summaryrefslogtreecommitdiffstats
path: root/rubbos/app/httpd-2.0.64/CHANGES
blob: ee24f5786f4b334a785407de2527dd3a36119764 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
                                                         -*- coding: utf-8 -*-
Changes with Apache 2.0.64

  *) SECURITY: CVE-2010-1452 (cve.mitre.org)
     mod_dav: Fix Handling of requests without a path segment.
     PR: 49246 [Mark Drayton, Jeff Trawick]

  *) SECURITY: CVE-2009-1891 (cve.mitre.org)
     Fix a potential Denial-of-Service attack against mod_deflate or other 
     modules, by forcing the server to consume CPU time in compressing a 
     large file after a client disconnects.  PR 39605.
     [Joe Orton, Ruediger Pluem]

  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
     attack when compiled against OpenSSL version 0.9.8m or later. Introduces
     the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
     and offer unsafe legacy renegotiation with clients which do not yet
     support the new secure renegotiation protocol, RFC 5746.
     [Joe Orton, and with thanks to the OpenSSL Team]

  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
     for OpenSSL versions prior to 0.9.8l; reject any client-initiated
     renegotiations. Forcibly disable keepalive for the connection if there
     is any buffered data readable. Any configuration which requires
     renegotiation for per-directory/location access control is still
     vulnerable, unless using openssl 0.9.8l or later.
     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>, 
      Rainer Jung]

  *) SECURITY: CVE-2010-0434 (cve.mitre.org)
     Ensure each subrequest has a shallow copy of headers_in so that the
     parent request headers are not corrupted.  Elimiates a problematic
     optimization in the case of no request body.  PR 48359
     [Jake Scott, William Rowe, Ruediger Pluem]

  *) SECURITY: CVE-2008-2364 (cve.mitre.org)
     mod_proxy_http: Better handling of excessive interim responses
     from origin server to prevent potential denial of service and high
     memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
     Joe Orton, Jim Jagielski]

  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
     mod_isapi: Do not unload an isapi .dll module until the request
     processing is completed, avoiding orphaned callback pointers.
     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

  *) SECURITY: CVE-2008-2939 (cve.mitre.org)
     mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
     the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]

  *) Fix recursive ErrorDocument handling. PR 36090 [Chris Darroch]

  *) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]

  *) Add Set-Cookie and Set-Cookie2 to the list of headers allowed to pass 
     through on a 304 response.  [Nick Kew]

  *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
     [Philip M. Gollucci]

Changes with Apache 2.0.63

  *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
     to /Device/Nul as the server is starting up, mirroring unix MPM's.
     PR: 43534  [Tom Donovan <Tom.Donovan acm.org>, William Rowe]

  *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
     by recreating the bucket allocator each time the trans pool is cleared.
     PR: 11427 #16 (follow-on)  [Tom Donovan <Tom.Donovan acm.org>]

Changes with Apache 2.0.62 (not released)

  *) SECURITY: CVE-2007-6388 (cve.mitre.org)
     mod_status: Ensure refresh parameter is numeric to prevent
     a possible XSS attack caused by redirecting to other URLs. 
     Reported by SecurityReason.  [Mark Cox, Joe Orton]

  *) SECURITY: CVE-2007-5000 (cve.mitre.org)
     mod_imap: Fix a cross-site scripting issue.  Reported by JPCERT.
     [Joe Orton]

  *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
     to identify a default, or specific servers or paths which list their
     contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

  *) log.c: Ensure Win32 resurrects its lost robust logger processes.
     [William Rowe]

  *) mpm_winnt: Eliminate wait_for_many_objects.  Allows the clean 
     shutdown of the server when the MaxClients is higher then 257,
     in a more responsive manner [Mladen Turk, William Rowe]

  *) Add explicit charset to the output of various modules to work around
     possible cross-site scripting flaws affecting web browsers that do not
     derive the response character set as required by  RFC2616.  One of these
     reported by SecurityReason [Joe Orton]

  *) http_protocol: Escape request method in 405 error reporting.
     This has no security impact since the browser cannot be tricked
     into sending arbitrary method strings.  [Jeff Trawick]

  *) http_protocol: Escape request method in 413 error reporting.
     Determined to be not generally exploitable, but a flaw in any case.
     PR 44014 [Victor Stinner <victor.stinner inl.fr>]

Changes with Apache 2.0.61

  *) SECURITY: CVE-2007-3847 (cve.mitre.org)
     mod_proxy: Prevent reading past the end of a buffer when parsing
     date-related headers.  PR 41144.
     [Davi Arnaut, Nick Kew]

  *) SECURITY: CVE-2007-1863 (cve.mitre.org)
     mod_cache: Prevent segmentation fault if a Cache-Control header has
     no value.  [Niklas Edmundsson <nikke acc.umu.se>]

  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
     mod_status: Fix a possible XSS attack against a site with a public
     server-status page and ExtendedStatus enabled, for browsers which
     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

  *) SECURITY: CVE-2007-3304 (cve.mitre.org)
     prefork, worker MPMs: Ensure that the parent process cannot
     be forced to kill processes outside its process group. 
     [Joe Orton, Jim Jagielski]

  *) mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as synonymous.
     PR 43183 [Brian Rectanus <Brian.Rectanus breach.com>, Vincent Bray]

  *) log core: ensure we use a special pool for stderr logging, so that
     the stderr channel remains valid from the time plog is destroyed,
     until the time the open_logs hook is called again.  [William Rowe]

  *) mod_ssl: Version reporting update; displays 'compiled against'
     Apache and build-time SSL Library versions at loglevel [info],
     while reporting the run-time SSL Library version in the server
     info tags.  Helps to identify a mod_ssl built against one flavor
     of OpenSSL but running against another (also adds SSL-C version
     number reporting.)  [William Rowe]

  *) mod_autoindex: Add in Type and Charset options to IndexOptions
     directive. This allows the admin to explicitly set the 
     content-type and charset of the generated page and is therefore
     a viable workaround for buggy browsers affected by CVE-2007-4465
     (cve.mitre.org). [Jim Jagielski]

  *) main core: Emit errors during the initial apr_app_initialize()
     or apr_pool_create() (when apr-based error reporting is not ready).
     [William Rowe, Jeff Trawick]

  *) log core: Fix issue which could cause piped loggers to be orphaned 
     and never terminate after a graceful restart. PR 40651. [Joe Orton, 
     Ruediger Pluem]

  *) log core: fix the new piped logger case where we couldn't connect 
     the replacement stderr logger's stderr to the NULL stdout stream.  
     Continue in this case, since the previous alternative of no error 
     logging at all (/dev/null) is far worse. [William Rowe]

  *) mpm_winnt: Prevent the parent-child pipe from leaking into other
     spawned processes, and ensure we have a /Device/null handle for
     stdout when running as-a-service.  [William Rowe]

  *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]

  *) mod_so: Solve dev's confusion by reporting expected/seen module
     magic signatures when failing with a 'garbled' message, and solve
     user's confusion by pointing out 'perhaps compiled for a different
     version of apache?'.  [William Rowe]

  *) mod_ssl: initialize thread locks before initializing the hardware
     acceleration library, so the latter can make use of the former. 
     PR 20951. [<adunn ncipher.com>]

  *) mod_ssl: Support limited buffering of request bodies to allow 
     per-location renegotiation to proceed.  PR 12355.  [Joe Orton]

  *) mod_cgi, mod_cgid: Don't return apr_status_t error value
     from input filter chain. PR 31759 (mutated). [Jo Rhett,
     Nick Kew]

  *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
     [Jeff Trawick]

  *) proxy_http.c: Overlay existing cookies with proxied ones, ala
     httpd-2.2. [Jim Jagielski]

  *) mod_proxy: ProxyTimeout (and others) ignored due to not merging
     the *_set params. PR 11540. [Jim Jagielski]

  *) mod_isapi: Correctly present SERVER_PORT_SECURE.
     PR 40573.  [Matt Eaton <asf divinehawk.com>]

  *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
     support.  Also corrects the slashes for Windows.  PR 15993. [William Rowe]

  *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
     token parser worked while the resulting length was misinterpreted.
     PR 29098.  [Brock Bland <bbland serena.com>]

  *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
     attempts to stream the response at the client.  Log these as well.
     PR 30022, 40470.  [William Rowe, Matt Eaton <asf divinehawk.com>]

  *) mod_isapi: Ensure we walk through all the methods the developer may have
     employed to report their HTTP status result code.
     PR 16637 30033 28089.  [Matt Lewandowsky <matt iamcode.net>, William Rowe]

There was no 2.0.60

Changes with Apache 2.0.59

  *) SECURITY: CVE-2006-3747 (cve.mitre.org)
     mod_rewrite: Fix an off-by-one security problem in the ldap scheme
     handling.  For some RewriteRules this could lead to a pointer being
     written out of bounds.  Reported by Mark Dowd of McAfee.
     [Mark Cox]

  *) Win32: Minor fixes to build more cleanly under Visual Studio 2005
     from the command line build.  [William Rowe]

Changes with Apache 2.0.58

  *) Legal: Restored original years in copyright notices.
     [Colm MacCarthaigh]

Changes with Apache 2.0.57

  *) mod_cgid: run the get_suexec_identity hook within the request-handler
     instead of within cgid. PR 36410. [Colm MacCarthaigh] 

  *) core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
     [Davi Arnaut <davi haxent.com.br>]

  *) mod_proxy: Report the proxy server name correctly in the "Via:" header,
     when UseCanonicalName is Off. PR 11971. [Martin Kraemer]

  *) mod_isapi: Various trivial code-fixes to permit mod_isapi to load and
     run on Unix. [William Wrowe]

  *) HTML-escape the Expect error message.  Not classed as security as
     an attacker has no way to influence the Expect header a victim will
     send to a target site.  Reported by Thiago Zaninotti
     <thiango nstalker.com>. [Mark Cox]

Changes with Apache 2.0.56

  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
     mod_ssl: Fix a possible crash during access control checks if a
     non-SSL request is processed for an SSL vhost (such as the
     "HTTP request received on SSL port" error message when an 400
     ErrorDocument is configured, or if using "SSLEngine optional").
     PR 37791.  [Rüdiger Plüm, Joe Orton]

  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
     mod_imap: Escape untrusted referer header before outputting in HTML
     to avoid potential cross-site scripting.  Change also made to
     ap_escape_html so we escape quotes.  Reported by JPCERT.
     [Mark Cox]

  *) Add APR/APR-Util Compiled and Runtime Version numbers to the
     output of 'httpd -V'. [William Rowe]

  *) Ensure that the proper status line is written to the client, fixing
     incorrect status lines caused by filters which modify r->status without 
     resetting r->status_line, such as the built-in byterange filter.
     [Jeff Trawick]

  *) Default handler: Don't return output filter apr_status_t values.
     PR 31759.  [Jeff Trawick, Ruediger Pluem, Joe Orton]

  *) mod_speling: Stop crashing with certain non-file requests.  
     [Jeff Trawick]

  *) keep the Content-Length header for a HEAD with no response body.
     PR 18757 [Greg Ames]
 
  *) Modify apr[util] .h detection to avoid breakage on VPATH builds
     using Solaris make (amoung others) and avoid breakage in ./buildconf
     when srclib/apr[-util] are symlinks rather than directories proper.
     [William Rowe]

  *) Avoid server-driven negotiation when a CGI script has emitted an 
     explicit "Status:" header. PR 38070.  [Nick Kew]

  *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
     format is used. PR 27787.  [André Malo]

  *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs.  PR 34264.
     [Justin Erenkrantz]

  *) mod_cache: Correctly handle responses with a 301 status. PR 37347. 
     [Paul Querna]

  *) mod_proxy_http: Prevent data corruption of POST request bodies when
     client accesses proxied resources with SSL. PR 37145.
     [Ruediger Pluem, William Rowe]    

  *) Eliminated the NET_TIME filter, restructuring the timeout logic.
     This provides a working mod_echo on all platforms, and ensures any
     custom protocol module is at least given an initial timeout value
     based on the <VirtualHost > context's Timeout directive.
     [William Rowe]  

  *) mod_ssl: Correct issue where mod_ssl does not pick up the 
     ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]

  *) Document the ReceiveBufferSize change done in r157583.
     [Murray Nesbitt <murray cpan.org>]

  *) mod_deflate: Merge the Vary header, instead of Setting it. Fixes
     applications that send the Vary Header themselves. PR 37559. 
     [Paul Querna]

  *) mod_dav: Fix a null pointer dereference in an error code path during the
     handling of MKCOL. [Ghassan Misherghi <ghassanm ucdavis.edu>]

  *) mod_mime_magic: Handle CRLF-format magic files so that it works with
     the default installation on Windows.  [Jeff Trawick]

  *) Write message to error log if AuthGroupFile cannot be opened.
     PR 37566.  [Rüdiger Plüm]

  *) Add ReceiveBufferSize directive to control the TCP receive buffer.
     [Eric Covener <covener gmail.com>]

  *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
     [Paul Querna]

  *) Remove the base href tag from proxy_ftp, as it breaks relative
     links for clients not using an Authorization header. [Graham Leggett,
     Jon Snow <jsnow27 gatesec.net>]

  *) http_request.c: Add missing va_end call. [André Malo]

  *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
     [Paul Querna]

  *) support/check_forensic: Fix temp file usage
     [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]

  *) Chunk filter: Fix chunk filter to create correct chunks in the case that
     a flush bucket is surrounded by data buckets. [Ruediger Pluem]

  *) mod_cgi(d): Remove block on OPTIONS method so that scripts can
     respond to OPTIONS directly rather than via server default.
     [Roy Fielding] PR 15242

  *) Added new module mod_version, which provides version dependent
     configuration containers.  [André Malo]

  *) Add core version query function (ap_get_server_revision) and
     accompanying ap_version_t structure (minor MMN bump).
     [André Malo]

Changes with Apache 2.0.55

  *) SECURITY: CVE-2005-2700 (cve.mitre.org)
     mod_ssl: Fix a security issue where "SSLVerifyClient" was not
     enforced in per-location context if "SSLVerifyClient optional"
     was configured in the vhost configuration.  [Joe Orton]

  *) SECURITY: CVE-2005-2970 (cve.mitre.org)
     worker MPM: Fix a memory leak which can occur after an aborted
     connection in some limited circumstances.  [Greg Ames]

  *) mod_ldap: Fix PR 36563. Keep track of the number of attributes
     retrieved from LDAP so that all of the values can be properly 
     cached even if the value is NULL. 
     [Brad Nicholes, Ondrej Sury <ondrej sury.org>]
       
  *) SECURITY: CVE-2005-2491 (cve.mitre.org): 
     Fix integer overflows in PCRE in quantifier parsing which could
     be triggered by a local user through use of a carefully-crafted 
     regex in an .htaccess file.  [Philip Hazel]

  *) SECURITY: CVE-2005-2088 (cve.mitre.org)
     proxy: Correctly handle the Transfer-Encoding and Content-Length
     headers.  Discard the request Content-Length whenever T-E: chunked
     is used, always passing one of either C-L or T-E: chunked whenever 
     the request includes a request body.  Resolves an entire class of
     proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]

  *) Added TraceEnable [on|off|extended] per-server directive to alter
     the behavior of the TRACE method.  This addresses a flaw in proxy
     conformance to RFC 2616 - previously the proxy server would accept
     a TRACE request body although the RFC prohibited it.  The default
     remains 'TraceEnable on'.  [William Rowe]

  *) Add ap_log_cerror() for logging messages associated with particular
     client connections.  [Jeff Trawick]

  *) Correct mod_cgid's argv[0] so that the full path can be delved by the
     invoked cgi application, to conform to the behavior of mod_cgi.
     [Pradeep Kumar S <pradeep.smani gmail.com>]

  *) mod_include: Fix possible environment variable corruption when 
     using nested includes.  PR 12655.  [Joe Orton]

  *) Support the suppress-error-charset setting, as with Apache 1.3.x.
     PR 31274.  [Jeff Trawick]

  *) EBCDIC: Handle chunked input from client or, with proxy, origin
     server.  [Jeff Trawick]

  *) Fix bad globbing comparison which could result in getting
     a directory listing when a file was requested. PR 34512.
     [sean <infamous41md hotmail.com>]

  *) Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker()
     was called even if mod_auth_ldap_check_user_id() was not
     (or if it didn't succeed) for non-authoritative cases.
     [Jim Jagielski]

  *) SECURITY: CVE-2005-2728 (cve.mitre.org)
     Fix cases where the byterange filter would buffer responses
     into memory.  PR 29962.  [Joe Orton]

  *) mod_proxy: Fix over-eager handling of '%' for reverse proxies.
     PR 15207.  [Jim Jagielski]

  *) mod_ldap: Fix various shared memory cache handling bugs.
     PR 34209.  [Joe Orton]

  *) Fix a file descriptor leak when starting piped loggers.  PR 33748. 
     [Joe Orton]

  *) mod_ldap: Avoid segfaults when opening connections if using a version
     of OpenLDAP older than 2.2.21.  PR 34618.  [Brad Nicholes]

  *) mod_ssl: Fix build with OpenSSL 0.9.8.  PR 35757.  [William Rowe]

  *) SECURITY: CVE-2005-2088 (cve.mitre.org)
     core: If a request contains both Transfer-Encoding and Content-Length
     headers, remove the Content-Length, mitigating some HTTP Request 
     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]

  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
     Content-Length, remove the Content-Length and don't reuse the
     connection, mitigating some HTTP Response Splitting attacks.
     [Jeff Trawick]

  *) Prevent hangs of child processes when writing to piped loggers at
     the time of graceful restart.  PR 26467.  [Jeff Trawick]

  *) SECURITY: CVE-2005-1268 (cve.mitre.org)
     mod_ssl: Fix off-by-one overflow whilst printing CRL information
     at "LogLevel debug" which could be triggered if configured 
     to use a "malicious" CRL.  PR 35081.  [Marc Stern <mstern csc.com>]

  *) mod_userdir: Fix possible memory corruption issue.  PR 34588.
     [David Leonard <dleonard vintela.com>]

  *) worker mpm: don't take down the whole server for a transient
     thread creation failure. PR 34514 [Greg Ames]
  
  *) mod_rewrite: use buffered I/O to improve performance with large
     RewriteMap txt: files.  [Greg Ames]

  *) proxy HTTP: Rework the handling of request bodies to handle
     chunked input and input filters which modify content length, and
     avoid spooling arbitrary-sized request bodies in memory.
     PR 15859.  [Jeff Trawick]

Changes with Apache 2.0.54

  *) mod_cache: Add CacheIgnoreHeaders directive.  PR 30399.
     [Rüdiger Plüm <r.pluem t-online.de>]

  *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
     the ldap socket connection timeout value.  
     [Brad Nicholes]

  *) Correctly export all mod_dav public functions.
     [Branko Čibej <brane xbc.nu>]

  *) Add a build script to create a solaris package. [Graham Leggett]

  *) worker MPM: Fix a problem which could cause httpd processes to
     remain active after shutdown.  [Jeff Trawick]

  *) Unix MPMs: Shut down the server more quickly when child processes are
     slow to exit.  [Joe Orton, Jeff Trawick]

  *) Remove formatting characters from ap_log_error() calls.  These
     were escaped as fallout from CVE-2003-0020.
     [Eric Covener <ecovener gmail.com>]

  *) mod_ssl: If SSLUsername is used, set r->user earlier.  PR 31418.
     [David Reid]

  *) htdigest: Fix permissions of created files.  PR 33765.  [Joe Orton]

  *) core_input_filter: Move buckets to a persistent brigade instead of
     creating a new brigade. This stop a memory leak when proxying a 
     Streaming Media Server. PR 33382. [Paul Querna]

  *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid 
     hiccups from additional path information passed in non-utf-8 format.
     [Richard Donkin <rd9 donkin.org]

Changes with Apache 2.0.53

  *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
     [Max Bowsher <maxb ukf.net>]

  *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
     [Rici Lake <rici ricilake.net>]

  *) mod_proxy: Respect errors reported by pre_connection hooks.
     [Jeff Trawick]

  *) --with-module can now take more than one module to be statically
     linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
     If the <modtype>-subdirectory doesn't exist it will be created and
     populated with a standard Makefile.in.  [Erik Abele]

  *) Fix the RPM spec file so that an RPM build now works. An RPM
     build now requires system installations of APR and APR-util.
     Remove some arbitrary moving around of binaries - the RPM now
     maps to the ASF build of httpd.
     [Graham Leggett]

  *) mod_dumpio, an I/O logging/dumping module, added to the
     modules/expermimental subdirectory.  [Jim Jagielski]

  *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
     library handles special characters.  PR 24437.  [Jess Holle]

  *) Win32 MPM: Correct typo in debugging output.  [William Rowe]

  *) conf: Remove AddDefaultCharset from the default configuration because
     setting a site-wide default does more harm than good. PR 23421.
     [Roy Fielding]

  *) Add charset to example CGI scripts.  [Roy Fielding]

  *) mod_ssl: fail quickly if SSL connection is aborted rather than
     making many doomed ap_pass_brigade calls.  PR 32699.  [Joe Orton]

  *) Remove compiled-in upper limit on LimitRequestFieldSize.
     [Bill Stoddard]

  *) Start keeping track of time-taken-to-process-request again for
     mod_status if ExtendedStatus is enabled. [Jim Jagielski]

  *) mod_proxy: Handle client-aborted connections correctly.  PR 32443.
     [Janne Hietamäki, Joe Orton]

  *) Fix handling of files >2Gb on all platforms (or builds) where
     apr_off_t is larger than apr_size_t.  PR 28898.  [Joe Orton]

  *) mod_include: Fix bug which could truncate variable expansions
     of N*64 characters by one byte.  PR 32985.  [Joe Orton]

  *) Correct handling of certain bucket types in ap_save_brigade, fixing
     possible segfaults in mod_cgi with #include virtual.  PR 31247.
     [Joe Orton]

  *) Allow for the use of --with-module=foo:bar where the ./modules/foo
     directory is local only. Assumes, of course, that the required
     files are in ./modules/foo, but makes it easier to statically
     build/log "external" modules.  [Jim Jagielski]

  *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that 
     ldap authorization only modules have access to the util_ldap 
     user cache without having to require ldap authentication as well.  
     PR 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]

  *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
     allows the module to only authorize a user if the attribute value
     specified matches the value of the user object. PR 31913
     [Ryan Morgan <rmorgan pobox.com>]

  *) SECURITY: CVE-2004-0942 (cve.mitre.org)
     Fix for memory consumption DoS in handling of MIME folded request
     headers.  [Joe Orton]

  *) SECURITY: CVE-2004-0885 (cve.mitre.org)
     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
     bypassed during an SSL renegotiation.  PR 31505.  
     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]

  *) mod_ssl: Fail at startup rather than segfault at runtime if a
     client cert is configured with an encrypted private key.
     PR 24030.  [Joe Orton]

  *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
     [Joe Orton]

  *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
     [Jeff Trawick]
 
  *) mod_cache: CacheDisable will only disable the URLs it was meant to
     disable, not all caching. PR 31128.
     [Edward Rudd <eddie omegaware.com>, Paul Querna]

  *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
     cache responses.  [Justin Erenkrantz]

  *) mod_rewrite: Handle per-location rules when r->filename is unset.
     Previously this would segfault or simply not match as expected,
     depending on the platform.  [Jeff Trawick]

  *) mod_rewrite: Fix 0 bytes write into random memory position.
     PR 31036. [André Malo]

  *) mod_disk_cache: Do not store aborted content.  PR 21492.
     [Rüdiger Plüm <r.pluem t-online.de>]

  *) mod_disk_cache: Correctly store cached content type.  PR 30278.
     [Rüdiger Plüm <r.pluem t-online.de>]

  *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
     statistics display. PR 29216. [Graham Leggett]

  *) mod_ldap: fix a bogus error message to tell the user which file
     is causing a potential problem with the LDAP shared memory cache.
     PR 31431 [Graham Leggett]

  *) SECURITY: CVE-2004-1834 (cve.mitre.org)
     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]

  *) Fix the re-linking issue when purging elements from the LDAP cache
     PR 24801.  [Jess Holle <jessh ptc.com>]
      
  *) mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]

  *) Fix Expires handling in mod_cache.  [Justin Erenkrantz]

  *) Alter mod_expires to run at a different filter priority to allow
     proper Expires storage by mod_cache.  [Justin Erenkrantz]

Changes with Apache 2.0.52

  *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]

  *) Fix the global mutex crash when the global mutex is never allocated
     due to disabled/empty caches. [Jess Holle <jessh ptc.com>]

  *) Fix a segfault in the LDAP cache when it is configured switched
     off. [Jess Holle <jessh ptc.com>]

  *) SECURITY: CVE-2004-0811 (cve.mitre.org)
     Fix merging of the Satisfy directive, which was applied to
     the surrounding context and could allow access despite configured
     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]

  *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
     is enabled.  Previously, such urls would still be rejected.
     [Jeff Trawick, Bill Stoddard]

  *) mod_mem_cache: Fixed race condition causing segfault because of memory being
     freed twice, or reused after being freed.
     [J. Clar, W. Stoddard, G. Ames]
    
  *) Add -l option to rotatelogs to let it use local time rather than
     UTC.  PR 24417.  [Ken Coar, Uli Zappe <uli ritual.org>]

  *) mod_log_config: Fix a bug which prevented request completion time
     from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
     processing.  PR 29696.  [Alois Treindl <alois astro.ch>]

Changes with Apache 2.0.51

  *) SECURITY: CVE-2004-0786 (cve.mitre.org)
     Fix an input validation issue in apr-util which could be
     triggered by malformed IPv6 literal addresses.  [Joe Orton]

  *) SECURITY: CVE-2004-0747 (cve.mitre.org)
     Fix buffer overflow in expansion of environment variables in
     configuration file parsing.  [André Malo]

  *) SECURITY: CVE-2004-0809 (cve.mitre.org)
     mod_dav_fs: Fix a segfault in the handling of an indirect lock
     refresh.  PR 31183.  [Joe Orton]

  *) mod_include no longer checks for recursion, because that's done
     in the core. This allows for careful usage of recursive SSI.
     [André Malo]

  *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
     [chunyan sheng <shengperson yahoo.com>, André Malo]

  *) Include directives no longer refuse to process symlinks on
     directories. Instead there's now a maximum nesting level
     of included directories (128 as distributed). This is configurable
     at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
     PR 28492.  [André Malo]

  *) Win32: apache -k start|restart|install|config can leave stranded
     piped logger processes (eg, rotatelogs.exe) due to improper
     server shutdown on these code paths.
     [Bill Stoddard]

  *) SECURITY: CVE-2004-0751 (cve.mitre.org)
     mod_ssl: Fix a segfault in the SSL input filter which could be
     triggered if using "speculative" mode, for instance by a 
     proxy request to an SSL server.  PR 30134.  [Joe Orton]

  *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
     PR 30464.  [Joe Orton, Madhusudan Mathihalli]

  *) mod_ssl: Add new 'ssl_is_https' optional function.  [Joe Orton]

  *) Prevent CGI script output which includes a Content-Range header
     from being passed through the byterange filter.  [Joe Orton]

  *) Satisfy directives now can be influenced by a surrounding <Limit>
     container.  PR 14726.  [André Malo]

  *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
     PR 27985.  [André Malo]

  *) mod_disk_cache: Implement binary format for on-disk header files.
     [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]

  *) mod_disk_cache: Optimize network performance of disk cache subsystem by
     allowing zero-copy (sendfile) writes and other miscellaneous fixes.
     [Justin Erenkrantz]

  *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
     switch to the provider API instead of hooks.  [Justin Erenkrantz]

  *) mod_autoindex: Don't truncate the directory listing if a stat()
     call fails (for instance on a >2Gb file).  PR 17357.
     [Joe Orton]

  *) Makefile fix: httpd is linked against LIBS given to the
     'make' invocation.  PR 7882.  [Joe Orton]

  *) WinNT MPM: Fix a broken log message at termination.  PR 28063.
     [Eider Oliveira <eider bol.com.br>]

  *) Prevent Win32 pool corruption at startup [Allan Edwards]

  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
     chosen SSL environment variable.  PR 20957. 
     [Martin v. Loewis <martin v.loewis.de>]

  *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
     [Zvi Har'El <rl math.technion.ac.il>]

  *) apachectl: Fix a problem finding envvars if sbindir != bindir.
     PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]

  *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]

  *) SECURITY: CVE-2004-0748 (cve.mitre.org)
     mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]

  *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
     PR 18989.  [Joe Orton]

  *) mod_userdir: Ensure that the userdir identity is used for
     suexec userdir access in a virtual host which has suexec configured.  
     PR 18156.  [Joshua Slive]

  *) mod_rewrite no longer confuses the RewriteMap caches if
     different maps defined in different virtual hosts use the
     same map name. PR 26462.  [André Malo]

  *) mod_setenvif: Remove "support" for Remote_User variable which
     never worked at all. PR 25725.  [André Malo]

  *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
     again the functionality of the ErrorHeader directive. But instead
     using this misnomer additional flags to the Header directive were
     introduced ("always" and "onsuccess", defaulting to the latter).
     PR 28657.  [André Malo]

  *) Use the higher performing 'httpready' Accept Filter on all platforms 
     except FreeBSD < 4.1.1. [Paul Querna]

  *) mod_usertrack: Escape the cookie name before pasting into the
     regexp.  [André Malo]

  *) Extend the SetEnvIf directive to capture subexpressions of the
     matched value.  [André Malo]

  *) Recursive Include directives no longer crash. The server stops
     including configuration files after a certain nesting level (128
     as distributed). This is configurable at compile time using the
     -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]

  *) mod_dir: the trailing-slash behaviour is now configurable using the
     DirectorySlash directive.  [André Malo]

  *) Allow proxying of resources that are invoked via DirectoryIndex.
     PR 14648, 15112, 29961.  [André Malo]

  *) util_ldap: Switched the lock types on the shared memory cache 
     from thread reader/writer locks to global mutexes in order to 
     provide cross process cache protection. [Brad Nicholes]
     
  *) util_ldap: Reworked the cache locking scheme to eliminate duplicate 
     cache entries in the credentials cache due to race conditions.
     [Brad Nicholes]
     
  *) util_ldap: Enhanced the util_ldap cache-info display to show more 
     detail about the contents and current state of the cache. 
     [Brad Nicholes]
     
  *) Enable the option to support anonymous shared memory in mod_ldap.
     This makes the cache work on Linux again. [Graham Leggett]

  *) Enable special ErrorDocument value 'default' which restores the
     canned server response for the scope of the directive.
     [Geoffrey Young, André Malo]

  *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
     is set in r->subprocess_env allow mismatched query strings to pass.
     PR 27758.  [Paul Querna, Geoffrey Young]

  *) Accept URLs for the ServerAdmin directive. If the supplied
     argument is not recognized as an URL, assume it's a mail address.
     PR 28174.  [André Malo, Paul Querna]

  *) initialize server arrays prior to calling ap_setup_prelinked_modules
     so that static modules can push Defines values when registering
     hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]

  *) Small fix to allow reverse proxying to an ftp server. Previously
     an attempt to do this would try and connect to 0.0.0.0, regardless
     of the server specified. PR 24922
     [Pascal Terjan <pterjan@linuxfr.org>]

  *) Add the NOTICE file to the rpm spec file in compliance with the
     Apache v2.0 license. [Graham Leggett]
 
  *) RPM spec file changes: changed default dependancy to link to db4
     instead of db3. Fixed complaints about unpackaged files.
     [Graham Leggett]
 
Changes with Apache 2.0.50

  *) SECURITY: CVE-2004-0493 (cve.mitre.org)
     Close a denial of service vulnerability identified by Georgi
     Guninski which could lead to memory exhaustion with certain
     input data.  [Jeff Trawick]

  *) mod_cgi: Handle output on stderr during script execution on Unix
     platforms; preventing deadlock when stderr output fills pipe buffer.
     Also fixes case where stderr from nph- scripts could be lost.
     PR 22030, 18348.  [Joe Orton, Jeff Trawick]

  *) mod_alias now emits a warning if it detects overlapping *Alias*
     directives.  [André Malo]

  *) mod_rewrite no longer turns forward proxy requests into reverse proxy
     requests. PR 28125  [ast domdv.de, André Malo]

  *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
     exported on Win32 and Netware as well (minor MMN bump).  PR 28523.
     [Edward Rudd <eddie omegaware.com>, André Malo]

  *) Restore the ability to disable the use of AcceptEx on Win9x systems
     automatically (broken in 2.0.49). PR 28529.  [André Malo]

  *) <VirtualHost myhost> now applies to all IP addresses for myhost
     instead of just the first one reported by the resolver.  This
     corrects a regression since 1.3.  [Jeff Trawick]

  *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
     against ServerRoot PR#26602 [Brad Nicholes]
       
  *) SECURITY: CVE-2004-0488 (cve.mitre.org)
     mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
     (trusted) client certificate subject DN which exceeds 6K in length.
     [Joe Orton]

  *) mod_dav_fs: Fix MKCOL response for missing parent collections, which 
     caused issues for the Eclipse WebDAV extension.
     PR 29034.  [Joe Orton]

  *) mod_deflate: Fix memory consumption (which was proportional to the
     response size).  PR 29318.  [Joe Orton]

  *) mod_ssl: Log the errors returned on failure to load or initialize
     a crypto accelerator engine.  [Joe Orton]

  *) Allow RequestHeader directives to be conditional. PR 27951.
     [Vincent Deffontaines <vincent gryzor.com>, André Malo]

  *) Allow LimitRequestBody to be reset to unlimited. PR 29106
     [André Malo]

  *) Fix a bunch of cases where the return code of the regex compiler
     was not checked properly. This affects: mod_setenvif, mod_usertrack,
     mod_proxy, mod_proxy_ftp and core. PR 28218.  [André Malo]

  *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
     small cache sizes.  PR 27751.  [Geoff Thorpe <geoff geoffthorpe.net>]

  *) Remove 2Gb log file size restriction on some 32-bit platforms.
     PR 13511.  [Joe Orton]

  *) mod_logio no longer removes the EOS bucket. PR 27928.
     [Bojan Smojver <bojan rexursive.com>]

  *) htpasswd no longer refuses to process files that contain empty
     lines.  [André Malo]

  *) Regression from 1.3: At startup, suexec now will be checked for
     availability, the setuid bit and user root. The works only if
     httpd is compiled with the shipped APR version (0.9.5).
     PR 28287.  [André Malo]

  *) Unix MPMs: Stop dropping connections when the file descriptor
     is at least FD_SETSIZE.  [Jeff Trawick]

  *) Fix handling of IPv6 numeric strings in mod_proxy.  [Jeff Trawick]

  *) mod_isapi: send_response_header() failed to copy status string's 
     last character.  PR 20619.  [Jesse Pelton <jsp pkc.com>]

  *) Fix a segfault when requests for shared memory fails and returns
     NULL. Fix a segfault caused by a lack of bounds checking on the
     cache.  PR 24801.  [Graham Leggett]

  *) Throw an error message if an attempt is made to use the LDAPTrustedCA
     or LDAPTrustedCAType directives in a VirtualHost. PR 26390
     [Brad Nicholes]

  *) Fix a potential segfault if the bind password in the LDAP cache
     is NULL.  PR 28250.  [Jari Ahonen <jah progress.com>]

  *) Quotes cannot be used around require group and require dn
     directives, update the documentation to reflect this. Also add
     quotes around the dn and group within debug messages, to make it
     more obvious why authentication is failing if quotes are used in
     error.  PR 19304.  [Graham Leggett]

  *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
     from escaping filters twice when the backslash character is used.
     PR 24437.  [Jess Holle <jessh ptc.com>]

  *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
     functions leave the connections in a sane state after errors have
     occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
     27271 [Graham Leggett]
                                                                                
  *) mod_ldap calls ldap_simple_bind_s() to validate the user
     credentials.  If the bind fails, the connection is left
     in an unbound state.  Make sure that the ldap connection
     record is updated to show that the connection is no longer
     bound. [Brad Nicholes]

  *) Ensure that lines in the request which are too long are 
     properly terminated before logging.
     [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]

  *) Update the bind credentials for the cached LDAP connection to 
     reflect the last bind.  This prevents util_ldap from creating 
     unnecessary connections rather than reusing cached connections.
     [Brad Nicholes]
     
  *) mod_isapi: GetServerVariable returned improperly terminated header 
     fields given "ALL_HTTP" or "ALL_RAW".  PR 20656.
     [Jesse Pelton <jsp pkc.com>]

  *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
     size.  PR 20617.  [Jesse Pelton <jsp pkc.com>]

  *) mod_dav: Fix a problem that could cause crashes when manipulating 
     locks on some platforms.  [Jeff Trawick]

  *) mod_headers no longer crashes if an empty header value should
     be added.  [André Malo]

  *) Fix segfault in mod_expires, which occured under certain
     circumstances. PR 28047.  [André Malo]

  *) htpasswd: use apr_temp_dir_get() and general cleanup
     [Guenter Knauf <eflash gmx.net>, Thom May]

  *) mod_ssl: Fix memory leak in session cache handling.  PR 26562
     [Madhusudan Mathihalli]

  *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
     a pool cleanup.  PR 27945.  [Joe Orton]

  *) Add forensic logging module (mod_log_forensic).
     [Ben Laurie]

  *) logresolve: Allow size of log line buffer to be overridden at
     build time (MAXLINE).  PR 27793.  [Jeff Trawick]

  *) Fix the comment delimiter in htdbm so that it correctly parses the 
     username comment.  Also add a terminate function to allow NetWare 
     to pause the output before the screen is destroyed.
     [Guenter Knauf <eflash gmx.net>, Brad Nicholes] 
  
  *) Fix crash when Apache was started with no Listen directives.
     [Michael Corcoran <mcorcoran warpsolutions.com>]

  *) core_output_filter: Fix bug that could result in sending
     garbage over the network when module handlers construct
     bucket brigades containing multiple file buckets all referencing
     the same open file descriptor. [Bojan Smojver]

  *) Fix memory corruption problem with ap_custom_response() function.
     The core per-dir config would later point to request pool data
     that would be reused for different purposes on different requests.
     [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]

  *) Win32: Tweak worker thread accounting routines to eliminate
     server hang when number of Listen directives in httpd.conf
     is greater than or equal to the setting of ThreadsPerChild.
     [Bill Stoddard]

Changes with Apache 2.0.49

  *) SECURITY: CVE-2004-0174 (cve.mitre.org)
     Fix starvation issue on listening sockets where a short-lived
     connection on a rarely-accessed listening socket will cause a
     child to hold the accept mutex and block out new connections until
     another connection arrives on that rarely-accessed listening socket.
     With Apache 2.x there is no performance concern about enabling the 
     logic for platforms which don't need it, so it is enabled everywhere
     except for Win32.  [Jeff Trawick]

  *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
     [Jeff Trawick]

  *) Win32: find_read_listeners was not correctly handling multiple
     listeners on the Win32DisableAcceptEx path.  [Bill Stoddard]

  *) Fix bug in mod_usertrack when no CookieName is set.  PR 24483.
     [Manni Wood <manniwood planet-save.com>]

  *) Fix some piped log problems: bogus "piped log program '(null)'
     failed" messages during restart and problem with the logger
     respawning again after Apache is stopped.  PR 21648, PR 24805.
     [Jeff Trawick]

  *) Fixed file extensions for real media files and removed rpm extension
     from mime.types. PR 26079.  [Allan Sandfeld <kde carewolf.com>]

  *) Remove compile-time length limit on request strings. Length is
     now enforced solely with the LimitRequestLine config directive.
     [Paul J. Reder]

  *) mod_ssl: Send the Close Alert message to the peer before closing
     the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]

  *) SECURITY: CVE-2004-0113 (cve.mitre.org)
     mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
     PR 27106.  [Joe Orton]

  *) mod_ssl: Fix bug in passphrase handling which could cause spurious
     failures in SSL functions later.  PR 21160.  [Joe Orton]

  *) mod_log_config: Fix corruption of buffered logs with threaded
     MPMs.  PR 25520.  [Jeff Trawick]

  *) Fix mod_include's expression parser to recognize strings correctly
     even if they start with an escaped token.  [André Malo]

  *) Add fatal exception hook for use by diagnostic modules.  The hook
     is only available if the --enable-exception-hook configure parm 
     is used and the EnableExceptionHook directive has been set to 
     "on".  [Jeff Trawick]

  *) Allow mod_auth_digest to work with sub-requests with different
     methods than the original request.  PR 25040.
     [Josh Dady <jpd indecisive.com>]

  *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
     argumentless containers.
     ["Philippe M. Chiasson" <gozer cpan.org>]

  *) mod_auth_ldap: Fix some segfaults in the cache logic.  PR 18756.
     [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]

  *) mod_cgid: Restart the cgid daemon if it crashes.  PR 19849
     [Glenn Nielsen <glenn apache.org>]

  *) The whole codebase was relicensed and is now available under
     the Apache License, Version 2.0 (http://www.apache.org/licenses).
     [Apache Software Foundation]

  *) Fixed cache-removal order in mod_mem_cache.
     [Jean-Jacques Clar, Cliff Woolley]

  *) mod_setenvif: Fix the regex optimizer, which under circumstances
     treated the supplied regex as literal string. PR 24219.
     [André Malo]

  *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
     instead of mmn. [André Malo]

  *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
     could lead to a 400 (Bad Request) response.  [André Malo]

  *) Keep focus of ITERATE and ITERATE2 on the current module when
     the module chooses to return DECLINE_CMD for the directive.
     PR 22299.  [Geoffrey Young <geoff apache.org>]

  *) Add support for IMT minor-type wildcards (e.g., text/*) to
     ExpiresByType.  PR#7991  [Ken Coar]

  *) Fix segfault in mod_mem_cache cache_insert() due to cache size
     becoming negative.  PR: 21285, 21287
     [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]

  *) core.c: If large file support is enabled, allow any file that is
     greater than AP_MAX_SENDFILE to be split into multiple buckets.
     This allows Apache to send files that are greater than 2gig.
     Otherwise we run into 32/64 bit type mismatches in the file size.
     [Brad Nicholes]

  *) proxy_http fix: mod_proxy hangs when both KeepAlive and
     ProxyErrorOverride are enabled, and a non-200 response without a
     body is generated by the backend server. (e.g.: a client makes a
     request containing the "If-Modified-Since" and "If-None-Match"
     headers, to which the backend server respond with status 304.)
     [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]

  *) mod_dav: Reject requests which include an unescaped fragment in the
     Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]

  *) Build array of allowed methods with proper dimensions, fixing
     possible memory corruption.  [Jeff Trawick]

  *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
     PR 15057.  [Otmar Lendl <lendl nic.at>]

  *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
     [Joe Orton]

  *) mod_usertrack no longer inspects the Cookie2 header for
     the cookie name. PR 11475.  [Chris Darrochi <chrisd pearsoncmg.com>]

  *) mod_usertrack no longer overwrites other cookies.
     PR 26002.  [Scott Moore <apache nopdesign.com>]

  *) worker MPM: fix stack overlay bug that could cause the parent
     process to crash.  [Jeff Trawick]

  *) Win32: Add Win32DisableAcceptEx directive. This Windows
     NT/2000/CP directive is useful to work around bugs in some 
     third party layered service providers like virus scanners, 
     VPN and firewall products, that do not properly handle 
     WinSock 2 APIs.  Use this directive if your server is issuing
     AcceptEx failed messages.
     [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]

  *) Make REMOTE_PORT variable available in mod_rewrite.
     PR 25772.  [André Malo]

  *) Fix a long delay with CGI requests and keepalive connections on
     AIX.  [Jeff Trawick]

  *) mod_autoindex: Add 'XHTML' option in order to allow switching between
     HTML 3.2 and XHTML 1.0 output. PR 23747.  [André Malo]

  *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
     [André Malo]

  *) mod_ssl: Advertise SSL library version as determined at run-time rather
     than at compile-time.  PR 23956.  [Eric Seidel <seidel apple.com>]

  *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
     format code is used.  PR 22741.  [Gary E. Miller <gem rellim.com>]

  *) Fix build with parallel make.  PR 24643.  [Joe Orton]

  *) mod_rewrite: In external rewrite maps lookup keys containing
     a newline now cause a lookup failure. PR 14453.
     [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]

  *) Backport major overhaul of mod_include's filter parser from 2.1.
     The new parser code is expected to be more robust and should
     catch all of the edge cases that were not handled by the previous one.
     The 2.1 external API changes were hidden by a wrapper which is
     expected to keep the API backwards compatible.  [André Malo]

  *) Add a hook (insert_error_filter) to allow filters to re-insert
     themselves during processing of error responses. Enable mod_expires
     to use the new hook to include Expires headers in valid error
     responses. This addresses an RFC violation. It fixes PRs 19794,
     24884, and 25123. [Paul J. Reder]

  *) Add Polish translation of error messages.  PR 25101.
     [Tomasz Kepczynski <tomek jot23.org>]

  *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
     supported for BeOS or OS/2 MPMs.)  [Jeff Trawick, Brad Nicholes,
     Bill Stoddard]

  *) Add mod_status hook to allow modules to add to the mod_status
     report.  [Joe Orton]

  *) Fix htdbm to generate comment fields in DBM files correctly.
     [Justin Erenkrantz]

  *) mod_dav: Use bucket brigades when reading PUT data. This avoids
     problems if the data stream is modified by an input filter. PR 22104.
     [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]

  *) Fix RewriteBase directive to not add double slashes.  [André Malo]

  *) Improve 'configure --help' output for some modules.  [Astrid Keßler]

  *) Correct UseCanonicalName Off to properly check incoming port number.
     [Jim Jagielski]

  *) Fix slow graceful restarts with prefork MPM.  [Joe Orton]

  *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
     if any property values were set which defined namespaces these
     came out mangled in the PROPFIND response.  PR 11637.
     [Amit Athavale <amit_athavale persistent.co.in>]

  *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
     the destination resource gives a 401.  PR 15571.  [Joe Orton]

  *) SECURITY: CVE-2003-0020 (cve.mitre.org)
     Escape arbitrary data before writing into the errorlog. Unescaped
     errorlogs are still possible using the compile time switch
     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]

  *) mod_autoindex / core: Don't fail to show filenames containing
     special characters like '%'. PR 13598.  [André Malo]
 
  *) mod_status: Report total CPU time accurately when using a threaded
     MPM.  PR 23795.  [Jeff Trawick]

  *) Fix memory leak in handling of request bodies during reverse
     proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]

  *) Win32 MPM: Implement MaxMemFree to enable setting an upper
     limit on the amount of storage used by the bucket brigades
     in each server thread. [Bill Stoddard]

  *) Modified the cache code to be header-location agnostic. Also
     fixed a number of other cache code bugs related to PR 15852.
     Includes a patch submitted by Sushma Rai <rsushma novell.com>.
     This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
     closing the PR since that is what they are using. [Paul J. Reder]

  *) complain via error_log when mod_include's INCLUDES filter is
     enabled, but the relevant Options flag allowing the filter to run
     for the specific resource wasn't set, so that the filter won't
     silently get skipped. next remove itself, so the warning will be
     logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]

  *) mod_info: HTML escape configuration information so it displays 
     correctly. PR 24232. [Thom May]
     
  *) Restore the ability to add a description for directories that
     don't contain an index file.  (Broken in 2.0.48) [André Malo]

  *) Fix a problem with the display of empty variables ("SetEnv foo") in
     mod_include.  PR 24734  [Markus Julen <mj zermatt.net>]

  *) mod_log_config: Log the minutes component of the timezone correctly.
     PR 23642.  [Hong-Gunn Chew <hgbug gunnet.org>]

  *) mod_proxy: Fix cases where an invalid status-line could be sent 
     to the client.  PR 23998.  [Joe Orton]

  *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
     are also loaded.  [Joe Orton]

  *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
     thread-safe interface for retrieving error strings.  [Joe Orton]

  *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
     avoid reporting an Internal Server error if it is used without
     having been set in the httpd.conf file. PR: 23748, 24459
     [André Malo, Liam Quinn  <liam htmlhelp.com>]

  *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
     option is set. PR 21668.  [Jesse Tie-Ten-Quee <highos highos.com>]

  *) mod_include no longer allows an ETag header on 304 responses.
     PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]

  *) EBCDIC: Convert header fields to ASCII before sending (broken
     since 2.0.44). [Martin Kraemer]

  *) Fix the inability to log errors like exec failure in
     mod_ext_filter/mod_cgi script children.  This was broken after 
     such children stopped inheriting the error log handle.  
     [Jeff Trawick]

  *) Fix mod_info to use the real config file name, not the default
     config file name.  [Aryeh Katz <aryeh secured-services.com>]

  *) Set the scoreboard state to indicate logging prior to running 
     logging hooks so that server-status will show 'L' for hung loggers
     instead of 'W'.  [Jeff Trawick]

Changes with Apache 2.0.48

  *) SECURITY: CVE-2003-0789 (cve.mitre.org)
     mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
     communicate with the cgid daemon and the CGI script.
     [Jeff Trawick]

  *) SECURITY: CVE-2003-0542 (cve.mitre.org)
     Fix buffer overflows in mod_alias and mod_rewrite which occurred
     if one configured a regular expression with more than 9 captures.
     [André Malo]

  *) mod_include: fix segfault which occured if the filename was not
     set, for example, when processing some error conditions.
     PR 23836.  [Brian Akins <bakins web.turner.com>, André Malo]

  *) fix the config parser to support <Foo>..</Foo> containers (no
     arguments in the opening tag) supported by httpd 1.3. Without
     this change mod_perl 2.0's <Perl> sections are broken.
     ["Philippe M. Chiasson" <gozer cpan.org>]

  *) mod_cgid: fix a hash table corruption problem which could
     result in the wrong script being cleaned up at the end of a
     request.  [Jeff Trawick]

  *) Update httpd-*.conf to be clearer in describing the connection
     between AddType and AddEncoding for defining the meaning of
     compressed file extensions. [Roy Fielding]

  *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
     PR 23416.  [André Malo]

  *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
     rewritten request using "proxy:". The code was adding multiple "proxy:"
     fields in the rewritten URI. PR: 13946.
     [Eider Oliveira <eider bol.com.br>]

  *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
     expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]

  *) Ensure that ssl-std.conf is generated at configure time, and switch
     to using the expanded config variables to work the same as
     httpd-std.conf PR: 19611
     [Thom May]

  *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
     [Hartmut Keil <Hartmut.Keil adnovum.ch>]

  *) mod_autoindex: If a directory contains a file listed in the
     DirectoryIndex directive, the folder icon is no longer replaced
     by the icon of that file. PR 9587.
     [David Shane Holden <dpejesh yahoo.com>]

  *) Fixed mod_usertrack to not get false positive matches on the
     user-tracking cookie's name.  PR 16661.
     [Manni Wood <manniwood planet-save.com>]

  *) mod_cache: Fix the cache code so that responses can be cached
     if they have an Expires header but no Etag or Last-Modified
     headers. PR 23130.
     [<bjorn exoweb.net>]

  *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
     were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]

  *) Modify ap_get_client_block() to note if it has seen EOS.
     [Justin Erenkrantz]

  *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
     content if the Accept-Encoding header contained only other tokens than
     "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]

  *) Avoid an infinite recursion, which occured if the name of an included
     config file or directory contained a wildcard character. PR 22194.
     [André Malo]

  *) mod_ssl: Fix a problem setting variables that represent the
     client certificate chain.  PR 21371  [Jeff Trawick]

  *) Unix: Handle permissions settings for flock-based mutexes in 
     unixd_set_global|proc_mutex_perms().  Allow the functions to be
     called for any type of mutex.  PR 20312  [Jeff Trawick]

  *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]

  *) Fix a misleading message from the some of the threaded MPMs when 
     MaxClients has to be lowered due to the setting of ServerLimit.  
     [Jeff Trawick]

  *) Lower the severity of the "listener thread didn't exit" message
     to debug, as it is of interest only to developers.  PR 9011
     [Jeff Trawick]

  *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
     [Cliff Woolley, Jean-Jacques Clar]

  *) Install config.nice into the build/ directory to make
     minor version upgrades easier. [Joshua Slive]

  *) Fix mod_deflate so that it does not call deflate() without checking
     first whether it has something to deflate. (Currently this causes
     deflate to generate a fatal error according to the zlib spec.)
     PR 22259. [Stas Bekman]

  *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
     identity spoof is encountered.
     [Sander Striker]

  *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
     containing the .htaccess file is requested without a trailing slash.
     PR 20195.  [André Malo]

  *) ab: Overlong credentials given via command line no longer clobber
     the buffer.  [André Malo]

  *) mod_deflate: Don't attempt to hold all of the response until we're
     done.  [Justin Erenkrantz]

  *) Assure that we block properly when reading input bodies with SSL.
     PR 19242.  [David Deaves <David.Deaves dd.id.au>, William Rowe]

  *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]

  *) mod_ext_filter: Set additional environment variables for use by
     the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]

  *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]

  *) Remember an authenticated user during internal redirects if the
     redirection target is not access protected and pass it
     to scripts using the REDIRECT_REMOTE_USER environment variable.
     PR 10678, 11602.  [André Malo]

  *) mod_include: Fix a trio of bugs that would cause various unusual
     sequences of parsed bytes to omit portions of the output stream.
     PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]

  *) Update the header token parsing code to allow LWS between the
     token word and the ':' seperator.  [PR 16520]
     [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]

  *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
     [Joe Schaefer <joe+gmane sunstarsys.com>]

  *) Added FreeBSD directory layout. PR 21100.
     [Sander Holthaus <info orangexl.com>, André Malo]

  *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
     response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]

  *) mod_rewrite: Perform child initialization on the rewrite log lock.
     This fixes a log corruption issue when flock-based serialization
     is used (e.g., FreeBSD).  [Jeff Trawick]

  *) Don't respect the Server header field as set by modules and CGIs.
     As with 1.3, for proxy requests any such field is from the origin
     server; otherwise it will have our server info as controlled by
     the ServerTokens directive.  [Jeff Trawick]

Changes with Apache 2.0.47

  *) SECURITY: CVE-2003-0192 (cve.mitre.org)
     Fixed a bug whereby certain sequences of per-directory
     renegotiations and the SSLCipherSuite directive being used to
     upgrade from a weak ciphersuite to a strong one could result in
     the weak ciphersuite being used in place of the strong one.  
     [Ben Laurie]

  *) SECURITY: CVE-2003-0253 (cve.mitre.org)
     Fixed a bug in prefork MPM causing temporary denial of service
     when accept() on a rarely accessed port returns certain errors.
     Reported by Saheed Akhtar <S.Akhtar talis.com>.  [Jeff Trawick]

  *) SECURITY: CVE-2003-0254 (cve.mitre.org)
     Fixed a bug in ftp proxy causing denial of service when target
     host is IPv6 but proxy server can't create IPv6 socket.  Fixed by
     the reporter.  [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]

  *) SECURITY [VU#379828] Prevent the server from crashing when entering
     infinite loops. The new LimitInternalRecursion directive configures
     limits of subsequent internal redirects and nested subrequests, after
     which the request will be aborted.  PR 19753 (and probably others).
     [William Rowe, Jeff Trawick, André Malo]

  *) core_output_filter: don't split the brigade after a FLUSH bucket if
     it's the last bucket.  This prevents creating unneccessary empty
     brigades which may not be destroyed until the end of a keepalive
     connection.
     [Juan Rivera <Juan.Rivera citrix.com>]

  *) Add support for "streamy" PROPFIND responses.
     [Ben Collins-Sussman <sussman collab.net>]

  *) mod_cgid: Eliminate a double-close of a socket.  This resolves
     various operational problems in a threaded MPM, since on the
     second attempt to close the socket, the same descriptor was
     often already in use by another thread for another purpose.
     [Jeff Trawick]

  *) mod_negotiation: Introduce "prefer-language" environment variable,
     which allows to influence the negotiation process on request basis
     to prefer a certain language.  [André Malo]

  *) Make mod_expires' ExpiresByType work properly, including for
     dynamically-generated documents.  [Ken Coar, Bill Stoddard]

Changes with Apache 2.0.46

  *) SECURITY: CVE-2003-0245 (cve.mitre.org)
     Fixed a bug causing apr_pvsprintf() to crash by sending an overly
     long string.  This can be triggered remotely through mod_dav,
     mod_ssl, and other mechanisms.
     Reported by David Endler <DEndler iDefense.com>.  [Joe Orton]

  *) SECURITY: CVE-2003-0189 (cve.mitre.org)
     Fixed a denial-of-service vulnerability affecting basic
     authentication on Unix platforms related to thread-safety in
     apr_password_validate().
     Reported by John Hughes <john.hughes entegrity.com>.

  *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
     when a MKACTIVITY request comes in.
     [Ben Collins-Sussman <sussman collab.net>]

  *) Perform run-time query in apxs for apr and apr-util's includes.
     [Justin Erenkrantz]

  *) run libtool from the apr install directory (in case that is different
     from the apache install directory) [Jeff Trawick]

  *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]

  *) If mod_mime_magic does not know the content-type, do not attempt to
     guess.  PR 16908.  [Andrew Gapon <agapon telcordia.com>]

  *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
     caching. PR 17864.
     [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]

  *) Add a delete flag to htpasswd.
     [Thom May]

  *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
     now work scheme dependent and the query string will only be
     appended if supported by the particular scheme.  [André Malo]

  *) Add another check for already compressed content in mod_deflate.
     PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]

  *) Fixes for VPATH builds; copying special.mk and any future .mk files 
     from the source tree as well as the build tree (now creates a usable
     configuration for apxs), and eliminated redundant -I'nclude paths.
     [William Rowe]

  *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
     for SSLC and OpenSSL toolkit compatibility.  Still work remains to
     be done to cripple features based on the limitations of RSA's binary 
     distribution of their SSL-C toolkit.
     [William Rowe, Madhusudan Mathihalli, Jeff Trawick]

  *) Linux 2.4+: If Apache is started as root and you code 
     CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
     [Greg Ames]

  *) ap_get_mime_headers_core: allocate space for the trailing null
     when folding is in effect.
     PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]

  *) Fix --enable-mods-shared=most and other variants.  [Aaron Bannert]

  *) mod_log_config: Add the ability to log the id of the thread 
     processing the request via new %P formats.  [Jeff Trawick]

  *) Use appropriate language codes for Czech (cs) and Traditional Chinese
     (zh-tw) in default config files. PR 9427.  [André Malo]

  *) mod_auth_ldap: Use generic whitespace character class when parsing
     "require" directives, instead of literal spaces only. PR 17135.
     [André Malo]

  *) Hook mod_rewrite's type checker before mod_mime's one. That way the
     RewriteRule [T=...] Flag should work as expected now. PR 19626.
     [André Malo]

  *) htpasswd: Check the processed file on validity. If a line is not empty
     and not a comment, it must contain at least one colon. Otherwise exit
     with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]

  *) Fix a problem that caused httpd to be linked with incorrect flags
     on some platforms when mod_so was enabled by default, breaking 
     DSOs on AIX.  PR 19012  [Jeff Trawick]

  *) By default, use the same CC and CPP with which APR was built.
     The user can override with CC and CPP environment variables.
     [Jeff Trawick]

  *) Fix ap_construct_url() so that it surrounds IPv6 literal address
     strings with [].  This fixes certain types of redirection.
     PR 19207.  [Jeff Trawick]

  *) forward port of buffer overflow fixes for htdigest. [Thom May]

  *) Added AllowEncodedSlashes directive to permit control of whether
     the server will accept encoded slashes ('%2f') in the URI path.
     Default condition is off (the historical behaviour).  This permits
     environments in which the path-info needs to contain encoded
     slashes.  PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639.  [Ken Coar]

  *) When using Redirect in directory context, append requested query
     string if there's no one supplied by configuration. PR 10961.
     [André Malo]

  *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
     the pattern will not always match as desired. PR 12596.
     [André Malo]

  *) mod_autoindex now emits and accepts modern query string parameter
     delimiters (;). Thus column headers no longer contain unescaped
     ampersands. PR 10880  [André Malo]

  *) Enable ap_sock_disable_nagle for Windows. This along with the 
     addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle 
     to be disabled for Windows. [Allan Edwards]

  *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
     This patch reverts us to pre-2.0.46 behavior, using the 
     ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle 
     was never compiled on Win32. [Allan Edwards, William Rowe]

  *) Fix a build problem with passing unsupported --enable-layout
     args to apr and apr-util.  This broke binbuild.sh as well as
     user-specified layout parameters.  PR 18649 [Justin Erenkrantz,
     Jeff Trawick]

  *) If a Date response header was already set in the headers array,
     this value was ignored in favour of the current time. This meant
     that Date headers on proxied requests where rewritten when they
     should not have been. PR: 14376 [Graham Leggett]

  *) Add code to buildconf that produces an httpd.spec file from
     httpd.spec.in, using build/get-version.sh from APR.
     [Graham Leggett]

  *) Fixed a segfault when multiple ProxyBlock directives were used.
     PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]

  *) SECURITY: CVE-2003-0134 (cve.mitre.org)
     OS2: Fix a Denial of Service vulnerability identified and
     reported by Robert Howard <rihoward rawbw.com> that where device
     names faulted the running OS2 worker process.  The fix is
     actually in APR 0.9.4.  [Brian Havard]

  *) SECURITY: CVE-2003-0083 (cve.mitre.org)
     Forward port: Escape special characters (especially control
     characters) in mod_log_config to make a clear distinction between
     client-supplied strings (with special characters) and server-side
     strings. This was already introduced in version 1.3.25.
     [André Malo]

  *) mod_deflate: Check also err_headers_out for an already set
     Content-Encoding: gzip header. This prevents gzip compressed content
     from a CGI script from being compressed once more. PR 17797.
     [André Malo]

Changes with Apache 2.0.45

  *) Fix possible segfaults under obscure error conditions within the
     cgid daemon.  [Jeff Trawick, William Rowe]

  *) SECURITY: CVE-2003-0132 (cve.mitre.org)
     Close a Denial of Service vulnerability identified by David
     Endler <DEndler iDefense.com> on all platforms.  An unlimited
     stream of newlines were acceptable between requests where each
     <lf> would allocate an 80 byte buffer, leading very quickly to
     memory exahustion.  [Brian Pane]

  *) Added an rpm build script.
     [Graham Leggett, Joe Orton <jorton redhat.com>]

  *) Simpler, faster code path for request header scanning  [Brian Pane]

  *) SECURITY:  Eliminated leaks of several file descriptors to child
     processes, such as CGI scripts.  This fix depends on the APR library 
     release 0.9.2 or later (0.9.3 was distributed with the httpd 
     source tarball for Apache 2.0.45.)  PR 17206
     [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]

  *) Fix path handling of mod_rewrite, especially on non-unix systems.
     There was some confusion between local paths and URL paths.
     PR 12902.  [André Malo]

  *) Prevent endless loops of internal redirects in mod_rewrite by
     aborting after exceeding a limit of internal redirects. The
     limit defaults to 10 and can be changed using the RewriteOptions
     directive. PR 17462.  [André Malo]

  *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
     all worker threads are busy. 
     [Igor Nazarenko <igor_nazarenko hotmail.com>]

  *) Keep the subrequest filter in place when a subrequest is 
     redirected.  PR 15423.  [Jeff Trawick]

  *) you can now specify the compression level for mod_deflate. 
     [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>, 
     Michael Schroepl <Michael.Schroepl telekurs.de>]

  *) mod_deflate: Extend the DeflateFilterNote directive to
     allow accurate logging of the filter's in- and outstream.
     [André Malo]

  *) Allow SSLMutex to select/use the full range of APR locking
     mechanisms available to it. Also, fix the bug that SSLMutex uses
     APR_LOCK_DEFAULT no matter what.  PR 8122  [Jim Jagielski,
     Martin Kutschker <martin.t.kutschker blackbox.net>]

  *) Restore the ability of htdigest.exe to create files that contain
     more than one user. PR 12910.  [André Malo]

  *) Improve binary compatibility of the core between debug (aka
     maintainer-mode) and a non-debug compile.
     [Sander Striker]

  *) mod_usertrack: don't set the cookie in subrequests. This works
     around the problem that cookies were set twice during fast internal
     redirects. PR 13211.  [André Malo]

  *) mod_autoindex no longer forgets output format and enabled version
     sort in linked column headers.  [André Malo]

  *) Use .sv instead of .se as extension for Swedish documents in the
     default configuration. PR 12877.  [André Malo]

  *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
     and standardized the LDAP SSL support across the various LDAP SDKs.  
     Isolated the SSL functionality to mod_ldap rather than speading it 
     across mod_auth_ldap and mod_ldap.  Also added LDAPTrustedCA
     and LDAPTrustedCAType directives to mod_ldap to allow for a more 
     common method of specifying the SSL certificate.
     [Dave Ward, Brad Nicholes]

  *) Fixed mod_ssl's SSLCertificateChain initialization to no longer 
     skip the first cert of the chain by default.  This misbehavior 
     was introduced in 2.0.34.  PR 14560  [Madhusudan Mathihalli]

  *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
     be started on Unix because of such problems as bad permissions,
     bad shebang line, etc.  [Jeff Trawick]

  *) Fix 64-bit problem in mod_ssl input logic.  
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]

  *) Fix potential memory leaks in mod_deflate on malformed data.  PR 16046.
     [Justin Erenkrantz]

  *) Rewrite ap_xml_parse_input to use bucket brigades.  PR 16134.
     [Justin Erenkrantz]

  *) Fix segfault which occurred when a section in an included
     configuration file was not closed. PR 17093.  [André Malo]

  *) Enhance the behavior of mod_isapi's WriteClient() callback to
     provide better emulation for isapi modules that presume that the
     first WriteClient() call may send status and headers.  An example
     of WriteClient() abuse is the foxisapi module, which relies on
     that assumpion and now works.  [William Rowe, Milan Kosina]

  *) Check the return value of ap_run_pre_connection(). So if the
     pre_connection phase fails (without setting c->aborted)
     ap_run_process_connection is not executed. [Stas Bekman]

  *) Fixed a problem with mod_ldap which caused it to fault when caching
     was disabled.  Needed to make sure that the code did not
     attempt to use the cache if it didn't exist. Also fixed some memory
     leaks which were due to not releasing LDAP resources on error
     conditions.  [Brad Nicholes]
     
  *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
     mod_rewrite proxied URLs will not be escaped accidentally by
     mod_proxy's fixup. PR 16368  [André Malo]

  *) While processing filters on internal redirects, remember seen EOS
     buckets also in the request structure of the redirect issuer(s). This
     prevents filters (such as mod_deflate) from adding garbage to the
     response. PR 14451.  [André Malo]

  *) suexec: Be more pedantic when cleaning environment. Clean it
     immediately after startup. PR 2790, 10449.
     [Jeff Stewart <jws purdue.edu>, André Malo]

  *) Fix apxs to insert LoadModule directives only outside of sections.
     PR 8712, 9012.  [André Malo]

  *) Fix suexec compile error under SUNOS4, where strerror() doesn't
     exist. PR 5913, 9977.
     [Jonathan W Miner <Jonathan.W.Miner lmco.com>]

  *) Fix If header parsing when a non-mod_dav lock token is passed to it.
     PR 16452.  [Justin Erenkrantz]

  *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
     not specified. Now it assumes "/" as already documented. PR 16937.
     [André Malo]

  *) Try to log an error if a piped log program fails.  Try to
     restart a piped log program in more failure situations.  Fix an
     existing problem with error handling in piped_log_spawn().  Use
     new APR apr_proc_create() features to prevent Apache from starting
     on Unix* in most cases where a piped log program can be started,
     and add log messages for the other situations.  *Other platforms
     already failed Apache initialization if a piped log program
     couldn't be started.  PR 15761  [Jeff Trawick]

  *) Fix mod_cern_meta to not create empty metafiles when the
     metafile searched for does not exist.  PR 12353
     [Owen Rees <owen_rees hp.com>]

  *) Introduce debugging symbols for Win32 release builds, both .pdb 
     and .dbg files (older debuggers and Dr. Watson-type utilities 
     on WinNT or Win9x don't support the newer .pdb flavor.)
     [Allen Edwards, William Rowe]
 
  *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
     information (and more). Related to PR 9076.  [André Malo]

  *) mod_file_cache: fix segfault serving mmaped cached files.
     [Bill Stoddard]

  *) mod_file_cache: fixed a segfault when multiple MMapFile directives
     were used.  PR 16313.  [Cliff Woolley]

  *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
     an incompatible pointer type to mmap_bucket_destroy(void*).
     [Gerard Eviston <geviston bigpond.net.au>]

  *) Enable the -n name parameter on NetWare to allow the
     administrator to rename the Apache console screen
     [Brad Nicholes]
     
  *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
     support by default in APR.  More development is required
     to deploy OTHER_CHILD on Win32.  [William Rowe]

  *) Use saner default config values for suexec. PR 15713.
     [Thom May <thom planetarytramp.net>]

  *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
     (or SymlinksIfOwnermatch) is set. PR 12395.  [André Malo]

  *) apxs: Include any special APR ld flags when linking the DSO.
     This resolves problems on AIX when building a DSO with apxs+gcc.
     [Jeff Trawick]

  *) Added character set support to mod_auth_LDAP to allow it to 
     convert extended characters used in the user ID to UTF-8 
     before authenticating against the LDAP directory. The new
     directive AuthLDAPCharsetConfig is used to specify the config
     file that contains the character set conversion table.
     [Brad Nicholes]

  *) Don't remove the Content-Length from responses in mod_proxy
     PR: 8677 [Brian Pane]

  *) Ensure LDAP version is set to v3 on every bind. PR 14235.
     [Sergey A. Lipnevich <sergeyli pisem.net>]

  *) Fix mod_ldap to open an existing shared memory file should one
     already exist. PR 12757. [Scooter Morris <scooter gene.com>,
     Graham Leggett]

  *) Fix the ulimit command used by apachectl on Tru64.  PR 13609.
     [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]

  *) Change the ulimit command used by apachectl on AIX so that it
     works in all locales.  [Jeff Trawick]

  *) mod_ext_filter: Fix a problem building argument lists which 
     occasionally caused exec to fail.  PR 15491.  [Jeff Trawick]

Changes with Apache 2.0.44

  *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
     from Apache 1.3.  PR 14276
     [David Shane Holden <dpejesh yahoo.com>, William Rowe]

  *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
     [Brian Pane]
 
  *) Reorder the definitions for mod_ldap and mod_auth_ldap within
     config.m4 to make sure the parent mod_ldap is defined first.
     This ensures that mod_ldap comes before mod_auth_ldap in the
     httpd.conf file, which is necessary for mod_auth_ldap to load.
     PR 14256  [Graham Leggett]

  *) Fix the building of cgi command lines when the query string
     contains '='.  PR 13914  [Ville Skyttä <ville.skytta iki.fi>,
     Jeff Trawick]

  *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
     implementation of MCacheMaxStreamingBuffer from mod_cache to
     mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
     lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should 
     eliminate the need for explicitly coding MCacheMaxStreamingBuffer
     in most configurations. [Bill Stoddard]

  *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
     a redirect occurs. The code was passing a format string and
     integer to apr_pstrcat. Changed to apr_psprintf.
     [Paul J. Reder]

  *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
     as set by apr-util in util_ldap.c. This should allow mod_ldap
     to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
     <somme oslo.westerngeco.slb.com>, Graham Leggett]

  *) Fix critical bug in new --enable-v4-mapped configure option
     implementation which broke IPv4 listening sockets on some
     systems.  [hiroyuki hanai <hanai imgsrc.co.jp>]

  *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
     patterns [André Malo <nd perlig.de>]

  *) Add version string to provider API.  [Justin Erenkrantz]
 
  *) build: './configure && make' now works without an in-tree
     apr and apr-util. [Wilfredo Sanchez]

  *) mod_negotiation: Set the appropriate mime response headers
     (Content-Type, charset, Content-Language and Content-Encoding)
     for negotated type-map "Body:" responses (such as the error
     pages.)  [André Malo <nd perlig.de>]

  *) mod_log_config: Allow '%%' escaping in CustomLog format
     strings to insert a literal, single '%'.
     [André Malo <nd perlig.de>]

  *) mod_autoindex: AddDescription directives for directories
     now work as in Apache 1.3, where no trailing '/' is
     specified on the directory name.  Previously, the trailing
     '/' *had* to be specified, which was incompatible with
     Apache 1.3.  PR 7990  [Jeff Trawick]

  *) Fix for PR 14556. The expiry calculations in mod_cache were
     trying to perform "now + ((date - lastmod) * factor)" where
     date == lastmod resulting in "now + 0". The code now follows
     the else path (using the default expiration) if date is
     equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]

  *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
     default calling convention is not the same as the one used by
     AP_DECLARE.  [Juan Rivera <Juan.Rivera citrix.com>]

  *) mod_cache: Don't cache response header fields designated
     as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
     [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]

  *) mod_cgid: Handle environment variables containing newlines.
     PR 14550  [Piotr Czejkowski <apache czarny.eu.org>, Jeff
     Trawick]

  *) Move mod_ext_filter out of experimental and into filters.
     [Jeff Trawick]

  *) Fixed a memory leak in mod_deflate with dynamic content.
     PR 14321  [Ken Franken <kfranken decisionmark.com>]

  *) Add --[enable|disable]-v4-mapped configure option to control
     whether or not Apache expects to handle IPv4 connections
     on IPv6 listening sockets.  Either setting will work on 
     systems with the IPV6_V6ONLY socket option.  --enable-v4-mapped
     must be used on systems that always allow IPv4 connections on
     IPv6 listening sockets.  PR 14037 (Bugzilla), PR 7492 (Gnats)
     [Jeff Trawick]

  *) This fixes a problem where the underlying cache code
     indicated that there was one more element on the cache
     than there actually was. This happened since element 0
     exists but is not used. This code allocates the correct
     number of useable elements and reports the number of
     actually used elements. The previous code only allowed
     MCacheMaxObjectCount-1 objects to be stored in the
     cache. [Paul J. Reder]

  *) mod_setenvif: Add SERVER_ADDR special keyword to allow
     envariable setting according to the server IP address
     which received the request.  [Ken Coar]

  *) mod_cgid: Terminate CGI scripts when the client connection 
     drops.  PR 8388  [Jeff Trawick]

  *) Rearrange OpenSSL engine initialization to support RAND 
     redirection on crypto accelerator. 
     [Frederic DONNAT <frederic.donnat zencod.com>]

  *) Always emit Vary header if mod_deflate is involved in the
     request.  [André Malo <nd perlig.de>]

  *) mod_isapi: Stop unsetting the 'empty' query string result with
     a NULL argument in ecb->lpszQueryString, eliminating segfaults
     for some ISAPI modules.  PR 14399
     [Detlev Vendt <detlev.vendt brillit.de>]

  *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
     notification is received before the HttpExtensionProc() returns 
     HSE_STATUS_PENDING.  This only affected isapi .dll's configured 
     with the ISAPIFakeAsync on directive.  PR 11918
     [John DeSetto <jdesetto radiantsystems.com>, William Rowe]

  *) mod_isapi: Fix the issue where all results from mod_isapi would
     run through the core die handler resulting in invalid responses
     or access log entries.  PR 10216 [William Rowe]

  *) Improves the user friendliness of the CacheRoot processing
     over my last pass. This version avoids the pool allocations
     but doesn't avoid all of the runtime checks. It no longer
     terminates during post-config processing. An error is logged
     once per worker, indicating that the CacheRoot needs to be set.
     [Paul J. Reder]

  *) Fix a bug where we keep files open until the end of a 
     keepalive connection, which can result in:
     (24)Too many open files: file permissions deny server access
     especially on threaded servers.  [Greg Ames, Jeff Trawick]

  *) Fix a bug in which mod_proxy sent an invalid Content-Length
     when a proxied URL was invoked as a server-side include within
     a page generated in response to a form POST.  [Brian Pane]

  *) Added code to process min and max file size directives and to
     init the expirychk flag in mod_disk_cache. Added a clarifying
     comment to cache_util.   [Paul J. Reder]

  *) The value emitted by ServerSignature now mimics the Server HTTP
     header as controlled by ServerTokens.  [Francis Daly <deva daoine.org>]

  *) Gracefully handly retry situations in the SSL input filter,
     by following the SSL libraries' retry semantics.
     [William Rowe]

  *) Terminate CGI scripts when the client connection drops.  This
     fix only applies to some normal paths in mod_cgi.  mod_cgid
     is still busted.  PR 8388  [Jeff Trawick]

  *) Fix a bug where 416 "Range not satisfiable" was being
     returned for content that should have been redirected.
     [Greg Ames]

  *) Fix memory leak in mod_ssl from internal SSL library allocations
     within SSL_get_peer_certificate and X509_get_pubkey.
     [Zvi Har'El <rl math.technion.ac.il>
      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].

  *) mod_ssl uses free() inappropriately in several places, to free
     memory which has been previously allocated inside OpenSSL.
     Such memory should be freed with OPENSSL_free(), not with free().
     [Nadav Har'El <nyh math.technion.ac.il>,
      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].

  *) Emit a message to the error log when we return 404 because
     the URI contained '%2f'.  (This was previously nastily silent
     and difficult to debug.)  [Ken Coar]

  *) Fix streaming output from an nph- CGI script.  CGI:IRC now
     works.  PR 8482  [Jeff Trawick]

  *) More accurate logging of bytes sent in mod_logio when
     the client terminates the connection before the response
     is completely sent  [Bojan Smojver <bojan rexursive.com>]

  *) Fix some problems in the perchild MPM.  
     [Jonas Eriksson <jonas webkonsulterna.com>]

  *) Change the CacheRoot processing to check for a required
     value at config time. This saves a lot of wasted processing
     if the mod_disk_cache module is loaded but no CacheRoot
     was provided. This fix also adds code to log an error
     and avoid useless pallocs and procesing when the computed
     cache file name cannot be opened. This also updates the
     docs accordingly.  [Paul J. Reder]

  *) Introduce the EnableSendfile directive, allowing users of NFS 
     shares to disable sendfile mechanics when they either fail
     outright or provide intermitantly corrupted data.  PR 
     [William Rowe]

  *) Resolve the error "An operation was attempted on something 
     that is not a socket.  : winnt_accept: AcceptEx failed. 
     Attempting to recover." for users of various firewall and
     anti-virus software on Windows.  PR 8325  [William Rowe]

  *) Add the ProxyBadHeader directive, which gives the admin some
     control on how mod_proxy should handle bogus HTTP headers from
     proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
     desired. [Jim Jagielski]

  *) Change the LDAP modules to export their symbols correctly
     during a Windows build. Add dsp files for Windows. Update
     README.ldap file for Windows build instructions.
     [Andre Schild <A.Schild aarboard.ch>]

  *) Performance improvements for the code that generates HTTP
     response headers  [Brian Pane]

  *) Add -S as a synonym for -t -DDUMP_VHOSTS.
     [Thom May <thom planetarytramp.net>]

  *) Fix a bug with dbm rewrite maps which caused the wrong value to
     be used when the key was not found in the dbm.  PR 13204
     [Jeff Trawick]

  *) Fix a problem with streaming script output and mod_cgid.
     [Jeff Trawick]

  *) Add ap_register_provider/ap_lookup_provider API.
     [John K. Sterling <john sterls.com>, Justin Erenkrantz]

Changes with Apache 2.0.43

  *) SECURITY: CVE-2002-0840 (cve.mitre.org)
     HTML-escape the address produced by ap_server_signature() against
     this cross-site scripting vulnerability exposed by the directive
     'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME
     environment variable for CGI and SSI requests.  It's safe to
     escape as only the '<', '>', and '&' characters are affected,
     which won't appear in a valid hostname.  Reported by Matthew
     Murphy <mattmurphy kc.rr.com>.  [Brian Pane]

  *) Fix a core dump in mod_cache when it attemtped to store uncopyable
     buckets. This happened, for instance, when a file to be cached
     contained SSI tags to execute a CGI script (passed as a pipe
     bucket). [Paul J. Reder]

  *) Ensure that output already available is flushed to the network
     when the content-length filter realizes that no new output will
     be available for a while.  This helps some streaming CGIs as
     well as some other dynamically-generated content.  [Jeff Trawick]

  *) Fix a mutex problem in mod_ssl session cache support which
     could lead to an infinite loop.  PR 12705  
     [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]

  *) SECURITY: CVE-2002-1156 (cve.mitre.org)
     Fix the exposure of CGI source when a POST request is sent to 
     a location where both DAV and CGI are enabled. [Ryan Bloom]

  *) Allow the UserDir directive to accept a list of directories.
     This matches what Apache 1.3 does.  Also add documentation for
     this feature. [Jay Ball <jay veggiespam.com>]

  *) New Module: mod_logio. adds the ability to log bytes sent and
     received. [Bojan Smojver <bojan rexursive.com>]

  *) SuExec needs to use the same default directory as the rest of
     server, namely /usr/local/apache2.  
     [SangBeom han <sbhan os.korea.ac.kr>]

  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
     [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]

  *) Make sure the contents of the WWW-Authenticate header is
     passed on a 4xx error by proxy. Previously all headers
     were dropped, resulting in the browser being unable to
     authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
     Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
     <gwiseman fscinternet.com>, David Henderson
     <dhenderson fscinternet.com>]

  *) Make mod_cache's CacheMaxStreamingBuffer directive work
     properly for virtual hosts that override server-wide mod_cache
     setttings.  [Matthieu Estrade <estrade-m ifrance.com>]

  *) Add -p option to apxs to allow programs to be compiled with apxs.
     [Justin Erenkrantz]

Changes with Apache 2.0.42

  *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
     mod_dav: Check for versioning hooks before using them.
     [Greg Stein]

Changes with Apache 2.0.41

  *) The protocol version (eg: HTTP/1.1) in the request line parsing
     is now case insensitive. [Jim Jagielski]

  *) Allow AddOutputFilterByType to add multiple filters per directive.
     [Justin Erenkrantz]

  *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]

  *) Fixed mod_disk_cache's generation of 304s
     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]

  *) Add support for using fnmatch patterns in the final path
     segment of an Include statement (eg.. include /foo/bar/*.conf).
     and remove the noise on stderr during config dir processing.
     [Joe Orton <jorton redhat.com>]

  *) mod_cache: cache_storage.c. Add the hostname and any request
     args to the key generated for caching. This provides a unique
     key for each virtual host and for each request with unique
     args. [Paul J. Reder, args code provided by Kris Verbeeck]

  *) mod_cache: Do not cache responses to GET requests with query
     URLs if the origin server does not explicitly provide an
     Expires header on the response (RFC 2616 Section 13.9)
     [Kris Verbeeck <krisv be.ubizen.com>]

  *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]

  *) Update OpenSSL detection to work on Darwin.
     [Sander Temme <sctemme covalent.net>]

  *) Update the xslt and css to give the documentation a more
     modern style.
     [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]

  *) Fix some bucket memory leaks in the chunking code
     [Joe Schaefer <joe+apache sunstarsys.com>]

  *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]

  *) mod_cache: added support for caching streamed responses (proxy,
     CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]

  *) Add image/x-icon to httpd.conf PR 10993.
     [Ian Holsman, Peter Bieringer <pb bieringer.de>]

  *) Fix FileETags none operation.  PR 12207.
     [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]

  *) Restored the experimental leader/followers MPM to working
     condition and converted its thread synchronization from
     mutexes to atomic CAS.  [Brian Pane]

  *) Fix Logic on non-html file removal in mod_deflate
     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]

  *) Fix "ab -g"'s truncated year: the last digit was cut off.
     [Leon Brocard <acme astray.com>]

  *) mod_rewrite can now sets cookies in err_headers, uses the correct
     expiry date, and can now set the path as well
     PR 12132,12181,12172.
     [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]

  *) The content-length filter no longer tries to buffer up
     the entire output of a long-running request before sending
     anything to the client.  [Brian Pane]

  *) Win32: Lower the default stack size from 1MB to 256K. This will
     allow around 8000 threads to be started per child process. 
     'EDITBIN /STACK:size apache.exe' can be used to change this 
     value directly in the apache.exe executable.
     [Bill Stoddard]

  *) Win32: Implement ThreadLimit directive in the Windows MPM.
     [Bill Stoddard]

  *) Remove CacheOn config directive since it is set but never checked.
     No sense wasting cycles on unused code. Besides, the only truly
     bug free code is deleted code. :)   [Paul J. Reder]

  *) BufferLogs are now run-time enabled, and the log_config now has 2 new
     callbacks to allow a 3rd party module to actually do the writing of the
     log file [Ian Holsman]

  *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
     [André Malo, Astrid Keßler <kess kess-net.de>]

  *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]

  *) Fix a null pointer dereference in the merge_env_dir_configs
     function of the mod_env module. PR 11791
     [Paul J. Reder]

  *) New option to ServerTokens 'maj[or]'. Only show the major version
     Also Surfaced this directive in the standard config (default FULL)
     [Ian Holsman]

  *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
     maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
     RewriteMap directive.  PR 10644  [Jeff Trawick]

  *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
     pairs will no longer get out of sync with each other.  PR 9534
     [Cliff Woolley]

  *) Fixes required to get quoted and escaped command args working in
     mod_ext_filter. PR 11793 [Paul J. Reder]

  *) mod-proxy: handle proxied responses with no status lines
     [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]

  *) Fix bug where environment or command line arguments containing 
     non-ASCII-7 characters would cause the Win32 child process creation
     to fail.  PR 11854  [William Rowe]

  *) Bug #11213.. make module loading error messages more informative 
     [Ian Darwin <Ian779 darwinsys.com>]

  *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]

  *) mod_disk_cache works much better. This module should still
     be considered experimental. [Eric Prud'hommeaux]

  *) Performance improvement for keepalive requests: when setting
     aside a small file for potential concatenation with the next
     response on the connection, set aside the file descriptor rather
     than copying the file into the heap.  [Brian Pane]

  *) Modified version check on openssl so that it finds the executable
     first and then performs a check of the version, only warning the
     user if they chose, or we selected, an old version of OpenSSL.
     This change also allows the code to work for non-openssl libraries
     selected via the --with-ssl=dir option, which can override the
     automated library check in any case.  [Roy Fielding]

Changes with Apache 2.0.40

  *) SECURITY: CVE-2002-0661 (cve.mitre.org) 
     Close a very significant security hole that 
     applies only to the Win32, OS2 and Netware platforms.  Unix was not 
     affected, Cygwin may be affected.  Certain URIs will bypass security
     and allow users to invoke or access any file depending on the system 
     configuration.  Without upgrading, a single .conf change will close 
     the vulnerability.  Add the following directive in the global server
     httpd.conf context before any other Alias or Redirect directives;
         RedirectMatch 400 "\\\.\."
     Reported by Auriemma Luigi <bugtest sitoverde.com>.
     [Brad Nicholes]

  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
     Close a path-revealing exposure in multiview type
     map negotiation (such as the default error documents) where the
     module would report the full path of the typemapped .var file when
     multiple documents or no documents could be served based on the mime
     negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.
     [William Rowe]

  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
     Close a path-revealing exposure in cgi/cgid when we 
     fail to invoke a script.  The modules would report "couldn't create 
     child process /path-to-script/script.pl" revealing the full path
     of the script.  Reported by Jim Race <jrace qualys.com>.
     [Bill Stoddard]

  *) Set aside the apr-iconv and apr_xlate() features for the Win32
     build of 2.0.40 so development can be completed.  A patch, from
     <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
     will be available for those that wish to work with apr-iconv.
     [William Rowe]

  *) Fix proxy so that it is possible to access ftp: URLs via a proxy
     chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]

  *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
     set to 1, so we can exclude things from the general case with
     browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
  
  *) Accept multiple leading /'s for requests within the DocumentRoot.
     PR 10946  [William Rowe, David Shane Holden <dpejesh yahoo.com>]

  *) Solved the reports of .pdf byterange failures on Win32 alone.
     APR's sendfile for the win32 platform collapses header and trailer
     buffers into a single buffer.  However, we destroyed the pointers
     to the header buffer if a trailer buffer was present.  PR 10781
     [William Rowe]

  *) mod_ext_filter: Add the ability to enable or disable a filter via
     an environment variable.  Add the ability to register a filter of
     type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]

  *) Restore the ability to specify host names on Listen directives.
     PR 11030.  [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]

  *) When deciding on the default address family for listening sockets, 
     make sure we can actually bind to an AF_INET6 socket before
     deciding that we should default to AF_INET6.  This fixes a startup
     problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]

  *) Replace usage of atol() to parse strings when we might want a
     larger-than-long value with apr_atoll(), which returns long long.
     This allows HTTPD to deal with larger files correctly.
     [Shantonu Sen <ssen apple.com>]

  *) mod_ext_filter: Ignore any content-type parameters when checking if
     the response should be filtered.  Previously, "intype=text/html"
     wouldn't match something like "text/html;charset=8859_1".
     [Jeff Trawick]

  *) mod_ext_filter: Set up environment variables for external programs.
     [Craig Sebenik <craig netapp.com>]

  *) Modified the HTTP_IN filter to immediately append the EOS (end of
     stream) bucket for C-L POST bodies, saving a roundtrip and allowing
     the caller to determine that no content remains without prefetching
     additional POST body.  [William Rowe]

  *) Get proxy ftp to work over IPv6.  [Shoichi Sakane <sakane kame.net>]

  *) Look for OpenSSL libraries in /usr/lib64.  [Peter Poeml <poeml suse.de>]

  *) Update SuSE layout.  [Peter Poeml <poeml suse.de>]

  *) Changes to the internationalized error documents:
     Comment them out in the default config file to make the default
     install as simple as possible; Correct the english 500 error to
     be more understandable; Add a Swedish translation.
     [Thomas Sjogren <thomas northernsecurity.net>, 
      Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
     
  *) Increase the limit on file descriptors per process in apachectl.
     [Brian Pane]

  *) Fix a dependency error when building ApacheMonitor, so that Win32
     and MSVC now trust that the project is current (when it is).
     [James Cox <imajes php.net>]

  *) mod_ext_filter: don't segfault if content-type is not set.  PR 10617.
     [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]

  *) APR-Util Renames pending have been completed [Thom May]

  *) Performance improvements for the code that reads request
     headers (ap_rgetline_core() and related functions)  [Brian Pane]

  *) Add a new directive: MaxMemFree.  MaxMemFree makes it possible
     to configure the maximum amount of memory the allocators will
     hold on to for reuse.  Anything over the MaxMemFree threshold
     will be free()d.  This directive is useful when uncommon large
     peaks occur in memory usage.  It should _not_ be used to mask
     defective modules' memory use.  [Sander Striker]

  *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
     scripts would not result in a truncated response.
     [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]

  *) Add a filter_init parameter to the filter registration functions
     so that a filter can execute arbitrary code before the handlers
     are invoked.  This resolves a problem where mod_include requests
     would incorrectly return a 304.  [Justin Erenkrantz]

  *) Fix a long-standing bug in 2.0, CGI scripts were being called
     with relative paths instead of absolute paths.  Apache 1.3 used
     absolute paths for everything except for SuExec, this brings back
     that standard.  [Ryan Bloom]

  *) Fix infinite loop due to two HTTP_IN filters being present for
     internally redirected requests.  PR 10146.  [Justin Erenkrantz]

  *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
     [Justin Erenkrantz]

  *) Fix mod_ext_filter to look in the main server for filter definitions
     when running in a vhost if the filter definition is not found in
     the vhost.  PR 10147  [Jeff Trawick]

  *) Support WinNT CGI invocation through ScriptInterpreterSource 
     'registry' for script interpreter paths and names with non-ascii
     characters in the executable filepath.  [William Rowe]

  *) Support the -w flag on to keep the Win32 console open on error.
     [William Rowe]

  *) Normalize the hostname value in the request_rec to all-lowercase
     [Perry Harrington <pedward webcom.com>]

  *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
     extended characters (non US-ASCII) in non-utf8 format.  This brings
     Win32 back into CGI/1.1 compliance, and leaves charset decoding up
     to the cgi application itself.  [William Rowe]

  *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
     modules to bring them up to the current apr/apr-util APIs.
     [William Rowe]

  *) Fix segfault in mod_mem_cache most frequently observed when
     serving the same file to multiple clients on an MP machine.
     [Bill Stoddard]

  *) mod_rewrite can now set cookies  (RewriteRule (.*) - [CO=name:$1:.domain])
     [Brian Degenhardt <bmd mp3.com>, Ian Holsman]

  *) Fix perchild to work with apachectl by adding -k support to perchild.
     PR 10074  [Jeff Trawick]

  *) Fix a silly htpasswd.c logic error that incorrectly reported that
     both -c and -n had been used.  PR 9989  [Cliff Woolley]

  *) Fixed a mod_include error case in which no HTTP response was sent
     to the client if an shtml document contained an unterminated SSI
     directive [Brian Pane]

  *) Improve ap_get_client_block implementation by using APR-util brigade
     helper functions and relying on current filter assumptions.
     [Justin Erenkrantz]

Changes with Apache 2.0.39

  *) Fixed a build problem in htpasswd.c on Win32.
     [Guenter Knauf <eflash gmx.net>, Cliff Woolley]

Changes with Apache 2.0.38

  *) Rewrite htpasswd to use APR.  The removes the annoying warning about
     tmpnam being unsafe.   [Ryan Bloom]

  *) We must set the MIME-type for .shtml files to text/html if we want them
     to be parsed for SSI tags.  Add the config for that to the default 
     config file so that it is easier to enable .shtml parsing.
     [Dave Dyer <ddyer real-me.net>]

  *) Fixed a problem with 'make install' on ReliantUnix.
     [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]

  *) Make the default_handler catch all requests that aren't served by
     another handler.  This also gets us to return a 404 if a directory
     is requested, there is no DirectoryIndex, and mod_autoindex isn't
     loaded.  [Justin Erenkrantz]

  *) Fixed the handling of nested if-statements in shtml files.
     PR 9866  [Brian Pane]

  *) Allow 'make install DESTDIR=/path'.  This allows packagers to install
     into a directory different from the one that was configured.  This 
     also mirrors the root= feature from 1.3.  We cannot use prefix=,
     because both APR and APR-util resolve their installation paths at 
     configuration time.  This means that there is no variable prefix 
     to replace.  [Andreas Hasenack <andreas netbank.com.br>]

  *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
     These levels of AIX don't have a thundering herd problem with
     accept().  [Jeff Trawick]

  *) prefork MPM: Ignore mutex errors during graceful restart.  For
     certain types of mutexes (particularly SysV semaphores), we
     should expect to occasionally fail to obtain or release the
     mutex during restart processing.  [Jeff Trawick]

  *) Fix install-bindist.sh so that it finds any perl instead of just
     early perl 5.x versions.  This is consistent with a build/install
     from source, and it allows the perl scripts installed by a bindist 
     to work on systems with perl 5.6.  [Jeff Trawick]

  *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
     Tru64 (and probably some other platforms).  [Jeff Trawick]

  *) Allow CGI scripts to return their Content-Length.  This also fixes a
     hang on HEAD requests seen on certain platforms (such as FreeBSD).
     [Justin Erenkrantz]

  *) Added log rotation based on file size to the RotateLog support
     utility. [Brad Nicholes]

  *) Fix some casting in mod_rewrite which broke random maps.
     PR 9770  [Allan Edwards, Greg Ames, Jeff Trawick]

Changes with Apache 2.0.37

  *) allow POST method over SSL when per-directory client cert
     authentication is used with 'SSLOptions +OptRenegotiate' enabled
     and a client cert was found in the ssl session cache.

  *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
     session cache when there is no cert chain in the cache.  prior to
     the fix this situation would result in a FORBIDDEN response and
     error message "Cannot find peer certificate chain"
     [Doug MacEachern]

  *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
     one was already sent.  PR 9644  [Jeff Trawick]

  *) Fix the display of the default name for the mime types config
     file.  PR 9729  [Matthew Brecknell <mbrecknell orchestream.com>]

  *) Fix the working directory *for WinNT/2K/XP services only* to
     change to the Apache directory (one level above the location 
     of Apache.exe, in the case that Apache.exe resides in bin/.)
     Solves the case of ServerRoot /foo paths where /foo was not
     on the same drive as /winnt/system32.  [William Rowe]

  *) Make 2.0's "AcceptMutex" startup message now "completely"
     match how 1.3 does it. [Jim Jagielski]

  *) Implement a fixed size memory cache using a priority queue
     [Ian Holsman]

  *) Fix apxs to allow "apxs -q installbuilddir" and to allow
     querying certain other variables from config_vars.mk.  PR 9316  
     [Jeff Trawick]

  *) Added the "detached" attribute to the cgi_exec_info_t internals
     so that Win32 and Netware won't create a new window or console
     for each CGI invoked.  PR 8387
     [Brad Nicholes, William Rowe]

  *) Consolidated the command line parameters and attributes that are 
     manipulated by the optional function ap_cgi_build_command() in
     mod_cgi into a single structure.
     [Brad Nicholes]

  *) Get rid of uninitialized value errors with "apxs -q" on certain
     variables.  [Stas Bekman <stas stason.org>]

  *) Fix apxs to allow it to work when the build directory is somewhere
     besides server-root/build.  PR 8453  
     [Jeff Trawick and a host of others]

  *) Allow ap_discard_request_body to be called multiple times in the
     same request.  Essentially, ap_http_filter keeps track of whether
     it has sent an EOS bucket up the stack, if so, it will only ever
     send an EOS bucket for this request.  
     [Ryan Bloom, Justin Erenkrantz, Greg Stein]

  *) Remove all special mod_ssl URIs.  This also fixes the bug where
     redirecting (.*) will allow an SSL protected page to be viewed
     without SSL.  [Ryan Bloom]

  *) Fix the binary build install script so that the build logic
     created by "apxs -g" will work when the user has a binary
     build.  [Jeff Trawick]

  *) Allow instdso.sh to work with full paths to the shared module.
     [Justin Erenkrantz]

  *) NetWare: Enabled CGI functionality and added mod_cgi as a built
     in module for NetWare  [Brad Nicholes]

  *) Changed cgi and piped log behavior to accept 65536 characters
     on Win32 (matching Linux) before deadlocking between outputing
     client stdin, slurping the output from stdout and then the stderr
     stream.  PR 8179  [William Rowe]

  *) Fixed Win32 wintty.exe support to assure the window title is valid.
     Elimiates possible gpfault or garbage title without the -t option.
     [William Rowe]

  *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
     brigades and input filters.  [Justin Erenkrantz]

  *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
     body.  [Justin Erenkrantz]
    
  *) NetWare: Piping log entries through RotateLogs using the 
     CustomLogs directive is finally supported now that we have 
     the pipes and spawning functionality working.
     [Brad Nicholes]

  *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
     Detect overflow when reading the hex bytes forming a chunk line.
     [Aaron Bannert]

  *) Allow RewriteMap prg:'s to take command-line arguments.  PR 8464.
     [James Tait <JTait wyrddreams.demon.co.uk>]

  *) Correctly return 413 when an invalid chunk size is given on
     input.  Also modify ap_discard_request_body to not do anything
     on sub-requests or when the connection will be dropped.
     [Justin Erenkrantz]

  *) Fix the TIME_* SSL var lookups to be threadsafe.  PR 9469.
     [Cliff Woolley]

  *) Ensure that apr_brigade_write() flushes in all of the cases that
     it should to avoid conditions in some modules that could cause
     large amounts of data to be buffered.  [Cliff Woolley]

  *) Fix problem where mod_cache/mod_disk_cache was incorrectly
     stripping the content_type from cached responses.
     [Bill Stoddard]

  *) apachectl passes through any httpd options.  Note: apachectl
     should be used in preference to httpd since it ensures that any
     appropriate environment variables have been set up.
     [Jeff Trawick]

  *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
     PR 7810  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]

  *) Fix suexec execution of CGI scripts from mod_include.
     PR 7791, 8291  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]

  *) Fix segfaults at startup on some platforms when mod_auth_digest,
     mod_suexec, or mod_ssl were used as DSO's due to the way they
     were tracking the current init phase since DSO's get completely
     unloaded and reloaded between phases.  PR 9413.
     [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]

  *) Fix mod_include's handling of regular expressions in
     "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]

  *) Fix the worker MPM deadlock problem  [Brian Pane]

  *) Modify the module documentation to allow for translations.
     [Yoshiki Hayashi, Joshua Slive]

  *) Fix a file permissions problem which prevented mod_disk_cache
     from working on Unix.  [Jeff Trawick]

  *) Add "-k start|restart|graceful|stop" support to httpd for the Unix 
     MPMs.  These have semantics very similar to the old apachectl 
     commands of the same name.  [Justin Erenkrantz, Jeff Trawick]

  *) Make sure that the runtime dir is created by make install.
     PR 9233.  [Jeff Trawick]

  *) Fix an unusual set of ./configure arguments that could cause
     mod_http to be built as a DSO, which it currently doesn't
     support.  PR 9244.
     [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]

  *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
     of the %X, %b and %B logformat options. PR 8253, 8996.
     [Bill Stoddard]

  *) If content-encoding is already present, do not run deflate (PR 9222)
     [Kazuhisa ASADA <kaz asada.sytes.net>]

  *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
     It is currently ignored and it will be removed in a future release
     of Apache.  [Jeff Trawick]

  *) Removed documentation references to the no-longer-supported
     "make certificate" feature of mod_ssl for Apache 1.3.x.  Test
     certificates, if truly desired, can be generated using openssl
     commands.  PR 8724.  [Cliff Woolley]

  *) Remove SSLLog and SSLLogLevel directives in favor of having
     mod_ssl use the standard ErrorLog directives.  [Justin Erenkrantz]

  *) OS/390: LIBPATH no longer has to be manually uncommented in
     envvars to get apachectl to set up httpd properly.  [Jeff Trawick]

  *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
     may now be specified to the <File/Directory > container, rather
     than by vhost.  [William Rowe]

  *) mod_isapi: Experimental support for faux async support for ISAPI
     modules.  [William Rowe]

  *) mod_isapi: Major refactoring of the code to rely on apr internals
     rather than MS APIs (using our own mod_isapi.h headers for ISAPI
     symbol definitions.)  [William Rowe]

  *) mod_isapi: Fixed the return string length from GetServerVariable
     callback, it was not including the trailing null in the consumed
     buffer size.  This was particularly bad for Delphi 6.0 users.
     PR 8934  [Sebastian Hantsch <sebastian.hantsch gmx.de>]

  *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
     [William Rowe]

  *) Make apxs look in the correct directory for envvars.  It was
     broken when sbindir != bindir.  PR 8869
     [Andreas Sundström <sunkan zappa.cx>]
  
  *) Fix mod_deflate corruption when using multiple buckets.  PR 9014.
     [Asada Kazuhisa <kaz asada.sytes.net>]

  *) Performance enhancements for access logger when using
     default timestamp formatting  [Brian Pane]

  *) Added EnableMMAP config directive to enable the server
     administrator to disable memory-mapping of delivered files
     on a per-directory basis.  [Brian Pane]

  *) Performance enhancements for mod_setenvif  [Brian Pane]

  *) Fix a mod_ssl build problem on OS/390.  [Jeff Trawick]

  *) Fixed If-Modified-Since on Win32, which would give false positives
     because of the sub-second resolution of file timestamps on that
     platform.  [Cliff Woolley]

  *) Reverse the hook ordering for mod_userdir and mod_alias so
     that Alias/ScriptAlias will override Userdir.  PR 8841
     [Joshua Slive]

  *) Move mod_deflate out of experimental and into filters.
     [Justin Erenkrantz]

  *) Get proxy CONNECT basically working.  [Jeff Trawick]

  *) Fix mod_rewrite hang when APR uses SysV Semaphores and
     RewriteLogLevel is set to anything other than 0.  PR: 8143
     [Aaron Bannert, Cliff Woolley]

  *) Fix byterange requests from returning 416 when using dynamic data
     (such as filters like mod_include).  [Justin Erenkrantz]

  *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
     to be extended by third-party modules via an optional function.
     [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]

  *) Fix mod_include expression parser's handling of unquoted strings
     followed immediately by a closing paren.  PR 8462.  [Brian Pane]

  *) Remove autom4te.cache in 'make distclean'.
     [Thom May <thom planetarytramp.net>]

  *) Fix generated httpd.conf to respect layout for LoadModule lines.
     PR 8170.  [Thom May <thom planetarytramp.net>]

  *) Win32: During a graceful restart, threads in the new process
     were accessing scoreboard slots still in use by active threads in 
     the old process. [Bill Stoddard]

Changes with Apache 2.0.36

  *) Fix some minor formatting issues with ab. Part of this is
     in reference to PR 8544, the rest I noticed while testing
     the PR fix. [Paul J. Reder]

  *) Fix a case where an invalid pass phrase is entered and an
     error message is given, but the prompt is not shown again.
     This left the user in an ambiguous state. PR 8320 [Paul J. Reder]

  *) Close sockets on worker MPM when doing a graceless restart.
     [Aaron Bannert]

  *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
     as the session id context rather that a MD5 hash of that vhost ID,
     because it caused very long vhost id's to be unusable with mod_ssl.
     PR 8572.  [Cliff Woolley]

  *) Fix the link to the description of the CoredumpDirectory 
     directive in the server-wide document.  PR 8643.  [Jeff Trawick]

  *) Fixed SHMCB session caching.  [Aaron Bannert, Cliff Woolley]

  *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
     - Avoid SIGBUS on sparc machines with SHMCB session caches
     - Allow whitespace between the pipe and the name of the
     program in SSLLog "| /path/to/program".  [Cliff Woolley]

  *) Introduce mod_ext_filter and mod_deflate experimental modules
     to the Win32 build (zlib sources must be in srclib\zlib.)
     [William Rowe]

  *) Changes to the worker MPM's queue management and thread
     synchronization code to reduce mutex contention  [Brian Pane]

  *) Don't install *.in configuration files since we already install
     *-std.conf files.  [Aaron Bannert]

  *) Many improvements to the threadpool MPM.  [Aaron Bannert]

  *) Fix subreqs that are promoted via fast_redirect from having invalid
     frec->r structures.  This would cause subtle errors later on in
     request processing such as seen in PR 7966.  [Justin Erenkrantz]

  *) More efficient pool recycling logic for the worker MPM [Brian Pane]

  *) Modify the worker MPM to not accept() new connections until
     there is an available worker thread. This prevents queued
     connections from starving for processing time while long-running
     connections were hogging all the available threads.  [Aaron Bannert]

  *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
     [Aaron Bannert]

  *) Get basic HTTP proxy working on EBCDIC machines.  [Jeff Trawick]

  *) Allow mod_unique_id to work on systems with no IPv4 address
     corresponding to their host name.  [Jeff Trawick]

  *) Fix suexec behavior with user directories.  PR 7810.
     [Colm <colmmacc redbrick.dcu.ie>]

  *) Reject a blank UserDir directive since it is ambiguous.  PR 8472.
     [Justin Erenkrantz]

  *) Make mod_mime use case-insensitive matching when examining
     extensions on all platforms.  PR 8223.  [Justin Erenkrantz]

  *) Add an intelligent error message should no proxy submodules be
     valid to handle a request. PR 8407 [Graham Leggett]

  *) Major improvements in concurrent processing for AB by enabling
     non-blocking connect()s and preventing APR from doing blocking
     read()s. Also implement fatal error checking for apr_recv().
     [Aaron Bannert]

  *) Fix Win32 NTFS Junctions (symlinks).  PR 8014  [William Rowe]

  *) Fix Win32 'short name' aliases in httpd.conf directives.
     PR 8009  [William Rowe]

  *) Fix generation of default httpd.conf when the layout paths are
     disjoint.  PR 7979, 8227.  [Justin Erenkrantz]

  *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
     that downgraded responses can have force-response.  PR 8357.
     [Justin Erenkrantz]

  *) Fix perchild MPM so that it can be configured with the move to the
     experimental directory.  [Scott Lamb <slamb slamb.org>]

  *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
     ap_uname2id. [Scott Lamb <slamb slamb.org>]

  *) Fix AcceptPathInfo. PR 8234  [Cliff Woolley]

  *) SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803]
     Added the APLOG_TOCLIENT flag to ap_log_rerror() to
     explicitly tell the server that warning messages should be sent 
     to the client in addition to being recorded in the error log. 
     Prior to this change, ap_log_rerror() always sent warning 
     messages to the client. In one case, a faulty CGI script caused
     the server to send a warning message to the client that contained
     the full path to the CGI script. This could be considered a
     minor security exposure. [Bill Stoddard]

  *) mod_autoindex output when SuppressRules was specified would
     omit the first carriage return so the first item in the list
     would appear to the right of the column headings instead of
     underneath them. PR 8016  [David Shane Holden <dpejesh yahoo.com>]

  *) Moved the call to apr_mmap_dup outside the error branch so
     that it would actually get called. This fixes a core dump
     at init everytime you use the MMapFile directive. PR 8314
     [Paul J. Reder]

  *) Trigger an error when a LoadModule directive attempts to
     load a module which is built-in.  This is a common error when
     switching from a DSO build to a static build.  [Jeff Trawick]

  *) Change instdso.sh to use libtool --install everywhere and then
     clean up some stray files and symlinks that libtool leaves around
     on some platforms.  This gets subversion building properly since
     it needed a re-link to be performed by libtool at install time,
     and the old instdso.sh logic to simply cp the DSO didn't handle
     that requirement.  [Sander Striker]

  *) Allow VPATH builds to succeed when configured from an empty
     directory.  [Thom May <thom planetarytramp.net>]

  *) Fix 'control reaches end of non-void function' warning in
     server/log.c.  [Ben Collins-Sussman <sussman collab.net>]

  *) Perchild MPM is now correctly deemed as experimental and is now
     located in server/mpm/experimental.  [Justin Erenkrantz]

  *) Fix segfault in mod_mem_cache when garabge collecting an expired
     cache entry.  [Bill Stoddard]

  *) Introduced -E startup_logfile_name option to httpd to allow admins
     to begin logging errors immediately.  This provides Win32 users 
     an alternative to sending startup errors to the event viewer, and
     allows other daemon tool authors an alternative to logging to stderr.
     [William Rowe] 
     
  *) Fix subreqs with non-defined Content-Types being served improperly.
     [Justin Erenkrantz]

  *) Merge in latest GNU config.guess and config.sub files.  PR 7818.
     [Justin Erenkrantz]

  *) Move 100 - Continue support to the HTTP_IN filter so that filters
     are guaranteed to support 100 - Continue logic without any
     intervention.  [Justin Erenkrantz]

  *) Add HTTP chunked input trailer support.  [Justin Erenkrantz]

  *) Rename and export get_mime_headers as ap_get_mime_headers.
     [Justin Erenkrantz]

  *) Allow empty Host: header arguments.  PR 7441.  [Justin Erenkrantz]

  *) Properly substitute sbindir as httpd's location in apachectl.  PR 7840.
     [Andreas Hasenack <andreas netbank.com.br>]

  *) Allow Win32 shebang scripts to follow the path (or omit the .exe
     suffix from the shebang command), and allow ScriptInterpreterSource
     Registry or RegistryStrict to override shebang lines, as 1.3 did.
     PR 8004  [William Rowe]

  *) worker MPM: Fix a situation where a child exited without releasing
     the accept mutex.  Depending on the OS and mutex mechanism this 
     could result in a hang.  [Jeff Trawick]

  *) Update the instructions for how to get started with mod_example.
     [Stas Bekman]
  
  *) Fix PidFile to default to rel_runtimedir instead of
     rel_logfiledir.  PR 7841.  [Andreas Hasenack <andreas netbank.com.br>]

  *) Win32: Fix problem that caused rapid performance degradation
     when number of connecting clients exceeded ThreadsPerChild.
     [Bill Stoddard]

  *) Fixed a segfault parsing large SSIs on non-mmap systems.
     [Brian Havard]

  *) Proxy was bombing out every second keepalive request, caused by a
     stray CRLF before the second response's status line. Proxy now
     tries to read one more line if it encounters a CRLF where it
     expected a status. PR 10010 [Graham Leggett]

  *) Deprecated the apr_lock.h API. Please see the following files
     for the improved thread and process locking and signaling: 
     apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
     apr_thread_cond.h, and apr_global_mutex.h.  [Aaron Bannert]

  *) Change mod_status to use scoreboard accessor functions so it can
     be used in any MPM without having to be recompiled.
     [Ryan Morgan <rmorgan covalent.net>]

  *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
     handle declarations are recognized.  This fixes problems loading 
     mod_autoindex on some platforms.  [Brian Havard]

  *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]

  *) Remind the admin about the User and Group directives when we are
     unable to set permissions on a semaphore.  PR 7812  [Jeff Trawick]

  *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
     [Doug MacEachern]

  *) fix possible infinite loop in mod_ssl triggered by certain
     netscape clients [Doug MacEachern]

  *) fix ProxyPass when frontend is https and backend is http
     [Doug MacEachern]

  *) Add DASL support to mod_dav
     [Sung Kim <hunkim cse.ucsc.edu>]

Changes with Apache 2.0.35

  *) mod_rewrite: updated to use the new APR global mutex type.
     [Aaron Bannert]

  *) Fixes for mod_include errors on boundary conditions in which
     "<!--#" occurs at the very end of a bucket
     [Paul Reder, Brian Pane]

  *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to 
     cause the Apache parent process to run in the foreground (similar to
     -DNO_DETACH except that it doesn't switch session ids).  
     [Jeff Trawick]

  *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
     for those platforms that support it. If using the default
     implementation, this is between pthread and sysvsem in priority.
     This implies it's the new default for Darwin. [Jim Jagielski]

  *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
     environment variables in the envvars file.  [Jeff Trawick]

  *) worker MPM: Don't create a listener thread until we have a worker
     thread.  Otherwise, in situations where we'll have to wait a while
     to take over scoreboard slots from a previous generation, we'll be
     accepting connections we can't process yet.  [Jeff Trawick]

  *) Allow worker MPM to build on systems without pthread_kill().
     [Pier Fumagalli, Jeff Trawick]

  *) Prevent ap_add_output_filters_by_type from being called in
     ap_set_content_type if the content-type hasn't changed.
     [Justin Erenkrantz]

  *) Performance: implemented the bucket allocator made possible by the
     API change in 2.0.34.  [Cliff Woolley]

  *) Don't allow initialization to succeed if we can't get a socket
     corresponding to one of the Listen statements.  [Jeff Trawick]

Changes with Apache 2.0.34

  *) Allow all Perchild directives to accept either numerical UID/GID
     or logical user/group names.  [Scott Lamb <slamb slamb.org>]

  *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]

  *) implement ssl proxy to support ProxyPass / https:// and the
     SSLProxy* directives [Doug MacEachern]

  *) Update mod_cgid to not do single-byte socket reads for CGI headers
     [Brian Pane]

  *) Made AB's use of the Host: header rfc2616 compliant
     by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].

  *) The old, legacy (and unused) code in which the scoreboard was totally
     and completely contained in a file (SCOREBOARD_FILE) has been
     removed. This does not affect scoreboards which are *mapped* to
     files using named-shared-memory. [Jim Jagielski]

  *) Change bucket brigades API to allow a "bucket allocator" to be
     passed in at certain points.  This allows us to implement freelists
     so that we can stop using malloc/free so frequently.
     [Cliff Woolley, Brian Pane]

  *) Add support for macro expansion within the variable names in
     <!--#echo--> and <!--#set--> directives [Brian Pane]

  *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]

  *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
     [Joe Orton] 

  *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
     [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]

  *) Add a new parameter to the quick_handler hook to instruct
     quick handlers to optionally do a lookup rather than actually 
     serve content. This is the first of several changes required fix
     several problems with how quick handlers work with subrequests.
     [Bill Stoddard]

  *) worker MPM: Get MaxRequestsPerChild to work again.  [Jeff Trawick]

  *) [APR-related] The ordering of the default accept mutex method has
     been changed to better match what's done in Apache 1.3. The ordering 
     is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
     [Jim Jagielski]

  *) Ensure that the build/ directory is created when using VPATH.
     [Justin Erenkrantz]

  *) Add some popular types to the mime magic file.  PR 7730.
     [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]

  *) Remove the single-byte socket reads for CGI headers [Brian Pane]

  *) When a proxied site was being served, Apache was replacing
     the original site Server header with it's own, which is not
     allowed by RFC2616. Fixed. [Graham Leggett]

  *) Fix a mod_cgid problem that left daemon processes stranded
     in some server restart scenarios.  [Jeff Trawick]

  *) Added exp_foo and rel_foo variables to config_vars.mk for
     all Apache and Autoconf path variables (like --sysconfdir,
     --sbindir, etc). exp_foo is the "expanded" version, which means
     that all internal variable references have been interpolated.
     rel_foo is the same as $exp_foo, only relative to $prefix if they
     share a common path.  [Aaron Bannert]

  *) Fix some restart/terminate problems in the worker MPM.  Don't
     drop connections during graceful restart.  [Jeff Trawick]

  *) Change the header merging behaviour in proxy, as some headers
     (like Set-Cookie) cannot be unmerged due to stray commas in
     dates. [Graham Leggett]

  *) Be more vocal about what AcceptMutex values we allow, to make
     us closer to how 1.3 does it. [Jim Jagielski]

  *) Get nph- CGI scripts working again.  PRs 8902, 8907, 9983
     [Jeff Trawick]

  *) Upgraded PCRE library to latest version 3.9 [Brian Pane]

  *) Add accessor function to set r->content_type. From now on,
     ap_rset_content_type() should be used to set r->content_type.
     This change is required to properly implement the 
     AddOutputFilterByType configuration directive.
     [Bill Stoddard, Sander Striker, Ryan Bloom]

  *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
     RFC 3253. Improved the method name/number mapping functions.
     [Greg Stein]

  *) remove sock_enable_linger from connection.c [Ian Holsman]

  *) Fix for virtual host processing where the requested hostname
     has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]

  *) mod_dav's APIs for REPORT response handling was changed so that
     providers can generate the content directly into the output filter
     stack, rather than buffering the response into memory. [Greg Stein]

  *) Fix a hang condition with graceful restart and prefork MPM
     in the situation where MaxClients is very high but
     much fewer servers are actually started at the time of the
     restart.  [Jeff Trawick]

  *) Small performance fixes for mod_include [Brian Pane]

  *) Performance improvement for the error logger [Brian Pane]

  *) Change configure so that Solaris 8 and above have 
     SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
     according to sun people solaris 8+ doesn't have a thundering
     herd problem [Ian Holsman]

  *) Allow URIs specifying CGI scripts to include '/' at the end
     (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
     which ignore '/' at the end of the names of non-directories).
     PR 10138  [Jeff Trawick]

  *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
     apr_shm.  [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]

  *) Fix apxs -g handling.  Move config_vars.mk from the top build
     directory to the build directory.  PR 10163  [Jeff Trawick]

  *) Fix some mod_include problems which broke evaluation of some
     expressions.  PR 10108  [Jeff Trawick]

  *) Fix the calculation of request time in mod_status.  [Stas Bekman]

  *) Fix the calculation of thread_num in the worker score structure.
     [Stas Bekman]

  *) Use apr_atomic operations in managing the mod_mem_cache
     cache_objects for SMP scalability. (see USE_ATOMICS
     preprocessor directive in mod_file_cache)
     [Bill Stoddard]

  *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
     preprocessor directive in mod_file_cache)
     [Bill Stoddard]

  *) Implement prototype mod_disk_cache for use with mod_cache.
     [Bill Stoddard]

  *) Add a missing manualdir entry in the Debian config.layout.
     [Thom May <thom planetarytramp.net>]

  *) Stop installing libtool for APR and tell APR where it should place
     its copy of libtool (via our installbuildpath layout variable).
     [Justin Erenkrantz]

  *) New directive ProxyIOBufferSize. Sets the size of the buffer used
     when reading from a remote HTTP server in proxy. [Graham Leggett]

  *) Modify receive/send loop in proxy_http and proxy_ftp so that
     should it be necessary, the remote server socket is closed before
     transmitting the last buffer (set by ProxyIOBufferSize) to the
     client. This prevents the backend server from being forced to hang
     around while the last few bytes are transmitted to a slow client.
     Fix the case where no error checking was performed on the final
     brigade in the loop. [Graham Leggett]

  *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
     CacheMaxExpire and CacheDefaultExpire to use seconds rather than
     hours. [Graham Leggett, Bill Stoddard]

  *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
     for a undefined variable. [Ian Holsman]

  *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
     when we can't get a socket in the specified address family.  We may
     have gotten back an IPv6 address first and yet our system is not
     configured to allow IPv6 sockets.  [Jeff Trawick]

  *) Be more careful about recursively removing CVS directories. Make
     sure that we aren't cd'ing to their home directory first. PR: 9993
     [Aaron Bannert, James LewisMoss <dres lewismoss.net>]

  *) Add a missing errordir entry in the Debian config.layout. PR: 10067
     [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
      Thom May <thom planetarytramp.net>]

  *) Rename the filter ordering priorities.  The recent filtering fixes
     have showcased problems with their usage.  Therefore, we need to
     rename them to increase the clarity.  (CONTENT->RESOURCE,
     HTTP_HEADER->CONTENT_SET/PROTOCOL)  [Justin Erenkrantz]

Changes with Apache 2.0.33

  *) Fix a problem in the new --enable-layout functionality where
     it wouldn't allow overrides from variables like --prefix,
     --bindir, etc.  [Thom May <thom planetarytramp.net>]

  *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
     no longer hangs around waiting for the socket to close before
     returning exhaustive data.  [Aaron Bannert]

  *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
     [Thom May <thom planetarytramp.net>]

  *) Change mod_ssl to always do a full startup/teardown on restarts.
     this allows mod_ssl to be added to a server that is already
     running and makes it possible to add/change certs/keys after the
     server has been started.  [Doug MacEachern]

  *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
     This pipe must be a bidirectional 'console' style relay, which
     mod_ssl prints all prompts to the pipe's stdin, and reads the
     passphrases from the pipe's stdout.  [William Rowe]

  *) Fix bug where --sysconfdir and --localstatedir were being
     ignored.  [Thom May <thom planetarytramp.net>, Aaron Bannert]
     PR 9888

  *) Fix --enable-layout to work again. Caution: When specifying
     --enable-layout, common arguments like --prefix, --exec-prefix,
     etc. will be ignored and the settings from the layout will be
     used instead.  [Thom May <thom planetarytramp.net>, Aaron Bannert]
     PR 9124, 9873, 9885

  *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
     regex pattern matching for the determination of which requests
     to use the remote proxy for. [Jim Jagielski]

  *) Fix CustomLog bytes-sent with HTTP 0.9.  [Justin Erenkrantz]

  *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
     cruft in piped logs and rewritemap child processes.
     [William Rowe]

  *) All instances of apr_lock_t have been removed and converted
     to one of the following new lock APIs: apr_thread_mutex.h,
     apr_proc_mutex.h, or apr_global_mutex.h. No new code should
     use the apr_lock.h API, as the old API will soon be deprecated.
     [Aaron Bannert]

  *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
     [Ralf S. Engelschall, Cliff Woolley]

  *) mod-include: make it handle flush'es and fix the 'false-alarm'
     [Justin Erenkrantz, Brian Pane, Ian Holsman]

  *) ap_get_*_filter_handle() functions to allow 3rd party modules
     to lookup filter handles so they can bypass the filter name
     lookup when adding filters to a request (via ap_add_*_filter_handle())
     [Ryan Morgan <rmorgan covalent.net>]

  *) Fix for multiple file buckets on Win32, where the first file
     bucket would cause the immediate closure of the socket on any
     non-keepalive requests.  [Ryan Morgan <rmorgan covalent.net>]

  *) Correct Win32 failure of mmap of a segment beyond start of the
     file; fixes large SSL and similar transfers.  [William Rowe]
     PR 9898

  *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
     multi-process mode to not "daemonize" while detaching from the
     controlling terminal. This is necessary for Apache to work with
     process-management tools like AIX's "System Resource Controller"
     as well as Dan Bernstein's "daemontools".
     [Jos Backus <josb cncdsl.com>, Aaron Bannert]

  *) Convert mod_auth_digest to use the new apr_global_mutex_t
     type.  [Aaron Bannert]

  *) fix bug in mod-include where it wouldn't send a unmatched
     part if it was at the end of a bucket [Ian Holsman]

  *) worker MPM: Improve logging of errors with the interface between
     the listener thread and worker threads.  [Jeff Trawick]

  *) Some browsers ignore cookies that have been merged into a
     single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
     are now unmerged in the http proxy before being sent to the
     client. [Graham Leggett]

  *) Fix a problem with proxy where each entry of a duplicated
     header such as Set-Cookie would overwrite and obliterate the
     previous value of the header, resulting in multiple header
     values (like cookies) going missing.
     [Graham Leggett, Joshua Slive]

  *) Add the server-limit and thread-limit values to the scoreboard
     for the sake of third-party applications.
     [Adam Sussman <myddryn vishnu.vidya.com>]

  *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]

  *) OS/390: Get make install to properly copy DSO modules.
     [Jeff Trawick]

  *) Win32: Fix bug in mod_status with displaying "Restart Time"
     and "Server uptime".
     [Bill Stoddard]

  *) Fix IPv6 name-based virtual hosts.  [Jeff Trawick]

  *) Introduce AddOutputFilterByType directive.  [Justin Erenkrantz]

  *) Fix DEBUG_CGI support in mod_cgi.  PR 9670, 9671.
     [David MacKenzie <djm pix.net>]

  *) Fix incorrect check for script_in in mod_cgi.  PR 9669.
     [David MacKenzie <djm pix.net>]

  *) Fix segfault and display error when SSLMutex file can not be
     created.  [Adam Sussman <myddryn vishnu.vidya.com>]

  *) Add reference counting to mod_mem_cache cache objects to
     better manage removing objects from the cache.
     [Bill Stoddard]

  *) Change the verbage on the ScoreBoardFile in our default configs.
     Also change the default to be commented out (unspecified) so we
     get anonymous shared memory by default.  [Aaron Bannert]

  *) Implement new ScoreBoardFile directive logic. This affects how
     we create the scoreboard's shared memory segment. If the directive
     is present, a name-based segment is created. If the directive is
     not present, first an anonymous segment is created, and if that
     fails, a name-based segment is created from a file of the name
     DEFAULT_SCOREBOARD. This gives third-party applications the
     ability to access our scoreboard.  [Aaron Bannert]

  *) Allow mod_deflate to work with non-GET requests and properly send
     Content-Lengths.  [Sander Striker <striker apache.org>]

  *) Fix ap_directory_merge() to correctly merge configs when there is
     no <Directory /> block.  [Justin Erenkrantz, William Rowe]

  *) Remove spurious debug messsages that are normal under HTTP
     keep-alive logic.  [Jeff Trawick, Justin Erenkrantz]

  *) Fix a bug in mod_cgid that would prevent proper shutdown death
     of the cgid process.  [Aaron Bannert]

  *) Add signal handling back in to the worker MPM for the one_process
     (-X, -DDEBUG, -DONE_PROCESS) case.  [Aaron Bannert]

  *) Performance: Reuse per-connection transaction pools in the
     worker MPM, rather than destroying and recreating them.  [Brian Pane]

  *) Remove all signals from the worker MPM's child process.  Instead,
     the parent uses the Pipe of Death for all communication with the
     child processes.  [Ryan Bloom]

Changes with Apache 2.0.32

  *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
     default if the directive is not specified.  This mirrors older
     behavior without changes to the httpd.conf.  [William Rowe]

  *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
     the service, mpm and logging code, and bugs in apr_file_open_stderr 
     and apr_file_dup2 functions.  Win2K/XP services have no handles 
     associated for stdin/out/err, which caused unpredictable behavior
     in the prior release.  [William Rowe, Bill Stoddard]

  *) Win32: simplify the Application Event Log messages, since there isn't
     likely to be 'more information in the error log' before an error log
     has been opened.  [William Rowe]

  *) Win32: substantial cleanup to the mpm_winnt code for legibility and
     to follow the program flow of other MPMs.  [Ryan Bloom, William Rowe]

  *) Win32: apache -k shutdown now behaves like apache -k stop.
     [Bill Stoddard]

  *) Fix prefork to not kill the parent if a child hits a resource shortage
     on accept().  [Greg Ames]

  *) Fix seg faults that occur when what should be the httpd request line
     starts with \r\n followed by garbage.  [Greg Ames]

  *) Allow statically linked support binaries with the new
     --enable-static-support flag, and enable this behavior in
     the binbuild script. Also add a new --enable-static-htdbm
     flag.  [Aaron Bannert]

  *) Allow mod_autoindex to serve symlinks if permitted and attempt to
     do only one stat() call when generating the directory listings.
     [Justin Erenkrantz]

  *) Fix resolve_symlink to save the original symlink name if known.
     [Justin Erenkrantz]

  *) Be a bit more sane with regard to CanonicalNames.  If the user has
     specified they want to use the CanonicalName, but they have not
     configured a port with the ServerName, then use the same port that 
     the original request used. [Ryan Bloom and Ken Coar]

  *) In core_input_filter, check for an empty brigade after 
     APR_BRIGADE_NORMALIZE().  Otherwise, we can get segfaults if a
     client says it will post some data but we get FIN before any
     data arrives.  [Jeff Trawick]

  *) Not being able to bind to the socket is a fatal error.  We should
     print an error to the console, and return a non-zero status code.
     With these changes, all of the Unix MPMs do that correctly.
     [Ryan Bloom]

  *) suexec: Allow HTTPS and SSL_* environment variables to be passed
     through to CGI scripts. PR 9163
     [Brian Reid <breid customlogic.com>, 
      Zvi Har'El <rl math.technion.ac.il>]

  *) binbuild.sh: Make sure that we use the expat from our source
     tree so that there aren't any surprises on the target machine.
     [Jeff Trawick]

  *) mod_cgid: Add retry logic for when the daemon can't fork fast
     enough to keep up with new requests.  Start using 
     HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
     when we can't talk to the daemon.  [Jeff Trawick]

  *) apxs: LTFLAGS envvar can override default libtool options.  Try
     "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
     the covers.  [Jeff Trawick]

  *) The Location: response header field, used for external
     redirect, *must* be an absoluteURI.  The Redirect directive
     tested for that, but RedirectMatch didn't -- it would allow
     almost anything through.  Now it will try to turn an abs_path
     into an absoluteURI, but it will correctly varf like Redirect
     if the final redirection target isn't an absoluteURI.  [Ken Coar]

Changes with Apache 2.0.31

  *) Create the scoreboard (in the parent) in a global pool context,
     so it survives graceful restarts. This fixes a SEGV during
     graceful restarts.  [Aaron Bannert]

  *) Add a timeout option to the proxy code 'ProxyTimeout' 
     [Ian Holsman]

  *) FTP directory listings are now always retrieved in ASCII mode.
     The FTP proxy properly escapes URI's and HTML in the generated
     listing, and escapes the path components when talking to the FTP
     server. It is now possible to browse the root directory by using
     a url like:   ftp://user@host/%2f/ (ported from apache_1.3.24)
     Also, the last path component may contain wildcard characters
     '*' and '?', and if they do, a directory listing is created instead
     of a file retrieval. Example: ftp://user@host/httpd/server/*.c
     [Martin Kraemer]

  *) Added single-listener unserialized accept support to the
     worker MPM [Brian Pane]

  *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
     the incoming host header through to the proxied server
     [Geoff <g.russell ieee.org>]

  *) New Directive Option for ProxyPass. It now can block a location
     from being proxied [Jukka Pihl <jukka.pihl entirem.com>]

  *) Don't let the default handler try to serve a raw directory.  At
     best you get gibberish.  Much worse things can happen depending
     on the OS.  [Jeff Trawick]
     
  *) Change the pre_config hook to return a value. Modules can now emit
     an error message and then cause the server to quit gracefully during
     startup. This required a bump to the MMN.  [Aaron Bannert]

  *) Fix some unix socket descriptor leaks in the handler side of
     mod_cgid (the part that runs in the server process).  Whack a
     silly "close(-1)" in the handler too.  [Jeff Trawick]

  *) Change the pre_mpm hook to return a value, so that scoreboard
     init errors percolate up to code that knows how to exit 
     cleanly.  This required a bump to the MMN.  [Jeff Trawick]

  *) Add the socket back to the conn_rec and remove the create_connection
     hook. The create_connection hook had a design flaw that did not 
     allow creating connections based on vhost info. [Bill Stoddard]

  *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
     Resolves the common case of using negotation to resolve the request
     /script/foo for /script.cgi/foo.  [William Rowe]

  *) Added new functions ap_add_(input|output)_filter_handle to
     allow modules to bypass the usual filter name lookup when
     adding hard-coded filters to a request [Brian Pane]

  *) caching should now work on subrequests (still very experimental)
     [Ian Holsman]
  
  *) The Win32 mpm_winnt now has a shared scoreboard.  [William Rowe]

  *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
     [Justin Erenkrantz]

  *) Refactor ap_rgetline so that it does not use an internal brigade.
     Change ap_rgetline's prototype to return errors.  [Justin Erenkrantz]

  *) Remove mod_auth_db.  [Justin Erenkrantz]

  *) Do not install unnecessary pcre headers like config.h and internal.h.
     [Joe Orton <joe manyfish.co.uk>]

  *) Change in quick_hanlder behavior for subrequests. it now passes DONE
     (as it does for a normal request). quick_handled sub-requests now work
     in mod-include [Ian Holsman]

  *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
     'CONTENT' one, as it needs to run AFTER all content headers

  *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
     [Lars Eilebrecht]

  *) Split out blocking from the mode in the input filters.
     [Justin Erenkrantz]

  *) Fix a segfault in mod_include.  [Justin Erenkrantz, Jeff Trawick]

  *) Cause Win32 to capture all child-worker process errors in
     Apache to the main server error log, until the child can
     open its own error logs.  [William Rowe]

  *) HPUX 11.*: Do not kill the child process when accept() 
     returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]

  *) Fix a problem in the parsing of the <Proxy foo> directive.
     [Jeff Trawick]

  *) rewrite of mod_ssl input filter for better performance and less
     memory usage [Doug MacEachern]

  *) allow quick_handler to be run on subrequests. [Ian Holsman]

  *) mod_dav now asks its provider to place content directly into the
     filter stack when handling a GET request. The mod_dav/provider
     API has changed, so providers need to be updated. [Greg Stein]

  *) Clear the output socket descriptor in unixd_accept() to make sure
     we don't supply a bogus socket to the caller if the accept fails.
     This caused problems with the worker MPM, which tried to process
     the returned socket if it was non-NULL.  [Brian Pane]

  *) Move a check for an empty brigade to the start of core input filter
     to avoid segfaults.  [Justin Erenkrantz, Jeff Trawick]

  *) Add FileETag directive to allow configurable control of what
     data are used to form ETag values for file-based URIs.  MMN
     bumped to 20020111 because of fields added to the end of
     the core_dir_config structure.  [Ken Coar]

  *) Fix a segfault in mod_rewrite's logging code caused by passing the
     wrong config to ap_get_remote_host().  [Jeff Trawick]

  *) Allow mod_cgid to work from a binary distribution install by
     using 755 for the permissions on the log directory instead of
     750.  [Jeff Trawick]

  *) Fixed a segfault that happened during graceful shutdown (or when
     the httpd ran out of file descriptors) with the worker MPM [Brian Pane]

  *) Split all Win32 modules [excluding the core components mod_core, 
     mod_so, mod_win32 and the winnt mpm] into individual loadable
     modules, so the administrator may individually disable the former
     compiled-in modules by simply commenting out their LoadModule
     directives.  [William Rowe]

  *) Saved Win32 module authors and porters many future headaches, by
     duplicating the appropriate .h files such as os.h into the include
     directory, including in the build tree.  [William Rowe]

  *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
      Use SSL functions/macros instead of directly dereferencing SSL
      structures wherever possible.
      Add type-casts for the cases where functions return a generic pointer.
      Add $SSL/include to configure search path.
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]

  *) Moved several pointers out of the shared Scoreboard so it is
     more portable, and will present the vhost name across server
     generation restarts.  [William Rowe]

  *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
     [Doug MacEachern]

Changes with Apache 2.0.30

  *) Fix the main bug for FreeBSD and threaded MPM's. There are
     still issues (see STATUS) but at least the server will now
     run without crashing the machine.
     [David Reid, Aaron Bannert, Justin Erenkrantz]

  *) Fix a typo in mod_deflate's m4 config section.
     [albert chin <china thewrittenword.com>]

  *) Fix a couple of mod_proxy problems forwarding HTTP connections
     and handling CONNECT:
     (1) PR #9190  Proxy failed to connect to IPv6 hosts.
     (2) Proxy failed to connect when the first IP address returned by 
         the resolver was unreachable but a secondary IP address was.  
     [Jeff Trawick]

  *) Fix the module identifer as shown in the docs for various core
     modules (e.g., the identifer for mod_log_config was previously
     listed as config_log_module).  PR #9338
     [James Watson <ap2bug sowega.org>]

  *) Fix LimitRequestBody directive by placing it in the HTTP
     filter.  [Justin Erenkrantz]

  *) Fix mod_proxy seg fault when the proxied server returns 
     an HTTP/0.9 response or a bogus status line.
     [Adam Sussman]

  *) Prevent mod_proxy from truncating one character off the
     end of the status line returned from the proxied server.
     [Adam Sussman, Bill Stoddard]

  *) Eliminate loop in ap_proxy_string_read().
     [Adam Sussman, Bill Stoddard]

  *) Provide $0..$9 results from mod_include regex parsing.
     [William Rowe]

  *) Allow mod-include to look for alternate start & end tags [Ian Holsman]

  *) Introduced the ForceLanguagePriority directive, to prevent
     returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
     when using Multiviews.  [William Rowe]

  *) Fix a problem which prevented mod_cgid and suexec from working
     together reliably [Greg Ames]

  *) Remove the call to exit() from within mod_auth_digest's post_config
     phase.  [Aaron Bannert]

  *) Fix a problem in mod_auth_digest that could potentially cause
     problems with initialized static data on a system that uses DSOs.
     [Aaron Bannert]

  *) Fix a segfault in the worker MPM that could happen during
     child process exits.  [Brian Pane, Aaron Bannert]

  *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]

  *) Fix matching of vhosts by ip address so we find IPv4
     vhost address when target address is v4-mapped form of
     that address.  [Jeff Trawick]

  *) More performance tweaks to the BNDM string-search algorithm
     used to find "<!--#" tokens in mod_include [Brian Pane]

  *) Miscellaneous small performance fixes: optimized away various
     string copy operations and removed large temp buffers from
     the stack [Brian Pane]

  *) Fixed startup segfault that occurred when a VirtualHost
     directive had a port but no address [Brian Pane]

  *) Allow htdbm to work with multiple DBM types [Ian Holsman]

  *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
     if oslevel < WINNT.  This should fix several problems reported
     Against 2.0.28 on Windows 98 [Bill Stoddard]

  *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
     to fail. [Bill Stoddard]

  *) Change core code to allow an MPM to set hard thread/server
     limits at startup.  prefork, worker, and perchild MPMs now have 
     directives to set these limits.  [Jeff Trawick]

  *) Win32: The async AcceptEx() event should be autoreset upon
     successful completion of a wait (WaitForSingleObject). This
     eliminates a number of spurious
     setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
     [Bill Stoddard]

  *) Move any load library path environment variables out of 
     apachectl and into a separate environment variable file which
     can be more easily tailored by the admin.  The environment
     variable file as built by Apache may have additional system-
     specific settings.  For example, on OS/390 we tailor the heap
     settings to allow lots of threads.  [Jeff Trawick]
    
  *) Use the new APR pool code to reduce pool-related lock
     contention in the worker MPM.  [Sander Striker]

  *) The POD no longer assumes the child is listening on 127.0.0.1
     and now pulls the first hostname in the list of listeners to
     perform the dummy connect on. This fixes a bug when the user
     had configured the Listen directive for an IP other than
     127.0.0.1. This would result in undead children and error
     messages such as "Connection refused: connect to listener".
     [Aaron Bannert]

  *) The worker MPM now respects the LockFile setting, needed to
     avoid locking problems with NFS.  [Jeff Trawick]

  *) Fix segfault when worker MPM receives SIGHUP.
     [Ian Holsman, Aaron Bannert, Justin Erenkrantz]

  *) Fix bug that could potentially prevent the perchild MPM from
     working with more than one vhost/uid.  [Aaron Bannert]

  *) Change make install and apxs -i processing of DSO modules to 
     perform special handling on platforms where libtool doesn't install 
     mod_foo.so.  This fixes some wonkiness on HP-UX, Tru64, and AIX 
     which prevented standard LoadModule statements from working.
     [Jeff Trawick]

  *) Whenever mod_so is enabled (not just when there are DSOs for
     our modules), do whatever special magic is required for compiling/
     loading third-party modules.  This allows third-party DSOs to
     be used on an AIX build when there were no built-in modules
     built as DSOs.  (This should help on OS/390 and BeOS as well.)
     [Jeff Trawick]

  *) Allow apxs to be used to build DSOs on AIX without requiring the
     user to hard-code the list of import files.  (This should help
     on OS/390 and BeOS as well.)  [Jeff Trawick]
     
  *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
     PR 8563, 8919  [William Rowe]
  
  *) Get binary builds working when libapr and libaprutil are built
     shared [Greg Ames]

  *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
     working on AIX.  [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
     Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]

  *) Fix the handling of SSI directives in which the ">" of the
     terminating "-->" is the last byte in a file [Brian Pane]

  *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
     message that we had back in apache-1.3 and still have scattered
     throughout our docs.  [Aaron Bannert]

  *) Prevent the Win32 port from continuing after encountering an
     error in the command line args to apache.  [William Rowe]

  *) On a error in the proxy, make it write a line to the error log
     [Ian Holsman]

  *) Various mod_ssl performance improvements [Doug MacEachern]

Changes with Apache 2.0.29

  *) Add buffering in core_output_filter to ensure that long
     lists of small buckets don't cause small packet writes.
     [Brian Pane, Ryan Bloom]

  *) Fix the installation target to make sure that the manual is 
     installed in the correct location.
     [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
      Gomez Henri <hgomez slib.fr>]

  *) Fix the cmd command for mod_include.  When we are processing
     a cmd command, we do not want to use the r->filename to set
     the command name.  The command comes from the SSI tag.  To do this,
     I added a variable to the function that builds the command line
     in mod_cgi.  This allows the include_cmd function to specify
     the command line itself. [Ryan Bloom]

  *) Change open_logs hook to return a value, allowing you
     to flag a error while opening logs
     [Ian Holsman, Doug MacEachern]

  *) Change post_config hook to return a value, allowing you
     to flag a error post config
     [Ian Holsman, Jeff Trawick]

  *) Allow SUEXEC_BIN (the path to the suexec binary that is
     hard-coded into the server) to be specified to the configure
     script by the --with-suexec-bin parameter.  [Aaron Bannert]

  *) Fix segv in worker MPM following accept on pipe-of-death
     [Brian Pane]

  *) Add mod_deflate to experimental.  
     [Ian Holsman, Justin Erenkrantz]

  *) Bail out at configure time if an invalid MPM was specified.
     [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]

  *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
     configured [John Sterling <sterling covalent.net>]

  *) Fix apxs to use sbindir.  [Henri Gomez <hgomez slib.fr>]

  *) Fix a problem with IPv6 vhosts.  PR #8118  [Jeff Trawick]

  *) Optimization for the BNDM string-search function in
     mod_include.  [Brian Pane]

  *) Fixed the behavior of the XBitHack directive.
     [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804

  *) The threaded MPM for Unix has been removed.  Use the worker
     MPM instead.  [various]

  *) APR-ize the resolver logic in mod_unique_id.  This fixes a bug
     in logging the error from a failed DNS lookup.  [Jeff Trawick]

  *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
     [Cliff Woolley]

  *) Get mod_cgid killed when a MPM exits due to a fatal error.
     [Jeff Trawick]

  *) Fix a file descriptor leak in mod_include.  When we include a
     file, we use a sub-request, but we didn't destroy the sub-request
     immediately, instead we waited until the original request was
     done.  This patch closes the sub-request as soon as the data is
     done being generated.  [Brian Pane <bpane pacbell.net>]

  *) Allow modules that add sockets to the ap_listeners list to
     define the function that should be used to accept on that
     socket.  Each MPM can define their own function to use for
     the accept function with the MPM_ACCEPT_FUNC macro.  This
     also abstracts out all of the Unix accept error handling
     logic, which has become out of synch across Unix MPMs.
     [Ryan Bloom]

  *) Fix a bug which would cause the response headers to be omitted
     when sending a negotiated ErrorDocument because the required
     filters were attached to the wrong request_rec.
     [John Sterling <sterling covalent.net>]

  *) Remove commas from the end of the macros that define
     directives that are used by MPMs.  Prior to this patch,
     you would use these macros without commas, which was unlike
     the macros for any other directives.  Now, the caller provides
     the comma rather than the macro providing it.  This makes
     the macros look more like the rest of the directives.
     [Ryan Bloom and Cliff Woolley]

  *) Add 'redirect-carefully' environment option to disable sending
     redirects under special circumstances.  This is helpful for 
     Microsoft's WebFolders when accessing a directory resource via
     DAV methods.  [Justin Erenkrantz]

  *) Begin to abstract out the underlying transport layer.
     The first step is to remove the socket from the conn_rec,
     the server now lives in a context that is passed to the
     core's input and output filters. This forces us to be very
     careful when adding calls that use the socket directly,
     because the socket isn't available in most locations.
     [Ryan Bloom]

  *) Really reset the MaxClients value in worker and threaded
     when the configured value is not a multiple of the number 
     of threads per child.  We said we did previously but we 
     forgot to. [Jeff Trawick]

  *) Add Debian layout.  [Daniel Stone <daniel sfarc.net>]

  *) If shared modules are requested and mod_so is not available,
     produce a fatal config-time error.  [Justin Erenkrantz]

  *) Improve http2env's performance by cutting the work it has to
     do.  [Brian Pane <bpane pacbell.net>]

  *) use new 'apr_hash_merge' function in mod_mime (performance fix)
     [Brian Pane <bpane pacbell.net>]

Changes with Apache 2.0.28

  *) Fix infinite loop in mod_cgid.c.  
     [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]

  *) When no port is given in a "ServerName host" directive, the
     server_rec->port is now set to zero, not 80. That allows for
     run-time deduction of the correct server port (depending on
     SSL/plain, and depending also on the current setting of
     UseCanonicalName). This change makes redirections
     work, even with https:// connections. As in Apache-1.3, the
     connection's actual port number is never used, only the ServerName
     setting or the client's Host: setting. Documentation updated
     to reflect the change. [Martin Kraemer]

  *) Add a '%{note-name}e' argument to mod-headers, which works in
     the same way as mod_log_confg.  [Ian Holsman]

  *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
     AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
     MPMs.  [Cliff Woolley]

  *) Introduce htdbm, a user management utility for db/dbm authorization
     databases.  [Mladen Turk <mturk mappingsoft.com>]

  *) Optimize usage of strlen and strcat in ap_directory_walk.
     [Brian Pane <bpane pacbell.net>]

Changes with Apache 2.0.27

  *) Introduce an Apache mod_ssl initial configuration template 
     (ssl.conf, generated from ssl-std.conf).  [Ralf S. Engelschall]

  *) Fixed a memory leak in the getline parsing code that could
     be triggered by arbitrarily large header lines. Requests
     from the core input filter for single lines are now limited
     to HUGE_STRING_LEN (8192 bytes).  [Aaron Bannert]

  *) Fix a truncation bug in how we print the port on the Via: header. 
     The routine that prints the Via: header now takes a length for
     the port string.  [Zvi Har'El <rl math.technion.ac.il>]

  *) Some syntax errors in mod_mime_magic's magic file can result
     in a 500 error, which previously was unlogged.  Now we log the
     error.  [Jeff Trawick]

  *) Add the support/checkgid helper app, which checks the run-time
     validity of group identifiers usable in the Group directive.
     [Ken Coar]

  *) Various --enable-so options have been fixed: --enable-so is
     treated as "static"; explicit --enable-so=shared issues an error;
     and explicit --enable-so fails with error on systems without
     APR_HAS_DSO.  [Aaron Bannert]

  *) Fix a segfault in the core input filter when the client socket
     gets disconnected unexpectedly.  [Cliff Woolley]

  *) Fix the reporting for child processes that die.  This removes
     all of the non-portable W* macros from Apache. 
     [Jeff Trawick and Ryan Bloom]

  *) Win32: Track and display "Parent Server Generation:" in
     mod_status output. The generation will be bumped at
     server graceful restart, when the child process exits
     by hitting MaxRequestsPerChild or if the child 
     process exits abnormally. [Bill Stoddard]

  *) Win32: Fix problem where MaxRequestsPerChild directive was
     not being picked up in favor of the default. Enable
     the parent to start up a new child process immediately upon
     the old child starting shutdown.
     [Bill Stoddard]

  *) Fix some bungling of the remote port in rfc1413.c so that 
     IdentityCheck retrieves the proper user id instead of failing
     and thus always returning "nobody."  
     [Dick Streefland <Dick.Streefland xs4all.nl>]

  *) Introduced thread saftey for mod_rewrite's internal cache.
     [Brian Pane <bpane pacbell.net>]

  *) Simplified mod_env's directives to behave as most directives are
     expected, in that UnsetEnv will not unset a SetEnv and PassEnv 
     directive following that UnsetEnv within the same container.
     Also provides a runtime startup warning if a PassEnv configured 
     environment value is undefined.  [William Rowe]

  *) The worker MPM is now completely ported to APR's new lock API. It
     uses native APR types for thread mutexes, cross-process mutexes,
     and condition variables.  [Aaron Bannert]

  *) Sync up documentation to remove all references to the now deprecated
     Port directive.  [Justin Erenkrantz]

  *) Moved all ldap modules from the core to httpd-ldap sub-project
     [Ryan Bloom]

  *) Exit when we can't listen on any of the configured ports.  This
     is the same behavior as 1.3, and it avoids having the MPMs to
     deal with bogus ap_listen_rec structures.  [Jeff Trawick]

  *) Cleanup the proxy code that creates a request to the origin
     server.  This change adds an optional hook, which allows modules
     to gain control while the request is created if the proxy module
     is loaded.  The purpose of this hook is to allow modules to add
     input and/or output filters to the request to the origin.  While
     I was at it, I made the core use this hook, so that proxy request
     creation uses some of the code from the core.  This can still be
     greatly improved, but this is a good start.  [Ryan Bloom]

Changes with Apache 2.0.26

  *) Port the MaxClients changes from the worker MPM to the threaded
     MPM.  [Ryan Bloom]

  *) Fix mod_proxy so that it handles chunked transfer-encoding and works
     with the new input filtering system.  [Justin Erenkrantz]

  *) Introduce the MultiviewsMatch directive, to allow the operator
     to be flexible in recognizing Handlers and Filters filename
     extensions as part of the Multiviews matching logic, strict with
     MultiviewsMatch NegotiatedOnly to accept only filename extentions 
     that designate negotiated parameters, (content type, charset, etc.)
     or MultiviewsAll for the 1.3 behavior of matching any files, even
     if they have unregistered extensions.  [William Rowe]

  *) Fixed the configure script to add a LoadModule directive to
     the default httpd.conf for any module that was compiled
     as a DSO.  [Aaron Bannert <aaron clove.org>]

  *) rewrite mod_ssl input filtering to work with the new input filtering
     system.  [Justin Erenkrantz]

  *) prefork: Don't segfault when we are able to listen on some but
     not all of the configured ports.  [Jeff Trawick]

  *) Build mod_so even if no core modules are built shared.
     [Aaron Bannert <aaron clove.org>]

  *) Introduce ap_directory_walk rewrite (with further optimizations
     required) to adapt to the ap_process_request_internal() changes.
     Optimized so subrequests and redirects now reuse previous section 
     merges, until we mismatch with the original directory_walk, and
     precomputed r->finfo results will cause directory_walk to skip
     the most expensive phases of the function.  [William Rowe]

  *) Allow ApacheMonitor to connect to and control Apache on other 
     WinNT/2K machines.   [Mladen Turk <mturk mappingsoft.com>]

  *) Remove the Port directive.  In it's place, the Listen directive
     is now a required directive, which tells Apache what port to
     listen on.  The ServerName directive has also been extended
     to accept an optional port.  If the port is specified to the
     ServerName, the server will report that port whenever it
     reports the port that it is listening on.  This change was
     made to ease configuration errors that stem from having a Port
     directive, and a Listen directive.  In that situation, the server
     would only listen to the port specified by the Listen command,
     which caused a lot of confusion to users.  [Ryan Bloom]

  *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
     build, as loadable modules.  [William Rowe]

  *) Fix --enable-mods-shared processing.  If most is specified,
     then all modules that can be compiled as shared modules are.
     [Aaron Bannert <aaron clove.org>]

  *) Update the mime.types file to map video/vnd.mpegurl to mxu
     and add commonly used audio/x-mpegurl for m3u extensions.        
     [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]

  *) Eliminate the depreciated r->content_language, in favor of the array
     r->content_languages introduced many years ago.  Module authors must
     substantially overhaul their modules, so this needs to be upgraded
     if the module still relied on backwards-brokeness.  [William Rowe]

  *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
     [Justin Erenkrantz]

  *) Rewrite the input filtering mechanisms to consolidate and reorganize
     code.  In short, core_input_filter does something now and
     ap_http_filter is now only concerned with HTTP.  [Justin Erenkrantz]

  *) Update the Win32 build to re-absorb mod_proxy and family.
     [William Rowe]

  *) Resolved the build failure on Win32 using MSVC 5.0 (without the
     current SDK.)  [William Rowe]

  *) Some style changes to the code that does ProxyErrorOverride. Fixed
     config merge behaviour. [Graham Leggett]

  *) Allow support programs to be compiled against a static version
     of libapr.  This allows the smaller support programs to be 
     relocated.  [Aaron Bannert <aaron clove.org>]

  *) Update the mime.types file to the registered media types as
     of 2001-09-25, and add mapping for xsl extension [Mark Cox]

  *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
     number of clients that can connect at the same time, instead of
     specifying the maximum number of child processes.
     [Aaron Bannert <aaron clove.org>]

  *) Switch proc_pthread AcceptMutex configuration directive to pthread to 
     be consistent with 1.3.  [Justin Erenkrantz]

  *) Cache apr_explode_localtime() value for 15 seconds.
     [Brian Pane <bpane pacbell.net>]

  *) Fix mod_include to not return ETag or Last-Modified headers.
     [Ian Holsman <ianh cnet.com>]

  *) Fix worker MPM's scoreboard logic.  [Aaron Bannert <aaron clove.org>]

  *) Eliminate the wasteful run-time conversion of method names from strings 
     to numbers in places where the methods are known at compile time.  
     [Brian Pane <bpane pacbell.net>]

  *) Turn the worker MPM's queue into a LIFO.  This may
     improve cache-hit performance under some conditions.
     [Aaron Bannert <aaron clove.org>]

  *) Switch back to SIGUSR1 for graceful restarts on all platforms that
     support it.  [Justin Erenkrantz]

  *) Cleanup the worker MPM.  We no longer re-use transaction
     pools.  This incurs less overhead than shuffling the pools
     around so that they can be re-used.  Remove one of the
     queue's condition variables.  We just redefined the API to
     state that you can't try to add more stuff than you allocated
     segments for.  [Aaron Bannert <aaron clove.org>]

  *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]

  *) Fixed persistent connections when a request contains a body.
     [Greg Stein]

  *) mod_dav uses a new API to speak to the backend provider for dead
     property management. [Greg Stein]

  *) Remove the Win32 script-processing exception from mod_cgi, and
     roll build_command_line/build_argv_list into a unified, overrideable
     ap_cgi_build_command optional function.  [William Rowe]

  *) Rewrite find_start_sequence to use a better search algorithm
     to find the start tag.  [Justin Erenkrantz]

  *) Fix a seg fault in mod_include.  When we are generating an
     internal redirect, we must set r->uri to "", not a bogus
     string, and not NULL.  [Ryan Bloom]

  *) Optimized location_walk, so subrequests, redirects and second passes
     now reuse previous section merges on a <Location > by <Location >
     basis, until we mismatch with the original location_walk. 
     [William Rowe]

  *) Back out the 1.45 change to util_script.c.  This change made
     us set the environment variable REQUEST_URI to the redirected
     URI, instead of the originally requested URI.
     [Taketo Kabe <kabe sra-tohoku.co.jp>]

  *) Make mod_include do lazy evaluation of potentially expensive to
     compute variables.  [Brian Pane <bpane pacbell.net>]

  *) Fix logging of bytes sent for HEAD requests.  %b and %B should
     log either - or 0, before this patch, they were both logging
     the file size.  [Taketo Kabe <kabe sra-tohoku.co.jp>]

  *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather 
     than per character.  [Brian Pane <bpane pacbell.net>]

  *) Normalize the primary request, redirects and sub-requests to
     run the same ap_process_request_internal for consistency in
     robustness, behavior and security.  [William Rowe]

  *) Fix a segfault with mod_include when r->path_info is not set
     (which is the case with mod_proxy).  [Ian Holsman <ianh cnet.com>]

  *) Add -X functionality back.  This indicates to all MPMs and any other
     part of Apache that it should run in "debug" mode.  [Justin Erenkrantz]

  *) Some initial support for the cygwin platform [prefork only].
     This is not to be confused with support for the WinNT/Win32
     platform, which is the recommended configuration for native
     Win32 users.  The cygwin platform support is recommended for
     cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]

  *) Changed syntax of Set{Input|Output}Filter.  The list of filters
     must be semicolon delimited (if more than one filter is given.)
     The Set{Input|Output}Filter directive now overrides a parent
     container's directive (e.g. SetInputFilter in <Directory /web/foo>
     will override any SetInputFilter directive in <Directory /web>.)
     This new syntax is more consistent with Add{Input|Output}Filter
     directives defined in mod_mime.  Also cures a bug in prior releases
     where the Set{Input|Output}Filter directive would corrupt the 
     global configuration if the multiple directives were nested.
     [William Rowe]

  *) Cured what's ailed mime for quite some time.  If an AddSomething
     was given in the configuration (Language, Charset, Handler or
     Encoding) Apache would set the content type as given by AddType, 
     but refused to check the mime.types file if AddType wasn't given 
     for that specific extension.  Setting the AddHandler for .html 
     without setting the AddType text/html html would cause Apache to 
     use the default content type.  [William Rowe]

  *) Added some bulletproofing to memory allocation in the LDAP cache
     code. [Graham Leggett]

Changes with Apache 2.0.25

  *) Move the installed /manual directory out of the /htdocs/ tree, so
     that it can be kept more independently from the remaining document
     root. The "Alias /manual ..." already allowed for easy projection
     into existing private document trees. [Martin Kraemer]

  *) Add specified user attributes to the environment when using
     mod_auth_ldap. This allows you to use mod_include to embed specified
     user attributes in a page like so:
     Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
     [Graham Leggett]

  *) Fix a performance problem with the worker MPM.  We now create
     transaction pools once, and re-use them for each connection.
     [Aaron Bannert <aaron clove.org>]

  *) Modfied mod_mime to prevent mod_negotation from serving a multiview
     of a 'handler' or 'filter', so that any filename extension that does 
     not contribute to the negotiated metadata can't be served without
     an explicit request.  E.g., if the .Z extension is associated with
     an unzip filter, the user request somefile.Z.html, mod_negotiation
     won't serve it.  It can serve somefile.Z.html when somefile.Z is
     requested, since the .Z extension is explictly requested, if the
     .html extension is associated with ContentType text/html.
     [William Rowe]

  *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
     and corresponding AddOutputFilter syntax, to insert one or more 
     filters by mod_mime filename extension processing.
     [William Rowe]

  *) Fix a growing connection pool in core_output_filter() for 
     keepalive requests.  [Jeff Trawick]

  *) Moved split_and_pass_pretag_buckets back to being a
     macro at Ryans's request. Removed the return from it
     by setting and returning a return code instead. Updated
     the code to check the return code from the macro and
     do the right thing. [Paul J. Reder]

  *) Fix a segfault when a numeric value was received for Host:.
     [Jeff Trawick]

  *) Add a function ap_remove_input_filter.  This is to match
     up with ap_remove_output_filter.  [Ryan Bloom]

  *) Clean up location_walk, so that this step performs a minimum
     amount of redundant effort (it must be run twice, but it will no
     longer reparse all <Location > blocks when the request uri
     hadn't changed.)  [William Rowe]

  *) Eliminate proxy: (and all other 'special') processing from the
     ap_directory_walk() phase.  Modules that want to use special
     walk logic should refer to the mod_proxy map_to_location example,
     with it's proxy_walk and proxysection implementation.  This makes
     either directory_walk flavor much more legible, since that phase
     only runs against real <Directory > blocks.
     [William Rowe]

  *) SECURITY: Fix a security problem in mod_include which would allow
     an SSI document to be passed to the client unparsed.
     [Cliff Woolley, Brian Pane]

  *) Introduce the map_to_storage hook, which allows modules to bypass
     the directory_walk and file_walk for non-file requests.  TRACE
     shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
     directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
     [William Rowe]

  *) Add the ability for mod_include to add the INCLUDES filter
     if the file is configured for the server-parsed handler.
     This makes the configuration for .shtml files much easier
     to understand, and allows mod_include to honor Apache 1.3
     config files.   Based on Doug MacEachern's patch to PHP
     to do the same thing.  [Ryan Bloom]

  *) force OpenSSL to ignore process local-caching and to always
     get/set/delete sessions using mod_ssl's callbacks
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
      Geoff Thorpe <geoff geoffthorpe.net>]

  *) Make the worker MPM shutdown and restart cleanly.  This also
     cleans up some race conditions, and gets the worker using
     pools more cleanly.  [Aaron Bannert <aaron clove.org>]

  *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
     for mod_ssl
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]

  *) Fix for mod_include. Ryan's patch to check error
     codes put a return in the wrong place. Also, the
     include handler return code wasn't being checked.
     I don't like macros with returns, so I converted
     SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
     [Paul J. Reder <rederpj raleigh.ibm.com>]

  *) fix segv in mod_mime if no AddTypes are configured
     [John Sterling <sterling covalent.net>]

  *) Enable ssl client authentication at SSL_accept time
     [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]

  *) Fix a segfault in mod_include when the original request has no
     associated filename (e.g., we're filtering the error document for
     a bad URI).  [Jeff Trawick]

  *) Fix a storage leak (a strdup() call) in mod_mime_magic.  [Jeff Trawick]

  *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
     of httpd is started and shuts down due to socket conflict. Moving the
     call to ap_log_pid solves the problem.

  *) Changed the late-1.3 log_config substitution %c to %X, to log the
     status of the closed connection, as it conflicts with the far more
     common, historical ssl logging directive %...{var}c.  [William Rowe]

  *) Added the common error/ tree to the build/install targets 
     (similar to the common icons/ tree) for the multi-language error 
     messages that Lars committed earlier.  [William Rowe]

  *) Added a multi process, multi threaded OS/2 MPM mpmt_os2.  [Brian Havard]

  *) Added a default commented-out mod_ldap and mod_auth_ldap
     configuration to httpd-std.conf and httpd-win.conf
     [Graham Leggett]

  *) Added documentation for mod_ldap and mod_auth_ldap.
     [Graham Leggett]

  *) Enabled negative caching on attribute comparisons in the LDAP cache.
     Fixed a problem where the default cache TTL was set in milliseconds
     not microseconds causing the cache to time out almost immediately.
     [Graham Leggett]

  *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
     module code to follow APR. [Graham Leggett]

  *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
     cleaned up when the connection pool pool is cleaned up.
     [Graham Leggett]

  *) Fix a minor issue with Jeff Trawick's mod_include
     patch. Without this patch, the code will just allocate
     more bytes in get_combined_directive than are needed.
     [Paul Reder]

  *) Added the LDAP authentication module mod_auth_ldap.
     [Dave Carrigan <dave rudedog.org>, Graham Leggett]

  *) Added the LDAP cache and connection pooling module mod_ldap.
     [Dave Carrigan <dave rudedog.org>, Graham Leggett]

  *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
     by allowing a module to disable itself if its prerequisites are not
     met.  [Justin Erenkrantz]

Changes with Apache 2.0.24

  *) Fix a couple of issues in mod_include when the tag appeared at
     offsets near 8192 in the file being parsed.  [Jeff Trawick]

  *) Fix an assertion failure in mod_ssl when the keepalive timeout is  
     reached.  [Jeff Trawick]

  *) Numerous improvements to the Win32 build system.  Introduced command line
     builds without requiring .mak files for MSVC 6.0 and later versions.
     Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
     [William Rowe]

  *) Assorted corrections and improvements to the winnt_mpm startup code.  Better
     reporting of uninstalled services and other error conditions, and changed the 
     default service name to Apache2.  [William Rowe]

  *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm 
     compatibility with existing Apache 1.3 Win32 Apache management utilites.  
     [Mladen Turk <mturk mappingsoft.com>, William Rowe]

  *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
     [William Rowe, Greg Ames]

  *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
     and RemoveCharset directives.  [William Rowe]

  *) The Unix MPMs other than perchild now allow child server 
     processes to use the accept mutex when starting as root and 
     using SysV sems for the accept mutex.  Previously, this 
     combination would lead to fatal errors in the child server 
     processes.  perchild can't use SysV sems because of security
     issues.  [Jeff Trawick, Greg Ames]

  *) Added Win32 revision stamp resources to all http binaries
     (including modules/ and support/ tools.)  PR7322  [William Rowe]

  *) Fix ap_rvprintf to support more than 4K of data at one time.
     [Cody Sherr <csherr covalent.net>]

  *) We have always used the obsolete/deprecated Netscape syntax
     for our tracking cookies; now the CookieStyle directive
     allows the Webmaster to choose the Netscape, RFC2109, or
     RFC2965 format.  The new CookieDomain directive allows the
     setting of the cookie's Domain= attribute, too.  PR #s 5006,
     5023, 5920, 6140 [Ken Coar]

  *) Tweak server/Makefile so that the rules for generating exports.c
     are compatible with make utilities which don't expand wildcards
     in a dependency list (e.g., OS/390 make, certain levels of GNU
     make).  [Jeff Trawick]

  *) Install the SSL headers.  [John Sterling <sterling covalent.net>]

  *) Begin to sanitize the MPM configuration directives.  Now, all
     MPMs use the same functions for all common MPM directives.  This
     should make it easier to catch all bugs in these directives once.
     [Cody Sherr <csherr covalent.net>]

  *) Close a major resource leak.  Every time we had issued a
     graceful restart, we leaked a socket descriptor.
     [Ryan Bloom]

  *) Fix a problem with the new method code.  We need to cast
     the 1 to an apr_int64_t or it will be treated as a 32-bit
     integer, and it will wrap after being shifted 32 times.
     [Cody Sherr <csherr covalent.net> and Ryan Morgan <rmorgan covalent.net>]

  *) Fix a bug in mod_expires.  Previous to this patch, if you
     told mod_expires to add 604800 seconds to the last-modified
     time, it actually added 604800 usec's to the last-modified time,
     so that when looking at the response it looked like nothing
     had been done.  The root of the problem was that we always compute
     time in usec's, but we ask users to input sec's.  This means we
     need to convert to usec's before using those values.
     [Ryan Bloom]

  *) The worker MPM now handles shutdown and restart requests.  It
     definitely isn't perfect, but we do stop the servers correctly.
     The biggest problem right now is that SIGHUP causes the server to
     just die.  [Ryan Bloom]

Changes with Apache 2.0.23

  *) Use the prefork MPM by default on Unix.  [various]

  *) Added a systray icon monitor application for Win32.
     [Mladen Turk <mturk mappingsoft.com>]

  *) mod_rewrite: Fix the line ending on some non-Unix systems for 
     messages written to the rewrite log.  
     [Richard Labennett <rlabenn us.ibm.com>]

  *) All mod_autoindex query parsing is now quietly quashed with the 
     IndexOption IgnoreClient.  The IndexOption SuppressColumnSorting 
     still drops the column sort <a href>'s for the column headers, but 
     IgnoreClient is required to ignore these Query options entirely.  
     [William Rowe]

  *) Introduced new mod_autoindex query argument parsing for F=[0|1|2]
     to allow the client to select plain, FancyIndexing or HTMLTable
     formatting, V=[0|1] to inhibit or enable version sorting, and 
     P=pattern to return only specific files.  The old Query Arguments
     were reorganized as C=f for sorting column 'f' (same N, D, S, or M
     as before), and O=A|D for ordering ascending or descending.  
     [William Rowe]

  *) Fixed an error in mod_include's directive parsing routines which
     caused #if, #elif, and #else expressions containing backslashes
     to be improperly evaluated.  [Cliff Woolley]

  *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to 
     drop the icon column, SuppressRules to drop the <hr> elements, 
     and HTMLTable to create rudimentary HTML table listings (implies 
     FancyIndexing).  [William Rowe]

  *) Re-introduced the mod_autoindex IndexOptions flag TrackModified
     from Apache 1.3.15.  This is needed for two reasons, first, given
     multiple machines within a server farm, ETags and Last-Modified 
     stamps won't correspond from machine to machine, and second, many 
     Unixes don't capture changes to the date or time stamp of existing 
     files, since these don't modify the dirent itself.  [William Rowe]

  *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst 
     and DirectoryWidth options from Apache 1.3.10. 
     [William Rowe, Ken Coar]

  *) Eliminated FancyIndexing directive, deprecated early in Apache
     1.3 by the IndexOptions FancyIndexing syntax.  [William Rowe]

  *) mod_autoindex now excludes any file names that would result in
     an error, other than a success or redirect.  Also optimized
     the parent directory, always included except in the URI '/'.
     [William Rowe]

  *) Refactored mod_negotiation and mod_mime to help mod_dir accept
     negotiated index pages, and prevent the server from defaulting
     to an autoindex of the directory.  mod_negotiation will now die
     with a 500 Internal Error if it could match some filenames 
     (e.g. for mod_dir) but none can be served.  mod_negotation now
     refuses to serve any file with an extention that mod_mime doesn't
     recognize, and wasn't part of the request.  [William Rowe]

  *) Eliminate mod_cgi's handling of .exe files without the .exe file
     extension.  This is already handled by multiviews, if the admin
     wishes to AddHandler .exe or define a content type handler and 
     associate .exe files with that content type.  Multiviews must be
     enabled to allow these to be served.  [William Rowe]

  *) Speed up the server's response to a spike in incoming workload
     or restarts by assigning empty scoreboard slots to new processes
     when they are available.  [Greg Ames]

  *) Add a handler to mod_includes.c.  This handler is designed to
     implement the XbitHack directive.  This can't be done with a
     fixup, because we need to check the content-type, which is
     only available in the handler phase.  [Ryan Bloom]

  *) Make the includes filter check return codes from filters lower in
     the filter chain.  If a lower level filter returns an error, then
     the request needs to stop immediately.  This allows mod_include to
     stop parsing data once a lower filter recognizes an error.
     [Ryan Bloom]

  *) Add the ability to extend the methods that Apache understands
     and have those methods <limit>able in the httpd.conf. It uses 
     the same bit mask/shifted offset as the original HTTP methods 
     such as M_GET or M_POST, but expands the total bits from an int to 
     an ap_int64_t to handle more bits for new request methods than 
     an int provides.  [Cody Sherr <csherr covalent.net>]

  *) Fix broken mod_mime behavior in merging its arguments.  Possible
     cause of unexplicable crashes introduced in 2.0.20.  [William Rowe]

  *) Solve many mod_ssl porting issues (too many to detail) with 
     help from the whole team, but most notably [Ralf S. Engelschall, 
     Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, 
     Doug MacEachern, William Rowe, Cliff Woolley]

  *) More stall fixes for the threaded & worker mpm's.
     Make mod_status output more accurate.  Don't
     count workers in processes which aren't actively
     serving requests. [Greg Ames]
     
  *) Win32: Get SSI exec cgi tag working. [Bill Stoddard]

  *) Add a single listener/multiple worker MPM.  This MPM is
     definately not fully correct, but it allows us to solve many
     of the problems that exist in the threaded MPM.  This is a 
     modified version of the threaded MPM.  [Ryan Bloom]

  *) Improve content generation throughout Apache, providing closer
     compliance with HTML 3.2, HTML 4.01 Transitional and XHTML 1.0
     Transitional specifications.  [William Rowe]

Changes with Apache 2.0.22
  
  *) Fix a problem where the threaded MPM stalls after restarts or
     segfaults.  Also prevent multiple active processes from using
     the same scoreboard slot.  [Greg Ames]

  *) Apache/Win32 now fills in the service description with Apache's
     server version string, including loaded and advertised modules.
     [William Rowe]

  *) Improved support for the Win32 build, to recover gracefully from
     missing apr or apr-util directories or the awk interpreter, 
     create the proper cgi-bin examples, including a test-cgi.bat, and 
     fix the perl shebang line for printenv.pl, when installing from 
     the build environment.  [William Rowe]

  *) Fix a segfault in threaded.c caused by passing uninitialized
     apr_thread_t * to apr_thread_join().  [Jeff Trawick]

  *) Use new APR number conversion functions to reduce CPU consumption 
     when setting the content length, and in mod_log_config.
     [Brian Pane]
     
  *) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp>
     where HEAD response headers were being repeated twice for
     files greater than 32K bytes (4*AP_MIN_BYTES_TO_WRITE). This
     problem in the http_header filter was exposed by the recent rewrite
     of the content_length filter. [Taketo Kabe, Bill Stoddard]

  *) Fix seg faults in mod_status with ExtendedStatus enabled, after
     restarts.  A garbage pointer to a vhost's server_rec from the
     previous generation was being left around under certain
     conditions. [Greg Ames]

  *) Fix a cosmetic problem with mod_include.  Non-existant SSI vars
     used to appear as '(none', without the closing paren.
     [Günter Knauf <eflash gmx.net>]

  *) Improve the exports generating awk script.  In the past, we had
     work around problems in the awk script by avoiding some #if and
     #ifdefs.  This has bitten us many times in generating the exports.c
     file.  This improvement allows corrects the header file parsing.
     [Sander Striker <striker apache.org>]

Changes with Apache 2.0.21

  *) Resolve the Win32 htpasswd bug, where a file that existed would be
     overwritten, regardless of the -c flag.
     [William Rowe, Mladen Turk <mladen.turk mail.inet.hr>]

  *) Introduce connection sub-pools into ab.  Truncating the lifetime
     of these allocations means that ab no longer perpetually grows
     its working set, running out of memory on large request attempts.
     [William Rowe]

  *) Make scoreboard creation a hook.  This allows management
     modules to have access to the scoreboard at the time that it is
     created, and at every restart request.  
     [Cody Sherr <csherr covalent.net>]

  *) Changed AP_MPMQ_MAX_DAEMONS to refer to MaxClients and
     added an AP_MPMQ_MAX_DAEMON_USED to refer to the highest
     daemon index actually used in the scoreboard. I also
     updated the pertinent calls. [Paul J. Reder]

  *) Win32: Prevent listening sockets from being inherited by
     the Apache child process, CGI scripts, rotatelog process
     etc.  If the Apache child process segfaults, any processes 
     that the child started are not reaped. Prior to this fix,
     these processes inherited the listening sockets which sometimes
     prevented the restarted Apache child process from accepting
     connections (ie, the server would hang). 
     [Bill Stoddard]

  *) Provide vhost and request strings when ExtendedStatus is on.
     [Greg Ames]

  *) Fix some issues with the pod and prefork: check the pod *after*
     processing a connection so that a server processing a time-
     consuming request bails out as soon as practical; when the
     parent process wakes up a server process via connect(), use an
     APR timeout on the connect() so that we don't hang for a long
     time if there aren't server processes around to do accept().
     [Jeff Trawick, Greg Ames]

  *) Performance improvement to mod_mime.c. find_ct() in mod_mime, 
     spends a lot of time in apr_table_get calls.  Using the default 
     httpd.conf, the tables for languages and charsets are somewhat
     large, so the time spent scanning them on each request is
     significant. Replacing the tables with hash tables provides
     a nice speedup. [Brian Pane <bpane pacbell.net>]

  *) Add two functions to allow modules to access random parts of the
     scoreboard.  This allows modules compiled for one MPM to access the
     scoreboard, even if it the server was compiled for another MPM.
     [Harrie Hazewinkel <harrie covalent.net>]

Changes with Apache 2.0.20

  *) Fix problem in content-length filter where the filter would
     buffer all the output from a CGI before sending any bytes
     down the filter stack to the network. This problem would cause
     significant memory consumption if the CGIs generated
     lots of bytes. [Bill Stoddard]
  
  *) Get non-blocking CGI pipe reads working with the bucket brigades.
     [Bill Stoddard]

  *) Fix seg fault on Windows when serving files cached with mod_file_cache.
     [Bill Stoddard]

  *) Fix a bug in the threaded MPM that would cause it to kill off all
     workers immediately after starting if the number of workers started
     was above a certain threshold.  [Ryan Bloom, Bill Stoddard]

Changes with Apache 2.0.19

  *) Fix problem with threaded MPM.  The problem was that if each child
     process was busy serving a single long-lived request and the server
     was sent a graceful restart signal, the server would stop serving
     requests.  This would happen because each child process would wait to
     die until the last thread was done, and the parent wouldn't spawn any
     new children until a process died.  Now, the parent looks at the fact
     that the children are dying gracefully, and starts new children.
     Those new children only start enough threads to compliment the number
     of threads in the other child process that shares the same spot in
     the scoreboard.  In this way, we make sure to never go over
     MaxClients.  [Ryan Bloom]

  *) modified mod_negotiation and mod_autoindex to speed up by almost a
     factor of two on apr_dir_read()-enhanced platforms, such as Win32
     and OS2, by calling ap_sub_request_lookup_dirent() with the results
     already provided by apr_dir_read().  [William Rowe]

  *) mod_file_cache is now more robust to filtering and serves requests
     slightly more efficiently.  [Cliff Woolley]

  *) Fix problem handling FLUSH bucket in the chunked encoding filter.
     Module was calling ap_rwrite() followed by ap_rflush() but the 
     served content was not being displayed in the browser. Inspection
     of the output stream revealed that the first data chunk was
     missing the trailing CRLF required by the RFC.  [Bill Stoddard]

  *) apxs no longer generates ap_send_http_header() in the example handler

  *) Fix an ab problem which could cause a divide-by-zero exception
     with certain invocations (e.g., ab -k -c 6 -n 100 localhost/).
     [Ian Holsman <ianh cnet.com>]

  *) Solve case-insensitive platforms' confusion about negotiated
     filenames, allowing files of differnt case to match in choosing
     the document to serve.  [William Rowe]

  *) Fix brokenness when ThreadsPerChild is higher than the built-in
     limit.  We left ap_threads_per_child at the higher value which
     led to segfaults when doing certain scoreboard operations.
     [Jeff Trawick]

  *) Fix seg faults and/or missing output from mod_include.  The
     default_handler was using the subrequest pool for files and
     MMAPs, even though the associated APR structures typically 
     live longer than the subrequest. [Greg Ames]
  
  *) Extend mod_setenvif to support specifying regular expressions
     on the SetEnvIf (and SetEnvIfNoCase) directive attribute field.
     Example:  SetEnvIf ^TS*  [a-z].* HAVE_TS 
     will cause HAVE_TS to be set if any of the request headers begins 
     with "TS" and has a value that begins with any character in the
     set [a-z]. [Bill Stoddard]

  *) httpd children now re-bind themselves to a random CPU on
     multiprocessor systems on AIX via bindprocessor() in 2.0.
     [Victor J. Orlikowski]

  *) Fix htdigest. It would go into a loop in getline when adding 
     a second user. [Bill Stoddard]

  *) Win32 platforms now fully support mod_userdir options.  [Will Rowe]

  *) Automatically generate httpd.exp for AIX.
     DSOs now work again on AIX in 2.0
     [Victor J. Orlikowski]

  *) Add a new request hook, error_log.  This phase allows modules
     to act on the error log string _after_ it has been written
     to the error log.  The goal for this hook is to allow monitoring
     modules to send the error string to the monitoring agent.
     [Ryan Bloom]

  *) Modify mod_echo to make it use filters for input and output.
     [Ryan Morgan <rmorgan covalent.net>]

  *) Extend mod_headers to support conditional driven Header 
     add, append and set. Use SetEnvIf to set an envar and conditionally
     add/append/set headers based on this envar thusly:

     SetEnvIf TSMyHeader value HAVE_TSMyHeader
     Header add MyHeader "%t %D" env=HAVE_TSMyHeader

     If the request contains header "TSMyHeader: value" then header
     MyHeader: "t=xxxxxxxxxx D=yyyy" will be sent on the response.
     [Bill Stoddard]

  *) Extend mod_headers to support using format specifiers on Header
     add, append and set header values. Two format specifiers are supported:

     %t - reports, in UTC microseconds since the epoch, when the
          request was received.

     %D - reports the time, in microseconds, between when the request was 
          received and the response sent. 

     Examples:
     Header add MyHeader "This request served in %D microseconds. %t"

     results in a header being added to the response that looks like this:
     
     MyHeader: This request served in D=5438 microseconds. t=991424704447256

     [Bill Stoddard]

  *) Fix reset_filter().  We need to be careful how we remove filters.
     If we set r->output_filters to NULL, we also have to reset the
     connection's filters.  [John Sterling]

  *) Optimise reset_filter() in http_protocol.c. [Greg Stein]

  *) Add a check to ap_die() to make sure the filter stack is sane and
     contains the correct basic filters when an error occurs. This fixes
     a problem where headers are not being sent on error. [John Sterling]

  *) New Header directive 'echo' option. "Header echo regex" will
     cause any headers received on the request that match regex to be
     echoed to (included in) the response headers.
     [Bill Stoddard]

  *) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H.
     This prevented the inclusion of apr_compat.h.  PR #7773
     [Oleg Broytmann <phd phd.pp.ru>]

  *) Moved util_uri to the apr-util library.  This required a bunch of
     apr_name changes for the uri utility functions.  [Justin Erenkrantz]

  *) Move the addition of default AP_HTTP_HTTP_HEADER filters to the
     insert_filter phase so that other filters are not bypassed by default.
     [Graham Leggett]

  *) Reimplement mod_headers as an output filter. mod_headers can now
     add custom headers to inbound requests using the RequestHeader directive
     and to responses using the same old Header directive.  [Graham Leggett]

Changes with Apache 2.0.18

  *) Fix command-line processing so that if a bad argument is specified
     Apache will exit.  [Jeff Trawick]

  *) Change the make targets and rules to be consistent in all of the
     Apache-owned source trees.  [Roy Fielding]
     
  *) Fix processing of the TRACE method.  Previously we passed bogus
     parms to form_header_field() and it overlaid some vhost structures,
     resulting in a segfault in check_hostalias(). 
     [Greg Ames, Jeff Trawick]

  *) Win32: Add support for reliable piped logs. If the logging process
     goes down, Apache will automatically restart it. This function has 
     been part of Apache on Unix/Linux/BSD since the early v1.3 releases.
     [Bill Stoddard]

  *) Do not start piped log processes during the config file 
     preflight.  This change also circumvents a problem on 
     Windows where the rotatelog processes created during preflight
     was not getting cleaned up properly.
     [Bill Stoddard]

  *) add "Request Phase Participation" info to mod_info
     [Doug MacEachern]

  *) Make first phase changes to the scoreboard data structures in
     preparation for the rewriting of the scoreboard per my posted
     design notes. [Paul J. Reder]

  *) Fix httpd's definition of LTFLAGS to be consistent with that of apr
     and apr-util, allow it to be overridden by the configure command-line
     (default="--silent") and introduce LT_LDFLAGS to replace what we were
     formerly abusing as LTFLAGS.  [Roy Fielding]

  *) Clean up the reporting of incorrect closing container tags.
     [Barrie Slaymaker <barries slaysys.com>]

  *) Simplify the configure process by moving all libtool stuff to APR
     and moving hints.m4 inline.  [Roy Fielding]

  *) Add the AP_DECLARE()/AP_CORE_DECLARE macros on the return types
     of functions used by mod_proxy for export in the DLL 
     [Ian Holsman <IanH cnet.com>]

  *) Prevent a hang when a cgi handled by mod_cgid tries to read a
     request body from its stdin but no reqest body is being written to 
     the cgi.  [Jeff Trawick]

  *) mod_log_config: %c connection status incorrectly logged
     as "-" (non-keepalive) when MaxKeepAliveRequests is set to 0.
     [Bill Stoddard]

  *) Get mod_cern_meta working under Windows
     [Bill Stoddard]

  *) Create Files, and thus MMAPs, out of the request pool, not the
     connection pool.  This solves a small resource leak that had us
     not closing files until a connection was closed.  In order to do
     this, at the end of the core_output_filter, we loop through the
     brigade and convert any data we have into a single HEAP bucket
     that we know will survive clearing the request_rec.
     [Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>,
      Cliff Woolley]

  *) Completely revamp configure so that it preserves the standard make
     variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving
     the configure additions to EXTRA_* variables.  Also, allow the user
     to specify NOTEST_* values for all of the above, which eliminates the
     need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM.  Fix the setting
     of INCLUDES and EXTRA_INCLUDES.  Check flags as they are added to
     avoid pointless duplications.  Fix the order in which flags are given
     on the compile and link lines.  Remove obsolete macros APR_DOEXTRA,
     AC_ADD_LIBRARY, AC_CHECK_DEFINE, APACHE_PASSTHRU, and APACHE_ONCE.
     Added APR_SAVE_THE_ENVIRONMENT and APR_RESTORE_THE_ENVIRONMENT macros.
     Renamed AC_TYPE_RLIM_T macro to APACHE_TYPE_RLIM_T.  [Roy Fielding]

  *) Get mod_tls to compile/work better on Windows.  PR #7612
     [Bernhard Schrenk <b.schrenk improx.com>]

  *) Fix shutdown/restart hangs in the threaded MPM.
     [Jeff Trawick, Greg Ames, Ryan Bloom]
  
  *) Removed the keptalive boolean from conn_rec because it is now only
     used by a single routine and can be replaced by a local variable.
     [Greg Stein, Ryan Bloom, Roy Fielding]

  *) Patch prefork to put enough of the signal processing back in so that
     signals are all handled properly now. The previous patch fixed the
     deadlock race condition, but broke the user directed signal handling.
     This fixes it to work the way it did before my previous prefork patch
     (primarily, SIGTERM is now working).
 
  *) Change how input filters decide how much data is returned to the
     higher filter.  We used to use a field in the conn_rec, with this
     change, we use an argument to ap_get_brigade to determine how much
     data is retrieved. [Ryan Bloom]

  *) Fix seg fault at start-up introduced by Ryan's change to enable
     modules to specify their own logging tags. mod_log_config
     registers an optional function, ap_register_log_handler().
     ap_register_log_handler() was being called by http_core before
     the directive hash table was created. This patch creates the
     directive hash table before ap_register_log_handler() is
     registered as an optional function.
     [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]

  *) Add ap_set_int_slot() function
     [John K. Sterling <sterling covalent.net>]

  *) Under certain circumstances, Apache did not supply the
     right response headers when requiring authentication.
     [Gertjan van Wingerde <Gertjan.van.Wingerde cmg.nl>] PR#7114
     (This is a port of the change that went into Apache 1.3.19.)

  *) Allow modules to specify their own logging tags.  This basically
     allows a module to tell mod_log_config that when %x is encountered
     a specific function should be called.  Currently, x can be any single
     character.  It may be more useful to make this a string at some point.
     [Ryan Bloom]

Changes with Apache 2.0.17

  *) If a higher-level filter handles the byterange aspects of a
     request, then the byterange filter should not try to redo the
     work.  The most common case of this happening, is a byterange
     request going through the proxy, and the origin server handles
     the byterange request.  The proxy should ignore it.
     [Graham Leggett <minfrin sharp.fm>]

  *) Changed the threaded mpm to have child_main join to each of the
     worker threads to make sure the kids are all gone before child_main
     exits after a signal (cleanup from perform_idle_server_maintenance).
     This is an extension of Ryans recent commit to make the child_main
     the signal thread.

  *) Add more options to the ap_mpm_query function.  This also allows MPMs to
     report if their threads are dynamic or static.  Finally, this also
     implements a new API, ap_show_mpm, which returns the MPM that was
     required into the core. [Harrie Hazewinkel <harrie covalent.net>]

  *) Do not install the binaries from the support directory twice.
     [jun-ichiro hagino <itojun iijlab.net>]

  *) The ap_f* functions should flush data to the filter that is passed
     in, not the filter after the one passed in.
     [Ryan Morgan <rmorgan covalent.net>]

  *) Make ab work again by changing its native types to apr types and formats.
     [Justin Erenkrantz <jerenkrantz ebuilt.com>]

  *) Move the byterange filter and all of the supporting functions back
     to the HTTP module.  The byterange filter turned out to be very
     HTTP specific, and it belongs in the HTTP module.  [Greg Stein]

  *) Make clean, distclean, and extraclean consistently according to the
     Gnu makefile guidelines.  [Justin Erenkrantz <jerenkrantz ebuilt.com>]

  *) Fix errors in the renaming of the apr_threadattr_detach_xxx functions.
     This may have been causing problems stopping processes in the threaded
     mpm's. [Greg Ames]

  *) Fix content-length in mod_negotiation to a long int representation.
     [William Rowe]

  *) Remove BindAddress from the default config file.
     [<giles nemeton.com.au>]

  *) Allow module authors to add a module to their Apache build using
     --with-module, without re-running buildconf.  The syntax is:
         --with-module=module_type:/path/to/module.c
     The configure script will copy the module.c file to 
     modules/module_type, and it will be added to the relevant Makefiles.
     currently, this only works for static modules.  [Ryan Bloom]

  *) Changes required to make prefork clean up idle children properly.
     There was a window during which a starting worker deadlocks when
     an idle cleanup arrives before it completes init. Apache then keeps
     trying to cleanup the same deadlocked worker forever (until higher
     pids come along, but it still will never reduce below the deadlocked
     pid). Thus the number of children would not reduce to the correct
     idle level. [Paul J. Reder]

Changes with Apache 2.0.16

  *) Change the default installation directory to /usr/local/apache2,
     as now defined by the "Apache" layout in config.layout. [Marc Slemko]

  *) OS/2: Added support for building loadable modules as OS/2 DLLs. 
     [Brian Havard]

  *) Get MaxRequestsPerChild working with the Windows MPM.
     [Bill Stoddard]

  *) Make generic hooks to work, with mod_generic_hook_import/export
     experimental modules.  [Ben Laurie, Will Rowe]

  *) Fix segfaults for configuration file syntax errors such as
     "<Directory>" followed by "</Directory" and
     "<Directory>" followed by "</Directoryz>".  [Jeff Trawick]

  *) Cleanup the --enable-layout option of configure.  This makes
     us use a consistent location for the config.layout file, and it
     makes configure more portable.
     [jun-ichiro hagino <itojun iijlab.net>]

  *) Changes to 'ab'; fixed int overrun's, added statistics, output in
     csv/gnuplot format, rudimentary ssl support and various other tweaks
     to make results more true to what is measured. The upshot of this it
     turns out that 'ab' has often underreported the true performance of
     apache. Often by a order of magnitude :-) See talk/paper of Sander 
     Temme at April ApacheCon 2001 for details.
     [Dirk-Willem van Gulik]

  *) Clean up mod_cgid's temporary request pool.  Besides fixing a
     storage leak this ensures that some unnecessary pipes are closed.
     [Jeff Trawick]

  *) Performance: Add quick_handler hook. This hook is called at the
     very beginning of the request processing before location_walk,
     translate_name, etc.  This hook is useful for URI keyed content
     caches like Mike Abbott's Quick Shortcut Cache.
     [Bill Stoddard]

  *) top_module global variable renamed to ap_top_module [Perl]

  *) Move ap_set_last_modified to the core.  This is a potentially 
     controversial change, because this is kind of HTTP specific.  However
     many protocols should be able to take advantage of this kind of
     information.  I expect that headers will need one more layer of
     indirection for multi-protocol work, but this is a small step in
     the right direction.  [Ryan Bloom]

  *) Enable mod_status by default.  This matches what Apache 1.3 does.
     [Ed Korthof]

  *) Add a ScriptSock directive to the default config file.  This is
     only enabled when mod_cgid is used.  
     [Taketo Kabe <kabe sra-tohoku.co.jp>]

Changes with Apache 2.0.15

  *) Untangled the buildconf script and eliminated the need for build's
     aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other
     libtool muck that is now under srclib/apr/build.  [Roy Fielding]

  *) Win32: Don't accept more connections than we have worker threads
     to handle.
     [Bill Stoddard]

  *) Fix bug in the Unix threaded.c MPM that allowed child processes
     to fork() new child processes. 
     [Bill Stoddard]

  *) SECURITY: Fix a major security problem with double-reverse lookup 
     checking.  Previously, a client connecting over IPv4 would not be 
     matched properly when the server had an IPv6 listening socket.  
     PR #7407   [Taketo Kabe <kiabe sra-tohoku.co.jp>]

  *) Change the way the beos MPM handles polling to allow it to stop and
     restart.  Problem was the sockets being polled were being reset by
     the select call, so once it had accepted a connection it was no
     longer listening on the UDP socket we use for shutdown instructions.
     APR needs to be altered, patch on it's way. [David Reid]

  *) Empty out the brigade shared by ap_getline()/ap_get_client_block()
     on error exit from ap_getline().  Some other code got upset because
     the wrong data was in the brigade.  [Greg Ames, Jeff Trawick]

  *) Handle ap_discard_request_body() being called more than once.
     [Greg Ames, Jeff Trawick]

  *) Get rid of an inadvertent close of file descriptor 2 in
     mod_mime_magic.  [Greg Ames, Jeff Trawick]

  *) Add a hook, create_request.  This hook allows modules to modify
     a request while it is being created.  This hook is called for all
     request_rec's, main request, sub request, and internal redirect.
     When this hook is called, the r->main, r->prev, r->next
     pointers have been set, so modules can determine what kind of
     request this is.  [Ryan Bloom]

  *) Cleanup the build process a bit more.  The Apache configure
     script no longer creates its own helper scripts, it just
     uses APR's.  
     [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]

  *) Stop the forced downgrade of the connection to HTTP/1.0 for
     proxy requests.  [Graham Leggett]

  *) Avoid using sscanf to determine the HTTP protocol number in
     the common case because sscanf is a performance hog. From
     Mike Abbot's Accelerating Apache patch number 6.
     [Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard]

  *) SECURITY: Fix a security exposure in mod_access.  Previously when 
     IPv6 listening sockets were used, allow/deny-from-IPv4-address rules 
     were not evaluated properly (PR #7407).  Also, add the ability to 
     specify IPv6 address strings with optional prefix length on Allow 
     and Deny.  [Jeff Trawick]

  *) Enhance rotatelogs so that a UTC offset can be specified, and
     the logfile name can be formatted using strftime(3).  (Brought
     forward from 1.3.)  [Ken Coar]

  *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling 
     DuplicateHandle on an IOCompletionPort (a practice which
     MS "discourages"). The new model does not rely on associating
     the completion port with the listening sockets, thus the
     completion port can be completely managed within the child 
     process.  A dedicated thread accepts connections off the network,
     then calls PostQueuedCompletionStatus() to wake up worker
     threads blocked on the completion port.
     [Bill Stoddard]

  *) Bring forward the --suexec-umask option which allows the
     builder to preset the umask for suexec processes.  [Ken Coar]

  *) Add a -V flag to suexec, which causes it to display the
     compile-time settings with which it was built.  (Only
     usable by root or the AP_HTTPD_USER username.)  [Ken Coar]

  *) Mod_include should always unset the content-length if the file is
     going to be passed through send_parsed_content.  There is no to
     determine if the content will change before actually scanning the
     entire content.  It is far safer to just remove the C-L as long
     as we are scanning it.  [Ryan Bloom]

  *) Make sure Apache sends WWW-Authenticate during a reverse proxy
     request and not Proxy-Authenticate.
     [Graham Leggett <minfrin sharp.fm>]

Changes with Apache 2.0.14

  *) Fix content-length computation.  We ONLY compute a content-length if
     We are not in a 1.1 request and we cannot chunk, and this is a keepalive
     or we already have all the data.  [Ryan Bloom]

  *) Report unbounded containers in the config file.  Previously, a typo
     in the </container> directive could result in the rest of the config
     file being silently ignored, with undesired defaults used.
     [Jeff Trawick]

  *) Make the old_write filter use the ap_f* functions for the buffering.
     [Ryan Bloom]

  *) Move more code from the http module into the core server.  This
     is core code, basically the default handler, the default input
     and output filters, and all of the core configuration directives.
     All of this code is required in order for the server to work, with or
     without HTTP.  The server is closer to working without the HTTP
     module, although there is still more to do.  [Ryan Bloom]

  *) Fix a number of SGI compile warnings throughout the server.  Fix some
     bad parameters to apr_bucket_read().  Fix a bad statement in 
     ap_method_in_list().  For the mod_rewrite cache use apr_time_t 
     consistently; we were mixing apr_time_t and time_t in invalid ways 
     before.  In load_file(), call apr_dso_error() instead of 
     apr_strerror() so that we get a more specific string on some platforms.
     PR #6980  [Jeff Trawick]

  *) Allow modules to query the MPM about it's execution profile.  This
     query API can and should be extended in the future, but for now,
     max_daemons, and threading or forking is a very good start.
     [Jon Travis <jtravis covalent.net>]

  *) Modify mod_include to send blocks of data no larger than 9k.
     Without this, mod_include will wait until the whole file is parsed,
     or the first tag is found to send any data to the client.
     [Paul J. Reder <rederpj raleigh.ibm.com>]

  *) Fix mod_info, so that <Directory> and <Location> directives are
     not displayed twice when displaying the current configuration.
     [Ryan Morgan <rmorgan covalent.net>]

  *) Add config directives to override DEFAULT_ERROR_MSG and
     DEFAULT_TIME_FORMAT.  This was sent in as PR 6193.
     [Dan Rench <drench xnet.com>]

  *) Get mod_info building and loading on Win32.  [William Rowe]

  *) Begin to move protocol independant functions out of mod_http.  The goal
     is to have only functions that are HTTP specific in the http directory.
     [Ryan Bloom]

Changes with Apache 2.0.13

  *) Don't assume that there will always be multiple calls to the byterange 
     filter.  It is possible that we will need to do byteranges with only
     one call to the filter.  [Ryan Morgan <rmorgan covalent.net>]

  *) Move the error_bucket definition from the http module to the
     core server.  Every protocol will need this ability, not just
     HTTP.  [Ryan Bloom]

Changes with Apache 2.0.12

  *) Modify mod_file_cache to save pre-formatted strings for 
     content-length and last-modified headers for performance. 
     [Mike Abbot <mja trudge.engr.sgi.com>]

  *) Namespace protect IOBUFSIZ since it is exposed in the API.
     [Jon Travis <jtravis covalent.net>]

  *) Use "Basic" authentication instead of "basic" in ab, as the spec
     says we should.  [Andre Breiler <andre.breiler rd.bbc.co.uk>]

  *) Fix a seg fault in mod_userdir.c.  We used to use the pw structure
     without ever filling it out.  This fixes PR 7271.
     [Taketo Kabe <kabe sra-tohoku.co.jp> and 
      Cliff Woolley <cliffwoolley yahoo.com>]

  *) Add a couple of GCC attribute tags to printf style functions.
     [Jon Travis <jtravis covalent.net>]

  *) Add the correct language tag for interoperation with the Taiwanese
     versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142

  *) Migrate the perchild MPM to use the new apr signal child, and 
     APR thread functions.  [Ryan Bloom]

  *) Close one copy of the CGI's stdout before creating the new process.
     The CGI will still have stdout, because we have already dup'ed it.
     This keeps Apache from waiting forever to send the results of a CGI
     process that has forked a long-lived child process.
     [Taketo Kabe <kabe sra-tohoku.co.jp>]

  *) Remove the rest of the pthreads functions from the threaded MPM.
     This requires the APR support for a signal thread that was just
     added.  [Ryan Bloom]

  *) Make mod_dir use a fixup for sending a redirect to the browser.
     Before this, we were using a handler, which doesn't make much
     sense, because the handler wasn't generating any data, it would
     either return a redirect error code, or DECLINED.  This fits the
     current hooks better.  [Ryan Morgan <rmorgan covalent.net>]

  *) Make the threaded MPM use APR threads instead of pthreads.
     [Ryan Bloom]

  *) Get mod_tls to the point where it actually appears to work in all cases.
     [Ben Laurie]

  *) implement --enable-modules and --enable-mods-shared for "all" and
     "most".  [Greg Stein]

  *) Move the threaded MPM to use APR locks instead of pthread locks.
     [Ryan Bloom]

  *) Rename mpmt_pthread to threaded.  This is more in line with the
     fact that mpmt_pthread shouldn't be using pthreads directly, and
     it is a smaller name that doesn't tie into anything.
     [Ryan Bloom]

  *) Rename the module structures so that the exported symbol matches
     the file name, and it is easier to automate the installation
     process (generating LoadModule directives from the module filenames).
     [Martin Kraemer]

  *) Remove the coalesce filter.  With the ap_f* functions, this filter
     is no longer needed. [Ryan Bloom]

Changes with Apache 2.0.11

  *) Remove the dexter MPM.  Perchild is the same basic idea, but it has the
     added feature of allowing a uid/gid per child process.  If no
     uid/gid is specified, then Perchild behaves exactly like dexter.
     [Ryan Bloom]

  *) Get perchild building again. [Ryan Bloom]

  *) Don't disable threads just because we are using the prefork MPM.
     If somebody wants to compile without threads, they must now add
     --disable-threads to the configure command line.  [Ryan Bloom]

  *) Begin to move the calls to update_child_status into common code, so
     that each individual MPM does not need to update the scoreboard itself.
     [Ryan Bloom]

  *) Allow mod_tls to compile under Unix boxes where openssl has been
     installed to the system include files.
     [Gomez Henri <new-httpd slib.fr>]

  *) Cleanup the mod_tls configure process.  This should remove any need
     to hand-edit any files.  We require OpenSSL 0.9.6 or later, but 
     configure doesn't check that yet.  [Ryan Bloom]

  *) Add a very early prototype of SSL support (in mod_tls.c). It is
     vital that you read modules/tls/README before attempting to build
     it. [Ben Laurie]

  *) Fix a potential seg fault on all platforms.  David Reid fixed this
     on BEOS, but the problem could happen anywhere, so we don't want
     to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>]
 
  *) Add new LogFormat directive, %D, to log time it takes to serve a
     request in microseconds. [Bill Stoddard]

  *) Change AddInputFilter and AddOutputFilter to SetInputFilter and
     SetOutputFilter.  This corresponds nicely with the other Set 
     directives, which operate on containers while the Add* directives
     tend to work directly on extensions.  [Ryan Bloom]

  *) Cleanup the header handling a bit.  This uses the apr_brigade_*
     functions for the buffering so that we don't need to compute
     the length of the headers before we actually create the header
     buffer.  [Ryan Bloom]

  *) Allow filters to buffer data using the ap_f* functions.  These have
     become macros that resolve directly to apr_brigade_*.  
     [Ryan Bloom]

  *) Get the Unix MPM's to do a graceful restart again.  If we are going
     to register a cleanup with ap_cleanup_scoreboard, then we have to
     kill the cleanup with the same function,  and that function can't be
     static.  [Ryan Bloom]

  *) Install all required header files.  Without these, it was not
     possible to compile some modules outside of the server.
     [Ryan Bloom]

  *) Fix the AliasMatch directive in Apache 2.0.  When we brought a patch
     forward from 1.3 to 2.0, we missed a single line, which broke regex
     aliases.  [Ryan Bloom]

  *) We have a poor abstraction in the protocol.  This is a temporary
     hack to fix the bug, but it will need to be fixed for real.  If
     we find an error while sending out a custom error response, we back
     up to the first non-OK request and send the data.  Then, when we send
     the EOS from finalize_request_protocol, we go to the last request,
     to ensure that we aren't sending an EOS to a request that has already
     received one.  Because the data is sent on a different request than
     the EOS, the error text never gets sent down the filter stack.  This
     fixes the problem by finding the last request, and sending the data
     with that request.  [Ryan Bloom]

  *) Make the server status page show the correct restart time, and
     thus the proper uptime. [Ryan Bloom]

  *) Move the CGI creation logic from mod_include to mod_cgi(d).  This
     should reduce the amount of duplicate code that is required to
     create CGI processes.
     [Paul J. Reder <rederpj raleigh.ibm.com>]

  *) ap_new_connection() closes the socket and returns NULL if a socket
     call fails.  Usually this is due to a connection which has been 
     reset.  [Jeff Trawick]

  *) Move the Apache version information out of httpd.h and into release.h.
     This is in preparation for the first tag with the new tag and release
     system.  [Ryan Bloom]

  *) Begin restructuring scoreboard code to enable adding back in
     the ability to use IPC other than shared memory.
     Get mod_status working on Windows again. [Bill Stoddard]

  *) Make mod_status work with 2.0.  This will work for prefork,
     mpmt_pthread, and dexter.  [Ryan Bloom]

  *) Correct a typo in httpd.conf.
     [Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154 

  *) Really fix mod_rewrite map lookups this time. [Tony Finch]

  *) Get the correct IP address if ServerName isn't set and we can't
     find a fully-qualified domain name at startup.
     PR#7170 [Danek Duvall <dduvall eng.sun.com>]

  *) Make mod_cgid work with SuExec.  [Ryan Bloom]

  *) Adopt apr user/group name features for mod_rewrite.  Eliminates some
     'extra' stat's for user/group since they should never occur, and now
     resolves the SCRIPT_USER and SCRIPT_GROUP, including on WinNT NTFS
     volumes.  [William Rowe]

  *) Adopt apr features to simplify mod_includes.  This changes the
     behavior of the USER_NAME variable, unknown uid's are now reported
     as USER_NAME="<unknown>" rather than the old user#000 result.
     WinNT now resolves USER_NAME on NTFS volumes.  [William Rowe]

  *) Adopt apr features for simplifing mod_userdir, and accept the new
     Win32/OS2 exceptions without hiccuping.  [William Rowe]

  *) Replace configure --with-optim option by using and saving the
     environment variable OPTIM instead.  This is needed because configure
     options do not support multiple flags separated by spaces.
     [Roy Fielding]

  *) Fix some byterange handling.  If we get a byte range that looks like
     "-999999" where that is past the end of the file, we should return 
     a PARTIAL CONTENT status code, and return the whole file as one big
     byterange.  This matches the 1.3 handling now.  [Ryan Bloom]

  *) Make the error bucket a real meta-data bucket.  This means that the
     bucket length is 0, and a read returns NULL data.  If one of these
     buckets is passed down after the headers are sent, this data will
     just be ignored.  [Greg Stein]

  *) The prefork MPM wasn't killing child processes correctly if a restart
     signal was received while the process was serving a request.  The child
     process would become the equivalent of a second parent process.  If
     we break out of the accept loop, then we need to do die after cleaning
     up after ourselves.  [Ryan Bloom]

  *) Change the Prefork MPM to use SIGWINCH instead of SIGUSR1 for graceful
     restarts.  [Ryan Bloom]

  *) Modify the apr_stat/lstat/getfileinfo calls within apache to use
     the most optimal APR_FINFO_wanted bits.  This spares Win32 from
     performing very expensive owner, group and permission lookups
     and allows the server to function until these apr_finfo_t fields
     are implemented under Win32.  [William Rowe]

  *) Support for typedsafe optional functions - that is functions exported by
     optional modules, which, therefore, may or may not be present, depending
     on configuration. See the experimental modules mod_optional_fn_{ex,im}port
     for sample code. [Ben Laurie]

  *) filters can now report an HTTP error to the server.  This is done
     by sending a brigade where the first bucket is an error_bucket.
     This bucket is a simple bucket that stores an HTTP error and
     a string.  Currently the string is not used, but it may be needed
     to output an error log.  The http_header_filter will find this
     bucket, and output the error text, and then return 
     AP_FILTER_ERROR, which informs the server that the error web page
     has already been sent.  [Ryan Bloom]

  *) If we get an error, then we should remove all filters except for
     those critical to serving a web page.  This fixes a bug, where
     error pages were going through the byterange filter, even though
     that made no sense.  [Ryan Bloom]

  *) Relax the syntax checking of Host: headers in order to support
     iDNS. PR#6635 [Tony Finch]

  *) Cleanup the byterange filter to use the apr_brigade_partition
     and apr_bucket_copy functions.  This removes a lot of very messy
     code, and hopefully makes this filter more stable.
     [Ryan Bloom]

  *) Remove AddModule and ClearModuleList directives.  Both of these
     directives were used to ensure that modules could be enabled
     in the correct order.  That requirement is now gone, because
     we use hooks to ensure that modules are in the correct order.
     [Ryan Bloom]

  *) When SuExec is specified, we need to add it to the list of
     targets to be built.  If we don't, then any changes to the
     configuration won't affect SuExec, unless 'make suexec' is
     specifically run.  [Ryan Bloom]

  *) Cleaned out open_file from mod_file_cache, as apr now accepts
     the APR_XTHREAD argument to open a file for consumption by
     parallel threads on win32.  [William Rowe]

  *) Correct a bug in determining when we follow symlinks.  The code
     expected a stat -1 result, not an apr_status_t positive error.
     Also check if the APR_FINFO_USER fields are valid before we
     follow the link.  [William Rowe]

  *) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to
     mpm_common.c.  These functions are only valid on some platforms,
     so they should not be in the main-line code. [Ryan Bloom]

  *) Remove ap_chdir_file().  This function is not thread-safe,
     and nobody is currently using it.  [Ryan Bloom]

  *) Do not try to run make depend if there are no .c files in the
     current directory, doing so makes `make depend` fail.
     [Ryan Bloom]

   *) Update highperformance.conf to work with either prefork or
      pthreads mpms.  [Greg Ames] 

  *) Stop checking to see if this is a pipelined request if we know
     for a fact that it isn't.  Basically, if r->connection->keepalive == 0.
     This keeps us from making an extra read call when serving a 1.0
     request.  [Ryan Bloom and Greg Stein]

  *) Fix the handling of variable expansion look-ahead in mod_rewrite,
     i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of
     more complicated nested RewriteMap lookups. PR#7087 [Tony Finch]

  *) Fix the RFC number mentioned when complaining about a missing
     Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>]

  *) Fix an endless loop in ab which occurred when ab was posting
     and the server dropped the connection unexpectedly.
     [Jeff Trawick]

  *) Fix a segfault while handling request bodies in ap_http_filter().  
     This problem has been seen with mod_dav usage as well as with 
     requests where the body was just being discarded.  [Jeff Trawick]

  *) Some adjustment on the handling and automatic setting (via
     hints.m4) of various compilation flags (eg: CFLAGS). Also,
     add the capability to specify flags (NOTEST_CFLAGS and
     NOTEST_LDFLAGS) which are used to compile Apache, but
     not used during the configuration process. Useful for
     flags like "-Werror". [Jim Jagielski]

  *) Stop using environment variables to force debug mode or
     no detach.  We now use the -D command line argument to 
     specify the correct mode.  -DONE_PROCESS and -DNO_DETACH.
     [Greg Stein, Ryan Bloom]

  *) Change handlers to use hooks. [Ben Laurie]

  *) Stop returning copies of filenames from both apr_file_t and
     apr_dir_t.  We pstrdup the filenames that we store in the
     actual structures, so we don't need to pstrdup the strings again.
     [Ryan Bloom]

  *) mod_cgi: Fix some problems where the wrong error value was being
     traced.  [Jeff Trawick]

  *) EBCDIC: Fix some missing ASCII conversion on some protocol data.
     [Jeff Trawick]

  *) Add generic hooks. [Ben Laurie]

  *) Use a real pool to dup the error log descriptor.  [Ryan Bloom]

  *) Fix a segfault caused by mod_ext_filter when the external filter 
     program does not exist. [Jeff Trawick]

  *) Fix an output truncation error when on an HTTP >= 1.0 request an
     object of size between DEFAULT_BUCKET_SIZE and AP_MIN_BYTES_TO_WRITE 
     was served through mod_charset_lite (or anything else that would
     create a transient bucket in this size range).  ap_bucket_make_heap()
     silently failed (fixed), transient_setaside() discovered it, but
     ap_save_brigade() ignored it (fixed). [Jeff Trawick]
     
  *) Ignore \r\n or \n when using PEEK mode for input filters.  The problem
     is that some browsers send extra lines at the end of POST requests, and
     we don't want to delay sending data back to the user just because the
     browser isn't well behaved. [Ryan Bloom]

  *) Get SuEXEC working again.  We can't send absolute paths to suExec
     because it refuses to execute those programs.  SuEXEC also wasn't
     always recognizing configuration changes made using the autoconf
     setup.  [Ryan Bloom]

  *) Allow the buildconf process to find the config.m4 files in the correct
     order.  Basically, we can now name config.m4 files as config\d\d.m4,
     and we will sort them correctly when inserting them into the build
     process.  [Ryan Bloom]

  *) Get mod_cgid to use apr calls for creating the actual CGI process.
     This also allows mod_cgid to use ap_os_create_priviledged_process,
     thus allowing for SuExec execution from mod_cgid.  Currently, we do
     not support everything that standard SuExec supports, but at least
     it works minimally now. [Ryan Bloom]

  *) Allow SuExec to be configured from the ./configure command line.
     [Ryan Bloom]

  *) Update some of the docs in README and INSTALL to reflect some of
     the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>]

  *) If we get EAGAIN returned from the call to apr_sendfile, then we
     need to call sendfile again.  This gets us serving large files
     such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom]

  *) Get the support programs building cleanly again.
     [Cliff Woolley <cliffwoolley yahoo.com>]

  *) The Apache/Win32 Apache.exe and dll's now live in bin.  The 
     current directory logic now backs up over bin/ to determine the
     server root from the Apache.exe path.

  *) Apache/Win32 now follows the standard conventions of mod_foo.so
     loadable modules, dynamic libs are all named libfoo.dll, and the
     makefile.win populates the include, lib and libexec directories.

  *) Apache is now IPv6-capable.  On systems where APR supports IPv6,
     Apache gets IPv6 listening sockets by default.  Additionally, the
     Listen, NameVirtualHost, and <VirtualHost> directives support IPv6
     numeric address strings (e.g., "Listen [fe80::1]:8080").
     [Jeff Trawick]

  *) Modify the install directory layout.  Modules are now installed in
     modules/.  Shared libraries should be installed in libraries/, but
     we don't have any of those on Unix yet.  All install directories
     are modifyable at configure time. [Ryan Bloom]

  *) Install all header files in the same directory on Unix. [Ryan Bloom]

  *) Get the functions in server/linked into the server, regardless of
     which modules linked into the server.  This uses the same hack 
     for Apache that we use for APR and apr-util to ensure all of the
     necessary functions are linked.  As a part of thise, the CHARSET_EBCDIC
     was renamed to AP_CHARSET_EBCDIC for namespace protection, and to make
     the scripts a bit easier.
     [Ryan Bloom]

  *) Rework the RFC1413 handling to make it thread-safe, use a timeout
     on the query, and remove IPv4 dependencies.  [Jeff Trawick]

  *) Get all of the auth modules to the point that they will install and
     be loadable into the server.  Our new build/install mechanism expects
     that all modules will have a common name format.  The auth modules 
     didn't use that format, so we didn't install them properly.
     [Ryan Bloom]

  *) API routines ap_pgethostbyname() and ap_pduphostent() are no longer
     available.  Use apr_getaddrinfo() instead.  [Jeff Trawick]

  *) Get "NameVirtualHost *" working in 2.0.  [Ryan Bloom]

  *) Return HTTP_RANGE_NOT_SATISFIABLE if the every range requested starts
     after the end of the response. [Ryan Bloom]

  *) Get byterange requests working with responses that do not have a
     content-length.  Because of the way byterange requests work, we have to
     have all of the data before we can actually do the byterange, so we
     can compute the content-length in the byterange filter.
     [Ryan Bloom]

  *) Get exe CGI's working again on Windows.
     [Allan Edwards]

  *) Get mod_cgid and mod_rewrite to work as DSOs by changing the way
     they keep track of whether or not their  post config hook has been
     called before.  Instead of a static variable (which is replaced when 
     the DSO is loaded a second time), use userdata in the process pool.
     [Jeff Trawick]

Changes with Apache 2.0a9

  *) Win32 now requires perl to complete the final install step for users
     to build + install on Win32.  Makefile.win now rewrites @@ServerRoot@
     and installs the conf, htdocs and htdocs/manual directories.
     [William Rowe]

  *) Make mod_include use a hash table to associate directive tags with
     functions.  This allows modules to implement their own SSI tags easily.
     The idea is simple enough, a module can insert it's own tag and function
     combination into a hash table provided by mod_include.  While mod_include
     parses an SSI file, when it encounters a tag in the file, it does a
     hash lookup to find the function that implements that tag, and passes
     all of the relevant data to the function.  That function is then
     responsible for processing the tag and handing the remaining data back
     to mod_include for further processing.
     [Paul J. Reder <rederpj raleigh.ibm.com>]

  *) Get rid of ap_new_apr_connection().  ap_new_connection() now has 
     fewer parameters: the local and remote socket addresses were removed
     from the parameter list because all required information is available
     via the APR socket.  [Jeff Trawick]

  *) Distribution directory structure reorganized to reflect a
     normal source distribution with external install targets.
     [Roy Fielding]

  *) The MPMs that need multiple segments of shared memory now create
     two apr_shmem_t variables, one for each shared memory allocation.
     the problem is that we can't determine how much memory will be required
     for shared memory allocations once we try to allocate more than one
     variable.  The MM code automatically aligns the shared memory allocations,
     so we end up needing to pad the amount of shared memory we want based
     on how many variables will be allocated out of the shared memory segment.
     It is just easier to create a second apr_shmem_t variable, and two
     shmem memory blocks.
     [Ryan Bloom]

  *) Cleanup the export list a bit.  This creates a single unified list of
     functions exported by APR.  The export list is generated at configure
     time, and that list is then used to generate the exports.c file.
     Because of the way the export list is generated, we only export those
     functions that are valid on the platform we are building on.
     [Ryan Bloom]

  *) Enable logging the cookie with mod_log_config
     [Sander van Zoest <sander covalent.net>]

  *) Fix a segfault in mod_info when it reaches the end of the configuration.
     [Jeff Trawick]

  *) Added lib/aputil/ as a placeholder for utility functions which are not
     specific to the Apache HTTP Server (but do not make sense with APR).
     The first utility is "apu_dbm": a set of functions to work with DBM
     files. This first version can be compiled for SDBM or GDBM databases.
     [Greg Stein]

  *) Complete re-write of mod_include.  This makes mod_include a filter that
     uses buckets directly.  This has now served the FAQ correctly.
     [Paul Reder <rederpj raleigh.ibm.com>]

  *) Allow modules to specify the first filter in a sub_request when
     making the sub_request.  This keeps modules from having to change the
     output_filter immediately after creating the sub-request, and therefore
     skip the sub_req_output_filter.  [Ryan Bloom]

  *) Update ab to accept URLs with IPv6 literal address strings (in the
     format described in RFC 2732), and to build Host header fields in
     the same format.  This allows IPv6 literal address strings to be
     used with ab.  This support has been tested against Apache 1.3 with 
     the KAME patch, but Apache 2.0 does not yet work with this format
     of the Host header field.  [Jeff Trawick]

  *) Accomodate an out-of-space condition in the piped logs and the
     rotatelogs.c code, and no longer churn log processes for this
     condition.  [Victor J. Orlikowski]

  *) Add support for partial writes with apr_sendfile() to core_output_filter.
     [Greg Ames] 

Changes with Apache 2.0a8

  *) Add a directive to mod_mime so that filters can be associated with
     a given mime-type.
     [Ryan Bloom]

  *) Get multi-views working again.  We were setting the path_info
     field incorrectly if we couldn't find the specified file.
     [Ryan Bloom]

  *) Fix 304 processing.  The core should never try to send the headers
     down the filter stack.  Always, just setup the table in the request
     record, and let the header filter convert it to data that is ready
     for the network.
     [Ryan Bloom]

  *) More fixes for the proxy.  There are still bugs in the proxy code,
     but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP)
     successfully.
     [Ryan Bloom]

  *) Fix params for apr_getaddrinfo() call in connect proxy handler.
     [Chuck Murcko]

  *) APR: Add new apr_getopt_long function to handle long options.
     [B. W. Fitzpatrick <fitz red-bean.com>]

  *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname.
     Add generic apr_create_socket().  Add apr_getaddrinfo() for doing
     hostname resolution/address string parsing and building
     apr_sockaddr_t.  Add apr_get_sockaddr() for getting the address
     of one of the apr_sockaddr_t structures for a socket.  Change
     apr_bind() to take apr_sockaddr_t.  [David Reid and Jeff Trawick]

  *) Remove the BUFF from the HTTP proxy.  This is still a bit ugly, but
     I have proxied pages with it, cleanup will commence soon.
     [Ryan Bloom]

  *) Make the proxy work with filters.  This isn't perfect, because we
     aren't dealing with the headers properly.  [Ryan Bloom]

  *) Do not send a content-length iff the C-L is 0 and this is a head
     request.  [Ryan Bloom]

  *) Make cgi-bin work as a regular directory when using mod_vhost_alias
     with no VirtualScriptAlias directives. PR#6829 [Tony Finch]

  *) Remove BUFF from the PROXY connect handling. [Ryan Bloom]

  *) Get the default_handler to stop trying to deal with HEAD requests.
     The idea is to let the content-length filter compute the C-L before
     we try to send the data.  If we can get the C-L correctly, then we
     should send it in the HEAD response.
     [Ryan Bloom]
     
  *) The Header filter can now determine if a body should be sent based
     on r->header_only.  The general idea of this is that if we delay
     deciding to send the body, then we might be able to compute the
     content-length correctly, which will help caching proxies to cache
     our data better.  Any handler that doesn't want to try to compute
     the content-length can just send an EOS bucket without data and
     everything will just work.
     [Ryan Bloom]

  *) Add the referer to the error log if one is available.
     [Markus Gyger <mgyger itr.ch>]

  *) Mod_info.c has now been ported to Apache 2.0.  As a part of this
     change, the root of the configuration tree has been exposed to modules
     as ap_conftree.
     [Ryan Morgan <rmorgan covalent.net>]

  *) Get the core_output_filter to use the bucket interface directly.
     This keeps us from calling the content-length filter multiple times
     for a simple static request.
     [Ryan Bloom]

  *) We are sending the content-type correctly now.
     [Ryan Bloom and Will Rowe]

  *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report
     a bogus bytes-sent value when the only thing being sent was trailers
     and writev() returned an error (or EAGAIN).  [Jeff Trawick]

  *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again.  This uses the
     hints file to determine which platforms define 
     SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
     [Ryan Bloom]

  *) APR: add apr_get_home_directory()  [Jeff Trawick]

  *) Initial import of 1.3-current mod_proxy. [Chuck Murcko]

  *) Not all platforms have INADDR_NONE defined by default.  Apache
     used to make this check and define INADDR_NONE if appropriate,
     but APR needs the check too, and I suspect other applications will
     as well.  APR now defines APR_INADDR_NONE, which is always a valid
     value on all platforms.
     [Branko Čibej <brane xbc.nu>]

  *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824.
     [Shuichi Kitaguchi <ki hh.iij4u.or.jp>] 

  *) Relax the syntax checking of Host: headers in order to support
     iDNS. PR#6635 [Tony Finch]

  *) When reading from file buckets we convert to an MMAP if it makes
     sense.  This also simplifies the default handler because the
     default handler no longer needs to try to create MMAPs.
     [Ryan Bloom]

  *) BUFF has been removed from the main server.  The BUFF code will remain
     in the code until it has been purged from the proxy module as well.
     [Ryan Bloom]

  *) Byteranges have been completely re-written to be a filter.  This
     has been tested, and I believe it is working correctly, but it could
     doesn't work for the Adobe Acrobat plug-in.  The output almost matches
     the output from 1.3, the only difference being that 1.3 includes
     a content-length in the response, and this does not.
     [Ryan Bloom]

  *) APR read/write functions and bucket read functions now operate
     on unsigned integers, instead of signed ones.  It doesn't make
     any sense to use signed ints, because we return the error codes,
     so if we have an error we should report 0 bytes read or written.
     [Ryan Bloom]

  *) Always compute the content length, whether it is sent or not.
     The reason for this, is that it allows us to correctly report
     the bytes_sent when logging the request.  This also simplifies
     content-length filter a bit, and fixes the actual byte-reporing
     code in mod_log_config.c
     [Ryan Bloom]

  *) Remove AP_END_OF_BRIGADE definition.  This does not signify what
     it says, because it was only used by EOS and FLUSH buckets.  Since
     neither of those are required at the end of a brigade, this was
     really signifying FLUSH_THE_DATA, but that can be determined better
     by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH.  EOS and FLUSH
     buckets now return a length of 0, which is actually the amount of data
     read, so they make more sense.
     [Ryan Bloom]

  *) Allow the core_output_filter to save some data past the end of a
     request.  If we get an EOS bucket, we only send the data if it 
     makes sense to send it.  This allows us to pipeline request
     responses.  As a part of this, we also need to allocate mmap
     buckets out of the connection pool, not the request pool.  This
     allows the mmap to outlive the request.
     [Ryan Bloom]

  *) Make blocking and non-blocking bucket reads work correctly for
     sockets and pipes.  These are the only bucket types that should
     have non-blocking reads, because the other bucket types should
     ALWAYS be able to return something immediately.
     [Ryan Bloom]

  *) In the Apache/Win32 console window, accept Ctrl+C to stop the 
     server, but use Ctrl+Break to initiate a graceful restart 
     instead of duplicating behavior. [John Sterling]

  *) Patch mod_autoindex to set the Last-Modified header based on
     the directory's mtime, and add the ETag header.  [William Rowe]

  *) Merge the 1.3 patch to add support for logging query string in 
     such a way that "%m %U%q %H" is the same as "%r".
     [Bill Stoddard]

  *) Port three log methods from mod_log_config 1.3 to 2.0: 
     CLF compliant '-' byte count, method and protocol.
     [Bill Stoddard]

  *) Add a new LogFormat directive, %c, that will log connection
     status at the end of the response as follows:
     'X' - connection aborted before the response completed.
     '+' - connection may be kept-alive by the server.
     '-' - connection will be closed by the server.
     [Bill Stoddard]

  *) Expand APR for WinNT to fully accept and return utf-8 encoded
     Unicode file names and paths for Win32, and tag the Content-Type 
     from mod_autoindex to reflect that charset if the feature
     macro APR_HAS_UNICODE_FS is true.  [William Rowe]

  *) Compute the content length (and add appropriate header field) for
     the response when no content length is available and we can't use 
     chunked encoding.  [Jeff Trawick]

  *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK,
     so that content input filters get dechunked data when using
     the default handler. Also removed REQUEST_CHUNKED_PASS.
     [Sascha Schumann]
     
  *) Add mod_ext_filter as an experimental module.  This module allows
     the administrator to use external programs as filters.  Currently,
     only filtering of output is supported.  [Jeff Trawick]

  *) Most Apache functions work on EBCDIC machines again, as protocol
     data is now translated (again).  [Jeff Trawick]

  *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of
     the EBCDIC support.  They are noops on ASCII machines, so this
     type of translation doesn't have to be surrounded by #ifdef
     CHARSET_EBCDIC.  [Jeff Trawick]

  *) Fix mod_include.  tag commands work again, and the server will
     send the FAQ again.  This also allows mod_include to set aside
     buckets that include partial buckets.
     [Ryan Bloom and David Reid]

  *) Add suexec support back.  [Manoj Kasichainula]

  *) Lingering close now uses the socket directly instead of using
     BUFF.  This has been tested, but since all we can tell is that it
     doesn't fail, this needs to be really hacked on.
     [Ryan Bloom]

  *) Allow filters to modify headers and have those headers be sent to
     the client.  The idea is that we have an http_header filter that
     actually sends the headers to the network.  This removes the need
     for the BUFF to send headers.
     [Ryan Bloom]

  *) Charset translation: mod_charset_lite handles translation of
     request bodies.  Get rid of the xlate version of ap_md5_digest()
     since we don't compute digests of filtered (e.g., translated) 
     response bodies this way anymore.  (Note that we don't do it at
     all at the present; somebody needs to write a filter to do so.)
     [Jeff Trawick]

  *) Input filters and ap_get_brigade() now have a input mode parameter 
     (blocking, non-blocking, peek) instead of a length parameter.
     [hackathon]

  *) Update the mime.types file to the registered media types as
     of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp home.net>,
     Tony Finch]

  *) Namespace protect some macros declared in ap_config.h
     [Ryan Bloom]

  *) Support HTTP header line folding with input filtering.
     [Greg Ames]

  *) Mod_include works again.  This should still be re-written, but at
     least now we can serve an SHTML page again.
     [Ryan Bloom]

  *) Begin to remove BUFF from the core.  Currently, we keep a pointer
     to both the BUFF and the socket in the conn_rec.  Functions that
     want to use the BUFF can, functions that want to use the socket,
     can.  They point to the same place.
     [Ryan Bloom]

  *) apr_psprintf doesn't understand %lld as a format.  Make it %ld.
     [Tomas Ögren <stric ing.umu.se>]

  *) APR pipes on Unix and Win32 are now cleaned up automatically when the 
     associated pool goes away.  (APR pipes on OS/2 were already had this
     logic.)  This resolvs a fatal file descriptor leak with CGIs.  
     [Jeff Trawick]

  *) The final line of the config file was not being read if there was
     no \n at the end of it.  This was caused by apr_fgets returning 
     APR_EOF even though we had read valid data.  This is solved by
     making cfg_getline check the buff that was returned from apr_fgets.
     If apr_fgets return APR_EOF, but there was data in the buf, then we
     return the buf, otherwise we return NULL.
     [Ryan Bloom]

  *) Piped logs work again in the 2.0 series.
     [Ryan Bloom]

  *) Restore functionality broken by the mod_rewrite security fix:
     rewrite map lookup keys and default values are now expanded
     so that the lookup can depend on the requested URI etc.
     PR #6671 [Tony Finch]

  *) SECURITY: Tighten up the syntax checking of Host: headers to fix a
     security bug in some mass virtual hosting configurations
     that can allow a remote attacker to retrieve some files
     on the system that should be inaccessible. [Tony Finch]

  *) Add a pool bucket type.  This bucket is used for data allocated out
     of a pool.  If the pool is cleaned before the bucket is destroyed, then
     the data is converted to a heap bucket, allowing it to survive the
     death of the pool.
     [Ryan Bloom]

  *) Add a flush bucket.  This allows modules to signal that the filters
     should all flush whatever data they currently have.  There is no way
     to actually force them to do this, so if a filter ignores this bucket,
     that's life, but at least we can try with this.
     [Ryan Bloom]

  *) Add an output filter for sub-requests.  This filter just strips the
     EOS bucket so that we don't confuse the main request's core output
     filter by sending multiple EOS buckets.  This change also makes sub
     requests start to send EOS buckets when they are finished.
     [Ryan Bloom]

  *) Make ap_bucket_(read|destroy|split|setaside) into macros.  Also
     makes ap_bucket_destroy a return void, which is okay because it
     used to always return APR_SUCCESS, and nobody ever checked its
     return value anyway.
     [Cliff Woolley <cliffwoolley yahoo.com>]

  *) Remove the index into the bucket-type table from the buckets
     structure.  This has now been replaced with a pointer to the
     bucket_type.  Also add some macros to test the bucket-type.
     [Ryan Bloom]

  *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
     for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
     and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
     All _VAR_ flavors changes to _DATA to be absolutely clear.
     [William Rowe]

  *) Add support for /, //, //servername and //server/sharename 
     parsing of <Directory> blocks under Win32 and OS2.
     [Tim Costello, William Rowe, Brian Harvard]

  *) Remove the function pointers from the ap_bucket type.  They have been
     replaced with a global table.  Modules are allowed to register bucket
     types and use then use those buckets.
     [Ryan Bloom]

  *) mod_cgid: In the handler, shut down the Unix socket (only for write) 
     once we finish writing the request body to the cgi child process; 
     otherwise, the client doesn't hit EOF on stdin.  Small request bodies 
     worked without this change (for reasons I don't understand), but large 
     ones didn't.  [Jeff Trawick]

  *) Remove file bucket specific information from the ap_bucket type.
     This has been moved to a file_bucket specific type that hangs off
     the data pointer in the ap_bucket type.
     [Ryan Bloom]

  *) Input filtering now has a third argument.  This is the amount of data
     to read from lower filters.  This argument can be -1, 0, or a positive
     number.  -1 means give me all the data you have, I'll deal with it and
     let you know if I need more.  0 means give me one line and one line
     only.  A positive number means I want no more than this much data.

     Currently, only 0 and a positive number are implemented.  This allows
     us to remove the remaining field from the conn_rec structure, which
     has also been done.
     [Ryan Bloom] 
    
  *) Big cleanup of the input filtering.  The goal is that http_filter
     understands two conditions, headers and body.  It knows where it is
     based on c->remaining.  If c->remaining is 0, then we are in headers,
     and http_filter returns a line at a time.  If it is not 0, then we are
     in body, and http_filter returns raw data, but only up to c->remaining
     bytes.  It can return less, but never more.
     [Greg Ames, Ryan Bloom, Jeff Trawick]

  *) mod_cgi: Write all of the request body to the child, not just what
     the kernel would accept on the first write.  [Jeff Trawick]

  *) Back out the change that moved the brigade from the core_output_filters
     ctx to the conn_rec.  Since all requests over a given connection
     go through the same core_output_filter, the ctx pointer has the
     correct lifetime.
     [Ryan Bloom]

  *) Fix another bug in the send_the_file() read/write loop. A partial
     send by apr_send would cause unsent data in the read buffer to
     get clobbered. Complete making send_the_file handle partial
     writes to the network.
     [Bill Stoddard]

  *) Fix a couple of type fixes to allow compilation on AIX again
     [Victor J. Orlikowski <v.j.orlikowski gte.net>]

  *) Fix bug in send_the_file() which causes offset to be ignored
     if there are no headers to send.
     [Bill Stoddard]

  *) Handle APR_ENOTIMPL returned from apr_sendfile in the core
     filter. Useful for supporting Windows 9* with a binary
     compiled on Windows NT.
     [Bill Stoddard]

Changes with Apache 2.0a7

  *) Reimplement core_output_filter to buffer/save bucket brigades
     across multiple calls to the core_filter. The brigade will be
     sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE
     thresholds are hit or the EOS bucket is received.
     [Bill Stoddard]

  *) Create experimental filter (buffer_filter) that coalesces bytes 
     into one large buffer before invoking the next filter in the
     chain. This filter is particularly useful with the current 
     implementation of mod_autoindex when it inserted above the
     chunk_filter. mod_autoindex generates a lot of brigades that
     containing buckets holding just a few bytes each. The
     buffer_filter coalesces these buckets into a single large bucket.
     [Bill Stoddard]

  *) Add apr_sendfile() support into the core_output_filter.
     [Bill Stoddard]

  *) Add apr_sendv() support into the core_output_filter.
     [Bill Stoddard]

  *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS
     [Mike Abbott <mja sgi.com>]

  *) Remove ap_send_fb.  This is no longer used in Apache, and it doesn't
     make much sense, because Apache uses buckets instead of BUFFs now.
     [Ryan Bloom]

  *) send_the_file now falls back to a read/write loop on platforms that
     do not have sendfile.
     [Ryan Bloom and Brian Havard]

  *) Install apachectl correctly, and substitute the proper values so
     that it works again.  [Ryan Bloom]

  *) Better(??) handle platforms that lack sendfile().
     [Jim Jagielski]

  *) APR now has UUID generation/formatting/parsing support.
     [Greg Stein]

  *) Begin the http_filter.  This is an input filter that understands
     the absolute basic amount required to parse an HTTP Request.  The
     goal is to be able to split headers from request body before passing
     the data back to the other filters.
     [Ryan Bloom]

  *) Bring forward from 1.3.13 the config directory implementation
     [Jim Jagielski]

  *) install apxs if it is created
     [Ryan Bloom]

  *) Added APR_IS_STATUS_condition test macros to eliminate canonical error
     conversions.  [William Rowe]

  *) Now that we have ap_add_input_filter(), rename ap_add_filter() to 
     ap_add_output_filter().  [Jeff Trawick]

  *) Multiple build and configuration fixes
    Build process:

      -add datadir and localstatedir substitutions
      -fix layout name
      -fix logfilename misspelling
      -fix evaluation of installation dir variables and
      -replace $foobar by $(foobar) to be usefull in the makefile
    
    Cross compile:
    
      -add rules for cross-compiling in rules.mk. Okay, rule to check for
       $CC_FOR_BUILD is still missing
      -use CHECK_TOOL instead of CHECK_PROG for ranlib
      -add missing "AR=@AR@" to severaly Makefile.in's
      -cache result for "struct rlimit"
      -compile all helper programs with native and cross compiler
       and use the native version to generate header file
     [Rüdiger Kuhlmann <Tadu gmx.de>]

  *) Prepare our autoconf setup for autoconf 2.14a and for cross-
     compiling.
     [Rüdiger Kuhlmann <Tadu gmx.de>]

  *) Fix a bug where a client which only sends \n to delimit header
     lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED 
     message.  Start working on ebcdic co-existance with input 
     filtering.
     [William Rowe, Greg Ames]

  *) If mod_so is enabled in the server always create libexec, even
     if there are no modules installed in this directory.  This is a
     requirement for APXS to work correctly.
     [Ryan Bloom]

  *) Connection oriented output filters are now stored in the 
     conn_rec instead of the request_rec.  This allows us to add the
     output filter in the pre-connection phase instead of the
     post_read_request phase, which keeps us from trying to write an
     error page before we have a filter to write to the network.
     [Ryan Bloom, Jeff Trawick, and Greg Ames]

  *) Cleaning up an mmap bucket no longer deletes the mmap.  An
     mmap can be used across multiple buckets (default_handler with
     byte ranges, mod_file_cache, mod_mmap_static), so cleanup of
     the mmap itself can't be associated with the bucket.
     [Jeff Trawick]

  *) Add .dll caching directive ISAPICacheFile to mod_isapi.
     [William Rowe]

  *) Radical surgery to improve mod_isapi support under Win32.
     Includes a number of newer ServerSupportFunction calls, support
     for ReadClient (in order to retrieve POSTs greater than 48KB),
     and general bug fixes to more reliably load ISAPI .dll's and
     prevent leaking handle resources.  Note: There are still 
     discrepancies between IIS's and Apache's ServerVariables, and
     async calls are still not supported.  Additional warnings are
     logged to facilitate debugging of unsupported ISAPI calls.
     [William Rowe]

  *) Add input filtering to Apache.  The basic idea for the input
     filters is the same as the ideas for output filters.  The biggest
     difference is that instead of calling ap_pass_brigade, ap_get_brigade
     should be called, and the order of execution for the filter itself is
     different.  When writing an output filter, a brigade is passed in,
     and filters operate directly on that brigade, when done, they call
     ap_pass_brigade.  Input filters are the exact opposite.  Because input
     is not a push operation, filters first call ap_get_brigade.  When this
     function returns, the input filter will be left with a valid brigade.
     The input filter should then operate on the brigade, and return.
     [Ryan Bloom]

  *) Fix building on BSD/OS using its native make. The build system
     falls back to the BSD .include directive on that host platform.
     [Sascha Schumann]

  *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
     SHA1 and plaintext password encodings.  Make feature tests a
     bit more flexible.  [William Rowe]

  *) Charset translation: mod_charset_lite handles output content 
     translation in a filter.  mod_charset_lite no longer ignores 
     subrequests.  A bunch of cruft related to BUFF's support for
     translating request and response bodies was removed.  
     [Jeff Trawick]

  *) Move the addition of the CORE filter to the post_read_request
     hook in http_core.c.  This removes the need to add the filter in
     multiple places and allows for an SSL module to be added much
     simpler. [Ryan Bloom]

  *) SECURITY: CVE-2000-0913 (cve.mitre.org)
     Fix a security problem that affects certain configurations of
     mod_rewrite. If the result of a RewriteRule is a filename that
     contains expansion specifiers, especially regexp backreferences
     $0..$9 and %0..%9, then it may be possible for an attacker to
     access any file on the web server. [Tony Finch]

  *) Fix a bug where errors that are detected during early request parsing
     don't produce visible HTTP error messages at the browser, because
     the core_filter wasn't present.  [Greg Ames]

  *) Provide apr_socklen_t as a portability aid. 
     [Victor  J. Orlikowski]

  *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
     as well as a comment arg to the add, adduser and update cmds.
     update allows the user to clear or preserve pw/groups/comment.
     Fixed a bug in dbmmanage that prevented the check option from 
     parsing a password followed by :group... text.  Corrected the
     seed calcualation for Win32 systems, and added -lsdbm support.
     [William Rowe]

  *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
     [William Rowe]

  *) Avoid a segfault when parsing .htaccess files.  An 
     uninitialized tree pointer was passed to ap_build_config().
     [Jeff Trawick]

  *) Change the way that inet_addr & inet_network are checked for
     in APR's configure process to allow BeOS BONE to correctly
     find them. With this change BeOS BONE now builds from source
     with no problems.  [David Reid]

  *) Fix a bug in apr_create_process() for Unix.  The NULL signifying
     the end of the parameters to execve() was stored in the wrong
     location, overlaying the storage beyond the newargs[] array and 
     also passing uninitialized storage to execve(), which would 
     sometimes fail with EFAULT.  [Jeff Trawick]

  *) Fix a bug parsing configuration file containers.  With a sequence
     like this in the config file

       <IfModule mod_kilroy.c>
       any stuff
       </IfModule>
       <IfModule mod_lovejoy.c>
       (blank line)
       any stuff
       </IfModule>

     the second container would be terminated at the blank line due to
     sediment in the buffer from reading the prior </IfModule> and an 
     error message would be generated for the real </IfModule> for the
     second container.  Also due to this problem, any two characters 
     could be used for "</" in the close of a container.  
     [Jeff Trawick]

  *) ap_add_filter prototype changed to remove the ctx pointer.  The
     pointer still remains in the filter structure, but it can not be
     a part of the ap_add_filter prototype.  The reason is that when
     the core uses AddFilter to add a filter to the stack it doesn't
     know how to allocate the ctx pointer, or even how much memory should
     be allocated.  The filters will have to be responsible for allocating
     the ctx memory when they need it.
     [Ryan Bloom]

  *) Add an AddFilter directive.  This directive takes a list of filters
     that should be activated for the requested resource.
     [Ryan Bloom]

  *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
     some other platforms).  [Jeff Trawick]

  *) Modify mod_include to be a filter.  Currently, it has only been tested
     on actual files, but it should work for CGI scripts too.
     [Ryan Bloom]

  *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
     writes.  apr_flush() for Unix: handle interrupted writes.
     [Jeff Trawick]

  *) NameVirtualHost can now take "*" as an argument instead of
     an IP address. This allows you to create a purely name-based
     virtual hosting server that does not have any IP addresses in
     the configuration file and which ignores the local address
     of any connections. PR #5595, PR #4455 [Tony Finch]

  *) Fix some compile warnings in mod_mmap_static.c
     [Mike Abbott <mja sgi.com>]

  *) Fix chunking problem with CGI scripts.  The general problem was that
     the CGI modules were adding an EOS bucket and then the core added an
     EOS bucket.  The chunking filter finalizes the chunked response when it
     encounters an EOS bucket.  Because two EOS buckets were sent, we
     finalized the response twice.  The fix is to make sure we only send one
     EOS, by utilizing a flag in the request_rec.
     [Ryan Bloom]

  *) apr_put_os_file() now sets up the unget byte appropriately on Unix
     and Win32.  Previously, the first read from an apr_file_t set up via
     apr_put_os_file() would return a '\0'.  [Jeff Trawick]

  *) Mod_cgid now creates a single element bucket brigade, with a pipe
     bucket, instead of using BUFF's and ap_r*.
     [Ryan Bloom]

  *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
     [Mike Abbott <mja sgi.com>]

  *) Remove ap_bopenf from buff code.  This required modifying the file_cache
     code to use APR file's directly instead of going through BUFFs.
     [Ryan Bloom]

  *) Fix compile break on some platforms for mod_mime_magic.c
     [John K. Sterling <sterling covalent.net>]

  *) Fix merging of AddDefaultCharset directive.
     PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>]

  *) Minor revamp of the rlimit sections of code. We now test
     explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
     is now "available" even if the platform doesn't support
     the rlimit family (it's just a noop though). [Jim Jagielski]

  *) Migrate the pre-selection of which MPM to use for specific
     platforms to hints.m4, which contains (or should contain)
     all platform specific "hints". [Jim Jagielski]

  *) Remove IOLs from Apache.  With filtering, IOLs are no longer necessary
     [Ryan Bloom]

  *) Add tables with non-string/binary values to APR.
     [Ken Coar]

  *) Fix some bad calls to ap_log_rerror() in mod_rewrite. 
     [Jeff Trawick]

  *) Update PCRE to version 3.2.  [Ryan Bloom]

  *) Change the way buckets' destroy functions are called so that
     they can be more directly used when changing the type of a
     bucket in place. [Tony Finch]

  *) Add generic support for reference-counting the resources used by
     buckets, and alter the HEAP and MMAP buckets to use it. Change
     the way buckets are initialised to support changing the type of
     buckets in place, and use it when setting aside TRANSIENT buckets.
     Change the implementation of TRANSIENT buckets so that it can be
     mostly shared with IMMORTAL buckets, which are now implemented.
     [Tony Finch]

Changes with Apache 2.0a6

  *) Add support to Apache and APR for dsos on OS/390.  [Greg Ames]

  *) Add a chunking filter to Apache.  This brings us one step closer
     to removing BUFF. [Ryan Bloom]

  *) ap_add_filter now adds filters in a LIFO fashion.  The first filter
     added to the stack is the last filter to be called.  [Ryan Bloom]

  *) Apache 2.0 has been completely documented using Scandoc.  The
     docs can be generated by running 'make docs'.  [Ryan Bloom]

  *) Add filtered I/O to Apache.  This is based on bucket brigades,
     Currently the buckets still use BUFF under the covers, but that
     should change quickly.  The only currently written filter is the
     core filter which just calls ap_bwrite.  [The Apache Group]

  *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
     built with thread support.  [Jeff Trawick]

  *) Abort configuration if --with-layout was specified and there's
     no layout definition file.  [Ken Coar]

  *) Add support for '--with-port=n' option to configure.  [Ken Coar]

  *) Add support for extension methods for the Allow response header
     field, and an API routine for accessing r->allowed and the
     list of extension methods in a unified manner.  [Ken Coar]

  *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
     [Rob Simonson <simo us.ibm.com>]

  *) Get xlate builds working again.  The apr renaming in 2.0a5 broke
     APACHE_XLATE builds.  [Jeff Trawick]

  *) A configuration file parsing problem was fixed.  When the 
     configuration file started with an IfModule/IfDefine container, 
     only the last statement in the container would be retained.  
     [Jeff Trawick]

Changes with Apache 2.0a5

  *) Perchild is serving pages after passing them to different child
     processes.  There are still a lot of bugs, but this does work.  I
     have made requests against the same installation of Apache, and had
     different servers use different user IDs to serve the responses.
     This change moves to using socketpair instead of an AF_UNIX socket.
     [Ryan Bloom]

  *) Perchild MPM still doesn't work perfectly, but it is serving pages.
     It can't seem to pass between child processes yet, but I think we
     are closer now than before.  This moves us back to using Unix
     Domain Sockets.  [Ryan Bloom]

  *) libapr functions and types renamed with apr_ prefix.
     #include "apr_compat.h" for 1.3.x backwards compat
     [Perl]

  *) Fix problems with APR sockaddr handling on Win32.  It didn't always
     return the right information on the local socket address.
     [Gregory Nicholls <gnicholls level8.com>]

  *) ap_recv() on Win32: Set bytes-read to 0 on error.  
     [Gregory Nicholls <gnicholls level8.com>]

  *) Add an option to not detach from the controlling terminal without
     going into single process mode.  This allows for much easier
     debugging of the process startup code. [Ryan Bloom]

  *) ab: don't use perror() to report the failure of an APR function.
     [Jeff Trawick]

  *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
     scoreboard on graceful restarts.
     [Ryan Bloom]

  *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
     An invalid ap_proc_t was passed to ap_create_process().
     [Jeff Trawick]

  *) Allow modules to register filters.  Those filters are still
     never called, but this is a step in the right direction.
     [Ryan Bloom and Greg Stein]

  *) Register the mod_cgid daemon process for cleanup so that it is
     killed at termination if it does not die when the parent gets
     SIGTERM.  This change is to fix occasional problems where the
     process stays around.  Bugs in similar logic in mod_rewrite and
     mod_include were also fixed.  [Jeff Trawick]

  *) Fix a bug in the time handling.  Basically, we were imploding a time
     in ap_parseHTTPdate, but it had bogus data in the exploded time format.
     Namely, tm_usec and tm_gmtoff were not filled out.  ap_implode_time
     uses those two fields to adjust the time value.  Because of the HTTP
     spec, both of those values can be zero'ed out safely.  This fixes
     the bug correctly.  [Ryan Bloom]

  *) Fix a couple of place in the Windows code where the wrong error
     code was being returned. [Gregory Nicholls <gnicholls level8.com>]

  *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]

  *) Added the APR_EOL_STR macro for platform dependent differences in 
     logfiles and other raw text (such as all APR files).  Fixes logfiles
     not terminated with cr/lf sequences in Win32.  [William Rowe]

  *) Move all strings functions in APR to src/lib/apr/strings and create
     apr_strings.h for the prototypes. [Ryan Bloom]

  *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
     to repeat the syscall until we stop getting EINTR.  I noticed a
     related problem at termination (SIGTERM) on FreeBSD when using
     fcntl().  Apache 1.3 had these new loops too.  Also, make the flock() 
     implementation work properly with child init.  Previously, ap_lock()
     was essentially a no-op because all children were using different
     locks and thus nobody ever blocked.  [Jeff Trawick]

  *) The htdocs/ tree has been moved out of the CVS source tree into
     a separate area for easier development.  This has NO EFFECT on
     end-users or Apache installations.  [Ken Coar]

  *) Integrate the mod_dav module for WebDAV protocol handling. This
     adds the dav and dav_fs modules, the SDBM library, and additional
     XML handling utilities. [Greg Stein]

  *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
     [Greg Stein]

  *) Update the lib/expat-lite/ library (bring forward changes from
     the Apache 1.3 repository). [Greg Stein]

  *) If sizeof(long long) == sizeof(long), then prefer long in APR
     configure.in.  [Dave Hill <ddhill zk3.dec.com>]

  *) Add ap_sendfile for Tru64 Unix.  Also, add an error message for
     machines where sendfile is detected, but nobody has written ap_sendfile.
     [Dave Hill <ddhill zk3.dec.com>]

  *) Compile fixes in mod_mmap_static.  [Victor J. Orlikowski]

  *) ab would start up more connections than needed, then quit when the
     desired number were finished. Also fixed a logic error involving
     ab keepalives.  [Victor J. Orlikowski]

  *) WinNT: Implement non-blocking pipes with timeouts to communicate
     with CGIs. Apache 2.0a4 had non-blocking pipes but without 
     timeouts (i.e, if a timeout was specified, the pipe reverted to
     a full blocking pipe). Now the behaviour is more in line with
     Unix non-blocking pipes.
     [Bill Stoddard]

  *) WinNT: Implement accept socket reuse. Using mod_file_cache to
     cache open file handles along with accept socket reuse enables
     Apache 2.0 to serve non-keepalive requests for static files at
     3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
     and Apache 2.0 will serve almost 1200 rps on my system).
     [Bill Stoddard]

  *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
     supports two config directives, mmapfile (same behavious as
     mod_mmap_static) and cachefile. Use the cachefile directive
     to cache open file handles. This directive only works on systems
     that have implemented the ap_sendfile API. cachefile works today
     on Windows NT, but has not been tested on any flavors of Unix.
     [Bill Stoddard]

  *) Cleanup the configuration.  With the last few changes the
     configuration process automatically:
         inherits information about how to build from APR.  Allowing
         APR to inform Apache that it should or should not use -ldl
        
         Detects which mod_cgi should be used mod_cgi or mod_cgid,
         based on the threading model

         Apache calls APR's configure process before finishing it's
         configuration processing, allowing for more information flow
         between the two.
     [Ryan Bloom]
         

  *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
     with non-zero argument makes the socket non-blocking.  BeOS and
     OS/2 already worked this way.  [Jeff Trawick]

  *) ap_close() now calls ap_flush() for buffered files, so write
     operations work a whole lot better on buffered files.
     [Jeff Trawick]

  *) Fix error messages issued from MPMs which explain where to change
     compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
     [Greg Ames]

  *) ap_create_pipe() now leaves pipes in blocking state.  (This helps 
     reduce the number of syscalls on Unix.)  ap_set_pipe_timeout() is
     now the way that the blocking state of a pipe is manipulated.
     ap_block_pipe() is gone.  [Jeff Trawick]

  *) Correct the problem where the only local host name that the IP stack
     can discover are 'undotted' private names.  If no fully qualified
     domain name can be identified, the default ServerName will be set to
     the machine's IP address string. A warning is always provided if the
     ServerName not specified, but assumed.  Solves PR6215 [William Rowe]

  *) Repair problems with config file processing which caused segfault
     at init when virtual hosts were defined and which caused ServerName to
     be ignored when there was no valid DNS setup.  [Jeff Trawick]

  *) Removed pointless ap_is_aborted macro function. [Roy Fielding]

  *) Add ap_sendfile implementation for AIX
     [Victor J. Orlikowski]

  *) Repair C++ compatibility in ap_config.h, apr_file_io.h, 
     apr_network_io.h, and apr_thread_proc.h.  
     [Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick]

  *) Bring the allocation and pool debugging code back into a working
     state.  This will need to be tested as so far it's only been used on
     BeOS. [David Reid]

  *) Change configuration command setup to be properly typesafe when in
     maintainer mode. Note that this requires a compiler that can initialise
     unions. [Ben Laurie]

  *) Turn on buffering for config file reads.  Part of this was to
     repair buffered I/O support in Unix and implement buffered
     ap_fgets() for all platforms.  [Brian Havard, Jeff Trawick]

  *) Win32: Fix problem where UTC offset was not being set correctly
     in the access log. Problem reported on news group by Jerry Baker.
     [Bill Stoddard]

  *) Fix segfault when reporting this type of syntax error:
     "</container> without matching <container> section", where
     container is VirtualHost or Directory or whatever.
     [Jeff Trawick]

  *) SECURITY: CVE-2000-1204 (cve.mitre.org)
     Prevent the source code for CGIs from being revealed when 
     using mod_vhost_alias and the CGI directory is under the document root
     and a user makes a request like http://www.example.com//cgi-bin/cgi
     as reported in <news:960999105.344321 ernani.logica.co.uk>
     [Tony Finch]

  *) Add support for the new Beos NetwOrking Environment (BONE)
     [David Reid]

  *) xlate: ap_xlate_conv_buffer() now tells the caller when the
     final input char is incomplete; ap_bwrite_xlate() now handles
     incomplete final input chars.  [Jeff Trawick]

  *) Yet another update to saferead/halfduplex stuff -- need to ensure
     that a bhalfduplex call occurs before logging or else DNS and
     such can delay the last packet of the response.  [Dean Gaudet]

  *) Some syscall reduction in APR on unix -- don't seek when setting
     up an mmap; and don't fcntl() more than once per socket.
     [Dean Gaudet]

  *) When mod_cgid is started as root, the cgi daemon now switches 
     to the configured User/Group (like other httpd processes) 
     instead of continuing as root.  [Jeff Trawick]

  *) The prefork MPM now uses an APR lock for the accept() mutex.
     It has not been getting a lock at all recently.  httpd -V now 
     displays APR's selection of the lock mechanism instead of the 
     symbols previously respected by prefork.  [Jeff Trawick]

  *) Change the mmap() feature test to check only for existence.
     The previous check required features not used by Apache.
     [Greg Ames]

  *) Fix a couple of bugs in mod_cgid:  The cgi arguments were
     sometimes mangled.  The len parm to accept() was not 
     initialized, leading sometimes to an endless loop of failed
     accept() calls on OS/390 and anywhere else that failed the call
     if the len was negative.  Use <sys/un.h> for struct sockaddr_un
     instead of declaring it ourselves to fix a compilation problem
     on Solaris.  [Jeff Trawick]

  *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]

  *) Fix zombie process problem with mod_cgi.  [Jeff Trawick]

  *) Port mod_mmap_static to 2.0.  Make it go faster.  [Greg Ames]

  *) Fix storage overlay when loading dsos.  Symptom: Apache dies at
     initialization if ALLOC_DEBUG is defined; no known symptom 
     otherwise.  [Jeff Trawick]

  *) Fix typo in configure script when checking for mod_so.  bash
     doesn't seem to have a problem but /bin/sh on Solaris does.
     Symptom: "./configure: test: unknown operator =="
     [Jeff Trawick]
   
  *) Rebind the Win32 NT and 9x services control into the MPM.  
     All console, WinNT SCM and Win9x pseudo-service control code is
     now wrapped within the WinNT MPM.
     [William Rowe]

  *) Make a copy of getenv("PATH") before storing for later use.  Some
     getenv() implementations use the same storage for successive calls.
     CGIs on OS/390 had a bad PATH due to this.  [Jeff Trawick]

  *) Server Tokens work in 2.0 again.  This also propogates the change
     to allow just the product name in the server string using
     PRODUCT_ONLY.
     [Ryan Bloom]

Changes with Apache 2.0a4

  *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
     won't need to call it.  [Greg Ames, Jeff Trawick]

  *) Move pre_config hook call to between configuration read and config
     tree walk.  This allows all modules to implement pre_config hooks
     and know that they will be called at an appropriate time.
     [Ryan Bloom] 

  *) mod_cgi, mod_cgid: Make ScriptLog directive work again.  
     [Jeff Trawick]

  *) Add pre-config hooks back to all modules.
     [Ryan Bloom]

  *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
     ContentDigest enabled and we can't/don't mmap the file. 
     [Jeff Trawick]

  *) We now report the correct line number for syntax errors in config
     files.  [Ryan Bloom, Greg Stein, Jeff Trawick]

  *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
     related bugs, and changed shmem/locking to use apr API. Shared-mem
     is currently disabled, however, because of problems with graceful
     restarts. [Ronald Tschalär]

  *) Fix corruption of IFS variable in --with-module= handling.  
     Depending on the user's shell or customization thereof, there 
     would be errors generating ap_config_auto.h later in the configure
     procedure.  [Jeff Trawick]

  *) mod_cgi: Restore logging of stderr from child process when ScriptLog 
     isn't used (as in 1.3), except that on Unix it is now logged via 
     ap_log_rerror() instead of by the child having STDERR_FILENO refer
     to the error log.  [Greg Ames, Jeff Trawick]

  *) Add '-D' argument processing for run time configuration defines.
     [William Rowe]

  *) Organize http_main.c as independent code, such that no code or
     global data is exported from it.  WIN32 will dynamically link it
     to the server core, so this will prevent mutual dependency.
     [William Rowe]

  *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
     and APR_VAR_EXPORT to correctly resolve apr functions and globals.
     [William Rowe]

  *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
     [William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>]

  *) Add mod_charset_lite for configuring character set translation.
     [Jeff Trawick]

  *) Add '-n' option to htpasswd to make it print its user:pw record
     on stdout rather than having to frob a text file.  [Ken Coar]

  *) Fix saferead.  Basically, we flush the output buffer if a read on the
     input will block.
     [Ryan Bloom]
 
  *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
     a conversion is single-byte only. [Jeff Trawick]

  *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
     the BeOS 5.0 documentation says that shutdown doesn't work yet.
     [Roy Fielding]

  *) Fix some minor errors where pid was being manipulated as an int
     instead of the portable pid_t.  [Roy Fielding]

  *) Fix some error log prints that were printing the pointer to a
     structure rather than the pid within the structure.
     [Jeff Trawick, Roy Fielding]

  *) ab: Fix a command-line processing bug; track bad headers in 
     err_response; support reading headers up to 2K. 
     [Ask Bjoern Hansen <ask valueclick.com>]

  *) Fix ap_resolve_env() so that it handles new function added in a prior
     alpha (see "Added the capability to do ${ENVVAR} constructs in the
     config file.") as well as the constructs used by mod_rewrite.
     [Paul Reder <rederpj raleigh.ibm.com>]

  *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]

  *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
     APR to perform translation, instead of accessing the hard-coded tables
     in 1.3's ebcdic.c. [Jeff Trawick]

  *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing. 
     [Jeff Trawick]

  *) Add the ability to hook into the config file reading phase.  Basically
     if a directive is specified EXEC_ON_READ, then when that directive is
     read from the config file, the assocaited function is executed.  This
     should only be used for those directives that must muck with HOW the
     server INTERPRETS the config.  This should not be used for directives
     that re-order or replace items in the config tree.  Those changes should
     be made in the pre-config step.
     [Ryan Bloom]

  *) Add mod_example to the build system.
     [Tony Finch]

  *) APR: Add ap_xlate_conv_byte() to convert one char between single-
     byte character sets. [Jeff Trawick]

  *) Pick up various EBCDIC fixes from 1.3 (from Martin
     Kraemer and Oliver Reh originally according to the change log).
     [Jeff Trawick]

  *) Fix a couple of problems in RFC1413 support (controlled by the
     IdentityCheck directive).  Apache did not build the request string
     properly and more importantly Apache would loop forever if the 
     would-be ident server dropped the connection before sending a
     properly terminated response. [Jeff Trawick]

  *) apxs works in 2.0.
     [Ryan Bloom]

  *) Reliable piped logs work in 2.0.
     [Ryan Bloom]

  *) Introduce a hash table implementation into APR to be used for
     replacing tables and other random data structures in Apache.
     [Tony Finch]

  *) Add some more error reporting to htpasswd in the case of problems
     generating or accessing the temporary file.  Also, pass in a
     buffer if the implementation knows how to use it (i.e., if L_tmpnam
     is defined).  [Ken Coar]

  *) Configure creates config.nice now containing your configure
     options. Syntax: ./config.nice [--more-options]
     [Sascha Schumann]

  *) Fix various return code problems in APR on Win32.  For most of
     these, APR was returning APR_EEXIST instead of GetLastError()/
     WSAGetLastError().  [Jeff Trawick]

  *) Make piped logs work again in version 2.0
     [Ryan Bloom]

  *) Add VPATH support to UNIX build system of Apache and APR.
     [Sascha Schumann]

  *) Fix ap_tokenize_to_argv to respect the const arguments that are
     passed to it.
     [Ryan Bloom]

  *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
     Patch submitted to author.
     [Sascha Schumann]

  *) Fix mm configuration on Solaris 8 x86 and OS/390.  Don't require
     /sbin in PATH on FreeBSD (all submitted to rse previously) 
     [Jeff Trawick]

  *) Fix building Pthread-based MPMs on OpenBSD
     [Sascha Schumann] PR#26

  *) Fix ap_readdir() problem on systems where d_name[] field in
     struct dirent is declared with only one byte.  (This problem only 
     affected multithreaded builds.)  This caused a segfault during
     pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at 
     least). [Jeff Trawick]

  *) Fix some make-portability problems on at least Tru64, Irix
     and UnixWare.
     [Sascha Schumann] PR#18, PR#39

  *) Add ap_sigwait() to support old-style sigwait() on systems
     like OS/390 and UnixWare.
     [Sascha Schumann] 

  *) Add POSIX-thread flags for more platforms.
     [Sascha Schumann]

  *) Fix some minor bugs in ap_strerror().  Teach ap_strerror()
     (on Unix, at least) to handle resolver errors.  Fix a bug in
     the definition of APR_ENOMEM so that ap_strerror() can spit
     out the correct error message for it.
     [Jeff Trawick]

Changes with Apache 2.0a3

  *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
     [Doug MacEachern]

  *) API: *HOOK* macros now have an AP_ prefix
     [Doug MacEachern]

  *) Win32: Eliminate redundant calls to initialize winsock.
     [Tim Costello <timcostello ozemail.com.au>]

  *) Fix bugs initializing ungetchar for pipes. 
     [Chia-liang Kao <clkao CirX.ORG>]

  *) The ab program in the src/support directory is now portable using
     APR.
     [Ryan Bloom]

  *) Support directory is being compiled when the server is built
     [Ryan Bloom]

  *) The configure option --with-program-name has been added to allow
     developers to rename the executable at configure time.  This also
     changes the name of the config files to match the executable's name.
     [Ryan Bloom]

  *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
     containing version numbers. [Martin Pool]

  *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
     Unix; access_log and error_log now created with these perms; non-
     Unix is unaffected [Jeff Trawick]
     
  *) Finished move of ap_md5 routines to apr_md5.  Removed ap_md5.h.
     Replaced more magic numbers with MD5_DIGESTSIZE.
     [William Rowe, Roy Fielding]

  *) Win32: Get mod_auth_digest compiling and added to the Windows
     build environment. Not tested and I'd be suprised if it 
     actually works. [Bill Stoddard]

  *) Revamp the Win32 make environment. Makefiles have been removed and
     Apache.dsw created to bring together all the pieces. Create new file
     os/win32/BaseAddr.ref to define module base addresses (to prevent
     dll relocation at start-up).
     [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]

  *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3.  This replaces most
     of the \015, \012, and \015\012 constants with macros.
     [Greg Ames]
     
  *) Add ap_xlate_open() et al for translation of text between different 
     character sets.  The initial implementation requires iconv().
     [Jeff Trawick]

  *) More FAQs and answers from comp.infosystems.www.servers.unix.
     [Joshua Slive <slive finance.commerce.ubc.ca>]

  *) CGI output is being timed out now.
     [Ryan Bloom]

  *) Fix the problem with dieing quietly.  dupfile now takes a pool which
     is used by the new apr file.  There is no reason to create a new file
     with the same lifetime as the original file.
     [Ryan Bloom] 

  *) Win32: Attempt to eliminate dll relocation at start-up by specifying
     module base addresses. This will help shooting seg faults
     in the field. [William Rowe <wrowe lnd.com>]

  *) Update Apache on Windows documentation. Add new document
     describing how to compile Apache on Windows.
     [William Rowe <wrowe lnd.com>]

  *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take 
     microseconds instead of seconds.  Some storage leaks and other
     minor bugs in related code were fixed.  [Jeff Trawick]

  *) Win32: First cut at getting mod_isapi working under 2.0
     [William Rowe <wrowe lnd.com>]

  *) First stab at getting mod_auth_digest working under 2.0
     quick change summary:
     - moved the random byte generation (ap_generate_random_bytes) into APR
     - now uses ap_time_t
     - compiles and runs on linux
     - tested with amaya
     [Brian Martin <bmartin penguincomputing.com>]

  *) Win32: Move the space stripping of physical service names
     fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
     unresolved symbol. Add dependency checking to the
     CreateService call to ensure TCPIP and AFP (winsock) is started
     before Apache.
     [William Rowe <wrowe lnd.com>]

  *) Win32: Add code to perform latebinding on functions that may
     not exist on all levels of Windows where Apache runs. This
     is needed to allow Apache to start-up on Win95/98. All calls
     to non portable functions should be protected with
     ap_oslevel checks to prevent runtime segfaults. 
     [William Rowe <wrowe lnd.com>]

  *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]

  *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]

  *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
     This addresses PR 1623. Still need to address timing out runaway
     CGI scripts. [Bill Stoddard]
 
  *) Win32: Make ap_stat Windows 95/98 friendly
     [William Rowe <wrowe lnd.com>]                                            

  *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to 
     always fail. Need to initialise the dwOSVersionInfoSize member of the 
     OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx 
     always fails. 

     The patch also enhances ap_get_oslevel (and the associated enum) to 
     handle selected service packs for NT4, and adds recognition for 
     Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then 
     we can use ReadFileScatter and WriteFileGather in readwrite.c. 
     [Tim Costello <Tim.Costello BTFinancialgroup.com>]

  *) Get mod_rewrite building and running, and mod_status building for Win NT
     [Allan Edwards <ake raleigh.ibm.com>]

  *) Patch to port mod_auth_db to the 2.0 api and also to support 
     Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and 
     2.7.7.  It should work with version 1 as well but I haven't tested it.  
     [Brian Martin <bmartin penguincomputing.com>]

  *) Get APR DSO code working under Windows. Includes cross platform
     fixes to mod_so.c.
     [<Tim.Costello BTFinancialgroup.com>]

  *) Fix some of the Windows APR time functions.
     [William Rowe]

  *) FAQ changes related to tidying up historical documents on the web site.
     [Joshua Slive <slive finance.commerce.ubc.ca>]

  *) Move Windows DSO code into APR.
     [Bill Stoddard]

  *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
     Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
     at build time. At this point, the server will not compile on Windows because
     of the recent DSO commits. Fixing those next.
     [Bill Rowe & Bill Stoddard]

  *) Added error checking for file I/O APR routines.
     [Jon Travis <jtravis covalent.net>]

  *) APR: Don't use the values of resolver error codes for the 
     corresponding APR error codes.  On Unix and Win32, return the 
     proper APR error code after a resolver error. [Jeff Trawick]

Changes with Apache 2.0a2

  *) Renamed the executable back to httpd on all platforms other 
     than Win32
     [Ryan Bloom]

  *) Allow BeOS to survive restarts, log properly and a few
     small things it had problems with due to the way it setup
     users and groups. [David Reid]

  *) Get mod_rewrite working with APR locks
     [Paul Reder <rederpj raleigh.ibm.com>]

  *) Actually remove the sempahore when the lock cleanup routine
     is called on BeOS. [David Reid]

  *) Clear hook registrations between reads of the config file.
     When DSOs are unloaded and re-loaded the old hook pointers may
     no longer be valid. This fix eliminates potential segfaults.
     [Allan Edwards <ake raleigh.ibm.com>]

  *) Fix a problem with Sigfunc not being defined or bypassed
     if sigaction() wasn't found. [Jim Jagielski]

  *) Fix the locking mechanism on BSD variants.  They now use fcntl
     locks.  This allows the server to start and serve pages.
     [Ryan Bloom]

  *) First cut at getting the Win32 installer to work
     [William Rowe <wrowe lnd.com>]

  *) Get htpasswd compiling under Windows
     [William Rowe <wrowe lnd.com>]

  *) Change the log message for a bind() failure to show the
     interface and port number. [Jeff Trawick]

  *) Import the documentation from 1.3.12 and bring parts of it
     up-to-date with respect to the changes that have occurred
     in 2.0.
     [Tony Finch]

  *) BeOS MPM updated.  CGI bug on BeOS fixed.  IP addresses
     now logged correctly on BeOS.
     [David Reid]

  *) Create one makefile for all Win32 distributions (NT/2000/95/98).
     Makefile.win includes the same user interface as the old 
     Makefile.nt 
     [William Rowe <wrowe lnd.com>, Jeff Trawick <trawick us.ibm.com>]

  *) Win32 exec now uses COMSPEC environment string for command 
     shell path resolution.
     [William Rowe <wrowe lnd.com>] PR#3715

  *) Win32: ap_connect() was not returning correct error condition
     PR5866
     [Allen Prescott <allen clanprescott.com>]

  *) Win32: ap_open() was broken on Win9x because an NT-specific
     flag was passed to CreateFile.  ap_puts() added an unnecessary
     '\n'.
     [Jeff Trawick <trawick us.ibm.com>]

  *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
     which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
     confusing ee/et name and made all extensions language/dialect
     rather than country reflecting. Changed example files to
     explicit reflect the ISO charset and added a few common 
     ones to the example config [dirkx]

  *) Extend external module capability.  To use this, you call
     configure with --with-module=path/to/mod1,path/to/mod2,etc.
     [Ryan Bloom]

  *) Backported the various "default charset" fixes from 1.3.12,
     including the AddDefaultCharset directive. [Jim Jagielski]

  *) Added the capability to do ${ENVVAR} constructs in the
     config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
     it does this on a line by line basis; i.e. if the envvar
     expands to something with spaces you have to protect it
     by adding quotes around it (Unless of course you expect it
     to contains more than one argument. Alternatively you
     can compile it on a per token basis; which is what people
     usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
     hampers fancier hacks.
     [Dirk-Willem van Gulik]

  *) Changed the 'ErrorDocument' syntax in that it NO longer
     supports the asymetric

                ErrorDocument 301 "Some message

     Note the opening " quote, without a closing quote. It now
     has either the following syntaxes

                ErrorDocument XXX /local/uri
                ErrorDocument XXX http://valid/url
                ErrorDocument XXX "Some Message"

     The recognition heuristic is: if it has a space it
     is a message. If it has no spaces and starts with a /
     or is a valid URL then treat it that way. Otherwise it
     is assumed to be a message.

     This breaks backward compatibility but makes live a hell
     of a lot easier for GUI's and config file parsers.
     [Dirk-Willem van Gulik]

  *) Changed 'CacheNegotiatedDocs' from its present/not-present
     syntax into a 'on' or 'off' syntax. As it currently is the
     only non nesting token which uses NO_ARGS and thus is an
     absolute pain for any config interface automation. This
     breaks backward compatibility. [Dirk-Willem van Gulik]

  *) Add ability to add external modules to the build process.  This is
     done with --with-module=/path/to/module.  Modules can only be added
     as static modules at this point.
     [Ryan Bloom]

Changes with Apache 2.0a1

  *) Fix FreeBSD 3.3 core dump.
     Basically, ap_initialize() needs to get called before 
     create_process(), since create_process() passes op_on structure
     to semop() to get a lock, but op_on isn't initialized until 
     ap_initialize() calls setup_lock().  Here is a slight
     rearrangement to main() which calls ap_initialize() earlier...
     [Jeff Trawick <trawick us.ibm.com>]

  *) Enable Apache to use sendfile/TransmitFile API
     [Bill Stoddard, David Reid, Paul Reder]

  *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
     APIs.
     [Bill Stoddard]

  *) Make file I/O and network I/O writev/sendv APIs consistent.
     Eliminate use of ap_iovec_t and use Posix struct iovec.
     Use seperate variable on ap_writev to set the number of iovecs
     passed in and number of bytes written.
     [Bill Stoddard]

  *) Adapt file iol to use APR functions. Replaced ap_open_file() 
     with ap_create_file_iol(). ap_create_file_iol() requires that 
     the file be opened prior to the call using ap_open().
     [Bill Stoddard]

  *) Port mod_include and mod_cgi to 2.0
     [Paul Reder, Bill Stoddard]

  *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
     bytes_read/bytes_written is always valid (never -1).  Plus
     some fixes to buff.c to correct problems introduced by the
     errno => ap_status_t changes a while back.  Plus a fix to
     chunked encoding introduced right at the beginning of 2.0.
     [Dean Gaudet]

  *) Revamped UNIX build system to use autoconf and libtool.
     [Manoj Kasichainula, Sascha Schumann]

  *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>]

  *) SECURITY: More rigorous checking of Host: headers to fix security 
     problems with mass name-based virtual hosting (whether using mod_rewrite
     or mod_vhost_alias).
     [Ben Hyde, Tony Finch]
  
  *) Add back support for UseCanonicalName in <Directory> containers.
     [Manoj Kasichainula]

  *) Added APLOG_STARTUP log type.  This allows us to write an error
     message without any of the date and time information.  As a part
     of this change, I also removed all of the calls to fprintf(stderr
     and replaced them with calls to ap_log_error using APLOG_STARTUP
     writing to stderr is no longer portable, because we don't direct 
     stderr to the error log on all platforms.
     [Ryan Bloom] 
 
  *) Convert error logging functions to take errno as an argument.
     This makes our error logs more portable, because some Windows API's 
     don't set errno.  This change allows us to still output a valid
     message on all of our platforms.
     [Ryan Bloom]

  *) mod_mime_magic runs in 2.0-dev now.
     [Paul Reder <rederpj raleigh.ibm.com>]

  *) sendfile has been added to APR.
     [John Zedlewski <zedlwski Princeton.EDU>]

  *) buff.c has been converted to no longer use errno.
     [Manoj Kasichainula]

  *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and
     interface adaption to APR functions did it. [Martin Kraemer]

  *) Support DSOs properly on 32-bit HP-UX 11.0
     [Dilip Khandekar <dilip cup.hp.com>]

  *) Updated MM in APR source tree from version 1.0.8 to 1.0.11
     [Ralf S. Engelschall]

  *) Cleaned APR build environment integration and bootstrap APR 
     automatically for developers from src/Configure.
     [Ralf S. Engelschall]

  *) Fixed building of src/support/htpasswd.c
     [Ralf S. Engelschall]

  *) When generating the Location: header, mod_speling forgot
     to escape the spelling-fixed uri. (Forw-Port from 1.3)
     [Martin Kraemer]

  *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]

  *) Change all pools to APR contexts.  This is the first step to
     incorporating APR into Apache. [Ryan Bloom]

  *) Move "handler not found" warning message to below the check
     for a wildcard handler.  [Dirk <dirkm teleport.com>, Roy Fielding]
     PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807

  *) Support line-continuation feature in config.option file and
     allow the loading of multiple option sections at once via
     ``--with-option=<section1>,<section2>,...''
     [Ralf S. Engelschall]

  *) Rebuilt CVS repository with Apache 1.3.9 as basis.  [Roy Fielding]

Changes with Apache MPM

  *) Use asynchronous AcceptEx() and a completion port to accept and
     dispatch connections to threads in Windows NT/2000. 
     [Bill Stoddard]

  *) Implement WINNT Win32 MPM from original Win32 code in http_main.c
     [Bill Stoddard]  

  *) Implement the APACI --with-option facility 
     (per default used the config.option file).
     [Ralf S. Engelschall]

  *) MPM BEOS port.  [David Reid <abb37 dial.pipex.com>]

  *) Start to implement module-defined hooks that are a) fast and b) typesafe.
     Replace pre_connection module call with a register_hook call and
     implement pre_connection as a hook. The intent is that these hooks will
     be extended to allow Apache to be multi-protocol, and also to allow the
     calling order to be specified on a per-hook/per-module basis.
     [Ben Laurie]

  *) Implement mpm_* methods as "modules". Each method gets its own
     subdir in src/modules (eg: src/modules/prefork). Selection
     of method uses Rule MPM_METHOD.  [Jim Jagielski]

  *) Port the hybrid server from the apache-apr repository as
     mpm_mpmt_pthread.  [Manoj Kasichainula]

  *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
     amongst the unix MPMs.

  *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
     signal handling for the new world order.  [Dean Gaudet]

  *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out
     of alloc.c for now.  [Dean Gaudet]

  *) Handle partial large writes correctly.  [Ben Laurie]

  *) Eliminate conn_rec's pointer to server. All it knows is the base server
     based on IP/port.  [Ben Laurie]

  *) Port a bunch of modules to the new module structure.
     ["Michael H. Voase" <mvoase midcoast.com.au>]

  *) I/O layering and BUFF revamp.  See docs/buff.txt.  [Dean Gaudet]

  *) Basic restructuring to introduce the MPM concept; includes various
     changes to the module API... better described by
     docs/initial_blurb.txt.  [Dean Gaudet]

Changes with Apache pthreads

  *) New buff option added: BO_TIMEOUT. It describes the timeout for
     buff operations (generally over a network).
     [Dean Gaudet, Ryan Bloom, Manoj Kasichainula]

  *) Created http_accept abstraction. Added 4 new functions (not exported):
     init_accept(), begin_accepting_requests(), get_request(), 
     stop_accepting_requests() [Bill Stoddard]

  *) Fix to ap_rprintf call that allows mod_info to work properly.
     [James Morris <jmorris intercode.com.au>]

  *) user and ap_auth_type fields were moved from connection_rec to 
     request_rec. [Ryan Bloom] 

  *) Removed the ap_block_alarms and ap_unblock_alarm calls.  These aren't
     needed in a threaded server.

  *) Initial pthread implementation from from Dean's apache-nspr code.
     [Bill Stoddard, Ryan Bloom]


Changes with Apache 1.3.x and later:

  *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup