joe Orton]
108 *) http_protocol: Escape request method in 405 error reporting.
109 This has no security impact since the browser cannot be tricked
110 into sending arbitrary method strings. [Jeff Trawick]
112 *) http_protocol: Escape request method in 413 error reporting.
113 Determined to be not generally exploitable, but a flaw in any case.
114 PR 44014 [Victor Stinner <victor.stinner inl.fr>]
116 Changes with Apache 2.0.61
118 *) SECURITY: CVE-2007-3847 (cve.mitre.org)
119 mod_proxy: Prevent reading past the end of a buffer when parsing
120 date-related headers. PR 41144.
121 [Davi Arnaut, Nick Kew]
123 *) SECURITY: CVE-2007-1863 (cve.mitre.org)
124 mod_cache: Prevent segmentation fault if a Cache-Control header has
125 no value. [Niklas Edmundsson <nikke acc.umu.se>]
127 *) SECURITY: CVE-2006-5752 (cve.mitre.org)
128 mod_status: Fix a possible XSS attack against a site with a public
129 server-status page and ExtendedStatus enabled, for browsers which
130 perform charset "detection". Reported by Stefan Esser. [Joe Orton]
132 *) SECURITY: CVE-2007-3304 (cve.mitre.org)
133 prefork, worker MPMs: Ensure that the parent process cannot
134 be forced to kill processes outside its process group.
135 [Joe Orton, Jim Jagielski]
137 *) mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as synonymous.
138 PR 43183 [Brian Rectanus <Brian.Rectanus breach.com>, Vincent Bray]
140 *) log core: ensure we use a special pool for stderr logging, so that
141 the stderr channel remains valid from the time plog is destroyed,
142 until the time the open_logs hook is called again. [William Rowe]
144 *) mod_ssl: Version reporting update; displays 'compiled against'
145 Apache and build-time SSL Library versions at loglevel [info],
146 while reporting the run-time SSL Library version in the server
147 info tags. Helps to identify a mod_ssl built against one flavor
148 of OpenSSL but running against another (also adds SSL-C version
149 number reporting.) [William Rowe]
151 *) mod_autoindex: Add in Type and Charset options to IndexOptions
152 directive. This allows the admin to explicitly set the
153 content-type and charset of the generated page and is therefore
154 a viable workaround for buggy browsers affected by CVE-2007-4465
155 (cve.mitre.org). [Jim Jagielski]
157 *) main core: Emit errors during the initial apr_app_initialize()
158 or apr_pool_create() (when apr-based error reporting is not ready).
159 [William Rowe, Jeff Trawick]
161 *) log core: Fix issue which could cause piped loggers to be orphaned
162 and never terminate after a graceful restart. PR 40651. [Joe Orton,
165 *) log core: fix the new piped logger case where we couldn't connect
166 the replacement stderr logger's stderr to the NULL stdout stream.
167 Continue in this case, since the previous alternative of no error
168 logging at all (/dev/null) is far worse. [William Rowe]
170 *) mpm_winnt: Prevent the parent-child pipe from leaking into other
171 spawned processes, and ensure we have a /Device/null handle for
172 stdout when running as-a-service. [William Rowe]
174 *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]
176 *) mod_so: Solve dev's confusion by reporting expected/seen module
177 magic signatures when failing with a 'garbled' message, and solve
178 user's confusion by pointing out 'perhaps compiled for a different
179 version of apache?'. [William Rowe]
181 *) mod_ssl: initialize thread locks before initializing the hardware
182 acceleration library, so the latter can make use of the former.
183 PR 20951. [<adunn ncipher.com>]
185 *) mod_ssl: Support limited buffering of request bodies to allow
186 per-location renegotiation to proceed. PR 12355. [Joe Orton]
188 *) mod_cgi, mod_cgid: Don't return apr_status_t error value
189 from input filter chain. PR 31759 (mutated). [Jo Rhett,
192 *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
195 *) proxy_http.c: Overlay existing cookies with proxied ones, ala
196 httpd-2.2. [Jim Jagielski]
198 *) mod_proxy: ProxyTimeout (and others) ignored due to not merging
199 the *_set params. PR 11540. [Jim Jagielski]
201 *) mod_isapi: Correctly present SERVER_PORT_SECURE.
202 PR 40573. [Matt Eaton <asf divinehawk.com>]
204 *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
205 support. Also corrects the slashes for Windows. PR 15993. [William Rowe]
207 *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
208 token parser worked while the resulting length was misinterpreted.
209 PR 29098. [Brock Bland <bbland serena.com>]
211 *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
212 attempts to stream the response at the client. Log these as well.
213 PR 30022, 40470. [William Rowe, Matt Eaton <asf divinehawk.com>]
215 *) mod_isapi: Ensure we walk through all the methods the developer may have
216 employed to report their HTTP status result code.
217 PR 16637 30033 28089. [Matt Lewandowsky <matt iamcode.net>, William Rowe]
221 Changes with Apache 2.0.59
223 *) SECURITY: CVE-2006-3747 (cve.mitre.org)
224 mod_rewrite: Fix an off-by-one security problem in the ldap scheme
225 handling. For some RewriteRules this could lead to a pointer being
226 written out of bounds. Reported by Mark Dowd of McAfee.
229 *) Win32: Minor fixes to build more cleanly under Visual Studio 2005
230 from the command line build. [William Rowe]
232 Changes with Apache 2.0.58
234 *) Legal: Restored original years in copyright notices.
237 Changes with Apache 2.0.57
239 *) mod_cgid: run the get_suexec_identity hook within the request-handler
240 instead of within cgid. PR 36410. [Colm MacCarthaigh]
242 *) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
243 [Davi Arnaut <davi haxent.com.br>]
245 *) mod_proxy: Report the proxy server name correctly in the "Via:" header,
246 when UseCanonicalName is Off. PR 11971. [Martin Kraemer]
248 *) mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
249 run on Unix. [William Wrowe]
251 *) HTML-escape the Expect error message. Not classed as security as
252 an attacker has no way to influence the Expect header a victim will
253 send to a target site. Reported by Thiago Zaninotti
254 <thiango nstalker.com>. [Mark Cox]
256 Changes with Apache 2.0.56
258 *) SECURITY: CVE-2005-3357 (cve.mitre.org)
259 mod_ssl: Fix a possible crash during access control checks if a
260 non-SSL request is processed for an SSL vhost (such as the
261 "HTTP request received on SSL port" error message when an 400
262 ErrorDocument is configured, or if using "SSLEngine optional").
263 PR 37791. [Rüdiger Plüm, Joe Orton]
265 *) SECURITY: CVE-2005-3352 (cve.mitre.org)
266 mod_imap: Escape untrusted referer header before outputting in HTML
267 to avoid potential cross-site scripting. Change also made to
268 ap_escape_html so we escape quotes. Reported by JPCERT.
271 *) Add APR/APR-Util Compiled and Runtime Version numbers to the
272 output of 'httpd -V'. [William Rowe]
274 *) Ensure that the proper status line is written to the client, fixing
275 incorrect status lines caused by filters which modify r->status without
276 resetting r->status_line, such as the built-in byterange filter.
279 *) Default handler: Don't return output filter apr_status_t values.
280 PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
282 *) mod_speling: Stop crashing with certain non-file requests.
285 *) keep the Content-Length header for a HEAD with no response body.
288 *) Modify apr[util] .h detection to avoid breakage on VPATH builds
289 using Solaris make (amoung others) and avoid breakage in ./buildconf
290 when srclib/apr[-util] are symlinks rather than directories proper.
293 *) Avoid server-driven negotiation when a CGI script has emitted an
294 explicit "Status:" header. PR 38070. [Nick Kew]
296 *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
297 format is used. PR 27787. [André Malo]
299 *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
302 *) mod_cache: Correctly handle responses with a 301 status. PR 37347.
305 *) mod_proxy_http: Prevent data corruption of POST request bodies when
306 client accesses proxied resources with SSL. PR 37145.
307 [Ruediger Pluem, William Rowe]
309 *) Eliminated the NET_TIME filter, restructuring the timeout logic.
310 This provides a working mod_echo on all platforms, and ensures any
311 custom protocol module is at least given an initial timeout value
312 based on the <VirtualHost > context's Timeout directive.
315 *) mod_ssl: Correct issue where mod_ssl does not pick up the
316 ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
318 *) Document the ReceiveBufferSize change done in r157583.
319 [Murray Nesbitt <murray cpan.org>]
321 *) mod_deflate: Merge the Vary header, instead of Setting it. Fixes
322 applications that send the Vary Header themselves. PR 37559.
325 *) mod_dav: Fix a null pointer dereference in an error code path during the
326 handling of MKCOL. [Ghassan Misherghi <ghassanm ucdavis.edu>]
328 *) mod_mime_magic: Handle CRLF-format magic files so that it works with
329 the default installation on Windows. [Jeff Trawick]
331 *) Write message to error log if AuthGroupFile cannot be opened.
332 PR 37566. [Rüdiger Plüm]
334 *) Add ReceiveBufferSize directive to control the TCP receive buffer.
335 [Eric Covener <covener gmail.com>]
337 *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
340 *) Remove the base href tag from proxy_ftp, as it breaks relative
341 links for clients not using an Authorization header. [Graham Leggett,
342 Jon Snow <jsnow27 gatesec.net>]
344 *) http_request.c: Add missing va_end call. [André Malo]
346 *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
349 *) support/check_forensic: Fix temp file usage
350 [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
352 *) Chunk filter: Fix chunk filter to create correct chunks in the case that
353 a flush bucket is surrounded by data buckets. [Ruediger Pluem]
355 *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
356 respond to OPTIONS directly rather than via server default.
357 [Roy Fielding] PR 15242
359 *) Added new module mod_version, which provides version dependent
360 configuration containers. [André Malo]
362 *) Add core version query function (ap_get_server_revision) and
363 accompanying ap_version_t structure (minor MMN bump).
366 Changes with Apache 2.0.55
368 *) SECURITY: CVE-2005-2700 (cve.mitre.org)
369 mod_ssl: Fix a security issue where "SSLVerifyClient" was not
370 enforced in per-location context if "SSLVerifyClient optional"
371 was configured in the vhost configuration. [Joe Orton]
373 *) SECURITY: CVE-2005-2970 (cve.mitre.org)
374 worker MPM: Fix a memory leak which can occur after an aborted
375 connection in some limited circumstances. [Greg Ames]
377 *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
378 retrieved from LDAP so that all of the values can be properly
379 cached even if the value is NULL.
380 [Brad Nicholes, Ondrej Sury <ondrej sury.org>]
382 *) SECURITY: CVE-2005-2491 (cve.mitre.org):
383 Fix integer overflows in PCRE in quantifier parsing which could
384 be triggered by a local user through use of a carefully-crafted
385 regex in an .htaccess file. [Philip Hazel]
387 *) SECURITY: CVE-2005-2088 (cve.mitre.org)
388 proxy: Correctly handle the Transfer-Encoding and Content-Length
389 headers. Discard the request Content-Length whenever T-E: chunked
390 is used, always passing one of either C-L or T-E: chunked whenever
391 the request includes a request body. Resolves an entire class of
392 proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
394 *) Added TraceEnable [on|off|extended] per-server directive to alter
395 the behavior of the TRACE method. This addresses a flaw in proxy
396 conformance to RFC 2616 - previously the proxy server would accept
397 a TRACE request body although the RFC prohibited it. The default
398 remains 'TraceEnable on'. [William Rowe]
400 *) Add ap_log_cerror() for logging messages associated with particular
401 client connections. [Jeff Trawick]
403 *) Correct mod_cgid's argv[0] so that the full path can be delved by the
404 invoked cgi application, to conform to the behavior of mod_cgi.
405 [Pradeep Kumar S <pradeep.smani gmail.com>]
407 *) mod_include: Fix possible environment variable corruption when
408 using nested includes. PR 12655. [Joe Orton]
410 *) Support the suppress-error-charset setting, as with Apache 1.3.x.
411 PR 31274. [Jeff Trawick]
413 *) EBCDIC: Handle chunked input from client or, with proxy, origin
414 server. [Jeff Trawick]
416 *) Fix bad globbing comparison which could result in getting
417 a directory listing when a file was requested. PR 34512.
418 [sean <infamous41md hotmail.com>]
420 *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
421 was called even if mod_auth_ldap_check_user_id() was not
422 (or if it didn't succeed) for non-authoritative cases.
425 *) SECURITY: CVE-2005-2728 (cve.mitre.org)
426 Fix cases where the byterange filter would buffer responses
427 into memory. PR 29962. [Joe Orton]
429 *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
430 PR 15207. [Jim Jagielski]
432 *) mod_ldap: Fix various shared memory cache handling bugs.
433 PR 34209. [Joe Orton]
435 *) Fix a file descriptor leak when starting piped loggers. PR 33748.
438 *) mod_ldap: Avoid segfaults when opening connections if using a version
439 of OpenLDAP older than 2.2.21. PR 34618. [Brad Nicholes]
441 *) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe]
443 *) SECURITY: CVE-2005-2088 (cve.mitre.org)
444 core: If a request contains both Transfer-Encoding and Content-Length
445 headers, remove the Content-Length, mitigating some HTTP Request
446 Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
448 *) proxy HTTP: If a response contains both Transfer-Encoding and a
449 Content-Length, remove the Content-Length and don't reuse the
450 connection, mitigating some HTTP Response Splitting attacks.
453 *) Prevent hangs of child processes when writing to piped loggers at
454 the time of graceful restart. PR 26467. [Jeff Trawick]
456 *) SECURITY: CVE-2005-1268 (cve.mitre.org)
457 mod_ssl: Fix off-by-one overflow whilst printing CRL information
458 at "LogLevel debug" which could be triggered if configured
459 to use a "malicious" CRL. PR 35081. [Marc Stern <mstern csc.com>]
461 *) mod_userdir: Fix possible memory corruption issue. PR 34588.
462 [David Leonard <dleonard vintela.com>]
464 *) worker mpm: don't take down the whole server for a transient
465 thread creation failure. PR 34514 [Greg Ames]
467 *) mod_rewrite: use buffered I/O to improve performance with large
468 RewriteMap txt: files. [Greg Ames]
470 *) proxy HTTP: Rework the handling of request bodies to handle
471 chunked input and input filters which modify content length, and
472 avoid spooling arbitrary-sized request bodies in memory.
473 PR 15859. [Jeff Trawick]
475 Changes with Apache 2.0.54
477 *) mod_cache: Add CacheIgnoreHeaders directive. PR 30399.
478 [Rüdiger Plüm <r.pluem t-online.de>]
480 *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
481 the ldap socket connection timeout value.
484 *) Correctly export all mod_dav public functions.
485 [Branko Čibej <brane xbc.nu>]
487 *) Add a build script to create a solaris package. [Graham Leggett]
489 *) worker MPM: Fix a problem which could cause httpd processes to
490 remain active after shutdown. [Jeff Trawick]
492 *) Unix MPMs: Shut down the server more quickly when child processes are
493 slow to exit. [Joe Orton, Jeff Trawick]
495 *) Remove formatting characters from ap_log_error() calls. These
496 were escaped as fallout from CVE-2003-0020.
497 [Eric Covener <ecovener gmail.com>]
499 *) mod_ssl: If SSLUsername is used, set r->user earlier. PR 31418.
502 *) htdigest: Fix permissions of created files. PR 33765. [Joe Orton]
504 *) core_input_filter: Move buckets to a persistent brigade instead of
505 creating a new brigade. This stop a memory leak when proxying a
506 Streaming Media Server. PR 33382. [Paul Querna]
508 *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
509 hiccups from additional path information passed in non-utf-8 format.
510 [Richard Donkin <rd9 donkin.org]
512 Changes with Apache 2.0.53
514 *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
515 [Max Bowsher <maxb ukf.net>]
517 *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
518 [Rici Lake <rici ricilake.net>]
520 *) mod_proxy: Respect errors reported by pre_connection hooks.
523 *) --with-module can now take more than one module to be statically
524 linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
525 If the <modtype>-subdirectory doesn't exist it will be created and
526 populated with a standard Makefile.in. [Erik Abele]
528 *) Fix the RPM spec file so that an RPM build now works. An RPM
529 build now requires system installations of APR and APR-util.
530 Remove some arbitrary moving around of binaries - the RPM now
531 maps to the ASF build of httpd.
534 *) mod_dumpio, an I/O logging/dumping module, added to the
535 modules/expermimental subdirectory. [Jim Jagielski]
537 *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
538 library handles special characters. PR 24437. [Jess Holle]
540 *) Win32 MPM: Correct typo in debugging output. [William Rowe]
542 *) conf: Remove AddDefaultCharset from the default configuration because
543 setting a site-wide default does more harm than good. PR 23421.
546 *) Add charset to example CGI scripts. [Roy Fielding]
548 *) mod_ssl: fail quickly if SSL connection is aborted rather than
549 making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
551 *) Remove compiled-in upper limit on LimitRequestFieldSize.
554 *) Start keeping track of time-taken-to-process-request again for
555 mod_status if ExtendedStatus is enabled. [Jim Jagielski]
557 *) mod_proxy: Handle client-aborted connections correctly. PR 32443.
558 [Janne Hietamäki, Joe Orton]
560 *) Fix handling of files >2Gb on all platforms (or builds) where
561 apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
563 *) mod_include: Fix bug which could truncate variable expansions
564 of N*64 characters by one byte. PR 32985. [Joe Orton]
566 *) Correct handling of certain bucket types in ap_save_brigade, fixing
567 possible segfaults in mod_cgi with #include virtual. PR 31247.
570 *) Allow for the use of --with-module=foo:bar where the ./modules/foo
571 directory is local only. Assumes, of course, that the required
572 files are in ./modules/foo, but makes it easier to statically
573 build/log "external" modules. [Jim Jagielski]
575 *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
576 ldap authorization only modules have access to the util_ldap
577 user cache without having to require ldap authentication as well.
578 PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
580 *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
581 allows the module to only authorize a user if the attribute value
582 specified matches the value of the user object. PR 31913
583 [Ryan Morgan <rmorgan pobox.com>]
585 *) SECURITY: CVE-2004-0942 (cve.mitre.org)
586 Fix for memory consumption DoS in handling of MIME folded request
589 *) SECURITY: CVE-2004-0885 (cve.mitre.org)
590 mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
591 bypassed during an SSL renegotiation. PR 31505.
592 [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
594 *) mod_ssl: Fail at startup rather than segfault at runtime if a
595 client cert is configured with an encrypted private key.
596 PR 24030. [Joe Orton]
598 *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
601 *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
604 *) mod_cache: CacheDisable will only disable the URLs it was meant to
605 disable, not all caching. PR 31128.
606 [Edward Rudd <eddie omegaware.com>, Paul Querna]
608 *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
609 cache responses. [Justin Erenkrantz]
611 *) mod_rewrite: Handle per-location rules when r->filename is unset.
612 Previously this would segfault or simply not match as expected,
613 depending on the platform. [Jeff Trawick]
615 *) mod_rewrite: Fix 0 bytes write into random memory position.
616 PR 31036. [André Malo]
618 *) mod_disk_cache: Do not store aborted content. PR 21492.
619 [Rüdiger Plüm <r.pluem t-online.de>]
621 *) mod_disk_cache: Correctly store cached content type. PR 30278.
622 [Rüdiger Plüm <r.pluem t-online.de>]
624 *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
625 statistics display. PR 29216. [Graham Leggett]
627 *) mod_ldap: fix a bogus error message to tell the user which file
628 is causing a potential problem with the LDAP shared memory cache.
629 PR 31431 [Graham Leggett]
631 *) SECURITY: CVE-2004-1834 (cve.mitre.org)
632 mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
634 *) Fix the re-linking issue when purging elements from the LDAP cache
635 PR 24801. [Jess Holle <jessh ptc.com>]
637 *) mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
639 *) Fix Expires handling in mod_cache. [Justin Erenkrantz]
641 *) Alter mod_expires to run at a different filter priority to allow
642 proper Expires storage by mod_cache. [Justin Erenkrantz]
644 Changes with Apache 2.0.52
646 *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
648 *) Fix the global mutex crash when the global mutex is never allocated
649 due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
651 *) Fix a segfault in the LDAP cache when it is configured switched
652 off. [Jess Holle <jessh ptc.com>]
654 *) SECURITY: CVE-2004-0811 (cve.mitre.org)
655 Fix merging of the Satisfy directive, which was applied to
656 the surrounding context and could allow access despite configured
657 authentication. PR 31315. [Rici Lake <rici ricilake.net>]
659 *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
660 is enabled. Previously, such urls would still be rejected.
661 [Jeff Trawick, Bill Stoddard]
663 *) mod_mem_cache: Fixed race condition causing segfault because of memory being
664 freed twice, or reused after being freed.
665 [J. Clar, W. Stoddard, G. Ames]
667 *) Add -l option to rotatelogs to let it use local time rather than
668 UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
670 *) mod_log_config: Fix a bug which prevented request completion time
671 from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
672 processing. PR 29696. [Alois Treindl <alois astro.ch>]
674 Changes with Apache 2.0.51
676 *) SECURITY: CVE-2004-0786 (cve.mitre.org)
677 Fix an input validation issue in apr-util which could be
678 triggered by malformed IPv6 literal addresses. [Joe Orton]
680 *) SECURITY: CVE-2004-0747 (cve.mitre.org)
681 Fix buffer overflow in expansion of environment variables in
682 configuration file parsing. [André Malo]
684 *) SECURITY: CVE-2004-0809 (cve.mitre.org)
685 mod_dav_fs: Fix a segfault in the handling of an indirect lock
686 refresh. PR 31183. [Joe Orton]
688 *) mod_include no longer checks for recursion, because that's done
689 in the core. This allows for careful usage of recursive SSI.
692 *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
693 [chunyan sheng <shengperson yahoo.com>, André Malo]
695 *) Include directives no longer refuse to process symlinks on
696 directories. Instead there's now a maximum nesting level
697 of included directories (128 as distributed). This is configurable
698 at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
699 PR 28492. [André Malo]
701 *) Win32: apache -k start|restart|install|config can leave stranded
702 piped logger processes (eg, rotatelogs.exe) due to improper
703 server shutdown on these code paths.
706 *) SECURITY: CVE-2004-0751 (cve.mitre.org)
707 mod_ssl: Fix a segfault in the SSL input filter which could be
708 triggered if using "speculative" mode, for instance by a
709 proxy request to an SSL server. PR 30134. [Joe Orton]
711 *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
712 PR 30464. [Joe Orton, Madhusudan Mathihalli]
714 *) mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
716 *) Prevent CGI script output which includes a Content-Range header
717 from being passed through the byterange filter. [Joe Orton]
719 *) Satisfy directives now can be influenced by a surrounding <Limit>
720 container. PR 14726. [André Malo]
722 *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
723 PR 27985. [André Malo]
725 *) mod_disk_cache: Implement binary format for on-disk header files.
726 [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
728 *) mod_disk_cache: Optimize network performance of disk cache subsystem by
729 allowing zero-copy (sendfile) writes and other miscellaneous fixes.
732 *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
733 switch to the provider API instead of hooks. [Justin Erenkrantz]
735 *) mod_autoindex: Don't truncate the directory listing if a stat()
736 call fails (for instance on a >2Gb file). PR 17357.
739 *) Makefile fix: httpd is linked against LIBS given to the
740 'make' invocation. PR 7882. [Joe Orton]
742 *) WinNT MPM: Fix a broken log message at termination. PR 28063.
743 [Eider Oliveira <eider bol.com.br>]
745 *) Prevent Win32 pool corruption at startup [Allan Edwards]
747 *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
748 chosen SSL environment variable. PR 20957.
749 [Martin v. Loewis <martin v.loewis.de>]
751 *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
752 [Zvi Har'El <rl math.technion.ac.il>]
754 *) apachectl: Fix a problem finding envvars if sbindir != bindir.
755 PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
757 *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
759 *) SECURITY: CVE-2004-0748 (cve.mitre.org)
760 mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
762 *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
763 PR 18989. [Joe Orton]
765 *) mod_userdir: Ensure that the userdir identity is used for
766 suexec userdir access in a virtual host which has suexec configured.
767 PR 18156. [Joshua Slive]
769 *) mod_rewrite no longer confuses the RewriteMap caches if
770 different maps defined in different virtual hosts use the
771 same map name. PR 26462. [André Malo]
773 *) mod_setenvif: Remove "support" for Remote_User variable which
774 never worked at all. PR 25725. [André Malo]
776 *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
777 again the functionality of the ErrorHeader directive. But instead
778 using this misnomer additional flags to the Header directive were
779 introduced ("always" and "onsuccess", defaulting to the latter).
780 PR 28657. [André Malo]
782 *) Use the higher performing 'httpready' Accept Filter on all platforms
783 except FreeBSD < 4.1.1. [Paul Querna]
785 *) mod_usertrack: Escape the cookie name before pasting into the
788 *) Extend the SetEnvIf directive to capture subexpressions of the
789 matched value. [André Malo]
791 *) Recursive Include directives no longer crash. The server stops
792 including configuration files after a certain nesting level (128
793 as distributed). This is configurable at compile time using the
794 -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
796 *) mod_dir: the trailing-slash behaviour is now configurable using the
797 DirectorySlash directive. [André Malo]
799 *) Allow proxying of resources that are invoked via DirectoryIndex.
800 PR 14648, 15112, 29961. [André Malo]
802 *) util_ldap: Switched the lock types on the shared memory cache
803 from thread reader/writer locks to global mutexes in order to
804 provide cross process cache protection. [Brad Nicholes]
806 *) util_ldap: Reworked the cache locking scheme to eliminate duplicate
807 cache entries in the credentials cache due to race conditions.
810 *) util_ldap: Enhanced the util_ldap cache-info display to show more
811 detail about the contents and current state of the cache.
814 *) Enable the option to support anonymous shared memory in mod_ldap.
815 This makes the cache work on Linux again. [Graham Leggett]
817 *) Enable special ErrorDocument value 'default' which restores the
818 canned server response for the scope of the directive.
819 [Geoffrey Young, André Malo]
821 *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
822 is set in r->subprocess_env allow mismatched query strings to pass.
823 PR 27758. [Paul Querna, Geoffrey Young]
825 *) Accept URLs for the ServerAdmin directive. If the supplied
826 argument is not recognized as an URL, assume it's a mail address.
827 PR 28174. [André Malo, Paul Querna]
829 *) initialize server arrays prior to calling ap_setup_prelinked_modules
830 so that static modules can push Defines values when registering
831 hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
833 *) Small fix to allow reverse proxying to an ftp server. Previously
834 an attempt to do this would try and connect to 0.0.0.0, regardless
835 of the server specified. PR 24922
836 [Pascal Terjan <pterjan@linuxfr.org>]
838 *) Add the NOTICE file to the rpm spec file in compliance with the
839 Apache v2.0 license. [Graham Leggett]
841 *) RPM spec file changes: changed default dependancy to link to db4
842 instead of db3. Fixed complaints about unpackaged files.
845 Changes with Apache 2.0.50
847 *) SECURITY: CVE-2004-0493 (cve.mitre.org)
848 Close a denial of service vulnerability identified by Georgi
849 Guninski which could lead to memory exhaustion with certain
850 input data. [Jeff Trawick]
852 *) mod_cgi: Handle output on stderr during script execution on Unix
853 platforms; preventing deadlock when stderr output fills pipe buffer.
854 Also fixes case where stderr from nph- scripts could be lost.
855 PR 22030, 18348. [Joe Orton, Jeff Trawick]
857 *) mod_alias now emits a warning if it detects overlapping *Alias*
858 directives. [André Malo]
860 *) mod_rewrite no longer turns forward proxy requests into reverse proxy
861 requests. PR 28125 [ast domdv.de, André Malo]
863 *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
864 exported on Win32 and Netware as well (minor MMN bump). PR 28523.
865 [Edward Rudd <eddie omegaware.com>, André Malo]
867 *) Restore the ability to disable the use of AcceptEx on Win9x systems
868 automatically (broken in 2.0.49). PR 28529. [André Malo]
870 *) <VirtualHost myhost> now applies to all IP addresses for myhost
871 instead of just the first one reported by the resolver. This
872 corrects a regression since 1.3. [Jeff Trawick]
874 *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
875 against ServerRoot PR#26602 [Brad Nicholes]
877 *) SECURITY: CVE-2004-0488 (cve.mitre.org)
878 mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
879 (trusted) client certificate subject DN which exceeds 6K in length.
882 *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
883 caused issues for the Eclipse WebDAV extension.
884 PR 29034. [Joe Orton]
886 *) mod_deflate: Fix memory consumption (which was proportional to the
887 response size). PR 29318. [Joe Orton]
889 *) mod_ssl: Log the errors returned on failure to load or initialize
890 a crypto accelerator engine. [Joe Orton]
892 *) Allow RequestHeader directives to be conditional. PR 27951.
893 [Vincent Deffontaines <vincent gryzor.com>, André Malo]
895 *) Allow LimitRequestBody to be reset to unlimited. PR 29106
898 *) Fix a bunch of cases where the return code of the regex compiler
899 was not checked properly. This affects: mod_setenvif, mod_usertrack,
900 mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
902 *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
903 small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
905 *) Remove 2Gb log file size restriction on some 32-bit platforms.
906 PR 13511. [Joe Orton]
908 *) mod_logio no longer removes the EOS bucket. PR 27928.
909 [Bojan Smojver <bojan rexursive.com>]
911 *) htpasswd no longer refuses to process files that contain empty
914 *) Regression from 1.3: At startup, suexec now will be checked for
915 availability, the setuid bit and user root. The works only if
916 httpd is compiled with the shipped APR version (0.9.5).
917 PR 28287. [André Malo]
919 *) Unix MPMs: Stop dropping connections when the file descriptor
920 is at least FD_SETSIZE. [Jeff Trawick]
922 *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
924 *) mod_isapi: send_response_header() failed to copy status string's
925 last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
927 *) Fix a segfault when requests for shared memory fails and returns
928 NULL. Fix a segfault caused by a lack of bounds checking on the
929 cache. PR 24801. [Graham Leggett]
931 *) Throw an error message if an attempt is made to use the LDAPTrustedCA
932 or LDAPTrustedCAType directives in a VirtualHost. PR 26390
935 *) Fix a potential segfault if the bind password in the LDAP cache
936 is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
938 *) Quotes cannot be used around require group and require dn
939 directives, update the documentation to reflect this. Also add
940 quotes around the dn and group within debug messages, to make it
941 more obvious why authentication is failing if quotes are used in
942 error. PR 19304. [Graham Leggett]
944 *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
945 from escaping filters twice when the backslash character is used.
946 PR 24437. [Jess Holle <jessh ptc.com>]
948 *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
949 functions leave the connections in a sane state after errors have
950 occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
951 27271 [Graham Leggett]
953 *) mod_ldap calls ldap_simple_bind_s() to validate the user
954 credentials. If the bind fails, the connection is left
955 in an unbound state. Make sure that the ldap connection
956 record is updated to show that the connection is no longer
957 bound. [Brad Nicholes]
959 *) Ensure that lines in the request which are too long are
960 properly terminated before logging.
961 [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
963 *) Update the bind credentials for the cached LDAP connection to
964 reflect the last bind. This prevents util_ldap from creating
965 unnecessary connections rather than reusing cached connections.
968 *) mod_isapi: GetServerVariable returned improperly terminated header
969 fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
970 [Jesse Pelton <jsp pkc.com>]
972 *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
973 size. PR 20617. [Jesse Pelton <jsp pkc.com>]
975 *) mod_dav: Fix a problem that could cause crashes when manipulating
976 locks on some platforms. [Jeff Trawick]
978 *) mod_headers no longer crashes if an empty header value should
979 be added. [André Malo]
981 *) Fix segfault in mod_expires, which occured under certain
982 circumstances. PR 28047. [André Malo]
984 *) htpasswd: use apr_temp_dir_get() and general cleanup
985 [Guenter Knauf <eflash gmx.net>, Thom May]
987 *) mod_ssl: Fix memory leak in session cache handling. PR 26562
988 [Madhusudan Mathihalli]
990 *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
991 a pool cleanup. PR 27945. [Joe Orton]
993 *) Add forensic logging module (mod_log_forensic).
996 *) logresolve: Allow size of log line buffer to be overridden at
997 build time (MAXLINE). PR 27793. [Jeff Trawick]
999 *) Fix the comment delimiter in htdbm so that it correctly parses the
1000 username comment. Also add a terminate function to allow NetWare
1001 to pause the output before the screen is destroyed.
1002 [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
1004 *) Fix crash when Apache was started with no Listen directives.
1005 [Michael Corcoran <mcorcoran warpsolutions.com>]
1007 *) core_output_filter: Fix bug that could result in sending
1008 garbage over the network when module handlers construct
1009 bucket brigades containing multiple file buckets all referencing
1010 the same open file descriptor. [Bojan Smojver]
1012 *) Fix memory corruption problem with ap_custom_response() function.
1013 The core per-dir config would later point to request pool data
1014 that would be reused for different purposes on different requests.
1015 [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
1017 *) Win32: Tweak worker thread accounting routines to eliminate
1018 server hang when number of Listen directives in httpd.conf
1019 is greater than or equal to the setting of ThreadsPerChild.
1022 Changes with Apache 2.0.49
1024 *) SECURITY: CVE-2004-0174 (cve.mitre.org)
1025 Fix starvation issue on listening sockets where a short-lived
1026 connection on a rarely-accessed listening socket will cause a
1027 child to hold the accept mutex and block out new connections until
1028 another connection arrives on that rarely-accessed listening socket.
1029 With Apache 2.x there is no performance concern about enabling the
1030 logic for platforms which don't need it, so it is enabled everywhere
1031 except for Win32. [Jeff Trawick]
1033 *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
1036 *) Win32: find_read_listeners was not correctly handling multiple
1037 listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
1039 *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
1040 [Manni Wood <manniwood planet-save.com>]
1042 *) Fix some piped log problems: bogus "piped log program '(null)'
1043 failed" messages during restart and problem with the logger
1044 respawning again after Apache is stopped. PR 21648, PR 24805.
1047 *) Fixed file extensions for real media files and removed rpm extension
1048 from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
1050 *) Remove compile-time length limit on request strings. Length is
1051 now enforced solely with the LimitRequestLine config directive.
1054 *) mod_ssl: Send the Close Alert message to the peer before closing
1055 the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
1057 *) SECURITY: CVE-2004-0113 (cve.mitre.org)
1058 mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
1059 PR 27106. [Joe Orton]
1061 *) mod_ssl: Fix bug in passphrase handling which could cause spurious
1062 failures in SSL functions later. PR 21160. [Joe Orton]
1064 *) mod_log_config: Fix corruption of buffered logs with threaded
1065 MPMs. PR 25520. [Jeff Trawick]
1067 *) Fix mod_include's expression parser to recognize strings correctly
1068 even if they start with an escaped token. [André Malo]
1070 *) Add fatal exception hook for use by diagnostic modules. The hook
1071 is only available if the --enable-exception-hook configure parm
1072 is used and the EnableExceptionHook directive has been set to
1073 "on". [Jeff Trawick]
1075 *) Allow mod_auth_digest to work with sub-requests with different
1076 methods than the original request. PR 25040.
1077 [Josh Dady <jpd indecisive.com>]
1079 *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
1080 argumentless containers.
1081 ["Philippe M. Chiasson" <gozer cpan.org>]
1083 *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
1084 [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
1086 *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
1087 [Glenn Nielsen <glenn apache.org>]
1089 *) The whole codebase was relicensed and is now available under
1090 the Apache License, Version 2.0 (http://www.apache.org/licenses).
1091 [Apache Software Foundation]
1093 *) Fixed cache-removal order in mod_mem_cache.
1094 [Jean-Jacques Clar, Cliff Woolley]
1096 *) mod_setenvif: Fix the regex optimizer, which under circumstances
1097 treated the supplied regex as literal string. PR 24219.
1100 *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
1101 instead of mmn. [André Malo]
1103 *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
1104 could lead to a 400 (Bad Request) response. [André Malo]
1106 *) Keep focus of ITERATE and ITERATE2 on the current module when
1107 the module chooses to return DECLINE_CMD for the directive.
1108 PR 22299. [Geoffrey Young <geoff apache.org>]
1110 *) Add support for IMT minor-type wildcards (e.g., text/*) to
1111 ExpiresByType. PR#7991 [Ken Coar]
1113 *) Fix segfault in mod_mem_cache cache_insert() due to cache size
1114 becoming negative. PR: 21285, 21287
1115 [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
1117 *) core.c: If large file support is enabled, allow any file that is
1118 greater than AP_MAX_SENDFILE to be split into multiple buckets.
1119 This allows Apache to send files that are greater than 2gig.
1120 Otherwise we run into 32/64 bit type mismatches in the file size.
1123 *) proxy_http fix: mod_proxy hangs when both KeepAlive and
1124 ProxyErrorOverride are enabled, and a non-200 response without a
1125 body is generated by the backend server. (e.g.: a client makes a
1126 request containing the "If-Modified-Since" and "If-None-Match"
1127 headers, to which the backend server respond with status 304.)
1128 [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
1130 *) mod_dav: Reject requests which include an unescaped fragment in the
1131 Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
1133 *) Build array of allowed methods with proper dimensions, fixing
1134 possible memory corruption. [Jeff Trawick]
1136 *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
1137 PR 15057. [Otmar Lendl <lendl nic.at>]
1139 *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
1142 *) mod_usertrack no longer inspects the Cookie2 header for
1143 the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
1145 *) mod_usertrack no longer overwrites other cookies.
1146 PR 26002. [Scott Moore <apache nopdesign.com>]
1148 *) worker MPM: fix stack overlay bug that could cause the parent
1149 process to crash. [Jeff Trawick]
1151 *) Win32: Add Win32DisableAcceptEx directive. This Windows
1152 NT/2000/CP directive is useful to work around bugs in some
1153 third party layered service providers like virus scanners,
1154 VPN and firewall products, that do not properly handle
1155 WinSock 2 APIs. Use this directive if your server is issuing
1156 AcceptEx failed messages.
1157 [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
1159 *) Make REMOTE_PORT variable available in mod_rewrite.
1160 PR 25772. [André Malo]
1162 *) Fix a long delay with CGI requests and keepalive connections on
1165 *) mod_autoindex: Add 'XHTML' option in order to allow switching between
1166 HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
1168 *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
1171 *) mod_ssl: Advertise SSL library version as determined at run-time rather
1172 than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
1174 *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
1175 format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
1177 *) Fix build with parallel make. PR 24643. [Joe Orton]
1179 *) mod_rewrite: In external rewrite maps lookup keys containing
1180 a newline now cause a lookup failure. PR 14453.
1181 [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
1183 *) Backport major overhaul of mod_include's filter parser from 2.1.
1184 The new parser code is expected to be more robust and should
1185 catch all of the edge cases that were not handled by the previous one.
1186 The 2.1 external API changes were hidden by a wrapper which is
1187 expected to keep the API backwards compatible. [André Malo]
1189 *) Add a hook (insert_error_filter) to allow filters to re-insert
1190 themselves during processing of error responses. Enable mod_expires
1191 to use the new hook to include Expires headers in valid error
1192 responses. This addresses an RFC violation. It fixes PRs 19794,
1193 24884, and 25123. [Paul J. Reder]
1195 *) Add Polish translation of error messages. PR 25101.
1196 [Tomasz Kepczynski <tomek jot23.org>]
1198 *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
1199 supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
1202 *) Add mod_status hook to allow modules to add to the mod_status
1205 *) Fix htdbm to generate comment fields in DBM files correctly.
1208 *) mod_dav: Use bucket brigades when reading PUT data. This avoids
1209 problems if the data stream is modified by an input filter. PR 22104.
1210 [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
1212 *) Fix RewriteBase directive to not add double slashes. [André Malo]
1214 *) Improve 'configure --help' output for some modules. [Astrid Keßler]
1216 *) Correct UseCanonicalName Off to properly check incoming port number.
1219 *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
1221 *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
1222 if any property values were set which defined namespaces these
1223 came out mangled in the PROPFIND response. PR 11637.
1224 [Amit Athavale <amit_athavale persistent.co.in>]
1226 *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
1227 the destination resource gives a 401. PR 15571. [Joe Orton]
1229 *) SECURITY: CVE-2003-0020 (cve.mitre.org)
1230 Escape arbitrary data before writing into the errorlog. Unescaped
1231 errorlogs are still possible using the compile time switch
1232 "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
1234 *) mod_autoindex / core: Don't fail to show filenames containing
1235 special characters like '%'. PR 13598. [André Malo]
1237 *) mod_status: Report total CPU time accurately when using a threaded
1238 MPM. PR 23795. [Jeff Trawick]
1240 *) Fix memory leak in handling of request bodies during reverse
1241 proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
1243 *) Win32 MPM: Implement MaxMemFree to enable setting an upper
1244 limit on the amount of storage used by the bucket brigades
1245 in each server thread. [Bill Stoddard]
1247 *) Modified the cache code to be header-location agnostic. Also
1248 fixed a number of other cache code bugs related to PR 15852.
1249 Includes a patch submitted by Sushma Rai <rsushma novell.com>.
1250 This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
1251 closing the PR since that is what they are using. [Paul J. Reder]
1253 *) complain via error_log when mod_include's INCLUDES filter is
1254 enabled, but the relevant Options flag allowing the filter to run
1255 for the specific resource wasn't set, so that the filter won't
1256 silently get skipped. next remove itself, so the warning will be
1257 logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
1259 *) mod_info: HTML escape configuration information so it displays
1260 correctly. PR 24232. [Thom May]
1262 *) Restore the ability to add a description for directories that
1263 don't contain an index file. (Broken in 2.0.48) [André Malo]
1265 *) Fix a problem with the display of empty variables ("SetEnv foo") in
1266 mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
1268 *) mod_log_config: Log the minutes component of the timezone correctly.
1269 PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
1271 *) mod_proxy: Fix cases where an invalid status-line could be sent
1272 to the client. PR 23998. [Joe Orton]
1274 *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
1275 are also loaded. [Joe Orton]
1277 *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
1278 thread-safe interface for retrieving error strings. [Joe Orton]
1280 *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
1281 avoid reporting an Internal Server error if it is used without
1282 having been set in the httpd.conf file. PR: 23748, 24459
1283 [André Malo, Liam Quinn <liam htmlhelp.com>]
1285 *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
1286 option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
1288 *) mod_include no longer allows an ETag header on 304 responses.
1289 PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
1291 *) EBCDIC: Convert header fields to ASCII before sending (broken
1292 since 2.0.44). [Martin Kraemer]
1294 *) Fix the inability to log errors like exec failure in
1295 mod_ext_filter/mod_cgi script children. This was broken after
1296 such children stopped inheriting the error log handle.
1299 *) Fix mod_info to use the real config file name, not the default
1300 config file name. [Aryeh Katz <aryeh secured-services.com>]
1302 *) Set the scoreboard state to indicate logging prior to running
1303 logging hooks so that server-status will show 'L' for hung loggers
1304 instead of 'W'. [Jeff Trawick]
1306 Changes with Apache 2.0.48
1308 *) SECURITY: CVE-2003-0789 (cve.mitre.org)
1309 mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
1310 communicate with the cgid daemon and the CGI script.
1313 *) SECURITY: CVE-2003-0542 (cve.mitre.org)
1314 Fix buffer overflows in mod_alias and mod_rewrite which occurred
1315 if one configured a regular expression with more than 9 captures.
1318 *) mod_include: fix segfault which occured if the filename was not
1319 set, for example, when processing some error conditions.
1320 PR 23836. [Brian Akins <bakins web.turner.com>, André Malo]
1322 *) fix the config parser to support <Foo>..</Foo> containers (no
1323 arguments in the opening tag) supported by httpd 1.3. Without
1324 this change mod_perl 2.0's <Perl> sections are broken.
1325 ["Philippe M. Chiasson" <gozer cpan.org>]
1327 *) mod_cgid: fix a hash table corruption problem which could
1328 result in the wrong script being cleaned up at the end of a
1329 request. [Jeff Trawick]
1331 *) Update httpd-*.conf to be clearer in describing the connection
1332 between AddType and AddEncoding for defining the meaning of
1333 compressed file extensions. [Roy Fielding]
1335 *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
1336 PR 23416. [André Malo]
1338 *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
1339 rewritten request using "proxy:". The code was adding multiple "proxy:"
1340 fields in the rewritten URI. PR: 13946.
1341 [Eider Oliveira <eider bol.com.br>]
1343 *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
1344 expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
1346 *) Ensure that ssl-std.conf is generated at configure time, and switch
1347 to using the expanded config variables to work the same as
1348 httpd-std.conf PR: 19611
1351 *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
1352 [Hartmut Keil <Hartmut.Keil adnovum.ch>]
1354 *) mod_autoindex: If a directory contains a file listed in the
1355 DirectoryIndex directive, the folder icon is no longer replaced
1356 by the icon of that file. PR 9587.
1357 [David Shane Holden <dpejesh yahoo.com>]
1359 *) Fixed mod_usertrack to not get false positive matches on the
1360 user-tracking cookie's name. PR 16661.
1361 [Manni Wood <manniwood planet-save.com>]
1363 *) mod_cache: Fix the cache code so that responses can be cached
1364 if they have an Expires header but no Etag or Last-Modified
1366 [<bjorn exoweb.net>]
1368 *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
1369 were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
1371 *) Modify ap_get_client_block() to note if it has seen EOS.
1374 *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
1375 content if the Accept-Encoding header contained only other tokens than
1376 "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
1378 *) Avoid an infinite recursion, which occured if the name of an included
1379 config file or directory contained a wildcard character. PR 22194.
1382 *) mod_ssl: Fix a problem setting variables that represent the
1383 client certificate chain. PR 21371 [Jeff Trawick]
1385 *) Unix: Handle permissions settings for flock-based mutexes in
1386 unixd_set_global|proc_mutex_perms(). Allow the functions to be
1387 called for any type of mutex. PR 20312 [Jeff Trawick]
1389 *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
1391 *) Fix a misleading message from the some of the threaded MPMs when
1392 MaxClients has to be lowered due to the setting of ServerLimit.
1395 *) Lower the severity of the "listener thread didn't exit" message
1396 to debug, as it is of interest only to developers. PR 9011
1399 *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
1400 [Cliff Woolley, Jean-Jacques Clar]
1402 *) Install config.nice into the build/ directory to make
1403 minor version upgrades easier. [Joshua Slive]
1405 *) Fix mod_deflate so that it does not call deflate() without checking
1406 first whether it has something to deflate. (Currently this causes
1407 deflate to generate a fatal error according to the zlib spec.)
1408 PR 22259. [Stas Bekman]
1410 *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
1411 identity spoof is encountered.
1414 *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
1415 containing the .htaccess file is requested without a trailing slash.
1416 PR 20195. [André Malo]
1418 *) ab: Overlong credentials given via command line no longer clobber
1419 the buffer. [André Malo]
1421 *) mod_deflate: Don't attempt to hold all of the response until we're
1422 done. [Justin Erenkrantz]
1424 *) Assure that we block properly when reading input bodies with SSL.
1425 PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
1427 *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
1429 *) mod_ext_filter: Set additional environment variables for use by
1430 the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
1432 *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
1434 *) Remember an authenticated user during internal redirects if the
1435 redirection target is not access protected and pass it
1436 to scripts using the REDIRECT_REMOTE_USER environment variable.
1437 PR 10678, 11602. [André Malo]
1439 *) mod_include: Fix a trio of bugs that would cause various unusual
1440 sequences of parsed bytes to omit portions of the output stream.
1441 PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
1443 *) Update the header token parsing code to allow LWS between the
1444 token word and the ':' seperator. [PR 16520]
1445 [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
1447 *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
1448 [Joe Schaefer <joe+gmane sunstarsys.com>]
1450 *) Added FreeBSD directory layout. PR 21100.
1451 [Sander Holthaus <info orangexl.com>, André Malo]
1453 *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
1454 response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
1456 *) mod_rewrite: Perform child initialization on the rewrite log lock.
1457 This fixes a log corruption issue when flock-based serialization
1458 is used (e.g., FreeBSD). [Jeff Trawick]
1460 *) Don't respect the Server header field as set by modules and CGIs.
1461 As with 1.3, for proxy requests any such field is from the origin
1462 server; otherwise it will have our server info as controlled by
1463 the ServerTokens directive. [Jeff Trawick]
1465 Changes with Apache 2.0.47
1467 *) SECURITY: CVE-2003-0192 (cve.mitre.org)
1468 Fixed a bug whereby certain sequences of per-directory
1469 renegotiations and the SSLCipherSuite directive being used to
1470 upgrade from a weak ciphersuite to a strong one could result in
1471 the weak ciphersuite being used in place of the strong one.
1474 *) SECURITY: CVE-2003-0253 (cve.mitre.org)
1475 Fixed a bug in prefork MPM causing temporary denial of service
1476 when accept() on a rarely accessed port returns certain errors.
1477 Reported by Saheed Akhtar <S.Akhtar talis.com>. [Jeff Trawick]
1479 *) SECURITY: CVE-2003-0254 (cve.mitre.org)
1480 Fixed a bug in ftp proxy causing denial of service when target
1481 host is IPv6 but proxy server can't create IPv6 socket. Fixed by
1482 the reporter. [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
1484 *) SECURITY [VU#379828] Prevent the server from crashing when entering
1485 infinite loops. The new LimitInternalRecursion directive configures
1486 limits of subsequent internal redirects and nested subrequests, after
1487 which the request will be aborted. PR 19753 (and probably others).
1488 [William Rowe, Jeff Trawick, André Malo]
1490 *) core_output_filter: don't split the brigade after a FLUSH bucket if
1491 it's the last bucket. This prevents creating unneccessary empty
1492 brigades which may not be destroyed until the end of a keepalive
1494 [Juan Rivera <Juan.Rivera citrix.com>]
1496 *) Add support for "streamy" PROPFIND responses.
1497 [Ben Collins-Sussman <sussman collab.net>]
1499 *) mod_cgid: Eliminate a double-close of a socket. This resolves
1500 various operational problems in a threaded MPM, since on the
1501 second attempt to close the socket, the same descriptor was
1502 often already in use by another thread for another purpose.
1505 *) mod_negotiation: Introduce "prefer-language" environment variable,
1506 which allows to influence the negotiation process on request basis
1507 to prefer a certain language. [André Malo]
1509 *) Make mod_expires' ExpiresByType work properly, including for
1510 dynamically-generated documents. [Ken Coar, Bill Stoddard]
1512 Changes with Apache 2.0.46
1514 *) SECURITY: CVE-2003-0245 (cve.mitre.org)
1515 Fixed a bug causing apr_pvsprintf() to crash by sending an overly
1516 long string. This can be triggered remotely through mod_dav,
1517 mod_ssl, and other mechanisms.
1518 Reported by David Endler <DEndler iDefense.com>. [Joe Orton]
1520 *) SECURITY: CVE-2003-0189 (cve.mitre.org)
1521 Fixed a denial-of-service vulnerability affecting basic
1522 authentication on Unix platforms related to thread-safety in
1523 apr_password_validate().
1524 Reported by John Hughes <john.hughes entegrity.com>.
1526 *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
1527 when a MKACTIVITY request comes in.
1528 [Ben Collins-Sussman <sussman collab.net>]
1530 *) Perform run-time query in apxs for apr and apr-util's includes.
1533 *) run libtool from the apr install directory (in case that is different
1534 from the apache install directory) [Jeff Trawick]
1536 *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
1538 *) If mod_mime_magic does not know the content-type, do not attempt to
1539 guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
1541 *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
1543 [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
1545 *) Add a delete flag to htpasswd.
1548 *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
1549 now work scheme dependent and the query string will only be
1550 appended if supported by the particular scheme. [André Malo]
1552 *) Add another check for already compressed content in mod_deflate.
1553 PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
1555 *) Fixes for VPATH builds; copying special.mk and any future .mk files
1556 from the source tree as well as the build tree (now creates a usable
1557 configuration for apxs), and eliminated redundant -I'nclude paths.
1560 *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
1561 for SSLC and OpenSSL toolkit compatibility. Still work remains to
1562 be done to cripple features based on the limitations of RSA's binary
1563 distribution of their SSL-C toolkit.
1564 [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
1566 *) Linux 2.4+: If Apache is started as root and you code
1567 CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
1570 *) ap_get_mime_headers_core: allocate space for the trailing null
1571 when folding is in effect.
1572 PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
1574 *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
1576 *) mod_log_config: Add the ability to log the id of the thread
1577 processing the request via new %P formats. [Jeff Trawick]
1579 *) Use appropriate language codes for Czech (cs) and Traditional Chinese
1580 (zh-tw) in default config files. PR 9427. [André Malo]
1582 *) mod_auth_ldap: Use generic whitespace character class when parsing
1583 "require" directives, instead of literal spaces only. PR 17135.
1586 *) Hook mod_rewrite's type checker before mod_mime's one. That way the
1587 RewriteRule [T=...] Flag should work as expected now. PR 19626.
1590 *) htpasswd: Check the processed file on validity. If a line is not empty
1591 and not a comment, it must contain at least one colon. Otherwise exit
1592 with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
1594 *) Fix a problem that caused httpd to be linked with incorrect flags
1595 on some platforms when mod_so was enabled by default, breaking
1596 DSOs on AIX. PR 19012 [Jeff Trawick]
1598 *) By default, use the same CC and CPP with which APR was built.
1599 The user can override with CC and CPP environment variables.
1602 *) Fix ap_construct_url() so that it surrounds IPv6 literal address
1603 strings with []. This fixes certain types of redirection.
1604 PR 19207. [Jeff Trawick]
1606 *) forward port of buffer overflow fixes for htdigest. [Thom May]
1608 *) Added AllowEncodedSlashes directive to permit control of whether
1609 the server will accept encoded slashes ('%2f') in the URI path.
1610 Default condition is off (the historical behaviour). This permits
1611 environments in which the path-info needs to contain encoded
1612 slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
1614 *) When using Redirect in directory context, append requested query
1615 string if there's no one supplied by configuration. PR 10961.
1618 *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
1619 the pattern will not always match as desired. PR 12596.
1622 *) mod_autoindex now emits and accepts modern query string parameter
1623 delimiters (;). Thus column headers no longer contain unescaped
1624 ampersands. PR 10880 [André Malo]
1626 *) Enable ap_sock_disable_nagle for Windows. This along with the
1627 addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
1628 to be disabled for Windows. [Allan Edwards]
1630 *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
1631 This patch reverts us to pre-2.0.46 behavior, using the
1632 ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
1633 was never compiled on Win32. [Allan Edwards, William Rowe]
1635 *) Fix a build problem with passing unsupported --enable-layout
1636 args to apr and apr-util. This broke binbuild.sh as well as
1637 user-specified layout parameters. PR 18649 [Justin Erenkrantz,
1640 *) If a Date response header was already set in the headers array,
1641 this value was ignored in favour of the current time. This meant
1642 that Date headers on proxied requests where rewritten when they
1643 should not have been. PR: 14376 [Graham Leggett]
1645 *) Add code to buildconf that produces an httpd.spec file from
1646 httpd.spec.in, using build/get-version.sh from APR.
1649 *) Fixed a segfault when multiple ProxyBlock directives were used.
1650 PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
1652 *) SECURITY: CVE-2003-0134 (cve.mitre.org)
1653 OS2: Fix a Denial of Service vulnerability identified and
1654 reported by Robert Howard <rihoward rawbw.com> that where device
1655 names faulted the running OS2 worker process. The fix is
1656 actually in APR 0.9.4. [Brian Havard]
1658 *) SECURITY: CVE-2003-0083 (cve.mitre.org)
1659 Forward port: Escape special characters (especially control
1660 characters) in mod_log_config to make a clear distinction between
1661 client-supplied strings (with special characters) and server-side
1662 strings. This was already introduced in version 1.3.25.
1665 *) mod_deflate: Check also err_headers_out for an already set
1666 Content-Encoding: gzip header. This prevents gzip compressed content
1667 from a CGI script from being compressed once more. PR 17797.
1670 Changes with Apache 2.0.45
1672 *) Fix possible segfaults under obscure error conditions within the
1673 cgid daemon. [Jeff Trawick, William Rowe]
1675 *) SECURITY: CVE-2003-0132 (cve.mitre.org)
1676 Close a Denial of Service vulnerability identified by David
1677 Endler <DEndler iDefense.com> on all platforms. An unlimited
1678 stream of newlines were acceptable between requests where each
1679 <lf> would allocate an 80 byte buffer, leading very quickly to
1680 memory exahustion. [Brian Pane]
1682 *) Added an rpm build script.
1683 [Graham Leggett, Joe Orton <jorton redhat.com>]
1685 *) Simpler, faster code path for request header scanning [Brian Pane]
1687 *) SECURITY: Eliminated leaks of several file descriptors to child
1688 processes, such as CGI scripts. This fix depends on the APR library
1689 release 0.9.2 or later (0.9.3 was distributed with the httpd
1690 source tarball for Apache 2.0.45.) PR 17206
1691 [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
1693 *) Fix path handling of mod_rewrite, especially on non-unix systems.
1694 There was some confusion between local paths and URL paths.
1695 PR 12902. [André Malo]
1697 *) Prevent endless loops of internal redirects in mod_rewrite by
1698 aborting after exceeding a limit of internal redirects. The
1699 limit defaults to 10 and can be changed using the RewriteOptions
1700 directive. PR 17462. [André Malo]
1702 *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
1703 all worker threads are busy.
1704 [Igor Nazarenko <igor_nazarenko hotmail.com>]
1706 *) Keep the subrequest filter in place when a subrequest is
1707 redirected. PR 15423. [Jeff Trawick]
1709 *) you can now specify the compression level for mod_deflate.
1710 [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
1711 Michael Schroepl <Michael.Schroepl telekurs.de>]
1713 *) mod_deflate: Extend the DeflateFilterNote directive to
1714 allow accurate logging of the filter's in- and outstream.
1717 *) Allow SSLMutex to select/use the full range of APR locking
1718 mechanisms available to it. Also, fix the bug that SSLMutex uses
1719 APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
1720 Martin Kutschker <martin.t.kutschker blackbox.net>]
1722 *) Restore the ability of htdigest.exe to create files that contain
1723 more than one user. PR 12910. [André Malo]
1725 *) Improve binary compatibility of the core between debug (aka
1726 maintainer-mode) and a non-debug compile.
1729 *) mod_usertrack: don't set the cookie in subrequests. This works
1730 around the problem that cookies were set twice during fast internal
1731 redirects. PR 13211. [André Malo]
1733 *) mod_autoindex no longer forgets output format and enabled version
1734 sort in linked column headers. [André Malo]
1736 *) Use .sv instead of .se as extension for Swedish documents in the
1737 default configuration. PR 12877. [André Malo]
1739 *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
1740 and standardized the LDAP SSL support across the various LDAP SDKs.
1741 Isolated the SSL functionality to mod_ldap rather than speading it
1742 across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
1743 and LDAPTrustedCAType directives to mod_ldap to allow for a more
1744 common method of specifying the SSL certificate.
1745 [Dave Ward, Brad Nicholes]
1747 *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
1748 skip the first cert of the chain by default. This misbehavior
1749 was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
1751 *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
1752 be started on Unix because of such problems as bad permissions,
1753 bad shebang line, etc. [Jeff Trawick]
1755 *) Fix 64-bit problem in mod_ssl input logic.
1756 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
1758 *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
1761 *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
1764 *) Fix segfault which occurred when a section in an included
1765 configuration file was not closed. PR 17093. [André Malo]
1767 *) Enhance the behavior of mod_isapi's WriteClient() callback to
1768 provide better emulation for isapi modules that presume that the
1769 first WriteClient() call may send status and headers. An example
1770 of WriteClient() abuse is the foxisapi module, which relies on
1771 that assumpion and now works. [William Rowe, Milan Kosina]
1773 *) Check the return value of ap_run_pre_connection(). So if the
1774 pre_connection phase fails (without setting c->aborted)
1775 ap_run_process_connection is not executed. [Stas Bekman]
1777 *) Fixed a problem with mod_ldap which caused it to fault when caching
1778 was disabled. Needed to make sure that the code did not
1779 attempt to use the cache if it didn't exist. Also fixed some memory
1780 leaks which were due to not releasing LDAP resources on error
1781 conditions. [Brad Nicholes]
1783 *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
1784 mod_rewrite proxied URLs will not be escaped accidentally by
1785 mod_proxy's fixup. PR 16368 [André Malo]
1787 *) While processing filters on internal redirects, remember seen EOS
1788 buckets also in the request structure of the redirect issuer(s). This
1789 prevents filters (such as mod_deflate) from adding garbage to the
1790 response. PR 14451. [André Malo]
1792 *) suexec: Be more pedantic when cleaning environment. Clean it
1793 immediately after startup. PR 2790, 10449.
1794 [Jeff Stewart <jws purdue.edu>, André Malo]
1796 *) Fix apxs to insert LoadModule directives only outside of sections.
1797 PR 8712, 9012. [André Malo]
1799 *) Fix suexec compile error under SUNOS4, where strerror() doesn't
1800 exist. PR 5913, 9977.
1801 [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
1803 *) Fix If header parsing when a non-mod_dav lock token is passed to it.
1804 PR 16452. [Justin Erenkrantz]
1806 *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
1807 not specified. Now it assumes "/" as already documented. PR 16937.
1810 *) Try to log an error if a piped log program fails. Try to
1811 restart a piped log program in more failure situations. Fix an
1812 existing problem with error handling in piped_log_spawn(). Use
1813 new APR apr_proc_create() features to prevent Apache from starting
1814 on Unix* in most cases where a piped log program can be started,
1815 and add log messages for the other situations. *Other platforms
1816 already failed Apache initialization if a piped log program
1817 couldn't be started. PR 15761 [Jeff Trawick]
1819 *) Fix mod_cern_meta to not create empty metafiles when the
1820 metafile searched for does not exist. PR 12353
1821 [Owen Rees <owen_rees hp.com>]
1823 *) Introduce debugging symbols for Win32 release builds, both .pdb
1824 and .dbg files (older debuggers and Dr. Watson-type utilities
1825 on WinNT or Win9x don't support the newer .pdb flavor.)
1826 [Allen Edwards, William Rowe]
1828 *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
1829 information (and more). Related to PR 9076. [André Malo]
1831 *) mod_file_cache: fix segfault serving mmaped cached files.
1834 *) mod_file_cache: fixed a segfault when multiple MMapFile directives
1835 were used. PR 16313. [Cliff Woolley]
1837 *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
1838 an incompatible pointer type to mmap_bucket_destroy(void*).
1839 [Gerard Eviston <geviston bigpond.net.au>]
1841 *) Enable the -n name parameter on NetWare to allow the
1842 administrator to rename the Apache console screen
1845 *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
1846 support by default in APR. More development is required
1847 to deploy OTHER_CHILD on Win32. [William Rowe]
1849 *) Use saner default config values for suexec. PR 15713.
1850 [Thom May <thom planetarytramp.net>]
1852 *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
1853 (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo]
1855 *) apxs: Include any special APR ld flags when linking the DSO.
1856 This resolves problems on AIX when building a DSO with apxs+gcc.
1859 *) Added character set support to mod_auth_LDAP to allow it to
1860 convert extended characters used in the user ID to UTF-8
1861 before authenticating against the LDAP directory. The new
1862 directive AuthLDAPCharsetConfig is used to specify the config
1863 file that contains the character set conversion table.
1866 *) Don't remove the Content-Length from responses in mod_proxy
1867 PR: 8677 [Brian Pane]
1869 *) Ensure LDAP version is set to v3 on every bind. PR 14235.
1870 [Sergey A. Lipnevich <sergeyli pisem.net>]
1872 *) Fix mod_ldap to open an existing shared memory file should one
1873 already exist. PR 12757. [Scooter Morris <scooter gene.com>,
1876 *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
1877 [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
1879 *) Change the ulimit command used by apachectl on AIX so that it
1880 works in all locales. [Jeff Trawick]
1882 *) mod_ext_filter: Fix a problem building argument lists which
1883 occasionally caused exec to fail. PR 15491. [Jeff Trawick]
1885 Changes with Apache 2.0.44
1887 *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
1888 from Apache 1.3. PR 14276
1889 [David Shane Holden <dpejesh yahoo.com>, William Rowe]
1891 *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
1894 *) Reorder the definitions for mod_ldap and mod_auth_ldap within
1895 config.m4 to make sure the parent mod_ldap is defined first.
1896 This ensures that mod_ldap comes before mod_auth_ldap in the
1897 httpd.conf file, which is necessary for mod_auth_ldap to load.
1898 PR 14256 [Graham Leggett]
1900 *) Fix the building of cgi command lines when the query string
1901 contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>,
1904 *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
1905 implementation of MCacheMaxStreamingBuffer from mod_cache to
1906 mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
1907 lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
1908 eliminate the need for explicitly coding MCacheMaxStreamingBuffer
1909 in most configurations. [Bill Stoddard]
1911 *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
1912 a redirect occurs. The code was passing a format string and
1913 integer to apr_pstrcat. Changed to apr_psprintf.
1916 *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
1917 as set by apr-util in util_ldap.c. This should allow mod_ldap
1918 to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
1919 <somme oslo.westerngeco.slb.com>, Graham Leggett]
1921 *) Fix critical bug in new --enable-v4-mapped configure option
1922 implementation which broke IPv4 listening sockets on some
1923 systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
1925 *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
1926 patterns [André Malo <nd perlig.de>]
1928 *) Add version string to provider API. [Justin Erenkrantz]
1930 *) build: './configure && make' now works without an in-tree
1931 apr and apr-util. [Wilfredo Sanchez]
1933 *) mod_negotiation: Set the appropriate mime response headers
1934 (Content-Type, charset, Content-Language and Content-Encoding)
1935 for negotated type-map "Body:" responses (such as the error
1936 pages.) [André Malo <nd perlig.de>]
1938 *) mod_log_config: Allow '%%' escaping in CustomLog format
1939 strings to insert a literal, single '%'.
1940 [André Malo <nd perlig.de>]
1942 *) mod_autoindex: AddDescription directives for directories
1943 now work as in Apache 1.3, where no trailing '/' is
1944 specified on the directory name. Previously, the trailing
1945 '/' *had* to be specified, which was incompatible with
1946 Apache 1.3. PR 7990 [Jeff Trawick]
1948 *) Fix for PR 14556. The expiry calculations in mod_cache were
1949 trying to perform "now + ((date - lastmod) * factor)" where
1950 date == lastmod resulting in "now + 0". The code now follows
1951 the else path (using the default expiration) if date is
1952 equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
1954 *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
1955 default calling convention is not the same as the one used by
1956 AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>]
1958 *) mod_cache: Don't cache response header fields designated
1959 as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
1960 [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
1962 *) mod_cgid: Handle environment variables containing newlines.
1963 PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
1966 *) Move mod_ext_filter out of experimental and into filters.
1969 *) Fixed a memory leak in mod_deflate with dynamic content.
1970 PR 14321 [Ken Franken <kfranken decisionmark.com>]
1972 *) Add --[enable|disable]-v4-mapped configure option to control
1973 whether or not Apache expects to handle IPv4 connections
1974 on IPv6 listening sockets. Either setting will work on
1975 systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
1976 must be used on systems that always allow IPv4 connections on
1977 IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
1980 *) This fixes a problem where the underlying cache code
1981 indicated that there was one more element on the cache
1982 than there actually was. This happened since element 0
1983 exists but is not used. This code allocates the correct
1984 number of useable elements and reports the number of
1985 actually used elements. The previous code only allowed
1986 MCacheMaxObjectCount-1 objects to be stored in the
1987 cache. [Paul J. Reder]
1989 *) mod_setenvif: Add SERVER_ADDR special keyword to allow
1990 envariable setting according to the server IP address
1991 which received the request. [Ken Coar]
1993 *) mod_cgid: Terminate CGI scripts when the client connection
1994 drops. PR 8388 [Jeff Trawick]
1996 *) Rearrange OpenSSL engine initialization to support RAND
1997 redirection on crypto accelerator.
1998 [Frederic DONNAT <frederic.donnat zencod.com>]
2000 *) Always emit Vary header if mod_deflate is involved in the
2001 request. [André Malo <nd perlig.de>]
2003 *) mod_isapi: Stop unsetting the 'empty' query string result with
2004 a NULL argument in ecb->lpszQueryString, eliminating segfaults
2005 for some ISAPI modules. PR 14399
2006 [Detlev Vendt <detlev.vendt brillit.de>]
2008 *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
2009 notification is received before the HttpExtensionProc() returns
2010 HSE_STATUS_PENDING. This only affected isapi .dll's configured
2011 with the ISAPIFakeAsync on directive. PR 11918
2012 [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
2014 *) mod_isapi: Fix the issue where all results from mod_isapi would
2015 run through the core die handler resulting in invalid responses
2016 or access log entries. PR 10216 [William Rowe]
2018 *) Improves the user friendliness of the CacheRoot processing
2019 over my last pass. This version avoids the pool allocations
2020 but doesn't avoid all of the runtime checks. It no longer
2021 terminates during post-config processing. An error is logged
2022 once per worker, indicating that the CacheRoot needs to be set.
2025 *) Fix a bug where we keep files open until the end of a
2026 keepalive connection, which can result in:
2027 (24)Too many open files: file permissions deny server access
2028 especially on threaded servers. [Greg Ames, Jeff Trawick]
2030 *) Fix a bug in which mod_proxy sent an invalid Content-Length
2031 when a proxied URL was invoked as a server-side include within
2032 a page generated in response to a form POST. [Brian Pane]
2034 *) Added code to process min and max file size directives and to
2035 init the expirychk flag in mod_disk_cache. Added a clarifying
2036 comment to cache_util. [Paul J. Reder]
2038 *) The value emitted by ServerSignature now mimics the Server HTTP
2039 header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
2041 *) Gracefully handly retry situations in the SSL input filter,
2042 by following the SSL libraries' retry semantics.
2045 *) Terminate CGI scripts when the client connection drops. This
2046 fix only applies to some normal paths in mod_cgi. mod_cgid
2047 is still busted. PR 8388 [Jeff Trawick]
2049 *) Fix a bug where 416 "Range not satisfiable" was being
2050 returned for content that should have been redirected.
2053 *) Fix memory leak in mod_ssl from internal SSL library allocations
2054 within SSL_get_peer_certificate and X509_get_pubkey.
2055 [Zvi Har'El <rl math.technion.ac.il>
2056 Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
2058 *) mod_ssl uses free() inappropriately in several places, to free
2059 memory which has been previously allocated inside OpenSSL.
2060 Such memory should be freed with OPENSSL_free(), not with free().
2061 [Nadav Har'El <nyh math.technion.ac.il>,
2062 Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
2064 *) Emit a message to the error log when we return 404 because
2065 the URI contained '%2f'. (This was previously nastily silent
2066 and difficult to debug.) [Ken Coar]
2068 *) Fix streaming output from an nph- CGI script. CGI:IRC now
2069 works. PR 8482 [Jeff Trawick]
2071 *) More accurate logging of bytes sent in mod_logio when
2072 the client terminates the connection before the response
2073 is completely sent [Bojan Smojver <bojan rexursive.com>]
2075 *) Fix some problems in the perchild MPM.
2076 [Jonas Eriksson <jonas webkonsulterna.com>]
2078 *) Change the CacheRoot processing to check for a required
2079 value at config time. This saves a lot of wasted processing
2080 if the mod_disk_cache module is loaded but no CacheRoot
2081 was provided. This fix also adds code to log an error
2082 and avoid useless pallocs and procesing when the computed
2083 cache file name cannot be opened. This also updates the
2084 docs accordingly. [Paul J. Reder]
2086 *) Introduce the EnableSendfile directive, allowing users of NFS
2087 shares to disable sendfile mechanics when they either fail
2088 outright or provide intermitantly corrupted data. PR
2091 *) Resolve the error "An operation was attempted on something
2092 that is not a socket. : winnt_accept: AcceptEx failed.
2093 Attempting to recover." for users of various firewall and
2094 anti-virus software on Windows. PR 8325 [William Rowe]
2096 *) Add the ProxyBadHeader directive, which gives the admin some
2097 control on how mod_proxy should handle bogus HTTP headers from
2098 proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
2099 desired. [Jim Jagielski]
2101 *) Change the LDAP modules to export their symbols correctly
2102 during a Windows build. Add dsp files for Windows. Update
2103 README.ldap file for Windows build instructions.
2104 [Andre Schild <A.Schild aarboard.ch>]
2106 *) Performance improvements for the code that generates HTTP
2107 response headers [Brian Pane]
2109 *) Add -S as a synonym for -t -DDUMP_VHOSTS.
2110 [Thom May <thom planetarytramp.net>]
2112 *) Fix a bug with dbm rewrite maps which caused the wrong value to
2113 be used when the key was not found in the dbm. PR 13204
2116 *) Fix a problem with streaming script output and mod_cgid.
2119 *) Add ap_register_provider/ap_lookup_provider API.
2120 [John K. Sterling <john sterls.com>, Justin Erenkrantz]
2122 Changes with Apache 2.0.43
2124 *) SECURITY: CVE-2002-0840 (cve.mitre.org)
2125 HTML-escape the address produced by ap_server_signature() against
2126 this cross-site scripting vulnerability exposed by the directive
2127 'UseCanonicalName Off'. Also HTML-escape the SERVER_NAME
2128 environment variable for CGI and SSI requests. It's safe to
2129 escape as only the '<', '>', and '&' characters are affected,
2130 which won't appear in a valid hostname. Reported by Matthew
2131 Murphy <mattmurphy kc.rr.com>. [Brian Pane]
2133 *) Fix a core dump in mod_cache when it attemtped to store uncopyable
2134 buckets. This happened, for instance, when a file to be cached
2135 contained SSI tags to execute a CGI script (passed as a pipe
2136 bucket). [Paul J. Reder]
2138 *) Ensure that output already available is flushed to the network
2139 when the content-length filter realizes that no new output will
2140 be available for a while. This helps some streaming CGIs as
2141 well as some other dynamically-generated content. [Jeff Trawick]
2143 *) Fix a mutex problem in mod_ssl session cache support which
2144 could lead to an infinite loop. PR 12705
2145 [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
2147 *) SECURITY: CVE-2002-1156 (cve.mitre.org)
2148 Fix the exposure of CGI source when a POST request is sent to
2149 a location where both DAV and CGI are enabled. [Ryan Bloom]
2151 *) Allow the UserDir directive to accept a list of directories.
2152 This matches what Apache 1.3 does. Also add documentation for
2153 this feature. [Jay Ball <jay veggiespam.com>]
2155 *) New Module: mod_logio. adds the ability to log bytes sent and
2156 received. [Bojan Smojver <bojan rexursive.com>]
2158 *) SuExec needs to use the same default directory as the rest of
2159 server, namely /usr/local/apache2.
2160 [SangBeom han <sbhan os.korea.ac.kr>]
2162 *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
2163 [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
2165 *) Make sure the contents of the WWW-Authenticate header is
2166 passed on a 4xx error by proxy. Previously all headers
2167 were dropped, resulting in the browser being unable to
2168 authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
2169 Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
2170 <gwiseman fscinternet.com>, David Henderson
2171 <dhenderson fscinternet.com>]
2173 *) Make mod_cache's CacheMaxStreamingBuffer directive work
2174 properly for virtual hosts that override server-wide mod_cache
2175 setttings. [Matthieu Estrade <estrade-m ifrance.com>]
2177 *) Add -p option to apxs to allow programs to be compiled with apxs.
2180 Changes with Apache 2.0.42
2182 *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
2183 mod_dav: Check for versioning hooks before using them.
2186 Changes with Apache 2.0.41
2188 *) The protocol version (eg: HTTP/1.1) in the request line parsing
2189 is now case insensitive. [Jim Jagielski]
2191 *) Allow AddOutputFilterByType to add multiple filters per directive.
2194 *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
2196 *) Fixed mod_disk_cache's generation of 304s
2197 [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
2199 *) Add support for using fnmatch patterns in the final path
2200 segment of an Include statement (eg.. include /foo/bar/*.conf).
2201 and remove the noise on stderr during config dir processing.
2202 [Joe Orton <jorton redhat.com>]
2204 *) mod_cache: cache_storage.c. Add the hostname and any request
2205 args to the key generated for caching. This provides a unique
2206 key for each virtual host and for each request with unique
2207 args. [Paul J. Reder, args code provided by Kris Verbeeck]
2209 *) mod_cache: Do not cache responses to GET requests with query
2210 URLs if the origin server does not explicitly provide an
2211 Expires header on the response (RFC 2616 Section 13.9)
2212 [Kris Verbeeck <krisv be.ubizen.com>]
2214 *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
2216 *) Update OpenSSL detection to work on Darwin.
2217 [Sander Temme <sctemme covalent.net>]
2219 *) Update the xslt and css to give the documentation a more
2221 [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
2223 *) Fix some bucket memory leaks in the chunking code
2224 [Joe Schaefer <joe+apache sunstarsys.com>]
2226 *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
2228 *) mod_cache: added support for caching streamed responses (proxy,
2229 CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
2231 *) Add image/x-icon to httpd.conf PR 10993.
2232 [Ian Holsman, Peter Bieringer <pb bieringer.de>]
2234 *) Fix FileETags none operation. PR 12207.
2235 [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
2237 *) Restored the experimental leader/followers MPM to working
2238 condition and converted its thread synchronization from
2239 mutexes to atomic CAS. [Brian Pane]
2241 *) Fix Logic on non-html file removal in mod_deflate
2242 [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
2244 *) Fix "ab -g"'s truncated year: the last digit was cut off.
2245 [Leon Brocard <acme astray.com>]
2247 *) mod_rewrite can now sets cookies in err_headers, uses the correct
2248 expiry date, and can now set the path as well
2249 PR 12132,12181,12172.
2250 [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
2252 *) The content-length filter no longer tries to buffer up
2253 the entire output of a long-running request before sending
2254 anything to the client. [Brian Pane]
2256 *) Win32: Lower the default stack size from 1MB to 256K. This will
2257 allow around 8000 threads to be started per child process.
2258 'EDITBIN /STACK:size apache.exe' can be used to change this
2259 value directly in the apache.exe executable.
2262 *) Win32: Implement ThreadLimit directive in the Windows MPM.
2265 *) Remove CacheOn config directive since it is set but never checked.
2266 No sense wasting cycles on unused code. Besides, the only truly
2267 bug free code is deleted code. :) [Paul J. Reder]
2269 *) BufferLogs are now run-time enabled, and the log_config now has 2 new
2270 callbacks to allow a 3rd party module to actually do the writing of the
2271 log file [Ian Holsman]
2273 *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
2274 [André Malo, Astrid Keßler <kess kess-net.de>]
2276 *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
2278 *) Fix a null pointer dereference in the merge_env_dir_configs
2279 function of the mod_env module. PR 11791
2282 *) New option to ServerTokens 'maj[or]'. Only show the major version
2283 Also Surfaced this directive in the standard config (default FULL)
2286 *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
2287 maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
2288 RewriteMap directive. PR 10644 [Jeff Trawick]
2290 *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
2291 pairs will no longer get out of sync with each other. PR 9534
2294 *) Fixes required to get quoted and escaped command args working in
2295 mod_ext_filter. PR 11793 [Paul J. Reder]
2297 *) mod-proxy: handle proxied responses with no status lines
2298 [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
2300 *) Fix bug where environment or command line arguments containing
2301 non-ASCII-7 characters would cause the Win32 child process creation
2302 to fail. PR 11854 [William Rowe]
2304 *) Bug #11213.. make module loading error messages more informative
2305 [Ian Darwin <Ian779 darwinsys.com>]
2307 *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
2309 *) mod_disk_cache works much better. This module should still
2310 be considered experimental. [Eric Prud'hommeaux]
2312 *) Performance improvement for keepalive requests: when setting
2313 aside a small file for potential concatenation with the next
2314 response on the connection, set aside the file descriptor rather
2315 than copying the file into the heap. [Brian Pane]
2317 *) Modified version check on openssl so that it finds the executable
2318 first and then performs a check of the version, only warning the
2319 user if they chose, or we selected, an old version of OpenSSL.
2320 This change also allows the code to work for non-openssl libraries
2321 selected via the --with-ssl=dir option, which can override the
2322 automated library check in any case. [Roy Fielding]
2324 Changes with Apache 2.0.40
2326 *) SECURITY: CVE-2002-0661 (cve.mitre.org)
2327 Close a very significant security hole that
2328 applies only to the Win32, OS2 and Netware platforms. Unix was not
2329 affected, Cygwin may be affected. Certain URIs will bypass security
2330 and allow users to invoke or access any file depending on the system
2331 configuration. Without upgrading, a single .conf change will close
2332 the vulnerability. Add the following directive in the global server
2333 httpd.conf context before any other Alias or Redirect directives;
2334 RedirectMatch 400 "\\\.\."
2335 Reported by Auriemma Luigi <bugtest sitoverde.com>.
2338 *) SECURITY: CVE-2002-0654 (cve.mitre.org)
2339 Close a path-revealing exposure in multiview type
2340 map negotiation (such as the default error documents) where the
2341 module would report the full path of the typemapped .var file when
2342 multiple documents or no documents could be served based on the mime
2343 negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
2346 *) SECURITY: CVE-2002-0654 (cve.mitre.org)
2347 Close a path-revealing exposure in cgi/cgid when we
2348 fail to invoke a script. The modules would report "couldn't create
2349 child process /path-to-script/script.pl" revealing the full path
2350 of the script. Reported by Jim Race <jrace qualys.com>.
2353 *) Set aside the apr-iconv and apr_xlate() features for the Win32
2354 build of 2.0.40 so development can be completed. A patch, from
2355 <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
2356 will be available for those that wish to work with apr-iconv.
2359 *) Fix proxy so that it is possible to access ftp: URLs via a proxy
2360 chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
2362 *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
2363 set to 1, so we can exclude things from the general case with
2364 browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
2366 *) Accept multiple leading /'s for requests within the DocumentRoot.
2367 PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
2369 *) Solved the reports of .pdf byterange failures on Win32 alone.
2370 APR's sendfile for the win32 platform collapses header and trailer
2371 buffers into a single buffer. However, we destroyed the pointers
2372 to the header buffer if a trailer buffer was present. PR 10781
2375 *) mod_ext_filter: Add the ability to enable or disable a filter via
2376 an environment variable. Add the ability to register a filter of
2377 type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
2379 *) Restore the ability to specify host names on Listen directives.
2380 PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
2382 *) When deciding on the default address family for listening sockets,
2383 make sure we can actually bind to an AF_INET6 socket before
2384 deciding that we should default to AF_INET6. This fixes a startup
2385 problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
2387 *) Replace usage of atol() to parse strings when we might want a
2388 larger-than-long value with apr_atoll(), which returns long long.
2389 This allows HTTPD to deal with larger files correctly.
2390 [Shantonu Sen <ssen apple.com>]
2392 *) mod_ext_filter: Ignore any content-type parameters when checking if
2393 the response should be filtered. Previously, "intype=text/html"
2394 wouldn't match something like "text/html;charset=8859_1".
2397 *) mod_ext_filter: Set up environment variables for external programs.
2398 [Craig Sebenik <craig netapp.com>]
2400 *) Modified the HTTP_IN filter to immediately append the EOS (end of
2401 stream) bucket for C-L POST bodies, saving a roundtrip and allowing
2402 the caller to determine that no content remains without prefetching
2403 additional POST body. [William Rowe]
2405 *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
2407 *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
2409 *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
2411 *) Changes to the internationalized error documents:
2412 Comment them out in the default config file to make the default
2413 install as simple as possible; Correct the english 500 error to
2414 be more understandable; Add a Swedish translation.
2415 [Thomas Sjogren <thomas northernsecurity.net>,
2416 Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
2418 *) Increase the limit on file descriptors per process in apachectl.
2421 *) Fix a dependency error when building ApacheMonitor, so that Win32
2422 and MSVC now trust that the project is current (when it is).
2423 [James Cox <imajes php.net>]
2425 *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
2426 [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
2428 *) APR-Util Renames pending have been completed [Thom May]
2430 *) Performance improvements for the code that reads request
2431 headers (ap_rgetline_core() and related functions) [Brian Pane]
2433 *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
2434 to configure the maximum amount of memory the allocators will
2435 hold on to for reuse. Anything over the MaxMemFree threshold
2436 will be free()d. This directive is useful when uncommon large
2437 peaks occur in memory usage. It should _not_ be used to mask
2438 defective modules' memory use. [Sander Striker]
2440 *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
2441 scripts would not result in a truncated response.
2442 [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
2444 *) Add a filter_init parameter to the filter registration functions
2445 so that a filter can execute arbitrary code before the handlers
2446 are invoked. This resolves a problem where mod_include requests
2447 would incorrectly return a 304. [Justin Erenkrantz]
2449 *) Fix a long-standing bug in 2.0, CGI scripts were being called
2450 with relative paths instead of absolute paths. Apache 1.3 used
2451 absolute paths for everything except for SuExec, this brings back
2452 that standard. [Ryan Bloom]
2454 *) Fix infinite loop due to two HTTP_IN filters being present for
2455 internally redirected requests. PR 10146. [Justin Erenkrantz]
2457 *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
2460 *) Fix mod_ext_filter to look in the main server for filter definitions
2461 when running in a vhost if the filter definition is not found in
2462 the vhost. PR 10147 [Jeff Trawick]
2464 *) Support WinNT CGI invocation through ScriptInterpreterSource
2465 'registry' for script interpreter paths and names with non-ascii
2466 characters in the executable filepath. [William Rowe]
2468 *) Support the -w flag on to keep the Win32 console open on error.
2471 *) Normalize the hostname value in the request_rec to all-lowercase
2472 [Perry Harrington <pedward webcom.com>]
2474 *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
2475 extended characters (non US-ASCII) in non-utf8 format. This brings
2476 Win32 back into CGI/1.1 compliance, and leaves charset decoding up
2477 to the cgi application itself. [William Rowe]
2479 *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
2480 modules to bring them up to the current apr/apr-util APIs.
2483 *) Fix segfault in mod_mem_cache most frequently observed when
2484 serving the same file to multiple clients on an MP machine.
2487 *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain])
2488 [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
2490 *) Fix perchild to work with apachectl by adding -k support to perchild.
2491 PR 10074 [Jeff Trawick]
2493 *) Fix a silly htpasswd.c logic error that incorrectly reported that
2494 both -c and -n had been used. PR 9989 [Cliff Woolley]
2496 *) Fixed a mod_include error case in which no HTTP response was sent
2497 to the client if an shtml document contained an unterminated SSI
2498 directive [Brian Pane]
2500 *) Improve ap_get_client_block implementation by using APR-util brigade
2501 helper functions and relying on current filter assumptions.
2504 Changes with Apache 2.0.39
2506 *) Fixed a build problem in htpasswd.c on Win32.
2507 [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
2509 Changes with Apache 2.0.38
2511 *) Rewrite htpasswd to use APR. The removes the annoying warning about
2512 tmpnam being unsafe. [Ryan Bloom]
2514 *) We must set the MIME-type for .shtml files to text/html if we want them
2515 to be parsed for SSI tags. Add the config for that to the default
2516 config file so that it is easier to enable .shtml parsing.
2517 [Dave Dyer <ddyer real-me.net>]
2519 *) Fixed a problem with 'make install' on ReliantUnix.
2520 [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
2522 *) Make the default_handler catch all requests that aren't served by
2523 another handler. This also gets us to return a 404 if a directory
2524 is requested, there is no DirectoryIndex, and mod_autoindex isn't
2525 loaded. [Justin Erenkrantz]
2527 *) Fixed the handling of nested if-statements in shtml files.
2528 PR 9866 [Brian Pane]
2530 *) Allow 'make install DESTDIR=/path'. This allows packagers to install
2531 into a directory different from the one that was configured. This
2532 also mirrors the root= feature from 1.3. We cannot use prefix=,
2533 because both APR and APR-util resolve their installation paths at
2534 configuration time. This means that there is no variable prefix
2535 to replace. [Andreas Hasenack <andreas netbank.com.br>]
2537 *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
2538 These levels of AIX don't have a thundering herd problem with
2539 accept(). [Jeff Trawick]
2541 *) prefork MPM: Ignore mutex errors during graceful restart. For
2542 certain types of mutexes (particularly SysV semaphores), we
2543 should expect to occasionally fail to obtain or release the
2544 mutex during restart processing. [Jeff Trawick]
2546 *) Fix install-bindist.sh so that it finds any perl instead of just
2547 early perl 5.x versions. This is consistent with a build/install
2548 from source, and it allows the perl scripts installed by a bindist
2549 to work on systems with perl 5.6. [Jeff Trawick]
2551 *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
2552 Tru64 (and probably some other platforms). [Jeff Trawick]
2554 *) Allow CGI scripts to return their Content-Length. This also fixes a
2555 hang on HEAD requests seen on certain platforms (such as FreeBSD).
2558 *) Added log rotation based on file size to the RotateLog support
2559 utility. [Brad Nicholes]
2561 *) Fix some casting in mod_rewrite which broke random maps.
2562 PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
2564 Changes with Apache 2.0.37
2566 *) allow POST method over SSL when per-directory client cert
2567 authentication is used with 'SSLOptions +OptRenegotiate' enabled
2568 and a client cert was found in the ssl session cache.
2570 *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
2571 session cache when there is no cert chain in the cache. prior to
2572 the fix this situation would result in a FORBIDDEN response and
2573 error message "Cannot find peer certificate chain"
2576 *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
2577 one was already sent. PR 9644 [Jeff Trawick]
2579 *) Fix the display of the default name for the mime types config
2580 file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
2582 *) Fix the working directory *for WinNT/2K/XP services only* to
2583 change to the Apache directory (one level above the location
2584 of Apache.exe, in the case that Apache.exe resides in bin/.)
2585 Solves the case of ServerRoot /foo paths where /foo was not
2586 on the same drive as /winnt/system32. [William Rowe]
2588 *) Make 2.0's "AcceptMutex" startup message now "completely"
2589 match how 1.3 does it. [Jim Jagielski]
2591 *) Implement a fixed size memory cache using a priority queue
2594 *) Fix apxs to allow "apxs -q installbuilddir" and to allow
2595 querying certain other variables from config_vars.mk. PR 9316
2598 *) Added the "detached" attribute to the cgi_exec_info_t internals
2599 so that Win32 and Netware won't create a new window or console
2600 for each CGI invoked. PR 8387
2601 [Brad Nicholes, William Rowe]
2603 *) Consolidated the command line parameters and attributes that are
2604 manipulated by the optional function ap_cgi_build_command() in
2605 mod_cgi into a single structure.
2608 *) Get rid of uninitialized value errors with "apxs -q" on certain
2609 variables. [Stas Bekman <stas stason.org>]
2611 *) Fix apxs to allow it to work when the build directory is somewhere
2612 besides server-root/build. PR 8453
2613 [Jeff Trawick and a host of others]
2615 *) Allow ap_discard_request_body to be called multiple times in the
2616 same request. Essentially, ap_http_filter keeps track of whether
2617 it has sent an EOS bucket up the stack, if so, it will only ever
2618 send an EOS bucket for this request.
2619 [Ryan Bloom, Justin Erenkrantz, Greg Stein]
2621 *) Remove all special mod_ssl URIs. This also fixes the bug where
2622 redirecting (.*) will allow an SSL protected page to be viewed
2623 without SSL. [Ryan Bloom]
2625 *) Fix the binary build install script so that the build logic
2626 created by "apxs -g" will work when the user has a binary
2627 build. [Jeff Trawick]
2629 *) Allow instdso.sh to work with full paths to the shared module.
2632 *) NetWare: Enabled CGI functionality and added mod_cgi as a built
2633 in module for NetWare [Brad Nicholes]
2635 *) Changed cgi and piped log behavior to accept 65536 characters
2636 on Win32 (matching Linux) before deadlocking between outputing
2637 client stdin, slurping the output from stdout and then the stderr
2638 stream. PR 8179 [William Rowe]
2640 *) Fixed Win32 wintty.exe support to assure the window title is valid.
2641 Elimiates possible gpfault or garbage title without the -t option.
2644 *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
2645 brigades and input filters. [Justin Erenkrantz]
2647 *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
2648 body. [Justin Erenkrantz]
2650 *) NetWare: Piping log entries through RotateLogs using the
2651 CustomLogs directive is finally supported now that we have
2652 the pipes and spawning functionality working.
2655 *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
2656 Detect overflow when reading the hex bytes forming a chunk line.
2659 *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464.
2660 [James Tait <JTait wyrddreams.demon.co.uk>]
2662 *) Correctly return 413 when an invalid chunk size is given on
2663 input. Also modify ap_discard_request_body to not do anything
2664 on sub-requests or when the connection will be dropped.
2667 *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469.
2670 *) Ensure that apr_brigade_write() flushes in all of the cases that
2671 it should to avoid conditions in some modules that could cause
2672 large amounts of data to be buffered. [Cliff Woolley]
2674 *) Fix problem where mod_cache/mod_disk_cache was incorrectly
2675 stripping the content_type from cached responses.
2678 *) apachectl passes through any httpd options. Note: apachectl
2679 should be used in preference to httpd since it ensures that any
2680 appropriate environment variables have been set up.
2683 *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
2684 PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
2686 *) Fix suexec execution of CGI scripts from mod_include.
2687 PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
2689 *) Fix segfaults at startup on some platforms when mod_auth_digest,
2690 mod_suexec, or mod_ssl were used as DSO's due to the way they
2691 were tracking the current init phase since DSO's get completely
2692 unloaded and reloaded between phases. PR 9413.
2693 [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
2695 *) Fix mod_include's handling of regular expressions in
2696 "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
2698 *) Fix the worker MPM deadlock problem [Brian Pane]
2700 *) Modify the module documentation to allow for translations.
2701 [Yoshiki Hayashi, Joshua Slive]
2703 *) Fix a file permissions problem which prevented mod_disk_cache
2704 from working on Unix. [Jeff Trawick]
2706 *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
2707 MPMs. These have semantics very similar to the old apachectl
2708 commands of the same name. [Justin Erenkrantz, Jeff Trawick]
2710 *) Make sure that the runtime dir is created by make install.
2711 PR 9233. [Jeff Trawick]
2713 *) Fix an unusual set of ./configure arguments that could cause
2714 mod_http to be built as a DSO, which it currently doesn't
2716 [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
2718 *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
2719 of the %X, %b and %B logformat options. PR 8253, 8996.
2722 *) If content-encoding is already present, do not run deflate (PR 9222)
2723 [Kazuhisa ASADA <kaz asada.sytes.net>]
2725 *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
2726 It is currently ignored and it will be removed in a future release
2727 of Apache. [Jeff Trawick]
2729 *) Removed documentation references to the no-longer-supported
2730 "make certificate" feature of mod_ssl for Apache 1.3.x. Test
2731 certificates, if truly desired, can be generated using openssl
2732 commands. PR 8724. [Cliff Woolley]
2734 *) Remove SSLLog and SSLLogLevel directives in favor of having
2735 mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
2737 *) OS/390: LIBPATH no longer has to be manually uncommented in
2738 envvars to get apachectl to set up httpd properly. [Jeff Trawick]
2740 *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
2741 may now be specified to the <File/Directory > container, rather
2742 than by vhost. [William Rowe]
2744 *) mod_isapi: Experimental support for faux async support for ISAPI
2745 modules. [William Rowe]
2747 *) mod_isapi: Major refactoring of the code to rely on apr internals
2748 rather than MS APIs (using our own mod_isapi.h headers for ISAPI
2749 symbol definitions.) [William Rowe]
2751 *) mod_isapi: Fixed the return string length from GetServerVariable
2752 callback, it was not including the trailing null in the consumed
2753 buffer size. This was particularly bad for Delphi 6.0 users.
2754 PR 8934 [Sebastian Hantsch <sebastian.hantsch gmx.de>]
2756 *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
2759 *) Make apxs look in the correct directory for envvars. It was
2760 broken when sbindir != bindir. PR 8869
2761 [Andreas Sundström <sunkan zappa.cx>]
2763 *) Fix mod_deflate corruption when using multiple buckets. PR 9014.
2764 [Asada Kazuhisa <kaz asada.sytes.net>]
2766 *) Performance enhancements for access logger when using
2767 default timestamp formatting [Brian Pane]
2769 *) Added EnableMMAP config directive to enable the server
2770 administrator to disable memory-mapping of delivered files
2771 on a per-directory basis. [Brian Pane]
2773 *) Performance enhancements for mod_setenvif [Brian Pane]
2775 *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick]
2777 *) Fixed If-Modified-Since on Win32, which would give false positives
2778 because of the sub-second resolution of file timestamps on that
2779 platform. [Cliff Woolley]
2781 *) Reverse the hook ordering for mod_userdir and mod_alias so
2782 that Alias/ScriptAlias will override Userdir. PR 8841
2785 *) Move mod_deflate out of experimental and into filters.
2788 *) Get proxy CONNECT basically working. [Jeff Trawick]
2790 *) Fix mod_rewrite hang when APR uses SysV Semaphores and
2791 RewriteLogLevel is set to anything other than 0. PR: 8143
2792 [Aaron Bannert, Cliff Woolley]
2794 *) Fix byterange requests from returning 416 when using dynamic data
2795 (such as filters like mod_include). [Justin Erenkrantz]
2797 *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
2798 to be extended by third-party modules via an optional function.
2799 [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
2801 *) Fix mod_include expression parser's handling of unquoted strings
2802 followed immediately by a closing paren. PR 8462. [Brian Pane]
2804 *) Remove autom4te.cache in 'make distclean'.
2805 [Thom May <thom planetarytramp.net>]
2807 *) Fix generated httpd.conf to respect layout for LoadModule lines.
2808 PR 8170. [Thom May <thom planetarytramp.net>]
2810 *) Win32: During a graceful restart, threads in the new process
2811 were accessing scoreboard slots still in use by active threads in
2812 the old process. [Bill Stoddard]
2814 Changes with Apache 2.0.36
2816 *) Fix some minor formatting issues with ab. Part of this is
2817 in reference to PR 8544, the rest I noticed while testing
2818 the PR fix. [Paul J. Reder]
2820 *) Fix a case where an invalid pass phrase is entered and an
2821 error message is given, but the prompt is not shown again.
2822 This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
2824 *) Close sockets on worker MPM when doing a graceless restart.
2827 *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
2828 as the session id context rather that a MD5 hash of that vhost ID,
2829 because it caused very long vhost id's to be unusable with mod_ssl.
2830 PR 8572. [Cliff Woolley]
2832 *) Fix the link to the description of the CoredumpDirectory
2833 directive in the server-wide document. PR 8643. [Jeff Trawick]
2835 *) Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley]
2837 *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
2838 - Avoid SIGBUS on sparc machines with SHMCB session caches
2839 - Allow whitespace between the pipe and the name of the
2840 program in SSLLog "| /path/to/program". [Cliff Woolley]
2842 *) Introduce mod_ext_filter and mod_deflate experimental modules
2843 to the Win32 build (zlib sources must be in srclib\zlib.)
2846 *) Changes to the worker MPM's queue management and thread
2847 synchronization code to reduce mutex contention [Brian Pane]
2849 *) Don't install *.in configuration files since we already install
2850 *-std.conf files. [Aaron Bannert]
2852 *) Many improvements to the threadpool MPM. [Aaron Bannert]
2854 *) Fix subreqs that are promoted via fast_redirect from having invalid
2855 frec->r structures. This would cause subtle errors later on in
2856 request processing such as seen in PR 7966. [Justin Erenkrantz]
2858 *) More efficient pool recycling logic for the worker MPM [Brian Pane]
2860 *) Modify the worker MPM to not accept() new connections until
2861 there is an available worker thread. This prevents queued
2862 connections from starving for processing time while long-running
2863 connections were hogging all the available threads. [Aaron Bannert]
2865 *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
2868 *) Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick]
2870 *) Allow mod_unique_id to work on systems with no IPv4 address
2871 corresponding to their host name. [Jeff Trawick]
2873 *) Fix suexec behavior with user directories. PR 7810.
2874 [Colm <colmmacc redbrick.dcu.ie>]
2876 *) Reject a blank UserDir directive since it is ambiguous. PR 8472.
2879 *) Make mod_mime use case-insensitive matching when examining
2880 extensions on all platforms. PR 8223. [Justin Erenkrantz]
2882 *) Add an intelligent error message should no proxy submodules be
2883 valid to handle a request. PR 8407 [Graham Leggett]
2885 *) Major improvements in concurrent processing for AB by enabling
2886 non-blocking connect()s and preventing APR from doing blocking
2887 read()s. Also implement fatal error checking for apr_recv().
2890 *) Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe]
2892 *) Fix Win32 'short name' aliases in httpd.conf directives.
2893 PR 8009 [William Rowe]
2895 *) Fix generation of default httpd.conf when the layout paths are
2896 disjoint. PR 7979, 8227. [Justin Erenkrantz]
2898 *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
2899 that downgraded responses can have force-response. PR 8357.
2902 *) Fix perchild MPM so that it can be configured with the move to the
2903 experimental directory. [Scott Lamb <slamb slamb.org>]
2905 *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
2906 ap_uname2id. [Scott Lamb <slamb slamb.org>]
2908 *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
2910 *) SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803]
2911 Added the APLOG_TOCLIENT flag to ap_log_rerror() to
2912 explicitly tell the server that warning messages should be sent
2913 to the client in addition to being recorded in the error log.
2914 Prior to this change, ap_log_rerror() always sent warning
2915 messages to the client. In one case, a faulty CGI script caused
2916 the server to send a warning message to the client that contained
2917 the full path to the CGI script. This could be considered a
2918 minor security exposure. [Bill Stoddard]
2920 *) mod_autoindex output when SuppressRules was specified would
2921 omit the first carriage return so the first item in the list
2922 would appear to the right of the column headings instead of
2923 underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
2925 *) Moved the call to apr_mmap_dup outside the error branch so
2926 that it would actually get called. This fixes a core dump
2927 at init everytime you use the MMapFile directive. PR 8314
2930 *) Trigger an error when a LoadModule directive attempts to
2931 load a module which is built-in. This is a common error when
2932 switching from a DSO build to a static build. [Jeff Trawick]
2934 *) Change instdso.sh to use libtool --install everywhere and then
2935 clean up some stray files and symlinks that libtool leaves around
2936 on some platforms. This gets subversion building properly since
2937 it needed a re-link to be performed by libtool at install time,
2938 and the old instdso.sh logic to simply cp the DSO didn't handle
2939 that requirement. [Sander Striker]
2941 *) Allow VPATH builds to succeed when configured from an empty
2942 directory. [Thom May <thom planetarytramp.net>]
2944 *) Fix 'control reaches end of non-void function' warning in
2945 server/log.c. [Ben Collins-Sussman <sussman collab.net>]
2947 *) Perchild MPM is now correctly deemed as experimental and is now
2948 located in server/mpm/experimental. [Justin Erenkrantz]
2950 *) Fix segfault in mod_mem_cache when garabge collecting an expired
2951 cache entry. [Bill Stoddard]
2953 *) Introduced -E startup_logfile_name option to httpd to allow admins
2954 to begin logging errors immediately. This provides Win32 users
2955 an alternative to sending startup errors to the event viewer, and
2956 allows other daemon tool authors an alternative to logging to stderr.
2959 *) Fix subreqs with non-defined Content-Types being served improperly.
2962 *) Merge in latest GNU config.guess and config.sub files. PR 7818.
2965 *) Move 100 - Continue support to the HTTP_IN filter so that filters
2966 are guaranteed to support 100 - Continue logic without any
2967 intervention. [Justin Erenkrantz]
2969 *) Add HTTP chunked input trailer support. [Justin Erenkrantz]
2971 *) Rename and export get_mime_headers as ap_get_mime_headers.
2974 *) Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz]
2976 *) Properly substitute sbindir as httpd's location in apachectl. PR 7840.
2977 [Andreas Hasenack <andreas netbank.com.br>]
2979 *) Allow Win32 shebang scripts to follow the path (or omit the .exe
2980 suffix from the shebang command), and allow ScriptInterpreterSource
2981 Registry or RegistryStrict to override shebang lines, as 1.3 did.
2982 PR 8004 [William Rowe]
2984 *) worker MPM: Fix a situation where a child exited without releasing
2985 the accept mutex. Depending on the OS and mutex mechanism this
2986 could result in a hang. [Jeff Trawick]
2988 *) Update the instructions for how to get started with mod_example.
2991 *) Fix PidFile to default to rel_runtimedir instead of
2992 rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
2994 *) Win32: Fix problem that caused rapid performance degradation
2995 when number of connecting clients exceeded ThreadsPerChild.
2998 *) Fixed a segfault parsing large SSIs on non-mmap systems.
3001 *) Proxy was bombing out every second keepalive request, caused by a
3002 stray CRLF before the second response's status line. Proxy now
3003 tries to read one more line if it encounters a CRLF where it
3004 expected a status. PR 10010 [Graham Leggett]
3006 *) Deprecated the apr_lock.h API. Please see the following files
3007 for the improved thread and process locking and signaling:
3008 apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
3009 apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert]
3011 *) Change mod_status to use scoreboard accessor functions so it can
3012 be used in any MPM without having to be recompiled.
3013 [Ryan Morgan <rmorgan covalent.net>]
3015 *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
3016 handle declarations are recognized. This fixes problems loading
3017 mod_autoindex on some platforms. [Brian Havard]
3019 *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
3021 *) Remind the admin about the User and Group directives when we are
3022 unable to set permissions on a semaphore. PR 7812 [Jeff Trawick]
3024 *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
3027 *) fix possible infinite loop in mod_ssl triggered by certain
3028 netscape clients [Doug MacEachern]
3030 *) fix ProxyPass when frontend is https and backend is http
3033 *) Add DASL support to mod_dav
3034 [Sung Kim <hunkim cse.ucsc.edu>]
3036 Changes with Apache 2.0.35
3038 *) mod_rewrite: updated to use the new APR global mutex type.
3041 *) Fixes for mod_include errors on boundary conditions in which
3042 "<!--#" occurs at the very end of a bucket
3043 [Paul Reder, Brian Pane]
3045 *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to
3046 cause the Apache parent process to run in the foreground (similar to
3047 -DNO_DETACH except that it doesn't switch session ids).
3050 *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
3051 for those platforms that support it. If using the default
3052 implementation, this is between pthread and sysvsem in priority.
3053 This implies it's the new default for Darwin. [Jim Jagielski]
3055 *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
3056 environment variables in the envvars file. [Jeff Trawick]
3058 *) worker MPM: Don't create a listener thread until we have a worker
3059 thread. Otherwise, in situations where we'll have to wait a while
3060 to take over scoreboard slots from a previous generation, we'll be
3061 accepting connections we can't process yet. [Jeff Trawick]
3063 *) Allow worker MPM to build on systems without pthread_kill().
3064 [Pier Fumagalli, Jeff Trawick]
3066 *) Prevent ap_add_output_filters_by_type from being called in
3067 ap_set_content_type if the content-type hasn't changed.
3070 *) Performance: implemented the bucket allocator made possible by the
3071 API change in 2.0.34. [Cliff Woolley]
3073 *) Don't allow initialization to succeed if we can't get a socket
3074 corresponding to one of the Listen statements. [Jeff Trawick]
3076 Changes with Apache 2.0.34
3078 *) Allow all Perchild directives to accept either numerical UID/GID
3079 or logical user/group names. [Scott Lamb <slamb slamb.org>]
3081 *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]
3083 *) implement ssl proxy to support ProxyPass / https:// and the
3084 SSLProxy* directives [Doug MacEachern]
3086 *) Update mod_cgid to not do single-byte socket reads for CGI headers
3089 *) Made AB's use of the Host: header rfc2616 compliant
3090 by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
3092 *) The old, legacy (and unused) code in which the scoreboard was totally
3093 and completely contained in a file (SCOREBOARD_FILE) has been
3094 removed. This does not affect scoreboards which are *mapped* to
3095 files using named-shared-memory. [Jim Jagielski]
3097 *) Change bucket brigades API to allow a "bucket allocator" to be
3098 passed in at certain points. This allows us to implement freelists
3099 so that we can stop using malloc/free so frequently.
3100 [Cliff Woolley, Brian Pane]
3102 *) Add support for macro expansion within the variable names in
3103 <!--#echo--> and <!--#set--> directives [Brian Pane]
3105 *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]
3107 *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
3110 *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
3111 [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]
3113 *) Add a new parameter to the quick_handler hook to instruct
3114 quick handlers to optionally do a lookup rather than actually
3115 serve content. This is the first of several changes required fix
3116 several problems with how quick handlers work with subrequests.
3119 *) worker MPM: Get MaxRequestsPerChild to work again. [Jeff Trawick]
3121 *) [APR-related] The ordering of the default accept mutex method has
3122 been changed to better match what's done in Apache 1.3. The ordering
3123 is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
3126 *) Ensure that the build/ directory is created when using VPATH.
3129 *) Add some popular types to the mime magic file. PR 7730.
3130 [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
3132 *) Remove the single-byte socket reads for CGI headers [Brian Pane]
3134 *) When a proxied site was being served, Apache was replacing
3135 the original site Server header with it's own, which is not
3136 allowed by RFC2616. Fixed. [Graham Leggett]
3138 *) Fix a mod_cgid problem that left daemon processes stranded
3139 in some server restart scenarios. [Jeff Trawick]
3141 *) Added exp_foo and rel_foo variables to config_vars.mk for
3142 all Apache and Autoconf path variables (like --sysconfdir,
3143 --sbindir, etc). exp_foo is the "expanded" version, which means
3144 that all internal variable references have been interpolated.
3145 rel_foo is the same as $exp_foo, only relative to $prefix if they
3146 share a common path. [Aaron Bannert]
3148 *) Fix some restart/terminate problems in the worker MPM. Don't
3149 drop connections during graceful restart. [Jeff Trawick]
3151 *) Change the header merging behaviour in proxy, as some headers
3152 (like Set-Cookie) cannot be unmerged due to stray commas in
3153 dates. [Graham Leggett]
3155 *) Be more vocal about what AcceptMutex values we allow, to make
3156 us closer to how 1.3 does it. [Jim Jagielski]
3158 *) Get nph- CGI scripts working again. PRs 8902, 8907, 9983
3161 *) Upgraded PCRE library to latest version 3.9 [Brian Pane]
3163 *) Add accessor function to set r->content_type. From now on,
3164 ap_rset_content_type() should be used to set r->content_type.
3165 This change is required to properly implement the
3166 AddOutputFilterByType configuration directive.
3167 [Bill Stoddard, Sander Striker, Ryan Bloom]
3169 *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
3170 RFC 3253. Improved the method name/number mapping functions.
3173 *) remove sock_enable_linger from connection.c [Ian Holsman]
3175 *) Fix for virtual host processing where the requested hostname
3176 has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
3178 *) mod_dav's APIs for REPORT response handling was changed so that
3179 providers can generate the content directly into the output filter
3180 stack, rather than buffering the response into memory. [Greg Stein]
3182 *) Fix a hang condition with graceful restart and prefork MPM
3183 in the situation where MaxClients is very high but
3184 much fewer servers are actually started at the time of the
3185 restart. [Jeff Trawick]
3187 *) Small performance fixes for mod_include [Brian Pane]
3189 *) Performance improvement for the error logger [Brian Pane]
3191 *) Change configure so that Solaris 8 and above have
3192 SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
3193 according to sun people solaris 8+ doesn't have a thundering
3194 herd problem [Ian Holsman]
3196 *) Allow URIs specifying CGI scripts to include '/' at the end
3197 (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
3198 which ignore '/' at the end of the names of non-directories).
3199 PR 10138 [Jeff Trawick]
3201 *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
3202 apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
3204 *) Fix apxs -g handling. Move config_vars.mk from the top build
3205 directory to the build directory. PR 10163 [Jeff Trawick]
3207 *) Fix some mod_include problems which broke evaluation of some
3208 expressions. PR 10108 [Jeff Trawick]
3210 *) Fix the calculation of request time in mod_status. [Stas Bekman]
3212 *) Fix the calculation of thread_num in the worker score structure.
3215 *) Use apr_atomic operations in managing the mod_mem_cache
3216 cache_objects for SMP scalability. (see USE_ATOMICS
3217 preprocessor directive in mod_file_cache)
3220 *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
3221 preprocessor directive in mod_file_cache)
3224 *) Implement prototype mod_disk_cache for use with mod_cache.
3227 *) Add a missing manualdir entry in the Debian config.layout.
3228 [Thom May <thom planetarytramp.net>]
3230 *) Stop installing libtool for APR and tell APR where it should place
3231 its copy of libtool (via our installbuildpath layout variable).
3234 *) New directive ProxyIOBufferSize. Sets the size of the buffer used
3235 when reading from a remote HTTP server in proxy. [Graham Leggett]
3237 *) Modify receive/send loop in proxy_http and proxy_ftp so that
3238 should it be necessary, the remote server socket is closed before
3239 transmitting the last buffer (set by ProxyIOBufferSize) to the
3240 client. This prevents the backend server from being forced to hang
3241 around while the last few bytes are transmitted to a slow client.
3242 Fix the case where no error checking was performed on the final
3243 brigade in the loop. [Graham Leggett]
3245 *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
3246 CacheMaxExpire and CacheDefaultExpire to use seconds rather than
3247 hours. [Graham Leggett, Bill Stoddard]
3249 *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
3250 for a undefined variable. [Ian Holsman]
3252 *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
3253 when we can't get a socket in the specified address family. We may
3254 have gotten back an IPv6 address first and yet our system is not
3255 configured to allow IPv6 sockets. [Jeff Trawick]
3257 *) Be more careful about recursively removing CVS directories. Make
3258 sure that we aren't cd'ing to their home directory first. PR: 9993
3259 [Aaron Bannert, James LewisMoss <dres lewismoss.net>]
3261 *) Add a missing errordir entry in the Debian config.layout. PR: 10067
3262 [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
3263 Thom May <thom planetarytramp.net>]
3265 *) Rename the filter ordering priorities. The recent filtering fixes
3266 have showcased problems with their usage. Therefore, we need to
3267 rename them to increase the clarity. (CONTENT->RESOURCE,
3268 HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
3270 Changes with Apache 2.0.33
3272 *) Fix a problem in the new --enable-layout functionality where
3273 it wouldn't allow overrides from variables like --prefix,
3274 --bindir, etc. [Thom May <thom planetarytramp.net>]
3276 *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
3277 no longer hangs around waiting for the socket to close before
3278 returning exhaustive data. [Aaron Bannert]
3280 *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
3281 [Thom May <thom planetarytramp.net>]
3283 *) Change mod_ssl to always do a full startup/teardown on restarts.
3284 this allows mod_ssl to be added to a server that is already
3285 running and makes it possible to add/change certs/keys after the
3286 server has been started. [Doug MacEachern]
3288 *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
3289 This pipe must be a bidirectional 'console' style relay, which
3290 mod_ssl prints all prompts to the pipe's stdin, and reads the
3291 passphrases from the pipe's stdout. [William Rowe]
3293 *) Fix bug where --sysconfdir and --localstatedir were being
3294 ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
3297 *) Fix --enable-layout to work again. Caution: When specifying
3298 --enable-layout, common arguments like --prefix, --exec-prefix,
3299 etc. will be ignored and the settings from the layout will be
3300 used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
3303 *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
3304 regex pattern matching for the determination of which requests
3305 to use the remote proxy for. [Jim Jagielski]
3307 *) Fix CustomLog bytes-sent with HTTP 0.9. [Justin Erenkrantz]
3309 *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
3310 cruft in piped logs and rewritemap child processes.
3313 *) All instances of apr_lock_t have been removed and converted
3314 to one of the following new lock APIs: apr_thread_mutex.h,
3315 apr_proc_mutex.h, or apr_global_mutex.h. No new code should
3316 use the apr_lock.h API, as the old API will soon be deprecated.
3319 *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
3320 [Ralf S. Engelschall, Cliff Woolley]
3322 *) mod-include: make it handle flush'es and fix the 'false-alarm'
3323 [Justin Erenkrantz, Brian Pane, Ian Holsman]
3325 *) ap_get_*_filter_handle() functions to allow 3rd party modules
3326 to lookup filter handles so they can bypass the filter name
3327 lookup when adding filters to a request (via ap_add_*_filter_handle())
3328 [Ryan Morgan <rmorgan covalent.net>]
3330 *) Fix for multiple file buckets on Win32, where the first file
3331 bucket would cause the immediate closure of the socket on any
3332 non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
3334 *) Correct Win32 failure of mmap of a segment beyond start of the
3335 file; fixes large SSL and similar transfers. [William Rowe]
3338 *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
3339 multi-process mode to not "daemonize" while detaching from the
3340 controlling terminal. This is necessary for Apache to work with
3341 process-management tools like AIX's "System Resource Controller"
3342 as well as Dan Bernstein's "daemontools".
3343 [Jos Backus <josb cncdsl.com>, Aaron Bannert]
3345 *) Convert mod_auth_digest to use the new apr_global_mutex_t
3346 type. [Aaron Bannert]
3348 *) fix bug in mod-include where it wouldn't send a unmatched
3349 part if it was at the end of a bucket [Ian Holsman]
3351 *) worker MPM: Improve logging of errors with the interface between
3352 the listener thread and worker threads. [Jeff Trawick]
3354 *) Some browsers ignore cookies that have been merged into a
3355 single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
3356 are now unmerged in the http proxy before being sent to the
3357 client. [Graham Leggett]
3359 *) Fix a problem with proxy where each entry of a duplicated
3360 header such as Set-Cookie would overwrite and obliterate the
3361 previous value of the header, resulting in multiple header
3362 values (like cookies) going missing.
3363 [Graham Leggett, Joshua Slive]
3365 *) Add the server-limit and thread-limit values to the scoreboard
3366 for the sake of third-party applications.
3367 [Adam Sussman <myddryn vishnu.vidya.com>]
3369 *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]
3371 *) OS/390: Get make install to properly copy DSO modules.
3374 *) Win32: Fix bug in mod_status with displaying "Restart Time"
3375 and "Server uptime".
3378 *) Fix IPv6 name-based virtual hosts. [Jeff Trawick]
3380 *) Introduce AddOutputFilterByType directive. [Justin Erenkrantz]
3382 *) Fix DEBUG_CGI support in mod_cgi. PR 9670, 9671.
3383 [David MacKenzie <djm pix.net>]
3385 *) Fix incorrect check for script_in in mod_cgi. PR 9669.
3386 [David MacKenzie <djm pix.net>]
3388 *) Fix segfault and display error when SSLMutex file can not be
3389 created. [Adam Sussman <myddryn vishnu.vidya.com>]
3391 *) Add reference counting to mod_mem_cache cache objects to
3392 better manage removing objects from the cache.
3395 *) Change the verbage on the ScoreBoardFile in our default configs.
3396 Also change the default to be commented out (unspecified) so we
3397 get anonymous shared memory by default. [Aaron Bannert]
3399 *) Implement new ScoreBoardFile directive logic. This affects how
3400 we create the scoreboard's shared memory segment. If the directive
3401 is present, a name-based segment is created. If the directive is
3402 not present, first an anonymous segment is created, and if that
3403 fails, a name-based segment is created from a file of the name
3404 DEFAULT_SCOREBOARD. This gives third-party applications the
3405 ability to access our scoreboard. [Aaron Bannert]
3407 *) Allow mod_deflate to work with non-GET requests and properly send
3408 Content-Lengths. [Sander Striker <striker apache.org>]
3410 *) Fix ap_directory_merge() to correctly merge configs when there is
3411 no <Directory /> block. [Justin Erenkrantz, William Rowe]
3413 *) Remove spurious debug messsages that are normal under HTTP
3414 keep-alive logic. [Jeff Trawick, Justin Erenkrantz]
3416 *) Fix a bug in mod_cgid that would prevent proper shutdown death
3417 of the cgid process. [Aaron Bannert]
3419 *) Add signal handling back in to the worker MPM for the one_process
3420 (-X, -DDEBUG, -DONE_PROCESS) case. [Aaron Bannert]
3422 *) Performance: Reuse per-connection transaction pools in the
3423 worker MPM, rather than destroying and recreating them. [Brian Pane]
3425 *) Remove all signals from the worker MPM's child process. Instead,
3426 the parent uses the Pipe of Death for all communication with the
3427 child processes. [Ryan Bloom]
3429 Changes with Apache 2.0.32
3431 *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
3432 default if the directive is not specified. This mirrors older
3433 behavior without changes to the httpd.conf. [William Rowe]
3435 *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
3436 the service, mpm and logging code, and bugs in apr_file_open_stderr
3437 and apr_file_dup2 functions. Win2K/XP services have no handles
3438 associated for stdin/out/err, which caused unpredictable behavior
3439 in the prior release. [William Rowe, Bill Stoddard]
3441 *) Win32: simplify the Application Event Log messages, since there isn't
3442 likely to be 'more information in the error log' before an error log
3443 has been opened. [William Rowe]
3445 *) Win32: substantial cleanup to the mpm_winnt code for legibility and
3446 to follow the program flow of other MPMs. [Ryan Bloom, William Rowe]
3448 *) Win32: apache -k shutdown now behaves like apache -k stop.
3451 *) Fix prefork to not kill the parent if a child hits a resource shortage
3452 on accept(). [Greg Ames]
3454 *) Fix seg faults that occur when what should be the httpd request line
3455 starts with \r\n followed by garbage. [Greg Ames]
3457 *) Allow statically linked support binaries with the new
3458 --enable-static-support flag, and enable this behavior in
3459 the binbuild script. Also add a new --enable-static-htdbm
3460 flag. [Aaron Bannert]
3462 *) Allow mod_autoindex to serve symlinks if permitted and attempt to
3463 do only one stat() call when generating the directory listings.
3466 *) Fix resolve_symlink to save the original symlink name if known.
3469 *) Be a bit more sane with regard to CanonicalNames. If the user has
3470 specified they want to use the CanonicalName, but they have not
3471 configured a port with the ServerName, then use the same port that
3472 the original request used. [Ryan Bloom and Ken Coar]
3474 *) In core_input_filter, check for an empty brigade after
3475 APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a
3476 client says it will post some data but we get FIN before any
3477 data arrives. [Jeff Trawick]
3479 *) Not being able to bind to the socket is a fatal error. We should
3480 print an error to the console, and return a non-zero status code.
3481 With these changes, all of the Unix MPMs do that correctly.
3484 *) suexec: Allow HTTPS and SSL_* environment variables to be passed
3485 through to CGI scripts. PR 9163
3486 [Brian Reid <breid customlogic.com>,
3487 Zvi Har'El <rl math.technion.ac.il>]
3489 *) binbuild.sh: Make sure that we use the expat from our source
3490 tree so that there aren't any surprises on the target machine.
3493 *) mod_cgid: Add retry logic for when the daemon can't fork fast
3494 enough to keep up with new requests. Start using
3495 HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
3496 when we can't talk to the daemon. [Jeff Trawick]
3498 *) apxs: LTFLAGS envvar can override default libtool options. Try
3499 "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
3500 the covers. [Jeff Trawick]
3502 *) The Location: response header field, used for external
3503 redirect, *must* be an absoluteURI. The Redirect directive
3504 tested for that, but RedirectMatch didn't -- it would allow
3505 almost anything through. Now it will try to turn an abs_path
3506 into an absoluteURI, but it will correctly varf like Redirect
3507 if the final redirection target isn't an absoluteURI. [Ken Coar]
3509 Changes with Apache 2.0.31
3511 *) Create the scoreboard (in the parent) in a global pool context,
3512 so it survives graceful restarts. This fixes a SEGV during
3513 graceful restarts. [Aaron Bannert]
3515 *) Add a timeout option to the proxy code 'ProxyTimeout'
3518 *) FTP directory listings are now always retrieved in ASCII mode.
3519 The FTP proxy properly escapes URI's and HTML in the generated
3520 listing, and escapes the path components when talking to the FTP
3521 server. It is now possible to browse the root directory by using
3522 a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
3523 Also, the last path component may contain wildcard characters
3524 '*' and '?', and if they do, a directory listing is created instead
3525 of a file retrieval. Example: ftp://user@host/httpd/server/*.c
3528 *) Added single-listener unserialized accept support to the
3529 worker MPM [Brian Pane]
3531 *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
3532 the incoming host header through to the proxied server
3533 [Geoff <g.russell ieee.org>]
3535 *) New Directive Option for ProxyPass. It now can block a location
3536 from being proxied [Jukka Pihl <jukka.pihl entirem.com>]
3538 *) Don't let the default handler try to serve a raw directory. At
3539 best you get gibberish. Much worse things can happen depending
3540 on the OS. [Jeff Trawick]
3542 *) Change the pre_config hook to return a value. Modules can now emit
3543 an error message and then cause the server to quit gracefully during
3544 startup. This required a bump to the MMN. [Aaron Bannert]
3546 *) Fix some unix socket descriptor leaks in the handler side of
3547 mod_cgid (the part that runs in the server process). Whack a
3548 silly "close(-1)" in the handler too. [Jeff Trawick]
3550 *) Change the pre_mpm hook to return a value, so that scoreboard
3551 init errors percolate up to code that knows how to exit
3552 cleanly. This required a bump to the MMN. [Jeff Trawick]
3554 *) Add the socket back to the conn_rec and remove the create_connection
3555 hook. The create_connection hook had a design flaw that did not
3556 allow creating connections based on vhost info. [Bill Stoddard]
3558 *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
3559 Resolves the common case of using negotation to resolve the request
3560 /script/foo for /script.cgi/foo. [William Rowe]
3562 *) Added new functions ap_add_(input|output)_filter_handle to
3563 allow modules to bypass the usual filter name lookup when
3564 adding hard-coded filters to a request [Brian Pane]
3566 *) caching should now work on subrequests (still very experimental)
3569 *) The Win32 mpm_winnt now has a shared scoreboard. [William Rowe]
3571 *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
3574 *) Refactor ap_rgetline so that it does not use an internal brigade.
3575 Change ap_rgetline's prototype to return errors. [Justin Erenkrantz]
3577 *) Remove mod_auth_db. [Justin Erenkrantz]
3579 *) Do not install unnecessary pcre headers like config.h and internal.h.
3580 [Joe Orton <joe manyfish.co.uk>]
3582 *) Change in quick_hanlder behavior for subrequests. it now passes DONE
3583 (as it does for a normal request). quick_handled sub-requests now work
3584 in mod-include [Ian Holsman]
3586 *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
3587 'CONTENT' one, as it needs to run AFTER all content headers
3589 *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
3592 *) Split out blocking from the mode in the input filters.
3595 *) Fix a segfault in mod_include. [Justin Erenkrantz, Jeff Trawick]
3597 *) Cause Win32 to capture all child-worker process errors in
3598 Apache to the main server error log, until the child can
3599 open its own error logs. [William Rowe]
3601 *) HPUX 11.*: Do not kill the child process when accept()
3602 returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
3603 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
3605 *) Fix a problem in the parsing of the <Proxy foo> directive.
3608 *) rewrite of mod_ssl input filter for better performance and less
3609 memory usage [Doug MacEachern]
3611 *) allow quick_handler to be run on subrequests. [Ian Holsman]
3613 *) mod_dav now asks its provider to place content directly into the
3614 filter stack when handling a GET request. The mod_dav/provider
3615 API has changed, so providers need to be updated. [Greg Stein]
3617 *) Clear the output socket descriptor in unixd_accept() to make sure
3618 we don't supply a bogus socket to the caller if the accept fails.
3619 This caused problems with the worker MPM, which tried to process
3620 the returned socket if it was non-NULL. [Brian Pane]
3622 *) Move a check for an empty brigade to the start of core input filter
3623 to avoid segfaults. [Justin Erenkrantz, Jeff Trawick]
3625 *) Add FileETag directive to allow configurable control of what
3626 data are used to form ETag values for file-based URIs. MMN
3627 bumped to 20020111 because of fields added to the end of
3628 the core_dir_config structure. [Ken Coar]
3630 *) Fix a segfault in mod_rewrite's logging code caused by passing the
3631 wrong config to ap_get_remote_host(). [Jeff Trawick]
3633 *) Allow mod_cgid to work from a binary distribution install by
3634 using 755 for the permissions on the log directory instead of
3637 *) Fixed a segfault that happened during graceful shutdown (or when
3638 the httpd ran out of file descriptors) with the worker MPM [Brian Pane]
3640 *) Split all Win32 modules [excluding the core components mod_core,
3641 mod_so, mod_win32 and the winnt mpm] into individual loadable
3642 modules, so the administrator may individually disable the former
3643 compiled-in modules by simply commenting out their LoadModule
3644 directives. [William Rowe]
3646 *) Saved Win32 module authors and porters many future headaches, by
3647 duplicating the appropriate .h files such as os.h into the include
3648 directory, including in the build tree. [William Rowe]
3650 *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
3651 Use SSL functions/macros instead of directly dereferencing SSL
3652 structures wherever possible.
3653 Add type-casts for the cases where functions return a generic pointer.
3654 Add $SSL/include to configure search path.
3655 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
3657 *) Moved several pointers out of the shared Scoreboard so it is
3658 more portable, and will present the vhost name across server
3659 generation restarts. [William Rowe]
3661 *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
3664 Changes with Apache 2.0.30
3666 *) Fix the main bug for FreeBSD and threaded MPM's. There are
3667 still issues (see STATUS) but at least the server will now
3668 run without crashing the machine.
3669 [David Reid, Aaron Bannert, Justin Erenkrantz]
3671 *) Fix a typo in mod_deflate's m4 config section.
3672 [albert chin <china thewrittenword.com>]
3674 *) Fix a couple of mod_proxy problems forwarding HTTP connections
3675 and handling CONNECT:
3676 (1) PR #9190 Proxy failed to connect to IPv6 hosts.
3677 (2) Proxy failed to connect when the first IP address returned by
3678 the resolver was unreachable but a secondary IP address was.
3681 *) Fix the module identifer as shown in the docs for various core
3682 modules (e.g., the identifer for mod_log_config was previously
3683 listed as config_log_module). PR #9338
3684 [James Watson <ap2bug sowega.org>]
3686 *) Fix LimitRequestBody directive by placing it in the HTTP
3687 filter. [Justin Erenkrantz]
3689 *) Fix mod_proxy seg fault when the proxied server returns
3690 an HTTP/0.9 response or a bogus status line.
3693 *) Prevent mod_proxy from truncating one character off the
3694 end of the status line returned from the proxied server.
3695 [Adam Sussman, Bill Stoddard]
3697 *) Eliminate loop in ap_proxy_string_read().
3698 [Adam Sussman, Bill Stoddard]
3700 *) Provide $0..$9 results from mod_include regex parsing.
3703 *) Allow mod-include to look for alternate start & end tags [Ian Holsman]
3705 *) Introduced the ForceLanguagePriority directive, to prevent
3706 returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
3707 when using Multiviews. [William Rowe]
3709 *) Fix a problem which prevented mod_cgid and suexec from working
3710 together reliably [Greg Ames]
3712 *) Remove the call to exit() from within mod_auth_digest's post_config
3713 phase. [Aaron Bannert]
3715 *) Fix a problem in mod_auth_digest that could potentially cause
3716 problems with initialized static data on a system that uses DSOs.
3719 *) Fix a segfault in the worker MPM that could happen during
3720 child process exits. [Brian Pane, Aaron Bannert]
3722 *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]
3724 *) Fix matching of vhosts by ip address so we find IPv4
3725 vhost address when target address is v4-mapped form of
3726 that address. [Jeff Trawick]
3728 *) More performance tweaks to the BNDM string-search algorithm
3729 used to find "<!--#" tokens in mod_include [Brian Pane]
3731 *) Miscellaneous small performance fixes: optimized away various
3732 string copy operations and removed large temp buffers from
3733 the stack [Brian Pane]
3735 *) Fixed startup segfault that occurred when a VirtualHost
3736 directive had a port but no address [Brian Pane]
3738 *) Allow htdbm to work with multiple DBM types [Ian Holsman]
3740 *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
3741 if oslevel < WINNT. This should fix several problems reported
3742 Against 2.0.28 on Windows 98 [Bill Stoddard]
3744 *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
3745 to fail. [Bill Stoddard]
3747 *) Change core code to allow an MPM to set hard thread/server
3748 limits at startup. prefork, worker, and perchild MPMs now have
3749 directives to set these limits. [Jeff Trawick]
3751 *) Win32: The async AcceptEx() event should be autoreset upon
3752 successful completion of a wait (WaitForSingleObject). This
3753 eliminates a number of spurious
3754 setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
3757 *) Move any load library path environment variables out of
3758 apachectl and into a separate environment variable file which
3759 can be more easily tailored by the admin. The environment
3760 variable file as built by Apache may have additional system-
3761 specific settings. For example, on OS/390 we tailor the heap
3762 settings to allow lots of threads. [Jeff Trawick]
3764 *) Use the new APR pool code to reduce pool-related lock
3765 contention in the worker MPM. [Sander Striker]
3767 *) The POD no longer assumes the child is listening on 127.0.0.1
3768 and now pulls the first hostname in the list of listeners to
3769 perform the dummy connect on. This fixes a bug when the user
3770 had configured the Listen directive for an IP other than
3771 127.0.0.1. This would result in undead children and error
3772 messages such as "Connection refused: connect to listener".
3775 *) The worker MPM now respects the LockFile setting, needed to
3776 avoid locking problems with NFS. [Jeff Trawick]
3778 *) Fix segfault when worker MPM receives SIGHUP.
3779 [Ian Holsman, Aaron Bannert, Justin Erenkrantz]
3781 *) Fix bug that could potentially prevent the perchild MPM from
3782 working with more than one vhost/uid. [Aaron Bannert]
3784 *) Change make install and apxs -i processing of DSO modules to
3785 perform special handling on platforms where libtool doesn't install
3786 mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
3787 which prevented standard LoadModule statements from working.
3790 *) Whenever mod_so is enabled (not just when there are DSOs for
3791 our modules), do whatever special magic is required for compiling/
3792 loading third-party modules. This allows third-party DSOs to
3793 be used on an AIX build when there were no built-in modules
3794 built as DSOs. (This should help on OS/390 and BeOS as well.)
3797 *) Allow apxs to be used to build DSOs on AIX without requiring the
3798 user to hard-code the list of import files. (This should help
3799 on OS/390 and BeOS as well.) [Jeff Trawick]
3801 *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
3802 PR 8563, 8919 [William Rowe]
3804 *) Get binary builds working when libapr and libaprutil are built
3807 *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
3808 working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
3809 Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
3811 *) Fix the handling of SSI directives in which the ">" of the
3812 terminating "-->" is the last byte in a file [Brian Pane]
3814 *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
3815 message that we had back in apache-1.3 and still have scattered
3816 throughout our docs. [Aaron Bannert]
3818 *) Prevent the Win32 port from continuing after encountering an
3819 error in the command line args to apache. [William Rowe]
3821 *) On a error in the proxy, make it write a line to the error log
3824 *) Various mod_ssl performance improvements [Doug MacEachern]
3826 Changes with Apache 2.0.29
3828 *) Add buffering in core_output_filter to ensure that long
3829 lists of small buckets don't cause small packet writes.
3830 [Brian Pane, Ryan Bloom]
3832 *) Fix the installation target to make sure that the manual is
3833 installed in the correct location.
3834 [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
3835 Gomez Henri <hgomez slib.fr>]
3837 *) Fix the cmd command for mod_include. When we are processing
3838 a cmd command, we do not want to use the r->filename to set
3839 the command name. The command comes from the SSI tag. To do this,
3840 I added a variable to the function that builds the command line
3841 in mod_cgi. This allows the include_cmd function to specify
3842 the command line itself. [Ryan Bloom]
3844 *) Change open_logs hook to return a value, allowing you
3845 to flag a error while opening logs
3846 [Ian Holsman, Doug MacEachern]
3848 *) Change post_config hook to return a value, allowing you
3849 to flag a error post config
3850 [Ian Holsman, Jeff Trawick]
3852 *) Allow SUEXEC_BIN (the path to the suexec binary that is
3853 hard-coded into the server) to be specified to the configure
3854 script by the --with-suexec-bin parameter. [Aaron Bannert]
3856 *) Fix segv in worker MPM following accept on pipe-of-death
3859 *) Add mod_deflate to experimental.
3860 [Ian Holsman, Justin Erenkrantz]
3862 *) Bail out at configure time if an invalid MPM was specified.
3863 [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
3865 *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
3866 configured [John Sterling <sterling covalent.net>]
3868 *) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
3870 *) Fix a problem with IPv6 vhosts. PR #8118 [Jeff Trawick]
3872 *) Optimization for the BNDM string-search function in
3873 mod_include. [Brian Pane]
3875 *) Fixed the behavior of the XBitHack directive.
3876 [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
3878 *) The threaded MPM for Unix has been removed. Use the worker
3879 MPM instead. [various]
3881 *) APR-ize the resolver logic in mod_unique_id. This fixes a bug
3882 in logging the error from a failed DNS lookup. [Jeff Trawick]
3884 *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
3887 *) Get mod_cgid killed when a MPM exits due to a fatal error.
3890 *) Fix a file descriptor leak in mod_include. When we include a
3891 file, we use a sub-request, but we didn't destroy the sub-request
3892 immediately, instead we waited until the original request was
3893 done. This patch closes the sub-request as soon as the data is
3894 done being generated. [Brian Pane <bpane pacbell.net>]
3896 *) Allow modules that add sockets to the ap_listeners list to
3897 define the function that should be used to accept on that
3898 socket. Each MPM can define their own function to use for
3899 the accept function with the MPM_ACCEPT_FUNC macro. This
3900 also abstracts out all of the Unix accept error handling
3901 logic, which has become out of synch across Unix MPMs.
3904 *) Fix a bug which would cause the response headers to be omitted
3905 when sending a negotiated ErrorDocument because the required
3906 filters were attached to the wrong request_rec.
3907 [John Sterling <sterling covalent.net>]
3909 *) Remove commas from the end of the macros that define
3910 directives that are used by MPMs. Prior to this patch,
3911 you would use these macros without commas, which was unlike
3912 the macros for any other directives. Now, the caller provides
3913 the comma rather than the macro providing it. This makes
3914 the macros look more like the rest of the directives.
3915 [Ryan Bloom and Cliff Woolley]
3917 *) Add 'redirect-carefully' environment option to disable sending
3918 redirects under special circumstances. This is helpful for
3919 Microsoft's WebFolders when accessing a directory resource via
3920 DAV methods. [Justin Erenkrantz]
3922 *) Begin to abstract out the underlying transport layer.
3923 The first step is to remove the socket from the conn_rec,
3924 the server now lives in a context that is passed to the
3925 core's input and output filters. This forces us to be very
3926 careful when adding calls that use the socket directly,
3927 because the socket isn't available in most locations.
3930 *) Really reset the MaxClients value in worker and threaded
3931 when the configured value is not a multiple of the number
3932 of threads per child. We said we did previously but we
3933 forgot to. [Jeff Trawick]
3935 *) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
3937 *) If shared modules are requested and mod_so is not available,
3938 produce a fatal config-time error. [Justin Erenkrantz]
3940 *) Improve http2env's performance by cutting the work it has to
3941 do. [Brian Pane <bpane pacbell.net>]
3943 *) use new 'apr_hash_merge' function in mod_mime (performance fix)
3944 [Brian Pane <bpane pacbell.net>]
3946 Changes with Apache 2.0.28
3948 *) Fix infinite loop in mod_cgid.c.
3949 [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]
3951 *) When no port is given in a "ServerName host" directive, the
3952 server_rec->port is now set to zero, not 80. That allows for
3953 run-time deduction of the correct server port (depending on
3954 SSL/plain, and depending also on the current setting of
3955 UseCanonicalName). This change makes redirections
3956 work, even with https:// connections. As in Apache-1.3, the
3957 connection's actual port number is never used, only the ServerName
3958 setting or the client's Host: setting. Documentation updated
3959 to reflect the change. [Martin Kraemer]
3961 *) Add a '%{note-name}e' argument to mod-headers, which works in
3962 the same way as mod_log_confg. [Ian Holsman]
3964 *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
3965 AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
3966 MPMs. [Cliff Woolley]
3968 *) Introduce htdbm, a user management utility for db/dbm authorization
3969 databases. [Mladen Turk <mturk mappingsoft.com>]
3971 *) Optimize usage of strlen and strcat in ap_directory_walk.
3972 [Brian Pane <bpane pacbell.net>]
3974 Changes with Apache 2.0.27
3976 *) Introduce an Apache mod_ssl initial configuration template
3977 (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall]
3979 *) Fixed a memory leak in the getline parsing code that could
3980 be triggered by arbitrarily large header lines. Requests
3981 from the core input filter for single lines are now limited
3982 to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert]
3984 *) Fix a truncation bug in how we print the port on the Via: header.
3985 The routine that prints the Via: header now takes a length for
3986 the port string. [Zvi Har'El <rl math.technion.ac.il>]
3988 *) Some syntax errors in mod_mime_magic's magic file can result
3989 in a 500 error, which previously was unlogged. Now we log the
3990 error. [Jeff Trawick]
3992 *) Add the support/checkgid helper app, which checks the run-time
3993 validity of group identifiers usable in the Group directive.
3996 *) Various --enable-so options have been fixed: --enable-so is
3997 treated as "static"; explicit --enable-so=shared issues an error;
3998 and explicit --enable-so fails with error on systems without
3999 APR_HAS_DSO. [Aaron Bannert]
4001 *) Fix a segfault in the core input filter when the client socket
4002 gets disconnected unexpectedly. [Cliff Woolley]
4004 *) Fix the reporting for child processes that die. This removes
4005 all of the non-portable W* macros from Apache.
4006 [Jeff Trawick and Ryan Bloom]
4008 *) Win32: Track and display "Parent Server Generation:" in
4009 mod_status output. The generation will be bumped at
4010 server graceful restart, when the child process exits
4011 by hitting MaxRequestsPerChild or if the child
4012 process exits abnormally. [Bill Stoddard]
4014 *) Win32: Fix problem where MaxRequestsPerChild directive was
4015 not being picked up in favor of the default. Enable
4016 the parent to start up a new child process immediately upon
4017 the old child starting shutdown.
4020 *) Fix some bungling of the remote port in rfc1413.c so that
4021 IdentityCheck retrieves the proper user id instead of failing
4022 and thus always returning "nobody."
4023 [Dick Streefland <Dick.Streefland xs4all.nl>]
4025 *) Introduced thread saftey for mod_rewrite's internal cache.
4026 [Brian Pane <bpane pacbell.net>]
4028 *) Simplified mod_env's directives to behave as most directives are
4029 expected, in that UnsetEnv will not unset a SetEnv and PassEnv
4030 directive following that UnsetEnv within the same container.
4031 Also provides a runtime startup warning if a PassEnv configured
4032 environment value is undefined. [William Rowe]
4034 *) The worker MPM is now completely ported to APR's new lock API. It
4035 uses native APR types for thread mutexes, cross-process mutexes,
4036 and condition variables. [Aaron Bannert]
4038 *) Sync up documentation to remove all references to the now deprecated
4039 Port directive. [Justin Erenkrantz]
4041 *) Moved all ldap modules from the core to httpd-ldap sub-project
4044 *) Exit when we can't listen on any of the configured ports. This
4045 is the same behavior as 1.3, and it avoids having the MPMs to
4046 deal with bogus ap_listen_rec structures. [Jeff Trawick]
4048 *) Cleanup the proxy code that creates a request to the origin
4049 server. This change adds an optional hook, which allows modules
4050 to gain control while the request is created if the proxy module
4051 is loaded. The purpose of this hook is to allow modules to add
4052 input and/or output filters to the request to the origin. While
4053 I was at it, I made the core use this hook, so that proxy request
4054 creation uses some of the code from the core. This can still be
4055 greatly improved, but this is a good start. [Ryan Bloom]
4057 Changes with Apache 2.0.26
4059 *) Port the MaxClients changes from the worker MPM to the threaded
4062 *) Fix mod_proxy so that it handles chunked transfer-encoding and works
4063 with the new input filtering system. [Justin Erenkrantz]
4065 *) Introduce the MultiviewsMatch directive, to allow the operator
4066 to be flexible in recognizing Handlers and Filters filename
4067 extensions as part of the Multiviews matching logic, strict with
4068 MultiviewsMatch NegotiatedOnly to accept only filename extentions
4069 that designate negotiated parameters, (content type, charset, etc.)
4070 or MultiviewsAll for the 1.3 behavior of matching any files, even
4071 if they have unregistered extensions. [William Rowe]
4073 *) Fixed the configure script to add a LoadModule directive to
4074 the default httpd.conf for any module that was compiled
4075 as a DSO. [Aaron Bannert <aaron clove.org>]
4077 *) rewrite mod_ssl input filtering to work with the new input filtering
4078 system. [Justin Erenkrantz]
4080 *) prefork: Don't segfault when we are able to listen on some but
4081 not all of the configured ports. [Jeff Trawick]
4083 *) Build mod_so even if no core modules are built shared.
4084 [Aaron Bannert <aaron clove.org>]
4086 *) Introduce ap_directory_walk rewrite (with further optimizations
4087 required) to adapt to the ap_process_request_internal() changes.
4088 Optimized so subrequests and redirects now reuse previous section
4089 merges, until we mismatch with the original directory_walk, and
4090 precomputed r->finfo results will cause directory_walk to skip
4091 the most expensive phases of the function. [William Rowe]
4093 *) Allow ApacheMonitor to connect to and control Apache on other
4094 WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
4096 *) Remove the Port directive. In it's place, the Listen directive
4097 is now a required directive, which tells Apache what port to
4098 listen on. The ServerName directive has also been extended
4099 to accept an optional port. If the port is specified to the
4100 ServerName, the server will report that port whenever it
4101 reports the port that it is listening on. This change was
4102 made to ease configuration errors that stem from having a Port
4103 directive, and a Listen directive. In that situation, the server
4104 would only listen to the port specified by the Listen command,
4105 which caused a lot of confusion to users. [Ryan Bloom]
4107 *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
4108 build, as loadable modules. [William Rowe]
4110 *) Fix --enable-mods-shared processing. If most is specified,
4111 then all modules that can be compiled as shared modules are.
4112 [Aaron Bannert <aaron clove.org>]
4114 *) Update the mime.types file to map video/vnd.mpegurl to mxu
4115 and add commonly used audio/x-mpegurl for m3u extensions.
4116 [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
4118 *) Eliminate the depreciated r->content_language, in favor of the array
4119 r->content_languages introduced many years ago. Module authors must
4120 substantially overhaul their modules, so this needs to be upgraded
4121 if the module still relied on backwards-brokeness. [William Rowe]
4123 *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
4126 *) Rewrite the input filtering mechanisms to consolidate and reorganize
4127 code. In short, core_input_filter does something now and
4128 ap_http_filter is now only concerned with HTTP. [Justin Erenkrantz]
4130 *) Update the Win32 build to re-absorb mod_proxy and family.
4133 *) Resolved the build failure on Win32 using MSVC 5.0 (without the
4134 current SDK.) [William Rowe]
4136 *) Some style changes to the code that does ProxyErrorOverride. Fixed
4137 config merge behaviour. [Graham Leggett]
4139 *) Allow support programs to be compiled against a static version
4140 of libapr. This allows the smaller support programs to be
4141 relocated. [Aaron Bannert <aaron clove.org>]
4143 *) Update the mime.types file to the registered media types as
4144 of 2001-09-25, and add mapping for xsl extension [Mark Cox]
4146 *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
4147 number of clients that can connect at the same time, instead of
4148 specifying the maximum number of child processes.
4149 [Aaron Bannert <aaron clove.org>]
4151 *) Switch proc_pthread AcceptMutex configuration directive to pthread to
4152 be consistent with 1.3. [Justin Erenkrantz]
4154 *) Cache apr_explode_localtime() value for 15 seconds.
4155 [Brian Pane <bpane pacbell.net>]
4157 *) Fix mod_include to not return ETag or Last-Modified headers.
4158 [Ian Holsman <ianh cnet.com>]
4160 *) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
4162 *) Eliminate the wasteful run-time conversion of method names from strings
4163 to numbers in places where the methods are known at compile time.
4164 [Brian Pane <bpane pacbell.net>]
4166 *) Turn the worker MPM's queue into a LIFO. This may
4167 improve cache-hit performance under some conditions.
4168 [Aaron Bannert <aaron clove.org>]
4170 *) Switch back to SIGUSR1 for graceful restarts on all platforms that
4171 support it. [Justin Erenkrantz]
4173 *) Cleanup the worker MPM. We no longer re-use transaction
4174 pools. This incurs less overhead than shuffling the pools
4175 around so that they can be re-used. Remove one of the
4176 queue's condition variables. We just redefined the API to
4177 state that you can't try to add more stuff than you allocated
4178 segments for. [Aaron Bannert <aaron clove.org>]
4180 *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
4182 *) Fixed persistent connections when a request contains a body.
4185 *) mod_dav uses a new API to speak to the backend provider for dead
4186 property management. [Greg Stein]
4188 *) Remove the Win32 script-processing exception from mod_cgi, and
4189 roll build_command_line/build_argv_list into a unified, overrideable
4190 ap_cgi_build_command optional function. [William Rowe]
4192 *) Rewrite find_start_sequence to use a better search algorithm
4193 to find the start tag. [Justin Erenkrantz]
4195 *) Fix a seg fault in mod_include. When we are generating an
4196 internal redirect, we must set r->uri to "", not a bogus
4197 string, and not NULL. [Ryan Bloom]
4199 *) Optimized location_walk, so subrequests, redirects and second passes
4200 now reuse previous section merges on a <Location > by <Location >
4201 basis, until we mismatch with the original location_walk.
4204 *) Back out the 1.45 change to util_script.c. This change made
4205 us set the environment variable REQUEST_URI to the redirected
4206 URI, instead of the originally requested URI.
4207 [Taketo Kabe <kabe sra-tohoku.co.jp>]
4209 *) Make mod_include do lazy evaluation of potentially expensive to
4210 compute variables. [Brian Pane <bpane pacbell.net>]
4212 *) Fix logging of bytes sent for HEAD requests. %b and %B should
4213 log either - or 0, before this patch, they were both logging
4214 the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
4216 *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather
4217 than per character. [Brian Pane <bpane pacbell.net>]
4219 *) Normalize the primary request, redirects and sub-requests to
4220 run the same ap_process_request_internal for consistency in
4221 robustness, behavior and security. [William Rowe]
4223 *) Fix a segfault with mod_include when r->path_info is not set
4224 (which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
4226 *) Add -X functionality back. This indicates to all MPMs and any other
4227 part of Apache that it should run in "debug" mode. [Justin Erenkrantz]
4229 *) Some initial support for the cygwin platform [prefork only].
4230 This is not to be confused with support for the WinNT/Win32
4231 platform, which is the recommended configuration for native
4232 Win32 users. The cygwin platform support is recommended for
4233 cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
4235 *) Changed syntax of Set{Input|Output}Filter. The list of filters
4236 must be semicolon delimited (if more than one filter is given.)
4237 The Set{Input|Output}Filter directive now overrides a parent
4238 container's directive (e.g. SetInputFilter in <Directory /web/foo>
4239 will override any SetInputFilter directive in <Directory /web>.)
4240 This new syntax is more consistent with Add{Input|Output}Filter
4241 directives defined in mod_mime. Also cures a bug in prior releases
4242 where the Set{Input|Output}Filter directive would corrupt the
4243 global configuration if the multiple directives were nested.
4246 *) Cured what's ailed mime for quite some time. If an AddSomething
4247 was given in the configuration (Language, Charset, Handler or
4248 Encoding) Apache would set the content type as given by AddType,
4249 but refused to check the mime.types file if AddType wasn't given
4250 for that specific extension. Setting the AddHandler for .html
4251 without setting the AddType text/html html would cause Apache to
4252 use the default content type. [William Rowe]
4254 *) Added some bulletproofing to memory allocation in the LDAP cache
4255 code. [Graham Leggett]
4257 Changes with Apache 2.0.25
4259 *) Move the installed /manual directory out of the /htdocs/ tree, so
4260 that it can be kept more independently from the remaining document
4261 root. The "Alias /manual ..." already allowed for easy projection
4262 into existing private document trees. [Martin Kraemer]
4264 *) Add specified user attributes to the environment when using
4265 mod_auth_ldap. This allows you to use mod_include to embed specified
4266 user attributes in a page like so:
4267 Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
4270 *) Fix a performance problem with the worker MPM. We now create
4271 transaction pools once, and re-use them for each connection.
4272 [Aaron Bannert <aaron clove.org>]
4274 *) Modfied mod_mime to prevent mod_negotation from serving a multiview
4275 of a 'handler' or 'filter', so that any filename extension that does
4276 not contribute to the negotiated metadata can't be served without
4277 an explicit request. E.g., if the .Z extension is associated with
4278 an unzip filter, the user request somefile.Z.html, mod_negotiation
4279 won't serve it. It can serve somefile.Z.html when somefile.Z is
4280 requested, since the .Z extension is explictly requested, if the
4281 .html extension is associated with ContentType text/html.
4284 *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
4285 and corresponding AddOutputFilter syntax, to insert one or more
4286 filters by mod_mime filename extension processing.
4289 *) Fix a growing connection pool in core_output_filter() for
4290 keepalive requests. [Jeff Trawick]
4292 *) Moved split_and_pass_pretag_buckets back to being a
4293 macro at Ryans's request. Removed the return from it
4294 by setting and returning a return code instead. Updated
4295 the code to check the return code from the macro and
4296 do the right thing. [Paul J. Reder]
4298 *) Fix a segfault when a numeric value was received for Host:.
4301 *) Add a function ap_remove_input_filter. This is to match
4302 up with ap_remove_output_filter. [Ryan Bloom]
4304 *) Clean up location_walk, so that this step performs a minimum
4305 amount of redundant effort (it must be run twice, but it will no
4306 longer reparse all <Location > blocks when the request uri
4307 hadn't changed.) [William Rowe]
4309 *) Eliminate proxy: (and all other 'special') processing from the
4310 ap_directory_walk() phase. Modules that want to use special
4311 walk logic should refer to the mod_proxy map_to_location example,
4312 with it's proxy_walk and proxysection implementation. This makes
4313 either directory_walk flavor much more legible, since that phase
4314 only runs against real <Directory > blocks.
4317 *) SECURITY: Fix a security problem in mod_include which would allow
4318 an SSI document to be passed to the client unparsed.
4319 [Cliff Woolley, Brian Pane]
4321 *) Introduce the map_to_storage hook, which allows modules to bypass
4322 the directory_walk and file_walk for non-file requests. TRACE
4323 shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
4324 directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
4327 *) Add the ability for mod_include to add the INCLUDES filter
4328 if the file is configured for the server-parsed handler.
4329 This makes the configuration for .shtml files much easier
4330 to understand, and allows mod_include to honor Apache 1.3
4331 config files. Based on Doug MacEachern's patch to PHP
4332 to do the same thing. [Ryan Bloom]
4334 *) force OpenSSL to ignore process local-caching and to always
4335 get/set/delete sessions using mod_ssl's callbacks
4336 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
4337 Geoff Thorpe <geoff geoffthorpe.net>]
4339 *) Make the worker MPM shutdown and restart cleanly. This also
4340 cleans up some race conditions, and gets the worker using
4341 pools more cleanly. [Aaron Bannert <aaron clove.org>]
4343 *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
4345 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
4347 *) Fix for mod_include. Ryan's patch to check error
4348 codes put a return in the wrong place. Also, the
4349 include handler return code wasn't being checked.
4350 I don't like macros with returns, so I converted
4351 SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
4352 [Paul J. Reder <rederpj raleigh.ibm.com>]
4354 *) fix segv in mod_mime if no AddTypes are configured
4355 [John Sterling <sterling covalent.net>]
4357 *) Enable ssl client authentication at SSL_accept time
4358 [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
4360 *) Fix a segfault in mod_include when the original request has no
4361 associated filename (e.g., we're filtering the error document for
4362 a bad URI). [Jeff Trawick]
4364 *) Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick]
4366 *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
4367 of httpd is started and shuts down due to socket conflict. Moving the
4368 call to ap_log_pid solves the problem.
4370 *) Changed the late-1.3 log_config substitution %c to %X, to log the
4371 status of the closed connection, as it conflicts with the far more
4372 common, historical ssl logging directive %...{var}c. [William Rowe]
4374 *) Added the common error/ tree to the build/install targets
4375 (similar to the common icons/ tree) for the multi-language error
4376 messages that Lars committed earlier. [William Rowe]
4378 *) Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard]
4380 *) Added a default commented-out mod_ldap and mod_auth_ldap
4381 configuration to httpd-std.conf and httpd-win.conf
4384 *) Added documentation for mod_ldap and mod_auth_ldap.
4387 *) Enabled negative caching on attribute comparisons in the LDAP cache.
4388 Fixed a problem where the default cache TTL was set in milliseconds
4389 not microseconds causing the cache to time out almost immediately.
4392 *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
4393 module code to follow APR. [Graham Leggett]
4395 *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
4396 cleaned up when the connection pool pool is cleaned up.
4399 *) Fix a minor issue with Jeff Trawick's mod_include
4400 patch. Without this patch, the code will just allocate
4401 more bytes in get_combined_directive than are needed.
4404 *) Added the LDAP authentication module mod_auth_ldap.
4405 [Dave Carrigan <dave rudedog.org>, Graham Leggett]
4407 *) Added the LDAP cache and connection pooling module mod_ldap.
4408 [Dave Carrigan <dave rudedog.org>, Graham Leggett]
4410 *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
4411 by allowing a module to disable itself if its prerequisites are not
4412 met. [Justin Erenkrantz]
4414 Changes with Apache 2.0.24
4416 *) Fix a couple of issues in mod_include when the tag appeared at
4417 offsets near 8192 in the file being parsed. [Jeff Trawick]
4419 *) Fix an assertion failure in mod_ssl when the keepalive timeout is
4420 reached. [Jeff Trawick]
4422 *) Numerous improvements to the Win32 build system. Introduced command line
4423 builds without requiring .mak files for MSVC 6.0 and later versions.
4424 Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
4427 *) Assorted corrections and improvements to the winnt_mpm startup code. Better
4428 reporting of uninstalled services and other error conditions, and changed the
4429 default service name to Apache2. [William Rowe]
4431 *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm
4432 compatibility with existing Apache 1.3 Win32 Apache management utilites.
4433 [Mladen Turk <mturk mappingsoft.com>, William Rowe]
4435 *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
4436 [William Rowe, Greg Ames]
4438 *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
4439 and RemoveCharset directives. [William Rowe]
4441 *) The Unix MPMs other than perchild now allow child server
4442 processes to use the accept mutex when starting as root and
4443 using SysV sems for the accept mutex. Previously, this
4444 combination would lead to fatal errors in the child server
4445 processes. perchild can't use SysV sems because of security
4446 issues. [Jeff Trawick, Greg Ames]
4448 *) Added Win32 revision stamp resources to all http binaries
4449 (including modules/ and support/ tools.) PR7322 [William Rowe]
4451 *) Fix ap_rvprintf to support more than 4K of data at one time.
4452 [Cody Sherr <csherr covalent.net>]
4454 *) We have always used the obsolete/deprecated Netscape syntax
4455 for our tracking cookies; now the CookieStyle directive
4456 allows the Webmaster to choose the Netscape, RFC2109, or
4457 RFC2965 format. The new CookieDomain directive allows the
4458 setting of the cookie's Domain= attribute, too. PR #s 5006,
4459 5023, 5920, 6140 [Ken Coar]
4461 *) Tweak server/Makefile so that the rules for generating exports.c
4462 are compatible with make utilities which don't expand wildcards
4463 in a dependency list (e.g., OS/390 make, certain levels of GNU
4464 make). [Jeff Trawick]
4466 *) Install the SSL headers. [John Sterling <sterling covalent.net>]
4468 *) Begin to sanitize the MPM configuration directives. Now, all
4469 MPMs use the same functions for all common MPM directives. This
4470 should make it easier to catch all bugs in these directives once.
4471 [Cody Sherr <csherr covalent.net>]
4473 *) Close a major resource leak. Every time we had issued a
4474 graceful restart, we leaked a socket descriptor.
4477 *) Fix a problem with the new method code. We need to cast
4478 the 1 to an apr_int64_t or it will be treated as a 32-bit
4479 integer, and it will wrap after being shifted 32 times.
4480 [Cody Sherr <csherr covalent.net> and Ryan Morgan <rmorgan covalent.net>]
4482 *) Fix a bug in mod_expires. Previous to this patch, if you
4483 told mod_expires to add 604800 seconds to the last-modified
4484 time, it actually added 604800 usec's to the last-modified time,
4485 so that when looking at the response it looked like nothing
4486 had been done. The root of the problem was that we always compute
4487 time in usec's, but we ask users to input sec's. This means we
4488 need to convert to usec's before using those values.
4491 *) The worker MPM now handles shutdown and restart requests. It
4492 definitely isn't perfect, but we do stop the servers correctly.
4493 The biggest problem right now is that SIGHUP causes the server to
4494 just die. [Ryan Bloom]
4496 Changes with Apache 2.0.23
4498 *) Use the prefork MPM by default on Unix. [various]
4500 *) Added a systray icon monitor application for Win32.
4501 [Mladen Turk <mturk mappingsoft.com>]
4503 *) mod_rewrite: Fix the line ending on some non-Unix systems for
4504 messages written to the rewrite log.
4505 [Richard Labennett <rlabenn us.ibm.com>]
4507 *) All mod_autoindex query parsing is now quietly quashed with the
4508 IndexOption IgnoreClient. The IndexOption SuppressColumnSorting
4509 still drops the column sort <a href>'s for the column headers, but
4510 IgnoreClient is required to ignore these Query options entirely.
4513 *) Introduced new mod_autoindex query argument parsing for F=[0|1|2]
4514 to allow the client to select plain, FancyIndexing or HTMLTable
4515 formatting, V=[0|1] to inhibit or enable version sorting, and
4516 P=pattern to return only specific files. The old Query Arguments
4517 were reorganized as C=f for sorting column 'f' (same N, D, S, or M
4518 as before), and O=A|D for ordering ascending or descending.
4521 *) Fixed an error in mod_include's directive parsing routines which
4522 caused #if, #elif, and #else expressions containing backslashes
4523 to be improperly evaluated. [Cliff Woolley]
4525 *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to
4526 drop the icon column, SuppressRules to drop the <hr> elements,
4527 and HTMLTable to create rudimentary HTML table listings (implies
4528 FancyIndexing). [William Rowe]
4530 *) Re-introduced the mod_autoindex IndexOptions flag TrackModified
4531 from Apache 1.3.15. This is needed for two reasons, first, given
4532 multiple machines within a server farm, ETags and Last-Modified
4533 stamps won't correspond from machine to machine, and second, many
4534 Unixes don't capture changes to the date or time stamp of existing
4535 files, since these don't modify the dirent itself. [William Rowe]
4537 *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst
4538 and DirectoryWidth options from Apache 1.3.10.
4539 [William Rowe, Ken Coar]
4541 *) Eliminated FancyIndexing directive, deprecated early in Apache
4542 1.3 by the IndexOptions FancyIndexing syntax. [William Rowe]
4544 *) mod_autoindex now excludes any file names that would result in
4545 an error, other than a success or redirect. Also optimized
4546 the parent directory, always included except in the URI '/'.
4549 *) Refactored mod_negotiation and mod_mime to help mod_dir accept
4550 negotiated index pages, and prevent the server from defaulting
4551 to an autoindex of the directory. mod_negotiation will now die
4552 with a 500 Internal Error if it could match some filenames
4553 (e.g. for mod_dir) but none can be served. mod_negotation now
4554 refuses to serve any file with an extention that mod_mime doesn't
4555 recognize, and wasn't part of the request. [William Rowe]
4557 *) Eliminate mod_cgi's handling of .exe files without the .exe file
4558 extension. This is already handled by multiviews, if the admin
4559 wishes to AddHandler .exe or define a content type handler and
4560 associate .exe files with that content type. Multiviews must be
4561 enabled to allow these to be served. [William Rowe]
4563 *) Speed up the server's response to a spike in incoming workload
4564 or restarts by assigning empty scoreboard slots to new processes
4565 when they are available. [Greg Ames]
4567 *) Add a handler to mod_includes.c. This handler is designed to
4568 implement the XbitHack directive. This can't be done with a
4569 fixup, because we need to check the content-type, which is
4570 only available in the handler phase. [Ryan Bloom]
4572 *) Make the includes filter check return codes from filters lower in
4573 the filter chain. If a lower level filter returns an error, then
4574 the request needs to stop immediately. This allows mod_include to
4575 stop parsing data once a lower filter recognizes an error.
4578 *) Add the ability to extend the methods that Apache understands
4579 and have those methods <limit>able in the httpd.conf. It uses
4580 the same bit mask/shifted offset as the original HTTP methods
4581 such as M_GET or M_POST, but expands the total bits from an int to
4582 an ap_int64_t to handle more bits for new request methods than
4583 an int provides. [Cody Sherr <csherr covalent.net>]
4585 *) Fix broken mod_mime behavior in merging its arguments. Possible
4586 cause of unexplicable crashes introduced in 2.0.20. [William Rowe]
4588 *) Solve many mod_ssl porting issues (too many to detail) with
4589 help from the whole team, but most notably [Ralf S. Engelschall,
4590 Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
4591 Doug MacEachern, William Rowe, Cliff Woolley]
4593 *) More stall fixes for the threaded & worker mpm's.
4594 Make mod_status output more accurate. Don't
4595 count workers in processes which aren't actively
4596 serving requests. [Greg Ames]
4598 *) Win32: Get SSI exec cgi tag working. [Bill Stoddard]
4600 *) Add a single listener/multiple worker MPM. This MPM is
4601 definately not fully correct, but it allows us to solve many
4602 of the problems that exist in the threaded MPM. This is a
4603 modified version of the threaded MPM. [Ryan Bloom]
4605 *) Improve content generation throughout Apache, providing closer
4606 compliance with HTML 3.2, HTML 4.01 Transitional and XHTML 1.0
4607 Transitional specifications. [William Rowe]
4609 Changes with Apache 2.0.22
4611 *) Fix a problem where the threaded MPM stalls after restarts or
4612 segfaults. Also prevent multiple active processes from using
4613 the same scoreboard slot. [Greg Ames]
4615 *) Apache/Win32 now fills in the service description with Apache's
4616 server version string, including loaded and advertised modules.
4619 *) Improved support for the Win32 build, to recover gracefully from
4620 missing apr or apr-util directories or the awk interpreter,
4621 create the proper cgi-bin examples, including a test-cgi.bat, and
4622 fix the perl shebang line for printenv.pl, when installing from
4623 the build environment. [William Rowe]
4625 *) Fix a segfault in threaded.c caused by passing uninitialized
4626 apr_thread_t * to apr_thread_join(). [Jeff Trawick]
4628 *) Use new APR number conversion functions to reduce CPU consumption
4629 when setting the content length, and in mod_log_config.
4632 *) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
4633 where HEAD response headers were being repeated twice for
4634 files greater than 32K bytes (4*AP_MIN_BYTES_TO_WRITE). This
4635 problem in the http_header filter was exposed by the recent rewrite
4636 of the content_length filter. [Taketo Kabe, Bill Stoddard]
4638 *) Fix seg faults in mod_status with ExtendedStatus enabled, after
4639 restarts. A garbage pointer to a vhost's server_rec from the
4640 previous generation was being left around under certain
4641 conditions. [Greg Ames]
4643 *) Fix a cosmetic problem with mod_include. Non-existant SSI vars
4644 used to appear as '(none', without the closing paren.
4645 [Günter Knauf <eflash gmx.net>]
4647 *) Improve the exports generating awk script. In the past, we had
4648 work around problems in the awk script by avoiding some #if and
4649 #ifdefs. This has bitten us many times in generating the exports.c
4650 file. This improvement allows corrects the header file parsing.
4651 [Sander Striker <striker apache.org>]
4653 Changes with Apache 2.0.21
4655 *) Resolve the Win32 htpasswd bug, where a file that existed would be
4656 overwritten, regardless of the -c flag.
4657 [William Rowe, Mladen Turk <mladen.turk mail.inet.hr>]
4659 *) Introduce connection sub-pools into ab. Truncating the lifetime
4660 of these allocations means that ab no longer perpetually grows
4661 its working set, running out of memory on large request attempts.
4664 *) Make scoreboard creation a hook. This allows management
4665 modules to have access to the scoreboard at the time that it is
4666 created, and at every restart request.
4667 [Cody Sherr <csherr covalent.net>]
4669 *) Changed AP_MPMQ_MAX_DAEMONS to refer to MaxClients and
4670 added an AP_MPMQ_MAX_DAEMON_USED to refer to the highest
4671 daemon index actually used in the scoreboard. I also
4672 updated the pertinent calls. [Paul J. Reder]
4674 *) Win32: Prevent listening sockets from being inherited by
4675 the Apache child process, CGI scripts, rotatelog process
4676 etc. If the Apache child process segfaults, any processes
4677 that the child started are not reaped. Prior to this fix,
4678 these processes inherited the listening sockets which sometimes
4679 prevented the restarted Apache child process from accepting
4680 connections (ie, the server would hang).
4683 *) Provide vhost and request strings when ExtendedStatus is on.
4686 *) Fix some issues with the pod and prefork: check the pod *after*
4687 processing a connection so that a server processing a time-
4688 consuming request bails out as soon as practical; when the
4689 parent process wakes up a server process via connect(), use an
4690 APR timeout on the connect() so that we don't hang for a long
4691 time if there aren't server processes around to do accept().
4692 [Jeff Trawick, Greg Ames]
4694 *) Performance improvement to mod_mime.c. find_ct() in mod_mime,
4695 spends a lot of time in apr_table_get calls. Using the default
4696 httpd.conf, the tables for languages and charsets are somewhat
4697 large, so the time spent scanning them on each request is
4698 significant. Replacing the tables with hash tables provides
4699 a nice speedup. [Brian Pane <bpane pacbell.net>]
4701 *) Add two functions to allow modules to access random parts of the
4702 scoreboard. This allows modules compiled for one MPM to access the
4703 scoreboard, even if it the server was compiled for another MPM.
4704 [Harrie Hazewinkel <harrie covalent.net>]
4706 Changes with Apache 2.0.20
4708 *) Fix problem in content-length filter where the filter would
4709 buffer all the output from a CGI before sending any bytes
4710 down the filter stack to the network. This problem would cause
4711 significant memory consumption if the CGIs generated
4712 lots of bytes. [Bill Stoddard]
4714 *) Get non-blocking CGI pipe reads working with the bucket brigades.
4717 *) Fix seg fault on Windows when serving files cached with mod_file_cache.
4720 *) Fix a bug in the threaded MPM that would cause it to kill off all
4721 workers immediately after starting if the number of workers started
4722 was above a certain threshold. [Ryan Bloom, Bill Stoddard]
4724 Changes with Apache 2.0.19
4726 *) Fix problem with threaded MPM. The problem was that if each child
4727 process was busy serving a single long-lived request and the server
4728 was sent a graceful restart signal, the server would stop serving
4729 requests. This would happen because each child process would wait to
4730 die until the last thread was done, and the parent wouldn't spawn any
4731 new children until a process died. Now, the parent looks at the fact
4732 that the children are dying gracefully, and starts new children.
4733 Those new children only start enough threads to compliment the number
4734 of threads in the other child process that shares the same spot in
4735 the scoreboard. In this way, we make sure to never go over
4736 MaxClients. [Ryan Bloom]
4738 *) modified mod_negotiation and mod_autoindex to speed up by almost a
4739 factor of two on apr_dir_read()-enhanced platforms, such as Win32
4740 and OS2, by calling ap_sub_request_lookup_dirent() with the results
4741 already provided by apr_dir_read(). [William Rowe]
4743 *) mod_file_cache is now more robust to filtering and serves requests
4744 slightly more efficiently. [Cliff Woolley]
4746 *) Fix problem handling FLUSH bucket in the chunked encoding filter.
4747 Module was calling ap_rwrite() followed by ap_rflush() but the
4748 served content was not being displayed in the browser. Inspection
4749 of the output stream revealed that the first data chunk was
4750 missing the trailing CRLF required by the RFC. [Bill Stoddard]
4752 *) apxs no longer generates ap_send_http_header() in the example handler
4754 *) Fix an ab problem which could cause a divide-by-zero exception
4755 with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
4756 [Ian Holsman <ianh cnet.com>]
4758 *) Solve case-insensitive platforms' confusion about negotiated
4759 filenames, allowing files of differnt case to match in choosing
4760 the document to serve. [William Rowe]
4762 *) Fix brokenness when ThreadsPerChild is higher than the built-in
4763 limit. We left ap_threads_per_child at the higher value which
4764 led to segfaults when doing certain scoreboard operations.
4767 *) Fix seg faults and/or missing output from mod_include. The
4768 default_handler was using the subrequest pool for files and
4769 MMAPs, even though the associated APR structures typically
4770 live longer than the subrequest. [Greg Ames]
4772 *) Extend mod_setenvif to support specifying regular expressions
4773 on the SetEnvIf (and SetEnvIfNoCase) directive attribute field.
4774 Example: SetEnvIf ^TS* [a-z].* HAVE_TS
4775 will cause HAVE_TS to be set if any of the request headers begins
4776 with "TS" and has a value that begins with any character in the
4777 set [a-z]. [Bill Stoddard]
4779 *) httpd children now re-bind themselves to a random CPU on
4780 multiprocessor systems on AIX via bindprocessor() in 2.0.
4781 [Victor J. Orlikowski]
4783 *) Fix htdigest. It would go into a loop in getline when adding
4784 a second user. [Bill Stoddard]
4786 *) Win32 platforms now fully support mod_userdir options. [Will Rowe]
4788 *) Automatically generate httpd.exp for AIX.
4789 DSOs now work again on AIX in 2.0
4790 [Victor J. Orlikowski]
4792 *) Add a new request hook, error_log. This phase allows modules
4793 to act on the error log string _after_ it has been written
4794 to the error log. The goal for this hook is to allow monitoring
4795 modules to send the error string to the monitoring agent.
4798 *) Modify mod_echo to make it use filters for input and output.
4799 [Ryan Morgan <rmorgan covalent.net>]
4801 *) Extend mod_headers to support conditional driven Header
4802 add, append and set. Use SetEnvIf to set an envar and conditionally
4803 add/append/set headers based on this envar thusly:
4805 SetEnvIf TSMyHeader value HAVE_TSMyHeader
4806 Header add MyHeader "%t %D" env=HAVE_TSMyHeader
4808 If the request contains header "TSMyHeader: value" then header
4809 MyHeader: "t=xxxxxxxxxx D=yyyy" will be sent on the response.
4812 *) Extend mod_headers to support using format specifiers on Header
4813 add, append and set header values. Two format specifiers are supported:
4815 %t - reports, in UTC microseconds since the epoch, when the
4816 request was received.
4818 %D - reports the time, in microseconds, between when the request was
4819 received and the response sent.
4822 Header add MyHeader "This request served in %D microseconds. %t"
4824 results in a header being added to the response that looks like this:
4826 MyHeader: This request served in D=5438 microseconds. t=991424704447256
4830 *) Fix reset_filter(). We need to be careful how we remove filters.
4831 If we set r->output_filters to NULL, we also have to reset the
4832 connection's filters. [John Sterling]
4834 *) Optimise reset_filter() in http_protocol.c. [Greg Stein]
4836 *) Add a check to ap_die() to make sure the filter stack is sane and
4837 contains the correct basic filters when an error occurs. This fixes
4838 a problem where headers are not being sent on error. [John Sterling]
4840 *) New Header directive 'echo' option. "Header echo regex" will
4841 cause any headers received on the request that match regex to be
4842 echoed to (included in) the response headers.
4845 *) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
4846 This prevented the inclusion of apr_compat.h. PR #7773
4847 [Oleg Broytmann <phd phd.pp.ru>]
4849 *) Moved util_uri to the apr-util library. This required a bunch of
4850 apr_name changes for the uri utility functions. [Justin Erenkrantz]
4852 *) Move the addition of default AP_HTTP_HTTP_HEADER filters to the
4853 insert_filter phase so that other filters are not bypassed by default.
4856 *) Reimplement mod_headers as an output filter. mod_headers can now
4857 add custom headers to inbound requests using the RequestHeader directive
4858 and to responses using the same old Header directive. [Graham Leggett]
4860 Changes with Apache 2.0.18
4862 *) Fix command-line processing so that if a bad argument is specified
4863 Apache will exit. [Jeff Trawick]
4865 *) Change the make targets and rules to be consistent in all of the
4866 Apache-owned source trees. [Roy Fielding]
4868 *) Fix processing of the TRACE method. Previously we passed bogus
4869 parms to form_header_field() and it overlaid some vhost structures,
4870 resulting in a segfault in check_hostalias().
4871 [Greg Ames, Jeff Trawick]
4873 *) Win32: Add support for reliable piped logs. If the logging process
4874 goes down, Apache will automatically restart it. This function has
4875 been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
4878 *) Do not start piped log processes during the config file
4879 preflight. This change also circumvents a problem on
4880 Windows where the rotatelog processes created during preflight
4881 was not getting cleaned up properly.
4884 *) add "Request Phase Participation" info to mod_info
4887 *) Make first phase changes to the scoreboard data structures in
4888 preparation for the rewriting of the scoreboard per my posted
4889 design notes. [Paul J. Reder]
4891 *) Fix httpd's definition of LTFLAGS to be consistent with that of apr
4892 and apr-util, allow it to be overridden by the configure command-line
4893 (default="--silent") and introduce LT_LDFLAGS to replace what we were
4894 formerly abusing as LTFLAGS. [Roy Fielding]
4896 *) Clean up the reporting of incorrect closing container tags.
4897 [Barrie Slaymaker <barries slaysys.com>]
4899 *) Simplify the configure process by moving all libtool stuff to APR
4900 and moving hints.m4 inline. [Roy Fielding]
4902 *) Add the AP_DECLARE()/AP_CORE_DECLARE macros on the return types
4903 of functions used by mod_proxy for export in the DLL
4904 [Ian Holsman <IanH cnet.com>]
4906 *) Prevent a hang when a cgi handled by mod_cgid tries to read a
4907 request body from its stdin but no reqest body is being written to
4908 the cgi. [Jeff Trawick]
4910 *) mod_log_config: %c connection status incorrectly logged
4911 as "-" (non-keepalive) when MaxKeepAliveRequests is set to 0.
4914 *) Get mod_cern_meta working under Windows
4917 *) Create Files, and thus MMAPs, out of the request pool, not the
4918 connection pool. This solves a small resource leak that had us
4919 not closing files until a connection was closed. In order to do
4920 this, at the end of the core_output_filter, we loop through the
4921 brigade and convert any data we have into a single HEAP bucket
4922 that we know will survive clearing the request_rec.
4923 [Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
4926 *) Completely revamp configure so that it preserves the standard make
4927 variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving
4928 the configure additions to EXTRA_* variables. Also, allow the user
4929 to specify NOTEST_* values for all of the above, which eliminates the
4930 need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM. Fix the setting
4931 of INCLUDES and EXTRA_INCLUDES. Check flags as they are added to
4932 avoid pointless duplications. Fix the order in which flags are given
4933 on the compile and link lines. Remove obsolete macros APR_DOEXTRA,
4934 AC_ADD_LIBRARY, AC_CHECK_DEFINE, APACHE_PASSTHRU, and APACHE_ONCE.
4935 Added APR_SAVE_THE_ENVIRONMENT and APR_RESTORE_THE_ENVIRONMENT macros.
4936 Renamed AC_TYPE_RLIM_T macro to APACHE_TYPE_RLIM_T. [Roy Fielding]
4938 *) Get mod_tls to compile/work better on Windows. PR #7612
4939 [Bernhard Schrenk <b.schrenk improx.com>]
4941 *) Fix shutdown/restart hangs in the threaded MPM.
4942 [Jeff Trawick, Greg Ames, Ryan Bloom]
4944 *) Removed the keptalive boolean from conn_rec because it is now only
4945 used by a single routine and can be replaced by a local variable.
4946 [Greg Stein, Ryan Bloom, Roy Fielding]
4948 *) Patch prefork to put enough of the signal processing back in so that
4949 signals are all handled properly now. The previous patch fixed the
4950 deadlock race condition, but broke the user directed signal handling.
4951 This fixes it to work the way it did before my previous prefork patch
4952 (primarily, SIGTERM is now working).
4954 *) Change how input filters decide how much data is returned to the
4955 higher filter. We used to use a field in the conn_rec, with this
4956 change, we use an argument to ap_get_brigade to determine how much
4957 data is retrieved. [Ryan Bloom]
4959 *) Fix seg fault at start-up introduced by Ryan's change to enable
4960 modules to specify their own logging tags. mod_log_config
4961 registers an optional function, ap_register_log_handler().
4962 ap_register_log_handler() was being called by http_core before
4963 the directive hash table was created. This patch creates the
4964 directive hash table before ap_register_log_handler() is
4965 registered as an optional function.
4966 [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
4968 *) Add ap_set_int_slot() function
4969 [John K. Sterling <sterling covalent.net>]
4971 *) Under certain circumstances, Apache did not supply the
4972 right response headers when requiring authentication.
4973 [Gertjan van Wingerde <Gertjan.van.Wingerde cmg.nl>] PR#7114
4974 (This is a port of the change that went into Apache 1.3.19.)
4976 *) Allow modules to specify their own logging tags. This basically
4977 allows a module to tell mod_log_config that when %x is encountered
4978 a specific function should be called. Currently, x can be any single
4979 character. It may be more useful to make this a string at some point.
4982 Changes with Apache 2.0.17
4984 *) If a higher-level filter handles the byterange aspects of a
4985 request, then the byterange filter should not try to redo the
4986 work. The most common case of this happening, is a byterange
4987 request going through the proxy, and the origin server handles
4988 the byterange request. The proxy should ignore it.
4989 [Graham Leggett <minfrin sharp.fm>]
4991 *) Changed the threaded mpm to have child_main join to each of the
4992 worker threads to make sure the kids are all gone before child_main
4993 exits after a signal (cleanup from perform_idle_server_maintenance).
4994 This is an extension of Ryans recent commit to make the child_main
4997 *) Add more options to the ap_mpm_query function. This also allows MPMs to
4998 report if their threads are dynamic or static. Finally, this also
4999 implements a new API, ap_show_mpm, which returns the MPM that was
5000 required into the core. [Harrie Hazewinkel <harrie covalent.net>]
5002 *) Do not install the binaries from the support directory twice.
5003 [jun-ichiro hagino <itojun iijlab.net>]
5005 *) The ap_f* functions should flush data to the filter that is passed
5006 in, not the filter after the one passed in.
5007 [Ryan Morgan <rmorgan covalent.net>]
5009 *) Make ab work again by changing its native types to apr types and formats.
5010 [Justin Erenkrantz <jerenkrantz ebuilt.com>]
5012 *) Move the byterange filter and all of the supporting functions back
5013 to the HTTP module. The byterange filter turned out to be very
5014 HTTP specific, and it belongs in the HTTP module. [Greg Stein]
5016 *) Make clean, distclean, and extraclean consistently according to the
5017 Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
5019 *) Fix errors in the renaming of the apr_threadattr_detach_xxx functions.
5020 This may have been causing problems stopping processes in the threaded
5023 *) Fix content-length in mod_negotiation to a long int representation.
5026 *) Remove BindAddress from the default config file.
5027 [<giles nemeton.com.au>]
5029 *) Allow module authors to add a module to their Apache build using
5030 --with-module, without re-running buildconf. The syntax is:
5031 --with-module=module_type:/path/to/module.c
5032 The configure script will copy the module.c file to
5033 modules/module_type, and it will be added to the relevant Makefiles.
5034 currently, this only works for static modules. [Ryan Bloom]
5036 *) Changes required to make prefork clean up idle children properly.
5037 There was a window during which a starting worker deadlocks when
5038 an idle cleanup arrives before it completes init. Apache then keeps
5039 trying to cleanup the same deadlocked worker forever (until higher
5040 pids come along, but it still will never reduce below the deadlocked
5041 pid). Thus the number of children would not reduce to the correct
5042 idle level. [Paul J. Reder]
5044 Changes with Apache 2.0.16
5046 *) Change the default installation directory to /usr/local/apache2,
5047 as now defined by the "Apache" layout in config.layout. [Marc Slemko]
5049 *) OS/2: Added support for building loadable modules as OS/2 DLLs.
5052 *) Get MaxRequestsPerChild working with the Windows MPM.
5055 *) Make generic hooks to work, with mod_generic_hook_import/export
5056 experimental modules. [Ben Laurie, Will Rowe]
5058 *) Fix segfaults for configuration file syntax errors such as
5059 "<Directory>" followed by "</Directory" and
5060 "<Directory>" followed by "</Directoryz>". [Jeff Trawick]
5062 *) Cleanup the --enable-layout option of configure. This makes
5063 us use a consistent location for the config.layout file, and it
5064 makes configure more portable.
5065 [jun-ichiro hagino <itojun iijlab.net>]
5067 *) Changes to 'ab'; fixed int overrun's, added statistics, output in
5068 csv/gnuplot format, rudimentary ssl support and various other tweaks
5069 to make results more true to what is measured. The upshot of this it
5070 turns out that 'ab' has often underreported the true performance of
5071 apache. Often by a order of magnitude :-) See talk/paper of Sander
5072 Temme at April ApacheCon 2001 for details.
5073 [Dirk-Willem van Gulik]
5075 *) Clean up mod_cgid's temporary request pool. Besides fixing a
5076 storage leak this ensures that some unnecessary pipes are closed.
5079 *) Performance: Add quick_handler hook. This hook is called at the
5080 very beginning of the request processing before location_walk,
5081 translate_name, etc. This hook is useful for URI keyed content
5082 caches like Mike Abbott's Quick Shortcut Cache.
5085 *) top_module global variable renamed to ap_top_module [Perl]
5087 *) Move ap_set_last_modified to the core. This is a potentially
5088 controversial change, because this is kind of HTTP specific. However
5089 many protocols should be able to take advantage of this kind of
5090 information. I expect that headers will need one more layer of
5091 indirection for multi-protocol work, but this is a small step in
5092 the right direction. [Ryan Bloom]
5094 *) Enable mod_status by default. This matches what Apache 1.3 does.
5097 *) Add a ScriptSock directive to the default config file. This is
5098 only enabled when mod_cgid is used.
5099 [Taketo Kabe <kabe sra-tohoku.co.jp>]
5101 Changes with Apache 2.0.15
5103 *) Untangled the buildconf script and eliminated the need for build's
5104 aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other
5105 libtool muck that is now under srclib/apr/build. [Roy Fielding]
5107 *) Win32: Don't accept more connections than we have worker threads
5111 *) Fix bug in the Unix threaded.c MPM that allowed child processes
5112 to fork() new child processes.
5115 *) SECURITY: Fix a major security problem with double-reverse lookup
5116 checking. Previously, a client connecting over IPv4 would not be
5117 matched properly when the server had an IPv6 listening socket.
5118 PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
5120 *) Change the way the beos MPM handles polling to allow it to stop and
5121 restart. Problem was the sockets being polled were being reset by
5122 the select call, so once it had accepted a connection it was no
5123 longer listening on the UDP socket we use for shutdown instructions.
5124 APR needs to be altered, patch on it's way. [David Reid]
5126 *) Empty out the brigade shared by ap_getline()/ap_get_client_block()
5127 on error exit from ap_getline(). Some other code got upset because
5128 the wrong data was in the brigade. [Greg Ames, Jeff Trawick]
5130 *) Handle ap_discard_request_body() being called more than once.
5131 [Greg Ames, Jeff Trawick]
5133 *) Get rid of an inadvertent close of file descriptor 2 in
5134 mod_mime_magic. [Greg Ames, Jeff Trawick]
5136 *) Add a hook, create_request. This hook allows modules to modify
5137 a request while it is being created. This hook is called for all
5138 request_rec's, main request, sub request, and internal redirect.
5139 When this hook is called, the r->main, r->prev, r->next
5140 pointers have been set, so modules can determine what kind of
5141 request this is. [Ryan Bloom]
5143 *) Cleanup the build process a bit more. The Apache configure
5144 script no longer creates its own helper scripts, it just
5146 [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
5148 *) Stop the forced downgrade of the connection to HTTP/1.0 for
5149 proxy requests. [Graham Leggett]
5151 *) Avoid using sscanf to determine the HTTP protocol number in
5152 the common case because sscanf is a performance hog. From
5153 Mike Abbot's Accelerating Apache patch number 6.
5154 [Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
5156 *) SECURITY: Fix a security exposure in mod_access. Previously when
5157 IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
5158 were not evaluated properly (PR #7407). Also, add the ability to
5159 specify IPv6 address strings with optional prefix length on Allow
5160 and Deny. [Jeff Trawick]
5162 *) Enhance rotatelogs so that a UTC offset can be specified, and
5163 the logfile name can be formatted using strftime(3). (Brought
5164 forward from 1.3.) [Ken Coar]
5166 *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
5167 DuplicateHandle on an IOCompletionPort (a practice which
5168 MS "discourages"). The new model does not rely on associating
5169 the completion port with the listening sockets, thus the
5170 completion port can be completely managed within the child
5171 process. A dedicated thread accepts connections off the network,
5172 then calls PostQueuedCompletionStatus() to wake up worker
5173 threads blocked on the completion port.
5176 *) Bring forward the --suexec-umask option which allows the
5177 builder to preset the umask for suexec processes. [Ken Coar]
5179 *) Add a -V flag to suexec, which causes it to display the
5180 compile-time settings with which it was built. (Only
5181 usable by root or the AP_HTTPD_USER username.) [Ken Coar]
5183 *) Mod_include should always unset the content-length if the file is
5184 going to be passed through send_parsed_content. There is no to
5185 determine if the content will change before actually scanning the
5186 entire content. It is far safer to just remove the C-L as long
5187 as we are scanning it. [Ryan Bloom]
5189 *) Make sure Apache sends WWW-Authenticate during a reverse proxy
5190 request and not Proxy-Authenticate.
5191 [Graham Leggett <minfrin sharp.fm>]
5193 Changes with Apache 2.0.14
5195 *) Fix content-length computation. We ONLY compute a content-length if
5196 We are not in a 1.1 request and we cannot chunk, and this is a keepalive
5197 or we already have all the data. [Ryan Bloom]
5199 *) Report unbounded containers in the config file. Previously, a typo
5200 in the </container> directive could result in the rest of the config
5201 file being silently ignored, with undesired defaults used.
5204 *) Make the old_write filter use the ap_f* functions for the buffering.
5207 *) Move more code from the http module into the core server. This
5208 is core code, basically the default handler, the default input
5209 and output filters, and all of the core configuration directives.
5210 All of this code is required in order for the server to work, with or
5211 without HTTP. The server is closer to working without the HTTP
5212 module, although there is still more to do. [Ryan Bloom]
5214 *) Fix a number of SGI compile warnings throughout the server. Fix some
5215 bad parameters to apr_bucket_read(). Fix a bad statement in
5216 ap_method_in_list(). For the mod_rewrite cache use apr_time_t
5217 consistently; we were mixing apr_time_t and time_t in invalid ways
5218 before. In load_file(), call apr_dso_error() instead of
5219 apr_strerror() so that we get a more specific string on some platforms.
5220 PR #6980 [Jeff Trawick]
5222 *) Allow modules to query the MPM about it's execution profile. This
5223 query API can and should be extended in the future, but for now,
5224 max_daemons, and threading or forking is a very good start.
5225 [Jon Travis <jtravis covalent.net>]
5227 *) Modify mod_include to send blocks of data no larger than 9k.
5228 Without this, mod_include will wait until the whole file is parsed,
5229 or the first tag is found to send any data to the client.
5230 [Paul J. Reder <rederpj raleigh.ibm.com>]
5232 *) Fix mod_info, so that <Directory> and <Location> directives are
5233 not displayed twice when displaying the current configuration.
5234 [Ryan Morgan <rmorgan covalent.net>]
5236 *) Add config directives to override DEFAULT_ERROR_MSG and
5237 DEFAULT_TIME_FORMAT. This was sent in as PR 6193.
5238 [Dan Rench <drench xnet.com>]
5240 *) Get mod_info building and loading on Win32. [William Rowe]
5242 *) Begin to move protocol independant functions out of mod_http. The goal
5243 is to have only functions that are HTTP specific in the http directory.
5246 Changes with Apache 2.0.13
5248 *) Don't assume that there will always be multiple calls to the byterange
5249 filter. It is possible that we will need to do byteranges with only
5250 one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
5252 *) Move the error_bucket definition from the http module to the
5253 core server. Every protocol will need this ability, not just
5256 Changes with Apache 2.0.12
5258 *) Modify mod_file_cache to save pre-formatted strings for
5259 content-length and last-modified headers for performance.
5260 [Mike Abbot <mja trudge.engr.sgi.com>]
5262 *) Namespace protect IOBUFSIZ since it is exposed in the API.
5263 [Jon Travis <jtravis covalent.net>]
5265 *) Use "Basic" authentication instead of "basic" in ab, as the spec
5266 says we should. [Andre Breiler <andre.breiler rd.bbc.co.uk>]
5268 *) Fix a seg fault in mod_userdir.c. We used to use the pw structure
5269 without ever filling it out. This fixes PR 7271.
5270 [Taketo Kabe <kabe sra-tohoku.co.jp> and
5271 Cliff Woolley <cliffwoolley yahoo.com>]
5273 *) Add a couple of GCC attribute tags to printf style functions.
5274 [Jon Travis <jtravis covalent.net>]
5276 *) Add the correct language tag for interoperation with the Taiwanese
5277 versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
5279 *) Migrate the perchild MPM to use the new apr signal child, and
5280 APR thread functions. [Ryan Bloom]
5282 *) Close one copy of the CGI's stdout before creating the new process.
5283 The CGI will still have stdout, because we have already dup'ed it.
5284 This keeps Apache from waiting forever to send the results of a CGI
5285 process that has forked a long-lived child process.
5286 [Taketo Kabe <kabe sra-tohoku.co.jp>]
5288 *) Remove the rest of the pthreads functions from the threaded MPM.
5289 This requires the APR support for a signal thread that was just
5292 *) Make mod_dir use a fixup for sending a redirect to the browser.
5293 Before this, we were using a handler, which doesn't make much
5294 sense, because the handler wasn't generating any data, it would
5295 either return a redirect error code, or DECLINED. This fits the
5296 current hooks better. [Ryan Morgan <rmorgan covalent.net>]
5298 *) Make the threaded MPM use APR threads instead of pthreads.
5301 *) Get mod_tls to the point where it actually appears to work in all cases.
5304 *) implement --enable-modules and --enable-mods-shared for "all" and
5305 "most". [Greg Stein]
5307 *) Move the threaded MPM to use APR locks instead of pthread locks.
5310 *) Rename mpmt_pthread to threaded. This is more in line with the
5311 fact that mpmt_pthread shouldn't be using pthreads directly, and
5312 it is a smaller name that doesn't tie into anything.
5315 *) Rename the module structures so that the exported symbol matches
5316 the file name, and it is easier to automate the installation
5317 process (generating LoadModule directives from the module filenames).
5320 *) Remove the coalesce filter. With the ap_f* functions, this filter
5321 is no longer needed. [Ryan Bloom]
5323 Changes with Apache 2.0.11
5325 *) Remove the dexter MPM. Perchild is the same basic idea, but it has the
5326 added feature of allowing a uid/gid per child process. If no
5327 uid/gid is specified, then Perchild behaves exactly like dexter.
5330 *) Get perchild building again. [Ryan Bloom]
5332 *) Don't disable threads just because we are using the prefork MPM.
5333 If somebody wants to compile without threads, they must now add
5334 --disable-threads to the configure command line. [Ryan Bloom]
5336 *) Begin to move the calls to update_child_status into common code, so
5337 that each individual MPM does not need to update the scoreboard itself.
5340 *) Allow mod_tls to compile under Unix boxes where openssl has been
5341 installed to the system include files.
5342 [Gomez Henri <new-httpd slib.fr>]
5344 *) Cleanup the mod_tls configure process. This should remove any need
5345 to hand-edit any files. We require OpenSSL 0.9.6 or later, but
5346 configure doesn't check that yet. [Ryan Bloom]
5348 *) Add a very early prototype of SSL support (in mod_tls.c). It is
5349 vital that you read modules/tls/README before attempting to build
5352 *) Fix a potential seg fault on all platforms. David Reid fixed this
5353 on BEOS, but the problem could happen anywhere, so we don't want
5354 to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
5356 *) Add new LogFormat directive, %D, to log time it takes to serve a
5357 request in microseconds. [Bill Stoddard]
5359 *) Change AddInputFilter and AddOutputFilter to SetInputFilter and
5360 SetOutputFilter. This corresponds nicely with the other Set
5361 directives, which operate on containers while the Add* directives
5362 tend to work directly on extensions. [Ryan Bloom]
5364 *) Cleanup the header handling a bit. This uses the apr_brigade_*
5365 functions for the buffering so that we don't need to compute
5366 the length of the headers before we actually create the header
5367 buffer. [Ryan Bloom]
5369 *) Allow filters to buffer data using the ap_f* functions. These have
5370 become macros that resolve directly to apr_brigade_*.
5373 *) Get the Unix MPM's to do a graceful restart again. If we are going
5374 to register a cleanup with ap_cleanup_scoreboard, then we have to
5375 kill the cleanup with the same function, and that function can't be
5376 static. [Ryan Bloom]
5378 *) Install all required header files. Without these, it was not
5379 possible to compile some modules outside of the server.
5382 *) Fix the AliasMatch directive in Apache 2.0. When we brought a patch
5383 forward from 1.3 to 2.0, we missed a single line, which broke regex
5384 aliases. [Ryan Bloom]
5386 *) We have a poor abstraction in the protocol. This is a temporary
5387 hack to fix the bug, but it will need to be fixed for real. If
5388 we find an error while sending out a custom error response, we back
5389 up to the first non-OK request and send the data. Then, when we send
5390 the EOS from finalize_request_protocol, we go to the last request,
5391 to ensure that we aren't sending an EOS to a request that has already
5392 received one. Because the data is sent on a different request than
5393 the EOS, the error text never gets sent down the filter stack. This
5394 fixes the problem by finding the last request, and sending the data
5395 with that request. [Ryan Bloom]
5397 *) Make the server status page show the correct restart time, and
5398 thus the proper uptime. [Ryan Bloom]
5400 *) Move the CGI creation logic from mod_include to mod_cgi(d). This
5401 should reduce the amount of duplicate code that is required to
5402 create CGI processes.
5403 [Paul J. Reder <rederpj raleigh.ibm.com>]
5405 *) ap_new_connection() closes the socket and returns NULL if a socket
5406 call fails. Usually this is due to a connection which has been
5407 reset. [Jeff Trawick]
5409 *) Move the Apache version information out of httpd.h and into release.h.
5410 This is in preparation for the first tag with the new tag and release
5411 system. [Ryan Bloom]
5413 *) Begin restructuring scoreboard code to enable adding back in
5414 the ability to use IPC other than shared memory.
5415 Get mod_status working on Windows again. [Bill Stoddard]
5417 *) Make mod_status work with 2.0. This will work for prefork,
5418 mpmt_pthread, and dexter. [Ryan Bloom]
5420 *) Correct a typo in httpd.conf.
5421 [Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
5423 *) Really fix mod_rewrite map lookups this time. [Tony Finch]
5425 *) Get the correct IP address if ServerName isn't set and we can't
5426 find a fully-qualified domain name at startup.
5427 PR#7170 [Danek Duvall <dduvall eng.sun.com>]
5429 *) Make mod_cgid work with SuExec. [Ryan Bloom]
5431 *) Adopt apr user/group name features for mod_rewrite. Eliminates some
5432 'extra' stat's for user/group since they should never occur, and now
5433 resolves the SCRIPT_USER and SCRIPT_GROUP, including on WinNT NTFS
5434 volumes. [William Rowe]
5436 *) Adopt apr features to simplify mod_includes. This changes the
5437 behavior of the USER_NAME variable, unknown uid's are now reported
5438 as USER_NAME="<unknown>" rather than the old user#000 result.
5439 WinNT now resolves USER_NAME on NTFS volumes. [William Rowe]
5441 *) Adopt apr features for simplifing mod_userdir, and accept the new
5442 Win32/OS2 exceptions without hiccuping. [William Rowe]
5444 *) Replace configure --with-optim option by using and saving the
5445 environment variable OPTIM instead. This is needed because configure
5446 options do not support multiple flags separated by spaces.
5449 *) Fix some byterange handling. If we get a byte range that looks like
5450 "-999999" where that is past the end of the file, we should return
5451 a PARTIAL CONTENT status code, and return the whole file as one big
5452 byterange. This matches the 1.3 handling now. [Ryan Bloom]
5454 *) Make the error bucket a real meta-data bucket. This means that the
5455 bucket length is 0, and a read returns NULL data. If one of these
5456 buckets is passed down after the headers are sent, this data will
5457 just be ignored. [Greg Stein]
5459 *) The prefork MPM wasn't killing child processes correctly if a restart
5460 signal was received while the process was serving a request. The child
5461 process would become the equivalent of a second parent process. If
5462 we break out of the accept loop, then we need to do die after cleaning
5463 up after ourselves. [Ryan Bloom]
5465 *) Change the Prefork MPM to use SIGWINCH instead of SIGUSR1 for graceful
5466 restarts. [Ryan Bloom]
5468 *) Modify the apr_stat/lstat/getfileinfo calls within apache to use
5469 the most optimal APR_FINFO_wanted bits. This spares Win32 from
5470 performing very expensive owner, group and permission lookups
5471 and allows the server to function until these apr_finfo_t fields
5472 are implemented under Win32. [William Rowe]
5474 *) Support for typedsafe optional functions - that is functions exported by
5475 optional modules, which, therefore, may or may not be present, depending
5476 on configuration. See the experimental modules mod_optional_fn_{ex,im}port
5477 for sample code. [Ben Laurie]
5479 *) filters can now report an HTTP error to the server. This is done
5480 by sending a brigade where the first bucket is an error_bucket.
5481 This bucket is a simple bucket that stores an HTTP error and
5482 a string. Currently the string is not used, but it may be needed
5483 to output an error log. The http_header_filter will find this
5484 bucket, and output the error text, and then return
5485 AP_FILTER_ERROR, which informs the server that the error web page
5486 has already been sent. [Ryan Bloom]
5488 *) If we get an error, then we should remove all filters except for
5489 those critical to serving a web page. This fixes a bug, where
5490 error pages were going through the byterange filter, even though
5491 that made no sense. [Ryan Bloom]
5493 *) Relax the syntax checking of Host: headers in order to support
5494 iDNS. PR#6635 [Tony Finch]
5496 *) Cleanup the byterange filter to use the apr_brigade_partition
5497 and apr_bucket_copy functions. This removes a lot of very messy
5498 code, and hopefully makes this filter more stable.
5501 *) Remove AddModule and ClearModuleList directives. Both of these
5502 directives were used to ensure that modules could be enabled
5503 in the correct order. That requirement is now gone, because
5504 we use hooks to ensure that modules are in the correct order.
5507 *) When SuExec is specified, we need to add it to the list of
5508 targets to be built. If we don't, then any changes to the
5509 configuration won't affect SuExec, unless 'make suexec' is
5510 specifically run. [Ryan Bloom]
5512 *) Cleaned out open_file from mod_file_cache, as apr now accepts
5513 the APR_XTHREAD argument to open a file for consumption by
5514 parallel threads on win32. [William Rowe]
5516 *) Correct a bug in determining when we follow symlinks. The code
5517 expected a stat -1 result, not an apr_status_t positive error.
5518 Also check if the APR_FINFO_USER fields are valid before we
5519 follow the link. [William Rowe]
5521 *) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
5522 mpm_common.c. These functions are only valid on some platforms,
5523 so they should not be in the main-line code. [Ryan Bloom]
5525 *) Remove ap_chdir_file(). This function is not thread-safe,
5526 and nobody is currently using it. [Ryan Bloom]
5528 *) Do not try to run make depend if there are no .c files in the
5529 current directory, doing so makes `make depend` fail.
5532 *) Update highperformance.conf to work with either prefork or
5533 pthreads mpms. [Greg Ames]
5535 *) Stop checking to see if this is a pipelined request if we know
5536 for a fact that it isn't. Basically, if r->connection->keepalive == 0.
5537 This keeps us from making an extra read call when serving a 1.0
5538 request. [Ryan Bloom and Greg Stein]
5540 *) Fix the handling of variable expansion look-ahead in mod_rewrite,
5541 i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
5542 more complicated nested RewriteMap lookups. PR#7087 [Tony Finch]
5544 *) Fix the RFC number mentioned when complaining about a missing
5545 Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
5547 *) Fix an endless loop in ab which occurred when ab was posting
5548 and the server dropped the connection unexpectedly.
5551 *) Fix a segfault while handling request bodies in ap_http_filter().
5552 This problem has been seen with mod_dav usage as well as with
5553 requests where the body was just being discarded. [Jeff Trawick]
5555 *) Some adjustment on the handling and automatic setting (via
5556 hints.m4) of various compilation flags (eg: CFLAGS). Also,
5557 add the capability to specify flags (NOTEST_CFLAGS and
5558 NOTEST_LDFLAGS) which are used to compile Apache, but
5559 not used during the configuration process. Useful for
5560 flags like "-Werror". [Jim Jagielski]
5562 *) Stop using environment variables to force debug mode or
5563 no detach. We now use the -D command line argument to
5564 specify the correct mode. -DONE_PROCESS and -DNO_DETACH.
5565 [Greg Stein, Ryan Bloom]
5567 *) Change handlers to use hooks. [Ben Laurie]
5569 *) Stop returning copies of filenames from both apr_file_t and
5570 apr_dir_t. We pstrdup the filenames that we store in the
5571 actual structures, so we don't need to pstrdup the strings again.
5574 *) mod_cgi: Fix some problems where the wrong error value was being
5575 traced. [Jeff Trawick]
5577 *) EBCDIC: Fix some missing ASCII conversion on some protocol data.
5580 *) Add generic hooks. [Ben Laurie]
5582 *) Use a real pool to dup the error log descriptor. [Ryan Bloom]
5584 *) Fix a segfault caused by mod_ext_filter when the external filter
5585 program does not exist. [Jeff Trawick]
5587 *) Fix an output truncation error when on an HTTP >= 1.0 request an
5588 object of size between DEFAULT_BUCKET_SIZE and AP_MIN_BYTES_TO_WRITE
5589 was served through mod_charset_lite (or anything else that would
5590 create a transient bucket in this size range). ap_bucket_make_heap()
5591 silently failed (fixed), transient_setaside() discovered it, but
5592 ap_save_brigade() ignored it (fixed). [Jeff Trawick]
5594 *) Ignore \r\n or \n when using PEEK mode for input filters. The problem
5595 is that some browsers send extra lines at the end of POST requests, and
5596 we don't want to delay sending data back to the user just because the
5597 browser isn't well behaved. [Ryan Bloom]
5599 *) Get SuEXEC working again. We can't send absolute paths to suExec
5600 because it refuses to execute those programs. SuEXEC also wasn't
5601 always recognizing configuration changes made using the autoconf
5604 *) Allow the buildconf process to find the config.m4 files in the correct
5605 order. Basically, we can now name config.m4 files as config\d\d.m4,
5606 and we will sort them correctly when inserting them into the build
5607 process. [Ryan Bloom]
5609 *) Get mod_cgid to use apr calls for creating the actual CGI process.
5610 This also allows mod_cgid to use ap_os_create_priviledged_process,
5611 thus allowing for SuExec execution from mod_cgid. Currently, we do
5612 not support everything that standard SuExec supports, but at least
5613 it works minimally now. [Ryan Bloom]
5615 *) Allow SuExec to be configured from the ./configure command line.
5618 *) Update some of the docs in README and INSTALL to reflect some of
5619 the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
5621 *) If we get EAGAIN returned from the call to apr_sendfile, then we
5622 need to call sendfile again. This gets us serving large files
5623 such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
5625 *) Get the support programs building cleanly again.
5626 [Cliff Woolley <cliffwoolley yahoo.com>]
5628 *) The Apache/Win32 Apache.exe and dll's now live in bin. The
5629 current directory logic now backs up over bin/ to determine the
5630 server root from the Apache.exe path.
5632 *) Apache/Win32 now follows the standard conventions of mod_foo.so
5633 loadable modules, dynamic libs are all named libfoo.dll, and the
5634 makefile.win populates the include, lib and libexec directories.
5636 *) Apache is now IPv6-capable. On systems where APR supports IPv6,
5637 Apache gets IPv6 listening sockets by default. Additionally, the
5638 Listen, NameVirtualHost, and <VirtualHost> directives support IPv6
5639 numeric address strings (e.g., "Listen [fe80::1]:8080").
5642 *) Modify the install directory layout. Modules are now installed in
5643 modules/. Shared libraries should be installed in libraries/, but
5644 we don't have any of those on Unix yet. All install directories
5645 are modifyable at configure time. [Ryan Bloom]
5647 *) Install all header files in the same directory on Unix. [Ryan Bloom]
5649 *) Get the functions in server/linked into the server, regardless of
5650 which modules linked into the server. This uses the same hack
5651 for Apache that we use for APR and apr-util to ensure all of the
5652 necessary functions are linked. As a part of thise, the CHARSET_EBCDIC
5653 was renamed to AP_CHARSET_EBCDIC for namespace protection, and to make
5654 the scripts a bit easier.
5657 *) Rework the RFC1413 handling to make it thread-safe, use a timeout
5658 on the query, and remove IPv4 dependencies. [Jeff Trawick]
5660 *) Get all of the auth modules to the point that they will install and
5661 be loadable into the server. Our new build/install mechanism expects
5662 that all modules will have a common name format. The auth modules
5663 didn't use that format, so we didn't install them properly.
5666 *) API routines ap_pgethostbyname() and ap_pduphostent() are no longer
5667 available. Use apr_getaddrinfo() instead. [Jeff Trawick]
5669 *) Get "NameVirtualHost *" working in 2.0. [Ryan Bloom]
5671 *) Return HTTP_RANGE_NOT_SATISFIABLE if the every range requested starts
5672 after the end of the response. [Ryan Bloom]
5674 *) Get byterange requests working with responses that do not have a
5675 content-length. Because of the way byterange requests work, we have to
5676 have all of the data before we can actually do the byterange, so we
5677 can compute the content-length in the byterange filter.
5680 *) Get exe CGI's working again on Windows.
5683 *) Get mod_cgid and mod_rewrite to work as DSOs by changing the way
5684 they keep track of whether or not their post config hook has been
5685 called before. Instead of a static variable (which is replaced when
5686 the DSO is loaded a second time), use userdata in the process pool.
5689 Changes with Apache 2.0a9
5691 *) Win32 now requires perl to complete the final install step for users
5692 to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
5693 and installs the conf, htdocs and htdocs/manual directories.
5696 *) Make mod_include use a hash table to associate directive tags with
5697 functions. This allows modules to implement their own SSI tags easily.
5698 The idea is simple enough, a module can insert it's own tag and function
5699 combination into a hash table provided by mod_include. While mod_include
5700 parses an SSI file, when it encounters a tag in the file, it does a
5701 hash lookup to find the function that implements that tag, and passes
5702 all of the relevant data to the function. That function is then
5703 responsible for processing the tag and handing the remaining data back
5704 to mod_include for further processing.
5705 [Paul J. Reder <rederpj raleigh.ibm.com>]
5707 *) Get rid of ap_new_apr_connection(). ap_new_connection() now has
5708 fewer parameters: the local and remote socket addresses were removed
5709 from the parameter list because all required information is available
5710 via the APR socket. [Jeff Trawick]
5712 *) Distribution directory structure reorganized to reflect a
5713 normal source distribution with external install targets.
5716 *) The MPMs that need multiple segments of shared memory now create
5717 two apr_shmem_t variables, one for each shared memory allocation.
5718 the problem is that we can't determine how much memory will be required
5719 for shared memory allocations once we try to allocate more than one
5720 variable. The MM code automatically aligns the shared memory allocations,
5721 so we end up needing to pad the amount of shared memory we want based
5722 on how many variables will be allocated out of the shared memory segment.
5723 It is just easier to create a second apr_shmem_t variable, and two
5724 shmem memory blocks.
5727 *) Cleanup the export list a bit. This creates a single unified list of
5728 functions exported by APR. The export list is generated at configure
5729 time, and that list is then used to generate the exports.c file.
5730 Because of the way the export list is generated, we only export those
5731 functions that are valid on the platform we are building on.
5734 *) Enable logging the cookie with mod_log_config
5735 [Sander van Zoest <sander covalent.net>]
5737 *) Fix a segfault in mod_info when it reaches the end of the configuration.
5740 *) Added lib/aputil/ as a placeholder for utility functions which are not
5741 specific to the Apache HTTP Server (but do not make sense with APR).
5742 The first utility is "apu_dbm": a set of functions to work with DBM
5743 files. This first version can be compiled for SDBM or GDBM databases.
5746 *) Complete re-write of mod_include. This makes mod_include a filter that
5747 uses buckets directly. This has now served the FAQ correctly.
5748 [Paul Reder <rederpj raleigh.ibm.com>]
5750 *) Allow modules to specify the first filter in a sub_request when
5751 making the sub_request. This keeps modules from having to change the
5752 output_filter immediately after creating the sub-request, and therefore
5753 skip the sub_req_output_filter. [Ryan Bloom]
5755 *) Update ab to accept URLs with IPv6 literal address strings (in the
5756 format described in RFC 2732), and to build Host header fields in
5757 the same format. This allows IPv6 literal address strings to be
5758 used with ab. This support has been tested against Apache 1.3 with
5759 the KAME patch, but Apache 2.0 does not yet work with this format
5760 of the Host header field. [Jeff Trawick]
5762 *) Accomodate an out-of-space condition in the piped logs and the
5763 rotatelogs.c code, and no longer churn log processes for this
5764 condition. [Victor J. Orlikowski]
5766 *) Add support for partial writes with apr_sendfile() to core_output_filter.
5769 Changes with Apache 2.0a8
5771 *) Add a directive to mod_mime so that filters can be associated with
5775 *) Get multi-views working again. We were setting the path_info
5776 field incorrectly if we couldn't find the specified file.
5779 *) Fix 304 processing. The core should never try to send the headers
5780 down the filter stack. Always, just setup the table in the request
5781 record, and let the header filter convert it to data that is ready
5785 *) More fixes for the proxy. There are still bugs in the proxy code,
5786 but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP)
5790 *) Fix params for apr_getaddrinfo() call in connect proxy handler.
5793 *) APR: Add new apr_getopt_long function to handle long options.
5794 [B. W. Fitzpatrick <fitz red-bean.com>]
5796 *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname.
5797 Add generic apr_create_socket(). Add apr_getaddrinfo() for doing
5798 hostname resolution/address string parsing and building
5799 apr_sockaddr_t. Add apr_get_sockaddr() for getting the address
5800 of one of the apr_sockaddr_t structures for a socket. Change
5801 apr_bind() to take apr_sockaddr_t. [David Reid and Jeff Trawick]
5803 *) Remove the BUFF from the HTTP proxy. This is still a bit ugly, but
5804 I have proxied pages with it, cleanup will commence soon.
5807 *) Make the proxy work with filters. This isn't perfect, because we
5808 aren't dealing with the headers properly. [Ryan Bloom]
5810 *) Do not send a content-length iff the C-L is 0 and this is a head
5811 request. [Ryan Bloom]
5813 *) Make cgi-bin work as a regular directory when using mod_vhost_alias
5814 with no VirtualScriptAlias directives. PR#6829 [Tony Finch]
5816 *) Remove BUFF from the PROXY connect handling. [Ryan Bloom]
5818 *) Get the default_handler to stop trying to deal with HEAD requests.
5819 The idea is to let the content-length filter compute the C-L before
5820 we try to send the data. If we can get the C-L correctly, then we
5821 should send it in the HEAD response.
5824 *) The Header filter can now determine if a body should be sent based
5825 on r->header_only. The general idea of this is that if we delay
5826 deciding to send the body, then we might be able to compute the
5827 content-length correctly, which will help caching proxies to cache
5828 our data better. Any handler that doesn't want to try to compute
5829 the content-length can just send an EOS bucket without data and
5830 everything will just work.
5833 *) Add the referer to the error log if one is available.
5834 [Markus Gyger <mgyger itr.ch>]
5836 *) Mod_info.c has now been ported to Apache 2.0. As a part of this
5837 change, the root of the configuration tree has been exposed to modules
5839 [Ryan Morgan <rmorgan covalent.net>]
5841 *) Get the core_output_filter to use the bucket interface directly.
5842 This keeps us from calling the content-length filter multiple times
5843 for a simple static request.
5846 *) We are sending the content-type correctly now.
5847 [Ryan Bloom and Will Rowe]
5849 *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report
5850 a bogus bytes-sent value when the only thing being sent was trailers
5851 and writev() returned an error (or EAGAIN). [Jeff Trawick]
5853 *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again. This uses the
5854 hints file to determine which platforms define
5855 SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
5858 *) APR: add apr_get_home_directory() [Jeff Trawick]
5860 *) Initial import of 1.3-current mod_proxy. [Chuck Murcko]
5862 *) Not all platforms have INADDR_NONE defined by default. Apache
5863 used to make this check and define INADDR_NONE if appropriate,
5864 but APR needs the check too, and I suspect other applications will
5865 as well. APR now defines APR_INADDR_NONE, which is always a valid
5866 value on all platforms.
5867 [Branko Čibej <brane xbc.nu>]
5869 *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824.
5870 [Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
5872 *) Relax the syntax checking of Host: headers in order to support
5873 iDNS. PR#6635 [Tony Finch]
5875 *) When reading from file buckets we convert to an MMAP if it makes
5876 sense. This also simplifies the default handler because the
5877 default handler no longer needs to try to create MMAPs.
5880 *) BUFF has been removed from the main server. The BUFF code will remain
5881 in the code until it has been purged from the proxy module as well.
5884 *) Byteranges have been completely re-written to be a filter. This
5885 has been tested, and I believe it is working correctly, but it could
5886 doesn't work for the Adobe Acrobat plug-in. The output almost matches
5887 the output from 1.3, the only difference being that 1.3 includes
5888 a content-length in the response, and this does not.
5891 *) APR read/write functions and bucket read functions now operate
5892 on unsigned integers, instead of signed ones. It doesn't make
5893 any sense to use signed ints, because we return the error codes,
5894 so if we have an error we should report 0 bytes read or written.
5897 *) Always compute the content length, whether it is sent or not.
5898 The reason for this, is that it allows us to correctly report
5899 the bytes_sent when logging the request. This also simplifies
5900 content-length filter a bit, and fixes the actual byte-reporing
5901 code in mod_log_config.c
5904 *) Remove AP_END_OF_BRIGADE definition. This does not signify what
5905 it says, because it was only used by EOS and FLUSH buckets. Since
5906 neither of those are required at the end of a brigade, this was
5907 really signifying FLUSH_THE_DATA, but that can be determined better
5908 by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH. EOS and FLUSH
5909 buckets now return a length of 0, which is actually the amount of data
5910 read, so they make more sense.
5913 *) Allow the core_output_filter to save some data past the end of a
5914 request. If we get an EOS bucket, we only send the data if it
5915 makes sense to send it. This allows us to pipeline request
5916 responses. As a part of this, we also need to allocate mmap
5917 buckets out of the connection pool, not the request pool. This
5918 allows the mmap to outlive the request.
5921 *) Make blocking and non-blocking bucket reads work correctly for
5922 sockets and pipes. These are the only bucket types that should
5923 have non-blocking reads, because the other bucket types should
5924 ALWAYS be able to return something immediately.
5927 *) In the Apache/Win32 console window, accept Ctrl+C to stop the
5928 server, but use Ctrl+Break to initiate a graceful restart
5929 instead of duplicating behavior. [John Sterling]
5931 *) Patch mod_autoindex to set the Last-Modified header based on
5932 the directory's mtime, and add the ETag header. [William Rowe]
5934 *) Merge the 1.3 patch to add support for logging query string in
5935 such a way that "%m %U%q %H" is the same as "%r".
5938 *) Port three log methods from mod_log_config 1.3 to 2.0:
5939 CLF compliant '-' byte count, method and protocol.
5942 *) Add a new LogFormat directive, %c, that will log connection
5943 status at the end of the response as follows:
5944 'X' - connection aborted before the response completed.
5945 '+' - connection may be kept-alive by the server.
5946 '-' - connection will be closed by the server.
5949 *) Expand APR for WinNT to fully accept and return utf-8 encoded
5950 Unicode file names and paths for Win32, and tag the Content-Type
5951 from mod_autoindex to reflect that charset if the feature
5952 macro APR_HAS_UNICODE_FS is true. [William Rowe]
5954 *) Compute the content length (and add appropriate header field) for
5955 the response when no content length is available and we can't use
5956 chunked encoding. [Jeff Trawick]
5958 *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK,
5959 so that content input filters get dechunked data when using
5960 the default handler. Also removed REQUEST_CHUNKED_PASS.
5963 *) Add mod_ext_filter as an experimental module. This module allows
5964 the administrator to use external programs as filters. Currently,
5965 only filtering of output is supported. [Jeff Trawick]
5967 *) Most Apache functions work on EBCDIC machines again, as protocol
5968 data is now translated (again). [Jeff Trawick]
5970 *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of
5971 the EBCDIC support. They are noops on ASCII machines, so this
5972 type of translation doesn't have to be surrounded by #ifdef
5973 CHARSET_EBCDIC. [Jeff Trawick]
5975 *) Fix mod_include. tag commands work again, and the server will
5976 send the FAQ again. This also allows mod_include to set aside
5977 buckets that include partial buckets.
5978 [Ryan Bloom and David Reid]
5980 *) Add suexec support back. [Manoj Kasichainula]
5982 *) Lingering close now uses the socket directly instead of using
5983 BUFF. This has been tested, but since all we can tell is that it
5984 doesn't fail, this needs to be really hacked on.
5987 *) Allow filters to modify headers and have those headers be sent to
5988 the client. The idea is that we have an http_header filter that
5989 actually sends the headers to the network. This removes the need
5990 for the BUFF to send headers.
5993 *) Charset translation: mod_charset_lite handles translation of
5994 request bodies. Get rid of the xlate version of ap_md5_digest()
5995 since we don't compute digests of filtered (e.g., translated)
5996 response bodies this way anymore. (Note that we don't do it at
5997 all at the present; somebody needs to write a filter to do so.)
6000 *) Input filters and ap_get_brigade() now have a input mode parameter
6001 (blocking, non-blocking, peek) instead of a length parameter.
6004 *) Update the mime.types file to the registered media types as
6005 of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp home.net>,
6008 *) Namespace protect some macros declared in ap_config.h
6011 *) Support HTTP header line folding with input filtering.
6014 *) Mod_include works again. This should still be re-written, but at
6015 least now we can serve an SHTML page again.
6018 *) Begin to remove BUFF from the core. Currently, we keep a pointer
6019 to both the BUFF and the socket in the conn_rec. Functions that
6020 want to use the BUFF can, functions that want to use the socket,
6021 can. They point to the same place.
6024 *) apr_psprintf doesn't understand %lld as a format. Make it %ld.
6025 [Tomas Ögren <stric ing.umu.se>]
6027 *) APR pipes on Unix and Win32 are now cleaned up automatically when the
6028 associated pool goes away. (APR pipes on OS/2 were already had this
6029 logic.) This resolvs a fatal file descriptor leak with CGIs.
6032 *) The final line of the config file was not being read if there was
6033 no \n at the end of it. This was caused by apr_fgets returning
6034 APR_EOF even though we had read valid data. This is solved by
6035 making cfg_getline check the buff that was returned from apr_fgets.
6036 If apr_fgets return APR_EOF, but there was data in the buf, then we
6037 return the buf, otherwise we return NULL.
6040 *) Piped logs work again in the 2.0 series.
6043 *) Restore functionality broken by the mod_rewrite security fix:
6044 rewrite map lookup keys and default values are now expanded
6045 so that the lookup can depend on the requested URI etc.
6046 PR #6671 [Tony Finch]
6048 *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
6049 security bug in some mass virtual hosting configurations
6050 that can allow a remote attacker to retrieve some files
6051 on the system that should be inaccessible. [Tony Finch]
6053 *) Add a pool bucket type. This bucket is used for data allocated out
6054 of a pool. If the pool is cleaned before the bucket is destroyed, then
6055 the data is converted to a heap bucket, allowing it to survive the
6059 *) Add a flush bucket. This allows modules to signal that the filters
6060 should all flush whatever data they currently have. There is no way
6061 to actually force them to do this, so if a filter ignores this bucket,
6062 that's life, but at least we can try with this.
6065 *) Add an output filter for sub-requests. This filter just strips the
6066 EOS bucket so that we don't confuse the main request's core output
6067 filter by sending multiple EOS buckets. This change also makes sub
6068 requests start to send EOS buckets when they are finished.
6071 *) Make ap_bucket_(read|destroy|split|setaside) into macros. Also
6072 makes ap_bucket_destroy a return void, which is okay because it
6073 used to always return APR_SUCCESS, and nobody ever checked its
6074 return value anyway.
6075 [Cliff Woolley <cliffwoolley yahoo.com>]
6077 *) Remove the index into the bucket-type table from the buckets
6078 structure. This has now been replaced with a pointer to the
6079 bucket_type. Also add some macros to test the bucket-type.
6082 *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
6083 for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
6084 and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
6085 All _VAR_ flavors changes to _DATA to be absolutely clear.
6088 *) Add support for /, //, //servername and //server/sharename
6089 parsing of <Directory> blocks under Win32 and OS2.
6090 [Tim Costello, William Rowe, Brian Harvard]
6092 *) Remove the function pointers from the ap_bucket type. They have been
6093 replaced with a global table. Modules are allowed to register bucket
6094 types and use then use those buckets.
6097 *) mod_cgid: In the handler, shut down the Unix socket (only for write)
6098 once we finish writing the request body to the cgi child process;
6099 otherwise, the client doesn't hit EOF on stdin. Small request bodies
6100 worked without this change (for reasons I don't understand), but large
6101 ones didn't. [Jeff Trawick]
6103 *) Remove file bucket specific information from the ap_bucket type.
6104 This has been moved to a file_bucket specific type that hangs off
6105 the data pointer in the ap_bucket type.
6108 *) Input filtering now has a third argument. This is the amount of data
6109 to read from lower filters. This argument can be -1, 0, or a positive
6110 number. -1 means give me all the data you have, I'll deal with it and
6111 let you know if I need more. 0 means give me one line and one line
6112 only. A positive number means I want no more than this much data.
6114 Currently, only 0 and a positive number are implemented. This allows
6115 us to remove the remaining field from the conn_rec structure, which
6119 *) Big cleanup of the input filtering. The goal is that http_filter
6120 understands two conditions, headers and body. It knows where it is
6121 based on c->remaining. If c->remaining is 0, then we are in headers,
6122 and http_filter returns a line at a time. If it is not 0, then we are
6123 in body, and http_filter returns raw data, but only up to c->remaining
6124 bytes. It can return less, but never more.
6125 [Greg Ames, Ryan Bloom, Jeff Trawick]
6127 *) mod_cgi: Write all of the request body to the child, not just what
6128 the kernel would accept on the first write. [Jeff Trawick]
6130 *) Back out the change that moved the brigade from the core_output_filters
6131 ctx to the conn_rec. Since all requests over a given connection
6132 go through the same core_output_filter, the ctx pointer has the
6136 *) Fix another bug in the send_the_file() read/write loop. A partial
6137 send by apr_send would cause unsent data in the read buffer to
6138 get clobbered. Complete making send_the_file handle partial
6139 writes to the network.
6142 *) Fix a couple of type fixes to allow compilation on AIX again
6143 [Victor J. Orlikowski <v.j.orlikowski gte.net>]
6145 *) Fix bug in send_the_file() which causes offset to be ignored
6146 if there are no headers to send.
6149 *) Handle APR_ENOTIMPL returned from apr_sendfile in the core
6150 filter. Useful for supporting Windows 9* with a binary
6151 compiled on Windows NT.
6154 Changes with Apache 2.0a7
6156 *) Reimplement core_output_filter to buffer/save bucket brigades
6157 across multiple calls to the core_filter. The brigade will be
6158 sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE
6159 thresholds are hit or the EOS bucket is received.
6162 *) Create experimental filter (buffer_filter) that coalesces bytes
6163 into one large buffer before invoking the next filter in the
6164 chain. This filter is particularly useful with the current
6165 implementation of mod_autoindex when it inserted above the
6166 chunk_filter. mod_autoindex generates a lot of brigades that
6167 containing buckets holding just a few bytes each. The
6168 buffer_filter coalesces these buckets into a single large bucket.
6171 *) Add apr_sendfile() support into the core_output_filter.
6174 *) Add apr_sendv() support into the core_output_filter.
6177 *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS
6178 [Mike Abbott <mja sgi.com>]
6180 *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't
6181 make much sense, because Apache uses buckets instead of BUFFs now.
6184 *) send_the_file now falls back to a read/write loop on platforms that
6185 do not have sendfile.
6186 [Ryan Bloom and Brian Havard]
6188 *) Install apachectl correctly, and substitute the proper values so
6189 that it works again. [Ryan Bloom]
6191 *) Better(??) handle platforms that lack sendfile().
6194 *) APR now has UUID generation/formatting/parsing support.
6197 *) Begin the http_filter. This is an input filter that understands
6198 the absolute basic amount required to parse an HTTP Request. The
6199 goal is to be able to split headers from request body before passing
6200 the data back to the other filters.
6203 *) Bring forward from 1.3.13 the config directory implementation
6206 *) install apxs if it is created
6209 *) Added APR_IS_STATUS_condition test macros to eliminate canonical error
6210 conversions. [William Rowe]
6212 *) Now that we have ap_add_input_filter(), rename ap_add_filter() to
6213 ap_add_output_filter(). [Jeff Trawick]
6215 *) Multiple build and configuration fixes
6218 -add datadir and localstatedir substitutions
6220 -fix logfilename misspelling
6221 -fix evaluation of installation dir variables and
6222 -replace $foobar by $(foobar) to be usefull in the makefile
6226 -add rules for cross-compiling in rules.mk. Okay, rule to check for
6227 $CC_FOR_BUILD is still missing
6228 -use CHECK_TOOL instead of CHECK_PROG for ranlib
6229 -add missing "AR=@AR@" to severaly Makefile.in's
6230 -cache result for "struct rlimit"
6231 -compile all helper programs with native and cross compiler
6232 and use the native version to generate header file
6233 [Rüdiger Kuhlmann <Tadu gmx.de>]
6235 *) Prepare our autoconf setup for autoconf 2.14a and for cross-
6237 [Rüdiger Kuhlmann <Tadu gmx.de>]
6239 *) Fix a bug where a client which only sends \n to delimit header
6240 lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED
6241 message. Start working on ebcdic co-existance with input
6243 [William Rowe, Greg Ames]
6245 *) If mod_so is enabled in the server always create libexec, even
6246 if there are no modules installed in this directory. This is a
6247 requirement for APXS to work correctly.
6250 *) Connection oriented output filters are now stored in the
6251 conn_rec instead of the request_rec. This allows us to add the
6252 output filter in the pre-connection phase instead of the
6253 post_read_request phase, which keeps us from trying to write an
6254 error page before we have a filter to write to the network.
6255 [Ryan Bloom, Jeff Trawick, and Greg Ames]
6257 *) Cleaning up an mmap bucket no longer deletes the mmap. An
6258 mmap can be used across multiple buckets (default_handler with
6259 byte ranges, mod_file_cache, mod_mmap_static), so cleanup of
6260 the mmap itself can't be associated with the bucket.
6263 *) Add .dll caching directive ISAPICacheFile to mod_isapi.
6266 *) Radical surgery to improve mod_isapi support under Win32.
6267 Includes a number of newer ServerSupportFunction calls, support
6268 for ReadClient (in order to retrieve POSTs greater than 48KB),
6269 and general bug fixes to more reliably load ISAPI .dll's and
6270 prevent leaking handle resources. Note: There are still
6271 discrepancies between IIS's and Apache's ServerVariables, and
6272 async calls are still not supported. Additional warnings are
6273 logged to facilitate debugging of unsupported ISAPI calls.
6276 *) Add input filtering to Apache. The basic idea for the input
6277 filters is the same as the ideas for output filters. The biggest
6278 difference is that instead of calling ap_pass_brigade, ap_get_brigade
6279 should be called, and the order of execution for the filter itself is
6280 different. When writing an output filter, a brigade is passed in,
6281 and filters operate directly on that brigade, when done, they call
6282 ap_pass_brigade. Input filters are the exact opposite. Because input
6283 is not a push operation, filters first call ap_get_brigade. When this
6284 function returns, the input filter will be left with a valid brigade.
6285 The input filter should then operate on the brigade, and return.
6288 *) Fix building on BSD/OS using its native make. The build system
6289 falls back to the BSD .include directive on that host platform.
6292 *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
6293 SHA1 and plaintext password encodings. Make feature tests a
6294 bit more flexible. [William Rowe]
6296 *) Charset translation: mod_charset_lite handles output content
6297 translation in a filter. mod_charset_lite no longer ignores
6298 subrequests. A bunch of cruft related to BUFF's support for
6299 translating request and response bodies was removed.
6302 *) Move the addition of the CORE filter to the post_read_request
6303 hook in http_core.c. This removes the need to add the filter in
6304 multiple places and allows for an SSL module to be added much
6305 simpler. [Ryan Bloom]
6307 *) SECURITY: CVE-2000-0913 (cve.mitre.org)
6308 Fix a security problem that affects certain configurations of
6309 mod_rewrite. If the result of a RewriteRule is a filename that
6310 contains expansion specifiers, especially regexp backreferences
6311 $0..$9 and %0..%9, then it may be possible for an attacker to
6312 access any file on the web server. [Tony Finch]
6314 *) Fix a bug where errors that are detected during early request parsing
6315 don't produce visible HTTP error messages at the browser, because
6316 the core_filter wasn't present. [Greg Ames]
6318 *) Provide apr_socklen_t as a portability aid.
6319 [Victor J. Orlikowski]
6321 *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
6322 as well as a comment arg to the add, adduser and update cmds.
6323 update allows the user to clear or preserve pw/groups/comment.
6324 Fixed a bug in dbmmanage that prevented the check option from
6325 parsing a password followed by :group... text. Corrected the
6326 seed calcualation for Win32 systems, and added -lsdbm support.
6329 *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
6332 *) Avoid a segfault when parsing .htaccess files. An
6333 uninitialized tree pointer was passed to ap_build_config().
6336 *) Change the way that inet_addr & inet_network are checked for
6337 in APR's configure process to allow BeOS BONE to correctly
6338 find them. With this change BeOS BONE now builds from source
6339 with no problems. [David Reid]
6341 *) Fix a bug in apr_create_process() for Unix. The NULL signifying
6342 the end of the parameters to execve() was stored in the wrong
6343 location, overlaying the storage beyond the newargs[] array and
6344 also passing uninitialized storage to execve(), which would
6345 sometimes fail with EFAULT. [Jeff Trawick]
6347 *) Fix a bug parsing configuration file containers. With a sequence
6348 like this in the config file
6350 <IfModule mod_kilroy.c>
6353 <IfModule mod_lovejoy.c>
6358 the second container would be terminated at the blank line due to
6359 sediment in the buffer from reading the prior </IfModule> and an
6360 error message would be generated for the real </IfModule> for the
6361 second container. Also due to this problem, any two characters
6362 could be used for "</" in the close of a container.
6365 *) ap_add_filter prototype changed to remove the ctx pointer. The
6366 pointer still remains in the filter structure, but it can not be
6367 a part of the ap_add_filter prototype. The reason is that when
6368 the core uses AddFilter to add a filter to the stack it doesn't
6369 know how to allocate the ctx pointer, or even how much memory should
6370 be allocated. The filters will have to be responsible for allocating
6371 the ctx memory when they need it.
6374 *) Add an AddFilter directive. This directive takes a list of filters
6375 that should be activated for the requested resource.
6378 *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
6379 some other platforms). [Jeff Trawick]
6381 *) Modify mod_include to be a filter. Currently, it has only been tested
6382 on actual files, but it should work for CGI scripts too.
6385 *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
6386 writes. apr_flush() for Unix: handle interrupted writes.
6389 *) NameVirtualHost can now take "*" as an argument instead of
6390 an IP address. This allows you to create a purely name-based
6391 virtual hosting server that does not have any IP addresses in
6392 the configuration file and which ignores the local address
6393 of any connections. PR #5595, PR #4455 [Tony Finch]
6395 *) Fix some compile warnings in mod_mmap_static.c
6396 [Mike Abbott <mja sgi.com>]
6398 *) Fix chunking problem with CGI scripts. The general problem was that
6399 the CGI modules were adding an EOS bucket and then the core added an
6400 EOS bucket. The chunking filter finalizes the chunked response when it
6401 encounters an EOS bucket. Because two EOS buckets were sent, we
6402 finalized the response twice. The fix is to make sure we only send one
6403 EOS, by utilizing a flag in the request_rec.
6406 *) apr_put_os_file() now sets up the unget byte appropriately on Unix
6407 and Win32. Previously, the first read from an apr_file_t set up via
6408 apr_put_os_file() would return a '\0'. [Jeff Trawick]
6410 *) Mod_cgid now creates a single element bucket brigade, with a pipe
6411 bucket, instead of using BUFF's and ap_r*.
6414 *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
6415 [Mike Abbott <mja sgi.com>]
6417 *) Remove ap_bopenf from buff code. This required modifying the file_cache
6418 code to use APR file's directly instead of going through BUFFs.
6421 *) Fix compile break on some platforms for mod_mime_magic.c
6422 [John K. Sterling <sterling covalent.net>]
6424 *) Fix merging of AddDefaultCharset directive.
6425 PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
6427 *) Minor revamp of the rlimit sections of code. We now test
6428 explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
6429 is now "available" even if the platform doesn't support
6430 the rlimit family (it's just a noop though). [Jim Jagielski]
6432 *) Migrate the pre-selection of which MPM to use for specific
6433 platforms to hints.m4, which contains (or should contain)
6434 all platform specific "hints". [Jim Jagielski]
6436 *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary
6439 *) Add tables with non-string/binary values to APR.
6442 *) Fix some bad calls to ap_log_rerror() in mod_rewrite.
6445 *) Update PCRE to version 3.2. [Ryan Bloom]
6447 *) Change the way buckets' destroy functions are called so that
6448 they can be more directly used when changing the type of a
6449 bucket in place. [Tony Finch]
6451 *) Add generic support for reference-counting the resources used by
6452 buckets, and alter the HEAP and MMAP buckets to use it. Change
6453 the way buckets are initialised to support changing the type of
6454 buckets in place, and use it when setting aside TRANSIENT buckets.
6455 Change the implementation of TRANSIENT buckets so that it can be
6456 mostly shared with IMMORTAL buckets, which are now implemented.
6459 Changes with Apache 2.0a6
6461 *) Add support to Apache and APR for dsos on OS/390. [Greg Ames]
6463 *) Add a chunking filter to Apache. This brings us one step closer
6464 to removing BUFF. [Ryan Bloom]
6466 *) ap_add_filter now adds filters in a LIFO fashion. The first filter
6467 added to the stack is the last filter to be called. [Ryan Bloom]
6469 *) Apache 2.0 has been completely documented using Scandoc. The
6470 docs can be generated by running 'make docs'. [Ryan Bloom]
6472 *) Add filtered I/O to Apache. This is based on bucket brigades,
6473 Currently the buckets still use BUFF under the covers, but that
6474 should change quickly. The only currently written filter is the
6475 core filter which just calls ap_bwrite. [The Apache Group]
6477 *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
6478 built with thread support. [Jeff Trawick]
6480 *) Abort configuration if --with-layout was specified and there's
6481 no layout definition file. [Ken Coar]
6483 *) Add support for '--with-port=n' option to configure. [Ken Coar]
6485 *) Add support for extension methods for the Allow response header
6486 field, and an API routine for accessing r->allowed and the
6487 list of extension methods in a unified manner. [Ken Coar]
6489 *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
6490 [Rob Simonson <simo us.ibm.com>]
6492 *) Get xlate builds working again. The apr renaming in 2.0a5 broke
6493 APACHE_XLATE builds. [Jeff Trawick]
6495 *) A configuration file parsing problem was fixed. When the
6496 configuration file started with an IfModule/IfDefine container,
6497 only the last statement in the container would be retained.
6500 Changes with Apache 2.0a5
6502 *) Perchild is serving pages after passing them to different child
6503 processes. There are still a lot of bugs, but this does work. I
6504 have made requests against the same installation of Apache, and had
6505 different servers use different user IDs to serve the responses.
6506 This change moves to using socketpair instead of an AF_UNIX socket.
6509 *) Perchild MPM still doesn't work perfectly, but it is serving pages.
6510 It can't seem to pass between child processes yet, but I think we
6511 are closer now than before. This moves us back to using Unix
6512 Domain Sockets. [Ryan Bloom]
6514 *) libapr functions and types renamed with apr_ prefix.
6515 #include "apr_compat.h" for 1.3.x backwards compat
6518 *) Fix problems with APR sockaddr handling on Win32. It didn't always
6519 return the right information on the local socket address.
6520 [Gregory Nicholls <gnicholls level8.com>]
6522 *) ap_recv() on Win32: Set bytes-read to 0 on error.
6523 [Gregory Nicholls <gnicholls level8.com>]
6525 *) Add an option to not detach from the controlling terminal without
6526 going into single process mode. This allows for much easier
6527 debugging of the process startup code. [Ryan Bloom]
6529 *) ab: don't use perror() to report the failure of an APR function.
6532 *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
6533 scoreboard on graceful restarts.
6536 *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
6537 An invalid ap_proc_t was passed to ap_create_process().
6540 *) Allow modules to register filters. Those filters are still
6541 never called, but this is a step in the right direction.
6542 [Ryan Bloom and Greg Stein]
6544 *) Register the mod_cgid daemon process for cleanup so that it is
6545 killed at termination if it does not die when the parent gets
6546 SIGTERM. This change is to fix occasional problems where the
6547 process stays around. Bugs in similar logic in mod_rewrite and
6548 mod_include were also fixed. [Jeff Trawick]
6550 *) Fix a bug in the time handling. Basically, we were imploding a time
6551 in ap_parseHTTPdate, but it had bogus data in the exploded time format.
6552 Namely, tm_usec and tm_gmtoff were not filled out. ap_implode_time
6553 uses those two fields to adjust the time value. Because of the HTTP
6554 spec, both of those values can be zero'ed out safely. This fixes
6555 the bug correctly. [Ryan Bloom]
6557 *) Fix a couple of place in the Windows code where the wrong error
6558 code was being returned. [Gregory Nicholls <gnicholls level8.com>]
6560 *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]
6562 *) Added the APR_EOL_STR macro for platform dependent differences in
6563 logfiles and other raw text (such as all APR files). Fixes logfiles
6564 not terminated with cr/lf sequences in Win32. [William Rowe]
6566 *) Move all strings functions in APR to src/lib/apr/strings and create
6567 apr_strings.h for the prototypes. [Ryan Bloom]
6569 *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
6570 to repeat the syscall until we stop getting EINTR. I noticed a
6571 related problem at termination (SIGTERM) on FreeBSD when using
6572 fcntl(). Apache 1.3 had these new loops too. Also, make the flock()
6573 implementation work properly with child init. Previously, ap_lock()
6574 was essentially a no-op because all children were using different
6575 locks and thus nobody ever blocked. [Jeff Trawick]
6577 *) The htdocs/ tree has been moved out of the CVS source tree into
6578 a separate area for easier development. This has NO EFFECT on
6579 end-users or Apache installations. [Ken Coar]
6581 *) Integrate the mod_dav module for WebDAV protocol handling. This
6582 adds the dav and dav_fs modules, the SDBM library, and additional
6583 XML handling utilities. [Greg Stein]
6585 *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
6588 *) Update the lib/expat-lite/ library (bring forward changes from
6589 the Apache 1.3 repository). [Greg Stein]
6591 *) If sizeof(long long) == sizeof(long), then prefer long in APR
6592 configure.in. [Dave Hill <ddhill zk3.dec.com>]
6594 *) Add ap_sendfile for Tru64 Unix. Also, add an error message for
6595 machines where sendfile is detected, but nobody has written ap_sendfile.
6596 [Dave Hill <ddhill zk3.dec.com>]
6598 *) Compile fixes in mod_mmap_static. [Victor J. Orlikowski]
6600 *) ab would start up more connections than needed, then quit when the
6601 desired number were finished. Also fixed a logic error involving
6602 ab keepalives. [Victor J. Orlikowski]
6604 *) WinNT: Implement non-blocking pipes with timeouts to communicate
6605 with CGIs. Apache 2.0a4 had non-blocking pipes but without
6606 timeouts (i.e, if a timeout was specified, the pipe reverted to
6607 a full blocking pipe). Now the behaviour is more in line with
6608 Unix non-blocking pipes.
6611 *) WinNT: Implement accept socket reuse. Using mod_file_cache to
6612 cache open file handles along with accept socket reuse enables
6613 Apache 2.0 to serve non-keepalive requests for static files at
6614 3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
6615 and Apache 2.0 will serve almost 1200 rps on my system).
6618 *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
6619 supports two config directives, mmapfile (same behavious as
6620 mod_mmap_static) and cachefile. Use the cachefile directive
6621 to cache open file handles. This directive only works on systems
6622 that have implemented the ap_sendfile API. cachefile works today
6623 on Windows NT, but has not been tested on any flavors of Unix.
6626 *) Cleanup the configuration. With the last few changes the
6627 configuration process automatically:
6628 inherits information about how to build from APR. Allowing
6629 APR to inform Apache that it should or should not use -ldl
6631 Detects which mod_cgi should be used mod_cgi or mod_cgid,
6632 based on the threading model
6634 Apache calls APR's configure process before finishing it's
6635 configuration processing, allowing for more information flow
6640 *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
6641 with non-zero argument makes the socket non-blocking. BeOS and
6642 OS/2 already worked this way. [Jeff Trawick]
6644 *) ap_close() now calls ap_flush() for buffered files, so write
6645 operations work a whole lot better on buffered files.
6648 *) Fix error messages issued from MPMs which explain where to change
6649 compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
6652 *) ap_create_pipe() now leaves pipes in blocking state. (This helps
6653 reduce the number of syscalls on Unix.) ap_set_pipe_timeout() is
6654 now the way that the blocking state of a pipe is manipulated.
6655 ap_block_pipe() is gone. [Jeff Trawick]
6657 *) Correct the problem where the only local host name that the IP stack
6658 can discover are 'undotted' private names. If no fully qualified
6659 domain name can be identified, the default ServerName will be set to
6660 the machine's IP address string. A warning is always provided if the
6661 ServerName not specified, but assumed. Solves PR6215 [William Rowe]
6663 *) Repair problems with config file processing which caused segfault
6664 at init when virtual hosts were defined and which caused ServerName to
6665 be ignored when there was no valid DNS setup. [Jeff Trawick]
6667 *) Removed pointless ap_is_aborted macro function. [Roy Fielding]
6669 *) Add ap_sendfile implementation for AIX
6670 [Victor J. Orlikowski]
6672 *) Repair C++ compatibility in ap_config.h, apr_file_io.h,
6673 apr_network_io.h, and apr_thread_proc.h.
6674 [Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
6676 *) Bring the allocation and pool debugging code back into a working
6677 state. This will need to be tested as so far it's only been used on
6680 *) Change configuration command setup to be properly typesafe when in
6681 maintainer mode. Note that this requires a compiler that can initialise
6682 unions. [Ben Laurie]
6684 *) Turn on buffering for config file reads. Part of this was to
6685 repair buffered I/O support in Unix and implement buffered
6686 ap_fgets() for all platforms. [Brian Havard, Jeff Trawick]
6688 *) Win32: Fix problem where UTC offset was not being set correctly
6689 in the access log. Problem reported on news group by Jerry Baker.
6692 *) Fix segfault when reporting this type of syntax error:
6693 "</container> without matching <container> section", where
6694 container is VirtualHost or Directory or whatever.
6697 *) SECURITY: CVE-2000-1204 (cve.mitre.org)
6698 Prevent the source code for CGIs from being revealed when
6699 using mod_vhost_alias and the CGI directory is under the document root
6700 and a user makes a request like http://www.example.com//cgi-bin/cgi
6701 as reported in <news:960999105.344321 ernani.logica.co.uk>
6704 *) Add support for the new Beos NetwOrking Environment (BONE)
6707 *) xlate: ap_xlate_conv_buffer() now tells the caller when the
6708 final input char is incomplete; ap_bwrite_xlate() now handles
6709 incomplete final input chars. [Jeff Trawick]
6711 *) Yet another update to saferead/halfduplex stuff -- need to ensure
6712 that a bhalfduplex call occurs before logging or else DNS and
6713 such can delay the last packet of the response. [Dean Gaudet]
6715 *) Some syscall reduction in APR on unix -- don't seek when setting
6716 up an mmap; and don't fcntl() more than once per socket.
6719 *) When mod_cgid is started as root, the cgi daemon now switches
6720 to the configured User/Group (like other httpd processes)
6721 instead of continuing as root. [Jeff Trawick]
6723 *) The prefork MPM now uses an APR lock for the accept() mutex.
6724 It has not been getting a lock at all recently. httpd -V now
6725 displays APR's selection of the lock mechanism instead of the
6726 symbols previously respected by prefork. [Jeff Trawick]
6728 *) Change the mmap() feature test to check only for existence.
6729 The previous check required features not used by Apache.
6732 *) Fix a couple of bugs in mod_cgid: The cgi arguments were
6733 sometimes mangled. The len parm to accept() was not
6734 initialized, leading sometimes to an endless loop of failed
6735 accept() calls on OS/390 and anywhere else that failed the call
6736 if the len was negative. Use <sys/un.h> for struct sockaddr_un
6737 instead of declaring it ourselves to fix a compilation problem
6738 on Solaris. [Jeff Trawick]
6740 *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]
6742 *) Fix zombie process problem with mod_cgi. [Jeff Trawick]
6744 *) Port mod_mmap_static to 2.0. Make it go faster. [Greg Ames]
6746 *) Fix storage overlay when loading dsos. Symptom: Apache dies at
6747 initialization if ALLOC_DEBUG is defined; no known symptom
6748 otherwise. [Jeff Trawick]
6750 *) Fix typo in configure script when checking for mod_so. bash
6751 doesn't seem to have a problem but /bin/sh on Solaris does.
6752 Symptom: "./configure: test: unknown operator =="
6755 *) Rebind the Win32 NT and 9x services control into the MPM.
6756 All console, WinNT SCM and Win9x pseudo-service control code is
6757 now wrapped within the WinNT MPM.
6760 *) Make a copy of getenv("PATH") before storing for later use. Some
6761 getenv() implementations use the same storage for successive calls.
6762 CGIs on OS/390 had a bad PATH due to this. [Jeff Trawick]
6764 *) Server Tokens work in 2.0 again. This also propogates the change
6765 to allow just the product name in the server string using
6769 Changes with Apache 2.0a4
6771 *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
6772 won't need to call it. [Greg Ames, Jeff Trawick]
6774 *) Move pre_config hook call to between configuration read and config
6775 tree walk. This allows all modules to implement pre_config hooks
6776 and know that they will be called at an appropriate time.
6779 *) mod_cgi, mod_cgid: Make ScriptLog directive work again.
6782 *) Add pre-config hooks back to all modules.
6785 *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
6786 ContentDigest enabled and we can't/don't mmap the file.
6789 *) We now report the correct line number for syntax errors in config
6790 files. [Ryan Bloom, Greg Stein, Jeff Trawick]
6792 *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
6793 related bugs, and changed shmem/locking to use apr API. Shared-mem
6794 is currently disabled, however, because of problems with graceful
6795 restarts. [Ronald Tschalär]
6797 *) Fix corruption of IFS variable in --with-module= handling.
6798 Depending on the user's shell or customization thereof, there
6799 would be errors generating ap_config_auto.h later in the configure
6800 procedure. [Jeff Trawick]
6802 *) mod_cgi: Restore logging of stderr from child process when ScriptLog
6803 isn't used (as in 1.3), except that on Unix it is now logged via
6804 ap_log_rerror() instead of by the child having STDERR_FILENO refer
6805 to the error log. [Greg Ames, Jeff Trawick]
6807 *) Add '-D' argument processing for run time configuration defines.
6810 *) Organize http_main.c as independent code, such that no code or
6811 global data is exported from it. WIN32 will dynamically link it
6812 to the server core, so this will prevent mutual dependency.
6815 *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
6816 and APR_VAR_EXPORT to correctly resolve apr functions and globals.
6819 *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
6820 [William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
6822 *) Add mod_charset_lite for configuring character set translation.
6825 *) Add '-n' option to htpasswd to make it print its user:pw record
6826 on stdout rather than having to frob a text file. [Ken Coar]
6828 *) Fix saferead. Basically, we flush the output buffer if a read on the
6832 *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
6833 a conversion is single-byte only. [Jeff Trawick]
6835 *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
6836 the BeOS 5.0 documentation says that shutdown doesn't work yet.
6839 *) Fix some minor errors where pid was being manipulated as an int
6840 instead of the portable pid_t. [Roy Fielding]
6842 *) Fix some error log prints that were printing the pointer to a
6843 structure rather than the pid within the structure.
6844 [Jeff Trawick, Roy Fielding]
6846 *) ab: Fix a command-line processing bug; track bad headers in
6847 err_response; support reading headers up to 2K.
6848 [Ask Bjoern Hansen <ask valueclick.com>]
6850 *) Fix ap_resolve_env() so that it handles new function added in a prior
6851 alpha (see "Added the capability to do ${ENVVAR} constructs in the
6852 config file.") as well as the constructs used by mod_rewrite.
6853 [Paul Reder <rederpj raleigh.ibm.com>]
6855 *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]
6857 *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
6858 APR to perform translation, instead of accessing the hard-coded tables
6859 in 1.3's ebcdic.c. [Jeff Trawick]
6861 *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing.
6864 *) Add the ability to hook into the config file reading phase. Basically
6865 if a directive is specified EXEC_ON_READ, then when that directive is
6866 read from the config file, the assocaited function is executed. This
6867 should only be used for those directives that must muck with HOW the
6868 server INTERPRETS the config. This should not be used for directives
6869 that re-order or replace items in the config tree. Those changes should
6870 be made in the pre-config step.
6873 *) Add mod_example to the build system.
6876 *) APR: Add ap_xlate_conv_byte() to convert one char between single-
6877 byte character sets. [Jeff Trawick]
6879 *) Pick up various EBCDIC fixes from 1.3 (from Martin
6880 Kraemer and Oliver Reh originally according to the change log).
6883 *) Fix a couple of problems in RFC1413 support (controlled by the
6884 IdentityCheck directive). Apache did not build the request string
6885 properly and more importantly Apache would loop forever if the
6886 would-be ident server dropped the connection before sending a
6887 properly terminated response. [Jeff Trawick]
6889 *) apxs works in 2.0.
6892 *) Reliable piped logs work in 2.0.
6895 *) Introduce a hash table implementation into APR to be used for
6896 replacing tables and other random data structures in Apache.
6899 *) Add some more error reporting to htpasswd in the case of problems
6900 generating or accessing the temporary file. Also, pass in a
6901 buffer if the implementation knows how to use it (i.e., if L_tmpnam
6902 is defined). [Ken Coar]
6904 *) Configure creates config.nice now containing your configure
6905 options. Syntax: ./config.nice [--more-options]
6908 *) Fix various return code problems in APR on Win32. For most of
6909 these, APR was returning APR_EEXIST instead of GetLastError()/
6910 WSAGetLastError(). [Jeff Trawick]
6912 *) Make piped logs work again in version 2.0
6915 *) Add VPATH support to UNIX build system of Apache and APR.
6918 *) Fix ap_tokenize_to_argv to respect the const arguments that are
6922 *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
6923 Patch submitted to author.
6926 *) Fix mm configuration on Solaris 8 x86 and OS/390. Don't require
6927 /sbin in PATH on FreeBSD (all submitted to rse previously)
6930 *) Fix building Pthread-based MPMs on OpenBSD
6931 [Sascha Schumann] PR#26
6933 *) Fix ap_readdir() problem on systems where d_name[] field in
6934 struct dirent is declared with only one byte. (This problem only
6935 affected multithreaded builds.) This caused a segfault during
6936 pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at
6937 least). [Jeff Trawick]
6939 *) Fix some make-portability problems on at least Tru64, Irix
6941 [Sascha Schumann] PR#18, PR#39
6943 *) Add ap_sigwait() to support old-style sigwait() on systems
6944 like OS/390 and UnixWare.
6947 *) Add POSIX-thread flags for more platforms.
6950 *) Fix some minor bugs in ap_strerror(). Teach ap_strerror()
6951 (on Unix, at least) to handle resolver errors. Fix a bug in
6952 the definition of APR_ENOMEM so that ap_strerror() can spit
6953 out the correct error message for it.
6956 Changes with Apache 2.0a3
6958 *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
6961 *) API: *HOOK* macros now have an AP_ prefix
6964 *) Win32: Eliminate redundant calls to initialize winsock.
6965 [Tim Costello <timcostello ozemail.com.au>]
6967 *) Fix bugs initializing ungetchar for pipes.
6968 [Chia-liang Kao <clkao CirX.ORG>]
6970 *) The ab program in the src/support directory is now portable using
6974 *) Support directory is being compiled when the server is built
6977 *) The configure option --with-program-name has been added to allow
6978 developers to rename the executable at configure time. This also
6979 changes the name of the config files to match the executable's name.
6982 *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
6983 containing version numbers. [Martin Pool]
6985 *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
6986 Unix; access_log and error_log now created with these perms; non-
6987 Unix is unaffected [Jeff Trawick]
6989 *) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
6990 Replaced more magic numbers with MD5_DIGESTSIZE.
6991 [William Rowe, Roy Fielding]
6993 *) Win32: Get mod_auth_digest compiling and added to the Windows
6994 build environment. Not tested and I'd be suprised if it
6995 actually works. [Bill Stoddard]
6997 *) Revamp the Win32 make environment. Makefiles have been removed and
6998 Apache.dsw created to bring together all the pieces. Create new file
6999 os/win32/BaseAddr.ref to define module base addresses (to prevent
7000 dll relocation at start-up).
7001 [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]
7003 *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3. This replaces most
7004 of the \015, \012, and \015\012 constants with macros.
7007 *) Add ap_xlate_open() et al for translation of text between different
7008 character sets. The initial implementation requires iconv().
7011 *) More FAQs and answers from comp.infosystems.www.servers.unix.
7012 [Joshua Slive <slive finance.commerce.ubc.ca>]
7014 *) CGI output is being timed out now.
7017 *) Fix the problem with dieing quietly. dupfile now takes a pool which
7018 is used by the new apr file. There is no reason to create a new file
7019 with the same lifetime as the original file.
7022 *) Win32: Attempt to eliminate dll relocation at start-up by specifying
7023 module base addresses. This will help shooting seg faults
7024 in the field. [William Rowe <wrowe lnd.com>]
7026 *) Update Apache on Windows documentation. Add new document
7027 describing how to compile Apache on Windows.
7028 [William Rowe <wrowe lnd.com>]
7030 *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take
7031 microseconds instead of seconds. Some storage leaks and other
7032 minor bugs in related code were fixed. [Jeff Trawick]
7034 *) Win32: First cut at getting mod_isapi working under 2.0
7035 [William Rowe <wrowe lnd.com>]
7037 *) First stab at getting mod_auth_digest working under 2.0
7038 quick change summary:
7039 - moved the random byte generation (ap_generate_random_bytes) into APR
7040 - now uses ap_time_t
7041 - compiles and runs on linux
7043 [Brian Martin <bmartin penguincomputing.com>]
7045 *) Win32: Move the space stripping of physical service names
7046 fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
7047 unresolved symbol. Add dependency checking to the
7048 CreateService call to ensure TCPIP and AFP (winsock) is started
7050 [William Rowe <wrowe lnd.com>]
7052 *) Win32: Add code to perform latebinding on functions that may
7053 not exist on all levels of Windows where Apache runs. This
7054 is needed to allow Apache to start-up on Win95/98. All calls
7055 to non portable functions should be protected with
7056 ap_oslevel checks to prevent runtime segfaults.
7057 [William Rowe <wrowe lnd.com>]
7059 *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]
7061 *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]
7063 *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
7064 This addresses PR 1623. Still need to address timing out runaway
7065 CGI scripts. [Bill Stoddard]
7067 *) Win32: Make ap_stat Windows 95/98 friendly
7068 [William Rowe <wrowe lnd.com>]
7070 *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to
7071 always fail. Need to initialise the dwOSVersionInfoSize member of the
7072 OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx
7075 The patch also enhances ap_get_oslevel (and the associated enum) to
7076 handle selected service packs for NT4, and adds recognition for
7077 Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then
7078 we can use ReadFileScatter and WriteFileGather in readwrite.c.
7079 [Tim Costello <Tim.Costello BTFinancialgroup.com>]
7081 *) Get mod_rewrite building and running, and mod_status building for Win NT
7082 [Allan Edwards <ake raleigh.ibm.com>]
7084 *) Patch to port mod_auth_db to the 2.0 api and also to support
7085 Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and
7086 2.7.7. It should work with version 1 as well but I haven't tested it.
7087 [Brian Martin <bmartin penguincomputing.com>]
7089 *) Get APR DSO code working under Windows. Includes cross platform
7091 [<Tim.Costello BTFinancialgroup.com>]
7093 *) Fix some of the Windows APR time functions.
7096 *) FAQ changes related to tidying up historical documents on the web site.
7097 [Joshua Slive <slive finance.commerce.ubc.ca>]
7099 *) Move Windows DSO code into APR.
7102 *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
7103 Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
7104 at build time. At this point, the server will not compile on Windows because
7105 of the recent DSO commits. Fixing those next.
7106 [Bill Rowe & Bill Stoddard]
7108 *) Added error checking for file I/O APR routines.
7109 [Jon Travis <jtravis covalent.net>]
7111 *) APR: Don't use the values of resolver error codes for the
7112 corresponding APR error codes. On Unix and Win32, return the
7113 proper APR error code after a resolver error. [Jeff Trawick]
7115 Changes with Apache 2.0a2
7117 *) Renamed the executable back to httpd on all platforms other
7121 *) Allow BeOS to survive restarts, log properly and a few
7122 small things it had problems with due to the way it setup
7123 users and groups. [David Reid]
7125 *) Get mod_rewrite working with APR locks
7126 [Paul Reder <rederpj raleigh.ibm.com>]
7128 *) Actually remove the sempahore when the lock cleanup routine
7129 is called on BeOS. [David Reid]
7131 *) Clear hook registrations between reads of the config file.
7132 When DSOs are unloaded and re-loaded the old hook pointers may
7133 no longer be valid. This fix eliminates potential segfaults.
7134 [Allan Edwards <ake raleigh.ibm.com>]
7136 *) Fix a problem with Sigfunc not being defined or bypassed
7137 if sigaction() wasn't found. [Jim Jagielski]
7139 *) Fix the locking mechanism on BSD variants. They now use fcntl
7140 locks. This allows the server to start and serve pages.
7143 *) First cut at getting the Win32 installer to work
7144 [William Rowe <wrowe lnd.com>]
7146 *) Get htpasswd compiling under Windows
7147 [William Rowe <wrowe lnd.com>]
7149 *) Change the log message for a bind() failure to show the
7150 interface and port number. [Jeff Trawick]
7152 *) Import the documentation from 1.3.12 and bring parts of it
7153 up-to-date with respect to the changes that have occurred
7157 *) BeOS MPM updated. CGI bug on BeOS fixed. IP addresses
7158 now logged correctly on BeOS.
7161 *) Create one makefile for all Win32 distributions (NT/2000/95/98).
7162 Makefile.win includes the same user interface as the old
7164 [William Rowe <wrowe lnd.com>, Jeff Trawick <trawick us.ibm.com>]
7166 *) Win32 exec now uses COMSPEC environment string for command
7167 shell path resolution.
7168 [William Rowe <wrowe lnd.com>] PR#3715
7170 *) Win32: ap_connect() was not returning correct error condition
7172 [Allen Prescott <allen clanprescott.com>]
7174 *) Win32: ap_open() was broken on Win9x because an NT-specific
7175 flag was passed to CreateFile. ap_puts() added an unnecessary
7177 [Jeff Trawick <trawick us.ibm.com>]
7179 *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
7180 which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
7181 confusing ee/et name and made all extensions language/dialect
7182 rather than country reflecting. Changed example files to
7183 explicit reflect the ISO charset and added a few common
7184 ones to the example config [dirkx]
7186 *) Extend external module capability. To use this, you call
7187 configure with --with-module=path/to/mod1,path/to/mod2,etc.
7190 *) Backported the various "default charset" fixes from 1.3.12,
7191 including the AddDefaultCharset directive. [Jim Jagielski]
7193 *) Added the capability to do ${ENVVAR} constructs in the
7194 config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
7195 it does this on a line by line basis; i.e. if the envvar
7196 expands to something with spaces you have to protect it
7197 by adding quotes around it (Unless of course you expect it
7198 to contains more than one argument. Alternatively you
7199 can compile it on a per token basis; which is what people
7200 usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
7201 hampers fancier hacks.
7202 [Dirk-Willem van Gulik]
7204 *) Changed the 'ErrorDocument' syntax in that it NO longer
7205 supports the asymetric
7207 ErrorDocument 301 "Some message
7209 Note the opening " quote, without a closing quote. It now
7210 has either the following syntaxes
7212 ErrorDocument XXX /local/uri
7213 ErrorDocument XXX http://valid/url
7214 ErrorDocument XXX "Some Message"
7216 The recognition heuristic is: if it has a space it
7217 is a message. If it has no spaces and starts with a /
7218 or is a valid URL then treat it that way. Otherwise it
7219 is assumed to be a message.
7221 This breaks backward compatibility but makes live a hell
7222 of a lot easier for GUI's and config file parsers.
7223 [Dirk-Willem van Gulik]
7225 *) Changed 'CacheNegotiatedDocs' from its present/not-present
7226 syntax into a 'on' or 'off' syntax. As it currently is the
7227 only non nesting token which uses NO_ARGS and thus is an
7228 absolute pain for any config interface automation. This
7229 breaks backward compatibility. [Dirk-Willem van Gulik]
7231 *) Add ability to add external modules to the build process. This is
7232 done with --with-module=/path/to/module. Modules can only be added
7233 as static modules at this point.
7236 Changes with Apache 2.0a1
7238 *) Fix FreeBSD 3.3 core dump.
7239 Basically, ap_initialize() needs to get called before
7240 create_process(), since create_process() passes op_on structure
7241 to semop() to get a lock, but op_on isn't initialized until
7242 ap_initialize() calls setup_lock(). Here is a slight
7243 rearrangement to main() which calls ap_initialize() earlier...
7244 [Jeff Trawick <trawick us.ibm.com>]
7246 *) Enable Apache to use sendfile/TransmitFile API
7247 [Bill Stoddard, David Reid, Paul Reder]
7249 *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
7253 *) Make file I/O and network I/O writev/sendv APIs consistent.
7254 Eliminate use of ap_iovec_t and use Posix struct iovec.
7255 Use seperate variable on ap_writev to set the number of iovecs
7256 passed in and number of bytes written.
7259 *) Adapt file iol to use APR functions. Replaced ap_open_file()
7260 with ap_create_file_iol(). ap_create_file_iol() requires that
7261 the file be opened prior to the call using ap_open().
7264 *) Port mod_include and mod_cgi to 2.0
7265 [Paul Reder, Bill Stoddard]
7267 *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
7268 bytes_read/bytes_written is always valid (never -1). Plus
7269 some fixes to buff.c to correct problems introduced by the
7270 errno => ap_status_t changes a while back. Plus a fix to
7271 chunked encoding introduced right at the beginning of 2.0.
7274 *) Revamped UNIX build system to use autoconf and libtool.
7275 [Manoj Kasichainula, Sascha Schumann]
7277 *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
7279 *) SECURITY: More rigorous checking of Host: headers to fix security
7280 problems with mass name-based virtual hosting (whether using mod_rewrite
7281 or mod_vhost_alias).
7282 [Ben Hyde, Tony Finch]
7284 *) Add back support for UseCanonicalName in <Directory> containers.
7285 [Manoj Kasichainula]
7287 *) Added APLOG_STARTUP log type. This allows us to write an error
7288 message without any of the date and time information. As a part
7289 of this change, I also removed all of the calls to fprintf(stderr
7290 and replaced them with calls to ap_log_error using APLOG_STARTUP
7291 writing to stderr is no longer portable, because we don't direct
7292 stderr to the error log on all platforms.
7295 *) Convert error logging functions to take errno as an argument.
7296 This makes our error logs more portable, because some Windows API's
7297 don't set errno. This change allows us to still output a valid
7298 message on all of our platforms.
7301 *) mod_mime_magic runs in 2.0-dev now.
7302 [Paul Reder <rederpj raleigh.ibm.com>]
7304 *) sendfile has been added to APR.
7305 [John Zedlewski <zedlwski Princeton.EDU>]
7307 *) buff.c has been converted to no longer use errno.
7308 [Manoj Kasichainula]
7310 *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and
7311 interface adaption to APR functions did it. [Martin Kraemer]
7313 *) Support DSOs properly on 32-bit HP-UX 11.0
7314 [Dilip Khandekar <dilip cup.hp.com>]
7316 *) Updated MM in APR source tree from version 1.0.8 to 1.0.11
7317 [Ralf S. Engelschall]
7319 *) Cleaned APR build environment integration and bootstrap APR
7320 automatically for developers from src/Configure.
7321 [Ralf S. Engelschall]
7323 *) Fixed building of src/support/htpasswd.c
7324 [Ralf S. Engelschall]
7326 *) When generating the Location: header, mod_speling forgot
7327 to escape the spelling-fixed uri. (Forw-Port from 1.3)
7330 *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
7332 *) Change all pools to APR contexts. This is the first step to
7333 incorporating APR into Apache. [Ryan Bloom]
7335 *) Move "handler not found" warning message to below the check
7336 for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
7337 PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807
7339 *) Support line-continuation feature in config.option file and
7340 allow the loading of multiple option sections at once via
7341 ``--with-option=<section1>,<section2>,...''
7342 [Ralf S. Engelschall]
7344 *) Rebuilt CVS repository with Apache 1.3.9 as basis. [Roy Fielding]
7346 Changes with Apache MPM
7348 *) Use asynchronous AcceptEx() and a completion port to accept and
7349 dispatch connections to threads in Windows NT/2000.
7352 *) Implement WINNT Win32 MPM from original Win32 code in http_main.c
7355 *) Implement the APACI --with-option facility
7356 (per default used the config.option file).
7357 [Ralf S. Engelschall]
7359 *) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
7361 *) Start to implement module-defined hooks that are a) fast and b) typesafe.
7362 Replace pre_connection module call with a register_hook call and
7363 implement pre_connection as a hook. The intent is that these hooks will
7364 be extended to allow Apache to be multi-protocol, and also to allow the
7365 calling order to be specified on a per-hook/per-module basis.
7368 *) Implement mpm_* methods as "modules". Each method gets its own
7369 subdir in src/modules (eg: src/modules/prefork). Selection
7370 of method uses Rule MPM_METHOD. [Jim Jagielski]
7372 *) Port the hybrid server from the apache-apr repository as
7373 mpm_mpmt_pthread. [Manoj Kasichainula]
7375 *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
7376 amongst the unix MPMs.
7378 *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
7379 signal handling for the new world order. [Dean Gaudet]
7381 *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out
7382 of alloc.c for now. [Dean Gaudet]
7384 *) Handle partial large writes correctly. [Ben Laurie]
7386 *) Eliminate conn_rec's pointer to server. All it knows is the base server
7387 based on IP/port. [Ben Laurie]
7389 *) Port a bunch of modules to the new module structure.
7390 ["Michael H. Voase" <mvoase midcoast.com.au>]
7392 *) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
7394 *) Basic restructuring to introduce the MPM concept; includes various
7395 changes to the module API... better described by
7396 docs/initial_blurb.txt. [Dean Gaudet]
7398 Changes with Apache pthreads
7400 *) New buff option added: BO_TIMEOUT. It describes the timeout for
7401 buff operations (generally over a network).
7402 [Dean Gaudet, Ryan Bloom, Manoj Kasichainula]
7404 *) Created http_accept abstraction. Added 4 new functions (not exported):
7405 init_accept(), begin_accepting_requests(), get_request(),
7406 stop_accepting_requests() [Bill Stoddard]
7408 *) Fix to ap_rprintf call that allows mod_info to work properly.
7409 [James Morris <jmorris intercode.com.au>]
7411 *) user and ap_auth_type fields were moved from connection_rec to
7412 request_rec. [Ryan Bloom]
7414 *) Removed the ap_block_alarms and ap_unblock_alarm calls. These aren't
7415 needed in a threaded server.
7417 *) Initial pthread implementation from from Dean's apache-nspr code.
7418 [Bill Stoddard, Ryan Bloom]
7421 Changes with Apache 1.3.x and later:
7423 *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup