summaryrefslogtreecommitdiffstats
path: root/rubbos/app/httpd-2.0.64/CHANGES
diff options
context:
space:
mode:
Diffstat (limited to 'rubbos/app/httpd-2.0.64/CHANGES')
-rw-r--r--rubbos/app/httpd-2.0.64/CHANGES7423
1 files changed, 7423 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/CHANGES b/rubbos/app/httpd-2.0.64/CHANGES
new file mode 100644
index 00000000..ee24f578
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/CHANGES
@@ -0,0 +1,7423 @@
+ -*- coding: utf-8 -*-
+Changes with Apache 2.0.64
+
+ *) SECURITY: CVE-2010-1452 (cve.mitre.org)
+ mod_dav: Fix Handling of requests without a path segment.
+ PR: 49246 [Mark Drayton, Jeff Trawick]
+
+ *) SECURITY: CVE-2009-1891 (cve.mitre.org)
+ Fix a potential Denial-of-Service attack against mod_deflate or other
+ modules, by forcing the server to consume CPU time in compressing a
+ large file after a client disconnects. PR 39605.
+ [Joe Orton, Ruediger Pluem]
+
+ *) SECURITY: CVE-2009-3095 (cve.mitre.org)
+ mod_proxy_ftp: sanity check authn credentials.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
+ *) SECURITY: CVE-2009-3094 (cve.mitre.org)
+ mod_proxy_ftp: NULL pointer dereference on error paths.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
+ attack when compiled against OpenSSL version 0.9.8m or later. Introduces
+ the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
+ and offer unsafe legacy renegotiation with clients which do not yet
+ support the new secure renegotiation protocol, RFC 5746.
+ [Joe Orton, and with thanks to the OpenSSL Team]
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
+ for OpenSSL versions prior to 0.9.8l; reject any client-initiated
+ renegotiations. Forcibly disable keepalive for the connection if there
+ is any buffered data readable. Any configuration which requires
+ renegotiation for per-directory/location access control is still
+ vulnerable, unless using openssl 0.9.8l or later.
+ [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>,
+ Rainer Jung]
+
+ *) SECURITY: CVE-2010-0434 (cve.mitre.org)
+ Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Elimiates a problematic
+ optimization in the case of no request body. PR 48359
+ [Jake Scott, William Rowe, Ruediger Pluem]
+
+ *) SECURITY: CVE-2008-2364 (cve.mitre.org)
+ mod_proxy_http: Better handling of excessive interim responses
+ from origin server to prevent potential denial of service and high
+ memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
+ Joe Orton, Jim Jagielski]
+
+ *) SECURITY: CVE-2010-0425 (cve.mitre.org)
+ mod_isapi: Do not unload an isapi .dll module until the request
+ processing is completed, avoiding orphaned callback pointers.
+ [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
+
+ *) SECURITY: CVE-2008-2939 (cve.mitre.org)
+ mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+ the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+
+ *) Fix recursive ErrorDocument handling. PR 36090 [Chris Darroch]
+
+ *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]
+
+ *) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass
+ through on a 304 response. [Nick Kew]
+
+ *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
+ [Philip M. Gollucci]
+
+Changes with Apache 2.0.63
+
+ *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
+ to /Device/Nul as the server is starting up, mirroring unix MPM's.
+ PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]
+
+ *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
+ by recreating the bucket allocator each time the trans pool is cleared.
+ PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]
+
+Changes with Apache 2.0.62 (not released)
+
+ *) SECURITY: CVE-2007-6388 (cve.mitre.org)
+ mod_status: Ensure refresh parameter is numeric to prevent
+ a possible XSS attack caused by redirecting to other URLs.
+ Reported by SecurityReason. [Mark Cox, Joe Orton]
+
+ *) SECURITY: CVE-2007-5000 (cve.mitre.org)
+ mod_imap: Fix a cross-site scripting issue. Reported by JPCERT.
+ [Joe Orton]
+
+ *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
+ to identify a default, or specific servers or paths which list their
+ contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]
+
+ *) log.c: Ensure Win32 resurrects its lost robust logger processes.
+ [William Rowe]
+
+ *) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
+ shutdown of the server when the MaxClients is higher then 257,
+ in a more responsive manner [Mladen Turk, William Rowe]
+
+ *) Add explicit charset to the output of various modules to work around
+ possible cross-site scripting flaws affecting web browsers that do not
+ derive the response character set as required by RFC2616. One of these
+ reported by SecurityReason [Joe Orton]
+
+ *) http_protocol: Escape request method in 405 error reporting.
+ This has no security impact since the browser cannot be tricked
+ into sending arbitrary method strings. [Jeff Trawick]
+
+ *) http_protocol: Escape request method in 413 error reporting.
+ Determined to be not generally exploitable, but a flaw in any case.
+ PR 44014 [Victor Stinner <victor.stinner inl.fr>]
+
+Changes with Apache 2.0.61
+
+ *) SECURITY: CVE-2007-3847 (cve.mitre.org)
+ mod_proxy: Prevent reading past the end of a buffer when parsing
+ date-related headers. PR 41144.
+ [Davi Arnaut, Nick Kew]
+
+ *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+ mod_cache: Prevent segmentation fault if a Cache-Control header has
+ no value. [Niklas Edmundsson <nikke acc.umu.se>]
+
+ *) SECURITY: CVE-2006-5752 (cve.mitre.org)
+ mod_status: Fix a possible XSS attack against a site with a public
+ server-status page and ExtendedStatus enabled, for browsers which
+ perform charset "detection". Reported by Stefan Esser. [Joe Orton]
+
+ *) SECURITY: CVE-2007-3304 (cve.mitre.org)
+ prefork, worker MPMs: Ensure that the parent process cannot
+ be forced to kill processes outside its process group.
+ [Joe Orton, Jim Jagielski]
+
+ *) mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as synonymous.
+ PR 43183 [Brian Rectanus <Brian.Rectanus breach.com>, Vincent Bray]
+
+ *) log core: ensure we use a special pool for stderr logging, so that
+ the stderr channel remains valid from the time plog is destroyed,
+ until the time the open_logs hook is called again. [William Rowe]
+
+ *) mod_ssl: Version reporting update; displays 'compiled against'
+ Apache and build-time SSL Library versions at loglevel [info],
+ while reporting the run-time SSL Library version in the server
+ info tags. Helps to identify a mod_ssl built against one flavor
+ of OpenSSL but running against another (also adds SSL-C version
+ number reporting.) [William Rowe]
+
+ *) mod_autoindex: Add in Type and Charset options to IndexOptions
+ directive. This allows the admin to explicitly set the
+ content-type and charset of the generated page and is therefore
+ a viable workaround for buggy browsers affected by CVE-2007-4465
+ (cve.mitre.org). [Jim Jagielski]
+
+ *) main core: Emit errors during the initial apr_app_initialize()
+ or apr_pool_create() (when apr-based error reporting is not ready).
+ [William Rowe, Jeff Trawick]
+
+ *) log core: Fix issue which could cause piped loggers to be orphaned
+ and never terminate after a graceful restart. PR 40651. [Joe Orton,
+ Ruediger Pluem]
+
+ *) log core: fix the new piped logger case where we couldn't connect
+ the replacement stderr logger's stderr to the NULL stdout stream.
+ Continue in this case, since the previous alternative of no error
+ logging at all (/dev/null) is far worse. [William Rowe]
+
+ *) mpm_winnt: Prevent the parent-child pipe from leaking into other
+ spawned processes, and ensure we have a /Device/null handle for
+ stdout when running as-a-service. [William Rowe]
+
+ *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]
+
+ *) mod_so: Solve dev's confusion by reporting expected/seen module
+ magic signatures when failing with a 'garbled' message, and solve
+ user's confusion by pointing out 'perhaps compiled for a different
+ version of apache?'. [William Rowe]
+
+ *) mod_ssl: initialize thread locks before initializing the hardware
+ acceleration library, so the latter can make use of the former.
+ PR 20951. [<adunn ncipher.com>]
+
+ *) mod_ssl: Support limited buffering of request bodies to allow
+ per-location renegotiation to proceed. PR 12355. [Joe Orton]
+
+ *) mod_cgi, mod_cgid: Don't return apr_status_t error value
+ from input filter chain. PR 31759 (mutated). [Jo Rhett,
+ Nick Kew]
+
+ *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
+ [Jeff Trawick]
+
+ *) proxy_http.c: Overlay existing cookies with proxied ones, ala
+ httpd-2.2. [Jim Jagielski]
+
+ *) mod_proxy: ProxyTimeout (and others) ignored due to not merging
+ the *_set params. PR 11540. [Jim Jagielski]
+
+ *) mod_isapi: Correctly present SERVER_PORT_SECURE.
+ PR 40573. [Matt Eaton <asf divinehawk.com>]
+
+ *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
+ support. Also corrects the slashes for Windows. PR 15993. [William Rowe]
+
+ *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
+ token parser worked while the resulting length was misinterpreted.
+ PR 29098. [Brock Bland <bbland serena.com>]
+
+ *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
+ attempts to stream the response at the client. Log these as well.
+ PR 30022, 40470. [William Rowe, Matt Eaton <asf divinehawk.com>]
+
+ *) mod_isapi: Ensure we walk through all the methods the developer may have
+ employed to report their HTTP status result code.
+ PR 16637 30033 28089. [Matt Lewandowsky <matt iamcode.net>, William Rowe]
+
+There was no 2.0.60
+
+Changes with Apache 2.0.59
+
+ *) SECURITY: CVE-2006-3747 (cve.mitre.org)
+ mod_rewrite: Fix an off-by-one security problem in the ldap scheme
+ handling. For some RewriteRules this could lead to a pointer being
+ written out of bounds. Reported by Mark Dowd of McAfee.
+ [Mark Cox]
+
+ *) Win32: Minor fixes to build more cleanly under Visual Studio 2005
+ from the command line build. [William Rowe]
+
+Changes with Apache 2.0.58
+
+ *) Legal: Restored original years in copyright notices.
+ [Colm MacCarthaigh]
+
+Changes with Apache 2.0.57
+
+ *) mod_cgid: run the get_suexec_identity hook within the request-handler
+ instead of within cgid. PR 36410. [Colm MacCarthaigh]
+
+ *) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
+ [Davi Arnaut <davi haxent.com.br>]
+
+ *) mod_proxy: Report the proxy server name correctly in the "Via:" header,
+ when UseCanonicalName is Off. PR 11971. [Martin Kraemer]
+
+ *) mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
+ run on Unix. [William Wrowe]
+
+ *) HTML-escape the Expect error message. Not classed as security as
+ an attacker has no way to influence the Expect header a victim will
+ send to a target site. Reported by Thiago Zaninotti
+ <thiango nstalker.com>. [Mark Cox]
+
+Changes with Apache 2.0.56
+
+ *) SECURITY: CVE-2005-3357 (cve.mitre.org)
+ mod_ssl: Fix a possible crash during access control checks if a
+ non-SSL request is processed for an SSL vhost (such as the
+ "HTTP request received on SSL port" error message when an 400
+ ErrorDocument is configured, or if using "SSLEngine optional").
+ PR 37791. [Rüdiger Plüm, Joe Orton]
+
+ *) SECURITY: CVE-2005-3352 (cve.mitre.org)
+ mod_imap: Escape untrusted referer header before outputting in HTML
+ to avoid potential cross-site scripting. Change also made to
+ ap_escape_html so we escape quotes. Reported by JPCERT.
+ [Mark Cox]
+
+ *) Add APR/APR-Util Compiled and Runtime Version numbers to the
+ output of 'httpd -V'. [William Rowe]
+
+ *) Ensure that the proper status line is written to the client, fixing
+ incorrect status lines caused by filters which modify r->status without
+ resetting r->status_line, such as the built-in byterange filter.
+ [Jeff Trawick]
+
+ *) Default handler: Don't return output filter apr_status_t values.
+ PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
+
+ *) mod_speling: Stop crashing with certain non-file requests.
+ [Jeff Trawick]
+
+ *) keep the Content-Length header for a HEAD with no response body.
+ PR 18757 [Greg Ames]
+
+ *) Modify apr[util] .h detection to avoid breakage on VPATH builds
+ using Solaris make (amoung others) and avoid breakage in ./buildconf
+ when srclib/apr[-util] are symlinks rather than directories proper.
+ [William Rowe]
+
+ *) Avoid server-driven negotiation when a CGI script has emitted an
+ explicit "Status:" header. PR 38070. [Nick Kew]
+
+ *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
+ format is used. PR 27787. [André Malo]
+
+ *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
+ [Justin Erenkrantz]
+
+ *) mod_cache: Correctly handle responses with a 301 status. PR 37347.
+ [Paul Querna]
+
+ *) mod_proxy_http: Prevent data corruption of POST request bodies when
+ client accesses proxied resources with SSL. PR 37145.
+ [Ruediger Pluem, William Rowe]
+
+ *) Eliminated the NET_TIME filter, restructuring the timeout logic.
+ This provides a working mod_echo on all platforms, and ensures any
+ custom protocol module is at least given an initial timeout value
+ based on the <VirtualHost > context's Timeout directive.
+ [William Rowe]
+
+ *) mod_ssl: Correct issue where mod_ssl does not pick up the
+ ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
+
+ *) Document the ReceiveBufferSize change done in r157583.
+ [Murray Nesbitt <murray cpan.org>]
+
+ *) mod_deflate: Merge the Vary header, instead of Setting it. Fixes
+ applications that send the Vary Header themselves. PR 37559.
+ [Paul Querna]
+
+ *) mod_dav: Fix a null pointer dereference in an error code path during the
+ handling of MKCOL. [Ghassan Misherghi <ghassanm ucdavis.edu>]
+
+ *) mod_mime_magic: Handle CRLF-format magic files so that it works with
+ the default installation on Windows. [Jeff Trawick]
+
+ *) Write message to error log if AuthGroupFile cannot be opened.
+ PR 37566. [Rüdiger Plüm]
+
+ *) Add ReceiveBufferSize directive to control the TCP receive buffer.
+ [Eric Covener <covener gmail.com>]
+
+ *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
+ [Paul Querna]
+
+ *) Remove the base href tag from proxy_ftp, as it breaks relative
+ links for clients not using an Authorization header. [Graham Leggett,
+ Jon Snow <jsnow27 gatesec.net>]
+
+ *) http_request.c: Add missing va_end call. [André Malo]
+
+ *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
+ [Paul Querna]
+
+ *) support/check_forensic: Fix temp file usage
+ [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]
+
+ *) Chunk filter: Fix chunk filter to create correct chunks in the case that
+ a flush bucket is surrounded by data buckets. [Ruediger Pluem]
+
+ *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
+ respond to OPTIONS directly rather than via server default.
+ [Roy Fielding] PR 15242
+
+ *) Added new module mod_version, which provides version dependent
+ configuration containers. [André Malo]
+
+ *) Add core version query function (ap_get_server_revision) and
+ accompanying ap_version_t structure (minor MMN bump).
+ [André Malo]
+
+Changes with Apache 2.0.55
+
+ *) SECURITY: CVE-2005-2700 (cve.mitre.org)
+ mod_ssl: Fix a security issue where "SSLVerifyClient" was not
+ enforced in per-location context if "SSLVerifyClient optional"
+ was configured in the vhost configuration. [Joe Orton]
+
+ *) SECURITY: CVE-2005-2970 (cve.mitre.org)
+ worker MPM: Fix a memory leak which can occur after an aborted
+ connection in some limited circumstances. [Greg Ames]
+
+ *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
+ retrieved from LDAP so that all of the values can be properly
+ cached even if the value is NULL.
+ [Brad Nicholes, Ondrej Sury <ondrej sury.org>]
+
+ *) SECURITY: CVE-2005-2491 (cve.mitre.org):
+ Fix integer overflows in PCRE in quantifier parsing which could
+ be triggered by a local user through use of a carefully-crafted
+ regex in an .htaccess file. [Philip Hazel]
+
+ *) SECURITY: CVE-2005-2088 (cve.mitre.org)
+ proxy: Correctly handle the Transfer-Encoding and Content-Length
+ headers. Discard the request Content-Length whenever T-E: chunked
+ is used, always passing one of either C-L or T-E: chunked whenever
+ the request includes a request body. Resolves an entire class of
+ proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
+
+ *) Added TraceEnable [on|off|extended] per-server directive to alter
+ the behavior of the TRACE method. This addresses a flaw in proxy
+ conformance to RFC 2616 - previously the proxy server would accept
+ a TRACE request body although the RFC prohibited it. The default
+ remains 'TraceEnable on'. [William Rowe]
+
+ *) Add ap_log_cerror() for logging messages associated with particular
+ client connections. [Jeff Trawick]
+
+ *) Correct mod_cgid's argv[0] so that the full path can be delved by the
+ invoked cgi application, to conform to the behavior of mod_cgi.
+ [Pradeep Kumar S <pradeep.smani gmail.com>]
+
+ *) mod_include: Fix possible environment variable corruption when
+ using nested includes. PR 12655. [Joe Orton]
+
+ *) Support the suppress-error-charset setting, as with Apache 1.3.x.
+ PR 31274. [Jeff Trawick]
+
+ *) EBCDIC: Handle chunked input from client or, with proxy, origin
+ server. [Jeff Trawick]
+
+ *) Fix bad globbing comparison which could result in getting
+ a directory listing when a file was requested. PR 34512.
+ [sean <infamous41md hotmail.com>]
+
+ *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
+ was called even if mod_auth_ldap_check_user_id() was not
+ (or if it didn't succeed) for non-authoritative cases.
+ [Jim Jagielski]
+
+ *) SECURITY: CVE-2005-2728 (cve.mitre.org)
+ Fix cases where the byterange filter would buffer responses
+ into memory. PR 29962. [Joe Orton]
+
+ *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
+ PR 15207. [Jim Jagielski]
+
+ *) mod_ldap: Fix various shared memory cache handling bugs.
+ PR 34209. [Joe Orton]
+
+ *) Fix a file descriptor leak when starting piped loggers. PR 33748.
+ [Joe Orton]
+
+ *) mod_ldap: Avoid segfaults when opening connections if using a version
+ of OpenLDAP older than 2.2.21. PR 34618. [Brad Nicholes]
+
+ *) mod_ssl: Fix build with OpenSSL 0.9.8. PR 35757. [William Rowe]
+
+ *) SECURITY: CVE-2005-2088 (cve.mitre.org)
+ core: If a request contains both Transfer-Encoding and Content-Length
+ headers, remove the Content-Length, mitigating some HTTP Request
+ Splitting/Spoofing attacks. [Paul Querna, Joe Orton]
+
+ *) proxy HTTP: If a response contains both Transfer-Encoding and a
+ Content-Length, remove the Content-Length and don't reuse the
+ connection, mitigating some HTTP Response Splitting attacks.
+ [Jeff Trawick]
+
+ *) Prevent hangs of child processes when writing to piped loggers at
+ the time of graceful restart. PR 26467. [Jeff Trawick]
+
+ *) SECURITY: CVE-2005-1268 (cve.mitre.org)
+ mod_ssl: Fix off-by-one overflow whilst printing CRL information
+ at "LogLevel debug" which could be triggered if configured
+ to use a "malicious" CRL. PR 35081. [Marc Stern <mstern csc.com>]
+
+ *) mod_userdir: Fix possible memory corruption issue. PR 34588.
+ [David Leonard <dleonard vintela.com>]
+
+ *) worker mpm: don't take down the whole server for a transient
+ thread creation failure. PR 34514 [Greg Ames]
+
+ *) mod_rewrite: use buffered I/O to improve performance with large
+ RewriteMap txt: files. [Greg Ames]
+
+ *) proxy HTTP: Rework the handling of request bodies to handle
+ chunked input and input filters which modify content length, and
+ avoid spooling arbitrary-sized request bodies in memory.
+ PR 15859. [Jeff Trawick]
+
+Changes with Apache 2.0.54
+
+ *) mod_cache: Add CacheIgnoreHeaders directive. PR 30399.
+ [Rüdiger Plüm <r.pluem t-online.de>]
+
+ *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
+ the ldap socket connection timeout value.
+ [Brad Nicholes]
+
+ *) Correctly export all mod_dav public functions.
+ [Branko Čibej <brane xbc.nu>]
+
+ *) Add a build script to create a solaris package. [Graham Leggett]
+
+ *) worker MPM: Fix a problem which could cause httpd processes to
+ remain active after shutdown. [Jeff Trawick]
+
+ *) Unix MPMs: Shut down the server more quickly when child processes are
+ slow to exit. [Joe Orton, Jeff Trawick]
+
+ *) Remove formatting characters from ap_log_error() calls. These
+ were escaped as fallout from CVE-2003-0020.
+ [Eric Covener <ecovener gmail.com>]
+
+ *) mod_ssl: If SSLUsername is used, set r->user earlier. PR 31418.
+ [David Reid]
+
+ *) htdigest: Fix permissions of created files. PR 33765. [Joe Orton]
+
+ *) core_input_filter: Move buckets to a persistent brigade instead of
+ creating a new brigade. This stop a memory leak when proxying a
+ Streaming Media Server. PR 33382. [Paul Querna]
+
+ *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid
+ hiccups from additional path information passed in non-utf-8 format.
+ [Richard Donkin <rd9 donkin.org]
+
+Changes with Apache 2.0.53
+
+ *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
+ [Max Bowsher <maxb ukf.net>]
+
+ *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
+ [Rici Lake <rici ricilake.net>]
+
+ *) mod_proxy: Respect errors reported by pre_connection hooks.
+ [Jeff Trawick]
+
+ *) --with-module can now take more than one module to be statically
+ linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
+ If the <modtype>-subdirectory doesn't exist it will be created and
+ populated with a standard Makefile.in. [Erik Abele]
+
+ *) Fix the RPM spec file so that an RPM build now works. An RPM
+ build now requires system installations of APR and APR-util.
+ Remove some arbitrary moving around of binaries - the RPM now
+ maps to the ASF build of httpd.
+ [Graham Leggett]
+
+ *) mod_dumpio, an I/O logging/dumping module, added to the
+ modules/expermimental subdirectory. [Jim Jagielski]
+
+ *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
+ library handles special characters. PR 24437. [Jess Holle]
+
+ *) Win32 MPM: Correct typo in debugging output. [William Rowe]
+
+ *) conf: Remove AddDefaultCharset from the default configuration because
+ setting a site-wide default does more harm than good. PR 23421.
+ [Roy Fielding]
+
+ *) Add charset to example CGI scripts. [Roy Fielding]
+
+ *) mod_ssl: fail quickly if SSL connection is aborted rather than
+ making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
+
+ *) Remove compiled-in upper limit on LimitRequestFieldSize.
+ [Bill Stoddard]
+
+ *) Start keeping track of time-taken-to-process-request again for
+ mod_status if ExtendedStatus is enabled. [Jim Jagielski]
+
+ *) mod_proxy: Handle client-aborted connections correctly. PR 32443.
+ [Janne Hietamäki, Joe Orton]
+
+ *) Fix handling of files >2Gb on all platforms (or builds) where
+ apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
+
+ *) mod_include: Fix bug which could truncate variable expansions
+ of N*64 characters by one byte. PR 32985. [Joe Orton]
+
+ *) Correct handling of certain bucket types in ap_save_brigade, fixing
+ possible segfaults in mod_cgi with #include virtual. PR 31247.
+ [Joe Orton]
+
+ *) Allow for the use of --with-module=foo:bar where the ./modules/foo
+ directory is local only. Assumes, of course, that the required
+ files are in ./modules/foo, but makes it easier to statically
+ build/log "external" modules. [Jim Jagielski]
+
+ *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
+ ldap authorization only modules have access to the util_ldap
+ user cache without having to require ldap authentication as well.
+ PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
+
+ *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
+ allows the module to only authorize a user if the attribute value
+ specified matches the value of the user object. PR 31913
+ [Ryan Morgan <rmorgan pobox.com>]
+
+ *) SECURITY: CVE-2004-0942 (cve.mitre.org)
+ Fix for memory consumption DoS in handling of MIME folded request
+ headers. [Joe Orton]
+
+ *) SECURITY: CVE-2004-0885 (cve.mitre.org)
+ mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
+ bypassed during an SSL renegotiation. PR 31505.
+ [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
+
+ *) mod_ssl: Fail at startup rather than segfault at runtime if a
+ client cert is configured with an encrypted private key.
+ PR 24030. [Joe Orton]
+
+ *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
+ [Joe Orton]
+
+ *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
+ [Jeff Trawick]
+
+ *) mod_cache: CacheDisable will only disable the URLs it was meant to
+ disable, not all caching. PR 31128.
+ [Edward Rudd <eddie omegaware.com>, Paul Querna]
+
+ *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
+ cache responses. [Justin Erenkrantz]
+
+ *) mod_rewrite: Handle per-location rules when r->filename is unset.
+ Previously this would segfault or simply not match as expected,
+ depending on the platform. [Jeff Trawick]
+
+ *) mod_rewrite: Fix 0 bytes write into random memory position.
+ PR 31036. [André Malo]
+
+ *) mod_disk_cache: Do not store aborted content. PR 21492.
+ [Rüdiger Plüm <r.pluem t-online.de>]
+
+ *) mod_disk_cache: Correctly store cached content type. PR 30278.
+ [Rüdiger Plüm <r.pluem t-online.de>]
+
+ *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
+ statistics display. PR 29216. [Graham Leggett]
+
+ *) mod_ldap: fix a bogus error message to tell the user which file
+ is causing a potential problem with the LDAP shared memory cache.
+ PR 31431 [Graham Leggett]
+
+ *) SECURITY: CVE-2004-1834 (cve.mitre.org)
+ mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
+
+ *) Fix the re-linking issue when purging elements from the LDAP cache
+ PR 24801. [Jess Holle <jessh ptc.com>]
+
+ *) mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
+
+ *) Fix Expires handling in mod_cache. [Justin Erenkrantz]
+
+ *) Alter mod_expires to run at a different filter priority to allow
+ proper Expires storage by mod_cache. [Justin Erenkrantz]
+
+Changes with Apache 2.0.52
+
+ *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
+
+ *) Fix the global mutex crash when the global mutex is never allocated
+ due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
+
+ *) Fix a segfault in the LDAP cache when it is configured switched
+ off. [Jess Holle <jessh ptc.com>]
+
+ *) SECURITY: CVE-2004-0811 (cve.mitre.org)
+ Fix merging of the Satisfy directive, which was applied to
+ the surrounding context and could allow access despite configured
+ authentication. PR 31315. [Rici Lake <rici ricilake.net>]
+
+ *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
+ is enabled. Previously, such urls would still be rejected.
+ [Jeff Trawick, Bill Stoddard]
+
+ *) mod_mem_cache: Fixed race condition causing segfault because of memory being
+ freed twice, or reused after being freed.
+ [J. Clar, W. Stoddard, G. Ames]
+
+ *) Add -l option to rotatelogs to let it use local time rather than
+ UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
+
+ *) mod_log_config: Fix a bug which prevented request completion time
+ from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
+ processing. PR 29696. [Alois Treindl <alois astro.ch>]
+
+Changes with Apache 2.0.51
+
+ *) SECURITY: CVE-2004-0786 (cve.mitre.org)
+ Fix an input validation issue in apr-util which could be
+ triggered by malformed IPv6 literal addresses. [Joe Orton]
+
+ *) SECURITY: CVE-2004-0747 (cve.mitre.org)
+ Fix buffer overflow in expansion of environment variables in
+ configuration file parsing. [André Malo]
+
+ *) SECURITY: CVE-2004-0809 (cve.mitre.org)
+ mod_dav_fs: Fix a segfault in the handling of an indirect lock
+ refresh. PR 31183. [Joe Orton]
+
+ *) mod_include no longer checks for recursion, because that's done
+ in the core. This allows for careful usage of recursive SSI.
+ [André Malo]
+
+ *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
+ [chunyan sheng <shengperson yahoo.com>, André Malo]
+
+ *) Include directives no longer refuse to process symlinks on
+ directories. Instead there's now a maximum nesting level
+ of included directories (128 as distributed). This is configurable
+ at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
+ PR 28492. [André Malo]
+
+ *) Win32: apache -k start|restart|install|config can leave stranded
+ piped logger processes (eg, rotatelogs.exe) due to improper
+ server shutdown on these code paths.
+ [Bill Stoddard]
+
+ *) SECURITY: CVE-2004-0751 (cve.mitre.org)
+ mod_ssl: Fix a segfault in the SSL input filter which could be
+ triggered if using "speculative" mode, for instance by a
+ proxy request to an SSL server. PR 30134. [Joe Orton]
+
+ *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
+ PR 30464. [Joe Orton, Madhusudan Mathihalli]
+
+ *) mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
+
+ *) Prevent CGI script output which includes a Content-Range header
+ from being passed through the byterange filter. [Joe Orton]
+
+ *) Satisfy directives now can be influenced by a surrounding <Limit>
+ container. PR 14726. [André Malo]
+
+ *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
+ PR 27985. [André Malo]
+
+ *) mod_disk_cache: Implement binary format for on-disk header files.
+ [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
+
+ *) mod_disk_cache: Optimize network performance of disk cache subsystem by
+ allowing zero-copy (sendfile) writes and other miscellaneous fixes.
+ [Justin Erenkrantz]
+
+ *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
+ switch to the provider API instead of hooks. [Justin Erenkrantz]
+
+ *) mod_autoindex: Don't truncate the directory listing if a stat()
+ call fails (for instance on a >2Gb file). PR 17357.
+ [Joe Orton]
+
+ *) Makefile fix: httpd is linked against LIBS given to the
+ 'make' invocation. PR 7882. [Joe Orton]
+
+ *) WinNT MPM: Fix a broken log message at termination. PR 28063.
+ [Eider Oliveira <eider bol.com.br>]
+
+ *) Prevent Win32 pool corruption at startup [Allan Edwards]
+
+ *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+ chosen SSL environment variable. PR 20957.
+ [Martin v. Loewis <martin v.loewis.de>]
+
+ *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
+ [Zvi Har'El <rl math.technion.ac.il>]
+
+ *) apachectl: Fix a problem finding envvars if sbindir != bindir.
+ PR 30723. [Friedrich Haubensak <hsk imb-jena.de>]
+
+ *) mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
+
+ *) SECURITY: CVE-2004-0748 (cve.mitre.org)
+ mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
+
+ *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
+ PR 18989. [Joe Orton]
+
+ *) mod_userdir: Ensure that the userdir identity is used for
+ suexec userdir access in a virtual host which has suexec configured.
+ PR 18156. [Joshua Slive]
+
+ *) mod_rewrite no longer confuses the RewriteMap caches if
+ different maps defined in different virtual hosts use the
+ same map name. PR 26462. [André Malo]
+
+ *) mod_setenvif: Remove "support" for Remote_User variable which
+ never worked at all. PR 25725. [André Malo]
+
+ *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
+ again the functionality of the ErrorHeader directive. But instead
+ using this misnomer additional flags to the Header directive were
+ introduced ("always" and "onsuccess", defaulting to the latter).
+ PR 28657. [André Malo]
+
+ *) Use the higher performing 'httpready' Accept Filter on all platforms
+ except FreeBSD < 4.1.1. [Paul Querna]
+
+ *) mod_usertrack: Escape the cookie name before pasting into the
+ regexp. [André Malo]
+
+ *) Extend the SetEnvIf directive to capture subexpressions of the
+ matched value. [André Malo]
+
+ *) Recursive Include directives no longer crash. The server stops
+ including configuration files after a certain nesting level (128
+ as distributed). This is configurable at compile time using the
+ -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
+
+ *) mod_dir: the trailing-slash behaviour is now configurable using the
+ DirectorySlash directive. [André Malo]
+
+ *) Allow proxying of resources that are invoked via DirectoryIndex.
+ PR 14648, 15112, 29961. [André Malo]
+
+ *) util_ldap: Switched the lock types on the shared memory cache
+ from thread reader/writer locks to global mutexes in order to
+ provide cross process cache protection. [Brad Nicholes]
+
+ *) util_ldap: Reworked the cache locking scheme to eliminate duplicate
+ cache entries in the credentials cache due to race conditions.
+ [Brad Nicholes]
+
+ *) util_ldap: Enhanced the util_ldap cache-info display to show more
+ detail about the contents and current state of the cache.
+ [Brad Nicholes]
+
+ *) Enable the option to support anonymous shared memory in mod_ldap.
+ This makes the cache work on Linux again. [Graham Leggett]
+
+ *) Enable special ErrorDocument value 'default' which restores the
+ canned server response for the scope of the directive.
+ [Geoffrey Young, André Malo]
+
+ *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
+ is set in r->subprocess_env allow mismatched query strings to pass.
+ PR 27758. [Paul Querna, Geoffrey Young]
+
+ *) Accept URLs for the ServerAdmin directive. If the supplied
+ argument is not recognized as an URL, assume it's a mail address.
+ PR 28174. [André Malo, Paul Querna]
+
+ *) initialize server arrays prior to calling ap_setup_prelinked_modules
+ so that static modules can push Defines values when registering
+ hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
+
+ *) Small fix to allow reverse proxying to an ftp server. Previously
+ an attempt to do this would try and connect to 0.0.0.0, regardless
+ of the server specified. PR 24922
+ [Pascal Terjan <pterjan@linuxfr.org>]
+
+ *) Add the NOTICE file to the rpm spec file in compliance with the
+ Apache v2.0 license. [Graham Leggett]
+
+ *) RPM spec file changes: changed default dependancy to link to db4
+ instead of db3. Fixed complaints about unpackaged files.
+ [Graham Leggett]
+
+Changes with Apache 2.0.50
+
+ *) SECURITY: CVE-2004-0493 (cve.mitre.org)
+ Close a denial of service vulnerability identified by Georgi
+ Guninski which could lead to memory exhaustion with certain
+ input data. [Jeff Trawick]
+
+ *) mod_cgi: Handle output on stderr during script execution on Unix
+ platforms; preventing deadlock when stderr output fills pipe buffer.
+ Also fixes case where stderr from nph- scripts could be lost.
+ PR 22030, 18348. [Joe Orton, Jeff Trawick]
+
+ *) mod_alias now emits a warning if it detects overlapping *Alias*
+ directives. [André Malo]
+
+ *) mod_rewrite no longer turns forward proxy requests into reverse proxy
+ requests. PR 28125 [ast domdv.de, André Malo]
+
+ *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
+ exported on Win32 and Netware as well (minor MMN bump). PR 28523.
+ [Edward Rudd <eddie omegaware.com>, André Malo]
+
+ *) Restore the ability to disable the use of AcceptEx on Win9x systems
+ automatically (broken in 2.0.49). PR 28529. [André Malo]
+
+ *) <VirtualHost myhost> now applies to all IP addresses for myhost
+ instead of just the first one reported by the resolver. This
+ corrects a regression since 1.3. [Jeff Trawick]
+
+ *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
+ against ServerRoot PR#26602 [Brad Nicholes]
+
+ *) SECURITY: CVE-2004-0488 (cve.mitre.org)
+ mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
+ (trusted) client certificate subject DN which exceeds 6K in length.
+ [Joe Orton]
+
+ *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
+ caused issues for the Eclipse WebDAV extension.
+ PR 29034. [Joe Orton]
+
+ *) mod_deflate: Fix memory consumption (which was proportional to the
+ response size). PR 29318. [Joe Orton]
+
+ *) mod_ssl: Log the errors returned on failure to load or initialize
+ a crypto accelerator engine. [Joe Orton]
+
+ *) Allow RequestHeader directives to be conditional. PR 27951.
+ [Vincent Deffontaines <vincent gryzor.com>, André Malo]
+
+ *) Allow LimitRequestBody to be reset to unlimited. PR 29106
+ [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
+ small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
+
+ *) Remove 2Gb log file size restriction on some 32-bit platforms.
+ PR 13511. [Joe Orton]
+
+ *) mod_logio no longer removes the EOS bucket. PR 27928.
+ [Bojan Smojver <bojan rexursive.com>]
+
+ *) htpasswd no longer refuses to process files that contain empty
+ lines. [André Malo]
+
+ *) Regression from 1.3: At startup, suexec now will be checked for
+ availability, the setuid bit and user root. The works only if
+ httpd is compiled with the shipped APR version (0.9.5).
+ PR 28287. [André Malo]
+
+ *) Unix MPMs: Stop dropping connections when the file descriptor
+ is at least FD_SETSIZE. [Jeff Trawick]
+
+ *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
+
+ *) mod_isapi: send_response_header() failed to copy status string's
+ last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
+
+ *) Fix a segfault when requests for shared memory fails and returns
+ NULL. Fix a segfault caused by a lack of bounds checking on the
+ cache. PR 24801. [Graham Leggett]
+
+ *) Throw an error message if an attempt is made to use the LDAPTrustedCA
+ or LDAPTrustedCAType directives in a VirtualHost. PR 26390
+ [Brad Nicholes]
+
+ *) Fix a potential segfault if the bind password in the LDAP cache
+ is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
+
+ *) Quotes cannot be used around require group and require dn
+ directives, update the documentation to reflect this. Also add
+ quotes around the dn and group within debug messages, to make it
+ more obvious why authentication is failing if quotes are used in
+ error. PR 19304. [Graham Leggett]
+
+ *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
+ from escaping filters twice when the backslash character is used.
+ PR 24437. [Jess Holle <jessh ptc.com>]
+
+ *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
+ functions leave the connections in a sane state after errors have
+ occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
+ 27271 [Graham Leggett]
+
+ *) mod_ldap calls ldap_simple_bind_s() to validate the user
+ credentials. If the bind fails, the connection is left
+ in an unbound state. Make sure that the ldap connection
+ record is updated to show that the connection is no longer
+ bound. [Brad Nicholes]
+
+ *) Ensure that lines in the request which are too long are
+ properly terminated before logging.
+ [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
+
+ *) Update the bind credentials for the cached LDAP connection to
+ reflect the last bind. This prevents util_ldap from creating
+ unnecessary connections rather than reusing cached connections.
+ [Brad Nicholes]
+
+ *) mod_isapi: GetServerVariable returned improperly terminated header
+ fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
+ [Jesse Pelton <jsp pkc.com>]
+
+ *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
+ size. PR 20617. [Jesse Pelton <jsp pkc.com>]
+
+ *) mod_dav: Fix a problem that could cause crashes when manipulating
+ locks on some platforms. [Jeff Trawick]
+
+ *) mod_headers no longer crashes if an empty header value should
+ be added. [André Malo]
+
+ *) Fix segfault in mod_expires, which occured under certain
+ circumstances. PR 28047. [André Malo]
+
+ *) htpasswd: use apr_temp_dir_get() and general cleanup
+ [Guenter Knauf <eflash gmx.net>, Thom May]
+
+ *) mod_ssl: Fix memory leak in session cache handling. PR 26562
+ [Madhusudan Mathihalli]
+
+ *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
+ a pool cleanup. PR 27945. [Joe Orton]
+
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
+ *) logresolve: Allow size of log line buffer to be overridden at
+ build time (MAXLINE). PR 27793. [Jeff Trawick]
+
+ *) Fix the comment delimiter in htdbm so that it correctly parses the
+ username comment. Also add a terminate function to allow NetWare
+ to pause the output before the screen is destroyed.
+ [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
+
+ *) Fix crash when Apache was started with no Listen directives.
+ [Michael Corcoran <mcorcoran warpsolutions.com>]
+
+ *) core_output_filter: Fix bug that could result in sending
+ garbage over the network when module handlers construct
+ bucket brigades containing multiple file buckets all referencing
+ the same open file descriptor. [Bojan Smojver]
+
+ *) Fix memory corruption problem with ap_custom_response() function.
+ The core per-dir config would later point to request pool data
+ that would be reused for different purposes on different requests.
+ [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
+
+ *) Win32: Tweak worker thread accounting routines to eliminate
+ server hang when number of Listen directives in httpd.conf
+ is greater than or equal to the setting of ThreadsPerChild.
+ [Bill Stoddard]
+
+Changes with Apache 2.0.49
+
+ *) SECURITY: CVE-2004-0174 (cve.mitre.org)
+ Fix starvation issue on listening sockets where a short-lived
+ connection on a rarely-accessed listening socket will cause a
+ child to hold the accept mutex and block out new connections until
+ another connection arrives on that rarely-accessed listening socket.
+ With Apache 2.x there is no performance concern about enabling the
+ logic for platforms which don't need it, so it is enabled everywhere
+ except for Win32. [Jeff Trawick]
+
+ *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
+ [Jeff Trawick]
+
+ *) Win32: find_read_listeners was not correctly handling multiple
+ listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
+
+ *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
+ [Manni Wood <manniwood planet-save.com>]
+
+ *) Fix some piped log problems: bogus "piped log program '(null)'
+ failed" messages during restart and problem with the logger
+ respawning again after Apache is stopped. PR 21648, PR 24805.
+ [Jeff Trawick]
+
+ *) Fixed file extensions for real media files and removed rpm extension
+ from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
+
+ *) Remove compile-time length limit on request strings. Length is
+ now enforced solely with the LimitRequestLine config directive.
+ [Paul J. Reder]
+
+ *) mod_ssl: Send the Close Alert message to the peer before closing
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
+
+ *) SECURITY: CVE-2004-0113 (cve.mitre.org)
+ mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
+ PR 27106. [Joe Orton]
+
+ *) mod_ssl: Fix bug in passphrase handling which could cause spurious
+ failures in SSL functions later. PR 21160. [Joe Orton]
+
+ *) mod_log_config: Fix corruption of buffered logs with threaded
+ MPMs. PR 25520. [Jeff Trawick]
+
+ *) Fix mod_include's expression parser to recognize strings correctly
+ even if they start with an escaped token. [André Malo]
+
+ *) Add fatal exception hook for use by diagnostic modules. The hook
+ is only available if the --enable-exception-hook configure parm
+ is used and the EnableExceptionHook directive has been set to
+ "on". [Jeff Trawick]
+
+ *) Allow mod_auth_digest to work with sub-requests with different
+ methods than the original request. PR 25040.
+ [Josh Dady <jpd indecisive.com>]
+
+ *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
+ argumentless containers.
+ ["Philippe M. Chiasson" <gozer cpan.org>]
+
+ *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
+ [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
+
+ *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
+ [Glenn Nielsen <glenn apache.org>]
+
+ *) The whole codebase was relicensed and is now available under
+ the Apache License, Version 2.0 (http://www.apache.org/licenses).
+ [Apache Software Foundation]
+
+ *) Fixed cache-removal order in mod_mem_cache.
+ [Jean-Jacques Clar, Cliff Woolley]
+
+ *) mod_setenvif: Fix the regex optimizer, which under circumstances
+ treated the supplied regex as literal string. PR 24219.
+ [André Malo]
+
+ *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
+ instead of mmn. [André Malo]
+
+ *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
+ could lead to a 400 (Bad Request) response. [André Malo]
+
+ *) Keep focus of ITERATE and ITERATE2 on the current module when
+ the module chooses to return DECLINE_CMD for the directive.
+ PR 22299. [Geoffrey Young <geoff apache.org>]
+
+ *) Add support for IMT minor-type wildcards (e.g., text/*) to
+ ExpiresByType. PR#7991 [Ken Coar]
+
+ *) Fix segfault in mod_mem_cache cache_insert() due to cache size
+ becoming negative. PR: 21285, 21287
+ [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
+
+ *) core.c: If large file support is enabled, allow any file that is
+ greater than AP_MAX_SENDFILE to be split into multiple buckets.
+ This allows Apache to send files that are greater than 2gig.
+ Otherwise we run into 32/64 bit type mismatches in the file size.
+ [Brad Nicholes]
+
+ *) proxy_http fix: mod_proxy hangs when both KeepAlive and
+ ProxyErrorOverride are enabled, and a non-200 response without a
+ body is generated by the backend server. (e.g.: a client makes a
+ request containing the "If-Modified-Since" and "If-None-Match"
+ headers, to which the backend server respond with status 304.)
+ [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
+
+ *) mod_dav: Reject requests which include an unescaped fragment in the
+ Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
+
+ *) Build array of allowed methods with proper dimensions, fixing
+ possible memory corruption. [Jeff Trawick]
+
+ *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
+ PR 15057. [Otmar Lendl <lendl nic.at>]
+
+ *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
+ [Joe Orton]
+
+ *) mod_usertrack no longer inspects the Cookie2 header for
+ the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
+
+ *) mod_usertrack no longer overwrites other cookies.
+ PR 26002. [Scott Moore <apache nopdesign.com>]
+
+ *) worker MPM: fix stack overlay bug that could cause the parent
+ process to crash. [Jeff Trawick]
+
+ *) Win32: Add Win32DisableAcceptEx directive. This Windows
+ NT/2000/CP directive is useful to work around bugs in some
+ third party layered service providers like virus scanners,
+ VPN and firewall products, that do not properly handle
+ WinSock 2 APIs. Use this directive if your server is issuing
+ AcceptEx failed messages.
+ [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
+
+ *) Make REMOTE_PORT variable available in mod_rewrite.
+ PR 25772. [André Malo]
+
+ *) Fix a long delay with CGI requests and keepalive connections on
+ AIX. [Jeff Trawick]
+
+ *) mod_autoindex: Add 'XHTML' option in order to allow switching between
+ HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
+
+ *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
+ [André Malo]
+
+ *) mod_ssl: Advertise SSL library version as determined at run-time rather
+ than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
+
+ *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
+ format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
+
+ *) Fix build with parallel make. PR 24643. [Joe Orton]
+
+ *) mod_rewrite: In external rewrite maps lookup keys containing
+ a newline now cause a lookup failure. PR 14453.
+ [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
+
+ *) Backport major overhaul of mod_include's filter parser from 2.1.
+ The new parser code is expected to be more robust and should
+ catch all of the edge cases that were not handled by the previous one.
+ The 2.1 external API changes were hidden by a wrapper which is
+ expected to keep the API backwards compatible. [André Malo]
+
+ *) Add a hook (insert_error_filter) to allow filters to re-insert
+ themselves during processing of error responses. Enable mod_expires
+ to use the new hook to include Expires headers in valid error
+ responses. This addresses an RFC violation. It fixes PRs 19794,
+ 24884, and 25123. [Paul J. Reder]
+
+ *) Add Polish translation of error messages. PR 25101.
+ [Tomasz Kepczynski <tomek jot23.org>]
+
+ *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
+ supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
+ Bill Stoddard]
+
+ *) Add mod_status hook to allow modules to add to the mod_status
+ report. [Joe Orton]
+
+ *) Fix htdbm to generate comment fields in DBM files correctly.
+ [Justin Erenkrantz]
+
+ *) mod_dav: Use bucket brigades when reading PUT data. This avoids
+ problems if the data stream is modified by an input filter. PR 22104.
+ [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
+
+ *) Fix RewriteBase directive to not add double slashes. [André Malo]
+
+ *) Improve 'configure --help' output for some modules. [Astrid Keßler]
+
+ *) Correct UseCanonicalName Off to properly check incoming port number.
+ [Jim Jagielski]
+
+ *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
+
+ *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
+ if any property values were set which defined namespaces these
+ came out mangled in the PROPFIND response. PR 11637.
+ [Amit Athavale <amit_athavale persistent.co.in>]
+
+ *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
+ the destination resource gives a 401. PR 15571. [Joe Orton]
+
+ *) SECURITY: CVE-2003-0020 (cve.mitre.org)
+ Escape arbitrary data before writing into the errorlog. Unescaped
+ errorlogs are still possible using the compile time switch
+ "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
+
+ *) mod_autoindex / core: Don't fail to show filenames containing
+ special characters like '%'. PR 13598. [André Malo]
+
+ *) mod_status: Report total CPU time accurately when using a threaded
+ MPM. PR 23795. [Jeff Trawick]
+
+ *) Fix memory leak in handling of request bodies during reverse
+ proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
+
+ *) Win32 MPM: Implement MaxMemFree to enable setting an upper
+ limit on the amount of storage used by the bucket brigades
+ in each server thread. [Bill Stoddard]
+
+ *) Modified the cache code to be header-location agnostic. Also
+ fixed a number of other cache code bugs related to PR 15852.
+ Includes a patch submitted by Sushma Rai <rsushma novell.com>.
+ This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
+ closing the PR since that is what they are using. [Paul J. Reder]
+
+ *) complain via error_log when mod_include's INCLUDES filter is
+ enabled, but the relevant Options flag allowing the filter to run
+ for the specific resource wasn't set, so that the filter won't
+ silently get skipped. next remove itself, so the warning will be
+ logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
+
+ *) mod_info: HTML escape configuration information so it displays
+ correctly. PR 24232. [Thom May]
+
+ *) Restore the ability to add a description for directories that
+ don't contain an index file. (Broken in 2.0.48) [André Malo]
+
+ *) Fix a problem with the display of empty variables ("SetEnv foo") in
+ mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
+
+ *) mod_log_config: Log the minutes component of the timezone correctly.
+ PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
+
+ *) mod_proxy: Fix cases where an invalid status-line could be sent
+ to the client. PR 23998. [Joe Orton]
+
+ *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
+ are also loaded. [Joe Orton]
+
+ *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
+ thread-safe interface for retrieving error strings. [Joe Orton]
+
+ *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
+ avoid reporting an Internal Server error if it is used without
+ having been set in the httpd.conf file. PR: 23748, 24459
+ [André Malo, Liam Quinn <liam htmlhelp.com>]
+
+ *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
+ option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
+
+ *) mod_include no longer allows an ETag header on 304 responses.
+ PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
+
+ *) EBCDIC: Convert header fields to ASCII before sending (broken
+ since 2.0.44). [Martin Kraemer]
+
+ *) Fix the inability to log errors like exec failure in
+ mod_ext_filter/mod_cgi script children. This was broken after
+ such children stopped inheriting the error log handle.
+ [Jeff Trawick]
+
+ *) Fix mod_info to use the real config file name, not the default
+ config file name. [Aryeh Katz <aryeh secured-services.com>]
+
+ *) Set the scoreboard state to indicate logging prior to running
+ logging hooks so that server-status will show 'L' for hung loggers
+ instead of 'W'. [Jeff Trawick]
+
+Changes with Apache 2.0.48
+
+ *) SECURITY: CVE-2003-0789 (cve.mitre.org)
+ mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
+ communicate with the cgid daemon and the CGI script.
+ [Jeff Trawick]
+
+ *) SECURITY: CVE-2003-0542 (cve.mitre.org)
+ Fix buffer overflows in mod_alias and mod_rewrite which occurred
+ if one configured a regular expression with more than 9 captures.
+ [André Malo]
+
+ *) mod_include: fix segfault which occured if the filename was not
+ set, for example, when processing some error conditions.
+ PR 23836. [Brian Akins <bakins web.turner.com>, André Malo]
+
+ *) fix the config parser to support <Foo>..</Foo> containers (no
+ arguments in the opening tag) supported by httpd 1.3. Without
+ this change mod_perl 2.0's <Perl> sections are broken.
+ ["Philippe M. Chiasson" <gozer cpan.org>]
+
+ *) mod_cgid: fix a hash table corruption problem which could
+ result in the wrong script being cleaned up at the end of a
+ request. [Jeff Trawick]
+
+ *) Update httpd-*.conf to be clearer in describing the connection
+ between AddType and AddEncoding for defining the meaning of
+ compressed file extensions. [Roy Fielding]
+
+ *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
+ PR 23416. [André Malo]
+
+ *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
+ rewritten request using "proxy:". The code was adding multiple "proxy:"
+ fields in the rewritten URI. PR: 13946.
+ [Eider Oliveira <eider bol.com.br>]
+
+ *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
+ expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
+
+ *) Ensure that ssl-std.conf is generated at configure time, and switch
+ to using the expanded config variables to work the same as
+ httpd-std.conf PR: 19611
+ [Thom May]
+
+ *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
+ [Hartmut Keil <Hartmut.Keil adnovum.ch>]
+
+ *) mod_autoindex: If a directory contains a file listed in the
+ DirectoryIndex directive, the folder icon is no longer replaced
+ by the icon of that file. PR 9587.
+ [David Shane Holden <dpejesh yahoo.com>]
+
+ *) Fixed mod_usertrack to not get false positive matches on the
+ user-tracking cookie's name. PR 16661.
+ [Manni Wood <manniwood planet-save.com>]
+
+ *) mod_cache: Fix the cache code so that responses can be cached
+ if they have an Expires header but no Etag or Last-Modified
+ headers. PR 23130.
+ [<bjorn exoweb.net>]
+
+ *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
+ were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
+
+ *) Modify ap_get_client_block() to note if it has seen EOS.
+ [Justin Erenkrantz]
+
+ *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
+ content if the Accept-Encoding header contained only other tokens than
+ "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
+
+ *) Avoid an infinite recursion, which occured if the name of an included
+ config file or directory contained a wildcard character. PR 22194.
+ [André Malo]
+
+ *) mod_ssl: Fix a problem setting variables that represent the
+ client certificate chain. PR 21371 [Jeff Trawick]
+
+ *) Unix: Handle permissions settings for flock-based mutexes in
+ unixd_set_global|proc_mutex_perms(). Allow the functions to be
+ called for any type of mutex. PR 20312 [Jeff Trawick]
+
+ *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
+
+ *) Fix a misleading message from the some of the threaded MPMs when
+ MaxClients has to be lowered due to the setting of ServerLimit.
+ [Jeff Trawick]
+
+ *) Lower the severity of the "listener thread didn't exit" message
+ to debug, as it is of interest only to developers. PR 9011
+ [Jeff Trawick]
+
+ *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
+ [Cliff Woolley, Jean-Jacques Clar]
+
+ *) Install config.nice into the build/ directory to make
+ minor version upgrades easier. [Joshua Slive]
+
+ *) Fix mod_deflate so that it does not call deflate() without checking
+ first whether it has something to deflate. (Currently this causes
+ deflate to generate a fatal error according to the zlib spec.)
+ PR 22259. [Stas Bekman]
+
+ *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an
+ identity spoof is encountered.
+ [Sander Striker]
+
+ *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
+ containing the .htaccess file is requested without a trailing slash.
+ PR 20195. [André Malo]
+
+ *) ab: Overlong credentials given via command line no longer clobber
+ the buffer. [André Malo]
+
+ *) mod_deflate: Don't attempt to hold all of the response until we're
+ done. [Justin Erenkrantz]
+
+ *) Assure that we block properly when reading input bodies with SSL.
+ PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe]
+
+ *) Update mime.types to include latest IANA and W3C types. [Roy Fielding]
+
+ *) mod_ext_filter: Set additional environment variables for use by
+ the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
+
+ *) Fix buildconf errors when libtool version changes. [Jeff Trawick]
+
+ *) Remember an authenticated user during internal redirects if the
+ redirection target is not access protected and pass it
+ to scripts using the REDIRECT_REMOTE_USER environment variable.
+ PR 10678, 11602. [André Malo]
+
+ *) mod_include: Fix a trio of bugs that would cause various unusual
+ sequences of parsed bytes to omit portions of the output stream.
+ PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
+
+ *) Update the header token parsing code to allow LWS between the
+ token word and the ':' seperator. [PR 16520]
+ [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
+
+ *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
+ [Joe Schaefer <joe+gmane sunstarsys.com>]
+
+ *) Added FreeBSD directory layout. PR 21100.
+ [Sander Holthaus <info orangexl.com>, André Malo]
+
+ *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
+ response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
+
+ *) mod_rewrite: Perform child initialization on the rewrite log lock.
+ This fixes a log corruption issue when flock-based serialization
+ is used (e.g., FreeBSD). [Jeff Trawick]
+
+ *) Don't respect the Server header field as set by modules and CGIs.
+ As with 1.3, for proxy requests any such field is from the origin
+ server; otherwise it will have our server info as controlled by
+ the ServerTokens directive. [Jeff Trawick]
+
+Changes with Apache 2.0.47
+
+ *) SECURITY: CVE-2003-0192 (cve.mitre.org)
+ Fixed a bug whereby certain sequences of per-directory
+ renegotiations and the SSLCipherSuite directive being used to
+ upgrade from a weak ciphersuite to a strong one could result in
+ the weak ciphersuite being used in place of the strong one.
+ [Ben Laurie]
+
+ *) SECURITY: CVE-2003-0253 (cve.mitre.org)
+ Fixed a bug in prefork MPM causing temporary denial of service
+ when accept() on a rarely accessed port returns certain errors.
+ Reported by Saheed Akhtar <S.Akhtar talis.com>. [Jeff Trawick]
+
+ *) SECURITY: CVE-2003-0254 (cve.mitre.org)
+ Fixed a bug in ftp proxy causing denial of service when target
+ host is IPv6 but proxy server can't create IPv6 socket. Fixed by
+ the reporter. [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
+
+ *) SECURITY [VU#379828] Prevent the server from crashing when entering
+ infinite loops. The new LimitInternalRecursion directive configures
+ limits of subsequent internal redirects and nested subrequests, after
+ which the request will be aborted. PR 19753 (and probably others).
+ [William Rowe, Jeff Trawick, André Malo]
+
+ *) core_output_filter: don't split the brigade after a FLUSH bucket if
+ it's the last bucket. This prevents creating unneccessary empty
+ brigades which may not be destroyed until the end of a keepalive
+ connection.
+ [Juan Rivera <Juan.Rivera citrix.com>]
+
+ *) Add support for "streamy" PROPFIND responses.
+ [Ben Collins-Sussman <sussman collab.net>]
+
+ *) mod_cgid: Eliminate a double-close of a socket. This resolves
+ various operational problems in a threaded MPM, since on the
+ second attempt to close the socket, the same descriptor was
+ often already in use by another thread for another purpose.
+ [Jeff Trawick]
+
+ *) mod_negotiation: Introduce "prefer-language" environment variable,
+ which allows to influence the negotiation process on request basis
+ to prefer a certain language. [André Malo]
+
+ *) Make mod_expires' ExpiresByType work properly, including for
+ dynamically-generated documents. [Ken Coar, Bill Stoddard]
+
+Changes with Apache 2.0.46
+
+ *) SECURITY: CVE-2003-0245 (cve.mitre.org)
+ Fixed a bug causing apr_pvsprintf() to crash by sending an overly
+ long string. This can be triggered remotely through mod_dav,
+ mod_ssl, and other mechanisms.
+ Reported by David Endler <DEndler iDefense.com>. [Joe Orton]
+
+ *) SECURITY: CVE-2003-0189 (cve.mitre.org)
+ Fixed a denial-of-service vulnerability affecting basic
+ authentication on Unix platforms related to thread-safety in
+ apr_password_validate().
+ Reported by John Hughes <john.hughes entegrity.com>.
+
+ *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided,
+ when a MKACTIVITY request comes in.
+ [Ben Collins-Sussman <sussman collab.net>]
+
+ *) Perform run-time query in apxs for apr and apr-util's includes.
+ [Justin Erenkrantz]
+
+ *) run libtool from the apr install directory (in case that is different
+ from the apache install directory) [Jeff Trawick]
+
+ *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
+
+ *) If mod_mime_magic does not know the content-type, do not attempt to
+ guess. PR 16908. [Andrew Gapon <agapon telcordia.com>]
+
+ *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
+ caching. PR 17864.
+ [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
+
+ *) Add a delete flag to htpasswd.
+ [Thom May]
+
+ *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
+ now work scheme dependent and the query string will only be
+ appended if supported by the particular scheme. [André Malo]
+
+ *) Add another check for already compressed content in mod_deflate.
+ PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
+
+ *) Fixes for VPATH builds; copying special.mk and any future .mk files
+ from the source tree as well as the build tree (now creates a usable
+ configuration for apxs), and eliminated redundant -I'nclude paths.
+ [William Rowe]
+
+ *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
+ for SSLC and OpenSSL toolkit compatibility. Still work remains to
+ be done to cripple features based on the limitations of RSA's binary
+ distribution of their SSL-C toolkit.
+ [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
+
+ *) Linux 2.4+: If Apache is started as root and you code
+ CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
+ [Greg Ames]
+
+ *) ap_get_mime_headers_core: allocate space for the trailing null
+ when folding is in effect.
+ PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
+
+ *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert]
+
+ *) mod_log_config: Add the ability to log the id of the thread
+ processing the request via new %P formats. [Jeff Trawick]
+
+ *) Use appropriate language codes for Czech (cs) and Traditional Chinese
+ (zh-tw) in default config files. PR 9427. [André Malo]
+
+ *) mod_auth_ldap: Use generic whitespace character class when parsing
+ "require" directives, instead of literal spaces only. PR 17135.
+ [André Malo]
+
+ *) Hook mod_rewrite's type checker before mod_mime's one. That way the
+ RewriteRule [T=...] Flag should work as expected now. PR 19626.
+ [André Malo]
+
+ *) htpasswd: Check the processed file on validity. If a line is not empty
+ and not a comment, it must contain at least one colon. Otherwise exit
+ with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
+
+ *) Fix a problem that caused httpd to be linked with incorrect flags
+ on some platforms when mod_so was enabled by default, breaking
+ DSOs on AIX. PR 19012 [Jeff Trawick]
+
+ *) By default, use the same CC and CPP with which APR was built.
+ The user can override with CC and CPP environment variables.
+ [Jeff Trawick]
+
+ *) Fix ap_construct_url() so that it surrounds IPv6 literal address
+ strings with []. This fixes certain types of redirection.
+ PR 19207. [Jeff Trawick]
+
+ *) forward port of buffer overflow fixes for htdigest. [Thom May]
+
+ *) Added AllowEncodedSlashes directive to permit control of whether
+ the server will accept encoded slashes ('%2f') in the URI path.
+ Default condition is off (the historical behaviour). This permits
+ environments in which the path-info needs to contain encoded
+ slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
+
+ *) When using Redirect in directory context, append requested query
+ string if there's no one supplied by configuration. PR 10961.
+ [André Malo]
+
+ *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
+ the pattern will not always match as desired. PR 12596.
+ [André Malo]
+
+ *) mod_autoindex now emits and accepts modern query string parameter
+ delimiters (;). Thus column headers no longer contain unescaped
+ ampersands. PR 10880 [André Malo]
+
+ *) Enable ap_sock_disable_nagle for Windows. This along with the
+ addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle
+ to be disabled for Windows. [Allan Edwards]
+
+ *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
+ This patch reverts us to pre-2.0.46 behavior, using the
+ ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle
+ was never compiled on Win32. [Allan Edwards, William Rowe]
+
+ *) Fix a build problem with passing unsupported --enable-layout
+ args to apr and apr-util. This broke binbuild.sh as well as
+ user-specified layout parameters. PR 18649 [Justin Erenkrantz,
+ Jeff Trawick]
+
+ *) If a Date response header was already set in the headers array,
+ this value was ignored in favour of the current time. This meant
+ that Date headers on proxied requests where rewritten when they
+ should not have been. PR: 14376 [Graham Leggett]
+
+ *) Add code to buildconf that produces an httpd.spec file from
+ httpd.spec.in, using build/get-version.sh from APR.
+ [Graham Leggett]
+
+ *) Fixed a segfault when multiple ProxyBlock directives were used.
+ PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
+
+ *) SECURITY: CVE-2003-0134 (cve.mitre.org)
+ OS2: Fix a Denial of Service vulnerability identified and
+ reported by Robert Howard <rihoward rawbw.com> that where device
+ names faulted the running OS2 worker process. The fix is
+ actually in APR 0.9.4. [Brian Havard]
+
+ *) SECURITY: CVE-2003-0083 (cve.mitre.org)
+ Forward port: Escape special characters (especially control
+ characters) in mod_log_config to make a clear distinction between
+ client-supplied strings (with special characters) and server-side
+ strings. This was already introduced in version 1.3.25.
+ [André Malo]
+
+ *) mod_deflate: Check also err_headers_out for an already set
+ Content-Encoding: gzip header. This prevents gzip compressed content
+ from a CGI script from being compressed once more. PR 17797.
+ [André Malo]
+
+Changes with Apache 2.0.45
+
+ *) Fix possible segfaults under obscure error conditions within the
+ cgid daemon. [Jeff Trawick, William Rowe]
+
+ *) SECURITY: CVE-2003-0132 (cve.mitre.org)
+ Close a Denial of Service vulnerability identified by David
+ Endler <DEndler iDefense.com> on all platforms. An unlimited
+ stream of newlines were acceptable between requests where each
+ <lf> would allocate an 80 byte buffer, leading very quickly to
+ memory exahustion. [Brian Pane]
+
+ *) Added an rpm build script.
+ [Graham Leggett, Joe Orton <jorton redhat.com>]
+
+ *) Simpler, faster code path for request header scanning [Brian Pane]
+
+ *) SECURITY: Eliminated leaks of several file descriptors to child
+ processes, such as CGI scripts. This fix depends on the APR library
+ release 0.9.2 or later (0.9.3 was distributed with the httpd
+ source tarball for Apache 2.0.45.) PR 17206
+ [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
+
+ *) Fix path handling of mod_rewrite, especially on non-unix systems.
+ There was some confusion between local paths and URL paths.
+ PR 12902. [André Malo]
+
+ *) Prevent endless loops of internal redirects in mod_rewrite by
+ aborting after exceeding a limit of internal redirects. The
+ limit defaults to 10 and can be changed using the RewriteOptions
+ directive. PR 17462. [André Malo]
+
+ *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
+ all worker threads are busy.
+ [Igor Nazarenko <igor_nazarenko hotmail.com>]
+
+ *) Keep the subrequest filter in place when a subrequest is
+ redirected. PR 15423. [Jeff Trawick]
+
+ *) you can now specify the compression level for mod_deflate.
+ [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>,
+ Michael Schroepl <Michael.Schroepl telekurs.de>]
+
+ *) mod_deflate: Extend the DeflateFilterNote directive to
+ allow accurate logging of the filter's in- and outstream.
+ [André Malo]
+
+ *) Allow SSLMutex to select/use the full range of APR locking
+ mechanisms available to it. Also, fix the bug that SSLMutex uses
+ APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski,
+ Martin Kutschker <martin.t.kutschker blackbox.net>]
+
+ *) Restore the ability of htdigest.exe to create files that contain
+ more than one user. PR 12910. [André Malo]
+
+ *) Improve binary compatibility of the core between debug (aka
+ maintainer-mode) and a non-debug compile.
+ [Sander Striker]
+
+ *) mod_usertrack: don't set the cookie in subrequests. This works
+ around the problem that cookies were set twice during fast internal
+ redirects. PR 13211. [André Malo]
+
+ *) mod_autoindex no longer forgets output format and enabled version
+ sort in linked column headers. [André Malo]
+
+ *) Use .sv instead of .se as extension for Swedish documents in the
+ default configuration. PR 12877. [André Malo]
+
+ *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
+ and standardized the LDAP SSL support across the various LDAP SDKs.
+ Isolated the SSL functionality to mod_ldap rather than speading it
+ across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA
+ and LDAPTrustedCAType directives to mod_ldap to allow for a more
+ common method of specifying the SSL certificate.
+ [Dave Ward, Brad Nicholes]
+
+ *) Fixed mod_ssl's SSLCertificateChain initialization to no longer
+ skip the first cert of the chain by default. This misbehavior
+ was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli]
+
+ *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
+ be started on Unix because of such problems as bad permissions,
+ bad shebang line, etc. [Jeff Trawick]
+
+ *) Fix 64-bit problem in mod_ssl input logic.
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
+
+ *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046.
+ [Justin Erenkrantz]
+
+ *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134.
+ [Justin Erenkrantz]
+
+ *) Fix segfault which occurred when a section in an included
+ configuration file was not closed. PR 17093. [André Malo]
+
+ *) Enhance the behavior of mod_isapi's WriteClient() callback to
+ provide better emulation for isapi modules that presume that the
+ first WriteClient() call may send status and headers. An example
+ of WriteClient() abuse is the foxisapi module, which relies on
+ that assumpion and now works. [William Rowe, Milan Kosina]
+
+ *) Check the return value of ap_run_pre_connection(). So if the
+ pre_connection phase fails (without setting c->aborted)
+ ap_run_process_connection is not executed. [Stas Bekman]
+
+ *) Fixed a problem with mod_ldap which caused it to fault when caching
+ was disabled. Needed to make sure that the code did not
+ attempt to use the cache if it didn't exist. Also fixed some memory
+ leaks which were due to not releasing LDAP resources on error
+ conditions. [Brad Nicholes]
+
+ *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
+ mod_rewrite proxied URLs will not be escaped accidentally by
+ mod_proxy's fixup. PR 16368 [André Malo]
+
+ *) While processing filters on internal redirects, remember seen EOS
+ buckets also in the request structure of the redirect issuer(s). This
+ prevents filters (such as mod_deflate) from adding garbage to the
+ response. PR 14451. [André Malo]
+
+ *) suexec: Be more pedantic when cleaning environment. Clean it
+ immediately after startup. PR 2790, 10449.
+ [Jeff Stewart <jws purdue.edu>, André Malo]
+
+ *) Fix apxs to insert LoadModule directives only outside of sections.
+ PR 8712, 9012. [André Malo]
+
+ *) Fix suexec compile error under SUNOS4, where strerror() doesn't
+ exist. PR 5913, 9977.
+ [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
+
+ *) Fix If header parsing when a non-mod_dav lock token is passed to it.
+ PR 16452. [Justin Erenkrantz]
+
+ *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
+ not specified. Now it assumes "/" as already documented. PR 16937.
+ [André Malo]
+
+ *) Try to log an error if a piped log program fails. Try to
+ restart a piped log program in more failure situations. Fix an
+ existing problem with error handling in piped_log_spawn(). Use
+ new APR apr_proc_create() features to prevent Apache from starting
+ on Unix* in most cases where a piped log program can be started,
+ and add log messages for the other situations. *Other platforms
+ already failed Apache initialization if a piped log program
+ couldn't be started. PR 15761 [Jeff Trawick]
+
+ *) Fix mod_cern_meta to not create empty metafiles when the
+ metafile searched for does not exist. PR 12353
+ [Owen Rees <owen_rees hp.com>]
+
+ *) Introduce debugging symbols for Win32 release builds, both .pdb
+ and .dbg files (older debuggers and Dr. Watson-type utilities
+ on WinNT or Win9x don't support the newer .pdb flavor.)
+ [Allen Edwards, William Rowe]
+
+ *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
+ information (and more). Related to PR 9076. [André Malo]
+
+ *) mod_file_cache: fix segfault serving mmaped cached files.
+ [Bill Stoddard]
+
+ *) mod_file_cache: fixed a segfault when multiple MMapFile directives
+ were used. PR 16313. [Cliff Woolley]
+
+ *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
+ an incompatible pointer type to mmap_bucket_destroy(void*).
+ [Gerard Eviston <geviston bigpond.net.au>]
+
+ *) Enable the -n name parameter on NetWare to allow the
+ administrator to rename the Apache console screen
+ [Brad Nicholes]
+
+ *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
+ support by default in APR. More development is required
+ to deploy OTHER_CHILD on Win32. [William Rowe]
+
+ *) Use saner default config values for suexec. PR 15713.
+ [Thom May <thom planetarytramp.net>]
+
+ *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
+ (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo]
+
+ *) apxs: Include any special APR ld flags when linking the DSO.
+ This resolves problems on AIX when building a DSO with apxs+gcc.
+ [Jeff Trawick]
+
+ *) Added character set support to mod_auth_LDAP to allow it to
+ convert extended characters used in the user ID to UTF-8
+ before authenticating against the LDAP directory. The new
+ directive AuthLDAPCharsetConfig is used to specify the config
+ file that contains the character set conversion table.
+ [Brad Nicholes]
+
+ *) Don't remove the Content-Length from responses in mod_proxy
+ PR: 8677 [Brian Pane]
+
+ *) Ensure LDAP version is set to v3 on every bind. PR 14235.
+ [Sergey A. Lipnevich <sergeyli pisem.net>]
+
+ *) Fix mod_ldap to open an existing shared memory file should one
+ already exist. PR 12757. [Scooter Morris <scooter gene.com>,
+ Graham Leggett]
+
+ *) Fix the ulimit command used by apachectl on Tru64. PR 13609.
+ [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
+
+ *) Change the ulimit command used by apachectl on AIX so that it
+ works in all locales. [Jeff Trawick]
+
+ *) mod_ext_filter: Fix a problem building argument lists which
+ occasionally caused exec to fail. PR 15491. [Jeff Trawick]
+
+Changes with Apache 2.0.44
+
+ *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
+ from Apache 1.3. PR 14276
+ [David Shane Holden <dpejesh yahoo.com>, William Rowe]
+
+ *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
+ [Brian Pane]
+
+ *) Reorder the definitions for mod_ldap and mod_auth_ldap within
+ config.m4 to make sure the parent mod_ldap is defined first.
+ This ensures that mod_ldap comes before mod_auth_ldap in the
+ httpd.conf file, which is necessary for mod_auth_ldap to load.
+ PR 14256 [Graham Leggett]
+
+ *) Fix the building of cgi command lines when the query string
+ contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>,
+ Jeff Trawick]
+
+ *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
+ implementation of MCacheMaxStreamingBuffer from mod_cache to
+ mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
+ lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should
+ eliminate the need for explicitly coding MCacheMaxStreamingBuffer
+ in most configurations. [Bill Stoddard]
+
+ *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
+ a redirect occurs. The code was passing a format string and
+ integer to apr_pstrcat. Changed to apr_psprintf.
+ [Paul J. Reder]
+
+ *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
+ as set by apr-util in util_ldap.c. This should allow mod_ldap
+ to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
+ <somme oslo.westerngeco.slb.com>, Graham Leggett]
+
+ *) Fix critical bug in new --enable-v4-mapped configure option
+ implementation which broke IPv4 listening sockets on some
+ systems. [hiroyuki hanai <hanai imgsrc.co.jp>]
+
+ *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
+ patterns [André Malo <nd perlig.de>]
+
+ *) Add version string to provider API. [Justin Erenkrantz]
+
+ *) build: './configure && make' now works without an in-tree
+ apr and apr-util. [Wilfredo Sanchez]
+
+ *) mod_negotiation: Set the appropriate mime response headers
+ (Content-Type, charset, Content-Language and Content-Encoding)
+ for negotated type-map "Body:" responses (such as the error
+ pages.) [André Malo <nd perlig.de>]
+
+ *) mod_log_config: Allow '%%' escaping in CustomLog format
+ strings to insert a literal, single '%'.
+ [André Malo <nd perlig.de>]
+
+ *) mod_autoindex: AddDescription directives for directories
+ now work as in Apache 1.3, where no trailing '/' is
+ specified on the directory name. Previously, the trailing
+ '/' *had* to be specified, which was incompatible with
+ Apache 1.3. PR 7990 [Jeff Trawick]
+
+ *) Fix for PR 14556. The expiry calculations in mod_cache were
+ trying to perform "now + ((date - lastmod) * factor)" where
+ date == lastmod resulting in "now + 0". The code now follows
+ the else path (using the default expiration) if date is
+ equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
+
+ *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
+ default calling convention is not the same as the one used by
+ AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>]
+
+ *) mod_cache: Don't cache response header fields designated
+ as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
+ [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
+
+ *) mod_cgid: Handle environment variables containing newlines.
+ PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff
+ Trawick]
+
+ *) Move mod_ext_filter out of experimental and into filters.
+ [Jeff Trawick]
+
+ *) Fixed a memory leak in mod_deflate with dynamic content.
+ PR 14321 [Ken Franken <kfranken decisionmark.com>]
+
+ *) Add --[enable|disable]-v4-mapped configure option to control
+ whether or not Apache expects to handle IPv4 connections
+ on IPv6 listening sockets. Either setting will work on
+ systems with the IPV6_V6ONLY socket option. --enable-v4-mapped
+ must be used on systems that always allow IPv4 connections on
+ IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats)
+ [Jeff Trawick]
+
+ *) This fixes a problem where the underlying cache code
+ indicated that there was one more element on the cache
+ than there actually was. This happened since element 0
+ exists but is not used. This code allocates the correct
+ number of useable elements and reports the number of
+ actually used elements. The previous code only allowed
+ MCacheMaxObjectCount-1 objects to be stored in the
+ cache. [Paul J. Reder]
+
+ *) mod_setenvif: Add SERVER_ADDR special keyword to allow
+ envariable setting according to the server IP address
+ which received the request. [Ken Coar]
+
+ *) mod_cgid: Terminate CGI scripts when the client connection
+ drops. PR 8388 [Jeff Trawick]
+
+ *) Rearrange OpenSSL engine initialization to support RAND
+ redirection on crypto accelerator.
+ [Frederic DONNAT <frederic.donnat zencod.com>]
+
+ *) Always emit Vary header if mod_deflate is involved in the
+ request. [André Malo <nd perlig.de>]
+
+ *) mod_isapi: Stop unsetting the 'empty' query string result with
+ a NULL argument in ecb->lpszQueryString, eliminating segfaults
+ for some ISAPI modules. PR 14399
+ [Detlev Vendt <detlev.vendt brillit.de>]
+
+ *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
+ notification is received before the HttpExtensionProc() returns
+ HSE_STATUS_PENDING. This only affected isapi .dll's configured
+ with the ISAPIFakeAsync on directive. PR 11918
+ [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
+
+ *) mod_isapi: Fix the issue where all results from mod_isapi would
+ run through the core die handler resulting in invalid responses
+ or access log entries. PR 10216 [William Rowe]
+
+ *) Improves the user friendliness of the CacheRoot processing
+ over my last pass. This version avoids the pool allocations
+ but doesn't avoid all of the runtime checks. It no longer
+ terminates during post-config processing. An error is logged
+ once per worker, indicating that the CacheRoot needs to be set.
+ [Paul J. Reder]
+
+ *) Fix a bug where we keep files open until the end of a
+ keepalive connection, which can result in:
+ (24)Too many open files: file permissions deny server access
+ especially on threaded servers. [Greg Ames, Jeff Trawick]
+
+ *) Fix a bug in which mod_proxy sent an invalid Content-Length
+ when a proxied URL was invoked as a server-side include within
+ a page generated in response to a form POST. [Brian Pane]
+
+ *) Added code to process min and max file size directives and to
+ init the expirychk flag in mod_disk_cache. Added a clarifying
+ comment to cache_util. [Paul J. Reder]
+
+ *) The value emitted by ServerSignature now mimics the Server HTTP
+ header as controlled by ServerTokens. [Francis Daly <deva daoine.org>]
+
+ *) Gracefully handly retry situations in the SSL input filter,
+ by following the SSL libraries' retry semantics.
+ [William Rowe]
+
+ *) Terminate CGI scripts when the client connection drops. This
+ fix only applies to some normal paths in mod_cgi. mod_cgid
+ is still busted. PR 8388 [Jeff Trawick]
+
+ *) Fix a bug where 416 "Range not satisfiable" was being
+ returned for content that should have been redirected.
+ [Greg Ames]
+
+ *) Fix memory leak in mod_ssl from internal SSL library allocations
+ within SSL_get_peer_certificate and X509_get_pubkey.
+ [Zvi Har'El <rl math.technion.ac.il>
+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
+
+ *) mod_ssl uses free() inappropriately in several places, to free
+ memory which has been previously allocated inside OpenSSL.
+ Such memory should be freed with OPENSSL_free(), not with free().
+ [Nadav Har'El <nyh math.technion.ac.il>,
+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
+
+ *) Emit a message to the error log when we return 404 because
+ the URI contained '%2f'. (This was previously nastily silent
+ and difficult to debug.) [Ken Coar]
+
+ *) Fix streaming output from an nph- CGI script. CGI:IRC now
+ works. PR 8482 [Jeff Trawick]
+
+ *) More accurate logging of bytes sent in mod_logio when
+ the client terminates the connection before the response
+ is completely sent [Bojan Smojver <bojan rexursive.com>]
+
+ *) Fix some problems in the perchild MPM.
+ [Jonas Eriksson <jonas webkonsulterna.com>]
+
+ *) Change the CacheRoot processing to check for a required
+ value at config time. This saves a lot of wasted processing
+ if the mod_disk_cache module is loaded but no CacheRoot
+ was provided. This fix also adds code to log an error
+ and avoid useless pallocs and procesing when the computed
+ cache file name cannot be opened. This also updates the
+ docs accordingly. [Paul J. Reder]
+
+ *) Introduce the EnableSendfile directive, allowing users of NFS
+ shares to disable sendfile mechanics when they either fail
+ outright or provide intermitantly corrupted data. PR
+ [William Rowe]
+
+ *) Resolve the error "An operation was attempted on something
+ that is not a socket. : winnt_accept: AcceptEx failed.
+ Attempting to recover." for users of various firewall and
+ anti-virus software on Windows. PR 8325 [William Rowe]
+
+ *) Add the ProxyBadHeader directive, which gives the admin some
+ control on how mod_proxy should handle bogus HTTP headers from
+ proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
+ desired. [Jim Jagielski]
+
+ *) Change the LDAP modules to export their symbols correctly
+ during a Windows build. Add dsp files for Windows. Update
+ README.ldap file for Windows build instructions.
+ [Andre Schild <A.Schild aarboard.ch>]
+
+ *) Performance improvements for the code that generates HTTP
+ response headers [Brian Pane]
+
+ *) Add -S as a synonym for -t -DDUMP_VHOSTS.
+ [Thom May <thom planetarytramp.net>]
+
+ *) Fix a bug with dbm rewrite maps which caused the wrong value to
+ be used when the key was not found in the dbm. PR 13204
+ [Jeff Trawick]
+
+ *) Fix a problem with streaming script output and mod_cgid.
+ [Jeff Trawick]
+
+ *) Add ap_register_provider/ap_lookup_provider API.
+ [John K. Sterling <john sterls.com>, Justin Erenkrantz]
+
+Changes with Apache 2.0.43
+
+ *) SECURITY: CVE-2002-0840 (cve.mitre.org)
+ HTML-escape the address produced by ap_server_signature() against
+ this cross-site scripting vulnerability exposed by the directive
+ 'UseCanonicalName Off'. Also HTML-escape the SERVER_NAME
+ environment variable for CGI and SSI requests. It's safe to
+ escape as only the '<', '>', and '&' characters are affected,
+ which won't appear in a valid hostname. Reported by Matthew
+ Murphy <mattmurphy kc.rr.com>. [Brian Pane]
+
+ *) Fix a core dump in mod_cache when it attemtped to store uncopyable
+ buckets. This happened, for instance, when a file to be cached
+ contained SSI tags to execute a CGI script (passed as a pipe
+ bucket). [Paul J. Reder]
+
+ *) Ensure that output already available is flushed to the network
+ when the content-length filter realizes that no new output will
+ be available for a while. This helps some streaming CGIs as
+ well as some other dynamically-generated content. [Jeff Trawick]
+
+ *) Fix a mutex problem in mod_ssl session cache support which
+ could lead to an infinite loop. PR 12705
+ [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
+
+ *) SECURITY: CVE-2002-1156 (cve.mitre.org)
+ Fix the exposure of CGI source when a POST request is sent to
+ a location where both DAV and CGI are enabled. [Ryan Bloom]
+
+ *) Allow the UserDir directive to accept a list of directories.
+ This matches what Apache 1.3 does. Also add documentation for
+ this feature. [Jay Ball <jay veggiespam.com>]
+
+ *) New Module: mod_logio. adds the ability to log bytes sent and
+ received. [Bojan Smojver <bojan rexursive.com>]
+
+ *) SuExec needs to use the same default directory as the rest of
+ server, namely /usr/local/apache2.
+ [SangBeom han <sbhan os.korea.ac.kr>]
+
+ *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
+ [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
+
+ *) Make sure the contents of the WWW-Authenticate header is
+ passed on a 4xx error by proxy. Previously all headers
+ were dropped, resulting in the browser being unable to
+ authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
+ Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
+ <gwiseman fscinternet.com>, David Henderson
+ <dhenderson fscinternet.com>]
+
+ *) Make mod_cache's CacheMaxStreamingBuffer directive work
+ properly for virtual hosts that override server-wide mod_cache
+ setttings. [Matthieu Estrade <estrade-m ifrance.com>]
+
+ *) Add -p option to apxs to allow programs to be compiled with apxs.
+ [Justin Erenkrantz]
+
+Changes with Apache 2.0.42
+
+ *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
+ mod_dav: Check for versioning hooks before using them.
+ [Greg Stein]
+
+Changes with Apache 2.0.41
+
+ *) The protocol version (eg: HTTP/1.1) in the request line parsing
+ is now case insensitive. [Jim Jagielski]
+
+ *) Allow AddOutputFilterByType to add multiple filters per directive.
+ [Justin Erenkrantz]
+
+ *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz]
+
+ *) Fixed mod_disk_cache's generation of 304s
+ [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
+
+ *) Add support for using fnmatch patterns in the final path
+ segment of an Include statement (eg.. include /foo/bar/*.conf).
+ and remove the noise on stderr during config dir processing.
+ [Joe Orton <jorton redhat.com>]
+
+ *) mod_cache: cache_storage.c. Add the hostname and any request
+ args to the key generated for caching. This provides a unique
+ key for each virtual host and for each request with unique
+ args. [Paul J. Reder, args code provided by Kris Verbeeck]
+
+ *) mod_cache: Do not cache responses to GET requests with query
+ URLs if the origin server does not explicitly provide an
+ Expires header on the response (RFC 2616 Section 13.9)
+ [Kris Verbeeck <krisv be.ubizen.com>]
+
+ *) Fix memory leak in core_output_filter. [Justin Erenkrantz]
+
+ *) Update OpenSSL detection to work on Darwin.
+ [Sander Temme <sctemme covalent.net>]
+
+ *) Update the xslt and css to give the documentation a more
+ modern style.
+ [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
+
+ *) Fix some bucket memory leaks in the chunking code
+ [Joe Schaefer <joe+apache sunstarsys.com>]
+
+ *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz]
+
+ *) mod_cache: added support for caching streamed responses (proxy,
+ CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
+
+ *) Add image/x-icon to httpd.conf PR 10993.
+ [Ian Holsman, Peter Bieringer <pb bieringer.de>]
+
+ *) Fix FileETags none operation. PR 12207.
+ [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
+
+ *) Restored the experimental leader/followers MPM to working
+ condition and converted its thread synchronization from
+ mutexes to atomic CAS. [Brian Pane]
+
+ *) Fix Logic on non-html file removal in mod_deflate
+ [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
+
+ *) Fix "ab -g"'s truncated year: the last digit was cut off.
+ [Leon Brocard <acme astray.com>]
+
+ *) mod_rewrite can now sets cookies in err_headers, uses the correct
+ expiry date, and can now set the path as well
+ PR 12132,12181,12172.
+ [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
+
+ *) The content-length filter no longer tries to buffer up
+ the entire output of a long-running request before sending
+ anything to the client. [Brian Pane]
+
+ *) Win32: Lower the default stack size from 1MB to 256K. This will
+ allow around 8000 threads to be started per child process.
+ 'EDITBIN /STACK:size apache.exe' can be used to change this
+ value directly in the apache.exe executable.
+ [Bill Stoddard]
+
+ *) Win32: Implement ThreadLimit directive in the Windows MPM.
+ [Bill Stoddard]
+
+ *) Remove CacheOn config directive since it is set but never checked.
+ No sense wasting cycles on unused code. Besides, the only truly
+ bug free code is deleted code. :) [Paul J. Reder]
+
+ *) BufferLogs are now run-time enabled, and the log_config now has 2 new
+ callbacks to allow a 3rd party module to actually do the writing of the
+ log file [Ian Holsman]
+
+ *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
+ [André Malo, Astrid Keßler <kess kess-net.de>]
+
+ *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
+
+ *) Fix a null pointer dereference in the merge_env_dir_configs
+ function of the mod_env module. PR 11791
+ [Paul J. Reder]
+
+ *) New option to ServerTokens 'maj[or]'. Only show the major version
+ Also Surfaced this directive in the standard config (default FULL)
+ [Ian Holsman]
+
+ *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
+ maps. The dbm type (e.g., ndbm, gdbm) can be specified on the
+ RewriteMap directive. PR 10644 [Jeff Trawick]
+
+ *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
+ pairs will no longer get out of sync with each other. PR 9534
+ [Cliff Woolley]
+
+ *) Fixes required to get quoted and escaped command args working in
+ mod_ext_filter. PR 11793 [Paul J. Reder]
+
+ *) mod-proxy: handle proxied responses with no status lines
+ [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
+
+ *) Fix bug where environment or command line arguments containing
+ non-ASCII-7 characters would cause the Win32 child process creation
+ to fail. PR 11854 [William Rowe]
+
+ *) Bug #11213.. make module loading error messages more informative
+ [Ian Darwin <Ian779 darwinsys.com>]
+
+ *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
+
+ *) mod_disk_cache works much better. This module should still
+ be considered experimental. [Eric Prud'hommeaux]
+
+ *) Performance improvement for keepalive requests: when setting
+ aside a small file for potential concatenation with the next
+ response on the connection, set aside the file descriptor rather
+ than copying the file into the heap. [Brian Pane]
+
+ *) Modified version check on openssl so that it finds the executable
+ first and then performs a check of the version, only warning the
+ user if they chose, or we selected, an old version of OpenSSL.
+ This change also allows the code to work for non-openssl libraries
+ selected via the --with-ssl=dir option, which can override the
+ automated library check in any case. [Roy Fielding]
+
+Changes with Apache 2.0.40
+
+ *) SECURITY: CVE-2002-0661 (cve.mitre.org)
+ Close a very significant security hole that
+ applies only to the Win32, OS2 and Netware platforms. Unix was not
+ affected, Cygwin may be affected. Certain URIs will bypass security
+ and allow users to invoke or access any file depending on the system
+ configuration. Without upgrading, a single .conf change will close
+ the vulnerability. Add the following directive in the global server
+ httpd.conf context before any other Alias or Redirect directives;
+ RedirectMatch 400 "\\\.\."
+ Reported by Auriemma Luigi <bugtest sitoverde.com>.
+ [Brad Nicholes]
+
+ *) SECURITY: CVE-2002-0654 (cve.mitre.org)
+ Close a path-revealing exposure in multiview type
+ map negotiation (such as the default error documents) where the
+ module would report the full path of the typemapped .var file when
+ multiple documents or no documents could be served based on the mime
+ negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>.
+ [William Rowe]
+
+ *) SECURITY: CVE-2002-0654 (cve.mitre.org)
+ Close a path-revealing exposure in cgi/cgid when we
+ fail to invoke a script. The modules would report "couldn't create
+ child process /path-to-script/script.pl" revealing the full path
+ of the script. Reported by Jim Race <jrace qualys.com>.
+ [Bill Stoddard]
+
+ *) Set aside the apr-iconv and apr_xlate() features for the Win32
+ build of 2.0.40 so development can be completed. A patch, from
+ <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
+ will be available for those that wish to work with apr-iconv.
+ [William Rowe]
+
+ *) Fix proxy so that it is possible to access ftp: URLs via a proxy
+ chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
+
+ *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
+ set to 1, so we can exclude things from the general case with
+ browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
+
+ *) Accept multiple leading /'s for requests within the DocumentRoot.
+ PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>]
+
+ *) Solved the reports of .pdf byterange failures on Win32 alone.
+ APR's sendfile for the win32 platform collapses header and trailer
+ buffers into a single buffer. However, we destroyed the pointers
+ to the header buffer if a trailer buffer was present. PR 10781
+ [William Rowe]
+
+ *) mod_ext_filter: Add the ability to enable or disable a filter via
+ an environment variable. Add the ability to register a filter of
+ type other than AP_FTYPE_RESOURCE. [Jeff Trawick]
+
+ *) Restore the ability to specify host names on Listen directives.
+ PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
+
+ *) When deciding on the default address family for listening sockets,
+ make sure we can actually bind to an AF_INET6 socket before
+ deciding that we should default to AF_INET6. This fixes a startup
+ problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick]
+
+ *) Replace usage of atol() to parse strings when we might want a
+ larger-than-long value with apr_atoll(), which returns long long.
+ This allows HTTPD to deal with larger files correctly.
+ [Shantonu Sen <ssen apple.com>]
+
+ *) mod_ext_filter: Ignore any content-type parameters when checking if
+ the response should be filtered. Previously, "intype=text/html"
+ wouldn't match something like "text/html;charset=8859_1".
+ [Jeff Trawick]
+
+ *) mod_ext_filter: Set up environment variables for external programs.
+ [Craig Sebenik <craig netapp.com>]
+
+ *) Modified the HTTP_IN filter to immediately append the EOS (end of
+ stream) bucket for C-L POST bodies, saving a roundtrip and allowing
+ the caller to determine that no content remains without prefetching
+ additional POST body. [William Rowe]
+
+ *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>]
+
+ *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>]
+
+ *) Update SuSE layout. [Peter Poeml <poeml suse.de>]
+
+ *) Changes to the internationalized error documents:
+ Comment them out in the default config file to make the default
+ install as simple as possible; Correct the english 500 error to
+ be more understandable; Add a Swedish translation.
+ [Thomas Sjogren <thomas northernsecurity.net>,
+ Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
+
+ *) Increase the limit on file descriptors per process in apachectl.
+ [Brian Pane]
+
+ *) Fix a dependency error when building ApacheMonitor, so that Win32
+ and MSVC now trust that the project is current (when it is).
+ [James Cox <imajes php.net>]
+
+ *) mod_ext_filter: don't segfault if content-type is not set. PR 10617.
+ [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
+
+ *) APR-Util Renames pending have been completed [Thom May]
+
+ *) Performance improvements for the code that reads request
+ headers (ap_rgetline_core() and related functions) [Brian Pane]
+
+ *) Add a new directive: MaxMemFree. MaxMemFree makes it possible
+ to configure the maximum amount of memory the allocators will
+ hold on to for reuse. Anything over the MaxMemFree threshold
+ will be free()d. This directive is useful when uncommon large
+ peaks occur in memory usage. It should _not_ be used to mask
+ defective modules' memory use. [Sander Striker]
+
+ *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
+ scripts would not result in a truncated response.
+ [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
+
+ *) Add a filter_init parameter to the filter registration functions
+ so that a filter can execute arbitrary code before the handlers
+ are invoked. This resolves a problem where mod_include requests
+ would incorrectly return a 304. [Justin Erenkrantz]
+
+ *) Fix a long-standing bug in 2.0, CGI scripts were being called
+ with relative paths instead of absolute paths. Apache 1.3 used
+ absolute paths for everything except for SuExec, this brings back
+ that standard. [Ryan Bloom]
+
+ *) Fix infinite loop due to two HTTP_IN filters being present for
+ internally redirected requests. PR 10146. [Justin Erenkrantz]
+
+ *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
+ [Justin Erenkrantz]
+
+ *) Fix mod_ext_filter to look in the main server for filter definitions
+ when running in a vhost if the filter definition is not found in
+ the vhost. PR 10147 [Jeff Trawick]
+
+ *) Support WinNT CGI invocation through ScriptInterpreterSource
+ 'registry' for script interpreter paths and names with non-ascii
+ characters in the executable filepath. [William Rowe]
+
+ *) Support the -w flag on to keep the Win32 console open on error.
+ [William Rowe]
+
+ *) Normalize the hostname value in the request_rec to all-lowercase
+ [Perry Harrington <pedward webcom.com>]
+
+ *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
+ extended characters (non US-ASCII) in non-utf8 format. This brings
+ Win32 back into CGI/1.1 compliance, and leaves charset decoding up
+ to the cgi application itself. [William Rowe]
+
+ *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
+ modules to bring them up to the current apr/apr-util APIs.
+ [William Rowe]
+
+ *) Fix segfault in mod_mem_cache most frequently observed when
+ serving the same file to multiple clients on an MP machine.
+ [Bill Stoddard]
+
+ *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain])
+ [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
+
+ *) Fix perchild to work with apachectl by adding -k support to perchild.
+ PR 10074 [Jeff Trawick]
+
+ *) Fix a silly htpasswd.c logic error that incorrectly reported that
+ both -c and -n had been used. PR 9989 [Cliff Woolley]
+
+ *) Fixed a mod_include error case in which no HTTP response was sent
+ to the client if an shtml document contained an unterminated SSI
+ directive [Brian Pane]
+
+ *) Improve ap_get_client_block implementation by using APR-util brigade
+ helper functions and relying on current filter assumptions.
+ [Justin Erenkrantz]
+
+Changes with Apache 2.0.39
+
+ *) Fixed a build problem in htpasswd.c on Win32.
+ [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
+
+Changes with Apache 2.0.38
+
+ *) Rewrite htpasswd to use APR. The removes the annoying warning about
+ tmpnam being unsafe. [Ryan Bloom]
+
+ *) We must set the MIME-type for .shtml files to text/html if we want them
+ to be parsed for SSI tags. Add the config for that to the default
+ config file so that it is easier to enable .shtml parsing.
+ [Dave Dyer <ddyer real-me.net>]
+
+ *) Fixed a problem with 'make install' on ReliantUnix.
+ [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
+
+ *) Make the default_handler catch all requests that aren't served by
+ another handler. This also gets us to return a 404 if a directory
+ is requested, there is no DirectoryIndex, and mod_autoindex isn't
+ loaded. [Justin Erenkrantz]
+
+ *) Fixed the handling of nested if-statements in shtml files.
+ PR 9866 [Brian Pane]
+
+ *) Allow 'make install DESTDIR=/path'. This allows packagers to install
+ into a directory different from the one that was configured. This
+ also mirrors the root= feature from 1.3. We cannot use prefix=,
+ because both APR and APR-util resolve their installation paths at
+ configuration time. This means that there is no variable prefix
+ to replace. [Andreas Hasenack <andreas netbank.com.br>]
+
+ *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
+ These levels of AIX don't have a thundering herd problem with
+ accept(). [Jeff Trawick]
+
+ *) prefork MPM: Ignore mutex errors during graceful restart. For
+ certain types of mutexes (particularly SysV semaphores), we
+ should expect to occasionally fail to obtain or release the
+ mutex during restart processing. [Jeff Trawick]
+
+ *) Fix install-bindist.sh so that it finds any perl instead of just
+ early perl 5.x versions. This is consistent with a build/install
+ from source, and it allows the perl scripts installed by a bindist
+ to work on systems with perl 5.6. [Jeff Trawick]
+
+ *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
+ Tru64 (and probably some other platforms). [Jeff Trawick]
+
+ *) Allow CGI scripts to return their Content-Length. This also fixes a
+ hang on HEAD requests seen on certain platforms (such as FreeBSD).
+ [Justin Erenkrantz]
+
+ *) Added log rotation based on file size to the RotateLog support
+ utility. [Brad Nicholes]
+
+ *) Fix some casting in mod_rewrite which broke random maps.
+ PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
+
+Changes with Apache 2.0.37
+
+ *) allow POST method over SSL when per-directory client cert
+ authentication is used with 'SSLOptions +OptRenegotiate' enabled
+ and a client cert was found in the ssl session cache.
+
+ *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
+ session cache when there is no cert chain in the cache. prior to
+ the fix this situation would result in a FORBIDDEN response and
+ error message "Cannot find peer certificate chain"
+ [Doug MacEachern]
+
+ *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
+ one was already sent. PR 9644 [Jeff Trawick]
+
+ *) Fix the display of the default name for the mime types config
+ file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>]
+
+ *) Fix the working directory *for WinNT/2K/XP services only* to
+ change to the Apache directory (one level above the location
+ of Apache.exe, in the case that Apache.exe resides in bin/.)
+ Solves the case of ServerRoot /foo paths where /foo was not
+ on the same drive as /winnt/system32. [William Rowe]
+
+ *) Make 2.0's "AcceptMutex" startup message now "completely"
+ match how 1.3 does it. [Jim Jagielski]
+
+ *) Implement a fixed size memory cache using a priority queue
+ [Ian Holsman]
+
+ *) Fix apxs to allow "apxs -q installbuilddir" and to allow
+ querying certain other variables from config_vars.mk. PR 9316
+ [Jeff Trawick]
+
+ *) Added the "detached" attribute to the cgi_exec_info_t internals
+ so that Win32 and Netware won't create a new window or console
+ for each CGI invoked. PR 8387
+ [Brad Nicholes, William Rowe]
+
+ *) Consolidated the command line parameters and attributes that are
+ manipulated by the optional function ap_cgi_build_command() in
+ mod_cgi into a single structure.
+ [Brad Nicholes]
+
+ *) Get rid of uninitialized value errors with "apxs -q" on certain
+ variables. [Stas Bekman <stas stason.org>]
+
+ *) Fix apxs to allow it to work when the build directory is somewhere
+ besides server-root/build. PR 8453
+ [Jeff Trawick and a host of others]
+
+ *) Allow ap_discard_request_body to be called multiple times in the
+ same request. Essentially, ap_http_filter keeps track of whether
+ it has sent an EOS bucket up the stack, if so, it will only ever
+ send an EOS bucket for this request.
+ [Ryan Bloom, Justin Erenkrantz, Greg Stein]
+
+ *) Remove all special mod_ssl URIs. This also fixes the bug where
+ redirecting (.*) will allow an SSL protected page to be viewed
+ without SSL. [Ryan Bloom]
+
+ *) Fix the binary build install script so that the build logic
+ created by "apxs -g" will work when the user has a binary
+ build. [Jeff Trawick]
+
+ *) Allow instdso.sh to work with full paths to the shared module.
+ [Justin Erenkrantz]
+
+ *) NetWare: Enabled CGI functionality and added mod_cgi as a built
+ in module for NetWare [Brad Nicholes]
+
+ *) Changed cgi and piped log behavior to accept 65536 characters
+ on Win32 (matching Linux) before deadlocking between outputing
+ client stdin, slurping the output from stdout and then the stderr
+ stream. PR 8179 [William Rowe]
+
+ *) Fixed Win32 wintty.exe support to assure the window title is valid.
+ Elimiates possible gpfault or garbage title without the -t option.
+ [William Rowe]
+
+ *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
+ brigades and input filters. [Justin Erenkrantz]
+
+ *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
+ body. [Justin Erenkrantz]
+
+ *) NetWare: Piping log entries through RotateLogs using the
+ CustomLogs directive is finally supported now that we have
+ the pipes and spawning functionality working.
+ [Brad Nicholes]
+
+ *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
+ Detect overflow when reading the hex bytes forming a chunk line.
+ [Aaron Bannert]
+
+ *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464.
+ [James Tait <JTait wyrddreams.demon.co.uk>]
+
+ *) Correctly return 413 when an invalid chunk size is given on
+ input. Also modify ap_discard_request_body to not do anything
+ on sub-requests or when the connection will be dropped.
+ [Justin Erenkrantz]
+
+ *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469.
+ [Cliff Woolley]
+
+ *) Ensure that apr_brigade_write() flushes in all of the cases that
+ it should to avoid conditions in some modules that could cause
+ large amounts of data to be buffered. [Cliff Woolley]
+
+ *) Fix problem where mod_cache/mod_disk_cache was incorrectly
+ stripping the content_type from cached responses.
+ [Bill Stoddard]
+
+ *) apachectl passes through any httpd options. Note: apachectl
+ should be used in preference to httpd since it ensures that any
+ appropriate environment variables have been set up.
+ [Jeff Trawick]
+
+ *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
+ PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
+
+ *) Fix suexec execution of CGI scripts from mod_include.
+ PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
+
+ *) Fix segfaults at startup on some platforms when mod_auth_digest,
+ mod_suexec, or mod_ssl were used as DSO's due to the way they
+ were tracking the current init phase since DSO's get completely
+ unloaded and reloaded between phases. PR 9413.
+ [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
+
+ *) Fix mod_include's handling of regular expressions in
+ "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
+
+ *) Fix the worker MPM deadlock problem [Brian Pane]
+
+ *) Modify the module documentation to allow for translations.
+ [Yoshiki Hayashi, Joshua Slive]
+
+ *) Fix a file permissions problem which prevented mod_disk_cache
+ from working on Unix. [Jeff Trawick]
+
+ *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
+ MPMs. These have semantics very similar to the old apachectl
+ commands of the same name. [Justin Erenkrantz, Jeff Trawick]
+
+ *) Make sure that the runtime dir is created by make install.
+ PR 9233. [Jeff Trawick]
+
+ *) Fix an unusual set of ./configure arguments that could cause
+ mod_http to be built as a DSO, which it currently doesn't
+ support. PR 9244.
+ [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
+
+ *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
+ of the %X, %b and %B logformat options. PR 8253, 8996.
+ [Bill Stoddard]
+
+ *) If content-encoding is already present, do not run deflate (PR 9222)
+ [Kazuhisa ASADA <kaz asada.sytes.net>]
+
+ *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
+ It is currently ignored and it will be removed in a future release
+ of Apache. [Jeff Trawick]
+
+ *) Removed documentation references to the no-longer-supported
+ "make certificate" feature of mod_ssl for Apache 1.3.x. Test
+ certificates, if truly desired, can be generated using openssl
+ commands. PR 8724. [Cliff Woolley]
+
+ *) Remove SSLLog and SSLLogLevel directives in favor of having
+ mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
+
+ *) OS/390: LIBPATH no longer has to be manually uncommented in
+ envvars to get apachectl to set up httpd properly. [Jeff Trawick]
+
+ *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
+ may now be specified to the <File/Directory > container, rather
+ than by vhost. [William Rowe]
+
+ *) mod_isapi: Experimental support for faux async support for ISAPI
+ modules. [William Rowe]
+
+ *) mod_isapi: Major refactoring of the code to rely on apr internals
+ rather than MS APIs (using our own mod_isapi.h headers for ISAPI
+ symbol definitions.) [William Rowe]
+
+ *) mod_isapi: Fixed the return string length from GetServerVariable
+ callback, it was not including the trailing null in the consumed
+ buffer size. This was particularly bad for Delphi 6.0 users.
+ PR 8934 [Sebastian Hantsch <sebastian.hantsch gmx.de>]
+
+ *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
+ [William Rowe]
+
+ *) Make apxs look in the correct directory for envvars. It was
+ broken when sbindir != bindir. PR 8869
+ [Andreas Sundström <sunkan zappa.cx>]
+
+ *) Fix mod_deflate corruption when using multiple buckets. PR 9014.
+ [Asada Kazuhisa <kaz asada.sytes.net>]
+
+ *) Performance enhancements for access logger when using
+ default timestamp formatting [Brian Pane]
+
+ *) Added EnableMMAP config directive to enable the server
+ administrator to disable memory-mapping of delivered files
+ on a per-directory basis. [Brian Pane]
+
+ *) Performance enhancements for mod_setenvif [Brian Pane]
+
+ *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick]
+
+ *) Fixed If-Modified-Since on Win32, which would give false positives
+ because of the sub-second resolution of file timestamps on that
+ platform. [Cliff Woolley]
+
+ *) Reverse the hook ordering for mod_userdir and mod_alias so
+ that Alias/ScriptAlias will override Userdir. PR 8841
+ [Joshua Slive]
+
+ *) Move mod_deflate out of experimental and into filters.
+ [Justin Erenkrantz]
+
+ *) Get proxy CONNECT basically working. [Jeff Trawick]
+
+ *) Fix mod_rewrite hang when APR uses SysV Semaphores and
+ RewriteLogLevel is set to anything other than 0. PR: 8143
+ [Aaron Bannert, Cliff Woolley]
+
+ *) Fix byterange requests from returning 416 when using dynamic data
+ (such as filters like mod_include). [Justin Erenkrantz]
+
+ *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
+ to be extended by third-party modules via an optional function.
+ [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
+
+ *) Fix mod_include expression parser's handling of unquoted strings
+ followed immediately by a closing paren. PR 8462. [Brian Pane]
+
+ *) Remove autom4te.cache in 'make distclean'.
+ [Thom May <thom planetarytramp.net>]
+
+ *) Fix generated httpd.conf to respect layout for LoadModule lines.
+ PR 8170. [Thom May <thom planetarytramp.net>]
+
+ *) Win32: During a graceful restart, threads in the new process
+ were accessing scoreboard slots still in use by active threads in
+ the old process. [Bill Stoddard]
+
+Changes with Apache 2.0.36
+
+ *) Fix some minor formatting issues with ab. Part of this is
+ in reference to PR 8544, the rest I noticed while testing
+ the PR fix. [Paul J. Reder]
+
+ *) Fix a case where an invalid pass phrase is entered and an
+ error message is given, but the prompt is not shown again.
+ This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
+
+ *) Close sockets on worker MPM when doing a graceless restart.
+ [Aaron Bannert]
+
+ *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
+ as the session id context rather that a MD5 hash of that vhost ID,
+ because it caused very long vhost id's to be unusable with mod_ssl.
+ PR 8572. [Cliff Woolley]
+
+ *) Fix the link to the description of the CoredumpDirectory
+ directive in the server-wide document. PR 8643. [Jeff Trawick]
+
+ *) Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley]
+
+ *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
+ - Avoid SIGBUS on sparc machines with SHMCB session caches
+ - Allow whitespace between the pipe and the name of the
+ program in SSLLog "| /path/to/program". [Cliff Woolley]
+
+ *) Introduce mod_ext_filter and mod_deflate experimental modules
+ to the Win32 build (zlib sources must be in srclib\zlib.)
+ [William Rowe]
+
+ *) Changes to the worker MPM's queue management and thread
+ synchronization code to reduce mutex contention [Brian Pane]
+
+ *) Don't install *.in configuration files since we already install
+ *-std.conf files. [Aaron Bannert]
+
+ *) Many improvements to the threadpool MPM. [Aaron Bannert]
+
+ *) Fix subreqs that are promoted via fast_redirect from having invalid
+ frec->r structures. This would cause subtle errors later on in
+ request processing such as seen in PR 7966. [Justin Erenkrantz]
+
+ *) More efficient pool recycling logic for the worker MPM [Brian Pane]
+
+ *) Modify the worker MPM to not accept() new connections until
+ there is an available worker thread. This prevents queued
+ connections from starving for processing time while long-running
+ connections were hogging all the available threads. [Aaron Bannert]
+
+ *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
+ [Aaron Bannert]
+
+ *) Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick]
+
+ *) Allow mod_unique_id to work on systems with no IPv4 address
+ corresponding to their host name. [Jeff Trawick]
+
+ *) Fix suexec behavior with user directories. PR 7810.
+ [Colm <colmmacc redbrick.dcu.ie>]
+
+ *) Reject a blank UserDir directive since it is ambiguous. PR 8472.
+ [Justin Erenkrantz]
+
+ *) Make mod_mime use case-insensitive matching when examining
+ extensions on all platforms. PR 8223. [Justin Erenkrantz]
+
+ *) Add an intelligent error message should no proxy submodules be
+ valid to handle a request. PR 8407 [Graham Leggett]
+
+ *) Major improvements in concurrent processing for AB by enabling
+ non-blocking connect()s and preventing APR from doing blocking
+ read()s. Also implement fatal error checking for apr_recv().
+ [Aaron Bannert]
+
+ *) Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe]
+
+ *) Fix Win32 'short name' aliases in httpd.conf directives.
+ PR 8009 [William Rowe]
+
+ *) Fix generation of default httpd.conf when the layout paths are
+ disjoint. PR 7979, 8227. [Justin Erenkrantz]
+
+ *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
+ that downgraded responses can have force-response. PR 8357.
+ [Justin Erenkrantz]
+
+ *) Fix perchild MPM so that it can be configured with the move to the
+ experimental directory. [Scott Lamb <slamb slamb.org>]
+
+ *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
+ ap_uname2id. [Scott Lamb <slamb slamb.org>]
+
+ *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
+
+ *) SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803]
+ Added the APLOG_TOCLIENT flag to ap_log_rerror() to
+ explicitly tell the server that warning messages should be sent
+ to the client in addition to being recorded in the error log.
+ Prior to this change, ap_log_rerror() always sent warning
+ messages to the client. In one case, a faulty CGI script caused
+ the server to send a warning message to the client that contained
+ the full path to the CGI script. This could be considered a
+ minor security exposure. [Bill Stoddard]
+
+ *) mod_autoindex output when SuppressRules was specified would
+ omit the first carriage return so the first item in the list
+ would appear to the right of the column headings instead of
+ underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>]
+
+ *) Moved the call to apr_mmap_dup outside the error branch so
+ that it would actually get called. This fixes a core dump
+ at init everytime you use the MMapFile directive. PR 8314
+ [Paul J. Reder]
+
+ *) Trigger an error when a LoadModule directive attempts to
+ load a module which is built-in. This is a common error when
+ switching from a DSO build to a static build. [Jeff Trawick]
+
+ *) Change instdso.sh to use libtool --install everywhere and then
+ clean up some stray files and symlinks that libtool leaves around
+ on some platforms. This gets subversion building properly since
+ it needed a re-link to be performed by libtool at install time,
+ and the old instdso.sh logic to simply cp the DSO didn't handle
+ that requirement. [Sander Striker]
+
+ *) Allow VPATH builds to succeed when configured from an empty
+ directory. [Thom May <thom planetarytramp.net>]
+
+ *) Fix 'control reaches end of non-void function' warning in
+ server/log.c. [Ben Collins-Sussman <sussman collab.net>]
+
+ *) Perchild MPM is now correctly deemed as experimental and is now
+ located in server/mpm/experimental. [Justin Erenkrantz]
+
+ *) Fix segfault in mod_mem_cache when garabge collecting an expired
+ cache entry. [Bill Stoddard]
+
+ *) Introduced -E startup_logfile_name option to httpd to allow admins
+ to begin logging errors immediately. This provides Win32 users
+ an alternative to sending startup errors to the event viewer, and
+ allows other daemon tool authors an alternative to logging to stderr.
+ [William Rowe]
+
+ *) Fix subreqs with non-defined Content-Types being served improperly.
+ [Justin Erenkrantz]
+
+ *) Merge in latest GNU config.guess and config.sub files. PR 7818.
+ [Justin Erenkrantz]
+
+ *) Move 100 - Continue support to the HTTP_IN filter so that filters
+ are guaranteed to support 100 - Continue logic without any
+ intervention. [Justin Erenkrantz]
+
+ *) Add HTTP chunked input trailer support. [Justin Erenkrantz]
+
+ *) Rename and export get_mime_headers as ap_get_mime_headers.
+ [Justin Erenkrantz]
+
+ *) Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz]
+
+ *) Properly substitute sbindir as httpd's location in apachectl. PR 7840.
+ [Andreas Hasenack <andreas netbank.com.br>]
+
+ *) Allow Win32 shebang scripts to follow the path (or omit the .exe
+ suffix from the shebang command), and allow ScriptInterpreterSource
+ Registry or RegistryStrict to override shebang lines, as 1.3 did.
+ PR 8004 [William Rowe]
+
+ *) worker MPM: Fix a situation where a child exited without releasing
+ the accept mutex. Depending on the OS and mutex mechanism this
+ could result in a hang. [Jeff Trawick]
+
+ *) Update the instructions for how to get started with mod_example.
+ [Stas Bekman]
+
+ *) Fix PidFile to default to rel_runtimedir instead of
+ rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>]
+
+ *) Win32: Fix problem that caused rapid performance degradation
+ when number of connecting clients exceeded ThreadsPerChild.
+ [Bill Stoddard]
+
+ *) Fixed a segfault parsing large SSIs on non-mmap systems.
+ [Brian Havard]
+
+ *) Proxy was bombing out every second keepalive request, caused by a
+ stray CRLF before the second response's status line. Proxy now
+ tries to read one more line if it encounters a CRLF where it
+ expected a status. PR 10010 [Graham Leggett]
+
+ *) Deprecated the apr_lock.h API. Please see the following files
+ for the improved thread and process locking and signaling:
+ apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
+ apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert]
+
+ *) Change mod_status to use scoreboard accessor functions so it can
+ be used in any MPM without having to be recompiled.
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
+ handle declarations are recognized. This fixes problems loading
+ mod_autoindex on some platforms. [Brian Havard]
+
+ *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
+
+ *) Remind the admin about the User and Group directives when we are
+ unable to set permissions on a semaphore. PR 7812 [Jeff Trawick]
+
+ *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
+ [Doug MacEachern]
+
+ *) fix possible infinite loop in mod_ssl triggered by certain
+ netscape clients [Doug MacEachern]
+
+ *) fix ProxyPass when frontend is https and backend is http
+ [Doug MacEachern]
+
+ *) Add DASL support to mod_dav
+ [Sung Kim <hunkim cse.ucsc.edu>]
+
+Changes with Apache 2.0.35
+
+ *) mod_rewrite: updated to use the new APR global mutex type.
+ [Aaron Bannert]
+
+ *) Fixes for mod_include errors on boundary conditions in which
+ "<!--#" occurs at the very end of a bucket
+ [Paul Reder, Brian Pane]
+
+ *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to
+ cause the Apache parent process to run in the foreground (similar to
+ -DNO_DETACH except that it doesn't switch session ids).
+ [Jeff Trawick]
+
+ *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
+ for those platforms that support it. If using the default
+ implementation, this is between pthread and sysvsem in priority.
+ This implies it's the new default for Darwin. [Jim Jagielski]
+
+ *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
+ environment variables in the envvars file. [Jeff Trawick]
+
+ *) worker MPM: Don't create a listener thread until we have a worker
+ thread. Otherwise, in situations where we'll have to wait a while
+ to take over scoreboard slots from a previous generation, we'll be
+ accepting connections we can't process yet. [Jeff Trawick]
+
+ *) Allow worker MPM to build on systems without pthread_kill().
+ [Pier Fumagalli, Jeff Trawick]
+
+ *) Prevent ap_add_output_filters_by_type from being called in
+ ap_set_content_type if the content-type hasn't changed.
+ [Justin Erenkrantz]
+
+ *) Performance: implemented the bucket allocator made possible by the
+ API change in 2.0.34. [Cliff Woolley]
+
+ *) Don't allow initialization to succeed if we can't get a socket
+ corresponding to one of the Listen statements. [Jeff Trawick]
+
+Changes with Apache 2.0.34
+
+ *) Allow all Perchild directives to accept either numerical UID/GID
+ or logical user/group names. [Scott Lamb <slamb slamb.org>]
+
+ *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]
+
+ *) implement ssl proxy to support ProxyPass / https:// and the
+ SSLProxy* directives [Doug MacEachern]
+
+ *) Update mod_cgid to not do single-byte socket reads for CGI headers
+ [Brian Pane]
+
+ *) Made AB's use of the Host: header rfc2616 compliant
+ by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
+
+ *) The old, legacy (and unused) code in which the scoreboard was totally
+ and completely contained in a file (SCOREBOARD_FILE) has been
+ removed. This does not affect scoreboards which are *mapped* to
+ files using named-shared-memory. [Jim Jagielski]
+
+ *) Change bucket brigades API to allow a "bucket allocator" to be
+ passed in at certain points. This allows us to implement freelists
+ so that we can stop using malloc/free so frequently.
+ [Cliff Woolley, Brian Pane]
+
+ *) Add support for macro expansion within the variable names in
+ <!--#echo--> and <!--#set--> directives [Brian Pane]
+
+ *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]
+
+ *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
+ [Joe Orton]
+
+ *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
+ [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]
+
+ *) Add a new parameter to the quick_handler hook to instruct
+ quick handlers to optionally do a lookup rather than actually
+ serve content. This is the first of several changes required fix
+ several problems with how quick handlers work with subrequests.
+ [Bill Stoddard]
+
+ *) worker MPM: Get MaxRequestsPerChild to work again. [Jeff Trawick]
+
+ *) [APR-related] The ordering of the default accept mutex method has
+ been changed to better match what's done in Apache 1.3. The ordering
+ is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
+ [Jim Jagielski]
+
+ *) Ensure that the build/ directory is created when using VPATH.
+ [Justin Erenkrantz]
+
+ *) Add some popular types to the mime magic file. PR 7730.
+ [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
+
+ *) Remove the single-byte socket reads for CGI headers [Brian Pane]
+
+ *) When a proxied site was being served, Apache was replacing
+ the original site Server header with it's own, which is not
+ allowed by RFC2616. Fixed. [Graham Leggett]
+
+ *) Fix a mod_cgid problem that left daemon processes stranded
+ in some server restart scenarios. [Jeff Trawick]
+
+ *) Added exp_foo and rel_foo variables to config_vars.mk for
+ all Apache and Autoconf path variables (like --sysconfdir,
+ --sbindir, etc). exp_foo is the "expanded" version, which means
+ that all internal variable references have been interpolated.
+ rel_foo is the same as $exp_foo, only relative to $prefix if they
+ share a common path. [Aaron Bannert]
+
+ *) Fix some restart/terminate problems in the worker MPM. Don't
+ drop connections during graceful restart. [Jeff Trawick]
+
+ *) Change the header merging behaviour in proxy, as some headers
+ (like Set-Cookie) cannot be unmerged due to stray commas in
+ dates. [Graham Leggett]
+
+ *) Be more vocal about what AcceptMutex values we allow, to make
+ us closer to how 1.3 does it. [Jim Jagielski]
+
+ *) Get nph- CGI scripts working again. PRs 8902, 8907, 9983
+ [Jeff Trawick]
+
+ *) Upgraded PCRE library to latest version 3.9 [Brian Pane]
+
+ *) Add accessor function to set r->content_type. From now on,
+ ap_rset_content_type() should be used to set r->content_type.
+ This change is required to properly implement the
+ AddOutputFilterByType configuration directive.
+ [Bill Stoddard, Sander Striker, Ryan Bloom]
+
+ *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
+ RFC 3253. Improved the method name/number mapping functions.
+ [Greg Stein]
+
+ *) remove sock_enable_linger from connection.c [Ian Holsman]
+
+ *) Fix for virtual host processing where the requested hostname
+ has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
+
+ *) mod_dav's APIs for REPORT response handling was changed so that
+ providers can generate the content directly into the output filter
+ stack, rather than buffering the response into memory. [Greg Stein]
+
+ *) Fix a hang condition with graceful restart and prefork MPM
+ in the situation where MaxClients is very high but
+ much fewer servers are actually started at the time of the
+ restart. [Jeff Trawick]
+
+ *) Small performance fixes for mod_include [Brian Pane]
+
+ *) Performance improvement for the error logger [Brian Pane]
+
+ *) Change configure so that Solaris 8 and above have
+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
+ according to sun people solaris 8+ doesn't have a thundering
+ herd problem [Ian Holsman]
+
+ *) Allow URIs specifying CGI scripts to include '/' at the end
+ (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
+ which ignore '/' at the end of the names of non-directories).
+ PR 10138 [Jeff Trawick]
+
+ *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
+ apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
+
+ *) Fix apxs -g handling. Move config_vars.mk from the top build
+ directory to the build directory. PR 10163 [Jeff Trawick]
+
+ *) Fix some mod_include problems which broke evaluation of some
+ expressions. PR 10108 [Jeff Trawick]
+
+ *) Fix the calculation of request time in mod_status. [Stas Bekman]
+
+ *) Fix the calculation of thread_num in the worker score structure.
+ [Stas Bekman]
+
+ *) Use apr_atomic operations in managing the mod_mem_cache
+ cache_objects for SMP scalability. (see USE_ATOMICS
+ preprocessor directive in mod_file_cache)
+ [Bill Stoddard]
+
+ *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
+ preprocessor directive in mod_file_cache)
+ [Bill Stoddard]
+
+ *) Implement prototype mod_disk_cache for use with mod_cache.
+ [Bill Stoddard]
+
+ *) Add a missing manualdir entry in the Debian config.layout.
+ [Thom May <thom planetarytramp.net>]
+
+ *) Stop installing libtool for APR and tell APR where it should place
+ its copy of libtool (via our installbuildpath layout variable).
+ [Justin Erenkrantz]
+
+ *) New directive ProxyIOBufferSize. Sets the size of the buffer used
+ when reading from a remote HTTP server in proxy. [Graham Leggett]
+
+ *) Modify receive/send loop in proxy_http and proxy_ftp so that
+ should it be necessary, the remote server socket is closed before
+ transmitting the last buffer (set by ProxyIOBufferSize) to the
+ client. This prevents the backend server from being forced to hang
+ around while the last few bytes are transmitted to a slow client.
+ Fix the case where no error checking was performed on the final
+ brigade in the loop. [Graham Leggett]
+
+ *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
+ CacheMaxExpire and CacheDefaultExpire to use seconds rather than
+ hours. [Graham Leggett, Bill Stoddard]
+
+ *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
+ for a undefined variable. [Ian Holsman]
+
+ *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
+ when we can't get a socket in the specified address family. We may
+ have gotten back an IPv6 address first and yet our system is not
+ configured to allow IPv6 sockets. [Jeff Trawick]
+
+ *) Be more careful about recursively removing CVS directories. Make
+ sure that we aren't cd'ing to their home directory first. PR: 9993
+ [Aaron Bannert, James LewisMoss <dres lewismoss.net>]
+
+ *) Add a missing errordir entry in the Debian config.layout. PR: 10067
+ [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
+ Thom May <thom planetarytramp.net>]
+
+ *) Rename the filter ordering priorities. The recent filtering fixes
+ have showcased problems with their usage. Therefore, we need to
+ rename them to increase the clarity. (CONTENT->RESOURCE,
+ HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz]
+
+Changes with Apache 2.0.33
+
+ *) Fix a problem in the new --enable-layout functionality where
+ it wouldn't allow overrides from variables like --prefix,
+ --bindir, etc. [Thom May <thom planetarytramp.net>]
+
+ *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
+ no longer hangs around waiting for the socket to close before
+ returning exhaustive data. [Aaron Bannert]
+
+ *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
+ [Thom May <thom planetarytramp.net>]
+
+ *) Change mod_ssl to always do a full startup/teardown on restarts.
+ this allows mod_ssl to be added to a server that is already
+ running and makes it possible to add/change certs/keys after the
+ server has been started. [Doug MacEachern]
+
+ *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
+ This pipe must be a bidirectional 'console' style relay, which
+ mod_ssl prints all prompts to the pipe's stdin, and reads the
+ passphrases from the pipe's stdout. [William Rowe]
+
+ *) Fix bug where --sysconfdir and --localstatedir were being
+ ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert]
+ PR 9888
+
+ *) Fix --enable-layout to work again. Caution: When specifying
+ --enable-layout, common arguments like --prefix, --exec-prefix,
+ etc. will be ignored and the settings from the layout will be
+ used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert]
+ PR 9124, 9873, 9885
+
+ *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
+ regex pattern matching for the determination of which requests
+ to use the remote proxy for. [Jim Jagielski]
+
+ *) Fix CustomLog bytes-sent with HTTP 0.9. [Justin Erenkrantz]
+
+ *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
+ cruft in piped logs and rewritemap child processes.
+ [William Rowe]
+
+ *) All instances of apr_lock_t have been removed and converted
+ to one of the following new lock APIs: apr_thread_mutex.h,
+ apr_proc_mutex.h, or apr_global_mutex.h. No new code should
+ use the apr_lock.h API, as the old API will soon be deprecated.
+ [Aaron Bannert]
+
+ *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
+ [Ralf S. Engelschall, Cliff Woolley]
+
+ *) mod-include: make it handle flush'es and fix the 'false-alarm'
+ [Justin Erenkrantz, Brian Pane, Ian Holsman]
+
+ *) ap_get_*_filter_handle() functions to allow 3rd party modules
+ to lookup filter handles so they can bypass the filter name
+ lookup when adding filters to a request (via ap_add_*_filter_handle())
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Fix for multiple file buckets on Win32, where the first file
+ bucket would cause the immediate closure of the socket on any
+ non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Correct Win32 failure of mmap of a segment beyond start of the
+ file; fixes large SSL and similar transfers. [William Rowe]
+ PR 9898
+
+ *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
+ multi-process mode to not "daemonize" while detaching from the
+ controlling terminal. This is necessary for Apache to work with
+ process-management tools like AIX's "System Resource Controller"
+ as well as Dan Bernstein's "daemontools".
+ [Jos Backus <josb cncdsl.com>, Aaron Bannert]
+
+ *) Convert mod_auth_digest to use the new apr_global_mutex_t
+ type. [Aaron Bannert]
+
+ *) fix bug in mod-include where it wouldn't send a unmatched
+ part if it was at the end of a bucket [Ian Holsman]
+
+ *) worker MPM: Improve logging of errors with the interface between
+ the listener thread and worker threads. [Jeff Trawick]
+
+ *) Some browsers ignore cookies that have been merged into a
+ single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
+ are now unmerged in the http proxy before being sent to the
+ client. [Graham Leggett]
+
+ *) Fix a problem with proxy where each entry of a duplicated
+ header such as Set-Cookie would overwrite and obliterate the
+ previous value of the header, resulting in multiple header
+ values (like cookies) going missing.
+ [Graham Leggett, Joshua Slive]
+
+ *) Add the server-limit and thread-limit values to the scoreboard
+ for the sake of third-party applications.
+ [Adam Sussman <myddryn vishnu.vidya.com>]
+
+ *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]
+
+ *) OS/390: Get make install to properly copy DSO modules.
+ [Jeff Trawick]
+
+ *) Win32: Fix bug in mod_status with displaying "Restart Time"
+ and "Server uptime".
+ [Bill Stoddard]
+
+ *) Fix IPv6 name-based virtual hosts. [Jeff Trawick]
+
+ *) Introduce AddOutputFilterByType directive. [Justin Erenkrantz]
+
+ *) Fix DEBUG_CGI support in mod_cgi. PR 9670, 9671.
+ [David MacKenzie <djm pix.net>]
+
+ *) Fix incorrect check for script_in in mod_cgi. PR 9669.
+ [David MacKenzie <djm pix.net>]
+
+ *) Fix segfault and display error when SSLMutex file can not be
+ created. [Adam Sussman <myddryn vishnu.vidya.com>]
+
+ *) Add reference counting to mod_mem_cache cache objects to
+ better manage removing objects from the cache.
+ [Bill Stoddard]
+
+ *) Change the verbage on the ScoreBoardFile in our default configs.
+ Also change the default to be commented out (unspecified) so we
+ get anonymous shared memory by default. [Aaron Bannert]
+
+ *) Implement new ScoreBoardFile directive logic. This affects how
+ we create the scoreboard's shared memory segment. If the directive
+ is present, a name-based segment is created. If the directive is
+ not present, first an anonymous segment is created, and if that
+ fails, a name-based segment is created from a file of the name
+ DEFAULT_SCOREBOARD. This gives third-party applications the
+ ability to access our scoreboard. [Aaron Bannert]
+
+ *) Allow mod_deflate to work with non-GET requests and properly send
+ Content-Lengths. [Sander Striker <striker apache.org>]
+
+ *) Fix ap_directory_merge() to correctly merge configs when there is
+ no <Directory /> block. [Justin Erenkrantz, William Rowe]
+
+ *) Remove spurious debug messsages that are normal under HTTP
+ keep-alive logic. [Jeff Trawick, Justin Erenkrantz]
+
+ *) Fix a bug in mod_cgid that would prevent proper shutdown death
+ of the cgid process. [Aaron Bannert]
+
+ *) Add signal handling back in to the worker MPM for the one_process
+ (-X, -DDEBUG, -DONE_PROCESS) case. [Aaron Bannert]
+
+ *) Performance: Reuse per-connection transaction pools in the
+ worker MPM, rather than destroying and recreating them. [Brian Pane]
+
+ *) Remove all signals from the worker MPM's child process. Instead,
+ the parent uses the Pipe of Death for all communication with the
+ child processes. [Ryan Bloom]
+
+Changes with Apache 2.0.32
+
+ *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
+ default if the directive is not specified. This mirrors older
+ behavior without changes to the httpd.conf. [William Rowe]
+
+ *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
+ the service, mpm and logging code, and bugs in apr_file_open_stderr
+ and apr_file_dup2 functions. Win2K/XP services have no handles
+ associated for stdin/out/err, which caused unpredictable behavior
+ in the prior release. [William Rowe, Bill Stoddard]
+
+ *) Win32: simplify the Application Event Log messages, since there isn't
+ likely to be 'more information in the error log' before an error log
+ has been opened. [William Rowe]
+
+ *) Win32: substantial cleanup to the mpm_winnt code for legibility and
+ to follow the program flow of other MPMs. [Ryan Bloom, William Rowe]
+
+ *) Win32: apache -k shutdown now behaves like apache -k stop.
+ [Bill Stoddard]
+
+ *) Fix prefork to not kill the parent if a child hits a resource shortage
+ on accept(). [Greg Ames]
+
+ *) Fix seg faults that occur when what should be the httpd request line
+ starts with \r\n followed by garbage. [Greg Ames]
+
+ *) Allow statically linked support binaries with the new
+ --enable-static-support flag, and enable this behavior in
+ the binbuild script. Also add a new --enable-static-htdbm
+ flag. [Aaron Bannert]
+
+ *) Allow mod_autoindex to serve symlinks if permitted and attempt to
+ do only one stat() call when generating the directory listings.
+ [Justin Erenkrantz]
+
+ *) Fix resolve_symlink to save the original symlink name if known.
+ [Justin Erenkrantz]
+
+ *) Be a bit more sane with regard to CanonicalNames. If the user has
+ specified they want to use the CanonicalName, but they have not
+ configured a port with the ServerName, then use the same port that
+ the original request used. [Ryan Bloom and Ken Coar]
+
+ *) In core_input_filter, check for an empty brigade after
+ APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a
+ client says it will post some data but we get FIN before any
+ data arrives. [Jeff Trawick]
+
+ *) Not being able to bind to the socket is a fatal error. We should
+ print an error to the console, and return a non-zero status code.
+ With these changes, all of the Unix MPMs do that correctly.
+ [Ryan Bloom]
+
+ *) suexec: Allow HTTPS and SSL_* environment variables to be passed
+ through to CGI scripts. PR 9163
+ [Brian Reid <breid customlogic.com>,
+ Zvi Har'El <rl math.technion.ac.il>]
+
+ *) binbuild.sh: Make sure that we use the expat from our source
+ tree so that there aren't any surprises on the target machine.
+ [Jeff Trawick]
+
+ *) mod_cgid: Add retry logic for when the daemon can't fork fast
+ enough to keep up with new requests. Start using
+ HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
+ when we can't talk to the daemon. [Jeff Trawick]
+
+ *) apxs: LTFLAGS envvar can override default libtool options. Try
+ "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
+ the covers. [Jeff Trawick]
+
+ *) The Location: response header field, used for external
+ redirect, *must* be an absoluteURI. The Redirect directive
+ tested for that, but RedirectMatch didn't -- it would allow
+ almost anything through. Now it will try to turn an abs_path
+ into an absoluteURI, but it will correctly varf like Redirect
+ if the final redirection target isn't an absoluteURI. [Ken Coar]
+
+Changes with Apache 2.0.31
+
+ *) Create the scoreboard (in the parent) in a global pool context,
+ so it survives graceful restarts. This fixes a SEGV during
+ graceful restarts. [Aaron Bannert]
+
+ *) Add a timeout option to the proxy code 'ProxyTimeout'
+ [Ian Holsman]
+
+ *) FTP directory listings are now always retrieved in ASCII mode.
+ The FTP proxy properly escapes URI's and HTML in the generated
+ listing, and escapes the path components when talking to the FTP
+ server. It is now possible to browse the root directory by using
+ a url like: ftp://user@host/%2f/ (ported from apache_1.3.24)
+ Also, the last path component may contain wildcard characters
+ '*' and '?', and if they do, a directory listing is created instead
+ of a file retrieval. Example: ftp://user@host/httpd/server/*.c
+ [Martin Kraemer]
+
+ *) Added single-listener unserialized accept support to the
+ worker MPM [Brian Pane]
+
+ *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
+ the incoming host header through to the proxied server
+ [Geoff <g.russell ieee.org>]
+
+ *) New Directive Option for ProxyPass. It now can block a location
+ from being proxied [Jukka Pihl <jukka.pihl entirem.com>]
+
+ *) Don't let the default handler try to serve a raw directory. At
+ best you get gibberish. Much worse things can happen depending
+ on the OS. [Jeff Trawick]
+
+ *) Change the pre_config hook to return a value. Modules can now emit
+ an error message and then cause the server to quit gracefully during
+ startup. This required a bump to the MMN. [Aaron Bannert]
+
+ *) Fix some unix socket descriptor leaks in the handler side of
+ mod_cgid (the part that runs in the server process). Whack a
+ silly "close(-1)" in the handler too. [Jeff Trawick]
+
+ *) Change the pre_mpm hook to return a value, so that scoreboard
+ init errors percolate up to code that knows how to exit
+ cleanly. This required a bump to the MMN. [Jeff Trawick]
+
+ *) Add the socket back to the conn_rec and remove the create_connection
+ hook. The create_connection hook had a design flaw that did not
+ allow creating connections based on vhost info. [Bill Stoddard]
+
+ *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
+ Resolves the common case of using negotation to resolve the request
+ /script/foo for /script.cgi/foo. [William Rowe]
+
+ *) Added new functions ap_add_(input|output)_filter_handle to
+ allow modules to bypass the usual filter name lookup when
+ adding hard-coded filters to a request [Brian Pane]
+
+ *) caching should now work on subrequests (still very experimental)
+ [Ian Holsman]
+
+ *) The Win32 mpm_winnt now has a shared scoreboard. [William Rowe]
+
+ *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
+ [Justin Erenkrantz]
+
+ *) Refactor ap_rgetline so that it does not use an internal brigade.
+ Change ap_rgetline's prototype to return errors. [Justin Erenkrantz]
+
+ *) Remove mod_auth_db. [Justin Erenkrantz]
+
+ *) Do not install unnecessary pcre headers like config.h and internal.h.
+ [Joe Orton <joe manyfish.co.uk>]
+
+ *) Change in quick_hanlder behavior for subrequests. it now passes DONE
+ (as it does for a normal request). quick_handled sub-requests now work
+ in mod-include [Ian Holsman]
+
+ *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
+ 'CONTENT' one, as it needs to run AFTER all content headers
+
+ *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
+ [Lars Eilebrecht]
+
+ *) Split out blocking from the mode in the input filters.
+ [Justin Erenkrantz]
+
+ *) Fix a segfault in mod_include. [Justin Erenkrantz, Jeff Trawick]
+
+ *) Cause Win32 to capture all child-worker process errors in
+ Apache to the main server error log, until the child can
+ open its own error logs. [William Rowe]
+
+ *) HPUX 11.*: Do not kill the child process when accept()
+ returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
+
+ *) Fix a problem in the parsing of the <Proxy foo> directive.
+ [Jeff Trawick]
+
+ *) rewrite of mod_ssl input filter for better performance and less
+ memory usage [Doug MacEachern]
+
+ *) allow quick_handler to be run on subrequests. [Ian Holsman]
+
+ *) mod_dav now asks its provider to place content directly into the
+ filter stack when handling a GET request. The mod_dav/provider
+ API has changed, so providers need to be updated. [Greg Stein]
+
+ *) Clear the output socket descriptor in unixd_accept() to make sure
+ we don't supply a bogus socket to the caller if the accept fails.
+ This caused problems with the worker MPM, which tried to process
+ the returned socket if it was non-NULL. [Brian Pane]
+
+ *) Move a check for an empty brigade to the start of core input filter
+ to avoid segfaults. [Justin Erenkrantz, Jeff Trawick]
+
+ *) Add FileETag directive to allow configurable control of what
+ data are used to form ETag values for file-based URIs. MMN
+ bumped to 20020111 because of fields added to the end of
+ the core_dir_config structure. [Ken Coar]
+
+ *) Fix a segfault in mod_rewrite's logging code caused by passing the
+ wrong config to ap_get_remote_host(). [Jeff Trawick]
+
+ *) Allow mod_cgid to work from a binary distribution install by
+ using 755 for the permissions on the log directory instead of
+ 750. [Jeff Trawick]
+
+ *) Fixed a segfault that happened during graceful shutdown (or when
+ the httpd ran out of file descriptors) with the worker MPM [Brian Pane]
+
+ *) Split all Win32 modules [excluding the core components mod_core,
+ mod_so, mod_win32 and the winnt mpm] into individual loadable
+ modules, so the administrator may individually disable the former
+ compiled-in modules by simply commenting out their LoadModule
+ directives. [William Rowe]
+
+ *) Saved Win32 module authors and porters many future headaches, by
+ duplicating the appropriate .h files such as os.h into the include
+ directory, including in the build tree. [William Rowe]
+
+ *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
+ Use SSL functions/macros instead of directly dereferencing SSL
+ structures wherever possible.
+ Add type-casts for the cases where functions return a generic pointer.
+ Add $SSL/include to configure search path.
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
+
+ *) Moved several pointers out of the shared Scoreboard so it is
+ more portable, and will present the vhost name across server
+ generation restarts. [William Rowe]
+
+ *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
+ [Doug MacEachern]
+
+Changes with Apache 2.0.30
+
+ *) Fix the main bug for FreeBSD and threaded MPM's. There are
+ still issues (see STATUS) but at least the server will now
+ run without crashing the machine.
+ [David Reid, Aaron Bannert, Justin Erenkrantz]
+
+ *) Fix a typo in mod_deflate's m4 config section.
+ [albert chin <china thewrittenword.com>]
+
+ *) Fix a couple of mod_proxy problems forwarding HTTP connections
+ and handling CONNECT:
+ (1) PR #9190 Proxy failed to connect to IPv6 hosts.
+ (2) Proxy failed to connect when the first IP address returned by
+ the resolver was unreachable but a secondary IP address was.
+ [Jeff Trawick]
+
+ *) Fix the module identifer as shown in the docs for various core
+ modules (e.g., the identifer for mod_log_config was previously
+ listed as config_log_module). PR #9338
+ [James Watson <ap2bug sowega.org>]
+
+ *) Fix LimitRequestBody directive by placing it in the HTTP
+ filter. [Justin Erenkrantz]
+
+ *) Fix mod_proxy seg fault when the proxied server returns
+ an HTTP/0.9 response or a bogus status line.
+ [Adam Sussman]
+
+ *) Prevent mod_proxy from truncating one character off the
+ end of the status line returned from the proxied server.
+ [Adam Sussman, Bill Stoddard]
+
+ *) Eliminate loop in ap_proxy_string_read().
+ [Adam Sussman, Bill Stoddard]
+
+ *) Provide $0..$9 results from mod_include regex parsing.
+ [William Rowe]
+
+ *) Allow mod-include to look for alternate start & end tags [Ian Holsman]
+
+ *) Introduced the ForceLanguagePriority directive, to prevent
+ returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
+ when using Multiviews. [William Rowe]
+
+ *) Fix a problem which prevented mod_cgid and suexec from working
+ together reliably [Greg Ames]
+
+ *) Remove the call to exit() from within mod_auth_digest's post_config
+ phase. [Aaron Bannert]
+
+ *) Fix a problem in mod_auth_digest that could potentially cause
+ problems with initialized static data on a system that uses DSOs.
+ [Aaron Bannert]
+
+ *) Fix a segfault in the worker MPM that could happen during
+ child process exits. [Brian Pane, Aaron Bannert]
+
+ *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]
+
+ *) Fix matching of vhosts by ip address so we find IPv4
+ vhost address when target address is v4-mapped form of
+ that address. [Jeff Trawick]
+
+ *) More performance tweaks to the BNDM string-search algorithm
+ used to find "<!--#" tokens in mod_include [Brian Pane]
+
+ *) Miscellaneous small performance fixes: optimized away various
+ string copy operations and removed large temp buffers from
+ the stack [Brian Pane]
+
+ *) Fixed startup segfault that occurred when a VirtualHost
+ directive had a port but no address [Brian Pane]
+
+ *) Allow htdbm to work with multiple DBM types [Ian Holsman]
+
+ *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
+ if oslevel < WINNT. This should fix several problems reported
+ Against 2.0.28 on Windows 98 [Bill Stoddard]
+
+ *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
+ to fail. [Bill Stoddard]
+
+ *) Change core code to allow an MPM to set hard thread/server
+ limits at startup. prefork, worker, and perchild MPMs now have
+ directives to set these limits. [Jeff Trawick]
+
+ *) Win32: The async AcceptEx() event should be autoreset upon
+ successful completion of a wait (WaitForSingleObject). This
+ eliminates a number of spurious
+ setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
+ [Bill Stoddard]
+
+ *) Move any load library path environment variables out of
+ apachectl and into a separate environment variable file which
+ can be more easily tailored by the admin. The environment
+ variable file as built by Apache may have additional system-
+ specific settings. For example, on OS/390 we tailor the heap
+ settings to allow lots of threads. [Jeff Trawick]
+
+ *) Use the new APR pool code to reduce pool-related lock
+ contention in the worker MPM. [Sander Striker]
+
+ *) The POD no longer assumes the child is listening on 127.0.0.1
+ and now pulls the first hostname in the list of listeners to
+ perform the dummy connect on. This fixes a bug when the user
+ had configured the Listen directive for an IP other than
+ 127.0.0.1. This would result in undead children and error
+ messages such as "Connection refused: connect to listener".
+ [Aaron Bannert]
+
+ *) The worker MPM now respects the LockFile setting, needed to
+ avoid locking problems with NFS. [Jeff Trawick]
+
+ *) Fix segfault when worker MPM receives SIGHUP.
+ [Ian Holsman, Aaron Bannert, Justin Erenkrantz]
+
+ *) Fix bug that could potentially prevent the perchild MPM from
+ working with more than one vhost/uid. [Aaron Bannert]
+
+ *) Change make install and apxs -i processing of DSO modules to
+ perform special handling on platforms where libtool doesn't install
+ mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX
+ which prevented standard LoadModule statements from working.
+ [Jeff Trawick]
+
+ *) Whenever mod_so is enabled (not just when there are DSOs for
+ our modules), do whatever special magic is required for compiling/
+ loading third-party modules. This allows third-party DSOs to
+ be used on an AIX build when there were no built-in modules
+ built as DSOs. (This should help on OS/390 and BeOS as well.)
+ [Jeff Trawick]
+
+ *) Allow apxs to be used to build DSOs on AIX without requiring the
+ user to hard-code the list of import files. (This should help
+ on OS/390 and BeOS as well.) [Jeff Trawick]
+
+ *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
+ PR 8563, 8919 [William Rowe]
+
+ *) Get binary builds working when libapr and libaprutil are built
+ shared [Greg Ames]
+
+ *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
+ working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
+ Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
+
+ *) Fix the handling of SSI directives in which the ">" of the
+ terminating "-->" is the last byte in a file [Brian Pane]
+
+ *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
+ message that we had back in apache-1.3 and still have scattered
+ throughout our docs. [Aaron Bannert]
+
+ *) Prevent the Win32 port from continuing after encountering an
+ error in the command line args to apache. [William Rowe]
+
+ *) On a error in the proxy, make it write a line to the error log
+ [Ian Holsman]
+
+ *) Various mod_ssl performance improvements [Doug MacEachern]
+
+Changes with Apache 2.0.29
+
+ *) Add buffering in core_output_filter to ensure that long
+ lists of small buckets don't cause small packet writes.
+ [Brian Pane, Ryan Bloom]
+
+ *) Fix the installation target to make sure that the manual is
+ installed in the correct location.
+ [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
+ Gomez Henri <hgomez slib.fr>]
+
+ *) Fix the cmd command for mod_include. When we are processing
+ a cmd command, we do not want to use the r->filename to set
+ the command name. The command comes from the SSI tag. To do this,
+ I added a variable to the function that builds the command line
+ in mod_cgi. This allows the include_cmd function to specify
+ the command line itself. [Ryan Bloom]
+
+ *) Change open_logs hook to return a value, allowing you
+ to flag a error while opening logs
+ [Ian Holsman, Doug MacEachern]
+
+ *) Change post_config hook to return a value, allowing you
+ to flag a error post config
+ [Ian Holsman, Jeff Trawick]
+
+ *) Allow SUEXEC_BIN (the path to the suexec binary that is
+ hard-coded into the server) to be specified to the configure
+ script by the --with-suexec-bin parameter. [Aaron Bannert]
+
+ *) Fix segv in worker MPM following accept on pipe-of-death
+ [Brian Pane]
+
+ *) Add mod_deflate to experimental.
+ [Ian Holsman, Justin Erenkrantz]
+
+ *) Bail out at configure time if an invalid MPM was specified.
+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
+
+ *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
+ configured [John Sterling <sterling covalent.net>]
+
+ *) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>]
+
+ *) Fix a problem with IPv6 vhosts. PR #8118 [Jeff Trawick]
+
+ *) Optimization for the BNDM string-search function in
+ mod_include. [Brian Pane]
+
+ *) Fixed the behavior of the XBitHack directive.
+ [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
+
+ *) The threaded MPM for Unix has been removed. Use the worker
+ MPM instead. [various]
+
+ *) APR-ize the resolver logic in mod_unique_id. This fixes a bug
+ in logging the error from a failed DNS lookup. [Jeff Trawick]
+
+ *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
+ [Cliff Woolley]
+
+ *) Get mod_cgid killed when a MPM exits due to a fatal error.
+ [Jeff Trawick]
+
+ *) Fix a file descriptor leak in mod_include. When we include a
+ file, we use a sub-request, but we didn't destroy the sub-request
+ immediately, instead we waited until the original request was
+ done. This patch closes the sub-request as soon as the data is
+ done being generated. [Brian Pane <bpane pacbell.net>]
+
+ *) Allow modules that add sockets to the ap_listeners list to
+ define the function that should be used to accept on that
+ socket. Each MPM can define their own function to use for
+ the accept function with the MPM_ACCEPT_FUNC macro. This
+ also abstracts out all of the Unix accept error handling
+ logic, which has become out of synch across Unix MPMs.
+ [Ryan Bloom]
+
+ *) Fix a bug which would cause the response headers to be omitted
+ when sending a negotiated ErrorDocument because the required
+ filters were attached to the wrong request_rec.
+ [John Sterling <sterling covalent.net>]
+
+ *) Remove commas from the end of the macros that define
+ directives that are used by MPMs. Prior to this patch,
+ you would use these macros without commas, which was unlike
+ the macros for any other directives. Now, the caller provides
+ the comma rather than the macro providing it. This makes
+ the macros look more like the rest of the directives.
+ [Ryan Bloom and Cliff Woolley]
+
+ *) Add 'redirect-carefully' environment option to disable sending
+ redirects under special circumstances. This is helpful for
+ Microsoft's WebFolders when accessing a directory resource via
+ DAV methods. [Justin Erenkrantz]
+
+ *) Begin to abstract out the underlying transport layer.
+ The first step is to remove the socket from the conn_rec,
+ the server now lives in a context that is passed to the
+ core's input and output filters. This forces us to be very
+ careful when adding calls that use the socket directly,
+ because the socket isn't available in most locations.
+ [Ryan Bloom]
+
+ *) Really reset the MaxClients value in worker and threaded
+ when the configured value is not a multiple of the number
+ of threads per child. We said we did previously but we
+ forgot to. [Jeff Trawick]
+
+ *) Add Debian layout. [Daniel Stone <daniel sfarc.net>]
+
+ *) If shared modules are requested and mod_so is not available,
+ produce a fatal config-time error. [Justin Erenkrantz]
+
+ *) Improve http2env's performance by cutting the work it has to
+ do. [Brian Pane <bpane pacbell.net>]
+
+ *) use new 'apr_hash_merge' function in mod_mime (performance fix)
+ [Brian Pane <bpane pacbell.net>]
+
+Changes with Apache 2.0.28
+
+ *) Fix infinite loop in mod_cgid.c.
+ [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]
+
+ *) When no port is given in a "ServerName host" directive, the
+ server_rec->port is now set to zero, not 80. That allows for
+ run-time deduction of the correct server port (depending on
+ SSL/plain, and depending also on the current setting of
+ UseCanonicalName). This change makes redirections
+ work, even with https:// connections. As in Apache-1.3, the
+ connection's actual port number is never used, only the ServerName
+ setting or the client's Host: setting. Documentation updated
+ to reflect the change. [Martin Kraemer]
+
+ *) Add a '%{note-name}e' argument to mod-headers, which works in
+ the same way as mod_log_confg. [Ian Holsman]
+
+ *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
+ AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
+ MPMs. [Cliff Woolley]
+
+ *) Introduce htdbm, a user management utility for db/dbm authorization
+ databases. [Mladen Turk <mturk mappingsoft.com>]
+
+ *) Optimize usage of strlen and strcat in ap_directory_walk.
+ [Brian Pane <bpane pacbell.net>]
+
+Changes with Apache 2.0.27
+
+ *) Introduce an Apache mod_ssl initial configuration template
+ (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall]
+
+ *) Fixed a memory leak in the getline parsing code that could
+ be triggered by arbitrarily large header lines. Requests
+ from the core input filter for single lines are now limited
+ to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert]
+
+ *) Fix a truncation bug in how we print the port on the Via: header.
+ The routine that prints the Via: header now takes a length for
+ the port string. [Zvi Har'El <rl math.technion.ac.il>]
+
+ *) Some syntax errors in mod_mime_magic's magic file can result
+ in a 500 error, which previously was unlogged. Now we log the
+ error. [Jeff Trawick]
+
+ *) Add the support/checkgid helper app, which checks the run-time
+ validity of group identifiers usable in the Group directive.
+ [Ken Coar]
+
+ *) Various --enable-so options have been fixed: --enable-so is
+ treated as "static"; explicit --enable-so=shared issues an error;
+ and explicit --enable-so fails with error on systems without
+ APR_HAS_DSO. [Aaron Bannert]
+
+ *) Fix a segfault in the core input filter when the client socket
+ gets disconnected unexpectedly. [Cliff Woolley]
+
+ *) Fix the reporting for child processes that die. This removes
+ all of the non-portable W* macros from Apache.
+ [Jeff Trawick and Ryan Bloom]
+
+ *) Win32: Track and display "Parent Server Generation:" in
+ mod_status output. The generation will be bumped at
+ server graceful restart, when the child process exits
+ by hitting MaxRequestsPerChild or if the child
+ process exits abnormally. [Bill Stoddard]
+
+ *) Win32: Fix problem where MaxRequestsPerChild directive was
+ not being picked up in favor of the default. Enable
+ the parent to start up a new child process immediately upon
+ the old child starting shutdown.
+ [Bill Stoddard]
+
+ *) Fix some bungling of the remote port in rfc1413.c so that
+ IdentityCheck retrieves the proper user id instead of failing
+ and thus always returning "nobody."
+ [Dick Streefland <Dick.Streefland xs4all.nl>]
+
+ *) Introduced thread saftey for mod_rewrite's internal cache.
+ [Brian Pane <bpane pacbell.net>]
+
+ *) Simplified mod_env's directives to behave as most directives are
+ expected, in that UnsetEnv will not unset a SetEnv and PassEnv
+ directive following that UnsetEnv within the same container.
+ Also provides a runtime startup warning if a PassEnv configured
+ environment value is undefined. [William Rowe]
+
+ *) The worker MPM is now completely ported to APR's new lock API. It
+ uses native APR types for thread mutexes, cross-process mutexes,
+ and condition variables. [Aaron Bannert]
+
+ *) Sync up documentation to remove all references to the now deprecated
+ Port directive. [Justin Erenkrantz]
+
+ *) Moved all ldap modules from the core to httpd-ldap sub-project
+ [Ryan Bloom]
+
+ *) Exit when we can't listen on any of the configured ports. This
+ is the same behavior as 1.3, and it avoids having the MPMs to
+ deal with bogus ap_listen_rec structures. [Jeff Trawick]
+
+ *) Cleanup the proxy code that creates a request to the origin
+ server. This change adds an optional hook, which allows modules
+ to gain control while the request is created if the proxy module
+ is loaded. The purpose of this hook is to allow modules to add
+ input and/or output filters to the request to the origin. While
+ I was at it, I made the core use this hook, so that proxy request
+ creation uses some of the code from the core. This can still be
+ greatly improved, but this is a good start. [Ryan Bloom]
+
+Changes with Apache 2.0.26
+
+ *) Port the MaxClients changes from the worker MPM to the threaded
+ MPM. [Ryan Bloom]
+
+ *) Fix mod_proxy so that it handles chunked transfer-encoding and works
+ with the new input filtering system. [Justin Erenkrantz]
+
+ *) Introduce the MultiviewsMatch directive, to allow the operator
+ to be flexible in recognizing Handlers and Filters filename
+ extensions as part of the Multiviews matching logic, strict with
+ MultiviewsMatch NegotiatedOnly to accept only filename extentions
+ that designate negotiated parameters, (content type, charset, etc.)
+ or MultiviewsAll for the 1.3 behavior of matching any files, even
+ if they have unregistered extensions. [William Rowe]
+
+ *) Fixed the configure script to add a LoadModule directive to
+ the default httpd.conf for any module that was compiled
+ as a DSO. [Aaron Bannert <aaron clove.org>]
+
+ *) rewrite mod_ssl input filtering to work with the new input filtering
+ system. [Justin Erenkrantz]
+
+ *) prefork: Don't segfault when we are able to listen on some but
+ not all of the configured ports. [Jeff Trawick]
+
+ *) Build mod_so even if no core modules are built shared.
+ [Aaron Bannert <aaron clove.org>]
+
+ *) Introduce ap_directory_walk rewrite (with further optimizations
+ required) to adapt to the ap_process_request_internal() changes.
+ Optimized so subrequests and redirects now reuse previous section
+ merges, until we mismatch with the original directory_walk, and
+ precomputed r->finfo results will cause directory_walk to skip
+ the most expensive phases of the function. [William Rowe]
+
+ *) Allow ApacheMonitor to connect to and control Apache on other
+ WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>]
+
+ *) Remove the Port directive. In it's place, the Listen directive
+ is now a required directive, which tells Apache what port to
+ listen on. The ServerName directive has also been extended
+ to accept an optional port. If the port is specified to the
+ ServerName, the server will report that port whenever it
+ reports the port that it is listening on. This change was
+ made to ease configuration errors that stem from having a Port
+ directive, and a Listen directive. In that situation, the server
+ would only listen to the port specified by the Listen command,
+ which caused a lot of confusion to users. [Ryan Bloom]
+
+ *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
+ build, as loadable modules. [William Rowe]
+
+ *) Fix --enable-mods-shared processing. If most is specified,
+ then all modules that can be compiled as shared modules are.
+ [Aaron Bannert <aaron clove.org>]
+
+ *) Update the mime.types file to map video/vnd.mpegurl to mxu
+ and add commonly used audio/x-mpegurl for m3u extensions.
+ [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
+
+ *) Eliminate the depreciated r->content_language, in favor of the array
+ r->content_languages introduced many years ago. Module authors must
+ substantially overhaul their modules, so this needs to be upgraded
+ if the module still relied on backwards-brokeness. [William Rowe]
+
+ *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
+ [Justin Erenkrantz]
+
+ *) Rewrite the input filtering mechanisms to consolidate and reorganize
+ code. In short, core_input_filter does something now and
+ ap_http_filter is now only concerned with HTTP. [Justin Erenkrantz]
+
+ *) Update the Win32 build to re-absorb mod_proxy and family.
+ [William Rowe]
+
+ *) Resolved the build failure on Win32 using MSVC 5.0 (without the
+ current SDK.) [William Rowe]
+
+ *) Some style changes to the code that does ProxyErrorOverride. Fixed
+ config merge behaviour. [Graham Leggett]
+
+ *) Allow support programs to be compiled against a static version
+ of libapr. This allows the smaller support programs to be
+ relocated. [Aaron Bannert <aaron clove.org>]
+
+ *) Update the mime.types file to the registered media types as
+ of 2001-09-25, and add mapping for xsl extension [Mark Cox]
+
+ *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
+ number of clients that can connect at the same time, instead of
+ specifying the maximum number of child processes.
+ [Aaron Bannert <aaron clove.org>]
+
+ *) Switch proc_pthread AcceptMutex configuration directive to pthread to
+ be consistent with 1.3. [Justin Erenkrantz]
+
+ *) Cache apr_explode_localtime() value for 15 seconds.
+ [Brian Pane <bpane pacbell.net>]
+
+ *) Fix mod_include to not return ETag or Last-Modified headers.
+ [Ian Holsman <ianh cnet.com>]
+
+ *) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>]
+
+ *) Eliminate the wasteful run-time conversion of method names from strings
+ to numbers in places where the methods are known at compile time.
+ [Brian Pane <bpane pacbell.net>]
+
+ *) Turn the worker MPM's queue into a LIFO. This may
+ improve cache-hit performance under some conditions.
+ [Aaron Bannert <aaron clove.org>]
+
+ *) Switch back to SIGUSR1 for graceful restarts on all platforms that
+ support it. [Justin Erenkrantz]
+
+ *) Cleanup the worker MPM. We no longer re-use transaction
+ pools. This incurs less overhead than shuffling the pools
+ around so that they can be re-used. Remove one of the
+ queue's condition variables. We just redefined the API to
+ state that you can't try to add more stuff than you allocated
+ segments for. [Aaron Bannert <aaron clove.org>]
+
+ *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
+
+ *) Fixed persistent connections when a request contains a body.
+ [Greg Stein]
+
+ *) mod_dav uses a new API to speak to the backend provider for dead
+ property management. [Greg Stein]
+
+ *) Remove the Win32 script-processing exception from mod_cgi, and
+ roll build_command_line/build_argv_list into a unified, overrideable
+ ap_cgi_build_command optional function. [William Rowe]
+
+ *) Rewrite find_start_sequence to use a better search algorithm
+ to find the start tag. [Justin Erenkrantz]
+
+ *) Fix a seg fault in mod_include. When we are generating an
+ internal redirect, we must set r->uri to "", not a bogus
+ string, and not NULL. [Ryan Bloom]
+
+ *) Optimized location_walk, so subrequests, redirects and second passes
+ now reuse previous section merges on a <Location > by <Location >
+ basis, until we mismatch with the original location_walk.
+ [William Rowe]
+
+ *) Back out the 1.45 change to util_script.c. This change made
+ us set the environment variable REQUEST_URI to the redirected
+ URI, instead of the originally requested URI.
+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
+
+ *) Make mod_include do lazy evaluation of potentially expensive to
+ compute variables. [Brian Pane <bpane pacbell.net>]
+
+ *) Fix logging of bytes sent for HEAD requests. %b and %B should
+ log either - or 0, before this patch, they were both logging
+ the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>]
+
+ *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather
+ than per character. [Brian Pane <bpane pacbell.net>]
+
+ *) Normalize the primary request, redirects and sub-requests to
+ run the same ap_process_request_internal for consistency in
+ robustness, behavior and security. [William Rowe]
+
+ *) Fix a segfault with mod_include when r->path_info is not set
+ (which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>]
+
+ *) Add -X functionality back. This indicates to all MPMs and any other
+ part of Apache that it should run in "debug" mode. [Justin Erenkrantz]
+
+ *) Some initial support for the cygwin platform [prefork only].
+ This is not to be confused with support for the WinNT/Win32
+ platform, which is the recommended configuration for native
+ Win32 users. The cygwin platform support is recommended for
+ cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
+
+ *) Changed syntax of Set{Input|Output}Filter. The list of filters
+ must be semicolon delimited (if more than one filter is given.)
+ The Set{Input|Output}Filter directive now overrides a parent
+ container's directive (e.g. SetInputFilter in <Directory /web/foo>
+ will override any SetInputFilter directive in <Directory /web>.)
+ This new syntax is more consistent with Add{Input|Output}Filter
+ directives defined in mod_mime. Also cures a bug in prior releases
+ where the Set{Input|Output}Filter directive would corrupt the
+ global configuration if the multiple directives were nested.
+ [William Rowe]
+
+ *) Cured what's ailed mime for quite some time. If an AddSomething
+ was given in the configuration (Language, Charset, Handler or
+ Encoding) Apache would set the content type as given by AddType,
+ but refused to check the mime.types file if AddType wasn't given
+ for that specific extension. Setting the AddHandler for .html
+ without setting the AddType text/html html would cause Apache to
+ use the default content type. [William Rowe]
+
+ *) Added some bulletproofing to memory allocation in the LDAP cache
+ code. [Graham Leggett]
+
+Changes with Apache 2.0.25
+
+ *) Move the installed /manual directory out of the /htdocs/ tree, so
+ that it can be kept more independently from the remaining document
+ root. The "Alias /manual ..." already allowed for easy projection
+ into existing private document trees. [Martin Kraemer]
+
+ *) Add specified user attributes to the environment when using
+ mod_auth_ldap. This allows you to use mod_include to embed specified
+ user attributes in a page like so:
+ Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
+ [Graham Leggett]
+
+ *) Fix a performance problem with the worker MPM. We now create
+ transaction pools once, and re-use them for each connection.
+ [Aaron Bannert <aaron clove.org>]
+
+ *) Modfied mod_mime to prevent mod_negotation from serving a multiview
+ of a 'handler' or 'filter', so that any filename extension that does
+ not contribute to the negotiated metadata can't be served without
+ an explicit request. E.g., if the .Z extension is associated with
+ an unzip filter, the user request somefile.Z.html, mod_negotiation
+ won't serve it. It can serve somefile.Z.html when somefile.Z is
+ requested, since the .Z extension is explictly requested, if the
+ .html extension is associated with ContentType text/html.
+ [William Rowe]
+
+ *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
+ and corresponding AddOutputFilter syntax, to insert one or more
+ filters by mod_mime filename extension processing.
+ [William Rowe]
+
+ *) Fix a growing connection pool in core_output_filter() for
+ keepalive requests. [Jeff Trawick]
+
+ *) Moved split_and_pass_pretag_buckets back to being a
+ macro at Ryans's request. Removed the return from it
+ by setting and returning a return code instead. Updated
+ the code to check the return code from the macro and
+ do the right thing. [Paul J. Reder]
+
+ *) Fix a segfault when a numeric value was received for Host:.
+ [Jeff Trawick]
+
+ *) Add a function ap_remove_input_filter. This is to match
+ up with ap_remove_output_filter. [Ryan Bloom]
+
+ *) Clean up location_walk, so that this step performs a minimum
+ amount of redundant effort (it must be run twice, but it will no
+ longer reparse all <Location > blocks when the request uri
+ hadn't changed.) [William Rowe]
+
+ *) Eliminate proxy: (and all other 'special') processing from the
+ ap_directory_walk() phase. Modules that want to use special
+ walk logic should refer to the mod_proxy map_to_location example,
+ with it's proxy_walk and proxysection implementation. This makes
+ either directory_walk flavor much more legible, since that phase
+ only runs against real <Directory > blocks.
+ [William Rowe]
+
+ *) SECURITY: Fix a security problem in mod_include which would allow
+ an SSI document to be passed to the client unparsed.
+ [Cliff Woolley, Brian Pane]
+
+ *) Introduce the map_to_storage hook, which allows modules to bypass
+ the directory_walk and file_walk for non-file requests. TRACE
+ shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
+ directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
+ [William Rowe]
+
+ *) Add the ability for mod_include to add the INCLUDES filter
+ if the file is configured for the server-parsed handler.
+ This makes the configuration for .shtml files much easier
+ to understand, and allows mod_include to honor Apache 1.3
+ config files. Based on Doug MacEachern's patch to PHP
+ to do the same thing. [Ryan Bloom]
+
+ *) force OpenSSL to ignore process local-caching and to always
+ get/set/delete sessions using mod_ssl's callbacks
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
+ Geoff Thorpe <geoff geoffthorpe.net>]
+
+ *) Make the worker MPM shutdown and restart cleanly. This also
+ cleans up some race conditions, and gets the worker using
+ pools more cleanly. [Aaron Bannert <aaron clove.org>]
+
+ *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
+ for mod_ssl
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
+
+ *) Fix for mod_include. Ryan's patch to check error
+ codes put a return in the wrong place. Also, the
+ include handler return code wasn't being checked.
+ I don't like macros with returns, so I converted
+ SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
+ [Paul J. Reder <rederpj raleigh.ibm.com>]
+
+ *) fix segv in mod_mime if no AddTypes are configured
+ [John Sterling <sterling covalent.net>]
+
+ *) Enable ssl client authentication at SSL_accept time
+ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
+
+ *) Fix a segfault in mod_include when the original request has no
+ associated filename (e.g., we're filtering the error document for
+ a bad URI). [Jeff Trawick]
+
+ *) Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick]
+
+ *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
+ of httpd is started and shuts down due to socket conflict. Moving the
+ call to ap_log_pid solves the problem.
+
+ *) Changed the late-1.3 log_config substitution %c to %X, to log the
+ status of the closed connection, as it conflicts with the far more
+ common, historical ssl logging directive %...{var}c. [William Rowe]
+
+ *) Added the common error/ tree to the build/install targets
+ (similar to the common icons/ tree) for the multi-language error
+ messages that Lars committed earlier. [William Rowe]
+
+ *) Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard]
+
+ *) Added a default commented-out mod_ldap and mod_auth_ldap
+ configuration to httpd-std.conf and httpd-win.conf
+ [Graham Leggett]
+
+ *) Added documentation for mod_ldap and mod_auth_ldap.
+ [Graham Leggett]
+
+ *) Enabled negative caching on attribute comparisons in the LDAP cache.
+ Fixed a problem where the default cache TTL was set in milliseconds
+ not microseconds causing the cache to time out almost immediately.
+ [Graham Leggett]
+
+ *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
+ module code to follow APR. [Graham Leggett]
+
+ *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
+ cleaned up when the connection pool pool is cleaned up.
+ [Graham Leggett]
+
+ *) Fix a minor issue with Jeff Trawick's mod_include
+ patch. Without this patch, the code will just allocate
+ more bytes in get_combined_directive than are needed.
+ [Paul Reder]
+
+ *) Added the LDAP authentication module mod_auth_ldap.
+ [Dave Carrigan <dave rudedog.org>, Graham Leggett]
+
+ *) Added the LDAP cache and connection pooling module mod_ldap.
+ [Dave Carrigan <dave rudedog.org>, Graham Leggett]
+
+ *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
+ by allowing a module to disable itself if its prerequisites are not
+ met. [Justin Erenkrantz]
+
+Changes with Apache 2.0.24
+
+ *) Fix a couple of issues in mod_include when the tag appeared at
+ offsets near 8192 in the file being parsed. [Jeff Trawick]
+
+ *) Fix an assertion failure in mod_ssl when the keepalive timeout is
+ reached. [Jeff Trawick]
+
+ *) Numerous improvements to the Win32 build system. Introduced command line
+ builds without requiring .mak files for MSVC 6.0 and later versions.
+ Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
+ [William Rowe]
+
+ *) Assorted corrections and improvements to the winnt_mpm startup code. Better
+ reporting of uninstalled services and other error conditions, and changed the
+ default service name to Apache2. [William Rowe]
+
+ *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm
+ compatibility with existing Apache 1.3 Win32 Apache management utilites.
+ [Mladen Turk <mturk mappingsoft.com>, William Rowe]
+
+ *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
+ [William Rowe, Greg Ames]
+
+ *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
+ and RemoveCharset directives. [William Rowe]
+
+ *) The Unix MPMs other than perchild now allow child server
+ processes to use the accept mutex when starting as root and
+ using SysV sems for the accept mutex. Previously, this
+ combination would lead to fatal errors in the child server
+ processes. perchild can't use SysV sems because of security
+ issues. [Jeff Trawick, Greg Ames]
+
+ *) Added Win32 revision stamp resources to all http binaries
+ (including modules/ and support/ tools.) PR7322 [William Rowe]
+
+ *) Fix ap_rvprintf to support more than 4K of data at one time.
+ [Cody Sherr <csherr covalent.net>]
+
+ *) We have always used the obsolete/deprecated Netscape syntax
+ for our tracking cookies; now the CookieStyle directive
+ allows the Webmaster to choose the Netscape, RFC2109, or
+ RFC2965 format. The new CookieDomain directive allows the
+ setting of the cookie's Domain= attribute, too. PR #s 5006,
+ 5023, 5920, 6140 [Ken Coar]
+
+ *) Tweak server/Makefile so that the rules for generating exports.c
+ are compatible with make utilities which don't expand wildcards
+ in a dependency list (e.g., OS/390 make, certain levels of GNU
+ make). [Jeff Trawick]
+
+ *) Install the SSL headers. [John Sterling <sterling covalent.net>]
+
+ *) Begin to sanitize the MPM configuration directives. Now, all
+ MPMs use the same functions for all common MPM directives. This
+ should make it easier to catch all bugs in these directives once.
+ [Cody Sherr <csherr covalent.net>]
+
+ *) Close a major resource leak. Every time we had issued a
+ graceful restart, we leaked a socket descriptor.
+ [Ryan Bloom]
+
+ *) Fix a problem with the new method code. We need to cast
+ the 1 to an apr_int64_t or it will be treated as a 32-bit
+ integer, and it will wrap after being shifted 32 times.
+ [Cody Sherr <csherr covalent.net> and Ryan Morgan <rmorgan covalent.net>]
+
+ *) Fix a bug in mod_expires. Previous to this patch, if you
+ told mod_expires to add 604800 seconds to the last-modified
+ time, it actually added 604800 usec's to the last-modified time,
+ so that when looking at the response it looked like nothing
+ had been done. The root of the problem was that we always compute
+ time in usec's, but we ask users to input sec's. This means we
+ need to convert to usec's before using those values.
+ [Ryan Bloom]
+
+ *) The worker MPM now handles shutdown and restart requests. It
+ definitely isn't perfect, but we do stop the servers correctly.
+ The biggest problem right now is that SIGHUP causes the server to
+ just die. [Ryan Bloom]
+
+Changes with Apache 2.0.23
+
+ *) Use the prefork MPM by default on Unix. [various]
+
+ *) Added a systray icon monitor application for Win32.
+ [Mladen Turk <mturk mappingsoft.com>]
+
+ *) mod_rewrite: Fix the line ending on some non-Unix systems for
+ messages written to the rewrite log.
+ [Richard Labennett <rlabenn us.ibm.com>]
+
+ *) All mod_autoindex query parsing is now quietly quashed with the
+ IndexOption IgnoreClient. The IndexOption SuppressColumnSorting
+ still drops the column sort <a href>'s for the column headers, but
+ IgnoreClient is required to ignore these Query options entirely.
+ [William Rowe]
+
+ *) Introduced new mod_autoindex query argument parsing for F=[0|1|2]
+ to allow the client to select plain, FancyIndexing or HTMLTable
+ formatting, V=[0|1] to inhibit or enable version sorting, and
+ P=pattern to return only specific files. The old Query Arguments
+ were reorganized as C=f for sorting column 'f' (same N, D, S, or M
+ as before), and O=A|D for ordering ascending or descending.
+ [William Rowe]
+
+ *) Fixed an error in mod_include's directive parsing routines which
+ caused #if, #elif, and #else expressions containing backslashes
+ to be improperly evaluated. [Cliff Woolley]
+
+ *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to
+ drop the icon column, SuppressRules to drop the <hr> elements,
+ and HTMLTable to create rudimentary HTML table listings (implies
+ FancyIndexing). [William Rowe]
+
+ *) Re-introduced the mod_autoindex IndexOptions flag TrackModified
+ from Apache 1.3.15. This is needed for two reasons, first, given
+ multiple machines within a server farm, ETags and Last-Modified
+ stamps won't correspond from machine to machine, and second, many
+ Unixes don't capture changes to the date or time stamp of existing
+ files, since these don't modify the dirent itself. [William Rowe]
+
+ *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst
+ and DirectoryWidth options from Apache 1.3.10.
+ [William Rowe, Ken Coar]
+
+ *) Eliminated FancyIndexing directive, deprecated early in Apache
+ 1.3 by the IndexOptions FancyIndexing syntax. [William Rowe]
+
+ *) mod_autoindex now excludes any file names that would result in
+ an error, other than a success or redirect. Also optimized
+ the parent directory, always included except in the URI '/'.
+ [William Rowe]
+
+ *) Refactored mod_negotiation and mod_mime to help mod_dir accept
+ negotiated index pages, and prevent the server from defaulting
+ to an autoindex of the directory. mod_negotiation will now die
+ with a 500 Internal Error if it could match some filenames
+ (e.g. for mod_dir) but none can be served. mod_negotation now
+ refuses to serve any file with an extention that mod_mime doesn't
+ recognize, and wasn't part of the request. [William Rowe]
+
+ *) Eliminate mod_cgi's handling of .exe files without the .exe file
+ extension. This is already handled by multiviews, if the admin
+ wishes to AddHandler .exe or define a content type handler and
+ associate .exe files with that content type. Multiviews must be
+ enabled to allow these to be served. [William Rowe]
+
+ *) Speed up the server's response to a spike in incoming workload
+ or restarts by assigning empty scoreboard slots to new processes
+ when they are available. [Greg Ames]
+
+ *) Add a handler to mod_includes.c. This handler is designed to
+ implement the XbitHack directive. This can't be done with a
+ fixup, because we need to check the content-type, which is
+ only available in the handler phase. [Ryan Bloom]
+
+ *) Make the includes filter check return codes from filters lower in
+ the filter chain. If a lower level filter returns an error, then
+ the request needs to stop immediately. This allows mod_include to
+ stop parsing data once a lower filter recognizes an error.
+ [Ryan Bloom]
+
+ *) Add the ability to extend the methods that Apache understands
+ and have those methods <limit>able in the httpd.conf. It uses
+ the same bit mask/shifted offset as the original HTTP methods
+ such as M_GET or M_POST, but expands the total bits from an int to
+ an ap_int64_t to handle more bits for new request methods than
+ an int provides. [Cody Sherr <csherr covalent.net>]
+
+ *) Fix broken mod_mime behavior in merging its arguments. Possible
+ cause of unexplicable crashes introduced in 2.0.20. [William Rowe]
+
+ *) Solve many mod_ssl porting issues (too many to detail) with
+ help from the whole team, but most notably [Ralf S. Engelschall,
+ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
+ Doug MacEachern, William Rowe, Cliff Woolley]
+
+ *) More stall fixes for the threaded & worker mpm's.
+ Make mod_status output more accurate. Don't
+ count workers in processes which aren't actively
+ serving requests. [Greg Ames]
+
+ *) Win32: Get SSI exec cgi tag working. [Bill Stoddard]
+
+ *) Add a single listener/multiple worker MPM. This MPM is
+ definately not fully correct, but it allows us to solve many
+ of the problems that exist in the threaded MPM. This is a
+ modified version of the threaded MPM. [Ryan Bloom]
+
+ *) Improve content generation throughout Apache, providing closer
+ compliance with HTML 3.2, HTML 4.01 Transitional and XHTML 1.0
+ Transitional specifications. [William Rowe]
+
+Changes with Apache 2.0.22
+
+ *) Fix a problem where the threaded MPM stalls after restarts or
+ segfaults. Also prevent multiple active processes from using
+ the same scoreboard slot. [Greg Ames]
+
+ *) Apache/Win32 now fills in the service description with Apache's
+ server version string, including loaded and advertised modules.
+ [William Rowe]
+
+ *) Improved support for the Win32 build, to recover gracefully from
+ missing apr or apr-util directories or the awk interpreter,
+ create the proper cgi-bin examples, including a test-cgi.bat, and
+ fix the perl shebang line for printenv.pl, when installing from
+ the build environment. [William Rowe]
+
+ *) Fix a segfault in threaded.c caused by passing uninitialized
+ apr_thread_t * to apr_thread_join(). [Jeff Trawick]
+
+ *) Use new APR number conversion functions to reduce CPU consumption
+ when setting the content length, and in mod_log_config.
+ [Brian Pane]
+
+ *) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
+ where HEAD response headers were being repeated twice for
+ files greater than 32K bytes (4*AP_MIN_BYTES_TO_WRITE). This
+ problem in the http_header filter was exposed by the recent rewrite
+ of the content_length filter. [Taketo Kabe, Bill Stoddard]
+
+ *) Fix seg faults in mod_status with ExtendedStatus enabled, after
+ restarts. A garbage pointer to a vhost's server_rec from the
+ previous generation was being left around under certain
+ conditions. [Greg Ames]
+
+ *) Fix a cosmetic problem with mod_include. Non-existant SSI vars
+ used to appear as '(none', without the closing paren.
+ [Günter Knauf <eflash gmx.net>]
+
+ *) Improve the exports generating awk script. In the past, we had
+ work around problems in the awk script by avoiding some #if and
+ #ifdefs. This has bitten us many times in generating the exports.c
+ file. This improvement allows corrects the header file parsing.
+ [Sander Striker <striker apache.org>]
+
+Changes with Apache 2.0.21
+
+ *) Resolve the Win32 htpasswd bug, where a file that existed would be
+ overwritten, regardless of the -c flag.
+ [William Rowe, Mladen Turk <mladen.turk mail.inet.hr>]
+
+ *) Introduce connection sub-pools into ab. Truncating the lifetime
+ of these allocations means that ab no longer perpetually grows
+ its working set, running out of memory on large request attempts.
+ [William Rowe]
+
+ *) Make scoreboard creation a hook. This allows management
+ modules to have access to the scoreboard at the time that it is
+ created, and at every restart request.
+ [Cody Sherr <csherr covalent.net>]
+
+ *) Changed AP_MPMQ_MAX_DAEMONS to refer to MaxClients and
+ added an AP_MPMQ_MAX_DAEMON_USED to refer to the highest
+ daemon index actually used in the scoreboard. I also
+ updated the pertinent calls. [Paul J. Reder]
+
+ *) Win32: Prevent listening sockets from being inherited by
+ the Apache child process, CGI scripts, rotatelog process
+ etc. If the Apache child process segfaults, any processes
+ that the child started are not reaped. Prior to this fix,
+ these processes inherited the listening sockets which sometimes
+ prevented the restarted Apache child process from accepting
+ connections (ie, the server would hang).
+ [Bill Stoddard]
+
+ *) Provide vhost and request strings when ExtendedStatus is on.
+ [Greg Ames]
+
+ *) Fix some issues with the pod and prefork: check the pod *after*
+ processing a connection so that a server processing a time-
+ consuming request bails out as soon as practical; when the
+ parent process wakes up a server process via connect(), use an
+ APR timeout on the connect() so that we don't hang for a long
+ time if there aren't server processes around to do accept().
+ [Jeff Trawick, Greg Ames]
+
+ *) Performance improvement to mod_mime.c. find_ct() in mod_mime,
+ spends a lot of time in apr_table_get calls. Using the default
+ httpd.conf, the tables for languages and charsets are somewhat
+ large, so the time spent scanning them on each request is
+ significant. Replacing the tables with hash tables provides
+ a nice speedup. [Brian Pane <bpane pacbell.net>]
+
+ *) Add two functions to allow modules to access random parts of the
+ scoreboard. This allows modules compiled for one MPM to access the
+ scoreboard, even if it the server was compiled for another MPM.
+ [Harrie Hazewinkel <harrie covalent.net>]
+
+Changes with Apache 2.0.20
+
+ *) Fix problem in content-length filter where the filter would
+ buffer all the output from a CGI before sending any bytes
+ down the filter stack to the network. This problem would cause
+ significant memory consumption if the CGIs generated
+ lots of bytes. [Bill Stoddard]
+
+ *) Get non-blocking CGI pipe reads working with the bucket brigades.
+ [Bill Stoddard]
+
+ *) Fix seg fault on Windows when serving files cached with mod_file_cache.
+ [Bill Stoddard]
+
+ *) Fix a bug in the threaded MPM that would cause it to kill off all
+ workers immediately after starting if the number of workers started
+ was above a certain threshold. [Ryan Bloom, Bill Stoddard]
+
+Changes with Apache 2.0.19
+
+ *) Fix problem with threaded MPM. The problem was that if each child
+ process was busy serving a single long-lived request and the server
+ was sent a graceful restart signal, the server would stop serving
+ requests. This would happen because each child process would wait to
+ die until the last thread was done, and the parent wouldn't spawn any
+ new children until a process died. Now, the parent looks at the fact
+ that the children are dying gracefully, and starts new children.
+ Those new children only start enough threads to compliment the number
+ of threads in the other child process that shares the same spot in
+ the scoreboard. In this way, we make sure to never go over
+ MaxClients. [Ryan Bloom]
+
+ *) modified mod_negotiation and mod_autoindex to speed up by almost a
+ factor of two on apr_dir_read()-enhanced platforms, such as Win32
+ and OS2, by calling ap_sub_request_lookup_dirent() with the results
+ already provided by apr_dir_read(). [William Rowe]
+
+ *) mod_file_cache is now more robust to filtering and serves requests
+ slightly more efficiently. [Cliff Woolley]
+
+ *) Fix problem handling FLUSH bucket in the chunked encoding filter.
+ Module was calling ap_rwrite() followed by ap_rflush() but the
+ served content was not being displayed in the browser. Inspection
+ of the output stream revealed that the first data chunk was
+ missing the trailing CRLF required by the RFC. [Bill Stoddard]
+
+ *) apxs no longer generates ap_send_http_header() in the example handler
+
+ *) Fix an ab problem which could cause a divide-by-zero exception
+ with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
+ [Ian Holsman <ianh cnet.com>]
+
+ *) Solve case-insensitive platforms' confusion about negotiated
+ filenames, allowing files of differnt case to match in choosing
+ the document to serve. [William Rowe]
+
+ *) Fix brokenness when ThreadsPerChild is higher than the built-in
+ limit. We left ap_threads_per_child at the higher value which
+ led to segfaults when doing certain scoreboard operations.
+ [Jeff Trawick]
+
+ *) Fix seg faults and/or missing output from mod_include. The
+ default_handler was using the subrequest pool for files and
+ MMAPs, even though the associated APR structures typically
+ live longer than the subrequest. [Greg Ames]
+
+ *) Extend mod_setenvif to support specifying regular expressions
+ on the SetEnvIf (and SetEnvIfNoCase) directive attribute field.
+ Example: SetEnvIf ^TS* [a-z].* HAVE_TS
+ will cause HAVE_TS to be set if any of the request headers begins
+ with "TS" and has a value that begins with any character in the
+ set [a-z]. [Bill Stoddard]
+
+ *) httpd children now re-bind themselves to a random CPU on
+ multiprocessor systems on AIX via bindprocessor() in 2.0.
+ [Victor J. Orlikowski]
+
+ *) Fix htdigest. It would go into a loop in getline when adding
+ a second user. [Bill Stoddard]
+
+ *) Win32 platforms now fully support mod_userdir options. [Will Rowe]
+
+ *) Automatically generate httpd.exp for AIX.
+ DSOs now work again on AIX in 2.0
+ [Victor J. Orlikowski]
+
+ *) Add a new request hook, error_log. This phase allows modules
+ to act on the error log string _after_ it has been written
+ to the error log. The goal for this hook is to allow monitoring
+ modules to send the error string to the monitoring agent.
+ [Ryan Bloom]
+
+ *) Modify mod_echo to make it use filters for input and output.
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Extend mod_headers to support conditional driven Header
+ add, append and set. Use SetEnvIf to set an envar and conditionally
+ add/append/set headers based on this envar thusly:
+
+ SetEnvIf TSMyHeader value HAVE_TSMyHeader
+ Header add MyHeader "%t %D" env=HAVE_TSMyHeader
+
+ If the request contains header "TSMyHeader: value" then header
+ MyHeader: "t=xxxxxxxxxx D=yyyy" will be sent on the response.
+ [Bill Stoddard]
+
+ *) Extend mod_headers to support using format specifiers on Header
+ add, append and set header values. Two format specifiers are supported:
+
+ %t - reports, in UTC microseconds since the epoch, when the
+ request was received.
+
+ %D - reports the time, in microseconds, between when the request was
+ received and the response sent.
+
+ Examples:
+ Header add MyHeader "This request served in %D microseconds. %t"
+
+ results in a header being added to the response that looks like this:
+
+ MyHeader: This request served in D=5438 microseconds. t=991424704447256
+
+ [Bill Stoddard]
+
+ *) Fix reset_filter(). We need to be careful how we remove filters.
+ If we set r->output_filters to NULL, we also have to reset the
+ connection's filters. [John Sterling]
+
+ *) Optimise reset_filter() in http_protocol.c. [Greg Stein]
+
+ *) Add a check to ap_die() to make sure the filter stack is sane and
+ contains the correct basic filters when an error occurs. This fixes
+ a problem where headers are not being sent on error. [John Sterling]
+
+ *) New Header directive 'echo' option. "Header echo regex" will
+ cause any headers received on the request that match regex to be
+ echoed to (included in) the response headers.
+ [Bill Stoddard]
+
+ *) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
+ This prevented the inclusion of apr_compat.h. PR #7773
+ [Oleg Broytmann <phd phd.pp.ru>]
+
+ *) Moved util_uri to the apr-util library. This required a bunch of
+ apr_name changes for the uri utility functions. [Justin Erenkrantz]
+
+ *) Move the addition of default AP_HTTP_HTTP_HEADER filters to the
+ insert_filter phase so that other filters are not bypassed by default.
+ [Graham Leggett]
+
+ *) Reimplement mod_headers as an output filter. mod_headers can now
+ add custom headers to inbound requests using the RequestHeader directive
+ and to responses using the same old Header directive. [Graham Leggett]
+
+Changes with Apache 2.0.18
+
+ *) Fix command-line processing so that if a bad argument is specified
+ Apache will exit. [Jeff Trawick]
+
+ *) Change the make targets and rules to be consistent in all of the
+ Apache-owned source trees. [Roy Fielding]
+
+ *) Fix processing of the TRACE method. Previously we passed bogus
+ parms to form_header_field() and it overlaid some vhost structures,
+ resulting in a segfault in check_hostalias().
+ [Greg Ames, Jeff Trawick]
+
+ *) Win32: Add support for reliable piped logs. If the logging process
+ goes down, Apache will automatically restart it. This function has
+ been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
+ [Bill Stoddard]
+
+ *) Do not start piped log processes during the config file
+ preflight. This change also circumvents a problem on
+ Windows where the rotatelog processes created during preflight
+ was not getting cleaned up properly.
+ [Bill Stoddard]
+
+ *) add "Request Phase Participation" info to mod_info
+ [Doug MacEachern]
+
+ *) Make first phase changes to the scoreboard data structures in
+ preparation for the rewriting of the scoreboard per my posted
+ design notes. [Paul J. Reder]
+
+ *) Fix httpd's definition of LTFLAGS to be consistent with that of apr
+ and apr-util, allow it to be overridden by the configure command-line
+ (default="--silent") and introduce LT_LDFLAGS to replace what we were
+ formerly abusing as LTFLAGS. [Roy Fielding]
+
+ *) Clean up the reporting of incorrect closing container tags.
+ [Barrie Slaymaker <barries slaysys.com>]
+
+ *) Simplify the configure process by moving all libtool stuff to APR
+ and moving hints.m4 inline. [Roy Fielding]
+
+ *) Add the AP_DECLARE()/AP_CORE_DECLARE macros on the return types
+ of functions used by mod_proxy for export in the DLL
+ [Ian Holsman <IanH cnet.com>]
+
+ *) Prevent a hang when a cgi handled by mod_cgid tries to read a
+ request body from its stdin but no reqest body is being written to
+ the cgi. [Jeff Trawick]
+
+ *) mod_log_config: %c connection status incorrectly logged
+ as "-" (non-keepalive) when MaxKeepAliveRequests is set to 0.
+ [Bill Stoddard]
+
+ *) Get mod_cern_meta working under Windows
+ [Bill Stoddard]
+
+ *) Create Files, and thus MMAPs, out of the request pool, not the
+ connection pool. This solves a small resource leak that had us
+ not closing files until a connection was closed. In order to do
+ this, at the end of the core_output_filter, we loop through the
+ brigade and convert any data we have into a single HEAP bucket
+ that we know will survive clearing the request_rec.
+ [Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
+ Cliff Woolley]
+
+ *) Completely revamp configure so that it preserves the standard make
+ variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving
+ the configure additions to EXTRA_* variables. Also, allow the user
+ to specify NOTEST_* values for all of the above, which eliminates the
+ need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM. Fix the setting
+ of INCLUDES and EXTRA_INCLUDES. Check flags as they are added to
+ avoid pointless duplications. Fix the order in which flags are given
+ on the compile and link lines. Remove obsolete macros APR_DOEXTRA,
+ AC_ADD_LIBRARY, AC_CHECK_DEFINE, APACHE_PASSTHRU, and APACHE_ONCE.
+ Added APR_SAVE_THE_ENVIRONMENT and APR_RESTORE_THE_ENVIRONMENT macros.
+ Renamed AC_TYPE_RLIM_T macro to APACHE_TYPE_RLIM_T. [Roy Fielding]
+
+ *) Get mod_tls to compile/work better on Windows. PR #7612
+ [Bernhard Schrenk <b.schrenk improx.com>]
+
+ *) Fix shutdown/restart hangs in the threaded MPM.
+ [Jeff Trawick, Greg Ames, Ryan Bloom]
+
+ *) Removed the keptalive boolean from conn_rec because it is now only
+ used by a single routine and can be replaced by a local variable.
+ [Greg Stein, Ryan Bloom, Roy Fielding]
+
+ *) Patch prefork to put enough of the signal processing back in so that
+ signals are all handled properly now. The previous patch fixed the
+ deadlock race condition, but broke the user directed signal handling.
+ This fixes it to work the way it did before my previous prefork patch
+ (primarily, SIGTERM is now working).
+
+ *) Change how input filters decide how much data is returned to the
+ higher filter. We used to use a field in the conn_rec, with this
+ change, we use an argument to ap_get_brigade to determine how much
+ data is retrieved. [Ryan Bloom]
+
+ *) Fix seg fault at start-up introduced by Ryan's change to enable
+ modules to specify their own logging tags. mod_log_config
+ registers an optional function, ap_register_log_handler().
+ ap_register_log_handler() was being called by http_core before
+ the directive hash table was created. This patch creates the
+ directive hash table before ap_register_log_handler() is
+ registered as an optional function.
+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
+
+ *) Add ap_set_int_slot() function
+ [John K. Sterling <sterling covalent.net>]
+
+ *) Under certain circumstances, Apache did not supply the
+ right response headers when requiring authentication.
+ [Gertjan van Wingerde <Gertjan.van.Wingerde cmg.nl>] PR#7114
+ (This is a port of the change that went into Apache 1.3.19.)
+
+ *) Allow modules to specify their own logging tags. This basically
+ allows a module to tell mod_log_config that when %x is encountered
+ a specific function should be called. Currently, x can be any single
+ character. It may be more useful to make this a string at some point.
+ [Ryan Bloom]
+
+Changes with Apache 2.0.17
+
+ *) If a higher-level filter handles the byterange aspects of a
+ request, then the byterange filter should not try to redo the
+ work. The most common case of this happening, is a byterange
+ request going through the proxy, and the origin server handles
+ the byterange request. The proxy should ignore it.
+ [Graham Leggett <minfrin sharp.fm>]
+
+ *) Changed the threaded mpm to have child_main join to each of the
+ worker threads to make sure the kids are all gone before child_main
+ exits after a signal (cleanup from perform_idle_server_maintenance).
+ This is an extension of Ryans recent commit to make the child_main
+ the signal thread.
+
+ *) Add more options to the ap_mpm_query function. This also allows MPMs to
+ report if their threads are dynamic or static. Finally, this also
+ implements a new API, ap_show_mpm, which returns the MPM that was
+ required into the core. [Harrie Hazewinkel <harrie covalent.net>]
+
+ *) Do not install the binaries from the support directory twice.
+ [jun-ichiro hagino <itojun iijlab.net>]
+
+ *) The ap_f* functions should flush data to the filter that is passed
+ in, not the filter after the one passed in.
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Make ab work again by changing its native types to apr types and formats.
+ [Justin Erenkrantz <jerenkrantz ebuilt.com>]
+
+ *) Move the byterange filter and all of the supporting functions back
+ to the HTTP module. The byterange filter turned out to be very
+ HTTP specific, and it belongs in the HTTP module. [Greg Stein]
+
+ *) Make clean, distclean, and extraclean consistently according to the
+ Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>]
+
+ *) Fix errors in the renaming of the apr_threadattr_detach_xxx functions.
+ This may have been causing problems stopping processes in the threaded
+ mpm's. [Greg Ames]
+
+ *) Fix content-length in mod_negotiation to a long int representation.
+ [William Rowe]
+
+ *) Remove BindAddress from the default config file.
+ [<giles nemeton.com.au>]
+
+ *) Allow module authors to add a module to their Apache build using
+ --with-module, without re-running buildconf. The syntax is:
+ --with-module=module_type:/path/to/module.c
+ The configure script will copy the module.c file to
+ modules/module_type, and it will be added to the relevant Makefiles.
+ currently, this only works for static modules. [Ryan Bloom]
+
+ *) Changes required to make prefork clean up idle children properly.
+ There was a window during which a starting worker deadlocks when
+ an idle cleanup arrives before it completes init. Apache then keeps
+ trying to cleanup the same deadlocked worker forever (until higher
+ pids come along, but it still will never reduce below the deadlocked
+ pid). Thus the number of children would not reduce to the correct
+ idle level. [Paul J. Reder]
+
+Changes with Apache 2.0.16
+
+ *) Change the default installation directory to /usr/local/apache2,
+ as now defined by the "Apache" layout in config.layout. [Marc Slemko]
+
+ *) OS/2: Added support for building loadable modules as OS/2 DLLs.
+ [Brian Havard]
+
+ *) Get MaxRequestsPerChild working with the Windows MPM.
+ [Bill Stoddard]
+
+ *) Make generic hooks to work, with mod_generic_hook_import/export
+ experimental modules. [Ben Laurie, Will Rowe]
+
+ *) Fix segfaults for configuration file syntax errors such as
+ "<Directory>" followed by "</Directory" and
+ "<Directory>" followed by "</Directoryz>". [Jeff Trawick]
+
+ *) Cleanup the --enable-layout option of configure. This makes
+ us use a consistent location for the config.layout file, and it
+ makes configure more portable.
+ [jun-ichiro hagino <itojun iijlab.net>]
+
+ *) Changes to 'ab'; fixed int overrun's, added statistics, output in
+ csv/gnuplot format, rudimentary ssl support and various other tweaks
+ to make results more true to what is measured. The upshot of this it
+ turns out that 'ab' has often underreported the true performance of
+ apache. Often by a order of magnitude :-) See talk/paper of Sander
+ Temme at April ApacheCon 2001 for details.
+ [Dirk-Willem van Gulik]
+
+ *) Clean up mod_cgid's temporary request pool. Besides fixing a
+ storage leak this ensures that some unnecessary pipes are closed.
+ [Jeff Trawick]
+
+ *) Performance: Add quick_handler hook. This hook is called at the
+ very beginning of the request processing before location_walk,
+ translate_name, etc. This hook is useful for URI keyed content
+ caches like Mike Abbott's Quick Shortcut Cache.
+ [Bill Stoddard]
+
+ *) top_module global variable renamed to ap_top_module [Perl]
+
+ *) Move ap_set_last_modified to the core. This is a potentially
+ controversial change, because this is kind of HTTP specific. However
+ many protocols should be able to take advantage of this kind of
+ information. I expect that headers will need one more layer of
+ indirection for multi-protocol work, but this is a small step in
+ the right direction. [Ryan Bloom]
+
+ *) Enable mod_status by default. This matches what Apache 1.3 does.
+ [Ed Korthof]
+
+ *) Add a ScriptSock directive to the default config file. This is
+ only enabled when mod_cgid is used.
+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
+
+Changes with Apache 2.0.15
+
+ *) Untangled the buildconf script and eliminated the need for build's
+ aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other
+ libtool muck that is now under srclib/apr/build. [Roy Fielding]
+
+ *) Win32: Don't accept more connections than we have worker threads
+ to handle.
+ [Bill Stoddard]
+
+ *) Fix bug in the Unix threaded.c MPM that allowed child processes
+ to fork() new child processes.
+ [Bill Stoddard]
+
+ *) SECURITY: Fix a major security problem with double-reverse lookup
+ checking. Previously, a client connecting over IPv4 would not be
+ matched properly when the server had an IPv6 listening socket.
+ PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>]
+
+ *) Change the way the beos MPM handles polling to allow it to stop and
+ restart. Problem was the sockets being polled were being reset by
+ the select call, so once it had accepted a connection it was no
+ longer listening on the UDP socket we use for shutdown instructions.
+ APR needs to be altered, patch on it's way. [David Reid]
+
+ *) Empty out the brigade shared by ap_getline()/ap_get_client_block()
+ on error exit from ap_getline(). Some other code got upset because
+ the wrong data was in the brigade. [Greg Ames, Jeff Trawick]
+
+ *) Handle ap_discard_request_body() being called more than once.
+ [Greg Ames, Jeff Trawick]
+
+ *) Get rid of an inadvertent close of file descriptor 2 in
+ mod_mime_magic. [Greg Ames, Jeff Trawick]
+
+ *) Add a hook, create_request. This hook allows modules to modify
+ a request while it is being created. This hook is called for all
+ request_rec's, main request, sub request, and internal redirect.
+ When this hook is called, the r->main, r->prev, r->next
+ pointers have been set, so modules can determine what kind of
+ request this is. [Ryan Bloom]
+
+ *) Cleanup the build process a bit more. The Apache configure
+ script no longer creates its own helper scripts, it just
+ uses APR's.
+ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
+
+ *) Stop the forced downgrade of the connection to HTTP/1.0 for
+ proxy requests. [Graham Leggett]
+
+ *) Avoid using sscanf to determine the HTTP protocol number in
+ the common case because sscanf is a performance hog. From
+ Mike Abbot's Accelerating Apache patch number 6.
+ [Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]
+
+ *) SECURITY: Fix a security exposure in mod_access. Previously when
+ IPv6 listening sockets were used, allow/deny-from-IPv4-address rules
+ were not evaluated properly (PR #7407). Also, add the ability to
+ specify IPv6 address strings with optional prefix length on Allow
+ and Deny. [Jeff Trawick]
+
+ *) Enhance rotatelogs so that a UTC offset can be specified, and
+ the logfile name can be formatted using strftime(3). (Brought
+ forward from 1.3.) [Ken Coar]
+
+ *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling
+ DuplicateHandle on an IOCompletionPort (a practice which
+ MS "discourages"). The new model does not rely on associating
+ the completion port with the listening sockets, thus the
+ completion port can be completely managed within the child
+ process. A dedicated thread accepts connections off the network,
+ then calls PostQueuedCompletionStatus() to wake up worker
+ threads blocked on the completion port.
+ [Bill Stoddard]
+
+ *) Bring forward the --suexec-umask option which allows the
+ builder to preset the umask for suexec processes. [Ken Coar]
+
+ *) Add a -V flag to suexec, which causes it to display the
+ compile-time settings with which it was built. (Only
+ usable by root or the AP_HTTPD_USER username.) [Ken Coar]
+
+ *) Mod_include should always unset the content-length if the file is
+ going to be passed through send_parsed_content. There is no to
+ determine if the content will change before actually scanning the
+ entire content. It is far safer to just remove the C-L as long
+ as we are scanning it. [Ryan Bloom]
+
+ *) Make sure Apache sends WWW-Authenticate during a reverse proxy
+ request and not Proxy-Authenticate.
+ [Graham Leggett <minfrin sharp.fm>]
+
+Changes with Apache 2.0.14
+
+ *) Fix content-length computation. We ONLY compute a content-length if
+ We are not in a 1.1 request and we cannot chunk, and this is a keepalive
+ or we already have all the data. [Ryan Bloom]
+
+ *) Report unbounded containers in the config file. Previously, a typo
+ in the </container> directive could result in the rest of the config
+ file being silently ignored, with undesired defaults used.
+ [Jeff Trawick]
+
+ *) Make the old_write filter use the ap_f* functions for the buffering.
+ [Ryan Bloom]
+
+ *) Move more code from the http module into the core server. This
+ is core code, basically the default handler, the default input
+ and output filters, and all of the core configuration directives.
+ All of this code is required in order for the server to work, with or
+ without HTTP. The server is closer to working without the HTTP
+ module, although there is still more to do. [Ryan Bloom]
+
+ *) Fix a number of SGI compile warnings throughout the server. Fix some
+ bad parameters to apr_bucket_read(). Fix a bad statement in
+ ap_method_in_list(). For the mod_rewrite cache use apr_time_t
+ consistently; we were mixing apr_time_t and time_t in invalid ways
+ before. In load_file(), call apr_dso_error() instead of
+ apr_strerror() so that we get a more specific string on some platforms.
+ PR #6980 [Jeff Trawick]
+
+ *) Allow modules to query the MPM about it's execution profile. This
+ query API can and should be extended in the future, but for now,
+ max_daemons, and threading or forking is a very good start.
+ [Jon Travis <jtravis covalent.net>]
+
+ *) Modify mod_include to send blocks of data no larger than 9k.
+ Without this, mod_include will wait until the whole file is parsed,
+ or the first tag is found to send any data to the client.
+ [Paul J. Reder <rederpj raleigh.ibm.com>]
+
+ *) Fix mod_info, so that <Directory> and <Location> directives are
+ not displayed twice when displaying the current configuration.
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Add config directives to override DEFAULT_ERROR_MSG and
+ DEFAULT_TIME_FORMAT. This was sent in as PR 6193.
+ [Dan Rench <drench xnet.com>]
+
+ *) Get mod_info building and loading on Win32. [William Rowe]
+
+ *) Begin to move protocol independant functions out of mod_http. The goal
+ is to have only functions that are HTTP specific in the http directory.
+ [Ryan Bloom]
+
+Changes with Apache 2.0.13
+
+ *) Don't assume that there will always be multiple calls to the byterange
+ filter. It is possible that we will need to do byteranges with only
+ one call to the filter. [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Move the error_bucket definition from the http module to the
+ core server. Every protocol will need this ability, not just
+ HTTP. [Ryan Bloom]
+
+Changes with Apache 2.0.12
+
+ *) Modify mod_file_cache to save pre-formatted strings for
+ content-length and last-modified headers for performance.
+ [Mike Abbot <mja trudge.engr.sgi.com>]
+
+ *) Namespace protect IOBUFSIZ since it is exposed in the API.
+ [Jon Travis <jtravis covalent.net>]
+
+ *) Use "Basic" authentication instead of "basic" in ab, as the spec
+ says we should. [Andre Breiler <andre.breiler rd.bbc.co.uk>]
+
+ *) Fix a seg fault in mod_userdir.c. We used to use the pw structure
+ without ever filling it out. This fixes PR 7271.
+ [Taketo Kabe <kabe sra-tohoku.co.jp> and
+ Cliff Woolley <cliffwoolley yahoo.com>]
+
+ *) Add a couple of GCC attribute tags to printf style functions.
+ [Jon Travis <jtravis covalent.net>]
+
+ *) Add the correct language tag for interoperation with the Taiwanese
+ versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142
+
+ *) Migrate the perchild MPM to use the new apr signal child, and
+ APR thread functions. [Ryan Bloom]
+
+ *) Close one copy of the CGI's stdout before creating the new process.
+ The CGI will still have stdout, because we have already dup'ed it.
+ This keeps Apache from waiting forever to send the results of a CGI
+ process that has forked a long-lived child process.
+ [Taketo Kabe <kabe sra-tohoku.co.jp>]
+
+ *) Remove the rest of the pthreads functions from the threaded MPM.
+ This requires the APR support for a signal thread that was just
+ added. [Ryan Bloom]
+
+ *) Make mod_dir use a fixup for sending a redirect to the browser.
+ Before this, we were using a handler, which doesn't make much
+ sense, because the handler wasn't generating any data, it would
+ either return a redirect error code, or DECLINED. This fits the
+ current hooks better. [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Make the threaded MPM use APR threads instead of pthreads.
+ [Ryan Bloom]
+
+ *) Get mod_tls to the point where it actually appears to work in all cases.
+ [Ben Laurie]
+
+ *) implement --enable-modules and --enable-mods-shared for "all" and
+ "most". [Greg Stein]
+
+ *) Move the threaded MPM to use APR locks instead of pthread locks.
+ [Ryan Bloom]
+
+ *) Rename mpmt_pthread to threaded. This is more in line with the
+ fact that mpmt_pthread shouldn't be using pthreads directly, and
+ it is a smaller name that doesn't tie into anything.
+ [Ryan Bloom]
+
+ *) Rename the module structures so that the exported symbol matches
+ the file name, and it is easier to automate the installation
+ process (generating LoadModule directives from the module filenames).
+ [Martin Kraemer]
+
+ *) Remove the coalesce filter. With the ap_f* functions, this filter
+ is no longer needed. [Ryan Bloom]
+
+Changes with Apache 2.0.11
+
+ *) Remove the dexter MPM. Perchild is the same basic idea, but it has the
+ added feature of allowing a uid/gid per child process. If no
+ uid/gid is specified, then Perchild behaves exactly like dexter.
+ [Ryan Bloom]
+
+ *) Get perchild building again. [Ryan Bloom]
+
+ *) Don't disable threads just because we are using the prefork MPM.
+ If somebody wants to compile without threads, they must now add
+ --disable-threads to the configure command line. [Ryan Bloom]
+
+ *) Begin to move the calls to update_child_status into common code, so
+ that each individual MPM does not need to update the scoreboard itself.
+ [Ryan Bloom]
+
+ *) Allow mod_tls to compile under Unix boxes where openssl has been
+ installed to the system include files.
+ [Gomez Henri <new-httpd slib.fr>]
+
+ *) Cleanup the mod_tls configure process. This should remove any need
+ to hand-edit any files. We require OpenSSL 0.9.6 or later, but
+ configure doesn't check that yet. [Ryan Bloom]
+
+ *) Add a very early prototype of SSL support (in mod_tls.c). It is
+ vital that you read modules/tls/README before attempting to build
+ it. [Ben Laurie]
+
+ *) Fix a potential seg fault on all platforms. David Reid fixed this
+ on BEOS, but the problem could happen anywhere, so we don't want
+ to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
+
+ *) Add new LogFormat directive, %D, to log time it takes to serve a
+ request in microseconds. [Bill Stoddard]
+
+ *) Change AddInputFilter and AddOutputFilter to SetInputFilter and
+ SetOutputFilter. This corresponds nicely with the other Set
+ directives, which operate on containers while the Add* directives
+ tend to work directly on extensions. [Ryan Bloom]
+
+ *) Cleanup the header handling a bit. This uses the apr_brigade_*
+ functions for the buffering so that we don't need to compute
+ the length of the headers before we actually create the header
+ buffer. [Ryan Bloom]
+
+ *) Allow filters to buffer data using the ap_f* functions. These have
+ become macros that resolve directly to apr_brigade_*.
+ [Ryan Bloom]
+
+ *) Get the Unix MPM's to do a graceful restart again. If we are going
+ to register a cleanup with ap_cleanup_scoreboard, then we have to
+ kill the cleanup with the same function, and that function can't be
+ static. [Ryan Bloom]
+
+ *) Install all required header files. Without these, it was not
+ possible to compile some modules outside of the server.
+ [Ryan Bloom]
+
+ *) Fix the AliasMatch directive in Apache 2.0. When we brought a patch
+ forward from 1.3 to 2.0, we missed a single line, which broke regex
+ aliases. [Ryan Bloom]
+
+ *) We have a poor abstraction in the protocol. This is a temporary
+ hack to fix the bug, but it will need to be fixed for real. If
+ we find an error while sending out a custom error response, we back
+ up to the first non-OK request and send the data. Then, when we send
+ the EOS from finalize_request_protocol, we go to the last request,
+ to ensure that we aren't sending an EOS to a request that has already
+ received one. Because the data is sent on a different request than
+ the EOS, the error text never gets sent down the filter stack. This
+ fixes the problem by finding the last request, and sending the data
+ with that request. [Ryan Bloom]
+
+ *) Make the server status page show the correct restart time, and
+ thus the proper uptime. [Ryan Bloom]
+
+ *) Move the CGI creation logic from mod_include to mod_cgi(d). This
+ should reduce the amount of duplicate code that is required to
+ create CGI processes.
+ [Paul J. Reder <rederpj raleigh.ibm.com>]
+
+ *) ap_new_connection() closes the socket and returns NULL if a socket
+ call fails. Usually this is due to a connection which has been
+ reset. [Jeff Trawick]
+
+ *) Move the Apache version information out of httpd.h and into release.h.
+ This is in preparation for the first tag with the new tag and release
+ system. [Ryan Bloom]
+
+ *) Begin restructuring scoreboard code to enable adding back in
+ the ability to use IPC other than shared memory.
+ Get mod_status working on Windows again. [Bill Stoddard]
+
+ *) Make mod_status work with 2.0. This will work for prefork,
+ mpmt_pthread, and dexter. [Ryan Bloom]
+
+ *) Correct a typo in httpd.conf.
+ [Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154
+
+ *) Really fix mod_rewrite map lookups this time. [Tony Finch]
+
+ *) Get the correct IP address if ServerName isn't set and we can't
+ find a fully-qualified domain name at startup.
+ PR#7170 [Danek Duvall <dduvall eng.sun.com>]
+
+ *) Make mod_cgid work with SuExec. [Ryan Bloom]
+
+ *) Adopt apr user/group name features for mod_rewrite. Eliminates some
+ 'extra' stat's for user/group since they should never occur, and now
+ resolves the SCRIPT_USER and SCRIPT_GROUP, including on WinNT NTFS
+ volumes. [William Rowe]
+
+ *) Adopt apr features to simplify mod_includes. This changes the
+ behavior of the USER_NAME variable, unknown uid's are now reported
+ as USER_NAME="<unknown>" rather than the old user#000 result.
+ WinNT now resolves USER_NAME on NTFS volumes. [William Rowe]
+
+ *) Adopt apr features for simplifing mod_userdir, and accept the new
+ Win32/OS2 exceptions without hiccuping. [William Rowe]
+
+ *) Replace configure --with-optim option by using and saving the
+ environment variable OPTIM instead. This is needed because configure
+ options do not support multiple flags separated by spaces.
+ [Roy Fielding]
+
+ *) Fix some byterange handling. If we get a byte range that looks like
+ "-999999" where that is past the end of the file, we should return
+ a PARTIAL CONTENT status code, and return the whole file as one big
+ byterange. This matches the 1.3 handling now. [Ryan Bloom]
+
+ *) Make the error bucket a real meta-data bucket. This means that the
+ bucket length is 0, and a read returns NULL data. If one of these
+ buckets is passed down after the headers are sent, this data will
+ just be ignored. [Greg Stein]
+
+ *) The prefork MPM wasn't killing child processes correctly if a restart
+ signal was received while the process was serving a request. The child
+ process would become the equivalent of a second parent process. If
+ we break out of the accept loop, then we need to do die after cleaning
+ up after ourselves. [Ryan Bloom]
+
+ *) Change the Prefork MPM to use SIGWINCH instead of SIGUSR1 for graceful
+ restarts. [Ryan Bloom]
+
+ *) Modify the apr_stat/lstat/getfileinfo calls within apache to use
+ the most optimal APR_FINFO_wanted bits. This spares Win32 from
+ performing very expensive owner, group and permission lookups
+ and allows the server to function until these apr_finfo_t fields
+ are implemented under Win32. [William Rowe]
+
+ *) Support for typedsafe optional functions - that is functions exported by
+ optional modules, which, therefore, may or may not be present, depending
+ on configuration. See the experimental modules mod_optional_fn_{ex,im}port
+ for sample code. [Ben Laurie]
+
+ *) filters can now report an HTTP error to the server. This is done
+ by sending a brigade where the first bucket is an error_bucket.
+ This bucket is a simple bucket that stores an HTTP error and
+ a string. Currently the string is not used, but it may be needed
+ to output an error log. The http_header_filter will find this
+ bucket, and output the error text, and then return
+ AP_FILTER_ERROR, which informs the server that the error web page
+ has already been sent. [Ryan Bloom]
+
+ *) If we get an error, then we should remove all filters except for
+ those critical to serving a web page. This fixes a bug, where
+ error pages were going through the byterange filter, even though
+ that made no sense. [Ryan Bloom]
+
+ *) Relax the syntax checking of Host: headers in order to support
+ iDNS. PR#6635 [Tony Finch]
+
+ *) Cleanup the byterange filter to use the apr_brigade_partition
+ and apr_bucket_copy functions. This removes a lot of very messy
+ code, and hopefully makes this filter more stable.
+ [Ryan Bloom]
+
+ *) Remove AddModule and ClearModuleList directives. Both of these
+ directives were used to ensure that modules could be enabled
+ in the correct order. That requirement is now gone, because
+ we use hooks to ensure that modules are in the correct order.
+ [Ryan Bloom]
+
+ *) When SuExec is specified, we need to add it to the list of
+ targets to be built. If we don't, then any changes to the
+ configuration won't affect SuExec, unless 'make suexec' is
+ specifically run. [Ryan Bloom]
+
+ *) Cleaned out open_file from mod_file_cache, as apr now accepts
+ the APR_XTHREAD argument to open a file for consumption by
+ parallel threads on win32. [William Rowe]
+
+ *) Correct a bug in determining when we follow symlinks. The code
+ expected a stat -1 result, not an apr_status_t positive error.
+ Also check if the APR_FINFO_USER fields are valid before we
+ follow the link. [William Rowe]
+
+ *) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
+ mpm_common.c. These functions are only valid on some platforms,
+ so they should not be in the main-line code. [Ryan Bloom]
+
+ *) Remove ap_chdir_file(). This function is not thread-safe,
+ and nobody is currently using it. [Ryan Bloom]
+
+ *) Do not try to run make depend if there are no .c files in the
+ current directory, doing so makes `make depend` fail.
+ [Ryan Bloom]
+
+ *) Update highperformance.conf to work with either prefork or
+ pthreads mpms. [Greg Ames]
+
+ *) Stop checking to see if this is a pipelined request if we know
+ for a fact that it isn't. Basically, if r->connection->keepalive == 0.
+ This keeps us from making an extra read call when serving a 1.0
+ request. [Ryan Bloom and Greg Stein]
+
+ *) Fix the handling of variable expansion look-ahead in mod_rewrite,
+ i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
+ more complicated nested RewriteMap lookups. PR#7087 [Tony Finch]
+
+ *) Fix the RFC number mentioned when complaining about a missing
+ Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]
+
+ *) Fix an endless loop in ab which occurred when ab was posting
+ and the server dropped the connection unexpectedly.
+ [Jeff Trawick]
+
+ *) Fix a segfault while handling request bodies in ap_http_filter().
+ This problem has been seen with mod_dav usage as well as with
+ requests where the body was just being discarded. [Jeff Trawick]
+
+ *) Some adjustment on the handling and automatic setting (via
+ hints.m4) of various compilation flags (eg: CFLAGS). Also,
+ add the capability to specify flags (NOTEST_CFLAGS and
+ NOTEST_LDFLAGS) which are used to compile Apache, but
+ not used during the configuration process. Useful for
+ flags like "-Werror". [Jim Jagielski]
+
+ *) Stop using environment variables to force debug mode or
+ no detach. We now use the -D command line argument to
+ specify the correct mode. -DONE_PROCESS and -DNO_DETACH.
+ [Greg Stein, Ryan Bloom]
+
+ *) Change handlers to use hooks. [Ben Laurie]
+
+ *) Stop returning copies of filenames from both apr_file_t and
+ apr_dir_t. We pstrdup the filenames that we store in the
+ actual structures, so we don't need to pstrdup the strings again.
+ [Ryan Bloom]
+
+ *) mod_cgi: Fix some problems where the wrong error value was being
+ traced. [Jeff Trawick]
+
+ *) EBCDIC: Fix some missing ASCII conversion on some protocol data.
+ [Jeff Trawick]
+
+ *) Add generic hooks. [Ben Laurie]
+
+ *) Use a real pool to dup the error log descriptor. [Ryan Bloom]
+
+ *) Fix a segfault caused by mod_ext_filter when the external filter
+ program does not exist. [Jeff Trawick]
+
+ *) Fix an output truncation error when on an HTTP >= 1.0 request an
+ object of size between DEFAULT_BUCKET_SIZE and AP_MIN_BYTES_TO_WRITE
+ was served through mod_charset_lite (or anything else that would
+ create a transient bucket in this size range). ap_bucket_make_heap()
+ silently failed (fixed), transient_setaside() discovered it, but
+ ap_save_brigade() ignored it (fixed). [Jeff Trawick]
+
+ *) Ignore \r\n or \n when using PEEK mode for input filters. The problem
+ is that some browsers send extra lines at the end of POST requests, and
+ we don't want to delay sending data back to the user just because the
+ browser isn't well behaved. [Ryan Bloom]
+
+ *) Get SuEXEC working again. We can't send absolute paths to suExec
+ because it refuses to execute those programs. SuEXEC also wasn't
+ always recognizing configuration changes made using the autoconf
+ setup. [Ryan Bloom]
+
+ *) Allow the buildconf process to find the config.m4 files in the correct
+ order. Basically, we can now name config.m4 files as config\d\d.m4,
+ and we will sort them correctly when inserting them into the build
+ process. [Ryan Bloom]
+
+ *) Get mod_cgid to use apr calls for creating the actual CGI process.
+ This also allows mod_cgid to use ap_os_create_priviledged_process,
+ thus allowing for SuExec execution from mod_cgid. Currently, we do
+ not support everything that standard SuExec supports, but at least
+ it works minimally now. [Ryan Bloom]
+
+ *) Allow SuExec to be configured from the ./configure command line.
+ [Ryan Bloom]
+
+ *) Update some of the docs in README and INSTALL to reflect some of
+ the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]
+
+ *) If we get EAGAIN returned from the call to apr_sendfile, then we
+ need to call sendfile again. This gets us serving large files
+ such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]
+
+ *) Get the support programs building cleanly again.
+ [Cliff Woolley <cliffwoolley yahoo.com>]
+
+ *) The Apache/Win32 Apache.exe and dll's now live in bin. The
+ current directory logic now backs up over bin/ to determine the
+ server root from the Apache.exe path.
+
+ *) Apache/Win32 now follows the standard conventions of mod_foo.so
+ loadable modules, dynamic libs are all named libfoo.dll, and the
+ makefile.win populates the include, lib and libexec directories.
+
+ *) Apache is now IPv6-capable. On systems where APR supports IPv6,
+ Apache gets IPv6 listening sockets by default. Additionally, the
+ Listen, NameVirtualHost, and <VirtualHost> directives support IPv6
+ numeric address strings (e.g., "Listen [fe80::1]:8080").
+ [Jeff Trawick]
+
+ *) Modify the install directory layout. Modules are now installed in
+ modules/. Shared libraries should be installed in libraries/, but
+ we don't have any of those on Unix yet. All install directories
+ are modifyable at configure time. [Ryan Bloom]
+
+ *) Install all header files in the same directory on Unix. [Ryan Bloom]
+
+ *) Get the functions in server/linked into the server, regardless of
+ which modules linked into the server. This uses the same hack
+ for Apache that we use for APR and apr-util to ensure all of the
+ necessary functions are linked. As a part of thise, the CHARSET_EBCDIC
+ was renamed to AP_CHARSET_EBCDIC for namespace protection, and to make
+ the scripts a bit easier.
+ [Ryan Bloom]
+
+ *) Rework the RFC1413 handling to make it thread-safe, use a timeout
+ on the query, and remove IPv4 dependencies. [Jeff Trawick]
+
+ *) Get all of the auth modules to the point that they will install and
+ be loadable into the server. Our new build/install mechanism expects
+ that all modules will have a common name format. The auth modules
+ didn't use that format, so we didn't install them properly.
+ [Ryan Bloom]
+
+ *) API routines ap_pgethostbyname() and ap_pduphostent() are no longer
+ available. Use apr_getaddrinfo() instead. [Jeff Trawick]
+
+ *) Get "NameVirtualHost *" working in 2.0. [Ryan Bloom]
+
+ *) Return HTTP_RANGE_NOT_SATISFIABLE if the every range requested starts
+ after the end of the response. [Ryan Bloom]
+
+ *) Get byterange requests working with responses that do not have a
+ content-length. Because of the way byterange requests work, we have to
+ have all of the data before we can actually do the byterange, so we
+ can compute the content-length in the byterange filter.
+ [Ryan Bloom]
+
+ *) Get exe CGI's working again on Windows.
+ [Allan Edwards]
+
+ *) Get mod_cgid and mod_rewrite to work as DSOs by changing the way
+ they keep track of whether or not their post config hook has been
+ called before. Instead of a static variable (which is replaced when
+ the DSO is loaded a second time), use userdata in the process pool.
+ [Jeff Trawick]
+
+Changes with Apache 2.0a9
+
+ *) Win32 now requires perl to complete the final install step for users
+ to build + install on Win32. Makefile.win now rewrites @@ServerRoot@
+ and installs the conf, htdocs and htdocs/manual directories.
+ [William Rowe]
+
+ *) Make mod_include use a hash table to associate directive tags with
+ functions. This allows modules to implement their own SSI tags easily.
+ The idea is simple enough, a module can insert it's own tag and function
+ combination into a hash table provided by mod_include. While mod_include
+ parses an SSI file, when it encounters a tag in the file, it does a
+ hash lookup to find the function that implements that tag, and passes
+ all of the relevant data to the function. That function is then
+ responsible for processing the tag and handing the remaining data back
+ to mod_include for further processing.
+ [Paul J. Reder <rederpj raleigh.ibm.com>]
+
+ *) Get rid of ap_new_apr_connection(). ap_new_connection() now has
+ fewer parameters: the local and remote socket addresses were removed
+ from the parameter list because all required information is available
+ via the APR socket. [Jeff Trawick]
+
+ *) Distribution directory structure reorganized to reflect a
+ normal source distribution with external install targets.
+ [Roy Fielding]
+
+ *) The MPMs that need multiple segments of shared memory now create
+ two apr_shmem_t variables, one for each shared memory allocation.
+ the problem is that we can't determine how much memory will be required
+ for shared memory allocations once we try to allocate more than one
+ variable. The MM code automatically aligns the shared memory allocations,
+ so we end up needing to pad the amount of shared memory we want based
+ on how many variables will be allocated out of the shared memory segment.
+ It is just easier to create a second apr_shmem_t variable, and two
+ shmem memory blocks.
+ [Ryan Bloom]
+
+ *) Cleanup the export list a bit. This creates a single unified list of
+ functions exported by APR. The export list is generated at configure
+ time, and that list is then used to generate the exports.c file.
+ Because of the way the export list is generated, we only export those
+ functions that are valid on the platform we are building on.
+ [Ryan Bloom]
+
+ *) Enable logging the cookie with mod_log_config
+ [Sander van Zoest <sander covalent.net>]
+
+ *) Fix a segfault in mod_info when it reaches the end of the configuration.
+ [Jeff Trawick]
+
+ *) Added lib/aputil/ as a placeholder for utility functions which are not
+ specific to the Apache HTTP Server (but do not make sense with APR).
+ The first utility is "apu_dbm": a set of functions to work with DBM
+ files. This first version can be compiled for SDBM or GDBM databases.
+ [Greg Stein]
+
+ *) Complete re-write of mod_include. This makes mod_include a filter that
+ uses buckets directly. This has now served the FAQ correctly.
+ [Paul Reder <rederpj raleigh.ibm.com>]
+
+ *) Allow modules to specify the first filter in a sub_request when
+ making the sub_request. This keeps modules from having to change the
+ output_filter immediately after creating the sub-request, and therefore
+ skip the sub_req_output_filter. [Ryan Bloom]
+
+ *) Update ab to accept URLs with IPv6 literal address strings (in the
+ format described in RFC 2732), and to build Host header fields in
+ the same format. This allows IPv6 literal address strings to be
+ used with ab. This support has been tested against Apache 1.3 with
+ the KAME patch, but Apache 2.0 does not yet work with this format
+ of the Host header field. [Jeff Trawick]
+
+ *) Accomodate an out-of-space condition in the piped logs and the
+ rotatelogs.c code, and no longer churn log processes for this
+ condition. [Victor J. Orlikowski]
+
+ *) Add support for partial writes with apr_sendfile() to core_output_filter.
+ [Greg Ames]
+
+Changes with Apache 2.0a8
+
+ *) Add a directive to mod_mime so that filters can be associated with
+ a given mime-type.
+ [Ryan Bloom]
+
+ *) Get multi-views working again. We were setting the path_info
+ field incorrectly if we couldn't find the specified file.
+ [Ryan Bloom]
+
+ *) Fix 304 processing. The core should never try to send the headers
+ down the filter stack. Always, just setup the table in the request
+ record, and let the header filter convert it to data that is ready
+ for the network.
+ [Ryan Bloom]
+
+ *) More fixes for the proxy. There are still bugs in the proxy code,
+ but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP)
+ successfully.
+ [Ryan Bloom]
+
+ *) Fix params for apr_getaddrinfo() call in connect proxy handler.
+ [Chuck Murcko]
+
+ *) APR: Add new apr_getopt_long function to handle long options.
+ [B. W. Fitzpatrick <fitz red-bean.com>]
+
+ *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname.
+ Add generic apr_create_socket(). Add apr_getaddrinfo() for doing
+ hostname resolution/address string parsing and building
+ apr_sockaddr_t. Add apr_get_sockaddr() for getting the address
+ of one of the apr_sockaddr_t structures for a socket. Change
+ apr_bind() to take apr_sockaddr_t. [David Reid and Jeff Trawick]
+
+ *) Remove the BUFF from the HTTP proxy. This is still a bit ugly, but
+ I have proxied pages with it, cleanup will commence soon.
+ [Ryan Bloom]
+
+ *) Make the proxy work with filters. This isn't perfect, because we
+ aren't dealing with the headers properly. [Ryan Bloom]
+
+ *) Do not send a content-length iff the C-L is 0 and this is a head
+ request. [Ryan Bloom]
+
+ *) Make cgi-bin work as a regular directory when using mod_vhost_alias
+ with no VirtualScriptAlias directives. PR#6829 [Tony Finch]
+
+ *) Remove BUFF from the PROXY connect handling. [Ryan Bloom]
+
+ *) Get the default_handler to stop trying to deal with HEAD requests.
+ The idea is to let the content-length filter compute the C-L before
+ we try to send the data. If we can get the C-L correctly, then we
+ should send it in the HEAD response.
+ [Ryan Bloom]
+
+ *) The Header filter can now determine if a body should be sent based
+ on r->header_only. The general idea of this is that if we delay
+ deciding to send the body, then we might be able to compute the
+ content-length correctly, which will help caching proxies to cache
+ our data better. Any handler that doesn't want to try to compute
+ the content-length can just send an EOS bucket without data and
+ everything will just work.
+ [Ryan Bloom]
+
+ *) Add the referer to the error log if one is available.
+ [Markus Gyger <mgyger itr.ch>]
+
+ *) Mod_info.c has now been ported to Apache 2.0. As a part of this
+ change, the root of the configuration tree has been exposed to modules
+ as ap_conftree.
+ [Ryan Morgan <rmorgan covalent.net>]
+
+ *) Get the core_output_filter to use the bucket interface directly.
+ This keeps us from calling the content-length filter multiple times
+ for a simple static request.
+ [Ryan Bloom]
+
+ *) We are sending the content-type correctly now.
+ [Ryan Bloom and Will Rowe]
+
+ *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report
+ a bogus bytes-sent value when the only thing being sent was trailers
+ and writev() returned an error (or EAGAIN). [Jeff Trawick]
+
+ *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again. This uses the
+ hints file to determine which platforms define
+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
+ [Ryan Bloom]
+
+ *) APR: add apr_get_home_directory() [Jeff Trawick]
+
+ *) Initial import of 1.3-current mod_proxy. [Chuck Murcko]
+
+ *) Not all platforms have INADDR_NONE defined by default. Apache
+ used to make this check and define INADDR_NONE if appropriate,
+ but APR needs the check too, and I suspect other applications will
+ as well. APR now defines APR_INADDR_NONE, which is always a valid
+ value on all platforms.
+ [Branko Čibej <brane xbc.nu>]
+
+ *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824.
+ [Shuichi Kitaguchi <ki hh.iij4u.or.jp>]
+
+ *) Relax the syntax checking of Host: headers in order to support
+ iDNS. PR#6635 [Tony Finch]
+
+ *) When reading from file buckets we convert to an MMAP if it makes
+ sense. This also simplifies the default handler because the
+ default handler no longer needs to try to create MMAPs.
+ [Ryan Bloom]
+
+ *) BUFF has been removed from the main server. The BUFF code will remain
+ in the code until it has been purged from the proxy module as well.
+ [Ryan Bloom]
+
+ *) Byteranges have been completely re-written to be a filter. This
+ has been tested, and I believe it is working correctly, but it could
+ doesn't work for the Adobe Acrobat plug-in. The output almost matches
+ the output from 1.3, the only difference being that 1.3 includes
+ a content-length in the response, and this does not.
+ [Ryan Bloom]
+
+ *) APR read/write functions and bucket read functions now operate
+ on unsigned integers, instead of signed ones. It doesn't make
+ any sense to use signed ints, because we return the error codes,
+ so if we have an error we should report 0 bytes read or written.
+ [Ryan Bloom]
+
+ *) Always compute the content length, whether it is sent or not.
+ The reason for this, is that it allows us to correctly report
+ the bytes_sent when logging the request. This also simplifies
+ content-length filter a bit, and fixes the actual byte-reporing
+ code in mod_log_config.c
+ [Ryan Bloom]
+
+ *) Remove AP_END_OF_BRIGADE definition. This does not signify what
+ it says, because it was only used by EOS and FLUSH buckets. Since
+ neither of those are required at the end of a brigade, this was
+ really signifying FLUSH_THE_DATA, but that can be determined better
+ by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH. EOS and FLUSH
+ buckets now return a length of 0, which is actually the amount of data
+ read, so they make more sense.
+ [Ryan Bloom]
+
+ *) Allow the core_output_filter to save some data past the end of a
+ request. If we get an EOS bucket, we only send the data if it
+ makes sense to send it. This allows us to pipeline request
+ responses. As a part of this, we also need to allocate mmap
+ buckets out of the connection pool, not the request pool. This
+ allows the mmap to outlive the request.
+ [Ryan Bloom]
+
+ *) Make blocking and non-blocking bucket reads work correctly for
+ sockets and pipes. These are the only bucket types that should
+ have non-blocking reads, because the other bucket types should
+ ALWAYS be able to return something immediately.
+ [Ryan Bloom]
+
+ *) In the Apache/Win32 console window, accept Ctrl+C to stop the
+ server, but use Ctrl+Break to initiate a graceful restart
+ instead of duplicating behavior. [John Sterling]
+
+ *) Patch mod_autoindex to set the Last-Modified header based on
+ the directory's mtime, and add the ETag header. [William Rowe]
+
+ *) Merge the 1.3 patch to add support for logging query string in
+ such a way that "%m %U%q %H" is the same as "%r".
+ [Bill Stoddard]
+
+ *) Port three log methods from mod_log_config 1.3 to 2.0:
+ CLF compliant '-' byte count, method and protocol.
+ [Bill Stoddard]
+
+ *) Add a new LogFormat directive, %c, that will log connection
+ status at the end of the response as follows:
+ 'X' - connection aborted before the response completed.
+ '+' - connection may be kept-alive by the server.
+ '-' - connection will be closed by the server.
+ [Bill Stoddard]
+
+ *) Expand APR for WinNT to fully accept and return utf-8 encoded
+ Unicode file names and paths for Win32, and tag the Content-Type
+ from mod_autoindex to reflect that charset if the feature
+ macro APR_HAS_UNICODE_FS is true. [William Rowe]
+
+ *) Compute the content length (and add appropriate header field) for
+ the response when no content length is available and we can't use
+ chunked encoding. [Jeff Trawick]
+
+ *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK,
+ so that content input filters get dechunked data when using
+ the default handler. Also removed REQUEST_CHUNKED_PASS.
+ [Sascha Schumann]
+
+ *) Add mod_ext_filter as an experimental module. This module allows
+ the administrator to use external programs as filters. Currently,
+ only filtering of output is supported. [Jeff Trawick]
+
+ *) Most Apache functions work on EBCDIC machines again, as protocol
+ data is now translated (again). [Jeff Trawick]
+
+ *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of
+ the EBCDIC support. They are noops on ASCII machines, so this
+ type of translation doesn't have to be surrounded by #ifdef
+ CHARSET_EBCDIC. [Jeff Trawick]
+
+ *) Fix mod_include. tag commands work again, and the server will
+ send the FAQ again. This also allows mod_include to set aside
+ buckets that include partial buckets.
+ [Ryan Bloom and David Reid]
+
+ *) Add suexec support back. [Manoj Kasichainula]
+
+ *) Lingering close now uses the socket directly instead of using
+ BUFF. This has been tested, but since all we can tell is that it
+ doesn't fail, this needs to be really hacked on.
+ [Ryan Bloom]
+
+ *) Allow filters to modify headers and have those headers be sent to
+ the client. The idea is that we have an http_header filter that
+ actually sends the headers to the network. This removes the need
+ for the BUFF to send headers.
+ [Ryan Bloom]
+
+ *) Charset translation: mod_charset_lite handles translation of
+ request bodies. Get rid of the xlate version of ap_md5_digest()
+ since we don't compute digests of filtered (e.g., translated)
+ response bodies this way anymore. (Note that we don't do it at
+ all at the present; somebody needs to write a filter to do so.)
+ [Jeff Trawick]
+
+ *) Input filters and ap_get_brigade() now have a input mode parameter
+ (blocking, non-blocking, peek) instead of a length parameter.
+ [hackathon]
+
+ *) Update the mime.types file to the registered media types as
+ of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp home.net>,
+ Tony Finch]
+
+ *) Namespace protect some macros declared in ap_config.h
+ [Ryan Bloom]
+
+ *) Support HTTP header line folding with input filtering.
+ [Greg Ames]
+
+ *) Mod_include works again. This should still be re-written, but at
+ least now we can serve an SHTML page again.
+ [Ryan Bloom]
+
+ *) Begin to remove BUFF from the core. Currently, we keep a pointer
+ to both the BUFF and the socket in the conn_rec. Functions that
+ want to use the BUFF can, functions that want to use the socket,
+ can. They point to the same place.
+ [Ryan Bloom]
+
+ *) apr_psprintf doesn't understand %lld as a format. Make it %ld.
+ [Tomas Ögren <stric ing.umu.se>]
+
+ *) APR pipes on Unix and Win32 are now cleaned up automatically when the
+ associated pool goes away. (APR pipes on OS/2 were already had this
+ logic.) This resolvs a fatal file descriptor leak with CGIs.
+ [Jeff Trawick]
+
+ *) The final line of the config file was not being read if there was
+ no \n at the end of it. This was caused by apr_fgets returning
+ APR_EOF even though we had read valid data. This is solved by
+ making cfg_getline check the buff that was returned from apr_fgets.
+ If apr_fgets return APR_EOF, but there was data in the buf, then we
+ return the buf, otherwise we return NULL.
+ [Ryan Bloom]
+
+ *) Piped logs work again in the 2.0 series.
+ [Ryan Bloom]
+
+ *) Restore functionality broken by the mod_rewrite security fix:
+ rewrite map lookup keys and default values are now expanded
+ so that the lookup can depend on the requested URI etc.
+ PR #6671 [Tony Finch]
+
+ *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
+ security bug in some mass virtual hosting configurations
+ that can allow a remote attacker to retrieve some files
+ on the system that should be inaccessible. [Tony Finch]
+
+ *) Add a pool bucket type. This bucket is used for data allocated out
+ of a pool. If the pool is cleaned before the bucket is destroyed, then
+ the data is converted to a heap bucket, allowing it to survive the
+ death of the pool.
+ [Ryan Bloom]
+
+ *) Add a flush bucket. This allows modules to signal that the filters
+ should all flush whatever data they currently have. There is no way
+ to actually force them to do this, so if a filter ignores this bucket,
+ that's life, but at least we can try with this.
+ [Ryan Bloom]
+
+ *) Add an output filter for sub-requests. This filter just strips the
+ EOS bucket so that we don't confuse the main request's core output
+ filter by sending multiple EOS buckets. This change also makes sub
+ requests start to send EOS buckets when they are finished.
+ [Ryan Bloom]
+
+ *) Make ap_bucket_(read|destroy|split|setaside) into macros. Also
+ makes ap_bucket_destroy a return void, which is okay because it
+ used to always return APR_SUCCESS, and nobody ever checked its
+ return value anyway.
+ [Cliff Woolley <cliffwoolley yahoo.com>]
+
+ *) Remove the index into the bucket-type table from the buckets
+ structure. This has now been replaced with a pointer to the
+ bucket_type. Also add some macros to test the bucket-type.
+ [Ryan Bloom]
+
+ *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
+ for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
+ and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
+ All _VAR_ flavors changes to _DATA to be absolutely clear.
+ [William Rowe]
+
+ *) Add support for /, //, //servername and //server/sharename
+ parsing of <Directory> blocks under Win32 and OS2.
+ [Tim Costello, William Rowe, Brian Harvard]
+
+ *) Remove the function pointers from the ap_bucket type. They have been
+ replaced with a global table. Modules are allowed to register bucket
+ types and use then use those buckets.
+ [Ryan Bloom]
+
+ *) mod_cgid: In the handler, shut down the Unix socket (only for write)
+ once we finish writing the request body to the cgi child process;
+ otherwise, the client doesn't hit EOF on stdin. Small request bodies
+ worked without this change (for reasons I don't understand), but large
+ ones didn't. [Jeff Trawick]
+
+ *) Remove file bucket specific information from the ap_bucket type.
+ This has been moved to a file_bucket specific type that hangs off
+ the data pointer in the ap_bucket type.
+ [Ryan Bloom]
+
+ *) Input filtering now has a third argument. This is the amount of data
+ to read from lower filters. This argument can be -1, 0, or a positive
+ number. -1 means give me all the data you have, I'll deal with it and
+ let you know if I need more. 0 means give me one line and one line
+ only. A positive number means I want no more than this much data.
+
+ Currently, only 0 and a positive number are implemented. This allows
+ us to remove the remaining field from the conn_rec structure, which
+ has also been done.
+ [Ryan Bloom]
+
+ *) Big cleanup of the input filtering. The goal is that http_filter
+ understands two conditions, headers and body. It knows where it is
+ based on c->remaining. If c->remaining is 0, then we are in headers,
+ and http_filter returns a line at a time. If it is not 0, then we are
+ in body, and http_filter returns raw data, but only up to c->remaining
+ bytes. It can return less, but never more.
+ [Greg Ames, Ryan Bloom, Jeff Trawick]
+
+ *) mod_cgi: Write all of the request body to the child, not just what
+ the kernel would accept on the first write. [Jeff Trawick]
+
+ *) Back out the change that moved the brigade from the core_output_filters
+ ctx to the conn_rec. Since all requests over a given connection
+ go through the same core_output_filter, the ctx pointer has the
+ correct lifetime.
+ [Ryan Bloom]
+
+ *) Fix another bug in the send_the_file() read/write loop. A partial
+ send by apr_send would cause unsent data in the read buffer to
+ get clobbered. Complete making send_the_file handle partial
+ writes to the network.
+ [Bill Stoddard]
+
+ *) Fix a couple of type fixes to allow compilation on AIX again
+ [Victor J. Orlikowski <v.j.orlikowski gte.net>]
+
+ *) Fix bug in send_the_file() which causes offset to be ignored
+ if there are no headers to send.
+ [Bill Stoddard]
+
+ *) Handle APR_ENOTIMPL returned from apr_sendfile in the core
+ filter. Useful for supporting Windows 9* with a binary
+ compiled on Windows NT.
+ [Bill Stoddard]
+
+Changes with Apache 2.0a7
+
+ *) Reimplement core_output_filter to buffer/save bucket brigades
+ across multiple calls to the core_filter. The brigade will be
+ sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE
+ thresholds are hit or the EOS bucket is received.
+ [Bill Stoddard]
+
+ *) Create experimental filter (buffer_filter) that coalesces bytes
+ into one large buffer before invoking the next filter in the
+ chain. This filter is particularly useful with the current
+ implementation of mod_autoindex when it inserted above the
+ chunk_filter. mod_autoindex generates a lot of brigades that
+ containing buckets holding just a few bytes each. The
+ buffer_filter coalesces these buckets into a single large bucket.
+ [Bill Stoddard]
+
+ *) Add apr_sendfile() support into the core_output_filter.
+ [Bill Stoddard]
+
+ *) Add apr_sendv() support into the core_output_filter.
+ [Bill Stoddard]
+
+ *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS
+ [Mike Abbott <mja sgi.com>]
+
+ *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't
+ make much sense, because Apache uses buckets instead of BUFFs now.
+ [Ryan Bloom]
+
+ *) send_the_file now falls back to a read/write loop on platforms that
+ do not have sendfile.
+ [Ryan Bloom and Brian Havard]
+
+ *) Install apachectl correctly, and substitute the proper values so
+ that it works again. [Ryan Bloom]
+
+ *) Better(??) handle platforms that lack sendfile().
+ [Jim Jagielski]
+
+ *) APR now has UUID generation/formatting/parsing support.
+ [Greg Stein]
+
+ *) Begin the http_filter. This is an input filter that understands
+ the absolute basic amount required to parse an HTTP Request. The
+ goal is to be able to split headers from request body before passing
+ the data back to the other filters.
+ [Ryan Bloom]
+
+ *) Bring forward from 1.3.13 the config directory implementation
+ [Jim Jagielski]
+
+ *) install apxs if it is created
+ [Ryan Bloom]
+
+ *) Added APR_IS_STATUS_condition test macros to eliminate canonical error
+ conversions. [William Rowe]
+
+ *) Now that we have ap_add_input_filter(), rename ap_add_filter() to
+ ap_add_output_filter(). [Jeff Trawick]
+
+ *) Multiple build and configuration fixes
+ Build process:
+
+ -add datadir and localstatedir substitutions
+ -fix layout name
+ -fix logfilename misspelling
+ -fix evaluation of installation dir variables and
+ -replace $foobar by $(foobar) to be usefull in the makefile
+
+ Cross compile:
+
+ -add rules for cross-compiling in rules.mk. Okay, rule to check for
+ $CC_FOR_BUILD is still missing
+ -use CHECK_TOOL instead of CHECK_PROG for ranlib
+ -add missing "AR=@AR@" to severaly Makefile.in's
+ -cache result for "struct rlimit"
+ -compile all helper programs with native and cross compiler
+ and use the native version to generate header file
+ [Rüdiger Kuhlmann <Tadu gmx.de>]
+
+ *) Prepare our autoconf setup for autoconf 2.14a and for cross-
+ compiling.
+ [Rüdiger Kuhlmann <Tadu gmx.de>]
+
+ *) Fix a bug where a client which only sends \n to delimit header
+ lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED
+ message. Start working on ebcdic co-existance with input
+ filtering.
+ [William Rowe, Greg Ames]
+
+ *) If mod_so is enabled in the server always create libexec, even
+ if there are no modules installed in this directory. This is a
+ requirement for APXS to work correctly.
+ [Ryan Bloom]
+
+ *) Connection oriented output filters are now stored in the
+ conn_rec instead of the request_rec. This allows us to add the
+ output filter in the pre-connection phase instead of the
+ post_read_request phase, which keeps us from trying to write an
+ error page before we have a filter to write to the network.
+ [Ryan Bloom, Jeff Trawick, and Greg Ames]
+
+ *) Cleaning up an mmap bucket no longer deletes the mmap. An
+ mmap can be used across multiple buckets (default_handler with
+ byte ranges, mod_file_cache, mod_mmap_static), so cleanup of
+ the mmap itself can't be associated with the bucket.
+ [Jeff Trawick]
+
+ *) Add .dll caching directive ISAPICacheFile to mod_isapi.
+ [William Rowe]
+
+ *) Radical surgery to improve mod_isapi support under Win32.
+ Includes a number of newer ServerSupportFunction calls, support
+ for ReadClient (in order to retrieve POSTs greater than 48KB),
+ and general bug fixes to more reliably load ISAPI .dll's and
+ prevent leaking handle resources. Note: There are still
+ discrepancies between IIS's and Apache's ServerVariables, and
+ async calls are still not supported. Additional warnings are
+ logged to facilitate debugging of unsupported ISAPI calls.
+ [William Rowe]
+
+ *) Add input filtering to Apache. The basic idea for the input
+ filters is the same as the ideas for output filters. The biggest
+ difference is that instead of calling ap_pass_brigade, ap_get_brigade
+ should be called, and the order of execution for the filter itself is
+ different. When writing an output filter, a brigade is passed in,
+ and filters operate directly on that brigade, when done, they call
+ ap_pass_brigade. Input filters are the exact opposite. Because input
+ is not a push operation, filters first call ap_get_brigade. When this
+ function returns, the input filter will be left with a valid brigade.
+ The input filter should then operate on the brigade, and return.
+ [Ryan Bloom]
+
+ *) Fix building on BSD/OS using its native make. The build system
+ falls back to the BSD .include directive on that host platform.
+ [Sascha Schumann]
+
+ *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
+ SHA1 and plaintext password encodings. Make feature tests a
+ bit more flexible. [William Rowe]
+
+ *) Charset translation: mod_charset_lite handles output content
+ translation in a filter. mod_charset_lite no longer ignores
+ subrequests. A bunch of cruft related to BUFF's support for
+ translating request and response bodies was removed.
+ [Jeff Trawick]
+
+ *) Move the addition of the CORE filter to the post_read_request
+ hook in http_core.c. This removes the need to add the filter in
+ multiple places and allows for an SSL module to be added much
+ simpler. [Ryan Bloom]
+
+ *) SECURITY: CVE-2000-0913 (cve.mitre.org)
+ Fix a security problem that affects certain configurations of
+ mod_rewrite. If the result of a RewriteRule is a filename that
+ contains expansion specifiers, especially regexp backreferences
+ $0..$9 and %0..%9, then it may be possible for an attacker to
+ access any file on the web server. [Tony Finch]
+
+ *) Fix a bug where errors that are detected during early request parsing
+ don't produce visible HTTP error messages at the browser, because
+ the core_filter wasn't present. [Greg Ames]
+
+ *) Provide apr_socklen_t as a portability aid.
+ [Victor J. Orlikowski]
+
+ *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
+ as well as a comment arg to the add, adduser and update cmds.
+ update allows the user to clear or preserve pw/groups/comment.
+ Fixed a bug in dbmmanage that prevented the check option from
+ parsing a password followed by :group... text. Corrected the
+ seed calcualation for Win32 systems, and added -lsdbm support.
+ [William Rowe]
+
+ *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
+ [William Rowe]
+
+ *) Avoid a segfault when parsing .htaccess files. An
+ uninitialized tree pointer was passed to ap_build_config().
+ [Jeff Trawick]
+
+ *) Change the way that inet_addr & inet_network are checked for
+ in APR's configure process to allow BeOS BONE to correctly
+ find them. With this change BeOS BONE now builds from source
+ with no problems. [David Reid]
+
+ *) Fix a bug in apr_create_process() for Unix. The NULL signifying
+ the end of the parameters to execve() was stored in the wrong
+ location, overlaying the storage beyond the newargs[] array and
+ also passing uninitialized storage to execve(), which would
+ sometimes fail with EFAULT. [Jeff Trawick]
+
+ *) Fix a bug parsing configuration file containers. With a sequence
+ like this in the config file
+
+ <IfModule mod_kilroy.c>
+ any stuff
+ </IfModule>
+ <IfModule mod_lovejoy.c>
+ (blank line)
+ any stuff
+ </IfModule>
+
+ the second container would be terminated at the blank line due to
+ sediment in the buffer from reading the prior </IfModule> and an
+ error message would be generated for the real </IfModule> for the
+ second container. Also due to this problem, any two characters
+ could be used for "</" in the close of a container.
+ [Jeff Trawick]
+
+ *) ap_add_filter prototype changed to remove the ctx pointer. The
+ pointer still remains in the filter structure, but it can not be
+ a part of the ap_add_filter prototype. The reason is that when
+ the core uses AddFilter to add a filter to the stack it doesn't
+ know how to allocate the ctx pointer, or even how much memory should
+ be allocated. The filters will have to be responsible for allocating
+ the ctx memory when they need it.
+ [Ryan Bloom]
+
+ *) Add an AddFilter directive. This directive takes a list of filters
+ that should be activated for the requested resource.
+ [Ryan Bloom]
+
+ *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
+ some other platforms). [Jeff Trawick]
+
+ *) Modify mod_include to be a filter. Currently, it has only been tested
+ on actual files, but it should work for CGI scripts too.
+ [Ryan Bloom]
+
+ *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
+ writes. apr_flush() for Unix: handle interrupted writes.
+ [Jeff Trawick]
+
+ *) NameVirtualHost can now take "*" as an argument instead of
+ an IP address. This allows you to create a purely name-based
+ virtual hosting server that does not have any IP addresses in
+ the configuration file and which ignores the local address
+ of any connections. PR #5595, PR #4455 [Tony Finch]
+
+ *) Fix some compile warnings in mod_mmap_static.c
+ [Mike Abbott <mja sgi.com>]
+
+ *) Fix chunking problem with CGI scripts. The general problem was that
+ the CGI modules were adding an EOS bucket and then the core added an
+ EOS bucket. The chunking filter finalizes the chunked response when it
+ encounters an EOS bucket. Because two EOS buckets were sent, we
+ finalized the response twice. The fix is to make sure we only send one
+ EOS, by utilizing a flag in the request_rec.
+ [Ryan Bloom]
+
+ *) apr_put_os_file() now sets up the unget byte appropriately on Unix
+ and Win32. Previously, the first read from an apr_file_t set up via
+ apr_put_os_file() would return a '\0'. [Jeff Trawick]
+
+ *) Mod_cgid now creates a single element bucket brigade, with a pipe
+ bucket, instead of using BUFF's and ap_r*.
+ [Ryan Bloom]
+
+ *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
+ [Mike Abbott <mja sgi.com>]
+
+ *) Remove ap_bopenf from buff code. This required modifying the file_cache
+ code to use APR file's directly instead of going through BUFFs.
+ [Ryan Bloom]
+
+ *) Fix compile break on some platforms for mod_mime_magic.c
+ [John K. Sterling <sterling covalent.net>]
+
+ *) Fix merging of AddDefaultCharset directive.
+ PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]
+
+ *) Minor revamp of the rlimit sections of code. We now test
+ explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
+ is now "available" even if the platform doesn't support
+ the rlimit family (it's just a noop though). [Jim Jagielski]
+
+ *) Migrate the pre-selection of which MPM to use for specific
+ platforms to hints.m4, which contains (or should contain)
+ all platform specific "hints". [Jim Jagielski]
+
+ *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary
+ [Ryan Bloom]
+
+ *) Add tables with non-string/binary values to APR.
+ [Ken Coar]
+
+ *) Fix some bad calls to ap_log_rerror() in mod_rewrite.
+ [Jeff Trawick]
+
+ *) Update PCRE to version 3.2. [Ryan Bloom]
+
+ *) Change the way buckets' destroy functions are called so that
+ they can be more directly used when changing the type of a
+ bucket in place. [Tony Finch]
+
+ *) Add generic support for reference-counting the resources used by
+ buckets, and alter the HEAP and MMAP buckets to use it. Change
+ the way buckets are initialised to support changing the type of
+ buckets in place, and use it when setting aside TRANSIENT buckets.
+ Change the implementation of TRANSIENT buckets so that it can be
+ mostly shared with IMMORTAL buckets, which are now implemented.
+ [Tony Finch]
+
+Changes with Apache 2.0a6
+
+ *) Add support to Apache and APR for dsos on OS/390. [Greg Ames]
+
+ *) Add a chunking filter to Apache. This brings us one step closer
+ to removing BUFF. [Ryan Bloom]
+
+ *) ap_add_filter now adds filters in a LIFO fashion. The first filter
+ added to the stack is the last filter to be called. [Ryan Bloom]
+
+ *) Apache 2.0 has been completely documented using Scandoc. The
+ docs can be generated by running 'make docs'. [Ryan Bloom]
+
+ *) Add filtered I/O to Apache. This is based on bucket brigades,
+ Currently the buckets still use BUFF under the covers, but that
+ should change quickly. The only currently written filter is the
+ core filter which just calls ap_bwrite. [The Apache Group]
+
+ *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
+ built with thread support. [Jeff Trawick]
+
+ *) Abort configuration if --with-layout was specified and there's
+ no layout definition file. [Ken Coar]
+
+ *) Add support for '--with-port=n' option to configure. [Ken Coar]
+
+ *) Add support for extension methods for the Allow response header
+ field, and an API routine for accessing r->allowed and the
+ list of extension methods in a unified manner. [Ken Coar]
+
+ *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
+ [Rob Simonson <simo us.ibm.com>]
+
+ *) Get xlate builds working again. The apr renaming in 2.0a5 broke
+ APACHE_XLATE builds. [Jeff Trawick]
+
+ *) A configuration file parsing problem was fixed. When the
+ configuration file started with an IfModule/IfDefine container,
+ only the last statement in the container would be retained.
+ [Jeff Trawick]
+
+Changes with Apache 2.0a5
+
+ *) Perchild is serving pages after passing them to different child
+ processes. There are still a lot of bugs, but this does work. I
+ have made requests against the same installation of Apache, and had
+ different servers use different user IDs to serve the responses.
+ This change moves to using socketpair instead of an AF_UNIX socket.
+ [Ryan Bloom]
+
+ *) Perchild MPM still doesn't work perfectly, but it is serving pages.
+ It can't seem to pass between child processes yet, but I think we
+ are closer now than before. This moves us back to using Unix
+ Domain Sockets. [Ryan Bloom]
+
+ *) libapr functions and types renamed with apr_ prefix.
+ #include "apr_compat.h" for 1.3.x backwards compat
+ [Perl]
+
+ *) Fix problems with APR sockaddr handling on Win32. It didn't always
+ return the right information on the local socket address.
+ [Gregory Nicholls <gnicholls level8.com>]
+
+ *) ap_recv() on Win32: Set bytes-read to 0 on error.
+ [Gregory Nicholls <gnicholls level8.com>]
+
+ *) Add an option to not detach from the controlling terminal without
+ going into single process mode. This allows for much easier
+ debugging of the process startup code. [Ryan Bloom]
+
+ *) ab: don't use perror() to report the failure of an APR function.
+ [Jeff Trawick]
+
+ *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
+ scoreboard on graceful restarts.
+ [Ryan Bloom]
+
+ *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
+ An invalid ap_proc_t was passed to ap_create_process().
+ [Jeff Trawick]
+
+ *) Allow modules to register filters. Those filters are still
+ never called, but this is a step in the right direction.
+ [Ryan Bloom and Greg Stein]
+
+ *) Register the mod_cgid daemon process for cleanup so that it is
+ killed at termination if it does not die when the parent gets
+ SIGTERM. This change is to fix occasional problems where the
+ process stays around. Bugs in similar logic in mod_rewrite and
+ mod_include were also fixed. [Jeff Trawick]
+
+ *) Fix a bug in the time handling. Basically, we were imploding a time
+ in ap_parseHTTPdate, but it had bogus data in the exploded time format.
+ Namely, tm_usec and tm_gmtoff were not filled out. ap_implode_time
+ uses those two fields to adjust the time value. Because of the HTTP
+ spec, both of those values can be zero'ed out safely. This fixes
+ the bug correctly. [Ryan Bloom]
+
+ *) Fix a couple of place in the Windows code where the wrong error
+ code was being returned. [Gregory Nicholls <gnicholls level8.com>]
+
+ *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]
+
+ *) Added the APR_EOL_STR macro for platform dependent differences in
+ logfiles and other raw text (such as all APR files). Fixes logfiles
+ not terminated with cr/lf sequences in Win32. [William Rowe]
+
+ *) Move all strings functions in APR to src/lib/apr/strings and create
+ apr_strings.h for the prototypes. [Ryan Bloom]
+
+ *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
+ to repeat the syscall until we stop getting EINTR. I noticed a
+ related problem at termination (SIGTERM) on FreeBSD when using
+ fcntl(). Apache 1.3 had these new loops too. Also, make the flock()
+ implementation work properly with child init. Previously, ap_lock()
+ was essentially a no-op because all children were using different
+ locks and thus nobody ever blocked. [Jeff Trawick]
+
+ *) The htdocs/ tree has been moved out of the CVS source tree into
+ a separate area for easier development. This has NO EFFECT on
+ end-users or Apache installations. [Ken Coar]
+
+ *) Integrate the mod_dav module for WebDAV protocol handling. This
+ adds the dav and dav_fs modules, the SDBM library, and additional
+ XML handling utilities. [Greg Stein]
+
+ *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
+ [Greg Stein]
+
+ *) Update the lib/expat-lite/ library (bring forward changes from
+ the Apache 1.3 repository). [Greg Stein]
+
+ *) If sizeof(long long) == sizeof(long), then prefer long in APR
+ configure.in. [Dave Hill <ddhill zk3.dec.com>]
+
+ *) Add ap_sendfile for Tru64 Unix. Also, add an error message for
+ machines where sendfile is detected, but nobody has written ap_sendfile.
+ [Dave Hill <ddhill zk3.dec.com>]
+
+ *) Compile fixes in mod_mmap_static. [Victor J. Orlikowski]
+
+ *) ab would start up more connections than needed, then quit when the
+ desired number were finished. Also fixed a logic error involving
+ ab keepalives. [Victor J. Orlikowski]
+
+ *) WinNT: Implement non-blocking pipes with timeouts to communicate
+ with CGIs. Apache 2.0a4 had non-blocking pipes but without
+ timeouts (i.e, if a timeout was specified, the pipe reverted to
+ a full blocking pipe). Now the behaviour is more in line with
+ Unix non-blocking pipes.
+ [Bill Stoddard]
+
+ *) WinNT: Implement accept socket reuse. Using mod_file_cache to
+ cache open file handles along with accept socket reuse enables
+ Apache 2.0 to serve non-keepalive requests for static files at
+ 3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
+ and Apache 2.0 will serve almost 1200 rps on my system).
+ [Bill Stoddard]
+
+ *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
+ supports two config directives, mmapfile (same behavious as
+ mod_mmap_static) and cachefile. Use the cachefile directive
+ to cache open file handles. This directive only works on systems
+ that have implemented the ap_sendfile API. cachefile works today
+ on Windows NT, but has not been tested on any flavors of Unix.
+ [Bill Stoddard]
+
+ *) Cleanup the configuration. With the last few changes the
+ configuration process automatically:
+ inherits information about how to build from APR. Allowing
+ APR to inform Apache that it should or should not use -ldl
+
+ Detects which mod_cgi should be used mod_cgi or mod_cgid,
+ based on the threading model
+
+ Apache calls APR's configure process before finishing it's
+ configuration processing, allowing for more information flow
+ between the two.
+ [Ryan Bloom]
+
+
+ *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
+ with non-zero argument makes the socket non-blocking. BeOS and
+ OS/2 already worked this way. [Jeff Trawick]
+
+ *) ap_close() now calls ap_flush() for buffered files, so write
+ operations work a whole lot better on buffered files.
+ [Jeff Trawick]
+
+ *) Fix error messages issued from MPMs which explain where to change
+ compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
+ [Greg Ames]
+
+ *) ap_create_pipe() now leaves pipes in blocking state. (This helps
+ reduce the number of syscalls on Unix.) ap_set_pipe_timeout() is
+ now the way that the blocking state of a pipe is manipulated.
+ ap_block_pipe() is gone. [Jeff Trawick]
+
+ *) Correct the problem where the only local host name that the IP stack
+ can discover are 'undotted' private names. If no fully qualified
+ domain name can be identified, the default ServerName will be set to
+ the machine's IP address string. A warning is always provided if the
+ ServerName not specified, but assumed. Solves PR6215 [William Rowe]
+
+ *) Repair problems with config file processing which caused segfault
+ at init when virtual hosts were defined and which caused ServerName to
+ be ignored when there was no valid DNS setup. [Jeff Trawick]
+
+ *) Removed pointless ap_is_aborted macro function. [Roy Fielding]
+
+ *) Add ap_sendfile implementation for AIX
+ [Victor J. Orlikowski]
+
+ *) Repair C++ compatibility in ap_config.h, apr_file_io.h,
+ apr_network_io.h, and apr_thread_proc.h.
+ [Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]
+
+ *) Bring the allocation and pool debugging code back into a working
+ state. This will need to be tested as so far it's only been used on
+ BeOS. [David Reid]
+
+ *) Change configuration command setup to be properly typesafe when in
+ maintainer mode. Note that this requires a compiler that can initialise
+ unions. [Ben Laurie]
+
+ *) Turn on buffering for config file reads. Part of this was to
+ repair buffered I/O support in Unix and implement buffered
+ ap_fgets() for all platforms. [Brian Havard, Jeff Trawick]
+
+ *) Win32: Fix problem where UTC offset was not being set correctly
+ in the access log. Problem reported on news group by Jerry Baker.
+ [Bill Stoddard]
+
+ *) Fix segfault when reporting this type of syntax error:
+ "</container> without matching <container> section", where
+ container is VirtualHost or Directory or whatever.
+ [Jeff Trawick]
+
+ *) SECURITY: CVE-2000-1204 (cve.mitre.org)
+ Prevent the source code for CGIs from being revealed when
+ using mod_vhost_alias and the CGI directory is under the document root
+ and a user makes a request like http://www.example.com//cgi-bin/cgi
+ as reported in <news:960999105.344321 ernani.logica.co.uk>
+ [Tony Finch]
+
+ *) Add support for the new Beos NetwOrking Environment (BONE)
+ [David Reid]
+
+ *) xlate: ap_xlate_conv_buffer() now tells the caller when the
+ final input char is incomplete; ap_bwrite_xlate() now handles
+ incomplete final input chars. [Jeff Trawick]
+
+ *) Yet another update to saferead/halfduplex stuff -- need to ensure
+ that a bhalfduplex call occurs before logging or else DNS and
+ such can delay the last packet of the response. [Dean Gaudet]
+
+ *) Some syscall reduction in APR on unix -- don't seek when setting
+ up an mmap; and don't fcntl() more than once per socket.
+ [Dean Gaudet]
+
+ *) When mod_cgid is started as root, the cgi daemon now switches
+ to the configured User/Group (like other httpd processes)
+ instead of continuing as root. [Jeff Trawick]
+
+ *) The prefork MPM now uses an APR lock for the accept() mutex.
+ It has not been getting a lock at all recently. httpd -V now
+ displays APR's selection of the lock mechanism instead of the
+ symbols previously respected by prefork. [Jeff Trawick]
+
+ *) Change the mmap() feature test to check only for existence.
+ The previous check required features not used by Apache.
+ [Greg Ames]
+
+ *) Fix a couple of bugs in mod_cgid: The cgi arguments were
+ sometimes mangled. The len parm to accept() was not
+ initialized, leading sometimes to an endless loop of failed
+ accept() calls on OS/390 and anywhere else that failed the call
+ if the len was negative. Use <sys/un.h> for struct sockaddr_un
+ instead of declaring it ourselves to fix a compilation problem
+ on Solaris. [Jeff Trawick]
+
+ *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]
+
+ *) Fix zombie process problem with mod_cgi. [Jeff Trawick]
+
+ *) Port mod_mmap_static to 2.0. Make it go faster. [Greg Ames]
+
+ *) Fix storage overlay when loading dsos. Symptom: Apache dies at
+ initialization if ALLOC_DEBUG is defined; no known symptom
+ otherwise. [Jeff Trawick]
+
+ *) Fix typo in configure script when checking for mod_so. bash
+ doesn't seem to have a problem but /bin/sh on Solaris does.
+ Symptom: "./configure: test: unknown operator =="
+ [Jeff Trawick]
+
+ *) Rebind the Win32 NT and 9x services control into the MPM.
+ All console, WinNT SCM and Win9x pseudo-service control code is
+ now wrapped within the WinNT MPM.
+ [William Rowe]
+
+ *) Make a copy of getenv("PATH") before storing for later use. Some
+ getenv() implementations use the same storage for successive calls.
+ CGIs on OS/390 had a bad PATH due to this. [Jeff Trawick]
+
+ *) Server Tokens work in 2.0 again. This also propogates the change
+ to allow just the product name in the server string using
+ PRODUCT_ONLY.
+ [Ryan Bloom]
+
+Changes with Apache 2.0a4
+
+ *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
+ won't need to call it. [Greg Ames, Jeff Trawick]
+
+ *) Move pre_config hook call to between configuration read and config
+ tree walk. This allows all modules to implement pre_config hooks
+ and know that they will be called at an appropriate time.
+ [Ryan Bloom]
+
+ *) mod_cgi, mod_cgid: Make ScriptLog directive work again.
+ [Jeff Trawick]
+
+ *) Add pre-config hooks back to all modules.
+ [Ryan Bloom]
+
+ *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
+ ContentDigest enabled and we can't/don't mmap the file.
+ [Jeff Trawick]
+
+ *) We now report the correct line number for syntax errors in config
+ files. [Ryan Bloom, Greg Stein, Jeff Trawick]
+
+ *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
+ related bugs, and changed shmem/locking to use apr API. Shared-mem
+ is currently disabled, however, because of problems with graceful
+ restarts. [Ronald Tschalär]
+
+ *) Fix corruption of IFS variable in --with-module= handling.
+ Depending on the user's shell or customization thereof, there
+ would be errors generating ap_config_auto.h later in the configure
+ procedure. [Jeff Trawick]
+
+ *) mod_cgi: Restore logging of stderr from child process when ScriptLog
+ isn't used (as in 1.3), except that on Unix it is now logged via
+ ap_log_rerror() instead of by the child having STDERR_FILENO refer
+ to the error log. [Greg Ames, Jeff Trawick]
+
+ *) Add '-D' argument processing for run time configuration defines.
+ [William Rowe]
+
+ *) Organize http_main.c as independent code, such that no code or
+ global data is exported from it. WIN32 will dynamically link it
+ to the server core, so this will prevent mutual dependency.
+ [William Rowe]
+
+ *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
+ and APR_VAR_EXPORT to correctly resolve apr functions and globals.
+ [William Rowe]
+
+ *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
+ [William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]
+
+ *) Add mod_charset_lite for configuring character set translation.
+ [Jeff Trawick]
+
+ *) Add '-n' option to htpasswd to make it print its user:pw record
+ on stdout rather than having to frob a text file. [Ken Coar]
+
+ *) Fix saferead. Basically, we flush the output buffer if a read on the
+ input will block.
+ [Ryan Bloom]
+
+ *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
+ a conversion is single-byte only. [Jeff Trawick]
+
+ *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
+ the BeOS 5.0 documentation says that shutdown doesn't work yet.
+ [Roy Fielding]
+
+ *) Fix some minor errors where pid was being manipulated as an int
+ instead of the portable pid_t. [Roy Fielding]
+
+ *) Fix some error log prints that were printing the pointer to a
+ structure rather than the pid within the structure.
+ [Jeff Trawick, Roy Fielding]
+
+ *) ab: Fix a command-line processing bug; track bad headers in
+ err_response; support reading headers up to 2K.
+ [Ask Bjoern Hansen <ask valueclick.com>]
+
+ *) Fix ap_resolve_env() so that it handles new function added in a prior
+ alpha (see "Added the capability to do ${ENVVAR} constructs in the
+ config file.") as well as the constructs used by mod_rewrite.
+ [Paul Reder <rederpj raleigh.ibm.com>]
+
+ *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]
+
+ *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
+ APR to perform translation, instead of accessing the hard-coded tables
+ in 1.3's ebcdic.c. [Jeff Trawick]
+
+ *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing.
+ [Jeff Trawick]
+
+ *) Add the ability to hook into the config file reading phase. Basically
+ if a directive is specified EXEC_ON_READ, then when that directive is
+ read from the config file, the assocaited function is executed. This
+ should only be used for those directives that must muck with HOW the
+ server INTERPRETS the config. This should not be used for directives
+ that re-order or replace items in the config tree. Those changes should
+ be made in the pre-config step.
+ [Ryan Bloom]
+
+ *) Add mod_example to the build system.
+ [Tony Finch]
+
+ *) APR: Add ap_xlate_conv_byte() to convert one char between single-
+ byte character sets. [Jeff Trawick]
+
+ *) Pick up various EBCDIC fixes from 1.3 (from Martin
+ Kraemer and Oliver Reh originally according to the change log).
+ [Jeff Trawick]
+
+ *) Fix a couple of problems in RFC1413 support (controlled by the
+ IdentityCheck directive). Apache did not build the request string
+ properly and more importantly Apache would loop forever if the
+ would-be ident server dropped the connection before sending a
+ properly terminated response. [Jeff Trawick]
+
+ *) apxs works in 2.0.
+ [Ryan Bloom]
+
+ *) Reliable piped logs work in 2.0.
+ [Ryan Bloom]
+
+ *) Introduce a hash table implementation into APR to be used for
+ replacing tables and other random data structures in Apache.
+ [Tony Finch]
+
+ *) Add some more error reporting to htpasswd in the case of problems
+ generating or accessing the temporary file. Also, pass in a
+ buffer if the implementation knows how to use it (i.e., if L_tmpnam
+ is defined). [Ken Coar]
+
+ *) Configure creates config.nice now containing your configure
+ options. Syntax: ./config.nice [--more-options]
+ [Sascha Schumann]
+
+ *) Fix various return code problems in APR on Win32. For most of
+ these, APR was returning APR_EEXIST instead of GetLastError()/
+ WSAGetLastError(). [Jeff Trawick]
+
+ *) Make piped logs work again in version 2.0
+ [Ryan Bloom]
+
+ *) Add VPATH support to UNIX build system of Apache and APR.
+ [Sascha Schumann]
+
+ *) Fix ap_tokenize_to_argv to respect the const arguments that are
+ passed to it.
+ [Ryan Bloom]
+
+ *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
+ Patch submitted to author.
+ [Sascha Schumann]
+
+ *) Fix mm configuration on Solaris 8 x86 and OS/390. Don't require
+ /sbin in PATH on FreeBSD (all submitted to rse previously)
+ [Jeff Trawick]
+
+ *) Fix building Pthread-based MPMs on OpenBSD
+ [Sascha Schumann] PR#26
+
+ *) Fix ap_readdir() problem on systems where d_name[] field in
+ struct dirent is declared with only one byte. (This problem only
+ affected multithreaded builds.) This caused a segfault during
+ pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at
+ least). [Jeff Trawick]
+
+ *) Fix some make-portability problems on at least Tru64, Irix
+ and UnixWare.
+ [Sascha Schumann] PR#18, PR#39
+
+ *) Add ap_sigwait() to support old-style sigwait() on systems
+ like OS/390 and UnixWare.
+ [Sascha Schumann]
+
+ *) Add POSIX-thread flags for more platforms.
+ [Sascha Schumann]
+
+ *) Fix some minor bugs in ap_strerror(). Teach ap_strerror()
+ (on Unix, at least) to handle resolver errors. Fix a bug in
+ the definition of APR_ENOMEM so that ap_strerror() can spit
+ out the correct error message for it.
+ [Jeff Trawick]
+
+Changes with Apache 2.0a3
+
+ *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
+ [Doug MacEachern]
+
+ *) API: *HOOK* macros now have an AP_ prefix
+ [Doug MacEachern]
+
+ *) Win32: Eliminate redundant calls to initialize winsock.
+ [Tim Costello <timcostello ozemail.com.au>]
+
+ *) Fix bugs initializing ungetchar for pipes.
+ [Chia-liang Kao <clkao CirX.ORG>]
+
+ *) The ab program in the src/support directory is now portable using
+ APR.
+ [Ryan Bloom]
+
+ *) Support directory is being compiled when the server is built
+ [Ryan Bloom]
+
+ *) The configure option --with-program-name has been added to allow
+ developers to rename the executable at configure time. This also
+ changes the name of the config files to match the executable's name.
+ [Ryan Bloom]
+
+ *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
+ containing version numbers. [Martin Pool]
+
+ *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
+ Unix; access_log and error_log now created with these perms; non-
+ Unix is unaffected [Jeff Trawick]
+
+ *) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
+ Replaced more magic numbers with MD5_DIGESTSIZE.
+ [William Rowe, Roy Fielding]
+
+ *) Win32: Get mod_auth_digest compiling and added to the Windows
+ build environment. Not tested and I'd be suprised if it
+ actually works. [Bill Stoddard]
+
+ *) Revamp the Win32 make environment. Makefiles have been removed and
+ Apache.dsw created to bring together all the pieces. Create new file
+ os/win32/BaseAddr.ref to define module base addresses (to prevent
+ dll relocation at start-up).
+ [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]
+
+ *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3. This replaces most
+ of the \015, \012, and \015\012 constants with macros.
+ [Greg Ames]
+
+ *) Add ap_xlate_open() et al for translation of text between different
+ character sets. The initial implementation requires iconv().
+ [Jeff Trawick]
+
+ *) More FAQs and answers from comp.infosystems.www.servers.unix.
+ [Joshua Slive <slive finance.commerce.ubc.ca>]
+
+ *) CGI output is being timed out now.
+ [Ryan Bloom]
+
+ *) Fix the problem with dieing quietly. dupfile now takes a pool which
+ is used by the new apr file. There is no reason to create a new file
+ with the same lifetime as the original file.
+ [Ryan Bloom]
+
+ *) Win32: Attempt to eliminate dll relocation at start-up by specifying
+ module base addresses. This will help shooting seg faults
+ in the field. [William Rowe <wrowe lnd.com>]
+
+ *) Update Apache on Windows documentation. Add new document
+ describing how to compile Apache on Windows.
+ [William Rowe <wrowe lnd.com>]
+
+ *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take
+ microseconds instead of seconds. Some storage leaks and other
+ minor bugs in related code were fixed. [Jeff Trawick]
+
+ *) Win32: First cut at getting mod_isapi working under 2.0
+ [William Rowe <wrowe lnd.com>]
+
+ *) First stab at getting mod_auth_digest working under 2.0
+ quick change summary:
+ - moved the random byte generation (ap_generate_random_bytes) into APR
+ - now uses ap_time_t
+ - compiles and runs on linux
+ - tested with amaya
+ [Brian Martin <bmartin penguincomputing.com>]
+
+ *) Win32: Move the space stripping of physical service names
+ fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
+ unresolved symbol. Add dependency checking to the
+ CreateService call to ensure TCPIP and AFP (winsock) is started
+ before Apache.
+ [William Rowe <wrowe lnd.com>]
+
+ *) Win32: Add code to perform latebinding on functions that may
+ not exist on all levels of Windows where Apache runs. This
+ is needed to allow Apache to start-up on Win95/98. All calls
+ to non portable functions should be protected with
+ ap_oslevel checks to prevent runtime segfaults.
+ [William Rowe <wrowe lnd.com>]
+
+ *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]
+
+ *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]
+
+ *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
+ This addresses PR 1623. Still need to address timing out runaway
+ CGI scripts. [Bill Stoddard]
+
+ *) Win32: Make ap_stat Windows 95/98 friendly
+ [William Rowe <wrowe lnd.com>]
+
+ *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to
+ always fail. Need to initialise the dwOSVersionInfoSize member of the
+ OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx
+ always fails.
+
+ The patch also enhances ap_get_oslevel (and the associated enum) to
+ handle selected service packs for NT4, and adds recognition for
+ Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then
+ we can use ReadFileScatter and WriteFileGather in readwrite.c.
+ [Tim Costello <Tim.Costello BTFinancialgroup.com>]
+
+ *) Get mod_rewrite building and running, and mod_status building for Win NT
+ [Allan Edwards <ake raleigh.ibm.com>]
+
+ *) Patch to port mod_auth_db to the 2.0 api and also to support
+ Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and
+ 2.7.7. It should work with version 1 as well but I haven't tested it.
+ [Brian Martin <bmartin penguincomputing.com>]
+
+ *) Get APR DSO code working under Windows. Includes cross platform
+ fixes to mod_so.c.
+ [<Tim.Costello BTFinancialgroup.com>]
+
+ *) Fix some of the Windows APR time functions.
+ [William Rowe]
+
+ *) FAQ changes related to tidying up historical documents on the web site.
+ [Joshua Slive <slive finance.commerce.ubc.ca>]
+
+ *) Move Windows DSO code into APR.
+ [Bill Stoddard]
+
+ *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
+ Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
+ at build time. At this point, the server will not compile on Windows because
+ of the recent DSO commits. Fixing those next.
+ [Bill Rowe & Bill Stoddard]
+
+ *) Added error checking for file I/O APR routines.
+ [Jon Travis <jtravis covalent.net>]
+
+ *) APR: Don't use the values of resolver error codes for the
+ corresponding APR error codes. On Unix and Win32, return the
+ proper APR error code after a resolver error. [Jeff Trawick]
+
+Changes with Apache 2.0a2
+
+ *) Renamed the executable back to httpd on all platforms other
+ than Win32
+ [Ryan Bloom]
+
+ *) Allow BeOS to survive restarts, log properly and a few
+ small things it had problems with due to the way it setup
+ users and groups. [David Reid]
+
+ *) Get mod_rewrite working with APR locks
+ [Paul Reder <rederpj raleigh.ibm.com>]
+
+ *) Actually remove the sempahore when the lock cleanup routine
+ is called on BeOS. [David Reid]
+
+ *) Clear hook registrations between reads of the config file.
+ When DSOs are unloaded and re-loaded the old hook pointers may
+ no longer be valid. This fix eliminates potential segfaults.
+ [Allan Edwards <ake raleigh.ibm.com>]
+
+ *) Fix a problem with Sigfunc not being defined or bypassed
+ if sigaction() wasn't found. [Jim Jagielski]
+
+ *) Fix the locking mechanism on BSD variants. They now use fcntl
+ locks. This allows the server to start and serve pages.
+ [Ryan Bloom]
+
+ *) First cut at getting the Win32 installer to work
+ [William Rowe <wrowe lnd.com>]
+
+ *) Get htpasswd compiling under Windows
+ [William Rowe <wrowe lnd.com>]
+
+ *) Change the log message for a bind() failure to show the
+ interface and port number. [Jeff Trawick]
+
+ *) Import the documentation from 1.3.12 and bring parts of it
+ up-to-date with respect to the changes that have occurred
+ in 2.0.
+ [Tony Finch]
+
+ *) BeOS MPM updated. CGI bug on BeOS fixed. IP addresses
+ now logged correctly on BeOS.
+ [David Reid]
+
+ *) Create one makefile for all Win32 distributions (NT/2000/95/98).
+ Makefile.win includes the same user interface as the old
+ Makefile.nt
+ [William Rowe <wrowe lnd.com>, Jeff Trawick <trawick us.ibm.com>]
+
+ *) Win32 exec now uses COMSPEC environment string for command
+ shell path resolution.
+ [William Rowe <wrowe lnd.com>] PR#3715
+
+ *) Win32: ap_connect() was not returning correct error condition
+ PR5866
+ [Allen Prescott <allen clanprescott.com>]
+
+ *) Win32: ap_open() was broken on Win9x because an NT-specific
+ flag was passed to CreateFile. ap_puts() added an unnecessary
+ '\n'.
+ [Jeff Trawick <trawick us.ibm.com>]
+
+ *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
+ which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
+ confusing ee/et name and made all extensions language/dialect
+ rather than country reflecting. Changed example files to
+ explicit reflect the ISO charset and added a few common
+ ones to the example config [dirkx]
+
+ *) Extend external module capability. To use this, you call
+ configure with --with-module=path/to/mod1,path/to/mod2,etc.
+ [Ryan Bloom]
+
+ *) Backported the various "default charset" fixes from 1.3.12,
+ including the AddDefaultCharset directive. [Jim Jagielski]
+
+ *) Added the capability to do ${ENVVAR} constructs in the
+ config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
+ it does this on a line by line basis; i.e. if the envvar
+ expands to something with spaces you have to protect it
+ by adding quotes around it (Unless of course you expect it
+ to contains more than one argument. Alternatively you
+ can compile it on a per token basis; which is what people
+ usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
+ hampers fancier hacks.
+ [Dirk-Willem van Gulik]
+
+ *) Changed the 'ErrorDocument' syntax in that it NO longer
+ supports the asymetric
+
+ ErrorDocument 301 "Some message
+
+ Note the opening " quote, without a closing quote. It now
+ has either the following syntaxes
+
+ ErrorDocument XXX /local/uri
+ ErrorDocument XXX http://valid/url
+ ErrorDocument XXX "Some Message"
+
+ The recognition heuristic is: if it has a space it
+ is a message. If it has no spaces and starts with a /
+ or is a valid URL then treat it that way. Otherwise it
+ is assumed to be a message.
+
+ This breaks backward compatibility but makes live a hell
+ of a lot easier for GUI's and config file parsers.
+ [Dirk-Willem van Gulik]
+
+ *) Changed 'CacheNegotiatedDocs' from its present/not-present
+ syntax into a 'on' or 'off' syntax. As it currently is the
+ only non nesting token which uses NO_ARGS and thus is an
+ absolute pain for any config interface automation. This
+ breaks backward compatibility. [Dirk-Willem van Gulik]
+
+ *) Add ability to add external modules to the build process. This is
+ done with --with-module=/path/to/module. Modules can only be added
+ as static modules at this point.
+ [Ryan Bloom]
+
+Changes with Apache 2.0a1
+
+ *) Fix FreeBSD 3.3 core dump.
+ Basically, ap_initialize() needs to get called before
+ create_process(), since create_process() passes op_on structure
+ to semop() to get a lock, but op_on isn't initialized until
+ ap_initialize() calls setup_lock(). Here is a slight
+ rearrangement to main() which calls ap_initialize() earlier...
+ [Jeff Trawick <trawick us.ibm.com>]
+
+ *) Enable Apache to use sendfile/TransmitFile API
+ [Bill Stoddard, David Reid, Paul Reder]
+
+ *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
+ APIs.
+ [Bill Stoddard]
+
+ *) Make file I/O and network I/O writev/sendv APIs consistent.
+ Eliminate use of ap_iovec_t and use Posix struct iovec.
+ Use seperate variable on ap_writev to set the number of iovecs
+ passed in and number of bytes written.
+ [Bill Stoddard]
+
+ *) Adapt file iol to use APR functions. Replaced ap_open_file()
+ with ap_create_file_iol(). ap_create_file_iol() requires that
+ the file be opened prior to the call using ap_open().
+ [Bill Stoddard]
+
+ *) Port mod_include and mod_cgi to 2.0
+ [Paul Reder, Bill Stoddard]
+
+ *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
+ bytes_read/bytes_written is always valid (never -1). Plus
+ some fixes to buff.c to correct problems introduced by the
+ errno => ap_status_t changes a while back. Plus a fix to
+ chunked encoding introduced right at the beginning of 2.0.
+ [Dean Gaudet]
+
+ *) Revamped UNIX build system to use autoconf and libtool.
+ [Manoj Kasichainula, Sascha Schumann]
+
+ *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]
+
+ *) SECURITY: More rigorous checking of Host: headers to fix security
+ problems with mass name-based virtual hosting (whether using mod_rewrite
+ or mod_vhost_alias).
+ [Ben Hyde, Tony Finch]
+
+ *) Add back support for UseCanonicalName in <Directory> containers.
+ [Manoj Kasichainula]
+
+ *) Added APLOG_STARTUP log type. This allows us to write an error
+ message without any of the date and time information. As a part
+ of this change, I also removed all of the calls to fprintf(stderr
+ and replaced them with calls to ap_log_error using APLOG_STARTUP
+ writing to stderr is no longer portable, because we don't direct
+ stderr to the error log on all platforms.
+ [Ryan Bloom]
+
+ *) Convert error logging functions to take errno as an argument.
+ This makes our error logs more portable, because some Windows API's
+ don't set errno. This change allows us to still output a valid
+ message on all of our platforms.
+ [Ryan Bloom]
+
+ *) mod_mime_magic runs in 2.0-dev now.
+ [Paul Reder <rederpj raleigh.ibm.com>]
+
+ *) sendfile has been added to APR.
+ [John Zedlewski <zedlwski Princeton.EDU>]
+
+ *) buff.c has been converted to no longer use errno.
+ [Manoj Kasichainula]
+
+ *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and
+ interface adaption to APR functions did it. [Martin Kraemer]
+
+ *) Support DSOs properly on 32-bit HP-UX 11.0
+ [Dilip Khandekar <dilip cup.hp.com>]
+
+ *) Updated MM in APR source tree from version 1.0.8 to 1.0.11
+ [Ralf S. Engelschall]
+
+ *) Cleaned APR build environment integration and bootstrap APR
+ automatically for developers from src/Configure.
+ [Ralf S. Engelschall]
+
+ *) Fixed building of src/support/htpasswd.c
+ [Ralf S. Engelschall]
+
+ *) When generating the Location: header, mod_speling forgot
+ to escape the spelling-fixed uri. (Forw-Port from 1.3)
+ [Martin Kraemer]
+
+ *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
+
+ *) Change all pools to APR contexts. This is the first step to
+ incorporating APR into Apache. [Ryan Bloom]
+
+ *) Move "handler not found" warning message to below the check
+ for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding]
+ PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807
+
+ *) Support line-continuation feature in config.option file and
+ allow the loading of multiple option sections at once via
+ ``--with-option=<section1>,<section2>,...''
+ [Ralf S. Engelschall]
+
+ *) Rebuilt CVS repository with Apache 1.3.9 as basis. [Roy Fielding]
+
+Changes with Apache MPM
+
+ *) Use asynchronous AcceptEx() and a completion port to accept and
+ dispatch connections to threads in Windows NT/2000.
+ [Bill Stoddard]
+
+ *) Implement WINNT Win32 MPM from original Win32 code in http_main.c
+ [Bill Stoddard]
+
+ *) Implement the APACI --with-option facility
+ (per default used the config.option file).
+ [Ralf S. Engelschall]
+
+ *) MPM BEOS port. [David Reid <abb37 dial.pipex.com>]
+
+ *) Start to implement module-defined hooks that are a) fast and b) typesafe.
+ Replace pre_connection module call with a register_hook call and
+ implement pre_connection as a hook. The intent is that these hooks will
+ be extended to allow Apache to be multi-protocol, and also to allow the
+ calling order to be specified on a per-hook/per-module basis.
+ [Ben Laurie]
+
+ *) Implement mpm_* methods as "modules". Each method gets its own
+ subdir in src/modules (eg: src/modules/prefork). Selection
+ of method uses Rule MPM_METHOD. [Jim Jagielski]
+
+ *) Port the hybrid server from the apache-apr repository as
+ mpm_mpmt_pthread. [Manoj Kasichainula]
+
+ *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
+ amongst the unix MPMs.
+
+ *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
+ signal handling for the new world order. [Dean Gaudet]
+
+ *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out
+ of alloc.c for now. [Dean Gaudet]
+
+ *) Handle partial large writes correctly. [Ben Laurie]
+
+ *) Eliminate conn_rec's pointer to server. All it knows is the base server
+ based on IP/port. [Ben Laurie]
+
+ *) Port a bunch of modules to the new module structure.
+ ["Michael H. Voase" <mvoase midcoast.com.au>]
+
+ *) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
+
+ *) Basic restructuring to introduce the MPM concept; includes various
+ changes to the module API... better described by
+ docs/initial_blurb.txt. [Dean Gaudet]
+
+Changes with Apache pthreads
+
+ *) New buff option added: BO_TIMEOUT. It describes the timeout for
+ buff operations (generally over a network).
+ [Dean Gaudet, Ryan Bloom, Manoj Kasichainula]
+
+ *) Created http_accept abstraction. Added 4 new functions (not exported):
+ init_accept(), begin_accepting_requests(), get_request(),
+ stop_accepting_requests() [Bill Stoddard]
+
+ *) Fix to ap_rprintf call that allows mod_info to work properly.
+ [James Morris <jmorris intercode.com.au>]
+
+ *) user and ap_auth_type fields were moved from connection_rec to
+ request_rec. [Ryan Bloom]
+
+ *) Removed the ap_block_alarms and ap_unblock_alarm calls. These aren't
+ needed in a threaded server.
+
+ *) Initial pthread implementation from from Dean's apache-nspr code.
+ [Bill Stoddard, Ryan Bloom]
+
+
+Changes with Apache 1.3.x and later:
+
+ *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup