diff options
| author |   Chuck Short <zul@gentoo.org> | 2004-05-19 18:10:17 +0000 |
|---|---|---|
| committer | Chuck Short <zul@gentoo.org> | 2004-05-19 18:10:17 +0000 |
| commit | 49bb4bfd039b5d12fe34b78e5d31945d4d26fe3d (patch) | |
| tree | 4e5797a2bc173e3f74197231cbf694c1d8cf548c /net-www/apache/files | |
| parent | Holy crap a new tomcat... :) (Manifest recommit) (diff) | |
| download | gentoo-2-49bb4bfd039b5d12fe34b78e5d31945d4d26fe3d.tar.gz gentoo-2-49bb4bfd039b5d12fe34b78e5d31945d4d26fe3d.tar.bz2 gentoo-2-49bb4bfd039b5d12fe34b78e5d31945d4d26fe3d.zip | |
New version.
Diffstat (limited to 'net-www/apache/files')
8 files changed, 14282 insertions, 0 deletions
diff --git a/net-www/apache/files/digest-apache-2.0.49-r2 b/net-www/apache/files/digest-apache-2.0.49-r2 new file mode 100644 index 000000000000..caa6620e2194 --- /dev/null +++ b/net-www/apache/files/digest-apache-2.0.49-r2 @@ -0,0 +1 @@ +MD5 275d3d37eed1b070f333d3618f7d1954 httpd-2.0.49.tar.gz 5919279 diff --git a/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch b/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch new file mode 100644 index 000000000000..a1b7fb767e99 --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/00_gentoo_base.patch @@ -0,0 +1,158 @@ +- enable the checks that the suexec wrapper is a setuid root binary; + so if people turn off setuid on the binary, suexec won't be enabled. + +- fix hardcoded path to suexec2 + +- remove checks requiring /usr/sbin/httpd to be present: this is + unnecessary, we know that httpd contains mod_so, and only the + httpd-devel package should be required to build modules. + +- Allow startup after unclean shutdown: remove mutex before + creating it, use anonymous shm in shmcb. + +- allow server/exports.c to be generated in a parallel build successfully + +- ensure that when mod_ssl is unloaded, libcrypto doesn't still have the + thread_id callback pointing at a mod_ssl function. + +- make apache2ctl source /etc/conf.d/apache2 for startup options + +diff -ur httpd-2.0.49.orig/include/httpd.h httpd-2.0.49/include/httpd.h +--- httpd-2.0.49.orig/include/httpd.h 2004-02-09 12:54:34.000000000 -0800 ++++ httpd-2.0.49/include/httpd.h 2004-03-22 10:38:40.000000000 -0800 +@@ -137,7 +137,7 @@ + + /* The path to the suExec wrapper, can be overridden in Configuration */ + #ifndef SUEXEC_BIN +-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec" ++#define SUEXEC_BIN "/usr/sbin/suexec2" + #endif + + /* The timeout for waiting for messages */ +Only in httpd-2.0.49/include: httpd.h.orig +diff -ur httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c httpd-2.0.49/modules/ssl/ssl_engine_mutex.c +--- httpd-2.0.49.orig/modules/ssl/ssl_engine_mutex.c 2004-02-09 12:53:20.000000000 -0800 ++++ httpd-2.0.49/modules/ssl/ssl_engine_mutex.c 2004-03-22 10:38:40.000000000 -0800 +@@ -41,6 +41,8 @@ + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + ++ apr_file_remove(mc->szMutexFile, p); ++ + if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, + mc->nMutexMech, p)) != APR_SUCCESS) { + if (mc->szMutexFile) +Only in httpd-2.0.49/modules/ssl: ssl_engine_mutex.c.orig +diff -ur httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c +--- httpd-2.0.49.orig/modules/ssl/ssl_scache_shmcb.c 2004-02-09 12:53:20.000000000 -0800 ++++ httpd-2.0.49/modules/ssl/ssl_scache_shmcb.c 2004-03-22 10:38:40.000000000 -0800 +@@ -341,7 +341,7 @@ + + if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), + mc->nSessionCacheDataSize, +- mc->szSessionCacheDataFile, ++ NULL, + mc->pPool)) != APR_SUCCESS) { + char buf[100]; + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, +Only in httpd-2.0.49/modules/ssl: ssl_scache_shmcb.c.orig +diff -ur httpd-2.0.49.orig/modules/ssl/ssl_util.c httpd-2.0.49/modules/ssl/ssl_util.c +--- httpd-2.0.49.orig/modules/ssl/ssl_util.c 2004-02-09 12:53:20.000000000 -0800 ++++ httpd-2.0.49/modules/ssl/ssl_util.c 2004-03-22 10:38:40.000000000 -0800 +@@ -422,6 +422,8 @@ + CRYPTO_set_locking_callback(NULL); + CRYPTO_set_id_callback(NULL); + ++ CRYPTO_set_id_callback(NULL); ++ + /* Let the registered mutex cleanups do their own thing + */ + return APR_SUCCESS; +Only in httpd-2.0.49/modules/ssl: ssl_util.c.orig +diff -ur httpd-2.0.49.orig/os/unix/unixd.c httpd-2.0.49/os/unix/unixd.c +--- httpd-2.0.49.orig/os/unix/unixd.c 2004-03-17 23:36:53.000000000 -0800 ++++ httpd-2.0.49/os/unix/unixd.c 2004-03-22 10:38:40.000000000 -0800 +@@ -200,23 +200,20 @@ + + AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) + { +- apr_finfo_t wrapper; ++ struct stat wrapper; + + unixd_config.user_name = DEFAULT_USER; + unixd_config.user_id = ap_uname2id(DEFAULT_USER); + unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); + + /* Check for suexec */ +- unixd_config.suexec_enabled = 0; +- if ((apr_stat(&wrapper, SUEXEC_BIN, +- APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { +- return; +- } +- +- /* XXX - apr_stat is incapable of checking suid bits (grumble) */ +- /* if ((wrapper.filetype & S_ISUID) && wrapper.user == 0) { */ ++ if (stat(SUEXEC_BIN, &wrapper) == 0 && ++ (wrapper.st_mode & S_ISUID) && wrapper.st_uid == 0) { + unixd_config.suexec_enabled = 1; +- /* } */ ++ } else { ++ unixd_config.suexec_enabled = 0; ++ } ++ + } + + +Only in httpd-2.0.49/os/unix: unixd.c.orig +diff -ur httpd-2.0.49.orig/server/Makefile.in httpd-2.0.49/server/Makefile.in +--- httpd-2.0.49.orig/server/Makefile.in 2004-03-08 09:40:37.000000000 -0800 ++++ httpd-2.0.49/server/Makefile.in 2004-03-22 10:38:40.000000000 -0800 +@@ -67,6 +67,9 @@ + export_vars.h: export_files + $(AWK) -f $(top_srcdir)/build/make_var_export.awk `cat $?` > $@ + ++# Needed to allow exports.c to be generated in a parallel build successfully ++.NOTPARALLEL: $(top_builddir)/server/exports.c ++ + # Rule to make def file for OS/2 core dll + ApacheCoreOS2.def: exports.c export_vars.h $(top_srcdir)/os/$(OS_DIR)/core_header.def + cat $(top_srcdir)/os/$(OS_DIR)/core_header.def > $@ +Only in httpd-2.0.49/server: Makefile.in.orig +diff -ur httpd-2.0.49.orig/support/apachectl.in httpd-2.0.49/support/apachectl.in +--- httpd-2.0.49.orig/support/apachectl.in 2004-02-09 12:59:49.000000000 -0800 ++++ httpd-2.0.49/support/apachectl.in 2004-03-22 10:38:40.000000000 -0800 +@@ -40,7 +40,8 @@ + # -------------------- -------------------- + # + # the path to your httpd binary, including options if necessary +-HTTPD='@exp_sbindir@/@progname@' ++. /etc/conf.d/apache2 ++HTTPD="@exp_sbindir@/@progname@ ${APACHE2_OPTS}" + # + # pick up any necessary environment variables + if test -f @exp_bindir@/envvars; then +Only in httpd-2.0.49/support: apachectl.in.orig +diff -ur httpd-2.0.49.orig/support/apxs.in httpd-2.0.49/support/apxs.in +--- httpd-2.0.49.orig/support/apxs.in 2004-02-09 12:59:49.000000000 -0800 ++++ httpd-2.0.49/support/apxs.in 2004-03-22 10:38:40.000000000 -0800 +@@ -198,19 +198,6 @@ + ($httpd = $0) =~ s:support/apxs$::; + } + +-unless (-x "$httpd") { +- error("$httpd not found or not executable"); +- exit 1; +-} +- +-unless (grep /mod_so/, `. $envvars && $httpd -l`) { +- error("Sorry, no shared object support for Apache"); +- error("available under your platform. Make sure"); +- error("the Apache module mod_so is compiled into"); +- error("your server binary `$httpd'."); +- exit 1; +-} +- + sub get_config_vars{ + my ($file, $rh_config) = @_; + +Only in httpd-2.0.49/support: apxs.in.orig diff --git a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cgi.patch b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cgi.patch new file mode 100644 index 000000000000..023fd428d8bf --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cgi.patch @@ -0,0 +1,322 @@ +diff -Naur httpd-2.0.49/modules/generators/mod_cgi.c httpd-2.0.49-gentoo/modules/generators/mod_cgi.c +--- httpd-2.0.49/modules/generators/mod_cgi.c 2004-02-09 20:53:17.000000000 +0000 ++++ httpd-2.0.49-gentoo/modules/generators/mod_cgi.c 2004-05-17 17:43:52.871026864 +0000 +@@ -32,6 +32,7 @@ + #include "apr_optional.h" + #include "apr_buckets.h" + #include "apr_lib.h" ++#include "apr_poll.h" + + #define APR_WANT_STRFUNC + #include "apr_want.h" +@@ -191,13 +192,14 @@ + + /* Soak up stderr from a script and redirect it to the error log. + */ +-static void log_script_err(request_rec *r, apr_file_t *script_err) ++static apr_status_t log_script_err(request_rec *r, apr_file_t *script_err) + { + char argsbuffer[HUGE_STRING_LEN]; + char *newline; ++ apr_status_t rv; + +- while (apr_file_gets(argsbuffer, HUGE_STRING_LEN, +- script_err) == APR_SUCCESS) { ++ while ((rv = apr_file_gets(argsbuffer, HUGE_STRING_LEN, ++ script_err)) == APR_SUCCESS) { + newline = strchr(argsbuffer, '\n'); + if (newline) { + *newline = '\0'; +@@ -205,6 +207,8 @@ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "%s", argsbuffer); + } ++ ++ return rv; + } + + static int log_script(request_rec *r, cgi_server_conf * conf, int ret, +@@ -539,6 +543,172 @@ + } + } + ++#if APR_FILES_AS_SOCKETS ++ ++/* A CGI bucket type is needed to catch any output to stderr from the ++ * script; see PR 22030. */ ++static const apr_bucket_type_t bucket_type_cgi; ++ ++struct cgi_bucket_data { ++ apr_pollset_t *pollset; ++ request_rec *r; ++}; ++ ++/* Create a CGI bucket using pipes from script stdout 'out' ++ * and stderr 'err', for request 'r'. */ ++static apr_bucket *cgi_bucket_create(request_rec *r, ++ apr_file_t *out, apr_file_t *err, ++ apr_bucket_alloc_t *list) ++{ ++ apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); ++ apr_status_t rv; ++ apr_pollfd_t fd; ++ struct cgi_bucket_data *data = apr_palloc(r->pool, sizeof *data); ++ ++ APR_BUCKET_INIT(b); ++ b->free = apr_bucket_free; ++ b->list = list; ++ b->type = &bucket_type_cgi; ++ b->length = (apr_size_t)(-1); ++ b->start = -1; ++ ++ /* Create the pollset */ ++ rv = apr_pollset_create(&data->pollset, 2, r->pool, 0); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ fd.desc_type = APR_POLL_FILE; ++ fd.reqevents = APR_POLLIN; ++ fd.p = r->pool; ++ fd.desc.f = out; /* script's stdout */ ++ fd.client_data = (void *)1; ++ rv = apr_pollset_add(data->pollset, &fd); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ fd.desc.f = err; /* script's stderr */ ++ fd.client_data = (void *)2; ++ rv = apr_pollset_add(data->pollset, &fd); ++ AP_DEBUG_ASSERT(rv == APR_SUCCESS); ++ ++ data->r = r; ++ b->data = data; ++ return b; ++} ++ ++/* Create a duplicate CGI bucket using given bucket data */ ++static apr_bucket *cgi_bucket_dup(struct cgi_bucket_data *data, ++ apr_bucket_alloc_t *list) ++{ ++ apr_bucket *b = apr_bucket_alloc(sizeof(*b), list); ++ APR_BUCKET_INIT(b); ++ b->free = apr_bucket_free; ++ b->list = list; ++ b->type = &bucket_type_cgi; ++ b->length = (apr_size_t)(-1); ++ b->start = -1; ++ b->data = data; ++ return b; ++} ++ ++/* Handle stdout from CGI child. Duplicate of logic from the _read ++ * method of the real APR pipe bucket implementation. */ ++static apr_status_t cgi_read_stdout(apr_bucket *a, apr_file_t *out, ++ const char **str, apr_size_t *len) ++{ ++ char *buf; ++ apr_status_t rv; ++ ++ *str = NULL; ++ *len = APR_BUCKET_BUFF_SIZE; ++ buf = apr_bucket_alloc(*len, a->list); /* XXX: check for failure? */ ++ ++ rv = apr_file_read(out, buf, len); ++ ++ if (rv != APR_SUCCESS && rv != APR_EOF) { ++ apr_bucket_free(buf); ++ return rv; ++ } ++ ++ if (*len > 0) { ++ struct cgi_bucket_data *data = a->data; ++ apr_bucket_heap *h; ++ ++ /* Change the current bucket to refer to what we read */ ++ a = apr_bucket_heap_make(a, buf, *len, apr_bucket_free); ++ h = a->data; ++ h->alloc_len = APR_BUCKET_BUFF_SIZE; /* note the real buffer size */ ++ *str = buf; ++ APR_BUCKET_INSERT_AFTER(a, cgi_bucket_dup(data, a->list)); ++ } ++ else { ++ apr_bucket_free(buf); ++ a = apr_bucket_immortal_make(a, "", 0); ++ *str = a->data; ++ } ++ return rv; ++} ++ ++/* Read method of CGI bucket: polls on stderr and stdout of the child, ++ * sending any stderr output immediately away to the error log. */ ++static apr_status_t cgi_bucket_read(apr_bucket *b, const char **str, ++ apr_size_t *len, apr_read_type_e block) ++{ ++ struct cgi_bucket_data *data = b->data; ++ apr_interval_time_t timeout; ++ apr_status_t rv; ++ int gotdata = 0; ++ ++ timeout = block == APR_NONBLOCK_READ ? 0 : data->r->server->timeout; ++ ++ do { ++ const apr_pollfd_t *results; ++ apr_int32_t num; ++ ++ rv = apr_pollset_poll(data->pollset, timeout, &num, &results); ++ if (APR_STATUS_IS_TIMEUP(rv)) { ++ return timeout == 0 ? APR_EAGAIN : rv; ++ } ++ else if (APR_STATUS_IS_EINTR(rv)) { ++ continue; ++ } ++ else if (rv != APR_SUCCESS) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, data->r, ++ "poll failed waiting for CGI child"); ++ return rv; ++ } ++ ++ for (; num; num--, results++) { ++ if (results[0].client_data == (void *)1) { ++ /* stdout */ ++ rv = cgi_read_stdout(b, results[0].desc.f, str, len); ++ if (APR_STATUS_IS_EOF(rv)) { ++ rv = APR_SUCCESS; ++ } ++ gotdata = 1; ++ } else { ++ /* stderr */ ++ apr_status_t rv2 = log_script_err(data->r, results[0].desc.f); ++ if (APR_STATUS_IS_EOF(rv2)) { ++ apr_pollset_remove(data->pollset, &results[0]); ++ } ++ } ++ } ++ ++ } while (!gotdata); ++ ++ return rv; ++} ++ ++static const apr_bucket_type_t bucket_type_cgi = { ++ "CGI", 5, APR_BUCKET_DATA, ++ apr_bucket_destroy_noop, ++ cgi_bucket_read, ++ apr_bucket_setaside_notimpl, ++ apr_bucket_split_notimpl, ++ apr_bucket_copy_notimpl ++}; ++ ++#endif ++ + static int cgi_handler(request_rec *r) + { + int nph; +@@ -556,6 +726,7 @@ + cgi_server_conf *conf; + apr_status_t rv; + cgi_exec_info_t e_info; ++ conn_rec *c = r->connection; + + if(strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) + return DECLINED; +@@ -637,7 +808,7 @@ + /* Transfer any put/post args, CERN style... + * Note that we already ignore SIGPIPE in the core server. + */ +- bb = apr_brigade_create(r->pool, r->connection->bucket_alloc); ++ bb = apr_brigade_create(r->pool, c->bucket_alloc); + seen_eos = 0; + child_stopped_reading = 0; + if (conf->logname) { +@@ -710,18 +881,28 @@ + apr_file_flush(script_out); + apr_file_close(script_out); + ++ AP_DEBUG_ASSERT(script_in != NULL); ++ ++ apr_brigade_cleanup(bb); ++ ++#if APR_FILES_AS_SOCKETS ++ apr_file_pipe_timeout_set(script_in, 0); ++ apr_file_pipe_timeout_set(script_err, 0); ++ ++ b = cgi_bucket_create(r, script_in, script_err, c->bucket_alloc); ++#else ++ b = apr_bucket_pipe_create(script_in, c->bucket_alloc); ++#endif ++ APR_BRIGADE_INSERT_TAIL(bb, b); ++ b = apr_bucket_eos_create(c->bucket_alloc); ++ APR_BRIGADE_INSERT_TAIL(bb, b); ++ + /* Handle script return... */ +- if (script_in && !nph) { +- conn_rec *c = r->connection; ++ if (!nph) { + const char *location; + char sbuf[MAX_STRING_LEN]; + int ret; + +- b = apr_bucket_pipe_create(script_in, c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bb, b); +- b = apr_bucket_eos_create(c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bb, b); +- + if ((ret = ap_scan_script_header_err_brigade(r, bb, sbuf))) { + return log_script(r, conf, ret, dbuf, sbuf, bb, script_err); + } +@@ -731,6 +912,7 @@ + if (location && location[0] == '/' && r->status == 200) { + discard_script_output(bb); + apr_brigade_destroy(bb); ++ apr_file_pipe_timeout_set(script_err, r->server->timeout); + log_script_err(r, script_err); + /* This redirect needs to be a GET no matter what the original + * method was. +@@ -757,22 +939,8 @@ + } + + rv = ap_pass_brigade(r->output_filters, bb); +- +- /* don't soak up script output if errors occurred +- * writing it out... otherwise, we prolong the +- * life of the script when the connection drops +- * or we stopped sending output for some other +- * reason +- */ +- if (rv == APR_SUCCESS && !r->connection->aborted) { +- log_script_err(r, script_err); +- } +- +- apr_file_close(script_err); + } +- +- if (script_in && nph) { +- conn_rec *c = r->connection; ++ else /* nph */ { + struct ap_filter_t *cur; + + /* get rid of all filters up through protocol... since we +@@ -786,13 +954,19 @@ + } + r->output_filters = r->proto_output_filters = cur; + +- bb = apr_brigade_create(r->pool, c->bucket_alloc); +- b = apr_bucket_pipe_create(script_in, c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bb, b); +- b = apr_bucket_eos_create(c->bucket_alloc); +- APR_BRIGADE_INSERT_TAIL(bb, b); +- ap_pass_brigade(r->output_filters, bb); ++ rv = ap_pass_brigade(r->output_filters, bb); ++ } ++ ++ /* don't soak up script output if errors occurred writing it ++ * out... otherwise, we prolong the life of the script when the ++ * connection drops or we stopped sending output for some other ++ * reason */ ++ if (rv == APR_SUCCESS && !r->connection->aborted) { ++ apr_file_pipe_timeout_set(script_err, r->server->timeout); ++ log_script_err(r, script_err); + } ++ ++ apr_file_close(script_err); + + return OK; /* NOT r->status, even if it has changed. */ + } diff --git a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch new file mode 100644 index 000000000000..73b57c0cca6f --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_cvs_sync.patch @@ -0,0 +1,13507 @@ +diff -Naur httpd-2.0.49/CHANGES.orig httpd-2.0.49-gentoo/CHANGES.orig +--- httpd-2.0.49/CHANGES.orig 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.0.49-gentoo/CHANGES.orig 2004-03-18 07:36:52.000000000 +0000 +@@ -0,0 +1,13405 @@ ++Changes with Apache 2.0.49 ++ ++ *) SECURITY: CAN-2004-0174 (cve.mitre.org) ++ Fix starvation issue on listening sockets where a short-lived ++ connection on a rarely-accessed listening socket will cause a ++ child to hold the accept mutex and block out new connections until ++ another connection arrives on that rarely-accessed listening socket. ++ With Apache 2.x there is no performance concern about enabling the ++ logic for platforms which don't need it, so it is enabled everywhere ++ except for Win32. [Jeff Trawick] ++ ++ *) mod_cgid: Fix storage corruption caused by use of incorrect pool. ++ [Jeff Trawick] ++ ++ *) Win32: find_read_listeners was not correctly handling multiple ++ listeners on the Win32DisableAcceptEx path. [Bill Stoddard] ++ ++ *) Fix bug in mod_usertrack when no CookieName is set. PR 24483. ++ [Manni Wood <manniwood planet-save.com>] ++ ++ *) Fix some piped log problems: bogus "piped log program '(null)' ++ failed" messages during restart and problem with the logger ++ respawning again after Apache is stopped. PR 21648, PR 24805. ++ [Jeff Trawick] ++ ++ *) Fixed file extensions for real media files and removed rpm extension ++ from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>] ++ ++ *) Remove compile-time length limit on request strings. Length is ++ now enforced solely with the LimitRequestLine config directive. ++ [Paul J. Reder] ++ ++ *) mod_ssl: Send the Close Alert message to the peer before closing ++ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton] ++ ++ *) SECURITY: CAN-2004-0113 (cve.mitre.org) ++ mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling. ++ PR 27106. [Joe Orton] ++ ++ *) mod_ssl: Fix bug in passphrase handling which could cause spurious ++ failures in SSL functions later. PR 21160. [Joe Orton] ++ ++ *) mod_log_config: Fix corruption of buffered logs with threaded ++ MPMs. PR 25520. [Jeff Trawick] ++ ++ *) Fix mod_include's expression parser to recognize strings correctly ++ even if they start with an escaped token. [André Malo] ++ ++ *) Add fatal exception hook for use by diagnostic modules. The hook ++ is only available if the --enable-exception-hook configure parm ++ is used and the EnableExceptionHook directive has been set to ++ "on". [Jeff Trawick] ++ ++ *) Allow mod_auth_digest to work with sub-requests with different ++ methods than the original request. PR 25040. ++ [Josh Dady <jpd indecisive.com>] ++ ++ *) fix "Expected </Foo>> but saw </Foo>" errors in nested, ++ argumentless containers. ++ ["Philippe M. Chiasson" <gozer cpan.org>] ++ ++ *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756. ++ [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes] ++ ++ *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849 ++ [Glenn Nielsen <glenn apache.org>] ++ ++ *) The whole codebase was relicensed and is now available under ++ the Apache License, Version 2.0 (http://www.apache.org/licenses). ++ [Apache Software Foundation] ++ ++ *) Fixed cache-removal order in mod_mem_cache. ++ [Jean-Jacques Clar, Cliff Woolley] ++ ++ *) mod_setenvif: Fix the regex optimizer, which under circumstances ++ treated the supplied regex as literal string. PR 24219. ++ [André Malo] ++ ++ *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm ++ instead of mmn. [André Malo] ++ ++ *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules ++ could lead to a 400 (Bad Request) response. [André Malo] ++ ++ *) Keep focus of ITERATE and ITERATE2 on the current module when ++ the module chooses to return DECLINE_CMD for the directive. ++ PR 22299. [Geoffrey Young <geoff apache.org>] ++ ++ *) Add support for IMT minor-type wildcards (e.g., text/*) to ++ ExpiresByType. PR#7991 [Ken Coar] ++ ++ *) Fix segfault in mod_mem_cache cache_insert() due to cache size ++ becoming negative. PR: 21285, 21287 ++ [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar] ++ ++ *) core.c: If large file support is enabled, allow any file that is ++ greater than AP_MAX_SENDFILE to be split into multiple buckets. ++ This allows Apache to send files that are greater than 2gig. ++ Otherwise we run into 32/64 bit type mismatches in the file size. ++ [Brad Nicholes] ++ ++ *) proxy_http fix: mod_proxy hangs when both KeepAlive and ++ ProxyErrorOverride are enabled, and a non-200 response without a ++ body is generated by the backend server. (e.g.: a client makes a ++ request containing the "If-Modified-Since" and "If-None-Match" ++ headers, to which the backend server respond with status 304.) ++ [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner] ++ ++ *) mod_dav: Reject requests which include an unescaped fragment in the ++ Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>] ++ ++ *) Build array of allowed methods with proper dimensions, fixing ++ possible memory corruption. [Jeff Trawick] ++ ++ *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID. ++ PR 15057. [Otmar Lendl <lendl nic.at>] ++ ++ *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944 ++ [Joe Orton] ++ ++ *) mod_usertrack no longer inspects the Cookie2 header for ++ the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>] ++ ++ *) mod_usertrack no longer overwrites other cookies. ++ PR 26002. [Scott Moore <apache nopdesign.com>] ++ ++ *) worker MPM: fix stack overlay bug that could cause the parent ++ process to crash. [Jeff Trawick] ++ ++ *) Win32: Add Win32DisableAcceptEx directive. This Windows ++ NT/2000/CP directive is useful to work around bugs in some ++ third party layered service providers like virus scanners, ++ VPN and firewall products, that do not properly handle ++ WinSock 2 APIs. Use this directive if your server is issuing ++ AcceptEx failed messages. ++ [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick] ++ ++ *) Make REMOTE_PORT variable available in mod_rewrite. ++ PR 25772. [André Malo] ++ ++ *) Fix a long delay with CGI requests and keepalive connections on ++ AIX. [Jeff Trawick] ++ ++ *) mod_autoindex: Add 'XHTML' option in order to allow switching between ++ HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo] ++ ++ *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump). ++ [André Malo] ++ ++ *) mod_ssl: Advertise SSL library version as determined at run-time rather ++ than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>] ++ ++ *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log ++ format code is used. PR 22741. [Gary E. Miller <gem rellim.com>] ++ ++ *) Fix build with parallel make. PR 24643. [Joe Orton] ++ ++ *) mod_rewrite: In external rewrite maps lookup keys containing ++ a newline now cause a lookup failure. PR 14453. ++ [Cedric Gavage <cedric.gavage unixtech.be>, André Malo] ++ ++ *) Backport major overhaul of mod_include's filter parser from 2.1. ++ The new parser code is expected to be more robust and should ++ catch all of the edge cases that were not handled by the previous one. ++ The 2.1 external API changes were hidden by a wrapper which is ++ expected to keep the API backwards compatible. [André Malo] ++ ++ *) Add a hook (insert_error_filter) to allow filters to re-insert ++ themselves during processing of error responses. Enable mod_expires ++ to use the new hook to include Expires headers in valid error ++ responses. This addresses an RFC violation. It fixes PRs 19794, ++ 24884, and 25123. [Paul J. Reder] ++ ++ *) Add Polish translation of error messages. PR 25101. ++ [Tomasz Kepczynski <tomek jot23.org>] ++ ++ *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet ++ supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes, ++ Bill Stoddard] ++ ++ *) Add mod_status hook to allow modules to add to the mod_status ++ report. [Joe Orton] ++ ++ *) Fix htdbm to generate comment fields in DBM files correctly. ++ [Justin Erenkrantz] ++ ++ *) mod_dav: Use bucket brigades when reading PUT data. This avoids ++ problems if the data stream is modified by an input filter. PR 22104. ++ [Tim Robbins <tim robbins.dropbear.id.au>, André Malo] ++ ++ *) Fix RewriteBase directive to not add double slashes. [André Malo] ++ ++ *) Improve 'configure --help' output for some modules. [Astrid Keßler] ++ ++ *) Correct UseCanonicalName Off to properly check incoming port number. ++ [Jim Jagielski] ++ ++ *) Fix slow graceful restarts with prefork MPM. [Joe Orton] ++ ++ *) Fix a problem with namespace mappings being dropped in mod_dav_fs; ++ if any property values were set which defined namespaces these ++ came out mangled in the PROPFIND response. PR 11637. ++ [Amit Athavale <amit_athavale persistent.co.in>] ++ ++ *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where ++ the destination resource gives a 401. PR 15571. [Joe Orton] ++ ++ *) SECURITY: CAN-2003-0020 (cve.mitre.org) ++ Escape arbitrary data before writing into the errorlog. Unescaped ++ errorlogs are still possible using the compile time switch ++ "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo] ++ ++ *) mod_autoindex / core: Don't fail to show filenames containing ++ special characters like '%'. PR 13598. [André Malo] ++ ++ *) mod_status: Report total CPU time accurately when using a threaded ++ MPM. PR 23795. [Jeff Trawick] ++ ++ *) Fix memory leak in handling of request bodies during reverse ++ proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>] ++ ++ *) Win32 MPM: Implement MaxMemFree to enable setting an upper ++ limit on the amount of storage used by the bucket brigades ++ in each server thread. [Bill Stoddard] ++ ++ *) Modified the cache code to be header-location agnostic. Also ++ fixed a number of other cache code bugs related to PR 15852. ++ Includes a patch submitted by Sushma Rai <rsushma novell.com>. ++ This fixes mod_mem_cache but not mod_disk_cache yet so I'm not ++ closing the PR since that is what they are using. [Paul J. Reder] ++ ++ *) complain via error_log when mod_include's INCLUDES filter is ++ enabled, but the relevant Options flag allowing the filter to run ++ for the specific resource wasn't set, so that the filter won't ++ silently get skipped. next remove itself, so the warning will be ++ logged only once [Stas Bekman, Jeff Trawick, Bill Rowe] ++ ++ *) mod_info: HTML escape configuration information so it displays ++ correctly. PR 24232. [Thom May] ++ ++ *) Restore the ability to add a description for directories that ++ don't contain an index file. (Broken in 2.0.48) [André Malo] ++ ++ *) Fix a problem with the display of empty variables ("SetEnv foo") in ++ mod_include. PR 24734 [Markus Julen <mj zermatt.net>] ++ ++ *) mod_log_config: Log the minutes component of the timezone correctly. ++ PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>] ++ ++ *) mod_proxy: Fix cases where an invalid status-line could be sent ++ to the client. PR 23998. [Joe Orton] ++ ++ *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL ++ are also loaded. [Joe Orton] ++ ++ *) mod_ssl: Use human-readable OpenSSL error strings in logs; use ++ thread-safe interface for retrieving error strings. [Joe Orton] ++ ++ *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to ++ avoid reporting an Internal Server error if it is used without ++ having been set in the httpd.conf file. PR: 23748, 24459 ++ [Andre Malo, Liam Quinn <liam htmlhelp.com>] ++ ++ *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon ++ option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>] ++ ++ *) mod_include no longer allows an ETag header on 304 responses. ++ PR 19355. [Geoffrey Young <geoff apache.org>, André Malo] ++ ++ *) EBCDIC: Convert header fields to ASCII before sending (broken ++ since 2.0.44). [Martin Kraemer] ++ ++ *) Fix the inability to log errors like exec failure in ++ mod_ext_filter/mod_cgi script children. This was broken after ++ such children stopped inheriting the error log handle. ++ [Jeff Trawick] ++ ++ *) Fix mod_info to use the real config file name, not the default ++ config file name. [Aryeh Katz <aryeh secured-services.com>] ++ ++ *) Set the scoreboard state to indicate logging prior to running ++ logging hooks so that server-status will show 'L' for hung loggers ++ instead of 'W'. [Jeff Trawick] ++ ++Changes with Apache 2.0.48 ++ ++ *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of ++ the AF_UNIX socket used to communicate with the cgid daemon and ++ the CGI script. [Jeff Trawick] ++ ++ *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and ++ mod_rewrite which occurred if one configured a regular expression ++ with more than 9 captures. [André Malo] ++ ++ *) mod_include: fix segfault which occured if the filename was not ++ set, for example, when processing some error conditions. ++ PR 23836. [Brian Akins <bakins web.turner.com>, André Malo] ++ ++ *) fix the config parser to support <Foo>..</Foo> containers (no ++ arguments in the opening tag) supported by httpd 1.3. Without ++ this change mod_perl 2.0's <Perl> sections are broken. ++ ["Philippe M. Chiasson" <gozer cpan.org>] ++ ++ *) mod_cgid: fix a hash table corruption problem which could ++ result in the wrong script being cleaned up at the end of a ++ request. [Jeff Trawick] ++ ++ *) Update httpd-*.conf to be clearer in describing the connection ++ between AddType and AddEncoding for defining the meaning of ++ compressed file extensions. [Roy Fielding] ++ ++ *) mod_rewrite: Don't die silently when failing to open RewriteLogs. ++ PR 23416. [André Malo] ++ ++ *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send ++ rewritten request using "proxy:". The code was adding multiple "proxy:" ++ fields in the rewritten URI. PR: 13946. ++ [Eider Oliveira <eider bol.com.br>] ++ ++ *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and ++ expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>] ++ ++ *) Ensure that ssl-std.conf is generated at configure time, and switch ++ to using the expanded config variables to work the same as ++ httpd-std.conf PR: 19611 ++ [Thom May] ++ ++ *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370 ++ [Hartmut Keil <Hartmut.Keil adnovum.ch>] ++ ++ *) mod_autoindex: If a directory contains a file listed in the ++ DirectoryIndex directive, the folder icon is no longer replaced ++ by the icon of that file. PR 9587. ++ [David Shane Holden <dpejesh yahoo.com>] ++ ++ *) Fixed mod_usertrack to not get false positive matches on the ++ user-tracking cookie's name. PR 16661. ++ [Manni Wood <manniwood planet-save.com>] ++ ++ *) mod_cache: Fix the cache code so that responses can be cached ++ if they have an Expires header but no Etag or Last-Modified ++ headers. PR 23130. ++ [<bjorn exoweb.net>] ++ ++ *) mod_log_config: Fix %b log format to write really "-" when 0 bytes ++ were sent (e.g. with 304 or 204 response codes). [Astrid Keßler] ++ ++ *) Modify ap_get_client_block() to note if it has seen EOS. ++ [Justin Erenkrantz] ++ ++ *) Fix a bug, where mod_deflate sometimes unconditionally compressed the ++ content if the Accept-Encoding header contained only other tokens than ++ "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo] ++ ++ *) Avoid an infinite recursion, which occured if the name of an included ++ config file or directory contained a wildcard character. PR 22194. ++ [André Malo] ++ ++ *) mod_ssl: Fix a problem setting variables that represent the ++ client certificate chain. PR 21371 [Jeff Trawick] ++ ++ *) Unix: Handle permissions settings for flock-based mutexes in ++ unixd_set_global|proc_mutex_perms(). Allow the functions to be ++ called for any type of mutex. PR 20312 [Jeff Trawick] ++ ++ *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick] ++ ++ *) Fix a misleading message from the some of the threaded MPMs when ++ MaxClients has to be lowered due to the setting of ServerLimit. ++ [Jeff Trawick] ++ ++ *) Lower the severity of the "listener thread didn't exit" message ++ to debug, as it is of interest only to developers. PR 9011 ++ [Jeff Trawick] ++ ++ *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting. ++ [Cliff Woolley, Jean-Jacques Clar] ++ ++ *) Install config.nice into the build/ directory to make ++ minor version upgrades easier. [Joshua Slive] ++ ++ *) Fix mod_deflate so that it does not call deflate() without checking ++ first whether it has something to deflate. (Currently this causes ++ deflate to generate a fatal error according to the zlib spec.) ++ PR 22259. [Stas Bekman] ++ ++ *) mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an ++ identity spoof is encountered. ++ [Sander Striker] ++ ++ *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory ++ containing the .htaccess file is requested without a trailing slash. ++ PR 20195. [André Malo] ++ ++ *) ab: Overlong credentials given via command line no longer clobber ++ the buffer. [André Malo] ++ ++ *) mod_deflate: Don't attempt to hold all of the response until we're ++ done. [Justin Erenkrantz] ++ ++ *) Assure that we block properly when reading input bodies with SSL. ++ PR 19242. [David Deaves <David.Deaves dd.id.au>, William Rowe] ++ ++ *) Update mime.types to include latest IANA and W3C types. [Roy Fielding] ++ ++ *) mod_ext_filter: Set additional environment variables for use by ++ the external filter. PR 20944. [Andrew Ho, Jeff Trawick] ++ ++ *) Fix buildconf errors when libtool version changes. [Jeff Trawick] ++ ++ *) Remember an authenticated user during internal redirects if the ++ redirection target is not access protected and pass it ++ to scripts using the REDIRECT_REMOTE_USER environment variable. ++ PR 10678, 11602. [André Malo] ++ ++ *) mod_include: Fix a trio of bugs that would cause various unusual ++ sequences of parsed bytes to omit portions of the output stream. ++ PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley] ++ ++ *) Update the header token parsing code to allow LWS between the ++ token word and the ':' seperator. [PR 16520] ++ [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>] ++ ++ *) Eliminate creation of a temporary table in ap_get_mime_headers_core() ++ [Joe Schaefer <joe+gmane sunstarsys.com>] ++ ++ *) Added FreeBSD directory layout. PR 21100. ++ [Sander Holthaus <info orangexl.com>, André Malo] ++ ++ *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP ++ response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo] ++ ++ *) mod_rewrite: Perform child initialization on the rewrite log lock. ++ This fixes a log corruption issue when flock-based serialization ++ is used (e.g., FreeBSD). [Jeff Trawick] ++ ++ *) Don't respect the Server header field as set by modules and CGIs. ++ As with 1.3, for proxy requests any such field is from the origin ++ server; otherwise it will have our server info as controlled by ++ the ServerTokens directive. [Jeff Trawick] ++ ++Changes with Apache 2.0.47 ++ ++ *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences ++ of per-directory renegotiations and the SSLCipherSuite directive ++ being used to upgrade from a weak ciphersuite to a strong one ++ could result in the weak ciphersuite being used in place of the ++ strong one. [Ben Laurie] ++ ++ *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing ++ temporary denial of service when accept() on a rarely accessed port ++ returns certain errors. Reported by Saheed Akhtar ++ <S.Akhtar talis.com>. [Jeff Trawick] ++ ++ *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial ++ of service when target host is IPv6 but proxy server can't create ++ IPv6 socket. Fixed by the reporter. [Yoshioka Tsuneo ++ <tsuneo.yoshioka f-secure.com>] ++ ++ *) SECURITY [VU#379828] Prevent the server from crashing when entering ++ infinite loops. The new LimitInternalRecursion directive configures ++ limits of subsequent internal redirects and nested subrequests, after ++ which the request will be aborted. PR 19753 (and probably others). ++ [William Rowe, Jeff Trawick, André Malo] ++ ++ *) core_output_filter: don't split the brigade after a FLUSH bucket if ++ it's the last bucket. This prevents creating unneccessary empty ++ brigades which may not be destroyed until the end of a keepalive ++ connection. ++ [Juan Rivera <Juan.Rivera citrix.com>] ++ ++ *) Add support for "streamy" PROPFIND responses. ++ [Ben Collins-Sussman <sussman collab.net>] ++ ++ *) mod_cgid: Eliminate a double-close of a socket. This resolves ++ various operational problems in a threaded MPM, since on the ++ second attempt to close the socket, the same descriptor was ++ often already in use by another thread for another purpose. ++ [Jeff Trawick] ++ ++ *) mod_negotiation: Introduce "prefer-language" environment variable, ++ which allows to influence the negotiation process on request basis ++ to prefer a certain language. [André Malo] ++ ++ *) Make mod_expires' ExpiresByType work properly, including for ++ dynamically-generated documents. [Ken Coar, Bill Stoddard] ++ ++Changes with Apache 2.0.46 ++ ++ *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash ++ by sending an overly long string. This can be triggered remotely ++ through mod_dav, mod_ssl, and other mechanisms. Reported by David ++ Endler <DEndler iDefense.com>. ++ [Joe Orton <jorton redhat.com>] ++ ++ *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability ++ affecting basic authentication on Unix platforms related to ++ thread-safety in apr_password_validate(). The problem was reported ++ by John Hughes <john.hughes entegrity.com>. ++ ++ *) Fix for mod_dav. Call the 'can_be_activity' callback, if provided, ++ when a MKACTIVITY request comes in. ++ [Ben Collins-Sussman <sussman collab.net>] ++ ++ *) Perform run-time query in apxs for apr and apr-util's includes. ++ [Justin Erenkrantz] ++ ++ *) run libtool from the apr install directory (in case that is different ++ from the apache install directory) [Jeff Trawick] ++ ++ *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez] ++ ++ *) If mod_mime_magic does not know the content-type, do not attempt to ++ guess. PR 16908. [Andrew Gapon <agapon telcordia.com>] ++ ++ *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session ++ caching. PR 17864. ++ [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli] ++ ++ *) Add a delete flag to htpasswd. ++ [Thom May] ++ ++ *) Fix mod_rewrite's handling of absolute URIs. The escaping routines ++ now work scheme dependent and the query string will only be ++ appended if supported by the particular scheme. [André Malo] ++ ++ *) Add another check for already compressed content in mod_deflate. ++ PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>] ++ ++ *) Fixes for VPATH builds; copying special.mk and any future .mk files ++ from the source tree as well as the build tree (now creates a usable ++ configuration for apxs), and eliminated redundant -I'nclude paths. ++ [William Rowe] ++ ++ *) Code fixes, constness corrections and ssl_toolkit_compat.h updates ++ for SSLC and OpenSSL toolkit compatibility. Still work remains to ++ be done to cripple features based on the limitations of RSA's binary ++ distribution of their SSL-C toolkit. ++ [William Rowe, Madhusudan Mathihalli, Jeff Trawick] ++ ++ *) Linux 2.4+: If Apache is started as root and you code ++ CoreDumpDirectory, coredumps are enabled via the prctl() syscall. ++ [Greg Ames] ++ ++ *) ap_get_mime_headers_core: allocate space for the trailing null ++ when folding is in effect. ++ PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>] ++ ++ *) Fix --enable-mods-shared=most and other variants. [Aaron Bannert] ++ ++ *) mod_log_config: Add the ability to log the id of the thread ++ processing the request via new %P formats. [Jeff Trawick] ++ ++ *) Use appropriate language codes for Czech (cs) and Traditional Chinese ++ (zh-tw) in default config files. PR 9427. [André Malo] ++ ++ *) mod_auth_ldap: Use generic whitespace character class when parsing ++ "require" directives, instead of literal spaces only. PR 17135. ++ [André Malo] ++ ++ *) Hook mod_rewrite's type checker before mod_mime's one. That way the ++ RewriteRule [T=...] Flag should work as expected now. PR 19626. ++ [André Malo] ++ ++ *) htpasswd: Check the processed file on validity. If a line is not empty ++ and not a comment, it must contain at least one colon. Otherwise exit ++ with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May] ++ ++ *) Fix a problem that caused httpd to be linked with incorrect flags ++ on some platforms when mod_so was enabled by default, breaking ++ DSOs on AIX. PR 19012 [Jeff Trawick] ++ ++ *) By default, use the same CC and CPP with which APR was built. ++ The user can override with CC and CPP environment variables. ++ [Jeff Trawick] ++ ++ *) Fix ap_construct_url() so that it surrounds IPv6 literal address ++ strings with []. This fixes certain types of redirection. ++ PR 19207. [Jeff Trawick] ++ ++ *) forward port of buffer overflow fixes for htdigest. [Thom May] ++ ++ *) Added AllowEncodedSlashes directive to permit control of whether ++ the server will accept encoded slashes ('%2f') in the URI path. ++ Default condition is off (the historical behaviour). This permits ++ environments in which the path-info needs to contain encoded ++ slashes. PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar] ++ ++ *) When using Redirect in directory context, append requested query ++ string if there's no one supplied by configuration. PR 10961. ++ [André Malo] ++ ++ *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise ++ the pattern will not always match as desired. PR 12596. ++ [André Malo] ++ ++ *) mod_autoindex now emits and accepts modern query string parameter ++ delimiters (;). Thus column headers no longer contain unescaped ++ ampersands. PR 10880 [André Malo] ++ ++ *) Enable ap_sock_disable_nagle for Windows. This along with the ++ addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle ++ to be disabled for Windows. [Allan Edwards] ++ ++ *) Correct a mis-correlation between mpm_common.c and mpm_common.h; ++ This patch reverts us to pre-2.0.46 behavior, using the ++ ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle ++ was never compiled on Win32. [Allan Edwards, William Rowe] ++ ++ *) Fix a build problem with passing unsupported --enable-layout ++ args to apr and apr-util. This broke binbuild.sh as well as ++ user-specified layout parameters. PR 18649 [Justin Erenkrantz, ++ Jeff Trawick] ++ ++ *) If a Date response header was already set in the headers array, ++ this value was ignored in favour of the current time. This meant ++ that Date headers on proxied requests where rewritten when they ++ should not have been. PR: 14376 [Graham Leggett] ++ ++ *) Add code to buildconf that produces an httpd.spec file from ++ httpd.spec.in, using build/get-version.sh from APR. ++ [Graham Leggett] ++ ++ *) Fixed a segfault when multiple ProxyBlock directives were used. ++ PR: 19023 [Sami Tikka <sami.tikka f-secure.com>] ++ ++ *) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability ++ identified and reported by Robert Howard <rihoward rawbw.com> that ++ where device names faulted the running OS2 worker process. ++ The fix is actually in APR 0.9.4. [Brian Havard] ++ ++ *) Forward port: Escape special characters (especially control ++ characters) in mod_log_config to make a clear distinction between ++ client-supplied strings (with special characters) and server-side ++ strings. This was already introduced in version 1.3.25. ++ [André Malo] ++ ++ *) mod_deflate: Check also err_headers_out for an already set ++ Content-Encoding: gzip header. This prevents gzip compressed content ++ from a CGI script from being compressed once more. PR 17797. ++ [André Malo] ++ ++Changes with Apache 2.0.45 ++ ++ *) Fix possible segfaults under obscure error conditions within the ++ cgid daemon. [Jeff Trawick, William Rowe] ++ ++ *) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability ++ identified by David Endler <DEndler iDefense.com> on all platforms. ++ An unlimited stream of newlines were acceptable between requests ++ where each <lf> would allocate an 80 byte buffer, leading very ++ quickly to memory exahustion. [Brian Pane] ++ ++ *) Added an rpm build script. ++ [Graham Leggett, Joe Orton <jorton redhat.com>] ++ ++ *) Simpler, faster code path for request header scanning [Brian Pane] ++ ++ *) SECURITY: Eliminated leaks of several file descriptors to child ++ processes, such as CGI scripts. This fix depends on the APR library ++ release 0.9.2 or later (0.9.3 was distributed with the httpd ++ source tarball for Apache 2.0.45.) PR 17206 ++ [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>] ++ ++ *) Fix path handling of mod_rewrite, especially on non-unix systems. ++ There was some confusion between local paths and URL paths. ++ PR 12902. [André Malo] ++ ++ *) Prevent endless loops of internal redirects in mod_rewrite by ++ aborting after exceeding a limit of internal redirects. The ++ limit defaults to 10 and can be changed using the RewriteOptions ++ directive. PR 17462. [André Malo] ++ ++ *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when ++ all worker threads are busy. ++ [Igor Nazarenko <igor_nazarenko hotmail.com>] ++ ++ *) Keep the subrequest filter in place when a subrequest is ++ redirected. PR 15423. [Jeff Trawick] ++ ++ *) you can now specify the compression level for mod_deflate. ++ [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>, ++ Michael Schroepl <Michael.Schroepl telekurs.de>] ++ ++ *) mod_deflate: Extend the DeflateFilterNote directive to ++ allow accurate logging of the filter's in- and outstream. ++ [André Malo] ++ ++ *) Allow SSLMutex to select/use the full range of APR locking ++ mechanisms available to it. Also, fix the bug that SSLMutex uses ++ APR_LOCK_DEFAULT no matter what. PR 8122 [Jim Jagielski, ++ Martin Kutschker <martin.t.kutschker blackbox.net>] ++ ++ *) Restore the ability of htdigest.exe to create files that contain ++ more than one user. PR 12910. [André Malo] ++ ++ *) Improve binary compatibility of the core between debug (aka ++ maintainer-mode) and a non-debug compile. ++ [Sander Striker] ++ ++ *) mod_usertrack: don't set the cookie in subrequests. This works ++ around the problem that cookies were set twice during fast internal ++ redirects. PR 13211. [André Malo] ++ ++ *) mod_autoindex no longer forgets output format and enabled version ++ sort in linked column headers. [André Malo] ++ ++ *) Use .sv instead of .se as extension for Swedish documents in the ++ default configuration. PR 12877. [André Malo] ++ ++ *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL ++ and standardized the LDAP SSL support across the various LDAP SDKs. ++ Isolated the SSL functionality to mod_ldap rather than speading it ++ across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA ++ and LDAPTrustedCAType directives to mod_ldap to allow for a more ++ common method of specifying the SSL certificate. ++ [Dave Ward, Brad Nicholes] ++ ++ *) Fixed mod_ssl's SSLCertificateChain initialization to no longer ++ skip the first cert of the chain by default. This misbehavior ++ was introduced in 2.0.34. PR 14560 [Madhusudan Mathihalli] ++ ++ *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot ++ be started on Unix because of such problems as bad permissions, ++ bad shebang line, etc. [Jeff Trawick] ++ ++ *) Fix 64-bit problem in mod_ssl input logic. ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>] ++ ++ *) Fix potential memory leaks in mod_deflate on malformed data. PR 16046. ++ [Justin Erenkrantz] ++ ++ *) Rewrite ap_xml_parse_input to use bucket brigades. PR 16134. ++ [Justin Erenkrantz] ++ ++ *) Fix segfault which occurred when a section in an included ++ configuration file was not closed. PR 17093. [André Malo] ++ ++ *) Enhance the behavior of mod_isapi's WriteClient() callback to ++ provide better emulation for isapi modules that presume that the ++ first WriteClient() call may send status and headers. An example ++ of WriteClient() abuse is the foxisapi module, which relies on ++ that assumpion and now works. [William Rowe, Milan Kosina] ++ ++ *) Check the return value of ap_run_pre_connection(). So if the ++ pre_connection phase fails (without setting c->aborted) ++ ap_run_process_connection is not executed. [Stas Bekman] ++ ++ *) Fixed a problem with mod_ldap which caused it to fault when caching ++ was disabled. Needed to make sure that the code did not ++ attempt to use the cache if it didn't exist. Also fixed some memory ++ leaks which were due to not releasing LDAP resources on error ++ conditions. [Brad Nicholes] ++ ++ *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by ++ mod_rewrite proxied URLs will not be escaped accidentally by ++ mod_proxy's fixup. PR 16368 [André Malo] ++ ++ *) While processing filters on internal redirects, remember seen EOS ++ buckets also in the request structure of the redirect issuer(s). This ++ prevents filters (such as mod_deflate) from adding garbage to the ++ response. PR 14451. [André Malo] ++ ++ *) suexec: Be more pedantic when cleaning environment. Clean it ++ immediately after startup. PR 2790, 10449. ++ [Jeff Stewart <jws purdue.edu>, André Malo] ++ ++ *) Fix apxs to insert LoadModule directives only outside of sections. ++ PR 8712, 9012. [André Malo] ++ ++ *) Fix suexec compile error under SUNOS4, where strerror() doesn't ++ exist. PR 5913, 9977. ++ [Jonathan W Miner <Jonathan.W.Miner lmco.com>] ++ ++ *) Fix If header parsing when a non-mod_dav lock token is passed to it. ++ PR 16452. [Justin Erenkrantz] ++ ++ *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's ++ not specified. Now it assumes "/" as already documented. PR 16937. ++ [André Malo] ++ ++ *) Try to log an error if a piped log program fails. Try to ++ restart a piped log program in more failure situations. Fix an ++ existing problem with error handling in piped_log_spawn(). Use ++ new APR apr_proc_create() features to prevent Apache from starting ++ on Unix* in most cases where a piped log program can be started, ++ and add log messages for the other situations. *Other platforms ++ already failed Apache initialization if a piped log program ++ couldn't be started. PR 15761 [Jeff Trawick] ++ ++ *) Fix mod_cern_meta to not create empty metafiles when the ++ metafile searched for does not exist. PR 12353 ++ [Owen Rees <owen_rees hp.com>] ++ ++ *) Introduce debugging symbols for Win32 release builds, both .pdb ++ and .dbg files (older debuggers and Dr. Watson-type utilities ++ on WinNT or Win9x don't support the newer .pdb flavor.) ++ [Allen Edwards, William Rowe] ++ ++ *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME ++ information (and more). Related to PR 9076. [André Malo] ++ ++ *) mod_file_cache: fix segfault serving mmaped cached files. ++ [Bill Stoddard] ++ ++ *) mod_file_cache: fixed a segfault when multiple MMapFile directives ++ were used. PR 16313. [Cliff Woolley] ++ ++ *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing ++ an incompatible pointer type to mmap_bucket_destroy(void*). ++ [Gerard Eviston <geviston bigpond.net.au>] ++ ++ *) Enable the -n name parameter on NetWare to allow the ++ administrator to rename the Apache console screen ++ [Brad Nicholes] ++ ++ *) Fixed piped access logs on Win32 by disabling OTHER_CHILD ++ support by default in APR. More development is required ++ to deploy OTHER_CHILD on Win32. [William Rowe] ++ ++ *) Use saner default config values for suexec. PR 15713. ++ [Thom May <thom planetarytramp.net>] ++ ++ *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks" ++ (or SymlinksIfOwnermatch) is set. PR 12395. [André Malo] ++ ++ *) apxs: Include any special APR ld flags when linking the DSO. ++ This resolves problems on AIX when building a DSO with apxs+gcc. ++ [Jeff Trawick] ++ ++ *) Added character set support to mod_auth_LDAP to allow it to ++ convert extended characters used in the user ID to UTF-8 ++ before authenticating against the LDAP directory. The new ++ directive AuthLDAPCharsetConfig is used to specify the config ++ file that contains the character set conversion table. ++ [Brad Nicholes] ++ ++ *) Don't remove the Content-Length from responses in mod_proxy ++ PR: 8677 [Brian Pane] ++ ++ *) Ensure LDAP version is set to v3 on every bind. PR 14235. ++ [Sergey A. Lipnevich <sergeyli pisem.net>] ++ ++ *) Fix mod_ldap to open an existing shared memory file should one ++ already exist. PR 12757. [Scooter Morris <scooter gene.com>, ++ Graham Leggett] ++ ++ *) Fix the ulimit command used by apachectl on Tru64. PR 13609. ++ [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick] ++ ++ *) Change the ulimit command used by apachectl on AIX so that it ++ works in all locales. [Jeff Trawick] ++ ++ *) mod_ext_filter: Fix a problem building argument lists which ++ occasionally caused exec to fail. PR 15491. [Jeff Trawick] ++ ++Changes with Apache 2.0.44 ++ ++ *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option ++ from Apache 1.3. PR 14276 ++ [David Shane Holden <dpejesh yahoo.com>, William Rowe] ++ ++ *) mod_mime: Workaround to prevent a segfault if r->filename=NULL ++ [Brian Pane] ++ ++ *) Reorder the definitions for mod_ldap and mod_auth_ldap within ++ config.m4 to make sure the parent mod_ldap is defined first. ++ This ensures that mod_ldap comes before mod_auth_ldap in the ++ httpd.conf file, which is necessary for mod_auth_ldap to load. ++ PR 14256 [Graham Leggett] ++ ++ *) Fix the building of cgi command lines when the query string ++ contains '='. PR 13914 [Ville Skyttä <ville.skytta iki.fi>, ++ Jeff Trawick] ++ ++ *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move ++ implementation of MCacheMaxStreamingBuffer from mod_cache to ++ mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the ++ lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should ++ eliminate the need for explicitly coding MCacheMaxStreamingBuffer ++ in most configurations. [Bill Stoddard] ++ ++ *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when ++ a redirect occurs. The code was passing a format string and ++ integer to apr_pstrcat. Changed to apr_psprintf. ++ [Paul J. Reder] ++ ++ *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL ++ as set by apr-util in util_ldap.c. This should allow mod_ldap ++ to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme ++ <somme oslo.westerngeco.slb.com>, Graham Leggett] ++ ++ *) Fix critical bug in new --enable-v4-mapped configure option ++ implementation which broke IPv4 listening sockets on some ++ systems. [hiroyuki hanai <hanai imgsrc.co.jp>] ++ ++ *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex ++ patterns [André Malo <nd perlig.de>] ++ ++ *) Add version string to provider API. [Justin Erenkrantz] ++ ++ *) build: './configure && make' now works without an in-tree ++ apr and apr-util. [Wilfredo Sanchez] ++ ++ *) mod_negotiation: Set the appropriate mime response headers ++ (Content-Type, charset, Content-Language and Content-Encoding) ++ for negotated type-map "Body:" responses (such as the error ++ pages.) [André Malo <nd perlig.de>] ++ ++ *) mod_log_config: Allow '%%' escaping in CustomLog format ++ strings to insert a literal, single '%'. ++ [André Malo <nd perlig.de>] ++ ++ *) mod_autoindex: AddDescription directives for directories ++ now work as in Apache 1.3, where no trailing '/' is ++ specified on the directory name. Previously, the trailing ++ '/' *had* to be specified, which was incompatible with ++ Apache 1.3. PR 7990 [Jeff Trawick] ++ ++ *) Fix for PR 14556. The expiry calculations in mod_cache were ++ trying to perform "now + ((date - lastmod) * factor)" where ++ date == lastmod resulting in "now + 0". The code now follows ++ the else path (using the default expiration) if date is ++ equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder] ++ ++ *) Use AP_DECLARE in the debug versions of ap_strXXX in case the ++ default calling convention is not the same as the one used by ++ AP_DECLARE. [Juan Rivera <Juan.Rivera citrix.com>] ++ ++ *) mod_cache: Don't cache response header fields designated ++ as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1). ++ [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane] ++ ++ *) mod_cgid: Handle environment variables containing newlines. ++ PR 14550 [Piotr Czejkowski <apache czarny.eu.org>, Jeff ++ Trawick] ++ ++ *) Move mod_ext_filter out of experimental and into filters. ++ [Jeff Trawick] ++ ++ *) Fixed a memory leak in mod_deflate with dynamic content. ++ PR 14321 [Ken Franken <kfranken decisionmark.com>] ++ ++ *) Add --[enable|disable]-v4-mapped configure option to control ++ whether or not Apache expects to handle IPv4 connections ++ on IPv6 listening sockets. Either setting will work on ++ systems with the IPV6_V6ONLY socket option. --enable-v4-mapped ++ must be used on systems that always allow IPv4 connections on ++ IPv6 listening sockets. PR 14037 (Bugzilla), PR 7492 (Gnats) ++ [Jeff Trawick] ++ ++ *) This fixes a problem where the underlying cache code ++ indicated that there was one more element on the cache ++ than there actually was. This happened since element 0 ++ exists but is not used. This code allocates the correct ++ number of useable elements and reports the number of ++ actually used elements. The previous code only allowed ++ MCacheMaxObjectCount-1 objects to be stored in the ++ cache. [Paul J. Reder] ++ ++ *) mod_setenvif: Add SERVER_ADDR special keyword to allow ++ envariable setting according to the server IP address ++ which received the request. [Ken Coar] ++ ++ *) mod_cgid: Terminate CGI scripts when the client connection ++ drops. PR 8388 [Jeff Trawick] ++ ++ *) Rearrange OpenSSL engine initialization to support RAND ++ redirection on crypto accelerator. ++ [Frederic DONNAT <frederic.donnat zencod.com>] ++ ++ *) Always emit Vary header if mod_deflate is involved in the ++ request. [Andre Malo <nd perlig.de>] ++ ++ *) mod_isapi: Stop unsetting the 'empty' query string result with ++ a NULL argument in ecb->lpszQueryString, eliminating segfaults ++ for some ISAPI modules. PR 14399 ++ [Detlev Vendt <detlev.vendt brillit.de>] ++ ++ *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION ++ notification is received before the HttpExtensionProc() returns ++ HSE_STATUS_PENDING. This only affected isapi .dll's configured ++ with the ISAPIFakeAsync on directive. PR 11918 ++ [John DeSetto <jdesetto radiantsystems.com>, William Rowe] ++ ++ *) mod_isapi: Fix the issue where all results from mod_isapi would ++ run through the core die handler resulting in invalid responses ++ or access log entries. PR 10216 [William Rowe] ++ ++ *) Improves the user friendliness of the CacheRoot processing ++ over my last pass. This version avoids the pool allocations ++ but doesn't avoid all of the runtime checks. It no longer ++ terminates during post-config processing. An error is logged ++ once per worker, indicating that the CacheRoot needs to be set. ++ [Paul J. Reder] ++ ++ *) Fix a bug where we keep files open until the end of a ++ keepalive connection, which can result in: ++ (24)Too many open files: file permissions deny server access ++ especially on threaded servers. [Greg Ames, Jeff Trawick] ++ ++ *) Fix a bug in which mod_proxy sent an invalid Content-Length ++ when a proxied URL was invoked as a server-side include within ++ a page generated in response to a form POST. [Brian Pane] ++ ++ *) Added code to process min and max file size directives and to ++ init the expirychk flag in mod_disk_cache. Added a clarifying ++ comment to cache_util. [Paul J. Reder] ++ ++ *) The value emitted by ServerSignature now mimics the Server HTTP ++ header as controlled by ServerTokens. [Francis Daly <deva daoine.org>] ++ ++ *) Gracefully handly retry situations in the SSL input filter, ++ by following the SSL libraries' retry semantics. ++ [William Rowe] ++ ++ *) Terminate CGI scripts when the client connection drops. This ++ fix only applies to some normal paths in mod_cgi. mod_cgid ++ is still busted. PR 8388 [Jeff Trawick] ++ ++ *) Fix a bug where 416 "Range not satisfiable" was being ++ returned for content that should have been redirected. ++ [Greg Ames] ++ ++ *) Fix memory leak in mod_ssl from internal SSL library allocations ++ within SSL_get_peer_certificate and X509_get_pubkey. ++ [Zvi Har'El <rl math.technion.ac.il> ++ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]. ++ ++ *) mod_ssl uses free() inappropriately in several places, to free ++ memory which has been previously allocated inside OpenSSL. ++ Such memory should be freed with OPENSSL_free(), not with free(). ++ [Nadav Har'El <nyh math.technion.ac.il>, ++ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]. ++ ++ *) Emit a message to the error log when we return 404 because ++ the URI contained '%2f'. (This was previously nastily silent ++ and difficult to debug.) [Ken Coar] ++ ++ *) Fix streaming output from an nph- CGI script. CGI:IRC now ++ works. PR 8482 [Jeff Trawick] ++ ++ *) More accurate logging of bytes sent in mod_logio when ++ the client terminates the connection before the response ++ is completely sent [Bojan Smojver <bojan rexursive.com>] ++ ++ *) Fix some problems in the perchild MPM. ++ [Jonas Eriksson <jonas webkonsulterna.com>] ++ ++ *) Change the CacheRoot processing to check for a required ++ value at config time. This saves a lot of wasted processing ++ if the mod_disk_cache module is loaded but no CacheRoot ++ was provided. This fix also adds code to log an error ++ and avoid useless pallocs and procesing when the computed ++ cache file name cannot be opened. This also updates the ++ docs accordingly. [Paul J. Reder] ++ ++ *) Introduce the EnableSendfile directive, allowing users of NFS ++ shares to disable sendfile mechanics when they either fail ++ outright or provide intermitantly corrupted data. PR ++ [William Rowe] ++ ++ *) Resolve the error "An operation was attempted on something ++ that is not a socket. : winnt_accept: AcceptEx failed. ++ Attempting to recover." for users of various firewall and ++ anti-virus software on Windows. PR 8325 [William Rowe] ++ ++ *) Add the ProxyBadHeader directive, which gives the admin some ++ control on how mod_proxy should handle bogus HTTP headers from ++ proxied servers. This allows 2.0 to "emulate" 1.3's behavior if ++ desired. [Jim Jagielski] ++ ++ *) Change the LDAP modules to export their symbols correctly ++ during a Windows build. Add dsp files for Windows. Update ++ README.ldap file for Windows build instructions. ++ [Andre Schild <A.Schild aarboard.ch>] ++ ++ *) Performance improvements for the code that generates HTTP ++ response headers [Brian Pane] ++ ++ *) Add -S as a synonym for -t -DDUMP_VHOSTS. ++ [Thom May <thom planetarytramp.net>] ++ ++ *) Fix a bug with dbm rewrite maps which caused the wrong value to ++ be used when the key was not found in the dbm. PR 13204 ++ [Jeff Trawick] ++ ++ *) Fix a problem with streaming script output and mod_cgid. ++ [Jeff Trawick] ++ ++ *) Add ap_register_provider/ap_lookup_provider API. ++ [John K. Sterling <john sterls.com>, Justin Erenkrantz] ++ ++Changes with Apache 2.0.43 ++ ++ *) SECURITY [CAN-2002-0840]: HTML-escape the address produced by ++ ap_server_signature() against this cross-site scripting ++ vulnerability exposed by the directive 'UseCanonicalName Off'. ++ Also HTML-escape the SERVER_NAME environment variable for CGI ++ and SSI requests. It's safe to escape as only the '<', '>', ++ and '&' characters are affected, which won't appear in a valid ++ hostname. Reported by Matthew Murphy <mattmurphy kc.rr.com>. ++ [Brian Pane] ++ ++ *) Fix a core dump in mod_cache when it attemtped to store uncopyable ++ buckets. This happened, for instance, when a file to be cached ++ contained SSI tags to execute a CGI script (passed as a pipe ++ bucket). [Paul J. Reder] ++ ++ *) Ensure that output already available is flushed to the network ++ when the content-length filter realizes that no new output will ++ be available for a while. This helps some streaming CGIs as ++ well as some other dynamically-generated content. [Jeff Trawick] ++ ++ *) Fix a mutex problem in mod_ssl session cache support which ++ could lead to an infinite loop. PR 12705 ++ [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick] ++ ++ *) SECURITY [CAN-2002-1156] (cve.mitre.org): ++ Fix the exposure of CGI source when a POST request is sent to ++ a location where both DAV and CGI are enabled. [Ryan Bloom] ++ ++ *) Allow the UserDir directive to accept a list of directories. ++ This matches what Apache 1.3 does. Also add documentation for ++ this feature. [Jay Ball <jay veggiespam.com>] ++ ++ *) New Module: mod_logio. adds the ability to log bytes sent and ++ received. [Bojan Smojver <bojan rexursive.com>] ++ ++ *) SuExec needs to use the same default directory as the rest of ++ server, namely /usr/local/apache2. ++ [SangBeom han <sbhan os.korea.ac.kr>] ++ ++ *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN. ++ [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett] ++ ++ *) Make sure the contents of the WWW-Authenticate header is ++ passed on a 4xx error by proxy. Previously all headers ++ were dropped, resulting in the browser being unable to ++ authenticate. [Dr Richard Reiner <rreiner fscinternet.com>, ++ Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman ++ <gwiseman fscinternet.com>, David Henderson ++ <dhenderson fscinternet.com>] ++ ++ *) Make mod_cache's CacheMaxStreamingBuffer directive work ++ properly for virtual hosts that override server-wide mod_cache ++ setttings. [Matthieu Estrade <estrade-m ifrance.com>] ++ ++ *) Add -p option to apxs to allow programs to be compiled with apxs. ++ [Justin Erenkrantz] ++ ++Changes with Apache 2.0.42 ++ ++ *) mod_dav: Check for versioning hooks before using them. ++ [Greg Stein] ++ ++Changes with Apache 2.0.41 ++ ++ *) The protocol version (eg: HTTP/1.1) in the request line parsing ++ is now case insensitive. [Jim Jagielski] ++ ++ *) Allow AddOutputFilterByType to add multiple filters per directive. ++ [Justin Erenkrantz] ++ ++ *) Remove warnings with Sun's Forte compiler. [Justin Erenkrantz] ++ ++ *) Fixed mod_disk_cache's generation of 304s ++ [Kris Verbeeck <Kris.Verbeeck ubizen.com>] ++ ++ *) Add support for using fnmatch patterns in the final path ++ segment of an Include statement (eg.. include /foo/bar/*.conf). ++ and remove the noise on stderr during config dir processing. ++ [Joe Orton <jorton redhat.com>] ++ ++ *) mod_cache: cache_storage.c. Add the hostname and any request ++ args to the key generated for caching. This provides a unique ++ key for each virtual host and for each request with unique ++ args. [Paul J. Reder, args code provided by Kris Verbeeck] ++ ++ *) mod_cache: Do not cache responses to GET requests with query ++ URLs if the origin server does not explicitly provide an ++ Expires header on the response (RFC 2616 Section 13.9) ++ [Kris Verbeeck <krisv be.ubizen.com>] ++ ++ *) Fix memory leak in core_output_filter. [Justin Erenkrantz] ++ ++ *) Update OpenSSL detection to work on Darwin. ++ [Sander Temme <sctemme covalent.net>] ++ ++ *) Update the xslt and css to give the documentation a more ++ modern style. ++ [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>] ++ ++ *) Fix some bucket memory leaks in the chunking code ++ [Joe Schaefer <joe+apache sunstarsys.com>] ++ ++ *) Add ModMimeUsePathInfo directive. [Justin Erenkrantz] ++ ++ *) mod_cache: added support for caching streamed responses (proxy, ++ CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane] ++ ++ *) Add image/x-icon to httpd.conf PR 10993. ++ [Ian Holsman, Peter Bieringer <pb bieringer.de>] ++ ++ *) Fix FileETags none operation. PR 12207. ++ [Justin Erenkrantz, Andrew Ho <andrew tellme.com>] ++ ++ *) Restored the experimental leader/followers MPM to working ++ condition and converted its thread synchronization from ++ mutexes to atomic CAS. [Brian Pane] ++ ++ *) Fix Logic on non-html file removal in mod_deflate ++ [Kris Verbeeck <Kris.Verbeeck ubizen.com>] ++ ++ *) Fix "ab -g"'s truncated year: the last digit was cut off. ++ [Leon Brocard <acme astray.com>] ++ ++ *) mod_rewrite can now sets cookies in err_headers, uses the correct ++ expiry date, and can now set the path as well ++ PR 12132,12181,12172. ++ [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>] ++ ++ *) The content-length filter no longer tries to buffer up ++ the entire output of a long-running request before sending ++ anything to the client. [Brian Pane] ++ ++ *) Win32: Lower the default stack size from 1MB to 256K. This will ++ allow around 8000 threads to be started per child process. ++ 'EDITBIN /STACK:size apache.exe' can be used to change this ++ value directly in the apache.exe executable. ++ [Bill Stoddard] ++ ++ *) Win32: Implement ThreadLimit directive in the Windows MPM. ++ [Bill Stoddard] ++ ++ *) Remove CacheOn config directive since it is set but never checked. ++ No sense wasting cycles on unused code. Besides, the only truly ++ bug free code is deleted code. :) [Paul J. Reder] ++ ++ *) BufferLogs are now run-time enabled, and the log_config now has 2 new ++ callbacks to allow a 3rd party module to actually do the writing of the ++ log file [Ian Holsman] ++ ++ *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs. ++ [André Malo, Astrid Keßler <kess kess-net.de>] ++ ++ *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>] ++ ++ *) Fix a null pointer dereference in the merge_env_dir_configs ++ function of the mod_env module. PR 11791 ++ [Paul J. Reder] ++ ++ *) New option to ServerTokens 'maj[or]'. Only show the major version ++ Also Surfaced this directive in the standard config (default FULL) ++ [Ian Holsman] ++ ++ *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite ++ maps. The dbm type (e.g., ndbm, gdbm) can be specified on the ++ RewriteMap directive. PR 10644 [Jeff Trawick] ++ ++ *) Fixed mod_rewrite's RewriteMap prg: support so that request/response ++ pairs will no longer get out of sync with each other. PR 9534 ++ [Cliff Woolley] ++ ++ *) Fixes required to get quoted and escaped command args working in ++ mod_ext_filter. PR 11793 [Paul J. Reder] ++ ++ *) mod-proxy: handle proxied responses with no status lines ++ [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>] ++ ++ *) Fix bug where environment or command line arguments containing ++ non-ASCII-7 characters would cause the Win32 child process creation ++ to fail. PR 11854 [William Rowe] ++ ++ *) Bug #11213.. make module loading error messages more informative ++ [Ian Darwin <Ian779 darwinsys.com>] ++ ++ *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman] ++ ++ *) mod_disk_cache works much better. This module should still ++ be considered experimental. [Eric Prud'hommeaux] ++ ++ *) Performance improvement for keepalive requests: when setting ++ aside a small file for potential concatenation with the next ++ response on the connection, set aside the file descriptor rather ++ than copying the file into the heap. [Brian Pane] ++ ++ *) Modified version check on openssl so that it finds the executable ++ first and then performs a check of the version, only warning the ++ user if they chose, or we selected, an old version of OpenSSL. ++ This change also allows the code to work for non-openssl libraries ++ selected via the --with-ssl=dir option, which can override the ++ automated library check in any case. [Roy Fielding] ++ ++Changes with Apache 2.0.40 ++ ++ *) SECURITY [CAN-2002-0661] (cve.mitre.org): ++ Close a very significant security hole that ++ applies only to the Win32, OS2 and Netware platforms. Unix was not ++ affected, Cygwin may be affected. Certain URIs will bypass security ++ and allow users to invoke or access any file depending on the system ++ configuration. Without upgrading, a single .conf change will close ++ the vulnerability. Add the following directive in the global server ++ httpd.conf context before any other Alias or Redirect directives; ++ RedirectMatch 400 "\\\.\." ++ Reported by Auriemma Luigi <bugtest sitoverde.com>. ++ [Brad Nicholes] ++ ++ *) SECURITY [CAN-2002-0654] (cve.mitre.org): ++ Close a path-revealing exposure in multiview type ++ map negotiation (such as the default error documents) where the ++ module would report the full path of the typemapped .var file when ++ multiple documents or no documents could be served based on the mime ++ negotiation. Reported by Auriemma Luigi <bugtest sitoverde.com>. ++ [William Rowe] ++ ++ *) SECURITY [CAN-2002-0654] (cve.mitre.org): ++ Close a path-revealing exposure in cgi/cgid when we ++ fail to invoke a script. The modules would report "couldn't create ++ child process /path-to-script/script.pl" revealing the full path ++ of the script. Reported by Jim Race <jrace qualys.com>. ++ [Bill Stoddard] ++ ++ *) Set aside the apr-iconv and apr_xlate() features for the Win32 ++ build of 2.0.40 so development can be completed. A patch, from ++ <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/> ++ will be available for those that wish to work with apr-iconv. ++ [William Rowe] ++ ++ *) Fix proxy so that it is possible to access ftp: URLs via a proxy ++ chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>] ++ ++ *) mod-deflate now checks to make sure that 'gzip-only-text/html' is ++ set to 1, so we can exclude things from the general case with ++ browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>] ++ ++ *) Accept multiple leading /'s for requests within the DocumentRoot. ++ PR 10946 [William Rowe, David Shane Holden <dpejesh yahoo.com>] ++ ++ *) Solved the reports of .pdf byterange failures on Win32 alone. ++ APR's sendfile for the win32 platform collapses header and trailer ++ buffers into a single buffer. However, we destroyed the pointers ++ to the header buffer if a trailer buffer was present. PR 10781 ++ [William Rowe] ++ ++ *) mod_ext_filter: Add the ability to enable or disable a filter via ++ an environment variable. Add the ability to register a filter of ++ type other than AP_FTYPE_RESOURCE. [Jeff Trawick] ++ ++ *) Restore the ability to specify host names on Listen directives. ++ PR 11030. [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>] ++ ++ *) When deciding on the default address family for listening sockets, ++ make sure we can actually bind to an AF_INET6 socket before ++ deciding that we should default to AF_INET6. This fixes a startup ++ problem on certain levels of OpenUNIX. PR 10235. [Jeff Trawick] ++ ++ *) Replace usage of atol() to parse strings when we might want a ++ larger-than-long value with apr_atoll(), which returns long long. ++ This allows HTTPD to deal with larger files correctly. ++ [Shantonu Sen <ssen apple.com>] ++ ++ *) mod_ext_filter: Ignore any content-type parameters when checking if ++ the response should be filtered. Previously, "intype=text/html" ++ wouldn't match something like "text/html;charset=8859_1". ++ [Jeff Trawick] ++ ++ *) mod_ext_filter: Set up environment variables for external programs. ++ [Craig Sebenik <craig netapp.com>] ++ ++ *) Modified the HTTP_IN filter to immediately append the EOS (end of ++ stream) bucket for C-L POST bodies, saving a roundtrip and allowing ++ the caller to determine that no content remains without prefetching ++ additional POST body. [William Rowe] ++ ++ *) Get proxy ftp to work over IPv6. [Shoichi Sakane <sakane kame.net>] ++ ++ *) Look for OpenSSL libraries in /usr/lib64. [Peter Poeml <poeml suse.de>] ++ ++ *) Update SuSE layout. [Peter Poeml <poeml suse.de>] ++ ++ *) Changes to the internationalized error documents: ++ Comment them out in the default config file to make the default ++ install as simple as possible; Correct the english 500 error to ++ be more understandable; Add a Swedish translation. ++ [Thomas Sjogren <thomas northernsecurity.net>, ++ Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive] ++ ++ *) Increase the limit on file descriptors per process in apachectl. ++ [Brian Pane] ++ ++ *) Fix a dependency error when building ApacheMonitor, so that Win32 ++ and MSVC now trust that the project is current (when it is). ++ [James Cox <imajes php.net>] ++ ++ *) mod_ext_filter: don't segfault if content-type is not set. PR 10617. ++ [Arthur P. Smith <apsmith aps.org>, Jeff Trawick] ++ ++ *) APR-Util Renames pending have been completed [Thom May] ++ ++ *) Performance improvements for the code that reads request ++ headers (ap_rgetline_core() and related functions) [Brian Pane] ++ ++ *) Add a new directive: MaxMemFree. MaxMemFree makes it possible ++ to configure the maximum amount of memory the allocators will ++ hold on to for reuse. Anything over the MaxMemFree threshold ++ will be free()d. This directive is useful when uncommon large ++ peaks occur in memory usage. It should _not_ be used to mask ++ defective modules' memory use. [Sander Striker] ++ ++ *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI ++ scripts would not result in a truncated response. ++ [Ryan Bloom, Justin Erenkrantz, Cliff Woolley] ++ ++ *) Add a filter_init parameter to the filter registration functions ++ so that a filter can execute arbitrary code before the handlers ++ are invoked. This resolves a problem where mod_include requests ++ would incorrectly return a 304. [Justin Erenkrantz] ++ ++ *) Fix a long-standing bug in 2.0, CGI scripts were being called ++ with relative paths instead of absolute paths. Apache 1.3 used ++ absolute paths for everything except for SuExec, this brings back ++ that standard. [Ryan Bloom] ++ ++ *) Fix infinite loop due to two HTTP_IN filters being present for ++ internally redirected requests. PR 10146. [Justin Erenkrantz] ++ ++ *) Switch conn_rec->keepalive to an enumeration rather than a bitfield. ++ [Justin Erenkrantz] ++ ++ *) Fix mod_ext_filter to look in the main server for filter definitions ++ when running in a vhost if the filter definition is not found in ++ the vhost. PR 10147 [Jeff Trawick] ++ ++ *) Support WinNT CGI invocation through ScriptInterpreterSource ++ 'registry' for script interpreter paths and names with non-ascii ++ characters in the executable filepath. [William Rowe] ++ ++ *) Support the -w flag on to keep the Win32 console open on error. ++ [William Rowe] ++ ++ *) Normalize the hostname value in the request_rec to all-lowercase ++ [Perry Harrington <pedward webcom.com>] ++ ++ *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include ++ extended characters (non US-ASCII) in non-utf8 format. This brings ++ Win32 back into CGI/1.1 compliance, and leaves charset decoding up ++ to the cgi application itself. [William Rowe] ++ ++ *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache ++ modules to bring them up to the current apr/apr-util APIs. ++ [William Rowe] ++ ++ *) Fix segfault in mod_mem_cache most frequently observed when ++ serving the same file to multiple clients on an MP machine. ++ [Bill Stoddard] ++ ++ *) mod_rewrite can now set cookies (RewriteRule (.*) - [CO=name:$1:.domain]) ++ [Brian Degenhardt <bmd mp3.com>, Ian Holsman] ++ ++ *) Fix perchild to work with apachectl by adding -k support to perchild. ++ PR 10074 [Jeff Trawick] ++ ++ *) Fix a silly htpasswd.c logic error that incorrectly reported that ++ both -c and -n had been used. PR 9989 [Cliff Woolley] ++ ++ *) Fixed a mod_include error case in which no HTTP response was sent ++ to the client if an shtml document contained an unterminated SSI ++ directive [Brian Pane] ++ ++ *) Improve ap_get_client_block implementation by using APR-util brigade ++ helper functions and relying on current filter assumptions. ++ [Justin Erenkrantz] ++ ++Changes with Apache 2.0.39 ++ ++ *) Fixed a build problem in htpasswd.c on Win32. ++ [Guenter Knauf <eflash gmx.net>, Cliff Woolley] ++ ++Changes with Apache 2.0.38 ++ ++ *) Rewrite htpasswd to use APR. The removes the annoying warning about ++ tmpnam being unsafe. [Ryan Bloom] ++ ++ *) We must set the MIME-type for .shtml files to text/html if we want them ++ to be parsed for SSI tags. Add the config for that to the default ++ config file so that it is easier to enable .shtml parsing. ++ [Dave Dyer <ddyer real-me.net>] ++ ++ *) Fixed a problem with 'make install' on ReliantUnix. ++ [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>] ++ ++ *) Make the default_handler catch all requests that aren't served by ++ another handler. This also gets us to return a 404 if a directory ++ is requested, there is no DirectoryIndex, and mod_autoindex isn't ++ loaded. [Justin Erenkrantz] ++ ++ *) Fixed the handling of nested if-statements in shtml files. ++ PR 9866 [Brian Pane] ++ ++ *) Allow 'make install DESTDIR=/path'. This allows packagers to install ++ into a directory different from the one that was configured. This ++ also mirrors the root= feature from 1.3. We cannot use prefix=, ++ because both APR and APR-util resolve their installation paths at ++ configuration time. This means that there is no variable prefix ++ to replace. [Andreas Hasenack <andreas netbank.com.br>] ++ ++ *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT. ++ These levels of AIX don't have a thundering herd problem with ++ accept(). [Jeff Trawick] ++ ++ *) prefork MPM: Ignore mutex errors during graceful restart. For ++ certain types of mutexes (particularly SysV semaphores), we ++ should expect to occasionally fail to obtain or release the ++ mutex during restart processing. [Jeff Trawick] ++ ++ *) Fix install-bindist.sh so that it finds any perl instead of just ++ early perl 5.x versions. This is consistent with a build/install ++ from source, and it allows the perl scripts installed by a bindist ++ to work on systems with perl 5.6. [Jeff Trawick] ++ ++ *) Fix apxs so that the makefile created by "apxs -g" works on AIX and ++ Tru64 (and probably some other platforms). [Jeff Trawick] ++ ++ *) Allow CGI scripts to return their Content-Length. This also fixes a ++ hang on HEAD requests seen on certain platforms (such as FreeBSD). ++ [Justin Erenkrantz] ++ ++ *) Added log rotation based on file size to the RotateLog support ++ utility. [Brad Nicholes] ++ ++ *) Fix some casting in mod_rewrite which broke random maps. ++ PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick] ++ ++Changes with Apache 2.0.37 ++ ++ *) allow POST method over SSL when per-directory client cert ++ authentication is used with 'SSLOptions +OptRenegotiate' enabled ++ and a client cert was found in the ssl session cache. ++ ++ *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl ++ session cache when there is no cert chain in the cache. prior to ++ the fix this situation would result in a FORBIDDEN response and ++ error message "Cannot find peer certificate chain" ++ [Doug MacEachern] ++ ++ *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if ++ one was already sent. PR 9644 [Jeff Trawick] ++ ++ *) Fix the display of the default name for the mime types config ++ file. PR 9729 [Matthew Brecknell <mbrecknell orchestream.com>] ++ ++ *) Fix the working directory *for WinNT/2K/XP services only* to ++ change to the Apache directory (one level above the location ++ of Apache.exe, in the case that Apache.exe resides in bin/.) ++ Solves the case of ServerRoot /foo paths where /foo was not ++ on the same drive as /winnt/system32. [William Rowe] ++ ++ *) Make 2.0's "AcceptMutex" startup message now "completely" ++ match how 1.3 does it. [Jim Jagielski] ++ ++ *) Implement a fixed size memory cache using a priority queue ++ [Ian Holsman] ++ ++ *) Fix apxs to allow "apxs -q installbuilddir" and to allow ++ querying certain other variables from config_vars.mk. PR 9316 ++ [Jeff Trawick] ++ ++ *) Added the "detached" attribute to the cgi_exec_info_t internals ++ so that Win32 and Netware won't create a new window or console ++ for each CGI invoked. PR 8387 ++ [Brad Nicholes, William Rowe] ++ ++ *) Consolidated the command line parameters and attributes that are ++ manipulated by the optional function ap_cgi_build_command() in ++ mod_cgi into a single structure. ++ [Brad Nicholes] ++ ++ *) Get rid of uninitialized value errors with "apxs -q" on certain ++ variables. [Stas Bekman <stas stason.org>] ++ ++ *) Fix apxs to allow it to work when the build directory is somewhere ++ besides server-root/build. PR 8453 ++ [Jeff Trawick and a host of others] ++ ++ *) Allow ap_discard_request_body to be called multiple times in the ++ same request. Essentially, ap_http_filter keeps track of whether ++ it has sent an EOS bucket up the stack, if so, it will only ever ++ send an EOS bucket for this request. ++ [Ryan Bloom, Justin Erenkrantz, Greg Stein] ++ ++ *) Remove all special mod_ssl URIs. This also fixes the bug where ++ redirecting (.*) will allow an SSL protected page to be viewed ++ without SSL. [Ryan Bloom] ++ ++ *) Fix the binary build install script so that the build logic ++ created by "apxs -g" will work when the user has a binary ++ build. [Jeff Trawick] ++ ++ *) Allow instdso.sh to work with full paths to the shared module. ++ [Justin Erenkrantz] ++ ++ *) NetWare: Enabled CGI functionality and added mod_cgi as a built ++ in module for NetWare [Brad Nicholes] ++ ++ *) Changed cgi and piped log behavior to accept 65536 characters ++ on Win32 (matching Linux) before deadlocking between outputing ++ client stdin, slurping the output from stdout and then the stderr ++ stream. PR 8179 [William Rowe] ++ ++ *) Fixed Win32 wintty.exe support to assure the window title is valid. ++ Elimiates possible gpfault or garbage title without the -t option. ++ [William Rowe] ++ ++ *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use ++ brigades and input filters. [Justin Erenkrantz] ++ ++ *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request ++ body. [Justin Erenkrantz] ++ ++ *) NetWare: Piping log entries through RotateLogs using the ++ CustomLogs directive is finally supported now that we have ++ the pipes and spawning functionality working. ++ [Brad Nicholes] ++ ++ *) SECURITY [CVE-2002-0392] (cve.mitre.org) [CERT VU#944335]: ++ Detect overflow when reading the hex bytes forming a chunk line. ++ [Aaron Bannert] ++ ++ *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464. ++ [James Tait <JTait wyrddreams.demon.co.uk>] ++ ++ *) Correctly return 413 when an invalid chunk size is given on ++ input. Also modify ap_discard_request_body to not do anything ++ on sub-requests or when the connection will be dropped. ++ [Justin Erenkrantz] ++ ++ *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469. ++ [Cliff Woolley] ++ ++ *) Ensure that apr_brigade_write() flushes in all of the cases that ++ it should to avoid conditions in some modules that could cause ++ large amounts of data to be buffered. [Cliff Woolley] ++ ++ *) Fix problem where mod_cache/mod_disk_cache was incorrectly ++ stripping the content_type from cached responses. ++ [Bill Stoddard] ++ ++ *) apachectl passes through any httpd options. Note: apachectl ++ should be used in preference to httpd since it ensures that any ++ appropriate environment variables have been set up. ++ [Jeff Trawick] ++ ++ *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir. ++ PR 7810 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>] ++ ++ *) Fix suexec execution of CGI scripts from mod_include. ++ PR 7791, 8291 [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>] ++ ++ *) Fix segfaults at startup on some platforms when mod_auth_digest, ++ mod_suexec, or mod_ssl were used as DSO's due to the way they ++ were tracking the current init phase since DSO's get completely ++ unloaded and reloaded between phases. PR 9413. ++ [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes] ++ ++ *) Fix mod_include's handling of regular expressions in ++ "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>] ++ ++ *) Fix the worker MPM deadlock problem [Brian Pane] ++ ++ *) Modify the module documentation to allow for translations. ++ [Yoshiki Hayashi, Joshua Slive] ++ ++ *) Fix a file permissions problem which prevented mod_disk_cache ++ from working on Unix. [Jeff Trawick] ++ ++ *) Add "-k start|restart|graceful|stop" support to httpd for the Unix ++ MPMs. These have semantics very similar to the old apachectl ++ commands of the same name. [Justin Erenkrantz, Jeff Trawick] ++ ++ *) Make sure that the runtime dir is created by make install. ++ PR 9233. [Jeff Trawick] ++ ++ *) Fix an unusual set of ./configure arguments that could cause ++ mod_http to be built as a DSO, which it currently doesn't ++ support. PR 9244. ++ [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>] ++ ++ *) Win32: Fix bug in apr_sendfile() that caused incorrect operation ++ of the %X, %b and %B logformat options. PR 8253, 8996. ++ [Bill Stoddard] ++ ++ *) If content-encoding is already present, do not run deflate (PR 9222) ++ [Kazuhisa ASADA <kaz asada.sytes.net>] ++ ++ *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated. ++ It is currently ignored and it will be removed in a future release ++ of Apache. [Jeff Trawick] ++ ++ *) Removed documentation references to the no-longer-supported ++ "make certificate" feature of mod_ssl for Apache 1.3.x. Test ++ certificates, if truly desired, can be generated using openssl ++ commands. PR 8724. [Cliff Woolley] ++ ++ *) Remove SSLLog and SSLLogLevel directives in favor of having ++ mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz] ++ ++ *) OS/390: LIBPATH no longer has to be manually uncommented in ++ envvars to get apachectl to set up httpd properly. [Jeff Trawick] ++ ++ *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile, ++ may now be specified to the <File/Directory > container, rather ++ than by vhost. [William Rowe] ++ ++ *) mod_isapi: Experimental support for faux async support for ISAPI ++ modules. [William Rowe] ++ ++ *) mod_isapi: Major refactoring of the code to rely on apr internals ++ rather than MS APIs (using our own mod_isapi.h headers for ISAPI ++ symbol definitions.) [William Rowe] ++ ++ *) mod_isapi: Fixed the return string length from GetServerVariable ++ callback, it was not including the trailing null in the consumed ++ buffer size. This was particularly bad for Delphi 6.0 users. ++ PR 8934 [Sebastian Hantsch <sebastian.hantsch gmx.de>] ++ ++ *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net). ++ [William Rowe] ++ ++ *) Make apxs look in the correct directory for envvars. It was ++ broken when sbindir != bindir. PR 8869 ++ [Andreas Sundström <sunkan zappa.cx>] ++ ++ *) Fix mod_deflate corruption when using multiple buckets. PR 9014. ++ [Asada Kazuhisa <kaz asada.sytes.net>] ++ ++ *) Performance enhancements for access logger when using ++ default timestamp formatting [Brian Pane] ++ ++ *) Added EnableMMAP config directive to enable the server ++ administrator to disable memory-mapping of delivered files ++ on a per-directory basis. [Brian Pane] ++ ++ *) Performance enhancements for mod_setenvif [Brian Pane] ++ ++ *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick] ++ ++ *) Fixed If-Modified-Since on Win32, which would give false positives ++ because of the sub-second resolution of file timestamps on that ++ platform. [Cliff Woolley] ++ ++ *) Reverse the hook ordering for mod_userdir and mod_alias so ++ that Alias/ScriptAlias will override Userdir. PR 8841 ++ [Joshua Slive] ++ ++ *) Move mod_deflate out of experimental and into filters. ++ [Justin Erenkrantz] ++ ++ *) Get proxy CONNECT basically working. [Jeff Trawick] ++ ++ *) Fix mod_rewrite hang when APR uses SysV Semaphores and ++ RewriteLogLevel is set to anything other than 0. PR: 8143 ++ [Aaron Bannert, Cliff Woolley] ++ ++ *) Fix byterange requests from returning 416 when using dynamic data ++ (such as filters like mod_include). [Justin Erenkrantz] ++ ++ *) Allow mod_rewrite's set of "int:" internal RewriteMap functions ++ to be extended by third-party modules via an optional function. ++ [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley] ++ ++ *) Fix mod_include expression parser's handling of unquoted strings ++ followed immediately by a closing paren. PR 8462. [Brian Pane] ++ ++ *) Remove autom4te.cache in 'make distclean'. ++ [Thom May <thom planetarytramp.net>] ++ ++ *) Fix generated httpd.conf to respect layout for LoadModule lines. ++ PR 8170. [Thom May <thom planetarytramp.net>] ++ ++ *) Win32: During a graceful restart, threads in the new process ++ were accessing scoreboard slots still in use by active threads in ++ the old process. [Bill Stoddard] ++ ++Changes with Apache 2.0.36 ++ ++ *) Fix some minor formatting issues with ab. Part of this is ++ in reference to PR 8544, the rest I noticed while testing ++ the PR fix. [Paul J. Reder] ++ ++ *) Fix a case where an invalid pass phrase is entered and an ++ error message is given, but the prompt is not shown again. ++ This left the user in an ambiguous state. PR 8320 [Paul J. Reder] ++ ++ *) Close sockets on worker MPM when doing a graceless restart. ++ [Aaron Bannert] ++ ++ *) Reverted a minor optimization in mod_ssl.c that used the vhost ID ++ as the session id context rather that a MD5 hash of that vhost ID, ++ because it caused very long vhost id's to be unusable with mod_ssl. ++ PR 8572. [Cliff Woolley] ++ ++ *) Fix the link to the description of the CoredumpDirectory ++ directive in the server-wide document. PR 8643. [Jeff Trawick] ++ ++ *) Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley] ++ ++ *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24: ++ - Avoid SIGBUS on sparc machines with SHMCB session caches ++ - Allow whitespace between the pipe and the name of the ++ program in SSLLog "| /path/to/program". [Cliff Woolley] ++ ++ *) Introduce mod_ext_filter and mod_deflate experimental modules ++ to the Win32 build (zlib sources must be in srclib\zlib.) ++ [William Rowe] ++ ++ *) Changes to the worker MPM's queue management and thread ++ synchronization code to reduce mutex contention [Brian Pane] ++ ++ *) Don't install *.in configuration files since we already install ++ *-std.conf files. [Aaron Bannert] ++ ++ *) Many improvements to the threadpool MPM. [Aaron Bannert] ++ ++ *) Fix subreqs that are promoted via fast_redirect from having invalid ++ frec->r structures. This would cause subtle errors later on in ++ request processing such as seen in PR 7966. [Justin Erenkrantz] ++ ++ *) More efficient pool recycling logic for the worker MPM [Brian Pane] ++ ++ *) Modify the worker MPM to not accept() new connections until ++ there is an available worker thread. This prevents queued ++ connections from starving for processing time while long-running ++ connections were hogging all the available threads. [Aaron Bannert] ++ ++ *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO. ++ [Aaron Bannert] ++ ++ *) Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick] ++ ++ *) Allow mod_unique_id to work on systems with no IPv4 address ++ corresponding to their host name. [Jeff Trawick] ++ ++ *) Fix suexec behavior with user directories. PR 7810. ++ [Colm <colmmacc redbrick.dcu.ie>] ++ ++ *) Reject a blank UserDir directive since it is ambiguous. PR 8472. ++ [Justin Erenkrantz] ++ ++ *) Make mod_mime use case-insensitive matching when examining ++ extensions on all platforms. PR 8223. [Justin Erenkrantz] ++ ++ *) Add an intelligent error message should no proxy submodules be ++ valid to handle a request. PR 8407 [Graham Leggett] ++ ++ *) Major improvements in concurrent processing for AB by enabling ++ non-blocking connect()s and preventing APR from doing blocking ++ read()s. Also implement fatal error checking for apr_recv(). ++ [Aaron Bannert] ++ ++ *) Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe] ++ ++ *) Fix Win32 'short name' aliases in httpd.conf directives. ++ PR 8009 [William Rowe] ++ ++ *) Fix generation of default httpd.conf when the layout paths are ++ disjoint. PR 7979, 8227. [Justin Erenkrantz] ++ ++ *) Swap downgrade-1.0 and force-response-1.0 conditional checks so ++ that downgraded responses can have force-response. PR 8357. ++ [Justin Erenkrantz] ++ ++ *) Fix perchild MPM so that it can be configured with the move to the ++ experimental directory. [Scott Lamb <slamb slamb.org>] ++ ++ *) Fix perchild MPM so that it uses ap_gname2id for groups instead of ++ ap_uname2id. [Scott Lamb <slamb slamb.org>] ++ ++ *) Fix AcceptPathInfo. PR 8234 [Cliff Woolley] ++ ++ *) SECURITY: Added the APLOG_TOCLIENT flag to ap_log_rerror() to ++ explicitly tell the server that warning messages should be sent ++ to the client in addition to being recorded in the error log. ++ Prior to this change, ap_log_rerror() always sent warning ++ messages to the client. In one case, a faulty CGI script caused ++ the server to send a warning message to the client that contained ++ the full path to the CGI script. This could be considered a ++ minor security exposure. [Bill Stoddard] ++ ++ *) mod_autoindex output when SuppressRules was specified would ++ omit the first carriage return so the first item in the list ++ would appear to the right of the column headings instead of ++ underneath them. PR 8016 [David Shane Holden <dpejesh yahoo.com>] ++ ++ *) Moved the call to apr_mmap_dup outside the error branch so ++ that it would actually get called. This fixes a core dump ++ at init everytime you use the MMapFile directive. PR 8314 ++ [Paul J. Reder] ++ ++ *) Trigger an error when a LoadModule directive attempts to ++ load a module which is built-in. This is a common error when ++ switching from a DSO build to a static build. [Jeff Trawick] ++ ++ *) Change instdso.sh to use libtool --install everywhere and then ++ clean up some stray files and symlinks that libtool leaves around ++ on some platforms. This gets subversion building properly since ++ it needed a re-link to be performed by libtool at install time, ++ and the old instdso.sh logic to simply cp the DSO didn't handle ++ that requirement. [Sander Striker] ++ ++ *) Allow VPATH builds to succeed when configured from an empty ++ directory. [Thom May <thom planetarytramp.net>] ++ ++ *) Fix 'control reaches end of non-void function' warning in ++ server/log.c. [Ben Collins-Sussman <sussman collab.net>] ++ ++ *) Perchild MPM is now correctly deemed as experimental and is now ++ located in server/mpm/experimental. [Justin Erenkrantz] ++ ++ *) Fix segfault in mod_mem_cache when garabge collecting an expired ++ cache entry. [Bill Stoddard] ++ ++ *) Introduced -E startup_logfile_name option to httpd to allow admins ++ to begin logging errors immediately. This provides Win32 users ++ an alternative to sending startup errors to the event viewer, and ++ allows other daemon tool authors an alternative to logging to stderr. ++ [William Rowe] ++ ++ *) Fix subreqs with non-defined Content-Types being served improperly. ++ [Justin Erenkrantz] ++ ++ *) Merge in latest GNU config.guess and config.sub files. PR 7818. ++ [Justin Erenkrantz] ++ ++ *) Move 100 - Continue support to the HTTP_IN filter so that filters ++ are guaranteed to support 100 - Continue logic without any ++ intervention. [Justin Erenkrantz] ++ ++ *) Add HTTP chunked input trailer support. [Justin Erenkrantz] ++ ++ *) Rename and export get_mime_headers as ap_get_mime_headers. ++ [Justin Erenkrantz] ++ ++ *) Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz] ++ ++ *) Properly substitute sbindir as httpd's location in apachectl. PR 7840. ++ [Andreas Hasenack <andreas netbank.com.br>] ++ ++ *) Allow Win32 shebang scripts to follow the path (or omit the .exe ++ suffix from the shebang command), and allow ScriptInterpreterSource ++ Registry or RegistryStrict to override shebang lines, as 1.3 did. ++ PR 8004 [William Rowe] ++ ++ *) worker MPM: Fix a situation where a child exited without releasing ++ the accept mutex. Depending on the OS and mutex mechanism this ++ could result in a hang. [Jeff Trawick] ++ ++ *) Update the instructions for how to get started with mod_example. ++ [Stas Bekman] ++ ++ *) Fix PidFile to default to rel_runtimedir instead of ++ rel_logfiledir. PR 7841. [Andreas Hasenack <andreas netbank.com.br>] ++ ++ *) Win32: Fix problem that caused rapid performance degradation ++ when number of connecting clients exceeded ThreadsPerChild. ++ [Bill Stoddard] ++ ++ *) Fixed a segfault parsing large SSIs on non-mmap systems. ++ [Brian Havard] ++ ++ *) Proxy was bombing out every second keepalive request, caused by a ++ stray CRLF before the second response's status line. Proxy now ++ tries to read one more line if it encounters a CRLF where it ++ expected a status. PR 10010 [Graham Leggett] ++ ++ *) Deprecated the apr_lock.h API. Please see the following files ++ for the improved thread and process locking and signaling: ++ apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h, ++ apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert] ++ ++ *) Change mod_status to use scoreboard accessor functions so it can ++ be used in any MPM without having to be recompiled. ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter ++ handle declarations are recognized. This fixes problems loading ++ mod_autoindex on some platforms. [Brian Havard] ++ ++ *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>] ++ ++ *) Remind the admin about the User and Group directives when we are ++ unable to set permissions on a semaphore. PR 7812 [Jeff Trawick] ++ ++ *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802 ++ [Doug MacEachern] ++ ++ *) fix possible infinite loop in mod_ssl triggered by certain ++ netscape clients [Doug MacEachern] ++ ++ *) fix ProxyPass when frontend is https and backend is http ++ [Doug MacEachern] ++ ++ *) Add DASL support to mod_dav ++ [Sung Kim <hunkim cse.ucsc.edu>] ++ ++Changes with Apache 2.0.35 ++ ++ *) mod_rewrite: updated to use the new APR global mutex type. ++ [Aaron Bannert] ++ ++ *) Fixes for mod_include errors on boundary conditions in which ++ "<!--#" occurs at the very end of a bucket ++ [Paul Reder, Brian Pane] ++ ++ *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to ++ cause the Apache parent process to run in the foreground (similar to ++ -DNO_DETACH except that it doesn't switch session ids). ++ [Jeff Trawick] ++ ++ *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem) ++ for those platforms that support it. If using the default ++ implementation, this is between pthread and sysvsem in priority. ++ This implies it's the new default for Darwin. [Jim Jagielski] ++ ++ *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE ++ environment variables in the envvars file. [Jeff Trawick] ++ ++ *) worker MPM: Don't create a listener thread until we have a worker ++ thread. Otherwise, in situations where we'll have to wait a while ++ to take over scoreboard slots from a previous generation, we'll be ++ accepting connections we can't process yet. [Jeff Trawick] ++ ++ *) Allow worker MPM to build on systems without pthread_kill(). ++ [Pier Fumagalli, Jeff Trawick] ++ ++ *) Prevent ap_add_output_filters_by_type from being called in ++ ap_set_content_type if the content-type hasn't changed. ++ [Justin Erenkrantz] ++ ++ *) Performance: implemented the bucket allocator made possible by the ++ API change in 2.0.34. [Cliff Woolley] ++ ++ *) Don't allow initialization to succeed if we can't get a socket ++ corresponding to one of the Listen statements. [Jeff Trawick] ++ ++Changes with Apache 2.0.34 ++ ++ *) Allow all Perchild directives to accept either numerical UID/GID ++ or logical user/group names. [Scott Lamb <slamb slamb.org>] ++ ++ *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom] ++ ++ *) implement ssl proxy to support ProxyPass / https:// and the ++ SSLProxy* directives [Doug MacEachern] ++ ++ *) Update mod_cgid to not do single-byte socket reads for CGI headers ++ [Brian Pane] ++ ++ *) Made AB's use of the Host: header rfc2616 compliant ++ by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik]. ++ ++ *) The old, legacy (and unused) code in which the scoreboard was totally ++ and completely contained in a file (SCOREBOARD_FILE) has been ++ removed. This does not affect scoreboards which are *mapped* to ++ files using named-shared-memory. [Jim Jagielski] ++ ++ *) Change bucket brigades API to allow a "bucket allocator" to be ++ passed in at certain points. This allows us to implement freelists ++ so that we can stop using malloc/free so frequently. ++ [Cliff Woolley, Brian Pane] ++ ++ *) Add support for macro expansion within the variable names in ++ <!--#echo--> and <!--#set--> directives [Brian Pane] ++ ++ *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes] ++ ++ *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422 ++ [Joe Orton] ++ ++ *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl ++ [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern] ++ ++ *) Add a new parameter to the quick_handler hook to instruct ++ quick handlers to optionally do a lookup rather than actually ++ serve content. This is the first of several changes required fix ++ several problems with how quick handlers work with subrequests. ++ [Bill Stoddard] ++ ++ *) worker MPM: Get MaxRequestsPerChild to work again. [Jeff Trawick] ++ ++ *) [APR-related] The ordering of the default accept mutex method has ++ been changed to better match what's done in Apache 1.3. The ordering ++ is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock. ++ [Jim Jagielski] ++ ++ *) Ensure that the build/ directory is created when using VPATH. ++ [Justin Erenkrantz] ++ ++ *) Add some popular types to the mime magic file. PR 7730. ++ [Linus Walleij <triad df.lth.se>, Justin Erenkrantz] ++ ++ *) Remove the single-byte socket reads for CGI headers [Brian Pane] ++ ++ *) When a proxied site was being served, Apache was replacing ++ the original site Server header with it's own, which is not ++ allowed by RFC2616. Fixed. [Graham Leggett] ++ ++ *) Fix a mod_cgid problem that left daemon processes stranded ++ in some server restart scenarios. [Jeff Trawick] ++ ++ *) Added exp_foo and rel_foo variables to config_vars.mk for ++ all Apache and Autoconf path variables (like --sysconfdir, ++ --sbindir, etc). exp_foo is the "expanded" version, which means ++ that all internal variable references have been interpolated. ++ rel_foo is the same as $exp_foo, only relative to $prefix if they ++ share a common path. [Aaron Bannert] ++ ++ *) Fix some restart/terminate problems in the worker MPM. Don't ++ drop connections during graceful restart. [Jeff Trawick] ++ ++ *) Change the header merging behaviour in proxy, as some headers ++ (like Set-Cookie) cannot be unmerged due to stray commas in ++ dates. [Graham Leggett] ++ ++ *) Be more vocal about what AcceptMutex values we allow, to make ++ us closer to how 1.3 does it. [Jim Jagielski] ++ ++ *) Get nph- CGI scripts working again. PRs 8902, 8907, 9983 ++ [Jeff Trawick] ++ ++ *) Upgraded PCRE library to latest version 3.9 [Brian Pane] ++ ++ *) Add accessor function to set r->content_type. From now on, ++ ap_rset_content_type() should be used to set r->content_type. ++ This change is required to properly implement the ++ AddOutputFilterByType configuration directive. ++ [Bill Stoddard, Sander Striker, Ryan Bloom] ++ ++ *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by ++ RFC 3253. Improved the method name/number mapping functions. ++ [Greg Stein] ++ ++ *) remove sock_enable_linger from connection.c [Ian Holsman] ++ ++ *) Fix for virtual host processing where the requested hostname ++ has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>] ++ ++ *) mod_dav's APIs for REPORT response handling was changed so that ++ providers can generate the content directly into the output filter ++ stack, rather than buffering the response into memory. [Greg Stein] ++ ++ *) Fix a hang condition with graceful restart and prefork MPM ++ in the situation where MaxClients is very high but ++ much fewer servers are actually started at the time of the ++ restart. [Jeff Trawick] ++ ++ *) Small performance fixes for mod_include [Brian Pane] ++ ++ *) Performance improvement for the error logger [Brian Pane] ++ ++ *) Change configure so that Solaris 8 and above have ++ SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default. ++ according to sun people solaris 8+ doesn't have a thundering ++ herd problem [Ian Holsman] ++ ++ *) Allow URIs specifying CGI scripts to include '/' at the end ++ (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs ++ which ignore '/' at the end of the names of non-directories). ++ PR 10138 [Jeff Trawick] ++ ++ *) implement SSLSessionCache shmht and shmcb based on apr_rmm and ++ apr_shm. [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>] ++ ++ *) Fix apxs -g handling. Move config_vars.mk from the top build ++ directory to the build directory. PR 10163 [Jeff Trawick] ++ ++ *) Fix some mod_include problems which broke evaluation of some ++ expressions. PR 10108 [Jeff Trawick] ++ ++ *) Fix the calculation of request time in mod_status. [Stas Bekman] ++ ++ *) Fix the calculation of thread_num in the worker score structure. ++ [Stas Bekman] ++ ++ *) Use apr_atomic operations in managing the mod_mem_cache ++ cache_objects for SMP scalability. (see USE_ATOMICS ++ preprocessor directive in mod_file_cache) ++ [Bill Stoddard] ++ ++ *) Add filehandle caching to mod_mem_cache. (see CACHE_FD ++ preprocessor directive in mod_file_cache) ++ [Bill Stoddard] ++ ++ *) Implement prototype mod_disk_cache for use with mod_cache. ++ [Bill Stoddard] ++ ++ *) Add a missing manualdir entry in the Debian config.layout. ++ [Thom May <thom planetarytramp.net>] ++ ++ *) Stop installing libtool for APR and tell APR where it should place ++ its copy of libtool (via our installbuildpath layout variable). ++ [Justin Erenkrantz] ++ ++ *) New directive ProxyIOBufferSize. Sets the size of the buffer used ++ when reading from a remote HTTP server in proxy. [Graham Leggett] ++ ++ *) Modify receive/send loop in proxy_http and proxy_ftp so that ++ should it be necessary, the remote server socket is closed before ++ transmitting the last buffer (set by ProxyIOBufferSize) to the ++ client. This prevents the backend server from being forced to hang ++ around while the last few bytes are transmitted to a slow client. ++ Fix the case where no error checking was performed on the final ++ brigade in the loop. [Graham Leggett] ++ ++ *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change ++ CacheMaxExpire and CacheDefaultExpire to use seconds rather than ++ hours. [Graham Leggett, Bill Stoddard] ++ ++ *) New Directive SSIUndefinedEcho. to change the '(none)' echoed ++ for a undefined variable. [Ian Holsman] ++ ++ *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS ++ when we can't get a socket in the specified address family. We may ++ have gotten back an IPv6 address first and yet our system is not ++ configured to allow IPv6 sockets. [Jeff Trawick] ++ ++ *) Be more careful about recursively removing CVS directories. Make ++ sure that we aren't cd'ing to their home directory first. PR: 9993 ++ [Aaron Bannert, James LewisMoss <dres lewismoss.net>] ++ ++ *) Add a missing errordir entry in the Debian config.layout. PR: 10067 ++ [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert, ++ Thom May <thom planetarytramp.net>] ++ ++ *) Rename the filter ordering priorities. The recent filtering fixes ++ have showcased problems with their usage. Therefore, we need to ++ rename them to increase the clarity. (CONTENT->RESOURCE, ++ HTTP_HEADER->CONTENT_SET/PROTOCOL) [Justin Erenkrantz] ++ ++Changes with Apache 2.0.33 ++ ++ *) Fix a problem in the new --enable-layout functionality where ++ it wouldn't allow overrides from variables like --prefix, ++ --bindir, etc. [Thom May <thom planetarytramp.net>] ++ ++ *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It ++ no longer hangs around waiting for the socket to close before ++ returning exhaustive data. [Aaron Bannert] ++ ++ *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending) ++ [Thom May <thom planetarytramp.net>] ++ ++ *) Change mod_ssl to always do a full startup/teardown on restarts. ++ this allows mod_ssl to be added to a server that is already ++ running and makes it possible to add/change certs/keys after the ++ server has been started. [Doug MacEachern] ++ ++ *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl. ++ This pipe must be a bidirectional 'console' style relay, which ++ mod_ssl prints all prompts to the pipe's stdin, and reads the ++ passphrases from the pipe's stdout. [William Rowe] ++ ++ *) Fix bug where --sysconfdir and --localstatedir were being ++ ignored. [Thom May <thom planetarytramp.net>, Aaron Bannert] ++ PR 9888 ++ ++ *) Fix --enable-layout to work again. Caution: When specifying ++ --enable-layout, common arguments like --prefix, --exec-prefix, ++ etc. will be ignored and the settings from the layout will be ++ used instead. [Thom May <thom planetarytramp.net>, Aaron Bannert] ++ PR 9124, 9873, 9885 ++ ++ *) New Directive for mod_proxy: ProxyRemoteMatch. This provides ++ regex pattern matching for the determination of which requests ++ to use the remote proxy for. [Jim Jagielski] ++ ++ *) Fix CustomLog bytes-sent with HTTP 0.9. [Justin Erenkrantz] ++ ++ *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3 ++ cruft in piped logs and rewritemap child processes. ++ [William Rowe] ++ ++ *) All instances of apr_lock_t have been removed and converted ++ to one of the following new lock APIs: apr_thread_mutex.h, ++ apr_proc_mutex.h, or apr_global_mutex.h. No new code should ++ use the apr_lock.h API, as the old API will soon be deprecated. ++ [Aaron Bannert] ++ ++ *) Merged in changes to mod_ssl up through 2.8.7-1.3.23. ++ [Ralf S. Engelschall, Cliff Woolley] ++ ++ *) mod-include: make it handle flush'es and fix the 'false-alarm' ++ [Justin Erenkrantz, Brian Pane, Ian Holsman] ++ ++ *) ap_get_*_filter_handle() functions to allow 3rd party modules ++ to lookup filter handles so they can bypass the filter name ++ lookup when adding filters to a request (via ap_add_*_filter_handle()) ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Fix for multiple file buckets on Win32, where the first file ++ bucket would cause the immediate closure of the socket on any ++ non-keepalive requests. [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Correct Win32 failure of mmap of a segment beyond start of the ++ file; fixes large SSL and similar transfers. [William Rowe] ++ PR 9898 ++ ++ *) Implement apr_proc_detach changes and allow -DNO_DETACH in the ++ multi-process mode to not "daemonize" while detaching from the ++ controlling terminal. This is necessary for Apache to work with ++ process-management tools like AIX's "System Resource Controller" ++ as well as Dan Bernstein's "daemontools". ++ [Jos Backus <josb cncdsl.com>, Aaron Bannert] ++ ++ *) Convert mod_auth_digest to use the new apr_global_mutex_t ++ type. [Aaron Bannert] ++ ++ *) fix bug in mod-include where it wouldn't send a unmatched ++ part if it was at the end of a bucket [Ian Holsman] ++ ++ *) worker MPM: Improve logging of errors with the interface between ++ the listener thread and worker threads. [Jeff Trawick] ++ ++ *) Some browsers ignore cookies that have been merged into a ++ single Set-Cookie header. Set-Cookie and Set-Cookie2 headers ++ are now unmerged in the http proxy before being sent to the ++ client. [Graham Leggett] ++ ++ *) Fix a problem with proxy where each entry of a duplicated ++ header such as Set-Cookie would overwrite and obliterate the ++ previous value of the header, resulting in multiple header ++ values (like cookies) going missing. ++ [Graham Leggett, Joshua Slive] ++ ++ *) Add the server-limit and thread-limit values to the scoreboard ++ for the sake of third-party applications. ++ [Adam Sussman <myddryn vishnu.vidya.com>] ++ ++ *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman] ++ ++ *) OS/390: Get make install to properly copy DSO modules. ++ [Jeff Trawick] ++ ++ *) Win32: Fix bug in mod_status with displaying "Restart Time" ++ and "Server uptime". ++ [Bill Stoddard] ++ ++ *) Fix IPv6 name-based virtual hosts. [Jeff Trawick] ++ ++ *) Introduce AddOutputFilterByType directive. [Justin Erenkrantz] ++ ++ *) Fix DEBUG_CGI support in mod_cgi. PR 9670, 9671. ++ [David MacKenzie <djm pix.net>] ++ ++ *) Fix incorrect check for script_in in mod_cgi. PR 9669. ++ [David MacKenzie <djm pix.net>] ++ ++ *) Fix segfault and display error when SSLMutex file can not be ++ created. [Adam Sussman <myddryn vishnu.vidya.com>] ++ ++ *) Add reference counting to mod_mem_cache cache objects to ++ better manage removing objects from the cache. ++ [Bill Stoddard] ++ ++ *) Change the verbage on the ScoreBoardFile in our default configs. ++ Also change the default to be commented out (unspecified) so we ++ get anonymous shared memory by default. [Aaron Bannert] ++ ++ *) Implement new ScoreBoardFile directive logic. This affects how ++ we create the scoreboard's shared memory segment. If the directive ++ is present, a name-based segment is created. If the directive is ++ not present, first an anonymous segment is created, and if that ++ fails, a name-based segment is created from a file of the name ++ DEFAULT_SCOREBOARD. This gives third-party applications the ++ ability to access our scoreboard. [Aaron Bannert] ++ ++ *) Allow mod_deflate to work with non-GET requests and properly send ++ Content-Lengths. [Sander Striker <striker apache.org>] ++ ++ *) Fix ap_directory_merge() to correctly merge configs when there is ++ no <Directory /> block. [Justin Erenkrantz, William Rowe] ++ ++ *) Remove spurious debug messsages that are normal under HTTP ++ keep-alive logic. [Jeff Trawick, Justin Erenkrantz] ++ ++ *) Fix a bug in mod_cgid that would prevent proper shutdown death ++ of the cgid process. [Aaron Bannert] ++ ++ *) Add signal handling back in to the worker MPM for the one_process ++ (-X, -DDEBUG, -DONE_PROCESS) case. [Aaron Bannert] ++ ++ *) Performance: Reuse per-connection transaction pools in the ++ worker MPM, rather than destroying and recreating them. [Brian Pane] ++ ++ *) Remove all signals from the worker MPM's child process. Instead, ++ the parent uses the Pipe of Death for all communication with the ++ child processes. [Ryan Bloom] ++ ++Changes with Apache 2.0.32 ++ ++ *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the ++ default if the directive is not specified. This mirrors older ++ behavior without changes to the httpd.conf. [William Rowe] ++ ++ *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing ++ the service, mpm and logging code, and bugs in apr_file_open_stderr ++ and apr_file_dup2 functions. Win2K/XP services have no handles ++ associated for stdin/out/err, which caused unpredictable behavior ++ in the prior release. [William Rowe, Bill Stoddard] ++ ++ *) Win32: simplify the Application Event Log messages, since there isn't ++ likely to be 'more information in the error log' before an error log ++ has been opened. [William Rowe] ++ ++ *) Win32: substantial cleanup to the mpm_winnt code for legibility and ++ to follow the program flow of other MPMs. [Ryan Bloom, William Rowe] ++ ++ *) Win32: apache -k shutdown now behaves like apache -k stop. ++ [Bill Stoddard] ++ ++ *) Fix prefork to not kill the parent if a child hits a resource shortage ++ on accept(). [Greg Ames] ++ ++ *) Fix seg faults that occur when what should be the httpd request line ++ starts with \r\n followed by garbage. [Greg Ames] ++ ++ *) Allow statically linked support binaries with the new ++ --enable-static-support flag, and enable this behavior in ++ the binbuild script. Also add a new --enable-static-htdbm ++ flag. [Aaron Bannert] ++ ++ *) Allow mod_autoindex to serve symlinks if permitted and attempt to ++ do only one stat() call when generating the directory listings. ++ [Justin Erenkrantz] ++ ++ *) Fix resolve_symlink to save the original symlink name if known. ++ [Justin Erenkrantz] ++ ++ *) Be a bit more sane with regard to CanonicalNames. If the user has ++ specified they want to use the CanonicalName, but they have not ++ configured a port with the ServerName, then use the same port that ++ the original request used. [Ryan Bloom and Ken Coar] ++ ++ *) In core_input_filter, check for an empty brigade after ++ APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a ++ client says it will post some data but we get FIN before any ++ data arrives. [Jeff Trawick] ++ ++ *) Not being able to bind to the socket is a fatal error. We should ++ print an error to the console, and return a non-zero status code. ++ With these changes, all of the Unix MPMs do that correctly. ++ [Ryan Bloom] ++ ++ *) suexec: Allow HTTPS and SSL_* environment variables to be passed ++ through to CGI scripts. PR 9163 ++ [Brian Reid <breid customlogic.com>, ++ Zvi Har'El <rl math.technion.ac.il>] ++ ++ *) binbuild.sh: Make sure that we use the expat from our source ++ tree so that there aren't any surprises on the target machine. ++ [Jeff Trawick] ++ ++ *) mod_cgid: Add retry logic for when the daemon can't fork fast ++ enough to keep up with new requests. Start using ++ HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR ++ when we can't talk to the daemon. [Jeff Trawick] ++ ++ *) apxs: LTFLAGS envvar can override default libtool options. Try ++ "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under ++ the covers. [Jeff Trawick] ++ ++ *) The Location: response header field, used for external ++ redirect, *must* be an absoluteURI. The Redirect directive ++ tested for that, but RedirectMatch didn't -- it would allow ++ almost anything through. Now it will try to turn an abs_path ++ into an absoluteURI, but it will correctly varf like Redirect ++ if the final redirection target isn't an absoluteURI. [Ken Coar] ++ ++Changes with Apache 2.0.31 ++ ++ *) Create the scoreboard (in the parent) in a global pool context, ++ so it survives graceful restarts. This fixes a SEGV during ++ graceful restarts. [Aaron Bannert] ++ ++ *) Add a timeout option to the proxy code 'ProxyTimeout' ++ [Ian Holsman] ++ ++ *) FTP directory listings are now always retrieved in ASCII mode. ++ The FTP proxy properly escapes URI's and HTML in the generated ++ listing, and escapes the path components when talking to the FTP ++ server. It is now possible to browse the root directory by using ++ a url like: ftp://user@host/%2f/ (ported from apache_1.3.24) ++ Also, the last path component may contain wildcard characters ++ '*' and '?', and if they do, a directory listing is created instead ++ of a file retrieval. Example: ftp://user@host/httpd/server/*.c ++ [Martin Kraemer] ++ ++ *) Added single-listener unserialized accept support to the ++ worker MPM [Brian Pane] ++ ++ *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes ++ the incoming host header through to the proxied server ++ [Geoff <g.russell ieee.org>] ++ ++ *) New Directive Option for ProxyPass. It now can block a location ++ from being proxied [Jukka Pihl <jukka.pihl entirem.com>] ++ ++ *) Don't let the default handler try to serve a raw directory. At ++ best you get gibberish. Much worse things can happen depending ++ on the OS. [Jeff Trawick] ++ ++ *) Change the pre_config hook to return a value. Modules can now emit ++ an error message and then cause the server to quit gracefully during ++ startup. This required a bump to the MMN. [Aaron Bannert] ++ ++ *) Fix some unix socket descriptor leaks in the handler side of ++ mod_cgid (the part that runs in the server process). Whack a ++ silly "close(-1)" in the handler too. [Jeff Trawick] ++ ++ *) Change the pre_mpm hook to return a value, so that scoreboard ++ init errors percolate up to code that knows how to exit ++ cleanly. This required a bump to the MMN. [Jeff Trawick] ++ ++ *) Add the socket back to the conn_rec and remove the create_connection ++ hook. The create_connection hook had a design flaw that did not ++ allow creating connections based on vhost info. [Bill Stoddard] ++ ++ *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results. ++ Resolves the common case of using negotation to resolve the request ++ /script/foo for /script.cgi/foo. [William Rowe] ++ ++ *) Added new functions ap_add_(input|output)_filter_handle to ++ allow modules to bypass the usual filter name lookup when ++ adding hard-coded filters to a request [Brian Pane] ++ ++ *) caching should now work on subrequests (still very experimental) ++ [Ian Holsman] ++ ++ *) The Win32 mpm_winnt now has a shared scoreboard. [William Rowe] ++ ++ *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*. ++ [Justin Erenkrantz] ++ ++ *) Refactor ap_rgetline so that it does not use an internal brigade. ++ Change ap_rgetline's prototype to return errors. [Justin Erenkrantz] ++ ++ *) Remove mod_auth_db. [Justin Erenkrantz] ++ ++ *) Do not install unnecessary pcre headers like config.h and internal.h. ++ [Joe Orton <joe manyfish.co.uk>] ++ ++ *) Change in quick_hanlder behavior for subrequests. it now passes DONE ++ (as it does for a normal request). quick_handled sub-requests now work ++ in mod-include [Ian Holsman] ++ ++ *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of ++ 'CONTENT' one, as it needs to run AFTER all content headers ++ ++ *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread. ++ [Lars Eilebrecht] ++ ++ *) Split out blocking from the mode in the input filters. ++ [Justin Erenkrantz] ++ ++ *) Fix a segfault in mod_include. [Justin Erenkrantz, Jeff Trawick] ++ ++ *) Cause Win32 to capture all child-worker process errors in ++ Apache to the main server error log, until the child can ++ open its own error logs. [William Rowe] ++ ++ *) HPUX 11.*: Do not kill the child process when accept() ++ returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch) ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard] ++ ++ *) Fix a problem in the parsing of the <Proxy foo> directive. ++ [Jeff Trawick] ++ ++ *) rewrite of mod_ssl input filter for better performance and less ++ memory usage [Doug MacEachern] ++ ++ *) allow quick_handler to be run on subrequests. [Ian Holsman] ++ ++ *) mod_dav now asks its provider to place content directly into the ++ filter stack when handling a GET request. The mod_dav/provider ++ API has changed, so providers need to be updated. [Greg Stein] ++ ++ *) Clear the output socket descriptor in unixd_accept() to make sure ++ we don't supply a bogus socket to the caller if the accept fails. ++ This caused problems with the worker MPM, which tried to process ++ the returned socket if it was non-NULL. [Brian Pane] ++ ++ *) Move a check for an empty brigade to the start of core input filter ++ to avoid segfaults. [Justin Erenkrantz, Jeff Trawick] ++ ++ *) Add FileETag directive to allow configurable control of what ++ data are used to form ETag values for file-based URIs. MMN ++ bumped to 20020111 because of fields added to the end of ++ the core_dir_config structure. [Ken Coar] ++ ++ *) Fix a segfault in mod_rewrite's logging code caused by passing the ++ wrong config to ap_get_remote_host(). [Jeff Trawick] ++ ++ *) Allow mod_cgid to work from a binary distribution install by ++ using 755 for the permissions on the log directory instead of ++ 750. [Jeff Trawick] ++ ++ *) Fixed a segfault that happened during graceful shutdown (or when ++ the httpd ran out of file descriptors) with the worker MPM [Brian Pane] ++ ++ *) Split all Win32 modules [excluding the core components mod_core, ++ mod_so, mod_win32 and the winnt mpm] into individual loadable ++ modules, so the administrator may individually disable the former ++ compiled-in modules by simply commenting out their LoadModule ++ directives. [William Rowe] ++ ++ *) Saved Win32 module authors and porters many future headaches, by ++ duplicating the appropriate .h files such as os.h into the include ++ directory, including in the build tree. [William Rowe] ++ ++ *) mod_ssl adjustments to help with using toolkits other than OpenSSL: ++ Use SSL functions/macros instead of directly dereferencing SSL ++ structures wherever possible. ++ Add type-casts for the cases where functions return a generic pointer. ++ Add $SSL/include to configure search path. ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>] ++ ++ *) Moved several pointers out of the shared Scoreboard so it is ++ more portable, and will present the vhost name across server ++ generation restarts. [William Rowe] ++ ++ *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec: ++ [Doug MacEachern] ++ ++Changes with Apache 2.0.30 ++ ++ *) Fix the main bug for FreeBSD and threaded MPM's. There are ++ still issues (see STATUS) but at least the server will now ++ run without crashing the machine. ++ [David Reid, Aaron Bannert, Justin Erenkrantz] ++ ++ *) Fix a typo in mod_deflate's m4 config section. ++ [albert chin <china thewrittenword.com>] ++ ++ *) Fix a couple of mod_proxy problems forwarding HTTP connections ++ and handling CONNECT: ++ (1) PR #9190 Proxy failed to connect to IPv6 hosts. ++ (2) Proxy failed to connect when the first IP address returned by ++ the resolver was unreachable but a secondary IP address was. ++ [Jeff Trawick] ++ ++ *) Fix the module identifer as shown in the docs for various core ++ modules (e.g., the identifer for mod_log_config was previously ++ listed as config_log_module). PR #9338 ++ [James Watson <ap2bug sowega.org>] ++ ++ *) Fix LimitRequestBody directive by placing it in the HTTP ++ filter. [Justin Erenkrantz] ++ ++ *) Fix mod_proxy seg fault when the proxied server returns ++ an HTTP/0.9 response or a bogus status line. ++ [Adam Sussman] ++ ++ *) Prevent mod_proxy from truncating one character off the ++ end of the status line returned from the proxied server. ++ [Adam Sussman, Bill Stoddard] ++ ++ *) Eliminate loop in ap_proxy_string_read(). ++ [Adam Sussman, Bill Stoddard] ++ ++ *) Provide $0..$9 results from mod_include regex parsing. ++ [William Rowe] ++ ++ *) Allow mod-include to look for alternate start & end tags [Ian Holsman] ++ ++ *) Introduced the ForceLanguagePriority directive, to prevent ++ returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases, ++ when using Multiviews. [William Rowe] ++ ++ *) Fix a problem which prevented mod_cgid and suexec from working ++ together reliably [Greg Ames] ++ ++ *) Remove the call to exit() from within mod_auth_digest's post_config ++ phase. [Aaron Bannert] ++ ++ *) Fix a problem in mod_auth_digest that could potentially cause ++ problems with initialized static data on a system that uses DSOs. ++ [Aaron Bannert] ++ ++ *) Fix a segfault in the worker MPM that could happen during ++ child process exits. [Brian Pane, Aaron Bannert] ++ ++ *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman] ++ ++ *) Fix matching of vhosts by ip address so we find IPv4 ++ vhost address when target address is v4-mapped form of ++ that address. [Jeff Trawick] ++ ++ *) More performance tweaks to the BNDM string-search algorithm ++ used to find "<!--#" tokens in mod_include [Brian Pane] ++ ++ *) Miscellaneous small performance fixes: optimized away various ++ string copy operations and removed large temp buffers from ++ the stack [Brian Pane] ++ ++ *) Fixed startup segfault that occurred when a VirtualHost ++ directive had a port but no address [Brian Pane] ++ ++ *) Allow htdbm to work with multiple DBM types [Ian Holsman] ++ ++ *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL ++ if oslevel < WINNT. This should fix several problems reported ++ Against 2.0.28 on Windows 98 [Bill Stoddard] ++ ++ *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS ++ to fail. [Bill Stoddard] ++ ++ *) Change core code to allow an MPM to set hard thread/server ++ limits at startup. prefork, worker, and perchild MPMs now have ++ directives to set these limits. [Jeff Trawick] ++ ++ *) Win32: The async AcceptEx() event should be autoreset upon ++ successful completion of a wait (WaitForSingleObject). This ++ eliminates a number of spurious ++ setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages. ++ [Bill Stoddard] ++ ++ *) Move any load library path environment variables out of ++ apachectl and into a separate environment variable file which ++ can be more easily tailored by the admin. The environment ++ variable file as built by Apache may have additional system- ++ specific settings. For example, on OS/390 we tailor the heap ++ settings to allow lots of threads. [Jeff Trawick] ++ ++ *) Use the new APR pool code to reduce pool-related lock ++ contention in the worker MPM. [Sander Striker] ++ ++ *) The POD no longer assumes the child is listening on 127.0.0.1 ++ and now pulls the first hostname in the list of listeners to ++ perform the dummy connect on. This fixes a bug when the user ++ had configured the Listen directive for an IP other than ++ 127.0.0.1. This would result in undead children and error ++ messages such as "Connection refused: connect to listener". ++ [Aaron Bannert] ++ ++ *) The worker MPM now respects the LockFile setting, needed to ++ avoid locking problems with NFS. [Jeff Trawick] ++ ++ *) Fix segfault when worker MPM receives SIGHUP. ++ [Ian Holsman, Aaron Bannert, Justin Erenkrantz] ++ ++ *) Fix bug that could potentially prevent the perchild MPM from ++ working with more than one vhost/uid. [Aaron Bannert] ++ ++ *) Change make install and apxs -i processing of DSO modules to ++ perform special handling on platforms where libtool doesn't install ++ mod_foo.so. This fixes some wonkiness on HP-UX, Tru64, and AIX ++ which prevented standard LoadModule statements from working. ++ [Jeff Trawick] ++ ++ *) Whenever mod_so is enabled (not just when there are DSOs for ++ our modules), do whatever special magic is required for compiling/ ++ loading third-party modules. This allows third-party DSOs to ++ be used on an AIX build when there were no built-in modules ++ built as DSOs. (This should help on OS/390 and BeOS as well.) ++ [Jeff Trawick] ++ ++ *) Allow apxs to be used to build DSOs on AIX without requiring the ++ user to hard-code the list of import files. (This should help ++ on OS/390 and BeOS as well.) [Jeff Trawick] ++ ++ *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile. ++ PR 8563, 8919 [William Rowe] ++ ++ *) Get binary builds working when libapr and libaprutil are built ++ shared [Greg Ames] ++ ++ *) Get shared builds of libapr and libaprutil, as well as Apache DSOs, ++ working on AIX. [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>, ++ Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick] ++ ++ *) Fix the handling of SSI directives in which the ">" of the ++ terminating "-->" is the last byte in a file [Brian Pane] ++ ++ *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)" ++ message that we had back in apache-1.3 and still have scattered ++ throughout our docs. [Aaron Bannert] ++ ++ *) Prevent the Win32 port from continuing after encountering an ++ error in the command line args to apache. [William Rowe] ++ ++ *) On a error in the proxy, make it write a line to the error log ++ [Ian Holsman] ++ ++ *) Various mod_ssl performance improvements [Doug MacEachern] ++ ++Changes with Apache 2.0.29 ++ ++ *) Add buffering in core_output_filter to ensure that long ++ lists of small buckets don't cause small packet writes. ++ [Brian Pane, Ryan Bloom] ++ ++ *) Fix the installation target to make sure that the manual is ++ installed in the correct location. ++ [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and ++ Gomez Henri <hgomez slib.fr>] ++ ++ *) Fix the cmd command for mod_include. When we are processing ++ a cmd command, we do not want to use the r->filename to set ++ the command name. The command comes from the SSI tag. To do this, ++ I added a variable to the function that builds the command line ++ in mod_cgi. This allows the include_cmd function to specify ++ the command line itself. [Ryan Bloom] ++ ++ *) Change open_logs hook to return a value, allowing you ++ to flag a error while opening logs ++ [Ian Holsman, Doug MacEachern] ++ ++ *) Change post_config hook to return a value, allowing you ++ to flag a error post config ++ [Ian Holsman, Jeff Trawick] ++ ++ *) Allow SUEXEC_BIN (the path to the suexec binary that is ++ hard-coded into the server) to be specified to the configure ++ script by the --with-suexec-bin parameter. [Aaron Bannert] ++ ++ *) Fix segv in worker MPM following accept on pipe-of-death ++ [Brian Pane] ++ ++ *) Add mod_deflate to experimental. ++ [Ian Holsman, Justin Erenkrantz] ++ ++ *) Bail out at configure time if an invalid MPM was specified. ++ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>] ++ ++ *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is ++ configured [John Sterling <sterling covalent.net>] ++ ++ *) Fix apxs to use sbindir. [Henri Gomez <hgomez slib.fr>] ++ ++ *) Fix a problem with IPv6 vhosts. PR #8118 [Jeff Trawick] ++ ++ *) Optimization for the BNDM string-search function in ++ mod_include. [Brian Pane] ++ ++ *) Fixed the behavior of the XBitHack directive. ++ [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804 ++ ++ *) The threaded MPM for Unix has been removed. Use the worker ++ MPM instead. [various] ++ ++ *) APR-ize the resolver logic in mod_unique_id. This fixes a bug ++ in logging the error from a failed DNS lookup. [Jeff Trawick] ++ ++ *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123. ++ [Cliff Woolley] ++ ++ *) Get mod_cgid killed when a MPM exits due to a fatal error. ++ [Jeff Trawick] ++ ++ *) Fix a file descriptor leak in mod_include. When we include a ++ file, we use a sub-request, but we didn't destroy the sub-request ++ immediately, instead we waited until the original request was ++ done. This patch closes the sub-request as soon as the data is ++ done being generated. [Brian Pane <bpane pacbell.net>] ++ ++ *) Allow modules that add sockets to the ap_listeners list to ++ define the function that should be used to accept on that ++ socket. Each MPM can define their own function to use for ++ the accept function with the MPM_ACCEPT_FUNC macro. This ++ also abstracts out all of the Unix accept error handling ++ logic, which has become out of synch across Unix MPMs. ++ [Ryan Bloom] ++ ++ *) Fix a bug which would cause the response headers to be omitted ++ when sending a negotiated ErrorDocument because the required ++ filters were attached to the wrong request_rec. ++ [John Sterling <sterling covalent.net>] ++ ++ *) Remove commas from the end of the macros that define ++ directives that are used by MPMs. Prior to this patch, ++ you would use these macros without commas, which was unlike ++ the macros for any other directives. Now, the caller provides ++ the comma rather than the macro providing it. This makes ++ the macros look more like the rest of the directives. ++ [Ryan Bloom and Cliff Woolley] ++ ++ *) Add 'redirect-carefully' environment option to disable sending ++ redirects under special circumstances. This is helpful for ++ Microsoft's WebFolders when accessing a directory resource via ++ DAV methods. [Justin Erenkrantz] ++ ++ *) Begin to abstract out the underlying transport layer. ++ The first step is to remove the socket from the conn_rec, ++ the server now lives in a context that is passed to the ++ core's input and output filters. This forces us to be very ++ careful when adding calls that use the socket directly, ++ because the socket isn't available in most locations. ++ [Ryan Bloom] ++ ++ *) Really reset the MaxClients value in worker and threaded ++ when the configured value is not a multiple of the number ++ of threads per child. We said we did previously but we ++ forgot to. [Jeff Trawick] ++ ++ *) Add Debian layout. [Daniel Stone <daniel sfarc.net>] ++ ++ *) If shared modules are requested and mod_so is not available, ++ produce a fatal config-time error. [Justin Erenkrantz] ++ ++ *) Improve http2env's performance by cutting the work it has to ++ do. [Brian Pane <bpane pacbell.net>] ++ ++ *) use new 'apr_hash_merge' function in mod_mime (performance fix) ++ [Brian Pane <bpane pacbell.net>] ++ ++Changes with Apache 2.0.28 ++ ++ *) Fix infinite loop in mod_cgid.c. ++ [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>] ++ ++ *) When no port is given in a "ServerName host" directive, the ++ server_rec->port is now set to zero, not 80. That allows for ++ run-time deduction of the correct server port (depending on ++ SSL/plain, and depending also on the current setting of ++ UseCanonicalName). This change makes redirections ++ work, even with https:// connections. As in Apache-1.3, the ++ connection's actual port number is never used, only the ServerName ++ setting or the client's Host: setting. Documentation updated ++ to reflect the change. [Martin Kraemer] ++ ++ *) Add a '%{note-name}e' argument to mod-headers, which works in ++ the same way as mod_log_confg. [Ian Holsman] ++ ++ *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and ++ AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard ++ MPMs. [Cliff Woolley] ++ ++ *) Introduce htdbm, a user management utility for db/dbm authorization ++ databases. [Mladen Turk <mturk mappingsoft.com>] ++ ++ *) Optimize usage of strlen and strcat in ap_directory_walk. ++ [Brian Pane <bpane pacbell.net>] ++ ++Changes with Apache 2.0.27 ++ ++ *) Introduce an Apache mod_ssl initial configuration template ++ (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall] ++ ++ *) Fixed a memory leak in the getline parsing code that could ++ be triggered by arbitrarily large header lines. Requests ++ from the core input filter for single lines are now limited ++ to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert] ++ ++ *) Fix a truncation bug in how we print the port on the Via: header. ++ The routine that prints the Via: header now takes a length for ++ the port string. [Zvi Har'El <rl math.technion.ac.il>] ++ ++ *) Some syntax errors in mod_mime_magic's magic file can result ++ in a 500 error, which previously was unlogged. Now we log the ++ error. [Jeff Trawick] ++ ++ *) Add the support/checkgid helper app, which checks the run-time ++ validity of group identifiers usable in the Group directive. ++ [Ken Coar] ++ ++ *) Various --enable-so options have been fixed: --enable-so is ++ treated as "static"; explicit --enable-so=shared issues an error; ++ and explicit --enable-so fails with error on systems without ++ APR_HAS_DSO. [Aaron Bannert] ++ ++ *) Fix a segfault in the core input filter when the client socket ++ gets disconnected unexpectedly. [Cliff Woolley] ++ ++ *) Fix the reporting for child processes that die. This removes ++ all of the non-portable W* macros from Apache. ++ [Jeff Trawick and Ryan Bloom] ++ ++ *) Win32: Track and display "Parent Server Generation:" in ++ mod_status output. The generation will be bumped at ++ server graceful restart, when the child process exits ++ by hitting MaxRequestsPerChild or if the child ++ process exits abnormally. [Bill Stoddard] ++ ++ *) Win32: Fix problem where MaxRequestsPerChild directive was ++ not being picked up in favor of the default. Enable ++ the parent to start up a new child process immediately upon ++ the old child starting shutdown. ++ [Bill Stoddard] ++ ++ *) Fix some bungling of the remote port in rfc1413.c so that ++ IdentityCheck retrieves the proper user id instead of failing ++ and thus always returning "nobody." ++ [Dick Streefland <Dick.Streefland xs4all.nl>] ++ ++ *) Introduced thread saftey for mod_rewrite's internal cache. ++ [Brian Pane <bpane pacbell.net>] ++ ++ *) Simplified mod_env's directives to behave as most directives are ++ expected, in that UnsetEnv will not unset a SetEnv and PassEnv ++ directive following that UnsetEnv within the same container. ++ Also provides a runtime startup warning if a PassEnv configured ++ environment value is undefined. [William Rowe] ++ ++ *) The worker MPM is now completely ported to APR's new lock API. It ++ uses native APR types for thread mutexes, cross-process mutexes, ++ and condition variables. [Aaron Bannert] ++ ++ *) Sync up documentation to remove all references to the now deprecated ++ Port directive. [Justin Erenkrantz] ++ ++ *) Moved all ldap modules from the core to httpd-ldap sub-project ++ [Ryan Bloom] ++ ++ *) Exit when we can't listen on any of the configured ports. This ++ is the same behavior as 1.3, and it avoids having the MPMs to ++ deal with bogus ap_listen_rec structures. [Jeff Trawick] ++ ++ *) Cleanup the proxy code that creates a request to the origin ++ server. This change adds an optional hook, which allows modules ++ to gain control while the request is created if the proxy module ++ is loaded. The purpose of this hook is to allow modules to add ++ input and/or output filters to the request to the origin. While ++ I was at it, I made the core use this hook, so that proxy request ++ creation uses some of the code from the core. This can still be ++ greatly improved, but this is a good start. [Ryan Bloom] ++ ++Changes with Apache 2.0.26 ++ ++ *) Port the MaxClients changes from the worker MPM to the threaded ++ MPM. [Ryan Bloom] ++ ++ *) Fix mod_proxy so that it handles chunked transfer-encoding and works ++ with the new input filtering system. [Justin Erenkrantz] ++ ++ *) Introduce the MultiviewsMatch directive, to allow the operator ++ to be flexible in recognizing Handlers and Filters filename ++ extensions as part of the Multiviews matching logic, strict with ++ MultiviewsMatch NegotiatedOnly to accept only filename extentions ++ that designate negotiated parameters, (content type, charset, etc.) ++ or MultiviewsAll for the 1.3 behavior of matching any files, even ++ if they have unregistered extensions. [William Rowe] ++ ++ *) Fixed the configure script to add a LoadModule directive to ++ the default httpd.conf for any module that was compiled ++ as a DSO. [Aaron Bannert <aaron clove.org>] ++ ++ *) rewrite mod_ssl input filtering to work with the new input filtering ++ system. [Justin Erenkrantz] ++ ++ *) prefork: Don't segfault when we are able to listen on some but ++ not all of the configured ports. [Jeff Trawick] ++ ++ *) Build mod_so even if no core modules are built shared. ++ [Aaron Bannert <aaron clove.org>] ++ ++ *) Introduce ap_directory_walk rewrite (with further optimizations ++ required) to adapt to the ap_process_request_internal() changes. ++ Optimized so subrequests and redirects now reuse previous section ++ merges, until we mismatch with the original directory_walk, and ++ precomputed r->finfo results will cause directory_walk to skip ++ the most expensive phases of the function. [William Rowe] ++ ++ *) Allow ApacheMonitor to connect to and control Apache on other ++ WinNT/2K machines. [Mladen Turk <mturk mappingsoft.com>] ++ ++ *) Remove the Port directive. In it's place, the Listen directive ++ is now a required directive, which tells Apache what port to ++ listen on. The ServerName directive has also been extended ++ to accept an optional port. If the port is specified to the ++ ServerName, the server will report that port whenever it ++ reports the port that it is listening on. This change was ++ made to ease configuration errors that stem from having a Port ++ directive, and a Listen directive. In that situation, the server ++ would only listen to the port specified by the Listen command, ++ which caused a lot of confusion to users. [Ryan Bloom] ++ ++ *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32 ++ build, as loadable modules. [William Rowe] ++ ++ *) Fix --enable-mods-shared processing. If most is specified, ++ then all modules that can be compiled as shared modules are. ++ [Aaron Bannert <aaron clove.org>] ++ ++ *) Update the mime.types file to map video/vnd.mpegurl to mxu ++ and add commonly used audio/x-mpegurl for m3u extensions. ++ [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht] ++ ++ *) Eliminate the depreciated r->content_language, in favor of the array ++ r->content_languages introduced many years ago. Module authors must ++ substantially overhaul their modules, so this needs to be upgraded ++ if the module still relied on backwards-brokeness. [William Rowe] ++ ++ *) Allow configure help strings to work with autoconf 2.50+ and 2.13. ++ [Justin Erenkrantz] ++ ++ *) Rewrite the input filtering mechanisms to consolidate and reorganize ++ code. In short, core_input_filter does something now and ++ ap_http_filter is now only concerned with HTTP. [Justin Erenkrantz] ++ ++ *) Update the Win32 build to re-absorb mod_proxy and family. ++ [William Rowe] ++ ++ *) Resolved the build failure on Win32 using MSVC 5.0 (without the ++ current SDK.) [William Rowe] ++ ++ *) Some style changes to the code that does ProxyErrorOverride. Fixed ++ config merge behaviour. [Graham Leggett] ++ ++ *) Allow support programs to be compiled against a static version ++ of libapr. This allows the smaller support programs to be ++ relocated. [Aaron Bannert <aaron clove.org>] ++ ++ *) Update the mime.types file to the registered media types as ++ of 2001-09-25, and add mapping for xsl extension [Mark Cox] ++ ++ *) Fix MaxClients in the Worker MPM, so that it specifies the maximum ++ number of clients that can connect at the same time, instead of ++ specifying the maximum number of child processes. ++ [Aaron Bannert <aaron clove.org>] ++ ++ *) Switch proc_pthread AcceptMutex configuration directive to pthread to ++ be consistent with 1.3. [Justin Erenkrantz] ++ ++ *) Cache apr_explode_localtime() value for 15 seconds. ++ [Brian Pane <bpane pacbell.net>] ++ ++ *) Fix mod_include to not return ETag or Last-Modified headers. ++ [Ian Holsman <ianh cnet.com>] ++ ++ *) Fix worker MPM's scoreboard logic. [Aaron Bannert <aaron clove.org>] ++ ++ *) Eliminate the wasteful run-time conversion of method names from strings ++ to numbers in places where the methods are known at compile time. ++ [Brian Pane <bpane pacbell.net>] ++ ++ *) Turn the worker MPM's queue into a LIFO. This may ++ improve cache-hit performance under some conditions. ++ [Aaron Bannert <aaron clove.org>] ++ ++ *) Switch back to SIGUSR1 for graceful restarts on all platforms that ++ support it. [Justin Erenkrantz] ++ ++ *) Cleanup the worker MPM. We no longer re-use transaction ++ pools. This incurs less overhead than shuffling the pools ++ around so that they can be re-used. Remove one of the ++ queue's condition variables. We just redefined the API to ++ state that you can't try to add more stuff than you allocated ++ segments for. [Aaron Bannert <aaron clove.org>] ++ ++ *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>] ++ ++ *) Fixed persistent connections when a request contains a body. ++ [Greg Stein] ++ ++ *) mod_dav uses a new API to speak to the backend provider for dead ++ property management. [Greg Stein] ++ ++ *) Remove the Win32 script-processing exception from mod_cgi, and ++ roll build_command_line/build_argv_list into a unified, overrideable ++ ap_cgi_build_command optional function. [William Rowe] ++ ++ *) Rewrite find_start_sequence to use a better search algorithm ++ to find the start tag. [Justin Erenkrantz] ++ ++ *) Fix a seg fault in mod_include. When we are generating an ++ internal redirect, we must set r->uri to "", not a bogus ++ string, and not NULL. [Ryan Bloom] ++ ++ *) Optimized location_walk, so subrequests, redirects and second passes ++ now reuse previous section merges on a <Location > by <Location > ++ basis, until we mismatch with the original location_walk. ++ [William Rowe] ++ ++ *) Back out the 1.45 change to util_script.c. This change made ++ us set the environment variable REQUEST_URI to the redirected ++ URI, instead of the originally requested URI. ++ [Taketo Kabe <kabe sra-tohoku.co.jp>] ++ ++ *) Make mod_include do lazy evaluation of potentially expensive to ++ compute variables. [Brian Pane <bpane pacbell.net>] ++ ++ *) Fix logging of bytes sent for HEAD requests. %b and %B should ++ log either - or 0, before this patch, they were both logging ++ the file size. [Taketo Kabe <kabe sra-tohoku.co.jp>] ++ ++ *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather ++ than per character. [Brian Pane <bpane pacbell.net>] ++ ++ *) Normalize the primary request, redirects and sub-requests to ++ run the same ap_process_request_internal for consistency in ++ robustness, behavior and security. [William Rowe] ++ ++ *) Fix a segfault with mod_include when r->path_info is not set ++ (which is the case with mod_proxy). [Ian Holsman <ianh cnet.com>] ++ ++ *) Add -X functionality back. This indicates to all MPMs and any other ++ part of Apache that it should run in "debug" mode. [Justin Erenkrantz] ++ ++ *) Some initial support for the cygwin platform [prefork only]. ++ This is not to be confused with support for the WinNT/Win32 ++ platform, which is the recommended configuration for native ++ Win32 users. The cygwin platform support is recommended for ++ cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>] ++ ++ *) Changed syntax of Set{Input|Output}Filter. The list of filters ++ must be semicolon delimited (if more than one filter is given.) ++ The Set{Input|Output}Filter directive now overrides a parent ++ container's directive (e.g. SetInputFilter in <Directory /web/foo> ++ will override any SetInputFilter directive in <Directory /web>.) ++ This new syntax is more consistent with Add{Input|Output}Filter ++ directives defined in mod_mime. Also cures a bug in prior releases ++ where the Set{Input|Output}Filter directive would corrupt the ++ global configuration if the multiple directives were nested. ++ [William Rowe] ++ ++ *) Cured what's ailed mime for quite some time. If an AddSomething ++ was given in the configuration (Language, Charset, Handler or ++ Encoding) Apache would set the content type as given by AddType, ++ but refused to check the mime.types file if AddType wasn't given ++ for that specific extension. Setting the AddHandler for .html ++ without setting the AddType text/html html would cause Apache to ++ use the default content type. [William Rowe] ++ ++ *) Added some bulletproofing to memory allocation in the LDAP cache ++ code. [Graham Leggett] ++ ++Changes with Apache 2.0.25 ++ ++ *) Move the installed /manual directory out of the /htdocs/ tree, so ++ that it can be kept more independently from the remaining document ++ root. The "Alias /manual ..." already allowed for easy projection ++ into existing private document trees. [Martin Kraemer] ++ ++ *) Add specified user attributes to the environment when using ++ mod_auth_ldap. This allows you to use mod_include to embed specified ++ user attributes in a page like so: ++ Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you? ++ [Graham Leggett] ++ ++ *) Fix a performance problem with the worker MPM. We now create ++ transaction pools once, and re-use them for each connection. ++ [Aaron Bannert <aaron clove.org>] ++ ++ *) Modfied mod_mime to prevent mod_negotation from serving a multiview ++ of a 'handler' or 'filter', so that any filename extension that does ++ not contribute to the negotiated metadata can't be served without ++ an explicit request. E.g., if the .Z extension is associated with ++ an unzip filter, the user request somefile.Z.html, mod_negotiation ++ won't serve it. It can serve somefile.Z.html when somefile.Z is ++ requested, since the .Z extension is explictly requested, if the ++ .html extension is associated with ContentType text/html. ++ [William Rowe] ++ ++ *) Introduce the AddInputFilter filter[;filter...] ext [ext...] ++ and corresponding AddOutputFilter syntax, to insert one or more ++ filters by mod_mime filename extension processing. ++ [William Rowe] ++ ++ *) Fix a growing connection pool in core_output_filter() for ++ keepalive requests. [Jeff Trawick] ++ ++ *) Moved split_and_pass_pretag_buckets back to being a ++ macro at Ryans's request. Removed the return from it ++ by setting and returning a return code instead. Updated ++ the code to check the return code from the macro and ++ do the right thing. [Paul J. Reder] ++ ++ *) Fix a segfault when a numeric value was received for Host:. ++ [Jeff Trawick] ++ ++ *) Add a function ap_remove_input_filter. This is to match ++ up with ap_remove_output_filter. [Ryan Bloom] ++ ++ *) Clean up location_walk, so that this step performs a minimum ++ amount of redundant effort (it must be run twice, but it will no ++ longer reparse all <Location > blocks when the request uri ++ hadn't changed.) [William Rowe] ++ ++ *) Eliminate proxy: (and all other 'special') processing from the ++ ap_directory_walk() phase. Modules that want to use special ++ walk logic should refer to the mod_proxy map_to_location example, ++ with it's proxy_walk and proxysection implementation. This makes ++ either directory_walk flavor much more legible, since that phase ++ only runs against real <Directory > blocks. ++ [William Rowe] ++ ++ *) SECURITY: Fix a security problem in mod_include which would allow ++ an SSI document to be passed to the client unparsed. ++ [Cliff Woolley, Brian Pane] ++ ++ *) Introduce the map_to_storage hook, which allows modules to bypass ++ the directory_walk and file_walk for non-file requests. TRACE ++ shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the ++ directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c. ++ [William Rowe] ++ ++ *) Add the ability for mod_include to add the INCLUDES filter ++ if the file is configured for the server-parsed handler. ++ This makes the configuration for .shtml files much easier ++ to understand, and allows mod_include to honor Apache 1.3 ++ config files. Based on Doug MacEachern's patch to PHP ++ to do the same thing. [Ryan Bloom] ++ ++ *) force OpenSSL to ignore process local-caching and to always ++ get/set/delete sessions using mod_ssl's callbacks ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, ++ Geoff Thorpe <geoff geoffthorpe.net>] ++ ++ *) Make the worker MPM shutdown and restart cleanly. This also ++ cleans up some race conditions, and gets the worker using ++ pools more cleanly. [Aaron Bannert <aaron clove.org>] ++ ++ *) Implement CRYPTO_set_locking_callback() in terms of apr_lock ++ for mod_ssl ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>] ++ ++ *) Fix for mod_include. Ryan's patch to check error ++ codes put a return in the wrong place. Also, the ++ include handler return code wasn't being checked. ++ I don't like macros with returns, so I converted ++ SPLIT_AND_PASS_PRETAG_BUCKETS into a function. ++ [Paul J. Reder <rederpj raleigh.ibm.com>] ++ ++ *) fix segv in mod_mime if no AddTypes are configured ++ [John Sterling <sterling covalent.net>] ++ ++ *) Enable ssl client authentication at SSL_accept time ++ [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>] ++ ++ *) Fix a segfault in mod_include when the original request has no ++ associated filename (e.g., we're filtering the error document for ++ a bad URI). [Jeff Trawick] ++ ++ *) Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick] ++ ++ *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy ++ of httpd is started and shuts down due to socket conflict. Moving the ++ call to ap_log_pid solves the problem. ++ ++ *) Changed the late-1.3 log_config substitution %c to %X, to log the ++ status of the closed connection, as it conflicts with the far more ++ common, historical ssl logging directive %...{var}c. [William Rowe] ++ ++ *) Added the common error/ tree to the build/install targets ++ (similar to the common icons/ tree) for the multi-language error ++ messages that Lars committed earlier. [William Rowe] ++ ++ *) Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard] ++ ++ *) Added a default commented-out mod_ldap and mod_auth_ldap ++ configuration to httpd-std.conf and httpd-win.conf ++ [Graham Leggett] ++ ++ *) Added documentation for mod_ldap and mod_auth_ldap. ++ [Graham Leggett] ++ ++ *) Enabled negative caching on attribute comparisons in the LDAP cache. ++ Fixed a problem where the default cache TTL was set in milliseconds ++ not microseconds causing the cache to time out almost immediately. ++ [Graham Leggett] ++ ++ *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP ++ module code to follow APR. [Graham Leggett] ++ ++ *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now ++ cleaned up when the connection pool pool is cleaned up. ++ [Graham Leggett] ++ ++ *) Fix a minor issue with Jeff Trawick's mod_include ++ patch. Without this patch, the code will just allocate ++ more bytes in get_combined_directive than are needed. ++ [Paul Reder] ++ ++ *) Added the LDAP authentication module mod_auth_ldap. ++ [Dave Carrigan <dave rudedog.org>, Graham Leggett] ++ ++ *) Added the LDAP cache and connection pooling module mod_ldap. ++ [Dave Carrigan <dave rudedog.org>, Graham Leggett] ++ ++ *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest ++ by allowing a module to disable itself if its prerequisites are not ++ met. [Justin Erenkrantz] ++ ++Changes with Apache 2.0.24 ++ ++ *) Fix a couple of issues in mod_include when the tag appeared at ++ offsets near 8192 in the file being parsed. [Jeff Trawick] ++ ++ *) Fix an assertion failure in mod_ssl when the keepalive timeout is ++ reached. [Jeff Trawick] ++ ++ *) Numerous improvements to the Win32 build system. Introduced command line ++ builds without requiring .mak files for MSVC 6.0 and later versions. ++ Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users. ++ [William Rowe] ++ ++ *) Assorted corrections and improvements to the winnt_mpm startup code. Better ++ reporting of uninstalled services and other error conditions, and changed the ++ default service name to Apache2. [William Rowe] ++ ++ *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm ++ compatibility with existing Apache 1.3 Win32 Apache management utilites. ++ [Mladen Turk <mturk mappingsoft.com>, William Rowe] ++ ++ *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20. ++ [William Rowe, Greg Ames] ++ ++ *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage ++ and RemoveCharset directives. [William Rowe] ++ ++ *) The Unix MPMs other than perchild now allow child server ++ processes to use the accept mutex when starting as root and ++ using SysV sems for the accept mutex. Previously, this ++ combination would lead to fatal errors in the child server ++ processes. perchild can't use SysV sems because of security ++ issues. [Jeff Trawick, Greg Ames] ++ ++ *) Added Win32 revision stamp resources to all http binaries ++ (including modules/ and support/ tools.) PR7322 [William Rowe] ++ ++ *) Fix ap_rvprintf to support more than 4K of data at one time. ++ [Cody Sherr <csherr covalent.net>] ++ ++ *) We have always used the obsolete/deprecated Netscape syntax ++ for our tracking cookies; now the CookieStyle directive ++ allows the Webmaster to choose the Netscape, RFC2109, or ++ RFC2965 format. The new CookieDomain directive allows the ++ setting of the cookie's Domain= attribute, too. PR #s 5006, ++ 5023, 5920, 6140 [Ken Coar] ++ ++ *) Tweak server/Makefile so that the rules for generating exports.c ++ are compatible with make utilities which don't expand wildcards ++ in a dependency list (e.g., OS/390 make, certain levels of GNU ++ make). [Jeff Trawick] ++ ++ *) Install the SSL headers. [John Sterling <sterling covalent.net>] ++ ++ *) Begin to sanitize the MPM configuration directives. Now, all ++ MPMs use the same functions for all common MPM directives. This ++ should make it easier to catch all bugs in these directives once. ++ [Cody Sherr <csherr covalent.net>] ++ ++ *) Close a major resource leak. Every time we had issued a ++ graceful restart, we leaked a socket descriptor. ++ [Ryan Bloom] ++ ++ *) Fix a problem with the new method code. We need to cast ++ the 1 to an apr_int64_t or it will be treated as a 32-bit ++ integer, and it will wrap after being shifted 32 times. ++ [Cody Sherr <csherr covalent.net> and Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Fix a bug in mod_expires. Previous to this patch, if you ++ told mod_expires to add 604800 seconds to the last-modified ++ time, it actually added 604800 usec's to the last-modified time, ++ so that when looking at the response it looked like nothing ++ had been done. The root of the problem was that we always compute ++ time in usec's, but we ask users to input sec's. This means we ++ need to convert to usec's before using those values. ++ [Ryan Bloom] ++ ++ *) The worker MPM now handles shutdown and restart requests. It ++ definitely isn't perfect, but we do stop the servers correctly. ++ The biggest problem right now is that SIGHUP causes the server to ++ just die. [Ryan Bloom] ++ ++Changes with Apache 2.0.23 ++ ++ *) Use the prefork MPM by default on Unix. [various] ++ ++ *) Added a systray icon monitor application for Win32. ++ [Mladen Turk <mturk mappingsoft.com>] ++ ++ *) mod_rewrite: Fix the line ending on some non-Unix systems for ++ messages written to the rewrite log. ++ [Richard Labennett <rlabenn us.ibm.com>] ++ ++ *) All mod_autoindex query parsing is now quietly quashed with the ++ IndexOption IgnoreClient. The IndexOption SuppressColumnSorting ++ still drops the column sort <a href>'s for the column headers, but ++ IgnoreClient is required to ignore these Query options entirely. ++ [William Rowe] ++ ++ *) Introduced new mod_autoindex query argument parsing for F=[0|1|2] ++ to allow the client to select plain, FancyIndexing or HTMLTable ++ formatting, V=[0|1] to inhibit or enable version sorting, and ++ P=pattern to return only specific files. The old Query Arguments ++ were reorganized as C=f for sorting column 'f' (same N, D, S, or M ++ as before), and O=A|D for ordering ascending or descending. ++ [William Rowe] ++ ++ *) Fixed an error in mod_include's directive parsing routines which ++ caused #if, #elif, and #else expressions containing backslashes ++ to be improperly evaluated. [Cliff Woolley] ++ ++ *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to ++ drop the icon column, SuppressRules to drop the <hr> elements, ++ and HTMLTable to create rudimentary HTML table listings (implies ++ FancyIndexing). [William Rowe] ++ ++ *) Re-introduced the mod_autoindex IndexOptions flag TrackModified ++ from Apache 1.3.15. This is needed for two reasons, first, given ++ multiple machines within a server farm, ETags and Last-Modified ++ stamps won't correspond from machine to machine, and second, many ++ Unixes don't capture changes to the date or time stamp of existing ++ files, since these don't modify the dirent itself. [William Rowe] ++ ++ *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst ++ and DirectoryWidth options from Apache 1.3.10. ++ [William Rowe, Ken Coar] ++ ++ *) Eliminated FancyIndexing directive, deprecated early in Apache ++ 1.3 by the IndexOptions FancyIndexing syntax. [William Rowe] ++ ++ *) mod_autoindex now excludes any file names that would result in ++ an error, other than a success or redirect. Also optimized ++ the parent directory, always included except in the URI '/'. ++ [William Rowe] ++ ++ *) Refactored mod_negotiation and mod_mime to help mod_dir accept ++ negotiated index pages, and prevent the server from defaulting ++ to an autoindex of the directory. mod_negotiation will now die ++ with a 500 Internal Error if it could match some filenames ++ (e.g. for mod_dir) but none can be served. mod_negotation now ++ refuses to serve any file with an extention that mod_mime doesn't ++ recognize, and wasn't part of the request. [William Rowe] ++ ++ *) Eliminate mod_cgi's handling of .exe files without the .exe file ++ extension. This is already handled by multiviews, if the admin ++ wishes to AddHandler .exe or define a content type handler and ++ associate .exe files with that content type. Multiviews must be ++ enabled to allow these to be served. [William Rowe] ++ ++ *) Speed up the server's response to a spike in incoming workload ++ or restarts by assigning empty scoreboard slots to new processes ++ when they are available. [Greg Ames] ++ ++ *) Add a handler to mod_includes.c. This handler is designed to ++ implement the XbitHack directive. This can't be done with a ++ fixup, because we need to check the content-type, which is ++ only available in the handler phase. [Ryan Bloom] ++ ++ *) Make the includes filter check return codes from filters lower in ++ the filter chain. If a lower level filter returns an error, then ++ the request needs to stop immediately. This allows mod_include to ++ stop parsing data once a lower filter recognizes an error. ++ [Ryan Bloom] ++ ++ *) Add the ability to extend the methods that Apache understands ++ and have those methods <limit>able in the httpd.conf. It uses ++ the same bit mask/shifted offset as the original HTTP methods ++ such as M_GET or M_POST, but expands the total bits from an int to ++ an ap_int64_t to handle more bits for new request methods than ++ an int provides. [Cody Sherr <csherr covalent.net>] ++ ++ *) Fix broken mod_mime behavior in merging its arguments. Possible ++ cause of unexplicable crashes introduced in 2.0.20. [William Rowe] ++ ++ *) Solve many mod_ssl porting issues (too many to detail) with ++ help from the whole team, but most notably [Ralf S. Engelschall, ++ Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, ++ Doug MacEachern, William Rowe, Cliff Woolley] ++ ++ *) More stall fixes for the threaded & worker mpm's. ++ Make mod_status output more accurate. Don't ++ count workers in processes which aren't actively ++ serving requests. [Greg Ames] ++ ++ *) Win32: Get SSI exec cgi tag working. [Bill Stoddard] ++ ++ *) Add a single listener/multiple worker MPM. This MPM is ++ definately not fully correct, but it allows us to solve many ++ of the problems that exist in the threaded MPM. This is a ++ modified version of the threaded MPM. [Ryan Bloom] ++ ++ *) Improve content generation throughout Apache, providing closer ++ compliance with HTML 3.2, HTML 4.01 Transitional and XHTML 1.0 ++ Transitional specifications. [William Rowe] ++ ++Changes with Apache 2.0.22 ++ ++ *) Fix a problem where the threaded MPM stalls after restarts or ++ segfaults. Also prevent multiple active processes from using ++ the same scoreboard slot. [Greg Ames] ++ ++ *) Apache/Win32 now fills in the service description with Apache's ++ server version string, including loaded and advertised modules. ++ [William Rowe] ++ ++ *) Improved support for the Win32 build, to recover gracefully from ++ missing apr or apr-util directories or the awk interpreter, ++ create the proper cgi-bin examples, including a test-cgi.bat, and ++ fix the perl shebang line for printenv.pl, when installing from ++ the build environment. [William Rowe] ++ ++ *) Fix a segfault in threaded.c caused by passing uninitialized ++ apr_thread_t * to apr_thread_join(). [Jeff Trawick] ++ ++ *) Use new APR number conversion functions to reduce CPU consumption ++ when setting the content length, and in mod_log_config. ++ [Brian Pane] ++ ++ *) Fix problem reported by Taketo Kabe <kabe sra-tohoku.co.jp> ++ where HEAD response headers were being repeated twice for ++ files greater than 32K bytes (4*AP_MIN_BYTES_TO_WRITE). This ++ problem in the http_header filter was exposed by the recent rewrite ++ of the content_length filter. [Taketo Kabe, Bill Stoddard] ++ ++ *) Fix seg faults in mod_status with ExtendedStatus enabled, after ++ restarts. A garbage pointer to a vhost's server_rec from the ++ previous generation was being left around under certain ++ conditions. [Greg Ames] ++ ++ *) Fix a cosmetic problem with mod_include. Non-existant SSI vars ++ used to appear as '(none', without the closing paren. ++ [Günter Knauf <eflash gmx.net>] ++ ++ *) Improve the exports generating awk script. In the past, we had ++ work around problems in the awk script by avoiding some #if and ++ #ifdefs. This has bitten us many times in generating the exports.c ++ file. This improvement allows corrects the header file parsing. ++ [Sander Striker <striker apache.org>] ++ ++Changes with Apache 2.0.21 ++ ++ *) Resolve the Win32 htpasswd bug, where a file that existed would be ++ overwritten, regardless of the -c flag. ++ [William Rowe, Mladen Turk <mladen.turk mail.inet.hr>] ++ ++ *) Introduce connection sub-pools into ab. Truncating the lifetime ++ of these allocations means that ab no longer perpetually grows ++ its working set, running out of memory on large request attempts. ++ [William Rowe] ++ ++ *) Make scoreboard creation a hook. This allows management ++ modules to have access to the scoreboard at the time that it is ++ created, and at every restart request. ++ [Cody Sherr <csherr covalent.net>] ++ ++ *) Changed AP_MPMQ_MAX_DAEMONS to refer to MaxClients and ++ added an AP_MPMQ_MAX_DAEMON_USED to refer to the highest ++ daemon index actually used in the scoreboard. I also ++ updated the pertinent calls. [Paul J. Reder] ++ ++ *) Win32: Prevent listening sockets from being inherited by ++ the Apache child process, CGI scripts, rotatelog process ++ etc. If the Apache child process segfaults, any processes ++ that the child started are not reaped. Prior to this fix, ++ these processes inherited the listening sockets which sometimes ++ prevented the restarted Apache child process from accepting ++ connections (ie, the server would hang). ++ [Bill Stoddard] ++ ++ *) Provide vhost and request strings when ExtendedStatus is on. ++ [Greg Ames] ++ ++ *) Fix some issues with the pod and prefork: check the pod *after* ++ processing a connection so that a server processing a time- ++ consuming request bails out as soon as practical; when the ++ parent process wakes up a server process via connect(), use an ++ APR timeout on the connect() so that we don't hang for a long ++ time if there aren't server processes around to do accept(). ++ [Jeff Trawick, Greg Ames] ++ ++ *) Performance improvement to mod_mime.c. find_ct() in mod_mime, ++ spends a lot of time in apr_table_get calls. Using the default ++ httpd.conf, the tables for languages and charsets are somewhat ++ large, so the time spent scanning them on each request is ++ significant. Replacing the tables with hash tables provides ++ a nice speedup. [Brian Pane <bpane pacbell.net>] ++ ++ *) Add two functions to allow modules to access random parts of the ++ scoreboard. This allows modules compiled for one MPM to access the ++ scoreboard, even if it the server was compiled for another MPM. ++ [Harrie Hazewinkel <harrie covalent.net>] ++ ++Changes with Apache 2.0.20 ++ ++ *) Fix problem in content-length filter where the filter would ++ buffer all the output from a CGI before sending any bytes ++ down the filter stack to the network. This problem would cause ++ significant memory consumption if the CGIs generated ++ lots of bytes. [Bill Stoddard] ++ ++ *) Get non-blocking CGI pipe reads working with the bucket brigades. ++ [Bill Stoddard] ++ ++ *) Fix seg fault on Windows when serving files cached with mod_file_cache. ++ [Bill Stoddard] ++ ++ *) Fix a bug in the threaded MPM that would cause it to kill off all ++ workers immediately after starting if the number of workers started ++ was above a certain threshold. [Ryan Bloom, Bill Stoddard] ++ ++Changes with Apache 2.0.19 ++ ++ *) Fix problem with threaded MPM. The problem was that if each child ++ process was busy serving a single long-lived request and the server ++ was sent a graceful restart signal, the server would stop serving ++ requests. This would happen because each child process would wait to ++ die until the last thread was done, and the parent wouldn't spawn any ++ new children until a process died. Now, the parent looks at the fact ++ that the children are dying gracefully, and starts new children. ++ Those new children only start enough threads to compliment the number ++ of threads in the other child process that shares the same spot in ++ the scoreboard. In this way, we make sure to never go over ++ MaxClients. [Ryan Bloom] ++ ++ *) modified mod_negotiation and mod_autoindex to speed up by almost a ++ factor of two on apr_dir_read()-enhanced platforms, such as Win32 ++ and OS2, by calling ap_sub_request_lookup_dirent() with the results ++ already provided by apr_dir_read(). [William Rowe] ++ ++ *) mod_file_cache is now more robust to filtering and serves requests ++ slightly more efficiently. [Cliff Woolley] ++ ++ *) Fix problem handling FLUSH bucket in the chunked encoding filter. ++ Module was calling ap_rwrite() followed by ap_rflush() but the ++ served content was not being displayed in the browser. Inspection ++ of the output stream revealed that the first data chunk was ++ missing the trailing CRLF required by the RFC. [Bill Stoddard] ++ ++ *) apxs no longer generates ap_send_http_header() in the example handler ++ ++ *) Fix an ab problem which could cause a divide-by-zero exception ++ with certain invocations (e.g., ab -k -c 6 -n 100 localhost/). ++ [Ian Holsman <ianh cnet.com>] ++ ++ *) Solve case-insensitive platforms' confusion about negotiated ++ filenames, allowing files of differnt case to match in choosing ++ the document to serve. [William Rowe] ++ ++ *) Fix brokenness when ThreadsPerChild is higher than the built-in ++ limit. We left ap_threads_per_child at the higher value which ++ led to segfaults when doing certain scoreboard operations. ++ [Jeff Trawick] ++ ++ *) Fix seg faults and/or missing output from mod_include. The ++ default_handler was using the subrequest pool for files and ++ MMAPs, even though the associated APR structures typically ++ live longer than the subrequest. [Greg Ames] ++ ++ *) Extend mod_setenvif to support specifying regular expressions ++ on the SetEnvIf (and SetEnvIfNoCase) directive attribute field. ++ Example: SetEnvIf ^TS* [a-z].* HAVE_TS ++ will cause HAVE_TS to be set if any of the request headers begins ++ with "TS" and has a value that begins with any character in the ++ set [a-z]. [Bill Stoddard] ++ ++ *) httpd children now re-bind themselves to a random CPU on ++ multiprocessor systems on AIX via bindprocessor() in 2.0. ++ [Victor J. Orlikowski] ++ ++ *) Fix htdigest. It would go into a loop in getline when adding ++ a second user. [Bill Stoddard] ++ ++ *) Win32 platforms now fully support mod_userdir options. [Will Rowe] ++ ++ *) Automatically generate httpd.exp for AIX. ++ DSOs now work again on AIX in 2.0 ++ [Victor J. Orlikowski] ++ ++ *) Add a new request hook, error_log. This phase allows modules ++ to act on the error log string _after_ it has been written ++ to the error log. The goal for this hook is to allow monitoring ++ modules to send the error string to the monitoring agent. ++ [Ryan Bloom] ++ ++ *) Modify mod_echo to make it use filters for input and output. ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Extend mod_headers to support conditional driven Header ++ add, append and set. Use SetEnvIf to set an envar and conditionally ++ add/append/set headers based on this envar thusly: ++ ++ SetEnvIf TSMyHeader value HAVE_TSMyHeader ++ Header add MyHeader "%t %D" env=HAVE_TSMyHeader ++ ++ If the request contains header "TSMyHeader: value" then header ++ MyHeader: "t=xxxxxxxxxx D=yyyy" will be sent on the response. ++ [Bill Stoddard] ++ ++ *) Extend mod_headers to support using format specifiers on Header ++ add, append and set header values. Two format specifiers are supported: ++ ++ %t - reports, in UTC microseconds since the epoch, when the ++ request was received. ++ ++ %D - reports the time, in microseconds, between when the request was ++ received and the response sent. ++ ++ Examples: ++ Header add MyHeader "This request served in %D microseconds. %t" ++ ++ results in a header being added to the response that looks like this: ++ ++ MyHeader: This request served in D=5438 microseconds. t=991424704447256 ++ ++ [Bill Stoddard] ++ ++ *) Fix reset_filter(). We need to be careful how we remove filters. ++ If we set r->output_filters to NULL, we also have to reset the ++ connection's filters. [John Sterling] ++ ++ *) Optimise reset_filter() in http_protocol.c. [Greg Stein] ++ ++ *) Add a check to ap_die() to make sure the filter stack is sane and ++ contains the correct basic filters when an error occurs. This fixes ++ a problem where headers are not being sent on error. [John Sterling] ++ ++ *) New Header directive 'echo' option. "Header echo regex" will ++ cause any headers received on the request that match regex to be ++ echoed to (included in) the response headers. ++ [Bill Stoddard] ++ ++ *) include/ap_compat.h tested and set APR_COMPAT_H instead of AP_COMPAT_H. ++ This prevented the inclusion of apr_compat.h. PR #7773 ++ [Oleg Broytmann <phd phd.pp.ru>] ++ ++ *) Moved util_uri to the apr-util library. This required a bunch of ++ apr_name changes for the uri utility functions. [Justin Erenkrantz] ++ ++ *) Move the addition of default AP_HTTP_HTTP_HEADER filters to the ++ insert_filter phase so that other filters are not bypassed by default. ++ [Graham Leggett] ++ ++ *) Reimplement mod_headers as an output filter. mod_headers can now ++ add custom headers to inbound requests using the RequestHeader directive ++ and to responses using the same old Header directive. [Graham Leggett] ++ ++Changes with Apache 2.0.18 ++ ++ *) Fix command-line processing so that if a bad argument is specified ++ Apache will exit. [Jeff Trawick] ++ ++ *) Change the make targets and rules to be consistent in all of the ++ Apache-owned source trees. [Roy Fielding] ++ ++ *) Fix processing of the TRACE method. Previously we passed bogus ++ parms to form_header_field() and it overlaid some vhost structures, ++ resulting in a segfault in check_hostalias(). ++ [Greg Ames, Jeff Trawick] ++ ++ *) Win32: Add support for reliable piped logs. If the logging process ++ goes down, Apache will automatically restart it. This function has ++ been part of Apache on Unix/Linux/BSD since the early v1.3 releases. ++ [Bill Stoddard] ++ ++ *) Do not start piped log processes during the config file ++ preflight. This change also circumvents a problem on ++ Windows where the rotatelog processes created during preflight ++ was not getting cleaned up properly. ++ [Bill Stoddard] ++ ++ *) add "Request Phase Participation" info to mod_info ++ [Doug MacEachern] ++ ++ *) Make first phase changes to the scoreboard data structures in ++ preparation for the rewriting of the scoreboard per my posted ++ design notes. [Paul J. Reder] ++ ++ *) Fix httpd's definition of LTFLAGS to be consistent with that of apr ++ and apr-util, allow it to be overridden by the configure command-line ++ (default="--silent") and introduce LT_LDFLAGS to replace what we were ++ formerly abusing as LTFLAGS. [Roy Fielding] ++ ++ *) Clean up the reporting of incorrect closing container tags. ++ [Barrie Slaymaker <barries slaysys.com>] ++ ++ *) Simplify the configure process by moving all libtool stuff to APR ++ and moving hints.m4 inline. [Roy Fielding] ++ ++ *) Add the AP_DECLARE()/AP_CORE_DECLARE macros on the return types ++ of functions used by mod_proxy for export in the DLL ++ [Ian Holsman <IanH cnet.com>] ++ ++ *) Prevent a hang when a cgi handled by mod_cgid tries to read a ++ request body from its stdin but no reqest body is being written to ++ the cgi. [Jeff Trawick] ++ ++ *) mod_log_config: %c connection status incorrectly logged ++ as "-" (non-keepalive) when MaxKeepAliveRequests is set to 0. ++ [Bill Stoddard] ++ ++ *) Get mod_cern_meta working under Windows ++ [Bill Stoddard] ++ ++ *) Create Files, and thus MMAPs, out of the request pool, not the ++ connection pool. This solves a small resource leak that had us ++ not closing files until a connection was closed. In order to do ++ this, at the end of the core_output_filter, we loop through the ++ brigade and convert any data we have into a single HEAP bucket ++ that we know will survive clearing the request_rec. ++ [Ryan Bloom, Justin Erenkrantz <jerenkrantz ebuilt.com>, ++ Cliff Woolley] ++ ++ *) Completely revamp configure so that it preserves the standard make ++ variables CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS and LIBS by moving ++ the configure additions to EXTRA_* variables. Also, allow the user ++ to specify NOTEST_* values for all of the above, which eliminates the ++ need for THREAD_CPPFLAGS, THREAD_CFLAGS, and OPTIM. Fix the setting ++ of INCLUDES and EXTRA_INCLUDES. Check flags as they are added to ++ avoid pointless duplications. Fix the order in which flags are given ++ on the compile and link lines. Remove obsolete macros APR_DOEXTRA, ++ AC_ADD_LIBRARY, AC_CHECK_DEFINE, APACHE_PASSTHRU, and APACHE_ONCE. ++ Added APR_SAVE_THE_ENVIRONMENT and APR_RESTORE_THE_ENVIRONMENT macros. ++ Renamed AC_TYPE_RLIM_T macro to APACHE_TYPE_RLIM_T. [Roy Fielding] ++ ++ *) Get mod_tls to compile/work better on Windows. PR #7612 ++ [Bernhard Schrenk <b.schrenk improx.com>] ++ ++ *) Fix shutdown/restart hangs in the threaded MPM. ++ [Jeff Trawick, Greg Ames, Ryan Bloom] ++ ++ *) Removed the keptalive boolean from conn_rec because it is now only ++ used by a single routine and can be replaced by a local variable. ++ [Greg Stein, Ryan Bloom, Roy Fielding] ++ ++ *) Patch prefork to put enough of the signal processing back in so that ++ signals are all handled properly now. The previous patch fixed the ++ deadlock race condition, but broke the user directed signal handling. ++ This fixes it to work the way it did before my previous prefork patch ++ (primarily, SIGTERM is now working). ++ ++ *) Change how input filters decide how much data is returned to the ++ higher filter. We used to use a field in the conn_rec, with this ++ change, we use an argument to ap_get_brigade to determine how much ++ data is retrieved. [Ryan Bloom] ++ ++ *) Fix seg fault at start-up introduced by Ryan's change to enable ++ modules to specify their own logging tags. mod_log_config ++ registers an optional function, ap_register_log_handler(). ++ ap_register_log_handler() was being called by http_core before ++ the directive hash table was created. This patch creates the ++ directive hash table before ap_register_log_handler() is ++ registered as an optional function. ++ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>] ++ ++ *) Add ap_set_int_slot() function ++ [John K. Sterling <sterling covalent.net>] ++ ++ *) Under certain circumstances, Apache did not supply the ++ right response headers when requiring authentication. ++ [Gertjan van Wingerde <Gertjan.van.Wingerde cmg.nl>] PR#7114 ++ (This is a port of the change that went into Apache 1.3.19.) ++ ++ *) Allow modules to specify their own logging tags. This basically ++ allows a module to tell mod_log_config that when %x is encountered ++ a specific function should be called. Currently, x can be any single ++ character. It may be more useful to make this a string at some point. ++ [Ryan Bloom] ++ ++Changes with Apache 2.0.17 ++ ++ *) If a higher-level filter handles the byterange aspects of a ++ request, then the byterange filter should not try to redo the ++ work. The most common case of this happening, is a byterange ++ request going through the proxy, and the origin server handles ++ the byterange request. The proxy should ignore it. ++ [Graham Leggett <minfrin sharp.fm>] ++ ++ *) Changed the threaded mpm to have child_main join to each of the ++ worker threads to make sure the kids are all gone before child_main ++ exits after a signal (cleanup from perform_idle_server_maintenance). ++ This is an extension of Ryans recent commit to make the child_main ++ the signal thread. ++ ++ *) Add more options to the ap_mpm_query function. This also allows MPMs to ++ report if their threads are dynamic or static. Finally, this also ++ implements a new API, ap_show_mpm, which returns the MPM that was ++ required into the core. [Harrie Hazewinkel <harrie covalent.net>] ++ ++ *) Do not install the binaries from the support directory twice. ++ [jun-ichiro hagino <itojun iijlab.net>] ++ ++ *) The ap_f* functions should flush data to the filter that is passed ++ in, not the filter after the one passed in. ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Make ab work again by changing its native types to apr types and formats. ++ [Justin Erenkrantz <jerenkrantz ebuilt.com>] ++ ++ *) Move the byterange filter and all of the supporting functions back ++ to the HTTP module. The byterange filter turned out to be very ++ HTTP specific, and it belongs in the HTTP module. [Greg Stein] ++ ++ *) Make clean, distclean, and extraclean consistently according to the ++ Gnu makefile guidelines. [Justin Erenkrantz <jerenkrantz ebuilt.com>] ++ ++ *) Fix errors in the renaming of the apr_threadattr_detach_xxx functions. ++ This may have been causing problems stopping processes in the threaded ++ mpm's. [Greg Ames] ++ ++ *) Fix content-length in mod_negotiation to a long int representation. ++ [William Rowe] ++ ++ *) Remove BindAddress from the default config file. ++ [<giles nemeton.com.au>] ++ ++ *) Allow module authors to add a module to their Apache build using ++ --with-module, without re-running buildconf. The syntax is: ++ --with-module=module_type:/path/to/module.c ++ The configure script will copy the module.c file to ++ modules/module_type, and it will be added to the relevant Makefiles. ++ currently, this only works for static modules. [Ryan Bloom] ++ ++ *) Changes required to make prefork clean up idle children properly. ++ There was a window during which a starting worker deadlocks when ++ an idle cleanup arrives before it completes init. Apache then keeps ++ trying to cleanup the same deadlocked worker forever (until higher ++ pids come along, but it still will never reduce below the deadlocked ++ pid). Thus the number of children would not reduce to the correct ++ idle level. [Paul J. Reder] ++ ++Changes with Apache 2.0.16 ++ ++ *) Change the default installation directory to /usr/local/apache2, ++ as now defined by the "Apache" layout in config.layout. [Marc Slemko] ++ ++ *) OS/2: Added support for building loadable modules as OS/2 DLLs. ++ [Brian Havard] ++ ++ *) Get MaxRequestsPerChild working with the Windows MPM. ++ [Bill Stoddard] ++ ++ *) Make generic hooks to work, with mod_generic_hook_import/export ++ experimental modules. [Ben Laurie, Will Rowe] ++ ++ *) Fix segfaults for configuration file syntax errors such as ++ "<Directory>" followed by "</Directory" and ++ "<Directory>" followed by "</Directoryz>". [Jeff Trawick] ++ ++ *) Cleanup the --enable-layout option of configure. This makes ++ us use a consistent location for the config.layout file, and it ++ makes configure more portable. ++ [jun-ichiro hagino <itojun iijlab.net>] ++ ++ *) Changes to 'ab'; fixed int overrun's, added statistics, output in ++ csv/gnuplot format, rudimentary ssl support and various other tweaks ++ to make results more true to what is measured. The upshot of this it ++ turns out that 'ab' has often underreported the true performance of ++ apache. Often by a order of magnitude :-) See talk/paper of Sander ++ Temme at April ApacheCon 2001 for details. ++ [Dirk-Willem van Gulik] ++ ++ *) Clean up mod_cgid's temporary request pool. Besides fixing a ++ storage leak this ensures that some unnecessary pipes are closed. ++ [Jeff Trawick] ++ ++ *) Performance: Add quick_handler hook. This hook is called at the ++ very beginning of the request processing before location_walk, ++ translate_name, etc. This hook is useful for URI keyed content ++ caches like Mike Abbott's Quick Shortcut Cache. ++ [Bill Stoddard] ++ ++ *) top_module global variable renamed to ap_top_module [Perl] ++ ++ *) Move ap_set_last_modified to the core. This is a potentially ++ controversial change, because this is kind of HTTP specific. However ++ many protocols should be able to take advantage of this kind of ++ information. I expect that headers will need one more layer of ++ indirection for multi-protocol work, but this is a small step in ++ the right direction. [Ryan Bloom] ++ ++ *) Enable mod_status by default. This matches what Apache 1.3 does. ++ [Ed Korthof] ++ ++ *) Add a ScriptSock directive to the default config file. This is ++ only enabled when mod_cgid is used. ++ [Taketo Kabe <kabe sra-tohoku.co.jp>] ++ ++Changes with Apache 2.0.15 ++ ++ *) Untangled the buildconf script and eliminated the need for build's ++ aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other ++ libtool muck that is now under srclib/apr/build. [Roy Fielding] ++ ++ *) Win32: Don't accept more connections than we have worker threads ++ to handle. ++ [Bill Stoddard] ++ ++ *) Fix bug in the Unix threaded.c MPM that allowed child processes ++ to fork() new child processes. ++ [Bill Stoddard] ++ ++ *) SECURITY: Fix a major security problem with double-reverse lookup ++ checking. Previously, a client connecting over IPv4 would not be ++ matched properly when the server had an IPv6 listening socket. ++ PR #7407 [Taketo Kabe <kiabe sra-tohoku.co.jp>] ++ ++ *) Change the way the beos MPM handles polling to allow it to stop and ++ restart. Problem was the sockets being polled were being reset by ++ the select call, so once it had accepted a connection it was no ++ longer listening on the UDP socket we use for shutdown instructions. ++ APR needs to be altered, patch on it's way. [David Reid] ++ ++ *) Empty out the brigade shared by ap_getline()/ap_get_client_block() ++ on error exit from ap_getline(). Some other code got upset because ++ the wrong data was in the brigade. [Greg Ames, Jeff Trawick] ++ ++ *) Handle ap_discard_request_body() being called more than once. ++ [Greg Ames, Jeff Trawick] ++ ++ *) Get rid of an inadvertent close of file descriptor 2 in ++ mod_mime_magic. [Greg Ames, Jeff Trawick] ++ ++ *) Add a hook, create_request. This hook allows modules to modify ++ a request while it is being created. This hook is called for all ++ request_rec's, main request, sub request, and internal redirect. ++ When this hook is called, the r->main, r->prev, r->next ++ pointers have been set, so modules can determine what kind of ++ request this is. [Ryan Bloom] ++ ++ *) Cleanup the build process a bit more. The Apache configure ++ script no longer creates its own helper scripts, it just ++ uses APR's. ++ [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>] ++ ++ *) Stop the forced downgrade of the connection to HTTP/1.0 for ++ proxy requests. [Graham Leggett] ++ ++ *) Avoid using sscanf to determine the HTTP protocol number in ++ the common case because sscanf is a performance hog. From ++ Mike Abbot's Accelerating Apache patch number 6. ++ [Mike Abbot <mja trudge.engr.sgi.com>, Bill Stoddard] ++ ++ *) SECURITY: Fix a security exposure in mod_access. Previously when ++ IPv6 listening sockets were used, allow/deny-from-IPv4-address rules ++ were not evaluated properly (PR #7407). Also, add the ability to ++ specify IPv6 address strings with optional prefix length on Allow ++ and Deny. [Jeff Trawick] ++ ++ *) Enhance rotatelogs so that a UTC offset can be specified, and ++ the logfile name can be formatted using strftime(3). (Brought ++ forward from 1.3.) [Ken Coar] ++ ++ *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling ++ DuplicateHandle on an IOCompletionPort (a practice which ++ MS "discourages"). The new model does not rely on associating ++ the completion port with the listening sockets, thus the ++ completion port can be completely managed within the child ++ process. A dedicated thread accepts connections off the network, ++ then calls PostQueuedCompletionStatus() to wake up worker ++ threads blocked on the completion port. ++ [Bill Stoddard] ++ ++ *) Bring forward the --suexec-umask option which allows the ++ builder to preset the umask for suexec processes. [Ken Coar] ++ ++ *) Add a -V flag to suexec, which causes it to display the ++ compile-time settings with which it was built. (Only ++ usable by root or the AP_HTTPD_USER username.) [Ken Coar] ++ ++ *) Mod_include should always unset the content-length if the file is ++ going to be passed through send_parsed_content. There is no to ++ determine if the content will change before actually scanning the ++ entire content. It is far safer to just remove the C-L as long ++ as we are scanning it. [Ryan Bloom] ++ ++ *) Make sure Apache sends WWW-Authenticate during a reverse proxy ++ request and not Proxy-Authenticate. ++ [Graham Leggett <minfrin sharp.fm>] ++ ++Changes with Apache 2.0.14 ++ ++ *) Fix content-length computation. We ONLY compute a content-length if ++ We are not in a 1.1 request and we cannot chunk, and this is a keepalive ++ or we already have all the data. [Ryan Bloom] ++ ++ *) Report unbounded containers in the config file. Previously, a typo ++ in the </container> directive could result in the rest of the config ++ file being silently ignored, with undesired defaults used. ++ [Jeff Trawick] ++ ++ *) Make the old_write filter use the ap_f* functions for the buffering. ++ [Ryan Bloom] ++ ++ *) Move more code from the http module into the core server. This ++ is core code, basically the default handler, the default input ++ and output filters, and all of the core configuration directives. ++ All of this code is required in order for the server to work, with or ++ without HTTP. The server is closer to working without the HTTP ++ module, although there is still more to do. [Ryan Bloom] ++ ++ *) Fix a number of SGI compile warnings throughout the server. Fix some ++ bad parameters to apr_bucket_read(). Fix a bad statement in ++ ap_method_in_list(). For the mod_rewrite cache use apr_time_t ++ consistently; we were mixing apr_time_t and time_t in invalid ways ++ before. In load_file(), call apr_dso_error() instead of ++ apr_strerror() so that we get a more specific string on some platforms. ++ PR #6980 [Jeff Trawick] ++ ++ *) Allow modules to query the MPM about it's execution profile. This ++ query API can and should be extended in the future, but for now, ++ max_daemons, and threading or forking is a very good start. ++ [Jon Travis <jtravis covalent.net>] ++ ++ *) Modify mod_include to send blocks of data no larger than 9k. ++ Without this, mod_include will wait until the whole file is parsed, ++ or the first tag is found to send any data to the client. ++ [Paul J. Reder <rederpj raleigh.ibm.com>] ++ ++ *) Fix mod_info, so that <Directory> and <Location> directives are ++ not displayed twice when displaying the current configuration. ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Add config directives to override DEFAULT_ERROR_MSG and ++ DEFAULT_TIME_FORMAT. This was sent in as PR 6193. ++ [Dan Rench <drench xnet.com>] ++ ++ *) Get mod_info building and loading on Win32. [William Rowe] ++ ++ *) Begin to move protocol independant functions out of mod_http. The goal ++ is to have only functions that are HTTP specific in the http directory. ++ [Ryan Bloom] ++ ++Changes with Apache 2.0.13 ++ ++ *) Don't assume that there will always be multiple calls to the byterange ++ filter. It is possible that we will need to do byteranges with only ++ one call to the filter. [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Move the error_bucket definition from the http module to the ++ core server. Every protocol will need this ability, not just ++ HTTP. [Ryan Bloom] ++ ++Changes with Apache 2.0.12 ++ ++ *) Modify mod_file_cache to save pre-formatted strings for ++ content-length and last-modified headers for performance. ++ [Mike Abbot <mja trudge.engr.sgi.com>] ++ ++ *) Namespace protect IOBUFSIZ since it is exposed in the API. ++ [Jon Travis <jtravis covalent.net>] ++ ++ *) Use "Basic" authentication instead of "basic" in ab, as the spec ++ says we should. [Andre Breiler <andre.breiler rd.bbc.co.uk>] ++ ++ *) Fix a seg fault in mod_userdir.c. We used to use the pw structure ++ without ever filling it out. This fixes PR 7271. ++ [Taketo Kabe <kabe sra-tohoku.co.jp> and ++ Cliff Woolley <cliffwoolley yahoo.com>] ++ ++ *) Add a couple of GCC attribute tags to printf style functions. ++ [Jon Travis <jtravis covalent.net>] ++ ++ *) Add the correct language tag for interoperation with the Taiwanese ++ versions of MSIE and Netscape. [Clive Lin <clive CirX.ORG>] PR#7142 ++ ++ *) Migrate the perchild MPM to use the new apr signal child, and ++ APR thread functions. [Ryan Bloom] ++ ++ *) Close one copy of the CGI's stdout before creating the new process. ++ The CGI will still have stdout, because we have already dup'ed it. ++ This keeps Apache from waiting forever to send the results of a CGI ++ process that has forked a long-lived child process. ++ [Taketo Kabe <kabe sra-tohoku.co.jp>] ++ ++ *) Remove the rest of the pthreads functions from the threaded MPM. ++ This requires the APR support for a signal thread that was just ++ added. [Ryan Bloom] ++ ++ *) Make mod_dir use a fixup for sending a redirect to the browser. ++ Before this, we were using a handler, which doesn't make much ++ sense, because the handler wasn't generating any data, it would ++ either return a redirect error code, or DECLINED. This fits the ++ current hooks better. [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Make the threaded MPM use APR threads instead of pthreads. ++ [Ryan Bloom] ++ ++ *) Get mod_tls to the point where it actually appears to work in all cases. ++ [Ben Laurie] ++ ++ *) implement --enable-modules and --enable-mods-shared for "all" and ++ "most". [Greg Stein] ++ ++ *) Move the threaded MPM to use APR locks instead of pthread locks. ++ [Ryan Bloom] ++ ++ *) Rename mpmt_pthread to threaded. This is more in line with the ++ fact that mpmt_pthread shouldn't be using pthreads directly, and ++ it is a smaller name that doesn't tie into anything. ++ [Ryan Bloom] ++ ++ *) Rename the module structures so that the exported symbol matches ++ the file name, and it is easier to automate the installation ++ process (generating LoadModule directives from the module filenames). ++ [Martin Kraemer] ++ ++ *) Remove the coalesce filter. With the ap_f* functions, this filter ++ is no longer needed. [Ryan Bloom] ++ ++Changes with Apache 2.0.11 ++ ++ *) Remove the dexter MPM. Perchild is the same basic idea, but it has the ++ added feature of allowing a uid/gid per child process. If no ++ uid/gid is specified, then Perchild behaves exactly like dexter. ++ [Ryan Bloom] ++ ++ *) Get perchild building again. [Ryan Bloom] ++ ++ *) Don't disable threads just because we are using the prefork MPM. ++ If somebody wants to compile without threads, they must now add ++ --disable-threads to the configure command line. [Ryan Bloom] ++ ++ *) Begin to move the calls to update_child_status into common code, so ++ that each individual MPM does not need to update the scoreboard itself. ++ [Ryan Bloom] ++ ++ *) Allow mod_tls to compile under Unix boxes where openssl has been ++ installed to the system include files. ++ [Gomez Henri <new-httpd slib.fr>] ++ ++ *) Cleanup the mod_tls configure process. This should remove any need ++ to hand-edit any files. We require OpenSSL 0.9.6 or later, but ++ configure doesn't check that yet. [Ryan Bloom] ++ ++ *) Add a very early prototype of SSL support (in mod_tls.c). It is ++ vital that you read modules/tls/README before attempting to build ++ it. [Ben Laurie] ++ ++ *) Fix a potential seg fault on all platforms. David Reid fixed this ++ on BEOS, but the problem could happen anywhere, so we don't want ++ to #ifdef it. [Cliff Woolley <cliffwoolley yahoo.com>] ++ ++ *) Add new LogFormat directive, %D, to log time it takes to serve a ++ request in microseconds. [Bill Stoddard] ++ ++ *) Change AddInputFilter and AddOutputFilter to SetInputFilter and ++ SetOutputFilter. This corresponds nicely with the other Set ++ directives, which operate on containers while the Add* directives ++ tend to work directly on extensions. [Ryan Bloom] ++ ++ *) Cleanup the header handling a bit. This uses the apr_brigade_* ++ functions for the buffering so that we don't need to compute ++ the length of the headers before we actually create the header ++ buffer. [Ryan Bloom] ++ ++ *) Allow filters to buffer data using the ap_f* functions. These have ++ become macros that resolve directly to apr_brigade_*. ++ [Ryan Bloom] ++ ++ *) Get the Unix MPM's to do a graceful restart again. If we are going ++ to register a cleanup with ap_cleanup_scoreboard, then we have to ++ kill the cleanup with the same function, and that function can't be ++ static. [Ryan Bloom] ++ ++ *) Install all required header files. Without these, it was not ++ possible to compile some modules outside of the server. ++ [Ryan Bloom] ++ ++ *) Fix the AliasMatch directive in Apache 2.0. When we brought a patch ++ forward from 1.3 to 2.0, we missed a single line, which broke regex ++ aliases. [Ryan Bloom] ++ ++ *) We have a poor abstraction in the protocol. This is a temporary ++ hack to fix the bug, but it will need to be fixed for real. If ++ we find an error while sending out a custom error response, we back ++ up to the first non-OK request and send the data. Then, when we send ++ the EOS from finalize_request_protocol, we go to the last request, ++ to ensure that we aren't sending an EOS to a request that has already ++ received one. Because the data is sent on a different request than ++ the EOS, the error text never gets sent down the filter stack. This ++ fixes the problem by finding the last request, and sending the data ++ with that request. [Ryan Bloom] ++ ++ *) Make the server status page show the correct restart time, and ++ thus the proper uptime. [Ryan Bloom] ++ ++ *) Move the CGI creation logic from mod_include to mod_cgi(d). This ++ should reduce the amount of duplicate code that is required to ++ create CGI processes. ++ [Paul J. Reder <rederpj raleigh.ibm.com>] ++ ++ *) ap_new_connection() closes the socket and returns NULL if a socket ++ call fails. Usually this is due to a connection which has been ++ reset. [Jeff Trawick] ++ ++ *) Move the Apache version information out of httpd.h and into release.h. ++ This is in preparation for the first tag with the new tag and release ++ system. [Ryan Bloom] ++ ++ *) Begin restructuring scoreboard code to enable adding back in ++ the ability to use IPC other than shared memory. ++ Get mod_status working on Windows again. [Bill Stoddard] ++ ++ *) Make mod_status work with 2.0. This will work for prefork, ++ mpmt_pthread, and dexter. [Ryan Bloom] ++ ++ *) Correct a typo in httpd.conf. ++ [Kunihiro Tanaka <tanaka apache.or.jp>] PR#7154 ++ ++ *) Really fix mod_rewrite map lookups this time. [Tony Finch] ++ ++ *) Get the correct IP address if ServerName isn't set and we can't ++ find a fully-qualified domain name at startup. ++ PR#7170 [Danek Duvall <dduvall eng.sun.com>] ++ ++ *) Make mod_cgid work with SuExec. [Ryan Bloom] ++ ++ *) Adopt apr user/group name features for mod_rewrite. Eliminates some ++ 'extra' stat's for user/group since they should never occur, and now ++ resolves the SCRIPT_USER and SCRIPT_GROUP, including on WinNT NTFS ++ volumes. [William Rowe] ++ ++ *) Adopt apr features to simplify mod_includes. This changes the ++ behavior of the USER_NAME variable, unknown uid's are now reported ++ as USER_NAME="<unknown>" rather than the old user#000 result. ++ WinNT now resolves USER_NAME on NTFS volumes. [William Rowe] ++ ++ *) Adopt apr features for simplifing mod_userdir, and accept the new ++ Win32/OS2 exceptions without hiccuping. [William Rowe] ++ ++ *) Replace configure --with-optim option by using and saving the ++ environment variable OPTIM instead. This is needed because configure ++ options do not support multiple flags separated by spaces. ++ [Roy Fielding] ++ ++ *) Fix some byterange handling. If we get a byte range that looks like ++ "-999999" where that is past the end of the file, we should return ++ a PARTIAL CONTENT status code, and return the whole file as one big ++ byterange. This matches the 1.3 handling now. [Ryan Bloom] ++ ++ *) Make the error bucket a real meta-data bucket. This means that the ++ bucket length is 0, and a read returns NULL data. If one of these ++ buckets is passed down after the headers are sent, this data will ++ just be ignored. [Greg Stein] ++ ++ *) The prefork MPM wasn't killing child processes correctly if a restart ++ signal was received while the process was serving a request. The child ++ process would become the equivalent of a second parent process. If ++ we break out of the accept loop, then we need to do die after cleaning ++ up after ourselves. [Ryan Bloom] ++ ++ *) Change the Prefork MPM to use SIGWINCH instead of SIGUSR1 for graceful ++ restarts. [Ryan Bloom] ++ ++ *) Modify the apr_stat/lstat/getfileinfo calls within apache to use ++ the most optimal APR_FINFO_wanted bits. This spares Win32 from ++ performing very expensive owner, group and permission lookups ++ and allows the server to function until these apr_finfo_t fields ++ are implemented under Win32. [William Rowe] ++ ++ *) Support for typedsafe optional functions - that is functions exported by ++ optional modules, which, therefore, may or may not be present, depending ++ on configuration. See the experimental modules mod_optional_fn_{ex,im}port ++ for sample code. [Ben Laurie] ++ ++ *) filters can now report an HTTP error to the server. This is done ++ by sending a brigade where the first bucket is an error_bucket. ++ This bucket is a simple bucket that stores an HTTP error and ++ a string. Currently the string is not used, but it may be needed ++ to output an error log. The http_header_filter will find this ++ bucket, and output the error text, and then return ++ AP_FILTER_ERROR, which informs the server that the error web page ++ has already been sent. [Ryan Bloom] ++ ++ *) If we get an error, then we should remove all filters except for ++ those critical to serving a web page. This fixes a bug, where ++ error pages were going through the byterange filter, even though ++ that made no sense. [Ryan Bloom] ++ ++ *) Relax the syntax checking of Host: headers in order to support ++ iDNS. PR#6635 [Tony Finch] ++ ++ *) Cleanup the byterange filter to use the apr_brigade_partition ++ and apr_bucket_copy functions. This removes a lot of very messy ++ code, and hopefully makes this filter more stable. ++ [Ryan Bloom] ++ ++ *) Remove AddModule and ClearModuleList directives. Both of these ++ directives were used to ensure that modules could be enabled ++ in the correct order. That requirement is now gone, because ++ we use hooks to ensure that modules are in the correct order. ++ [Ryan Bloom] ++ ++ *) When SuExec is specified, we need to add it to the list of ++ targets to be built. If we don't, then any changes to the ++ configuration won't affect SuExec, unless 'make suexec' is ++ specifically run. [Ryan Bloom] ++ ++ *) Cleaned out open_file from mod_file_cache, as apr now accepts ++ the APR_XTHREAD argument to open a file for consumption by ++ parallel threads on win32. [William Rowe] ++ ++ *) Correct a bug in determining when we follow symlinks. The code ++ expected a stat -1 result, not an apr_status_t positive error. ++ Also check if the APR_FINFO_USER fields are valid before we ++ follow the link. [William Rowe] ++ ++ *) Move initgroupgs, ap_uname2id and ap_gname2id from util.c to ++ mpm_common.c. These functions are only valid on some platforms, ++ so they should not be in the main-line code. [Ryan Bloom] ++ ++ *) Remove ap_chdir_file(). This function is not thread-safe, ++ and nobody is currently using it. [Ryan Bloom] ++ ++ *) Do not try to run make depend if there are no .c files in the ++ current directory, doing so makes `make depend` fail. ++ [Ryan Bloom] ++ ++ *) Update highperformance.conf to work with either prefork or ++ pthreads mpms. [Greg Ames] ++ ++ *) Stop checking to see if this is a pipelined request if we know ++ for a fact that it isn't. Basically, if r->connection->keepalive == 0. ++ This keeps us from making an extra read call when serving a 1.0 ++ request. [Ryan Bloom and Greg Stein] ++ ++ *) Fix the handling of variable expansion look-ahead in mod_rewrite, ++ i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of ++ more complicated nested RewriteMap lookups. PR#7087 [Tony Finch] ++ ++ *) Fix the RFC number mentioned when complaining about a missing ++ Host: header. PR#7079 [Alexey Toptygin <alexeyt wam.umd.edu>] ++ ++ *) Fix an endless loop in ab which occurred when ab was posting ++ and the server dropped the connection unexpectedly. ++ [Jeff Trawick] ++ ++ *) Fix a segfault while handling request bodies in ap_http_filter(). ++ This problem has been seen with mod_dav usage as well as with ++ requests where the body was just being discarded. [Jeff Trawick] ++ ++ *) Some adjustment on the handling and automatic setting (via ++ hints.m4) of various compilation flags (eg: CFLAGS). Also, ++ add the capability to specify flags (NOTEST_CFLAGS and ++ NOTEST_LDFLAGS) which are used to compile Apache, but ++ not used during the configuration process. Useful for ++ flags like "-Werror". [Jim Jagielski] ++ ++ *) Stop using environment variables to force debug mode or ++ no detach. We now use the -D command line argument to ++ specify the correct mode. -DONE_PROCESS and -DNO_DETACH. ++ [Greg Stein, Ryan Bloom] ++ ++ *) Change handlers to use hooks. [Ben Laurie] ++ ++ *) Stop returning copies of filenames from both apr_file_t and ++ apr_dir_t. We pstrdup the filenames that we store in the ++ actual structures, so we don't need to pstrdup the strings again. ++ [Ryan Bloom] ++ ++ *) mod_cgi: Fix some problems where the wrong error value was being ++ traced. [Jeff Trawick] ++ ++ *) EBCDIC: Fix some missing ASCII conversion on some protocol data. ++ [Jeff Trawick] ++ ++ *) Add generic hooks. [Ben Laurie] ++ ++ *) Use a real pool to dup the error log descriptor. [Ryan Bloom] ++ ++ *) Fix a segfault caused by mod_ext_filter when the external filter ++ program does not exist. [Jeff Trawick] ++ ++ *) Fix an output truncation error when on an HTTP >= 1.0 request an ++ object of size between DEFAULT_BUCKET_SIZE and AP_MIN_BYTES_TO_WRITE ++ was served through mod_charset_lite (or anything else that would ++ create a transient bucket in this size range). ap_bucket_make_heap() ++ silently failed (fixed), transient_setaside() discovered it, but ++ ap_save_brigade() ignored it (fixed). [Jeff Trawick] ++ ++ *) Ignore \r\n or \n when using PEEK mode for input filters. The problem ++ is that some browsers send extra lines at the end of POST requests, and ++ we don't want to delay sending data back to the user just because the ++ browser isn't well behaved. [Ryan Bloom] ++ ++ *) Get SuEXEC working again. We can't send absolute paths to suExec ++ because it refuses to execute those programs. SuEXEC also wasn't ++ always recognizing configuration changes made using the autoconf ++ setup. [Ryan Bloom] ++ ++ *) Allow the buildconf process to find the config.m4 files in the correct ++ order. Basically, we can now name config.m4 files as config\d\d.m4, ++ and we will sort them correctly when inserting them into the build ++ process. [Ryan Bloom] ++ ++ *) Get mod_cgid to use apr calls for creating the actual CGI process. ++ This also allows mod_cgid to use ap_os_create_priviledged_process, ++ thus allowing for SuExec execution from mod_cgid. Currently, we do ++ not support everything that standard SuExec supports, but at least ++ it works minimally now. [Ryan Bloom] ++ ++ *) Allow SuExec to be configured from the ./configure command line. ++ [Ryan Bloom] ++ ++ *) Update some of the docs in README and INSTALL to reflect some of ++ the changes in Apache 2.0 [Cliff Woolley <cliffwoolley yahoo.com>] ++ ++ *) If we get EAGAIN returned from the call to apr_sendfile, then we ++ need to call sendfile again. This gets us serving large files ++ such as apache_2.0a9.tar.gz on FreeBSD again. [Ryan Bloom] ++ ++ *) Get the support programs building cleanly again. ++ [Cliff Woolley <cliffwoolley yahoo.com>] ++ ++ *) The Apache/Win32 Apache.exe and dll's now live in bin. The ++ current directory logic now backs up over bin/ to determine the ++ server root from the Apache.exe path. ++ ++ *) Apache/Win32 now follows the standard conventions of mod_foo.so ++ loadable modules, dynamic libs are all named libfoo.dll, and the ++ makefile.win populates the include, lib and libexec directories. ++ ++ *) Apache is now IPv6-capable. On systems where APR supports IPv6, ++ Apache gets IPv6 listening sockets by default. Additionally, the ++ Listen, NameVirtualHost, and <VirtualHost> directives support IPv6 ++ numeric address strings (e.g., "Listen [fe80::1]:8080"). ++ [Jeff Trawick] ++ ++ *) Modify the install directory layout. Modules are now installed in ++ modules/. Shared libraries should be installed in libraries/, but ++ we don't have any of those on Unix yet. All install directories ++ are modifyable at configure time. [Ryan Bloom] ++ ++ *) Install all header files in the same directory on Unix. [Ryan Bloom] ++ ++ *) Get the functions in server/linked into the server, regardless of ++ which modules linked into the server. This uses the same hack ++ for Apache that we use for APR and apr-util to ensure all of the ++ necessary functions are linked. As a part of thise, the CHARSET_EBCDIC ++ was renamed to AP_CHARSET_EBCDIC for namespace protection, and to make ++ the scripts a bit easier. ++ [Ryan Bloom] ++ ++ *) Rework the RFC1413 handling to make it thread-safe, use a timeout ++ on the query, and remove IPv4 dependencies. [Jeff Trawick] ++ ++ *) Get all of the auth modules to the point that they will install and ++ be loadable into the server. Our new build/install mechanism expects ++ that all modules will have a common name format. The auth modules ++ didn't use that format, so we didn't install them properly. ++ [Ryan Bloom] ++ ++ *) API routines ap_pgethostbyname() and ap_pduphostent() are no longer ++ available. Use apr_getaddrinfo() instead. [Jeff Trawick] ++ ++ *) Get "NameVirtualHost *" working in 2.0. [Ryan Bloom] ++ ++ *) Return HTTP_RANGE_NOT_SATISFIABLE if the every range requested starts ++ after the end of the response. [Ryan Bloom] ++ ++ *) Get byterange requests working with responses that do not have a ++ content-length. Because of the way byterange requests work, we have to ++ have all of the data before we can actually do the byterange, so we ++ can compute the content-length in the byterange filter. ++ [Ryan Bloom] ++ ++ *) Get exe CGI's working again on Windows. ++ [Allan Edwards] ++ ++ *) Get mod_cgid and mod_rewrite to work as DSOs by changing the way ++ they keep track of whether or not their post config hook has been ++ called before. Instead of a static variable (which is replaced when ++ the DSO is loaded a second time), use userdata in the process pool. ++ [Jeff Trawick] ++ ++Changes with Apache 2.0a9 ++ ++ *) Win32 now requires perl to complete the final install step for users ++ to build + install on Win32. Makefile.win now rewrites @@ServerRoot@ ++ and installs the conf, htdocs and htdocs/manual directories. ++ [William Rowe] ++ ++ *) Make mod_include use a hash table to associate directive tags with ++ functions. This allows modules to implement their own SSI tags easily. ++ The idea is simple enough, a module can insert it's own tag and function ++ combination into a hash table provided by mod_include. While mod_include ++ parses an SSI file, when it encounters a tag in the file, it does a ++ hash lookup to find the function that implements that tag, and passes ++ all of the relevant data to the function. That function is then ++ responsible for processing the tag and handing the remaining data back ++ to mod_include for further processing. ++ [Paul J. Reder <rederpj raleigh.ibm.com>] ++ ++ *) Get rid of ap_new_apr_connection(). ap_new_connection() now has ++ fewer parameters: the local and remote socket addresses were removed ++ from the parameter list because all required information is available ++ via the APR socket. [Jeff Trawick] ++ ++ *) Distribution directory structure reorganized to reflect a ++ normal source distribution with external install targets. ++ [Roy Fielding] ++ ++ *) The MPMs that need multiple segments of shared memory now create ++ two apr_shmem_t variables, one for each shared memory allocation. ++ the problem is that we can't determine how much memory will be required ++ for shared memory allocations once we try to allocate more than one ++ variable. The MM code automatically aligns the shared memory allocations, ++ so we end up needing to pad the amount of shared memory we want based ++ on how many variables will be allocated out of the shared memory segment. ++ It is just easier to create a second apr_shmem_t variable, and two ++ shmem memory blocks. ++ [Ryan Bloom] ++ ++ *) Cleanup the export list a bit. This creates a single unified list of ++ functions exported by APR. The export list is generated at configure ++ time, and that list is then used to generate the exports.c file. ++ Because of the way the export list is generated, we only export those ++ functions that are valid on the platform we are building on. ++ [Ryan Bloom] ++ ++ *) Enable logging the cookie with mod_log_config ++ [Sander van Zoest <sander covalent.net>] ++ ++ *) Fix a segfault in mod_info when it reaches the end of the configuration. ++ [Jeff Trawick] ++ ++ *) Added lib/aputil/ as a placeholder for utility functions which are not ++ specific to the Apache HTTP Server (but do not make sense with APR). ++ The first utility is "apu_dbm": a set of functions to work with DBM ++ files. This first version can be compiled for SDBM or GDBM databases. ++ [Greg Stein] ++ ++ *) Complete re-write of mod_include. This makes mod_include a filter that ++ uses buckets directly. This has now served the FAQ correctly. ++ [Paul Reder <rederpj raleigh.ibm.com>] ++ ++ *) Allow modules to specify the first filter in a sub_request when ++ making the sub_request. This keeps modules from having to change the ++ output_filter immediately after creating the sub-request, and therefore ++ skip the sub_req_output_filter. [Ryan Bloom] ++ ++ *) Update ab to accept URLs with IPv6 literal address strings (in the ++ format described in RFC 2732), and to build Host header fields in ++ the same format. This allows IPv6 literal address strings to be ++ used with ab. This support has been tested against Apache 1.3 with ++ the KAME patch, but Apache 2.0 does not yet work with this format ++ of the Host header field. [Jeff Trawick] ++ ++ *) Accomodate an out-of-space condition in the piped logs and the ++ rotatelogs.c code, and no longer churn log processes for this ++ condition. [Victor J. Orlikowski] ++ ++ *) Add support for partial writes with apr_sendfile() to core_output_filter. ++ [Greg Ames] ++ ++Changes with Apache 2.0a8 ++ ++ *) Add a directive to mod_mime so that filters can be associated with ++ a given mime-type. ++ [Ryan Bloom] ++ ++ *) Get multi-views working again. We were setting the path_info ++ field incorrectly if we couldn't find the specified file. ++ [Ryan Bloom] ++ ++ *) Fix 304 processing. The core should never try to send the headers ++ down the filter stack. Always, just setup the table in the request ++ record, and let the header filter convert it to data that is ready ++ for the network. ++ [Ryan Bloom] ++ ++ *) More fixes for the proxy. There are still bugs in the proxy code, ++ but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP) ++ successfully. ++ [Ryan Bloom] ++ ++ *) Fix params for apr_getaddrinfo() call in connect proxy handler. ++ [Chuck Murcko] ++ ++ *) APR: Add new apr_getopt_long function to handle long options. ++ [B. W. Fitzpatrick <fitz red-bean.com>] ++ ++ *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname. ++ Add generic apr_create_socket(). Add apr_getaddrinfo() for doing ++ hostname resolution/address string parsing and building ++ apr_sockaddr_t. Add apr_get_sockaddr() for getting the address ++ of one of the apr_sockaddr_t structures for a socket. Change ++ apr_bind() to take apr_sockaddr_t. [David Reid and Jeff Trawick] ++ ++ *) Remove the BUFF from the HTTP proxy. This is still a bit ugly, but ++ I have proxied pages with it, cleanup will commence soon. ++ [Ryan Bloom] ++ ++ *) Make the proxy work with filters. This isn't perfect, because we ++ aren't dealing with the headers properly. [Ryan Bloom] ++ ++ *) Do not send a content-length iff the C-L is 0 and this is a head ++ request. [Ryan Bloom] ++ ++ *) Make cgi-bin work as a regular directory when using mod_vhost_alias ++ with no VirtualScriptAlias directives. PR#6829 [Tony Finch] ++ ++ *) Remove BUFF from the PROXY connect handling. [Ryan Bloom] ++ ++ *) Get the default_handler to stop trying to deal with HEAD requests. ++ The idea is to let the content-length filter compute the C-L before ++ we try to send the data. If we can get the C-L correctly, then we ++ should send it in the HEAD response. ++ [Ryan Bloom] ++ ++ *) The Header filter can now determine if a body should be sent based ++ on r->header_only. The general idea of this is that if we delay ++ deciding to send the body, then we might be able to compute the ++ content-length correctly, which will help caching proxies to cache ++ our data better. Any handler that doesn't want to try to compute ++ the content-length can just send an EOS bucket without data and ++ everything will just work. ++ [Ryan Bloom] ++ ++ *) Add the referer to the error log if one is available. ++ [Markus Gyger <mgyger itr.ch>] ++ ++ *) Mod_info.c has now been ported to Apache 2.0. As a part of this ++ change, the root of the configuration tree has been exposed to modules ++ as ap_conftree. ++ [Ryan Morgan <rmorgan covalent.net>] ++ ++ *) Get the core_output_filter to use the bucket interface directly. ++ This keeps us from calling the content-length filter multiple times ++ for a simple static request. ++ [Ryan Bloom] ++ ++ *) We are sending the content-type correctly now. ++ [Ryan Bloom and Will Rowe] ++ ++ *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report ++ a bogus bytes-sent value when the only thing being sent was trailers ++ and writev() returned an error (or EAGAIN). [Jeff Trawick] ++ ++ *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again. This uses the ++ hints file to determine which platforms define ++ SINGLE_LISTEN_UNSERIALIZED_ACCEPT. ++ [Ryan Bloom] ++ ++ *) APR: add apr_get_home_directory() [Jeff Trawick] ++ ++ *) Initial import of 1.3-current mod_proxy. [Chuck Murcko] ++ ++ *) Not all platforms have INADDR_NONE defined by default. Apache ++ used to make this check and define INADDR_NONE if appropriate, ++ but APR needs the check too, and I suspect other applications will ++ as well. APR now defines APR_INADDR_NONE, which is always a valid ++ value on all platforms. ++ [Branko Èibej <brane xbc.nu>] ++ ++ *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824. ++ [Shuichi Kitaguchi <ki hh.iij4u.or.jp>] ++ ++ *) Relax the syntax checking of Host: headers in order to support ++ iDNS. PR#6635 [Tony Finch] ++ ++ *) When reading from file buckets we convert to an MMAP if it makes ++ sense. This also simplifies the default handler because the ++ default handler no longer needs to try to create MMAPs. ++ [Ryan Bloom] ++ ++ *) BUFF has been removed from the main server. The BUFF code will remain ++ in the code until it has been purged from the proxy module as well. ++ [Ryan Bloom] ++ ++ *) Byteranges have been completely re-written to be a filter. This ++ has been tested, and I believe it is working correctly, but it could ++ doesn't work for the Adobe Acrobat plug-in. The output almost matches ++ the output from 1.3, the only difference being that 1.3 includes ++ a content-length in the response, and this does not. ++ [Ryan Bloom] ++ ++ *) APR read/write functions and bucket read functions now operate ++ on unsigned integers, instead of signed ones. It doesn't make ++ any sense to use signed ints, because we return the error codes, ++ so if we have an error we should report 0 bytes read or written. ++ [Ryan Bloom] ++ ++ *) Always compute the content length, whether it is sent or not. ++ The reason for this, is that it allows us to correctly report ++ the bytes_sent when logging the request. This also simplifies ++ content-length filter a bit, and fixes the actual byte-reporing ++ code in mod_log_config.c ++ [Ryan Bloom] ++ ++ *) Remove AP_END_OF_BRIGADE definition. This does not signify what ++ it says, because it was only used by EOS and FLUSH buckets. Since ++ neither of those are required at the end of a brigade, this was ++ really signifying FLUSH_THE_DATA, but that can be determined better ++ by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH. EOS and FLUSH ++ buckets now return a length of 0, which is actually the amount of data ++ read, so they make more sense. ++ [Ryan Bloom] ++ ++ *) Allow the core_output_filter to save some data past the end of a ++ request. If we get an EOS bucket, we only send the data if it ++ makes sense to send it. This allows us to pipeline request ++ responses. As a part of this, we also need to allocate mmap ++ buckets out of the connection pool, not the request pool. This ++ allows the mmap to outlive the request. ++ [Ryan Bloom] ++ ++ *) Make blocking and non-blocking bucket reads work correctly for ++ sockets and pipes. These are the only bucket types that should ++ have non-blocking reads, because the other bucket types should ++ ALWAYS be able to return something immediately. ++ [Ryan Bloom] ++ ++ *) In the Apache/Win32 console window, accept Ctrl+C to stop the ++ server, but use Ctrl+Break to initiate a graceful restart ++ instead of duplicating behavior. [John Sterling] ++ ++ *) Patch mod_autoindex to set the Last-Modified header based on ++ the directory's mtime, and add the ETag header. [William Rowe] ++ ++ *) Merge the 1.3 patch to add support for logging query string in ++ such a way that "%m %U%q %H" is the same as "%r". ++ [Bill Stoddard] ++ ++ *) Port three log methods from mod_log_config 1.3 to 2.0: ++ CLF compliant '-' byte count, method and protocol. ++ [Bill Stoddard] ++ ++ *) Add a new LogFormat directive, %c, that will log connection ++ status at the end of the response as follows: ++ 'X' - connection aborted before the response completed. ++ '+' - connection may be kept-alive by the server. ++ '-' - connection will be closed by the server. ++ [Bill Stoddard] ++ ++ *) Expand APR for WinNT to fully accept and return utf-8 encoded ++ Unicode file names and paths for Win32, and tag the Content-Type ++ from mod_autoindex to reflect that charset if the feature ++ macro APR_HAS_UNICODE_FS is true. [William Rowe] ++ ++ *) Compute the content length (and add appropriate header field) for ++ the response when no content length is available and we can't use ++ chunked encoding. [Jeff Trawick] ++ ++ *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK, ++ so that content input filters get dechunked data when using ++ the default handler. Also removed REQUEST_CHUNKED_PASS. ++ [Sascha Schumann] ++ ++ *) Add mod_ext_filter as an experimental module. This module allows ++ the administrator to use external programs as filters. Currently, ++ only filtering of output is supported. [Jeff Trawick] ++ ++ *) Most Apache functions work on EBCDIC machines again, as protocol ++ data is now translated (again). [Jeff Trawick] ++ ++ *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of ++ the EBCDIC support. They are noops on ASCII machines, so this ++ type of translation doesn't have to be surrounded by #ifdef ++ CHARSET_EBCDIC. [Jeff Trawick] ++ ++ *) Fix mod_include. tag commands work again, and the server will ++ send the FAQ again. This also allows mod_include to set aside ++ buckets that include partial buckets. ++ [Ryan Bloom and David Reid] ++ ++ *) Add suexec support back. [Manoj Kasichainula] ++ ++ *) Lingering close now uses the socket directly instead of using ++ BUFF. This has been tested, but since all we can tell is that it ++ doesn't fail, this needs to be really hacked on. ++ [Ryan Bloom] ++ ++ *) Allow filters to modify headers and have those headers be sent to ++ the client. The idea is that we have an http_header filter that ++ actually sends the headers to the network. This removes the need ++ for the BUFF to send headers. ++ [Ryan Bloom] ++ ++ *) Charset translation: mod_charset_lite handles translation of ++ request bodies. Get rid of the xlate version of ap_md5_digest() ++ since we don't compute digests of filtered (e.g., translated) ++ response bodies this way anymore. (Note that we don't do it at ++ all at the present; somebody needs to write a filter to do so.) ++ [Jeff Trawick] ++ ++ *) Input filters and ap_get_brigade() now have a input mode parameter ++ (blocking, non-blocking, peek) instead of a length parameter. ++ [hackathon] ++ ++ *) Update the mime.types file to the registered media types as ++ of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp home.net>, ++ Tony Finch] ++ ++ *) Namespace protect some macros declared in ap_config.h ++ [Ryan Bloom] ++ ++ *) Support HTTP header line folding with input filtering. ++ [Greg Ames] ++ ++ *) Mod_include works again. This should still be re-written, but at ++ least now we can serve an SHTML page again. ++ [Ryan Bloom] ++ ++ *) Begin to remove BUFF from the core. Currently, we keep a pointer ++ to both the BUFF and the socket in the conn_rec. Functions that ++ want to use the BUFF can, functions that want to use the socket, ++ can. They point to the same place. ++ [Ryan Bloom] ++ ++ *) apr_psprintf doesn't understand %lld as a format. Make it %ld. ++ [Tomas "Ögren" <stric ing.umu.se>] ++ ++ *) APR pipes on Unix and Win32 are now cleaned up automatically when the ++ associated pool goes away. (APR pipes on OS/2 were already had this ++ logic.) This resolvs a fatal file descriptor leak with CGIs. ++ [Jeff Trawick] ++ ++ *) The final line of the config file was not being read if there was ++ no \n at the end of it. This was caused by apr_fgets returning ++ APR_EOF even though we had read valid data. This is solved by ++ making cfg_getline check the buff that was returned from apr_fgets. ++ If apr_fgets return APR_EOF, but there was data in the buf, then we ++ return the buf, otherwise we return NULL. ++ [Ryan Bloom] ++ ++ *) Piped logs work again in the 2.0 series. ++ [Ryan Bloom] ++ ++ *) Restore functionality broken by the mod_rewrite security fix: ++ rewrite map lookup keys and default values are now expanded ++ so that the lookup can depend on the requested URI etc. ++ PR #6671 [Tony Finch] ++ ++ *) SECURITY: Tighten up the syntax checking of Host: headers to fix a ++ security bug in some mass virtual hosting configurations ++ that can allow a remote attacker to retrieve some files ++ on the system that should be inaccessible. [Tony Finch] ++ ++ *) Add a pool bucket type. This bucket is used for data allocated out ++ of a pool. If the pool is cleaned before the bucket is destroyed, then ++ the data is converted to a heap bucket, allowing it to survive the ++ death of the pool. ++ [Ryan Bloom] ++ ++ *) Add a flush bucket. This allows modules to signal that the filters ++ should all flush whatever data they currently have. There is no way ++ to actually force them to do this, so if a filter ignores this bucket, ++ that's life, but at least we can try with this. ++ [Ryan Bloom] ++ ++ *) Add an output filter for sub-requests. This filter just strips the ++ EOS bucket so that we don't confuse the main request's core output ++ filter by sending multiple EOS buckets. This change also makes sub ++ requests start to send EOS buckets when they are finished. ++ [Ryan Bloom] ++ ++ *) Make ap_bucket_(read|destroy|split|setaside) into macros. Also ++ makes ap_bucket_destroy a return void, which is okay because it ++ used to always return APR_SUCCESS, and nobody ever checked its ++ return value anyway. ++ [Cliff Woolley <cliffwoolley yahoo.com>] ++ ++ *) Remove the index into the bucket-type table from the buckets ++ structure. This has now been replaced with a pointer to the ++ bucket_type. Also add some macros to test the bucket-type. ++ [Ryan Bloom] ++ ++ *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols ++ for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper) ++ and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE. ++ All _VAR_ flavors changes to _DATA to be absolutely clear. ++ [William Rowe] ++ ++ *) Add support for /, //, //servername and //server/sharename ++ parsing of <Directory> blocks under Win32 and OS2. ++ [Tim Costello, William Rowe, Brian Harvard] ++ ++ *) Remove the function pointers from the ap_bucket type. They have been ++ replaced with a global table. Modules are allowed to register bucket ++ types and use then use those buckets. ++ [Ryan Bloom] ++ ++ *) mod_cgid: In the handler, shut down the Unix socket (only for write) ++ once we finish writing the request body to the cgi child process; ++ otherwise, the client doesn't hit EOF on stdin. Small request bodies ++ worked without this change (for reasons I don't understand), but large ++ ones didn't. [Jeff Trawick] ++ ++ *) Remove file bucket specific information from the ap_bucket type. ++ This has been moved to a file_bucket specific type that hangs off ++ the data pointer in the ap_bucket type. ++ [Ryan Bloom] ++ ++ *) Input filtering now has a third argument. This is the amount of data ++ to read from lower filters. This argument can be -1, 0, or a positive ++ number. -1 means give me all the data you have, I'll deal with it and ++ let you know if I need more. 0 means give me one line and one line ++ only. A positive number means I want no more than this much data. ++ ++ Currently, only 0 and a positive number are implemented. This allows ++ us to remove the remaining field from the conn_rec structure, which ++ has also been done. ++ [Ryan Bloom] ++ ++ *) Big cleanup of the input filtering. The goal is that http_filter ++ understands two conditions, headers and body. It knows where it is ++ based on c->remaining. If c->remaining is 0, then we are in headers, ++ and http_filter returns a line at a time. If it is not 0, then we are ++ in body, and http_filter returns raw data, but only up to c->remaining ++ bytes. It can return less, but never more. ++ [Greg Ames, Ryan Bloom, Jeff Trawick] ++ ++ *) mod_cgi: Write all of the request body to the child, not just what ++ the kernel would accept on the first write. [Jeff Trawick] ++ ++ *) Back out the change that moved the brigade from the core_output_filters ++ ctx to the conn_rec. Since all requests over a given connection ++ go through the same core_output_filter, the ctx pointer has the ++ correct lifetime. ++ [Ryan Bloom] ++ ++ *) Fix another bug in the send_the_file() read/write loop. A partial ++ send by apr_send would cause unsent data in the read buffer to ++ get clobbered. Complete making send_the_file handle partial ++ writes to the network. ++ [Bill Stoddard] ++ ++ *) Fix a couple of type fixes to allow compilation on AIX again ++ [Victor J. Orlikowski <v.j.orlikowski gte.net>] ++ ++ *) Fix bug in send_the_file() which causes offset to be ignored ++ if there are no headers to send. ++ [Bill Stoddard] ++ ++ *) Handle APR_ENOTIMPL returned from apr_sendfile in the core ++ filter. Useful for supporting Windows 9* with a binary ++ compiled on Windows NT. ++ [Bill Stoddard] ++ ++Changes with Apache 2.0a7 ++ ++ *) Reimplement core_output_filter to buffer/save bucket brigades ++ across multiple calls to the core_filter. The brigade will be ++ sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE ++ thresholds are hit or the EOS bucket is received. ++ [Bill Stoddard] ++ ++ *) Create experimental filter (buffer_filter) that coalesces bytes ++ into one large buffer before invoking the next filter in the ++ chain. This filter is particularly useful with the current ++ implementation of mod_autoindex when it inserted above the ++ chunk_filter. mod_autoindex generates a lot of brigades that ++ containing buckets holding just a few bytes each. The ++ buffer_filter coalesces these buckets into a single large bucket. ++ [Bill Stoddard] ++ ++ *) Add apr_sendfile() support into the core_output_filter. ++ [Bill Stoddard] ++ ++ *) Add apr_sendv() support into the core_output_filter. ++ [Bill Stoddard] ++ ++ *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS ++ [Mike Abbott <mja sgi.com>] ++ ++ *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't ++ make much sense, because Apache uses buckets instead of BUFFs now. ++ [Ryan Bloom] ++ ++ *) send_the_file now falls back to a read/write loop on platforms that ++ do not have sendfile. ++ [Ryan Bloom and Brian Havard] ++ ++ *) Install apachectl correctly, and substitute the proper values so ++ that it works again. [Ryan Bloom] ++ ++ *) Better(??) handle platforms that lack sendfile(). ++ [Jim Jagielski] ++ ++ *) APR now has UUID generation/formatting/parsing support. ++ [Greg Stein] ++ ++ *) Begin the http_filter. This is an input filter that understands ++ the absolute basic amount required to parse an HTTP Request. The ++ goal is to be able to split headers from request body before passing ++ the data back to the other filters. ++ [Ryan Bloom] ++ ++ *) Bring forward from 1.3.13 the config directory implementation ++ [Jim Jagielski] ++ ++ *) install apxs if it is created ++ [Ryan Bloom] ++ ++ *) Added APR_IS_STATUS_condition test macros to eliminate canonical error ++ conversions. [William Rowe] ++ ++ *) Now that we have ap_add_input_filter(), rename ap_add_filter() to ++ ap_add_output_filter(). [Jeff Trawick] ++ ++ *) Multiple build and configuration fixes ++ Build process: ++ ++ -add datadir and localstatedir substitutions ++ -fix layout name ++ -fix logfilename misspelling ++ -fix evaluation of installation dir variables and ++ -replace $foobar by $(foobar) to be usefull in the makefile ++ ++ Cross compile: ++ ++ -add rules for cross-compiling in rules.mk. Okay, rule to check for ++ $CC_FOR_BUILD is still missing ++ -use CHECK_TOOL instead of CHECK_PROG for ranlib ++ -add missing "AR=@AR@" to severaly Makefile.in's ++ -cache result for "struct rlimit" ++ -compile all helper programs with native and cross compiler ++ and use the native version to generate header file ++ ["Rüdiger" Kuhlmann <Tadu gmx.de>] ++ ++ *) Prepare our autoconf setup for autoconf 2.14a and for cross- ++ compiling. ++ ["Rüdiger" Kuhlmann <Tadu gmx.de>] ++ ++ *) Fix a bug where a client which only sends \n to delimit header ++ lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED ++ message. Start working on ebcdic co-existance with input ++ filtering. ++ [William Rowe, Greg Ames] ++ ++ *) If mod_so is enabled in the server always create libexec, even ++ if there are no modules installed in this directory. This is a ++ requirement for APXS to work correctly. ++ [Ryan Bloom] ++ ++ *) Connection oriented output filters are now stored in the ++ conn_rec instead of the request_rec. This allows us to add the ++ output filter in the pre-connection phase instead of the ++ post_read_request phase, which keeps us from trying to write an ++ error page before we have a filter to write to the network. ++ [Ryan Bloom, Jeff Trawick, and Greg Ames] ++ ++ *) Cleaning up an mmap bucket no longer deletes the mmap. An ++ mmap can be used across multiple buckets (default_handler with ++ byte ranges, mod_file_cache, mod_mmap_static), so cleanup of ++ the mmap itself can't be associated with the bucket. ++ [Jeff Trawick] ++ ++ *) Add .dll caching directive ISAPICacheFile to mod_isapi. ++ [William Rowe] ++ ++ *) Radical surgery to improve mod_isapi support under Win32. ++ Includes a number of newer ServerSupportFunction calls, support ++ for ReadClient (in order to retrieve POSTs greater than 48KB), ++ and general bug fixes to more reliably load ISAPI .dll's and ++ prevent leaking handle resources. Note: There are still ++ discrepancies between IIS's and Apache's ServerVariables, and ++ async calls are still not supported. Additional warnings are ++ logged to facilitate debugging of unsupported ISAPI calls. ++ [William Rowe] ++ ++ *) Add input filtering to Apache. The basic idea for the input ++ filters is the same as the ideas for output filters. The biggest ++ difference is that instead of calling ap_pass_brigade, ap_get_brigade ++ should be called, and the order of execution for the filter itself is ++ different. When writing an output filter, a brigade is passed in, ++ and filters operate directly on that brigade, when done, they call ++ ap_pass_brigade. Input filters are the exact opposite. Because input ++ is not a push operation, filters first call ap_get_brigade. When this ++ function returns, the input filter will be left with a valid brigade. ++ The input filter should then operate on the brigade, and return. ++ [Ryan Bloom] ++ ++ *) Fix building on BSD/OS using its native make. The build system ++ falls back to the BSD .include directive on that host platform. ++ [Sascha Schumann] ++ ++ *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5, ++ SHA1 and plaintext password encodings. Make feature tests a ++ bit more flexible. [William Rowe] ++ ++ *) Charset translation: mod_charset_lite handles output content ++ translation in a filter. mod_charset_lite no longer ignores ++ subrequests. A bunch of cruft related to BUFF's support for ++ translating request and response bodies was removed. ++ [Jeff Trawick] ++ ++ *) Move the addition of the CORE filter to the post_read_request ++ hook in http_core.c. This removes the need to add the filter in ++ multiple places and allows for an SSL module to be added much ++ simpler. [Ryan Bloom] ++ ++ *) SECURITY [CVE-2000-0913] (cve.mitre.org): ++ Fix a security problem that affects certain configurations of ++ mod_rewrite. If the result of a RewriteRule is a filename that ++ contains expansion specifiers, especially regexp backreferences ++ $0..$9 and %0..%9, then it may be possible for an attacker to ++ access any file on the web server. [Tony Finch] ++ ++ *) Fix a bug where errors that are detected during early request parsing ++ don't produce visible HTTP error messages at the browser, because ++ the core_filter wasn't present. [Greg Ames] ++ ++ *) Provide apr_socklen_t as a portability aid. ++ [Victor J. Orlikowski] ++ ++ *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2) ++ as well as a comment arg to the add, adduser and update cmds. ++ update allows the user to clear or preserve pw/groups/comment. ++ Fixed a bug in dbmmanage that prevented the check option from ++ parsing a password followed by :group... text. Corrected the ++ seed calcualation for Win32 systems, and added -lsdbm support. ++ [William Rowe] ++ ++ *) Configured mod_auth_dbm to compile with sdbmlib under Win32. ++ [William Rowe] ++ ++ *) Avoid a segfault when parsing .htaccess files. An ++ uninitialized tree pointer was passed to ap_build_config(). ++ [Jeff Trawick] ++ ++ *) Change the way that inet_addr & inet_network are checked for ++ in APR's configure process to allow BeOS BONE to correctly ++ find them. With this change BeOS BONE now builds from source ++ with no problems. [David Reid] ++ ++ *) Fix a bug in apr_create_process() for Unix. The NULL signifying ++ the end of the parameters to execve() was stored in the wrong ++ location, overlaying the storage beyond the newargs[] array and ++ also passing uninitialized storage to execve(), which would ++ sometimes fail with EFAULT. [Jeff Trawick] ++ ++ *) Fix a bug parsing configuration file containers. With a sequence ++ like this in the config file ++ ++ <IfModule mod_kilroy.c> ++ any stuff ++ </IfModule> ++ <IfModule mod_lovejoy.c> ++ (blank line) ++ any stuff ++ </IfModule> ++ ++ the second container would be terminated at the blank line due to ++ sediment in the buffer from reading the prior </IfModule> and an ++ error message would be generated for the real </IfModule> for the ++ second container. Also due to this problem, any two characters ++ could be used for "</" in the close of a container. ++ [Jeff Trawick] ++ ++ *) ap_add_filter prototype changed to remove the ctx pointer. The ++ pointer still remains in the filter structure, but it can not be ++ a part of the ap_add_filter prototype. The reason is that when ++ the core uses AddFilter to add a filter to the stack it doesn't ++ know how to allocate the ctx pointer, or even how much memory should ++ be allocated. The filters will have to be responsible for allocating ++ the ctx memory when they need it. ++ [Ryan Bloom] ++ ++ *) Add an AddFilter directive. This directive takes a list of filters ++ that should be activated for the requested resource. ++ [Ryan Bloom] ++ ++ *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps ++ some other platforms). [Jeff Trawick] ++ ++ *) Modify mod_include to be a filter. Currently, it has only been tested ++ on actual files, but it should work for CGI scripts too. ++ [Ryan Bloom] ++ ++ *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted ++ writes. apr_flush() for Unix: handle interrupted writes. ++ [Jeff Trawick] ++ ++ *) NameVirtualHost can now take "*" as an argument instead of ++ an IP address. This allows you to create a purely name-based ++ virtual hosting server that does not have any IP addresses in ++ the configuration file and which ignores the local address ++ of any connections. PR #5595, PR #4455 [Tony Finch] ++ ++ *) Fix some compile warnings in mod_mmap_static.c ++ [Mike Abbott <mja sgi.com>] ++ ++ *) Fix chunking problem with CGI scripts. The general problem was that ++ the CGI modules were adding an EOS bucket and then the core added an ++ EOS bucket. The chunking filter finalizes the chunked response when it ++ encounters an EOS bucket. Because two EOS buckets were sent, we ++ finalized the response twice. The fix is to make sure we only send one ++ EOS, by utilizing a flag in the request_rec. ++ [Ryan Bloom] ++ ++ *) apr_put_os_file() now sets up the unget byte appropriately on Unix ++ and Win32. Previously, the first read from an apr_file_t set up via ++ apr_put_os_file() would return a '\0'. [Jeff Trawick] ++ ++ *) Mod_cgid now creates a single element bucket brigade, with a pipe ++ bucket, instead of using BUFF's and ap_r*. ++ [Ryan Bloom] ++ ++ *) APRVARS.in no longer overwrites the EXTRA_LIBS variable. ++ [Mike Abbott <mja sgi.com>] ++ ++ *) Remove ap_bopenf from buff code. This required modifying the file_cache ++ code to use APR file's directly instead of going through BUFFs. ++ [Ryan Bloom] ++ ++ *) Fix compile break on some platforms for mod_mime_magic.c ++ [John K. Sterling <sterling covalent.net>] ++ ++ *) Fix merging of AddDefaultCharset directive. ++ PR #5872 (1.3) [Jun Kuriyama <kuriyama imgsrc.co.jp>] ++ ++ *) Minor revamp of the rlimit sections of code. We now test ++ explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit() ++ is now "available" even if the platform doesn't support ++ the rlimit family (it's just a noop though). [Jim Jagielski] ++ ++ *) Migrate the pre-selection of which MPM to use for specific ++ platforms to hints.m4, which contains (or should contain) ++ all platform specific "hints". [Jim Jagielski] ++ ++ *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary ++ [Ryan Bloom] ++ ++ *) Add tables with non-string/binary values to APR. ++ [Ken Coar] ++ ++ *) Fix some bad calls to ap_log_rerror() in mod_rewrite. ++ [Jeff Trawick] ++ ++ *) Update PCRE to version 3.2. [Ryan Bloom] ++ ++ *) Change the way buckets' destroy functions are called so that ++ they can be more directly used when changing the type of a ++ bucket in place. [Tony Finch] ++ ++ *) Add generic support for reference-counting the resources used by ++ buckets, and alter the HEAP and MMAP buckets to use it. Change ++ the way buckets are initialised to support changing the type of ++ buckets in place, and use it when setting aside TRANSIENT buckets. ++ Change the implementation of TRANSIENT buckets so that it can be ++ mostly shared with IMMORTAL buckets, which are now implemented. ++ [Tony Finch] ++ ++Changes with Apache 2.0a6 ++ ++ *) Add support to Apache and APR for dsos on OS/390. [Greg Ames] ++ ++ *) Add a chunking filter to Apache. This brings us one step closer ++ to removing BUFF. [Ryan Bloom] ++ ++ *) ap_add_filter now adds filters in a LIFO fashion. The first filter ++ added to the stack is the last filter to be called. [Ryan Bloom] ++ ++ *) Apache 2.0 has been completely documented using Scandoc. The ++ docs can be generated by running 'make docs'. [Ryan Bloom] ++ ++ *) Add filtered I/O to Apache. This is based on bucket brigades, ++ Currently the buckets still use BUFF under the covers, but that ++ should change quickly. The only currently written filter is the ++ core filter which just calls ap_bwrite. [The Apache Group] ++ ++ *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't ++ built with thread support. [Jeff Trawick] ++ ++ *) Abort configuration if --with-layout was specified and there's ++ no layout definition file. [Ken Coar] ++ ++ *) Add support for '--with-port=n' option to configure. [Ken Coar] ++ ++ *) Add support for extension methods for the Allow response header ++ field, and an API routine for accessing r->allowed and the ++ list of extension methods in a unified manner. [Ken Coar] ++ ++ *) mod_cern_meta: fix broken file reading loop in scan_meta_file(). ++ [Rob Simonson <simo us.ibm.com>] ++ ++ *) Get xlate builds working again. The apr renaming in 2.0a5 broke ++ APACHE_XLATE builds. [Jeff Trawick] ++ ++ *) A configuration file parsing problem was fixed. When the ++ configuration file started with an IfModule/IfDefine container, ++ only the last statement in the container would be retained. ++ [Jeff Trawick] ++ ++Changes with Apache 2.0a5 ++ ++ *) Perchild is serving pages after passing them to different child ++ processes. There are still a lot of bugs, but this does work. I ++ have made requests against the same installation of Apache, and had ++ different servers use different user IDs to serve the responses. ++ This change moves to using socketpair instead of an AF_UNIX socket. ++ [Ryan Bloom] ++ ++ *) Perchild MPM still doesn't work perfectly, but it is serving pages. ++ It can't seem to pass between child processes yet, but I think we ++ are closer now than before. This moves us back to using Unix ++ Domain Sockets. [Ryan Bloom] ++ ++ *) libapr functions and types renamed with apr_ prefix. ++ #include "apr_compat.h" for 1.3.x backwards compat ++ [Perl] ++ ++ *) Fix problems with APR sockaddr handling on Win32. It didn't always ++ return the right information on the local socket address. ++ [Gregory Nicholls <gnicholls level8.com>] ++ ++ *) ap_recv() on Win32: Set bytes-read to 0 on error. ++ [Gregory Nicholls <gnicholls level8.com>] ++ ++ *) Add an option to not detach from the controlling terminal without ++ going into single process mode. This allows for much easier ++ debugging of the process startup code. [Ryan Bloom] ++ ++ *) ab: don't use perror() to report the failure of an APR function. ++ [Jeff Trawick] ++ ++ *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the ++ scoreboard on graceful restarts. ++ [Ryan Bloom] ++ ++ *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c. ++ An invalid ap_proc_t was passed to ap_create_process(). ++ [Jeff Trawick] ++ ++ *) Allow modules to register filters. Those filters are still ++ never called, but this is a step in the right direction. ++ [Ryan Bloom and Greg Stein] ++ ++ *) Register the mod_cgid daemon process for cleanup so that it is ++ killed at termination if it does not die when the parent gets ++ SIGTERM. This change is to fix occasional problems where the ++ process stays around. Bugs in similar logic in mod_rewrite and ++ mod_include were also fixed. [Jeff Trawick] ++ ++ *) Fix a bug in the time handling. Basically, we were imploding a time ++ in ap_parseHTTPdate, but it had bogus data in the exploded time format. ++ Namely, tm_usec and tm_gmtoff were not filled out. ap_implode_time ++ uses those two fields to adjust the time value. Because of the HTTP ++ spec, both of those values can be zero'ed out safely. This fixes ++ the bug correctly. [Ryan Bloom] ++ ++ *) Fix a couple of place in the Windows code where the wrong error ++ code was being returned. [Gregory Nicholls <gnicholls level8.com>] ++ ++ *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet] ++ ++ *) Added the APR_EOL_STR macro for platform dependent differences in ++ logfiles and other raw text (such as all APR files). Fixes logfiles ++ not terminated with cr/lf sequences in Win32. [William Rowe] ++ ++ *) Move all strings functions in APR to src/lib/apr/strings and create ++ apr_strings.h for the prototypes. [Ryan Bloom] ++ ++ *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure ++ to repeat the syscall until we stop getting EINTR. I noticed a ++ related problem at termination (SIGTERM) on FreeBSD when using ++ fcntl(). Apache 1.3 had these new loops too. Also, make the flock() ++ implementation work properly with child init. Previously, ap_lock() ++ was essentially a no-op because all children were using different ++ locks and thus nobody ever blocked. [Jeff Trawick] ++ ++ *) The htdocs/ tree has been moved out of the CVS source tree into ++ a separate area for easier development. This has NO EFFECT on ++ end-users or Apache installations. [Ken Coar] ++ ++ *) Integrate the mod_dav module for WebDAV protocol handling. This ++ adds the dav and dav_fs modules, the SDBM library, and additional ++ XML handling utilities. [Greg Stein] ++ ++ *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes ++ [Greg Stein] ++ ++ *) Update the lib/expat-lite/ library (bring forward changes from ++ the Apache 1.3 repository). [Greg Stein] ++ ++ *) If sizeof(long long) == sizeof(long), then prefer long in APR ++ configure.in. [Dave Hill <ddhill zk3.dec.com>] ++ ++ *) Add ap_sendfile for Tru64 Unix. Also, add an error message for ++ machines where sendfile is detected, but nobody has written ap_sendfile. ++ [Dave Hill <ddhill zk3.dec.com>] ++ ++ *) Compile fixes in mod_mmap_static. [Victor J. Orlikowski] ++ ++ *) ab would start up more connections than needed, then quit when the ++ desired number were finished. Also fixed a logic error involving ++ ab keepalives. [Victor J. Orlikowski] ++ ++ *) WinNT: Implement non-blocking pipes with timeouts to communicate ++ with CGIs. Apache 2.0a4 had non-blocking pipes but without ++ timeouts (i.e, if a timeout was specified, the pipe reverted to ++ a full blocking pipe). Now the behaviour is more in line with ++ Unix non-blocking pipes. ++ [Bill Stoddard] ++ ++ *) WinNT: Implement accept socket reuse. Using mod_file_cache to ++ cache open file handles along with accept socket reuse enables ++ Apache 2.0 to serve non-keepalive requests for static files at ++ 3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps ++ and Apache 2.0 will serve almost 1200 rps on my system). ++ [Bill Stoddard] ++ ++ *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache ++ supports two config directives, mmapfile (same behavious as ++ mod_mmap_static) and cachefile. Use the cachefile directive ++ to cache open file handles. This directive only works on systems ++ that have implemented the ap_sendfile API. cachefile works today ++ on Windows NT, but has not been tested on any flavors of Unix. ++ [Bill Stoddard] ++ ++ *) Cleanup the configuration. With the last few changes the ++ configuration process automatically: ++ inherits information about how to build from APR. Allowing ++ APR to inform Apache that it should or should not use -ldl ++ ++ Detects which mod_cgi should be used mod_cgi or mod_cgid, ++ based on the threading model ++ ++ Apache calls APR's configure process before finishing it's ++ configuration processing, allowing for more information flow ++ between the two. ++ [Ryan Bloom] ++ ++ ++ *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK ++ with non-zero argument makes the socket non-blocking. BeOS and ++ OS/2 already worked this way. [Jeff Trawick] ++ ++ *) ap_close() now calls ap_flush() for buffered files, so write ++ operations work a whole lot better on buffered files. ++ [Jeff Trawick] ++ ++ *) Fix error messages issued from MPMs which explain where to change ++ compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads). ++ [Greg Ames] ++ ++ *) ap_create_pipe() now leaves pipes in blocking state. (This helps ++ reduce the number of syscalls on Unix.) ap_set_pipe_timeout() is ++ now the way that the blocking state of a pipe is manipulated. ++ ap_block_pipe() is gone. [Jeff Trawick] ++ ++ *) Correct the problem where the only local host name that the IP stack ++ can discover are 'undotted' private names. If no fully qualified ++ domain name can be identified, the default ServerName will be set to ++ the machine's IP address string. A warning is always provided if the ++ ServerName not specified, but assumed. Solves PR6215 [William Rowe] ++ ++ *) Repair problems with config file processing which caused segfault ++ at init when virtual hosts were defined and which caused ServerName to ++ be ignored when there was no valid DNS setup. [Jeff Trawick] ++ ++ *) Removed pointless ap_is_aborted macro function. [Roy Fielding] ++ ++ *) Add ap_sendfile implementation for AIX ++ [Victor J. Orlikowski] ++ ++ *) Repair C++ compatibility in ap_config.h, apr_file_io.h, ++ apr_network_io.h, and apr_thread_proc.h. ++ [Tyler J. Brooks <tylerjbrooks home.com>, Jeff Trawick] ++ ++ *) Bring the allocation and pool debugging code back into a working ++ state. This will need to be tested as so far it's only been used on ++ BeOS. [David Reid] ++ ++ *) Change configuration command setup to be properly typesafe when in ++ maintainer mode. Note that this requires a compiler that can initialise ++ unions. [Ben Laurie] ++ ++ *) Turn on buffering for config file reads. Part of this was to ++ repair buffered I/O support in Unix and implement buffered ++ ap_fgets() for all platforms. [Brian Havard, Jeff Trawick] ++ ++ *) Win32: Fix problem where UTC offset was not being set correctly ++ in the access log. Problem reported on news group by Jerry Baker. ++ [Bill Stoddard] ++ ++ *) Fix segfault when reporting this type of syntax error: ++ "</container> without matching <container> section", where ++ container is VirtualHost or Directory or whatever. ++ [Jeff Trawick] ++ ++ *) SECURITY [CAN-2000-1204] (cve.mitre.org): ++ Prevent the source code for CGIs from being revealed when ++ using mod_vhost_alias and the CGI directory is under the document root ++ and a user makes a request like http://www.example.com//cgi-bin/cgi ++ as reported in <news:960999105.344321 ernani.logica.co.uk> ++ [Tony Finch] ++ ++ *) Add support for the new Beos NetwOrking Environment (BONE) ++ [David Reid] ++ ++ *) xlate: ap_xlate_conv_buffer() now tells the caller when the ++ final input char is incomplete; ap_bwrite_xlate() now handles ++ incomplete final input chars. [Jeff Trawick] ++ ++ *) Yet another update to saferead/halfduplex stuff -- need to ensure ++ that a bhalfduplex call occurs before logging or else DNS and ++ such can delay the last packet of the response. [Dean Gaudet] ++ ++ *) Some syscall reduction in APR on unix -- don't seek when setting ++ up an mmap; and don't fcntl() more than once per socket. ++ [Dean Gaudet] ++ ++ *) When mod_cgid is started as root, the cgi daemon now switches ++ to the configured User/Group (like other httpd processes) ++ instead of continuing as root. [Jeff Trawick] ++ ++ *) The prefork MPM now uses an APR lock for the accept() mutex. ++ It has not been getting a lock at all recently. httpd -V now ++ displays APR's selection of the lock mechanism instead of the ++ symbols previously respected by prefork. [Jeff Trawick] ++ ++ *) Change the mmap() feature test to check only for existence. ++ The previous check required features not used by Apache. ++ [Greg Ames] ++ ++ *) Fix a couple of bugs in mod_cgid: The cgi arguments were ++ sometimes mangled. The len parm to accept() was not ++ initialized, leading sometimes to an endless loop of failed ++ accept() calls on OS/390 and anywhere else that failed the call ++ if the len was negative. Use <sys/un.h> for struct sockaddr_un ++ instead of declaring it ourselves to fix a compilation problem ++ on Solaris. [Jeff Trawick] ++ ++ *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom] ++ ++ *) Fix zombie process problem with mod_cgi. [Jeff Trawick] ++ ++ *) Port mod_mmap_static to 2.0. Make it go faster. [Greg Ames] ++ ++ *) Fix storage overlay when loading dsos. Symptom: Apache dies at ++ initialization if ALLOC_DEBUG is defined; no known symptom ++ otherwise. [Jeff Trawick] ++ ++ *) Fix typo in configure script when checking for mod_so. bash ++ doesn't seem to have a problem but /bin/sh on Solaris does. ++ Symptom: "./configure: test: unknown operator ==" ++ [Jeff Trawick] ++ ++ *) Rebind the Win32 NT and 9x services control into the MPM. ++ All console, WinNT SCM and Win9x pseudo-service control code is ++ now wrapped within the WinNT MPM. ++ [William Rowe] ++ ++ *) Make a copy of getenv("PATH") before storing for later use. Some ++ getenv() implementations use the same storage for successive calls. ++ CGIs on OS/390 had a bad PATH due to this. [Jeff Trawick] ++ ++ *) Server Tokens work in 2.0 again. This also propogates the change ++ to allow just the product name in the server string using ++ PRODUCT_ONLY. ++ [Ryan Bloom] ++ ++Changes with Apache 2.0a4 ++ ++ *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers ++ won't need to call it. [Greg Ames, Jeff Trawick] ++ ++ *) Move pre_config hook call to between configuration read and config ++ tree walk. This allows all modules to implement pre_config hooks ++ and know that they will be called at an appropriate time. ++ [Ryan Bloom] ++ ++ *) mod_cgi, mod_cgid: Make ScriptLog directive work again. ++ [Jeff Trawick] ++ ++ *) Add pre-config hooks back to all modules. ++ [Ryan Bloom] ++ ++ *) Fix a SIGSEGV in ap_md5digest(), which is used when you have ++ ContentDigest enabled and we can't/don't mmap the file. ++ [Jeff Trawick] ++ ++ *) We now report the correct line number for syntax errors in config ++ files. [Ryan Bloom, Greg Stein, Jeff Trawick] ++ ++ *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t- ++ related bugs, and changed shmem/locking to use apr API. Shared-mem ++ is currently disabled, however, because of problems with graceful ++ restarts. [Ronald Tschalär] ++ ++ *) Fix corruption of IFS variable in --with-module= handling. ++ Depending on the user's shell or customization thereof, there ++ would be errors generating ap_config_auto.h later in the configure ++ procedure. [Jeff Trawick] ++ ++ *) mod_cgi: Restore logging of stderr from child process when ScriptLog ++ isn't used (as in 1.3), except that on Unix it is now logged via ++ ap_log_rerror() instead of by the child having STDERR_FILENO refer ++ to the error log. [Greg Ames, Jeff Trawick] ++ ++ *) Add '-D' argument processing for run time configuration defines. ++ [William Rowe] ++ ++ *) Organize http_main.c as independent code, such that no code or ++ global data is exported from it. WIN32 will dynamically link it ++ to the server core, so this will prevent mutual dependency. ++ [William Rowe] ++ ++ *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD() ++ and APR_VAR_EXPORT to correctly resolve apr functions and globals. ++ [William Rowe] ++ ++ *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers. ++ [William Rowe, Jan Just Keijser <KEIJSERJJ logica.com>] ++ ++ *) Add mod_charset_lite for configuring character set translation. ++ [Jeff Trawick] ++ ++ *) Add '-n' option to htpasswd to make it print its user:pw record ++ on stdout rather than having to frob a text file. [Ken Coar] ++ ++ *) Fix saferead. Basically, we flush the output buffer if a read on the ++ input will block. ++ [Ryan Bloom] ++ ++ *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not ++ a conversion is single-byte only. [Jeff Trawick] ++ ++ *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that ++ the BeOS 5.0 documentation says that shutdown doesn't work yet. ++ [Roy Fielding] ++ ++ *) Fix some minor errors where pid was being manipulated as an int ++ instead of the portable pid_t. [Roy Fielding] ++ ++ *) Fix some error log prints that were printing the pointer to a ++ structure rather than the pid within the structure. ++ [Jeff Trawick, Roy Fielding] ++ ++ *) ab: Fix a command-line processing bug; track bad headers in ++ err_response; support reading headers up to 2K. ++ [Ask Bjoern Hansen <ask valueclick.com>] ++ ++ *) Fix ap_resolve_env() so that it handles new function added in a prior ++ alpha (see "Added the capability to do ${ENVVAR} constructs in the ++ config file.") as well as the constructs used by mod_rewrite. ++ [Paul Reder <rederpj raleigh.ibm.com>] ++ ++ *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames] ++ ++ *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use ++ APR to perform translation, instead of accessing the hard-coded tables ++ in 1.3's ebcdic.c. [Jeff Trawick] ++ ++ *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing. ++ [Jeff Trawick] ++ ++ *) Add the ability to hook into the config file reading phase. Basically ++ if a directive is specified EXEC_ON_READ, then when that directive is ++ read from the config file, the assocaited function is executed. This ++ should only be used for those directives that must muck with HOW the ++ server INTERPRETS the config. This should not be used for directives ++ that re-order or replace items in the config tree. Those changes should ++ be made in the pre-config step. ++ [Ryan Bloom] ++ ++ *) Add mod_example to the build system. ++ [Tony Finch] ++ ++ *) APR: Add ap_xlate_conv_byte() to convert one char between single- ++ byte character sets. [Jeff Trawick] ++ ++ *) Pick up various EBCDIC fixes from 1.3 (from Martin ++ Kraemer and Oliver Reh originally according to the change log). ++ [Jeff Trawick] ++ ++ *) Fix a couple of problems in RFC1413 support (controlled by the ++ IdentityCheck directive). Apache did not build the request string ++ properly and more importantly Apache would loop forever if the ++ would-be ident server dropped the connection before sending a ++ properly terminated response. [Jeff Trawick] ++ ++ *) apxs works in 2.0. ++ [Ryan Bloom] ++ ++ *) Reliable piped logs work in 2.0. ++ [Ryan Bloom] ++ ++ *) Introduce a hash table implementation into APR to be used for ++ replacing tables and other random data structures in Apache. ++ [Tony Finch] ++ ++ *) Add some more error reporting to htpasswd in the case of problems ++ generating or accessing the temporary file. Also, pass in a ++ buffer if the implementation knows how to use it (i.e., if L_tmpnam ++ is defined). [Ken Coar] ++ ++ *) Configure creates config.nice now containing your configure ++ options. Syntax: ./config.nice [--more-options] ++ [Sascha Schumann] ++ ++ *) Fix various return code problems in APR on Win32. For most of ++ these, APR was returning APR_EEXIST instead of GetLastError()/ ++ WSAGetLastError(). [Jeff Trawick] ++ ++ *) Make piped logs work again in version 2.0 ++ [Ryan Bloom] ++ ++ *) Add VPATH support to UNIX build system of Apache and APR. ++ [Sascha Schumann] ++ ++ *) Fix ap_tokenize_to_argv to respect the const arguments that are ++ passed to it. ++ [Ryan Bloom] ++ ++ *) Fix mm's memcpy/memset macros, pointer arithmetic was broken. ++ Patch submitted to author. ++ [Sascha Schumann] ++ ++ *) Fix mm configuration on Solaris 8 x86 and OS/390. Don't require ++ /sbin in PATH on FreeBSD (all submitted to rse previously) ++ [Jeff Trawick] ++ ++ *) Fix building Pthread-based MPMs on OpenBSD ++ [Sascha Schumann] PR#26 ++ ++ *) Fix ap_readdir() problem on systems where d_name[] field in ++ struct dirent is declared with only one byte. (This problem only ++ affected multithreaded builds.) This caused a segfault during ++ pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at ++ least). [Jeff Trawick] ++ ++ *) Fix some make-portability problems on at least Tru64, Irix ++ and UnixWare. ++ [Sascha Schumann] PR#18, PR#39 ++ ++ *) Add ap_sigwait() to support old-style sigwait() on systems ++ like OS/390 and UnixWare. ++ [Sascha Schumann] ++ ++ *) Add POSIX-thread flags for more platforms. ++ [Sascha Schumann] ++ ++ *) Fix some minor bugs in ap_strerror(). Teach ap_strerror() ++ (on Unix, at least) to handle resolver errors. Fix a bug in ++ the definition of APR_ENOMEM so that ap_strerror() can spit ++ out the correct error message for it. ++ [Jeff Trawick] ++ ++Changes with Apache 2.0a3 ++ ++ *) mod_so reports ap_os_dso_error() if ap_dso_load() fails ++ [Doug MacEachern] ++ ++ *) API: *HOOK* macros now have an AP_ prefix ++ [Doug MacEachern] ++ ++ *) Win32: Eliminate redundant calls to initialize winsock. ++ [Tim Costello <timcostello ozemail.com.au>] ++ ++ *) Fix bugs initializing ungetchar for pipes. ++ [Chia-liang Kao <clkao CirX.ORG>] ++ ++ *) The ab program in the src/support directory is now portable using ++ APR. ++ [Ryan Bloom] ++ ++ *) Support directory is being compiled when the server is built ++ [Ryan Bloom] ++ ++ *) The configure option --with-program-name has been added to allow ++ developers to rename the executable at configure time. This also ++ changes the name of the config files to match the executable's name. ++ [Ryan Bloom] ++ ++ *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames ++ containing version numbers. [Martin Pool] ++ ++ *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on ++ Unix; access_log and error_log now created with these perms; non- ++ Unix is unaffected [Jeff Trawick] ++ ++ *) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h. ++ Replaced more magic numbers with MD5_DIGESTSIZE. ++ [William Rowe, Roy Fielding] ++ ++ *) Win32: Get mod_auth_digest compiling and added to the Windows ++ build environment. Not tested and I'd be suprised if it ++ actually works. [Bill Stoddard] ++ ++ *) Revamp the Win32 make environment. Makefiles have been removed and ++ Apache.dsw created to bring together all the pieces. Create new file ++ os/win32/BaseAddr.ref to define module base addresses (to prevent ++ dll relocation at start-up). ++ [William Rowe, Greg Marr, Tim Costello, Bill Stoddard] ++ ++ *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3. This replaces most ++ of the \015, \012, and \015\012 constants with macros. ++ [Greg Ames] ++ ++ *) Add ap_xlate_open() et al for translation of text between different ++ character sets. The initial implementation requires iconv(). ++ [Jeff Trawick] ++ ++ *) More FAQs and answers from comp.infosystems.www.servers.unix. ++ [Joshua Slive <slive finance.commerce.ubc.ca>] ++ ++ *) CGI output is being timed out now. ++ [Ryan Bloom] ++ ++ *) Fix the problem with dieing quietly. dupfile now takes a pool which ++ is used by the new apr file. There is no reason to create a new file ++ with the same lifetime as the original file. ++ [Ryan Bloom] ++ ++ *) Win32: Attempt to eliminate dll relocation at start-up by specifying ++ module base addresses. This will help shooting seg faults ++ in the field. [William Rowe <wrowe lnd.com>] ++ ++ *) Update Apache on Windows documentation. Add new document ++ describing how to compile Apache on Windows. ++ [William Rowe <wrowe lnd.com>] ++ ++ *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take ++ microseconds instead of seconds. Some storage leaks and other ++ minor bugs in related code were fixed. [Jeff Trawick] ++ ++ *) Win32: First cut at getting mod_isapi working under 2.0 ++ [William Rowe <wrowe lnd.com>] ++ ++ *) First stab at getting mod_auth_digest working under 2.0 ++ quick change summary: ++ - moved the random byte generation (ap_generate_random_bytes) into APR ++ - now uses ap_time_t ++ - compiles and runs on linux ++ - tested with amaya ++ [Brian Martin <bmartin penguincomputing.com>] ++ ++ *) Win32: Move the space stripping of physical service names ++ fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an ++ unresolved symbol. Add dependency checking to the ++ CreateService call to ensure TCPIP and AFP (winsock) is started ++ before Apache. ++ [William Rowe <wrowe lnd.com>] ++ ++ *) Win32: Add code to perform latebinding on functions that may ++ not exist on all levels of Windows where Apache runs. This ++ is needed to allow Apache to start-up on Win95/98. All calls ++ to non portable functions should be protected with ++ ap_oslevel checks to prevent runtime segfaults. ++ [William Rowe <wrowe lnd.com>] ++ ++ *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer] ++ ++ *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick] ++ ++ *) Win32: Get non-blocking CGI pipe reads working under Windows NT. ++ This addresses PR 1623. Still need to address timing out runaway ++ CGI scripts. [Bill Stoddard] ++ ++ *) Win32: Make ap_stat Windows 95/98 friendly ++ [William Rowe <wrowe lnd.com>] ++ ++ *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to ++ always fail. Need to initialise the dwOSVersionInfoSize member of the ++ OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx ++ always fails. ++ ++ The patch also enhances ap_get_oslevel (and the associated enum) to ++ handle selected service packs for NT4, and adds recognition for ++ Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then ++ we can use ReadFileScatter and WriteFileGather in readwrite.c. ++ [Tim Costello <Tim.Costello BTFinancialgroup.com>] ++ ++ *) Get mod_rewrite building and running, and mod_status building for Win NT ++ [Allan Edwards <ake raleigh.ibm.com>] ++ ++ *) Patch to port mod_auth_db to the 2.0 api and also to support ++ Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and ++ 2.7.7. It should work with version 1 as well but I haven't tested it. ++ [Brian Martin <bmartin penguincomputing.com>] ++ ++ *) Get APR DSO code working under Windows. Includes cross platform ++ fixes to mod_so.c. ++ [<Tim.Costello BTFinancialgroup.com>] ++ ++ *) Fix some of the Windows APR time functions. ++ [William Rowe] ++ ++ *) FAQ changes related to tidying up historical documents on the web site. ++ [Joshua Slive <slive finance.commerce.ubc.ca>] ++ ++ *) Move Windows DSO code into APR. ++ [Bill Stoddard] ++ ++ *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause). ++ Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw ++ at build time. At this point, the server will not compile on Windows because ++ of the recent DSO commits. Fixing those next. ++ [Bill Rowe & Bill Stoddard] ++ ++ *) Added error checking for file I/O APR routines. ++ [Jon Travis <jtravis covalent.net>] ++ ++ *) APR: Don't use the values of resolver error codes for the ++ corresponding APR error codes. On Unix and Win32, return the ++ proper APR error code after a resolver error. [Jeff Trawick] ++ ++Changes with Apache 2.0a2 ++ ++ *) Renamed the executable back to httpd on all platforms other ++ than Win32 ++ [Ryan Bloom] ++ ++ *) Allow BeOS to survive restarts, log properly and a few ++ small things it had problems with due to the way it setup ++ users and groups. [David Reid] ++ ++ *) Get mod_rewrite working with APR locks ++ [Paul Reder <rederpj raleigh.ibm.com>] ++ ++ *) Actually remove the sempahore when the lock cleanup routine ++ is called on BeOS. [David Reid] ++ ++ *) Clear hook registrations between reads of the config file. ++ When DSOs are unloaded and re-loaded the old hook pointers may ++ no longer be valid. This fix eliminates potential segfaults. ++ [Allan Edwards <ake raleigh.ibm.com>] ++ ++ *) Fix a problem with Sigfunc not being defined or bypassed ++ if sigaction() wasn't found. [Jim Jagielski] ++ ++ *) Fix the locking mechanism on BSD variants. They now use fcntl ++ locks. This allows the server to start and serve pages. ++ [Ryan Bloom] ++ ++ *) First cut at getting the Win32 installer to work ++ [William Rowe <wrowe lnd.com>] ++ ++ *) Get htpasswd compiling under Windows ++ [William Rowe <wrowe lnd.com>] ++ ++ *) Change the log message for a bind() failure to show the ++ interface and port number. [Jeff Trawick] ++ ++ *) Import the documentation from 1.3.12 and bring parts of it ++ up-to-date with respect to the changes that have occurred ++ in 2.0. ++ [Tony Finch] ++ ++ *) BeOS MPM updated. CGI bug on BeOS fixed. IP addresses ++ now logged correctly on BeOS. ++ [David Reid] ++ ++ *) Create one makefile for all Win32 distributions (NT/2000/95/98). ++ Makefile.win includes the same user interface as the old ++ Makefile.nt ++ [William Rowe <wrowe lnd.com>, Jeff Trawick <trawick us.ibm.com>] ++ ++ *) Win32 exec now uses COMSPEC environment string for command ++ shell path resolution. ++ [William Rowe <wrowe lnd.com>] PR#3715 ++ ++ *) Win32: ap_connect() was not returning correct error condition ++ PR5866 ++ [Allen Prescott <allen clanprescott.com>] ++ ++ *) Win32: ap_open() was broken on Win9x because an NT-specific ++ flag was passed to CreateFile. ap_puts() added an unnecessary ++ '\n'. ++ [Jeff Trawick <trawick us.ibm.com>] ++ ++ *) Put in Korean and Norwegian index.html pages (2.0 and 1.3) ++ which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed' ++ confusing ee/et name and made all extensions language/dialect ++ rather than country reflecting. Changed example files to ++ explicit reflect the ISO charset and added a few common ++ ones to the example config [dirkx] ++ ++ *) Extend external module capability. To use this, you call ++ configure with --with-module=path/to/mod1,path/to/mod2,etc. ++ [Ryan Bloom] ++ ++ *) Backported the various "default charset" fixes from 1.3.12, ++ including the AddDefaultCharset directive. [Jim Jagielski] ++ ++ *) Added the capability to do ${ENVVAR} constructs in the ++ config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited ++ it does this on a line by line basis; i.e. if the envvar ++ expands to something with spaces you have to protect it ++ by adding quotes around it (Unless of course you expect it ++ to contains more than one argument. Alternatively you ++ can compile it on a per token basis; which is what people ++ usually expect by setting RESOLVE_ENV_PER_TOKEN. But this ++ hampers fancier hacks. ++ [Dirk-Willem van Gulik] ++ ++ *) Changed the 'ErrorDocument' syntax in that it NO longer ++ supports the asymetric ++ ++ ErrorDocument 301 "Some message ++ ++ Note the opening " quote, without a closing quote. It now ++ has either the following syntaxes ++ ++ ErrorDocument XXX /local/uri ++ ErrorDocument XXX http://valid/url ++ ErrorDocument XXX "Some Message" ++ ++ The recognition heuristic is: if it has a space it ++ is a message. If it has no spaces and starts with a / ++ or is a valid URL then treat it that way. Otherwise it ++ is assumed to be a message. ++ ++ This breaks backward compatibility but makes live a hell ++ of a lot easier for GUI's and config file parsers. ++ [Dirk-Willem van Gulik] ++ ++ *) Changed 'CacheNegotiatedDocs' from its present/not-present ++ syntax into a 'on' or 'off' syntax. As it currently is the ++ only non nesting token which uses NO_ARGS and thus is an ++ absolute pain for any config interface automation. This ++ breaks backward compatibility. [Dirk-Willem van Gulik] ++ ++ *) Add ability to add external modules to the build process. This is ++ done with --with-module=/path/to/module. Modules can only be added ++ as static modules at this point. ++ [Ryan Bloom] ++ ++Changes with Apache 2.0a1 ++ ++ *) Fix FreeBSD 3.3 core dump. ++ Basically, ap_initialize() needs to get called before ++ create_process(), since create_process() passes op_on structure ++ to semop() to get a lock, but op_on isn't initialized until ++ ap_initialize() calls setup_lock(). Here is a slight ++ rearrangement to main() which calls ap_initialize() earlier... ++ [Jeff Trawick <trawick us.ibm.com>] ++ ++ *) Enable Apache to use sendfile/TransmitFile API ++ [Bill Stoddard, David Reid, Paul Reder] ++ ++ *) Re-Implement Win32 APR network I/O APIs and most of the file I/O ++ APIs. ++ [Bill Stoddard] ++ ++ *) Make file I/O and network I/O writev/sendv APIs consistent. ++ Eliminate use of ap_iovec_t and use Posix struct iovec. ++ Use seperate variable on ap_writev to set the number of iovecs ++ passed in and number of bytes written. ++ [Bill Stoddard] ++ ++ *) Adapt file iol to use APR functions. Replaced ap_open_file() ++ with ap_create_file_iol(). ap_create_file_iol() requires that ++ the file be opened prior to the call using ap_open(). ++ [Bill Stoddard] ++ ++ *) Port mod_include and mod_cgi to 2.0 ++ [Paul Reder, Bill Stoddard] ++ ++ *) ap_send{,v}, ap_recv, ap_sendfile API clarification -- ++ bytes_read/bytes_written is always valid (never -1). Plus ++ some fixes to buff.c to correct problems introduced by the ++ errno => ap_status_t changes a while back. Plus a fix to ++ chunked encoding introduced right at the beginning of 2.0. ++ [Dean Gaudet] ++ ++ *) Revamped UNIX build system to use autoconf and libtool. ++ [Manoj Kasichainula, Sascha Schumann] ++ ++ *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj raleigh.ibm.com>] ++ ++ *) SECURITY: More rigorous checking of Host: headers to fix security ++ problems with mass name-based virtual hosting (whether using mod_rewrite ++ or mod_vhost_alias). ++ [Ben Hyde, Tony Finch] ++ ++ *) Add back support for UseCanonicalName in <Directory> containers. ++ [Manoj Kasichainula] ++ ++ *) Added APLOG_STARTUP log type. This allows us to write an error ++ message without any of the date and time information. As a part ++ of this change, I also removed all of the calls to fprintf(stderr ++ and replaced them with calls to ap_log_error using APLOG_STARTUP ++ writing to stderr is no longer portable, because we don't direct ++ stderr to the error log on all platforms. ++ [Ryan Bloom] ++ ++ *) Convert error logging functions to take errno as an argument. ++ This makes our error logs more portable, because some Windows API's ++ don't set errno. This change allows us to still output a valid ++ message on all of our platforms. ++ [Ryan Bloom] ++ ++ *) mod_mime_magic runs in 2.0-dev now. ++ [Paul Reder <rederpj raleigh.ibm.com>] ++ ++ *) sendfile has been added to APR. ++ [John Zedlewski <zedlwski Princeton.EDU>] ++ ++ *) buff.c has been converted to no longer use errno. ++ [Manoj Kasichainula] ++ ++ *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and ++ interface adaption to APR functions did it. [Martin Kraemer] ++ ++ *) Support DSOs properly on 32-bit HP-UX 11.0 ++ [Dilip Khandekar <dilip cup.hp.com>] ++ ++ *) Updated MM in APR source tree from version 1.0.8 to 1.0.11 ++ [Ralf S. Engelschall] ++ ++ *) Cleaned APR build environment integration and bootstrap APR ++ automatically for developers from src/Configure. ++ [Ralf S. Engelschall] ++ ++ *) Fixed building of src/support/htpasswd.c ++ [Ralf S. Engelschall] ++ ++ *) When generating the Location: header, mod_speling forgot ++ to escape the spelling-fixed uri. (Forw-Port from 1.3) ++ [Martin Kraemer] ++ ++ *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding] ++ ++ *) Change all pools to APR contexts. This is the first step to ++ incorporating APR into Apache. [Ryan Bloom] ++ ++ *) Move "handler not found" warning message to below the check ++ for a wildcard handler. [Dirk <dirkm teleport.com>, Roy Fielding] ++ PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807 ++ ++ *) Support line-continuation feature in config.option file and ++ allow the loading of multiple option sections at once via ++ ``--with-option=<section1>,<section2>,...'' ++ [Ralf S. Engelschall] ++ ++ *) Rebuilt CVS repository with Apache 1.3.9 as basis. [Roy Fielding] ++ ++Changes with Apache MPM ++ ++ *) Use asynchronous AcceptEx() and a completion port to accept and ++ dispatch connections to threads in Windows NT/2000. ++ [Bill Stoddard] ++ ++ *) Implement WINNT Win32 MPM from original Win32 code in http_main.c ++ [Bill Stoddard] ++ ++ *) Implement the APACI --with-option facility ++ (per default used the config.option file). ++ [Ralf S. Engelschall] ++ ++ *) MPM BEOS port. [David Reid <abb37 dial.pipex.com>] ++ ++ *) Start to implement module-defined hooks that are a) fast and b) typesafe. ++ Replace pre_connection module call with a register_hook call and ++ implement pre_connection as a hook. The intent is that these hooks will ++ be extended to allow Apache to be multi-protocol, and also to allow the ++ calling order to be specified on a per-hook/per-module basis. ++ [Ben Laurie] ++ ++ *) Implement mpm_* methods as "modules". Each method gets its own ++ subdir in src/modules (eg: src/modules/prefork). Selection ++ of method uses Rule MPM_METHOD. [Jim Jagielski] ++ ++ *) Port the hybrid server from the apache-apr repository as ++ mpm_mpmt_pthread. [Manoj Kasichainula] ++ ++ *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common ++ amongst the unix MPMs. ++ ++ *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the ++ signal handling for the new world order. [Dean Gaudet] ++ ++ *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out ++ of alloc.c for now. [Dean Gaudet] ++ ++ *) Handle partial large writes correctly. [Ben Laurie] ++ ++ *) Eliminate conn_rec's pointer to server. All it knows is the base server ++ based on IP/port. [Ben Laurie] ++ ++ *) Port a bunch of modules to the new module structure. ++ ["Michael H. Voase" <mvoase midcoast.com.au>] ++ ++ *) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet] ++ ++ *) Basic restructuring to introduce the MPM concept; includes various ++ changes to the module API... better described by ++ docs/initial_blurb.txt. [Dean Gaudet] ++ ++Changes with Apache pthreads ++ ++ *) New buff option added: BO_TIMEOUT. It describes the timeout for ++ buff operations (generally over a network). ++ [Dean Gaudet, Ryan Bloom, Manoj Kasichainula] ++ ++ *) Created http_accept abstraction. Added 4 new functions (not exported): ++ init_accept(), begin_accepting_requests(), get_request(), ++ stop_accepting_requests() [Bill Stoddard] ++ ++ *) Fix to ap_rprintf call that allows mod_info to work properly. ++ [James Morris <jmorris intercode.com.au>] ++ ++ *) user and ap_auth_type fields were moved from connection_rec to ++ request_rec. [Ryan Bloom] ++ ++ *) Removed the ap_block_alarms and ap_unblock_alarm calls. These aren't ++ needed in a threaded server. ++ ++ *) Initial pthread implementation from from Dean's apache-nspr code. ++ [Bill Stoddard, Ryan Bloom] ++ ++ ++Changes with Apache 1.3.9 ++ ++ *) Remove bogus error message when a redirect doesn't set Location. ++ Instead, use an empty string to avoid coredump if the error message ++ was supposed to include a location. [Roy Fielding] ++ ++ *) Don't allow configure to include mod_auth_digest unless it is ++ explicitly requested, even if the user asked for all modules. ++ [Roy Fielding] ++ ++ *) Translate module names to dll names for OS/2 so that they are no more ++ than 8 characters long and have an extension of "dll" instead of "so". ++ [Brian Havard] ++ ++ *) Print out pointer to Rule DEV_RANDOM when truerand lib not found. ++ Fix test-compile check to check for randbyte instead of trand32. ++ Use ap_base64encode_binary/decode instead of copy in mod_auth_digest.c ++ and tweak to make Amaya happier. [Ronald Tschalär] ++ ++ *) Ensure that the installed expat include files are world readable, ++ just like the other header files. [Martin Kraemer] ++ ++ *) Fixed generated AddModule adjustments in APACI's `configure' script ++ in order to allow (new) modules like mod_vhost_alias to be handled ++ correctly (which was touched by the adjustments for mod_alias). ++ [Ralf S. Engelschall] ++ ++ *) For binary builds, add -R flag to apachectl to work around the lack of ++ an absolute path to the ./libexec directory where the libhttp.ep file ++ is needed for SHARED_CORE architectures. [Randy Terbush] ++ ++ *) WIN32: Create the CGI script process as DETACHED. This may solve the ++ problem observed by some Win95/98 users where they get CGI script ++ output sent to the console. [Bill Stoddard] ++ ++ *) Fix (re)naming in the uuencode/decode section. The ap/ap_ ++ routines are now called ap_base64* and are 'plain' (i.e., no ++ pool access or anything clever). Inside util.c the routines acting ++ like pstrdup are called ap_pbase64encode() and ap_pbase64decode(). ++ The oddly named ap_uuencode(), ap_uudecode() are kept around for ++ now but deprecated. [dirkx] ++ ++ *) Clean up the base64 and SHA1 additions and make sure they are ++ represented in the ApacheCore.def, ApacheCoreOS2.def, and httpd.exp ++ files. [Roy Fielding] ++ ++ *) WIN32: Migrate to InstallShield 5.5 and provide a bit more error ++ checking. Allow compiling on VS 6.0. [Randy Terbush] ++ ++ *) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch] ++ ++ *) Use TestCompile to search for the truerand library (rather than blindly ++ assuming its existence). If it is not found, complain (but do not ++ exit - yet). [Martin Kraemer] ++ ++ *) We forgot to add the new exported function names to ++ src/support/httpd.exp. [Bill Stoddard, Randy Terbush] ++ ++ *) Add description of -T command-line option to usage(). ++ [Ralf S. Engelschall] ++ ++ *) For "some" platforms (notably, EBCDIC based ones), libos needs to be ++ searched only AFTER libap has been searched, because libap needs ++ some symbols from libos. [Martin Kraemer] ++ ++ *) Fix conflict with original mod_digest related to the symbol of the ++ module dispatch list (which has to be unique for DSO and follow the ++ usual conventions for the installation procedure). ++ [Ralf S. Engelschall] ++ ++ *) Add a dbm-library check for the "usual places" (-ldbm, -lndbm, -ldb) ++ for other platforms as well. [Martin Kraemer] ++ ++ *) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG ++ types by AP_LONG and replace reference to renamed variable 'ubuf' ++ by 'buffer'. [Martin Kraemer] ++ ++Changes with Apache 1.3.8 [not released] ++ ++ *) Flush the output buffer immediately after sending an error or redirect ++ response, since the result may be needed by the client to abort a ++ long data transfer or restart a series of pipelined requests. ++ [Tom Vaughan <tvaughan aventail.com>, Roy Fielding] ++ ++ *) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx. ++ [Ian Turner <iant sequent.com>] PR#4735 ++ ++ *) Local struct mmap in http_core.c conflicted with system structure ++ name on DYNIX -- changed to mmap_rec. [Roy Fielding] PR#4735 ++ ++ *) Added updated mod_digest as modules/experimental/mod_auth_digest. ++ [Ronald Tschalär <ronald innovation.ch>] ++ ++ *) Fix a memory leak where the module counts were getting messed ++ up across restarts. [David Harris <dharris drh.net>] ++ ++ *) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled ++ properly in mod_access. ++ ["Paul J. Reder" <rederpj raleigh.ibm.com>] PR#4770 ++ ++ *) RewriteLock/RewriteMap didn't work properly with virtual hosts. ++ [Dmitry Khrustalev <dima bog.msu.su>] PR#3874 ++ ++ *) PORT: Support for compaq/tandem/com. ++ [Michael Ottati <michael.ottati compaq.com>, dirkx] ++ ++ *) Added SHA1 password encryption support to easy migration from ++ Netscape servers. See support/SHA1 for more information. ++ Caused the separation of ap_md5.c into md5, sha1 and a general ++ ap_checkpass.c with just a validate_passwd routine. Added a ++ couple of flags to support/htpasswd. Some reuse of the to64() ++ function; hence renamed to ap_to64(). ++ [Dirk-Willem van Gulik, Clinton Wong <clintdw netcom.com>] ++ ++ *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal ++ with ASCII/EBCDIC conversions in "ident" query. ++ [David McCreedy <McCreedy us.ibm.com>] ++ ++ *) Get rid of redefinition warning on MAC_OS_X_SERVER platform. ++ Change "Power Macintosh" to Power* so if uname prints "Power Book" ++ we're still happy on Rhapsody platforms. [Wilfredo Sanchez] ++ ++ *) Fix SIGSEGV on some systems because the Vary fix below included ++ a call to table_do with a variable argument list that was not ++ NULL terminated. Replaced with better implementation. [Roy Fielding] ++ ++Changes with Apache 1.3.7 [not released] ++ ++ *) The "Vary" response header field is now sanitised right before ++ the header is sent back to the client. Multiple "Vary" fields ++ are combined, and duplicate tokens (e.g., "Vary: host, host" or ++ "Vary: host, negotiate, host, accept-language") are reduced to ++ single instances. This is a better solution than the force-no-vary ++ one (which is still valid for clients that can't cope with Vary ++ at all). PR#3118 [Dean Gaudet, Roy Fielding, Ken Coar] ++ ++ *) Portability changes for BeOS. [David Reid <abb37 dial.pipex.com>] ++ ++ *) Link DSO's with "gcc -shared" instead of "ld -Bshareable" at ++ least on Linux and FreeBSD for now. ++ [Rasmus Lerdorf] ++ ++ *) Win32: More apache -k restart work. Restarts are now honored ++ immediately and connections in the listen queue are -not- lost. ++ This is made possible by the use of the WSADuplicateSocket() ++ call. The listeners are opened in the parent, duplicated, then ++ the duplicates are passed to the child. The original listen sockets ++ are not closed by the parent across a restart, thus the listen queue ++ is preserved. ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Fix handling of case when a client has sent "Expect: 100-continue" ++ and we are going to respond with an error, but get stuck waiting to ++ discard the body in the pointless hope of preserving the connection. ++ [Roy Fielding, Joe Orton <jeo101 york.ac.uk>] PR#4499, PR#3806 ++ ++ *) Fix 'configure' to work correctly with SysV-based versions of ++ 'tr' (consistent with Configure's use as well). [Jim Jagielski] ++ ++ *) apxs: Add "-S var=val" option which allows for override of CFG_* ++ built-in values. Add "-e" option which works like -i but doesn't ++ install the DSO; useful for editing httpd.conf with apxs. Fix ++ editing code so that multiple invocations of apxs -a will not ++ create duplicate LoadModule/AddModule entries; apxs can now be ++ used to re- enable/disable a module. [Wilfredo Sanchez] ++ ++ *) Win32: Update the server to use Winsock 2. Specifically, link with ++ ws2_32.lib rather than wsock32.lib. This gives us access to ++ WSADuplcateSocket() in addition to some other enhanced comm APIs. ++ Win 95 users may need to update their TCP/IP stack to pick up ++ Winsock 2. (See http://www.microsoft.com/windows95/downloads/) ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Win32: Redirect CGI script stderr (script debug info) into the ++ error.log when CGI scripts fail. This makes Apache on Win32 ++ behave more like Unix. ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Fixed `httpd' usage display: -D was missing. ++ [Ralf S. Engelschall] PR#4614 ++ ++ *) Fix `make r' test procedure in src/regex/: ap_isprint was not found. ++ [Ralf S. Engelschall] PR#4561, PR#4562 ++ ++ *) OS/2: Fix problem with accept lock semaphores where server would die with ++ "OS2SEM: Error 105 getting accept lock. Exiting!" ++ [Brian Havard] PR#4505 ++ ++ *) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms. ++ [Randy Terbush <randy covalent.net>] ++ ++ *) Add the new mass-vhost module (mod_vhost_alias.c) developed and ++ used by Demon Internet, Ltd. [Tony Finch <fanf demon.net>] ++ ++ *) Better GCC detection for DSO flags under Solaris 2 where the `cc' ++ command potentially _is_ GCC. [Ralf S. Engelschall] ++ ++ *) Fix apxs build issues on AIX ++ [Rasmus Lerdorf <rasmus raleigh.ibm.com>] ++ ++ *) DocumentRoot Checking: Under previous versions, when Apache ++ first started up, it used to do a stat of each DocumentRoot to ++ see if it existed and was a directory. If not, then an error ++ message was printed. THIS HAS BEEN DISABLED. If DocumentRoot ++ does not exist, you will get error messages in error_log. If ++ the '-t' command line option is used (to check the configuration) ++ the check of DocumentRoot IS performed. An additional command ++ line option, '-T', has been added if you want to avoid the ++ DocumentRoot check even when checking the configuration. ++ [Jim Jagielski] ++ ++ *) Win32: The query switch "apache -S" didn't exit after showing the ++ vhost settings. That was inconsistent with the other query functions. ++ [Bill Stoddard - Fixed by Martin on Unix in 1.3.4] ++ ++ *) Win32: Changed behaviour of apache -k restart. ++ Previously, the server would drain all connections in the stack's ++ listen queue before honoring the restart. On a busy server, this ++ could take hours. Now, a restart is honored almost immediately. ++ All connections in Apache's queues are handled but connections in ++ the stack's listen queue are discarded. Restart triggered by ++ MaxRequestPerChild is unchanged. ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Win32: Eliminated unnecessary call to wait_for_multiple_objects in ++ the accept loop. Good for a 5% performance boost. Cleaned up ++ parent/child process management code. ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Added ceiling on file size for memory mapped files. ++ [John Giannandrea <jg meer.net>] PR#4122 ++ ++ *) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which ++ has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528 ++ [Henri Gomez <gomez slib.fr>, Ralf S. Engelschall] ++ ++ *) Determine AP_BYTE_ORDER for ap_config_auto.h and already ++ use this at least for Expat. [Ralf S. Engelschall] ++ ++ *) Allow .module files to specify libraries with Lib:. ++ [Ben Laurie] ++ ++ *) Allow SetEnvIf[NoCase] to test environment variables as well ++ as header fields and request attributes. [Ken Coar] ++ ++ *) Fix mod_autoindex's handling of ScanHTMLTitles when file ++ content-types are "text/html;parameters". PR#4524 [Ken Coar] ++ ++ *) Remove "mxb" support from mod_negotiation -- it was a draft feature ++ never accepted into any standard, and it opens up certain DoS ++ attacks. [Koen Holtman <Koen.Holtman cern.ch>] ++ ++ *) TestCompile updated. We can now run programs and output the ++ results during the Configure process. [ Jim Jagielski] ++ ++ *) The source is now quad (long long) aware as needed. Specifically, ++ the Configure process determines the correct size of off_t and ++ *void. When the OS/platform/compiler supports quads, ap_snprintf() ++ provides for the 'q' format qualifier (if quads are not available, ++ 'q' is silently "demoted" to long). [Jim Jagielski] ++ ++ *) When the username or password fed to htpasswd is too long, include the ++ size limit in the error message. Also report illegal characters ++ (currently only ':') in the username. Add the size restrictions ++ to the man page. [Ken Coar] ++ ++ *) Fixed the configure --without-support option so it doesn't result in ++ an infinite loop. [Marc Slemko] ++ ++ *) Piped error logs could cause a segfault if an error occured ++ during configuration after a restart. ++ [Aidan Cully <aidan panix.com>] PR#4456 ++ ++ *) If a "Location" field was stored in r->err_headers_out rather ++ than r->headers_out, redirect processing wouldn't find it and ++ the server would core dump on ap_escape_html(NULL). Check both ++ tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message ++ if Location isn't set. [Doug MacEachern, Ken Coar] ++ ++ *) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy ++ of the Expat 1.0.2 distribution. [Greg Stein] ++ ++ *) Replace regexec() calls with calls to a new API stub function ++ ap_regexec(). This solves problems with DSO modules which use the regex ++ library. [Jens-Uwe Mager <jum helios.de>, Ralf S. Engelschall] ++ ++ *) Add 'Request_Protocol' special keyword to mod_setenvif so that ++ environment variables can be set according to the protocol version ++ (e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar] ++ ++ *) Add DSO support for OpenStep (Mach 4.2) platform. ++ [Ralf S. Engelschall, Rex Dieter <rdieter math.unl.edu>] PR#3997 ++ ++ *) Fix sed regex for generating ap_config_auto.h in src/Configure. ++ [Jan Gallo <gallo pvt.sk>] PR#3690, PR#4373 ++ ++ *) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with ++ their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372 ++ ++ *) Better DSO flags recognition on NetBSD platforms using ELF. ++ [Todd Vierling <tv pobox.com>] PR#4310 ++ ++ *) Always log months in english format for %t in mod_log_config. ++ [Petr Lampa <lampa fee.vutbr.cz>] PR#4366, 679 ++ ++ *) Support for server-parsed and multiview-determined ReadmeName and ++ HeaderName files in mod_autoindex. Removed the restriction on ++ "/"s in ReadmeName and HeaderName directives since the *sub_req* ++ routines will deal with the access issues. (It's now possible to ++ have {site|group|project|customer|...} wide readmes and headers.) ++ [Raymond S Brand <rsbx rsbx.net>, Ken Coar] PR#1574, 3026, 3529, ++ 3569, 4256 ++ ++ *) When stat() fails, don't assume anything about the contents of ++ the struct stat. [Ed Korthof <ed bitmechanic.com>] ++ ++ *) It's OK for a semop to return EINTR, just loop around and try ++ again. [Dean Gaudet] ++ ++ *) Fix configuration engine re-entrant hangups, which solve a ++ handful of problems seen with mod_perl <Perl> configuration sections ++ [Salvador Ortiz Garcia <sog msg.com.mx>] ++ ++ *) Mac OS and Mac OS X Server now use the appropriate custom layout ++ by default when building with APACI; allow for platform-specific ++ variable defaults in configure. [Wilfredo Sanchez] ++ ++ *) Do setgid() before initgroups() in http_main; some platforms ++ zap the grouplist when setgid() is called. This was fixed in ++ suexec earlier, but the main httpd code missed the change. ++ [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2579 ++ ++ *) Add recognition of .tgz as a gzipped tarchive. ++ [Bertrand de Singly <bertrand.de-singly polytechnique.fr>] PR#2364 ++ ++ *) mod_include's fsize/flastmod should allow only relative paths, just ++ like "include file". [Jaroslav Benkovsky <benkovsk pha.pvt.cz>] ++ ++ *) OS/2: Add support for building loadable modules using DLLs. ++ [Brian Havard] ++ ++ *) Add iconsdir, htdocsdir, and cgidir to config.layout. ++ [Wilfredo Sanchez] ++ ++ *) Fix minor but annoying bug with the test for Configuration.tmpl ++ being newer than Configuration so that it is less likely to fail ++ when using APACI and shadow sources. [Wilfredo Sanchez] ++ ++ *) PORT: Add initial support for Mac OS (versions 10.0 and ++ greater). Use Mac OS X Server layout for now. Clean up dyld code ++ in unix/os.c, and don't install the dyld error handlers, which ++ are no longer needed in Mac OS. [Wilfredo Sanchez] ++ ++ *) Rename Rhapsody layout to "Mac OS X Server". Change install ++ locations to appropriate ones for user-built (as opposed to ++ system) installs. [Wilfredo Sanchez] ++ ++ *) Modify mod_autoindex's handling of AddDescription so that the ++ behaviour matches the documentation. [Ken Coar] PR#1898, 3072. ++ ++ *) Add functionality to the install-bindist.sh script created by ++ binbuild.sh to use tar when copying distribution files to the ++ serverroot. This allows upgrading an existing installation ++ without nesting the new distribution in the old. ++ ++ install-bindist.sh now detects the local perl5 path to install ++ apxs and dbmmanage with proper path to perl interpreter. ++ ++ Add an install-binsupport target which copies the source files ++ for apxs and dbmmanage to bindist to allow these scripts to ++ be properly installed relative to the destination serverroot. ++ [Randy Terbush, Covalent Technologies, <randy covalent.net>] ++ ++ *) Fix intermittent SEGV in ap_proxy_cache_error() in ++ src/modules/proxy_util.c where a NULL filepointer and ++ temporary filename were closed and unlinked. ++ [Graham Leggett <minfrin sharp.fm>, ++ Tim Costello <tjcostel socs.uts.edu.au>] PR#3178 ++ ++ *) Fix inconsistent error messages reported by mod_proxy. ++ [Graham Leggett <minfrin sharp.fm>] ++ ++ *) OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a ++ connection is aborted. [Brian Havard] ++ ++ *) Force the LANG envariable to the known state of "C" so that we ++ have assurance about how string manipulators (e.g., tr) will ++ function. [Ken Coar] PR#1630 ++ ++ *) Add a directive to allow customising of the tracking cookie name. ++ [Ken Coar] PR#2921, 4303 ++ ++ *) Add "force-no-vary" envariable to allow servers to work around ++ clients that choke on "Vary" fields in the response header. ++ [Ken Coar, Dmitry Khrustalev <dima zippy.machaon.ru>] PR#4118 ++ ++ *) Fixed a bug in mod_dir that causes a child process will infinitely ++ recurse when it attemps to handle a request for a directory wnd the ++ value of the DirectoryIndex directive is a single dot. Also likely ++ to happen for anyother values of DirectoryIndex that will map back ++ to the same directory. The handler now only considers regular files ++ as being index candidates. No PR#s found. ++ [Raymond S Brand <rsbx rsbx.net>] ++ ++ *) Ease configuration debugging by making TestCompile fall back to ++ using "make" if the $MAKE variable is unset [Martin Kraemer] ++ ++ *) Fixed the ServerSignature directive to work as documented. ++ [Raymond S Brand <rsbx rsbx.net>] PR#4248 ++ ++ *) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand ++ <rsbx rsbx.net>] ++ ++ *) Add APACI --without-execstrip option which can be used to disable the ++ stripping of executables on installation. This is very important for DSO ++ and debugging situations. [Ralf S. Engelschall] ++ ++ *) Add support for OS/2 (case insenstive filesystem, .exe suffix, etc) ++ to APACI files and related scripts. ++ [Yitzchak Scott-Thoennes <sthoenna efn.org>, Ralf S. Engelschall] PR#4269 ++ ++ *) Add support for standalone mode in TPF ++ [Joe Moenich <moenich us.ibm.com>] ++ ++ *) Fix number of bytes copied by read_connection() in src/support/ab.c ++ [Jim Cox <jc superlink.net>] PR#4271 ++ ++ *) Fix special RewriteCond "-s" pattern matching. ++ [Bob Finch <bob nas.com>] ++ ++ *) Fix value quoting in src/Configure script for ap_config_auto.h ++ [Paul Sutton <paul awe.com>] ++ ++ *) Make sure RewriteLock can be used only in the global context, (i.e. ++ outside of any <VirtualHost> sections) because it's a global facility of ++ the rewrite engine. [Ralf S. Engelschall] ++ ++ *) Fix the ownership delegation for proxy directory under `make install'. ++ [Ralf S. Engelschall] ++ ++ *) APACI would not correctly build suexec. [Maria Verina ++ <mariav icgeb.trieste.it>] PR#4260 ++ ++ *) mod_mime_magic passed only the first 4k of a file to ++ uncompress/gzip, but those tools sometimes do not produce ++ any output unless a sufficient portion of the compressed ++ file is input. Change to pass the entire file -- but ++ only read 4k of output. ++ [Marcin Cieslak <saper system.pl>] PR#4097 ++ ++ *) "IndexOptions None" generated extra spaces at the end of each ++ line. [<inkling firstnethou.com>] PR#3770 ++ ++ *) The "100 Continue" response wasn't being sent after internal ++ redirects. [Jose KAHAN <kahan w3.org>] PR#3910, 3806, 3575 ++ ++ *) When padding the name with spaces for display, mod_autoindex would ++ count &, <, and > in their escaped width, messing up the display. ++ [Dean Gaudet] PR#4075, 3758 ++ ++ *) PORT: fixed a compilation problem on NEXT. ++ [Jacques Distler <distler golem.ph.utexas.edu>] PR#4130 ++ ++ *) r->request_time wasn't being set properly in certain error conditions. ++ [Dean Gaudet] PR#4156 ++ ++ *) PORT: deal with UTS compiler error in http_protocol.c ++ [Dave Dykstra <dwd bell-labs.com>] PR#4189 ++ ++ *) Add ap_vrprintf() function. [John Tobey <jtobey banta-im.com>] PR#4246 ++ ++ *) Fix the mod_mime hash table to work properly with locales other ++ than C. [Dean Gaudet] PR#3427 ++ ++ *) Fix a memory leak which is exacerbated by certain configurations. ++ [Dean Gaudet] PR#4225 ++ ++ *) Prevent clobbering saved IFS values in APACI. [Jim Jagielski] ++ ++ *) Fix buffer overflows in ap_uuencode and ap_uudecode pointed out ++ by "Peter 'Luna' Altberg <peter altberg.nu>" and PR#3422 ++ [Peter 'Luna' Altberg <peter altberg.nu>, Ronald Tschalär] ++ ++ *) Make {Set,Unset,Pass}Env per-directory instead of per-server. ++ [Ben Laurie] ++ ++ *) Correct an apparent typo: on the Windows and MPE platforms, the ++ htpasswd utility was limiting passwords to only 8 characters. ++ [Ken Coar] ++ ++ *) EBCDIC platforms: David submitted patches for two bugs in the ++ MD5 digest port for EBCDIC machines: ++ a) the htdigest utility overwrote the old contents of the digest file ++ b) the Content-MD5 header value (ContentDigest directive) was wrong ++ when the returned file was not converted from EBCDIC, but was a ++ binary (e.g., image file) in the first place. ++ [David McCreedy <mccreedy us.ibm.com>] ++ ++ *) support/htpasswd now permits the password to be specified on the ++ command line with the '-b' switch. This is useful when passwords ++ need to be maintained by scripts -- particularly in the Win32 ++ environment. [Ken Coar] ++ ++ *) Win32: Win32 multiple services patch. Added capability to install and ++ run multiple copies of apache as individual services. ++ ++ Example 1: ++ apache -n apache1 -i -f c:/httpd.conf ++ Installs apache as service 'apache1' and associates c:/httpd.conf ++ with that service. ++ net start apache1 ++ Starts apache1 service. ++ net stop apache1 ++ Stops apache1 service ++ ++ Example 2: ++ apache -n apache2 -i ++ Installs apache as service 'apache2'. httpd.conf is located under ++ the default server root (/apache/conf/httpd.conf). ++ net start apache2 ++ Starts apache2 service. ++ ++ Example 3: ++ apache -n apache3 -i -d c:/program files/apache ++ Install apache as service 'apache3' and sets server root to ++ c:/program files/apache. ++ ++ Example 4: ++ apache -n apache2 -k restart ++ Restart apache2 service ++ ++ [Keith Wannamaker, Ken Parzygnat, Bill Stoddard] ++ ++ *) Correct the signed/unsigned character handling for the MD5 routines; ++ mismatches were causing compilation problems with gcc -pedantic and ++ in the TPF cross-compilation. [Ken Coar] ++ ++ *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving ++ a roughly 5 fold speed up. [Brian Havard] ++ ++ *) proxy ftp: instead of using the hardwired string "text/plain" as ++ a fallback type for files served by the ftp proxy, use the ++ ap_default_type() function to determine the configured type. ++ This allows for special configurations like ++ <Directory proxy:ftp://some.host> ++ DefaultType gargle/blurb ++ </Directory> ++ Additionally, add the Content-Encoding: header to FTP proxy replies ++ when the encoding is defined (by the AddEncoding directive). ++ Because it was missing, it was almost impossible to browse compressed ++ files using the FTP proxy (works now perfectly in Communicator). ++ The ftp proxy now also returns the Date: and Server: header lines (if not ++ much else... This code is "somewhat" broken) like normal requests do. ++ [Martin Kraemer] ++ ++ *) Be more smart in APACI's configure script when determining the UID/GID ++ for User/Group directives and use the determined UID/GID to initialize ++ the permissions on the proxycachedir. ++ [Dirk-Willem van Gulik, Ralf S. Engelschall] ++ ++ *) Changed the forking-prior-to-cleanup in the proxy module to first ++ check wether it actually needs to collect garbage. This reduces ++ the number of fork()s from one/request to just the odd one an hour. ++ [Dirk-Willem van Gulik] ++ ++ *) Added proxy, auth and header support to src/support/ab.c. Added a ++ README file to src/support/ ++ [Dirk-Willem van Gulik] ++ ++ *) Don't hard-code the path to AWK in --shadow bootstrapping Makefile. ++ [Ralf S. Engelschall] PR#4050 ++ ++ *) Add support for DSO module compilation on BSD/OS 3.x. ++ [Randy Terbush, Covalent Technologies] ++ ++ *) Fix sed-substitutions in `make install': path elements like `httpd/conf' ++ (for instance from an APACI configure --sysconfdir=/etc/httpd/conf ++ option) were substituted with $(TARGET).conf, etc. Same for other strings ++ with dots where the dot wasn't matched as plain text. ++ [Ralf S. Engelschall] ++ ++ *) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall] ++ ++ *) Fix verbose output of APACI configure (option -v) ++ [Martin Kraemer, Ralf S. Engelschall] ++ ++Changes with Apache 1.3.6 ++ ++ *) Removed new PassAllEnv code due to DSO problems. [Lars Eilebrecht] ++ ++Changes with Apache 1.3.5 [not released] ++ ++ *) M_INVALID needed a value within the scope of METHODS so that unknown ++ methods can be access controlled. [Roy Fielding] PR#3821 ++ ++ *) Added PassAllEnv; makes server's entire environment available ++ to CGIs and SSIs executed within directive's scope. [Ken Coar] ++ ++ *) ap_uuencode() always added two trailing '='s and encoding of ++ 8 bit characters on a machine with signed char may produced ++ incorrect results. Additionally ap_uuencode() should now ++ work correctly on EBCDIC platforms. ++ [Ronald Tschalär <ronald innovation.ch>] PR#3411 ++ ++ *) WIN32: Binary installer now runs the configuration DLL before ++ the reboot prompt (which is only given if MSVCRT.DLL system ++ DLL is new or updated). This should avoid the configuration ++ directory being empty after installation. [Paul Sutton] ++ PR#3767, 3800, 3827, 3850, 3900, 3953, 3988 ++ ++ *) WIN32: Binary installer now creates Start menu options to start ++ and stop Apache as a console application and to uninstall ++ the Apache service on NT. [Paul Sutton] PR#3741 ++ ++ *) WIN32: Apache.exe now contains an icon. [Paul Sutton] ++ ++ *) PORT: Switch back to using fcntl() locking on Linux -- instabilities ++ have been reported with flock() locking (probably related to kernel ++ version). [Dean Gaudet] PR#2723, 3531 ++ ++ *) Using APACI, the main config file (usually httpd.conf) was ++ not being adjusted as $(TARGET).conf. [Wilfredo Sanchez ++ <wsanchez apple.com>] ++ ++ *) PORT: AIX does not require the SHARED_CODE "hack" ++ [Ryan Bloom <rbb raleigh.ibm.com>] ++ ++ *) Set-Cookie headers were being doubled up for some CGIs by the O(n^2) ++ avoidance code added in 1.3.3. ++ [Dean Gaudet, Jeff Lewis <lewis stanford.edu>] PR#3872 ++ ++ *) ap_isxdigit was somehow neglected when adding the ap_isfoo() macros ++ for 8-bit safeness. [Dean Gaudet] ++ ++ *) PORT: Use -fPIC instead of -fpic on Solaris and SunOS for compiling DSOs ++ because SPARCs have a small machine-specific maximum size for the Global ++ Offset Table which is often exceeded when compiling one of the larger ++ third-party modules with Apache. [Peter Urban <Peter.Urban epfl.ch>] PR#3977 ++ ++ *) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the ++ DSO/DLL section because it's a directive from mod_status and isn't ++ available before the DLL of mod_status is loaded. ++ [Martin POESCHL <mpoeschl gmx.net>] PR#3936 ++ ++ *) SECURITY: Fix a bug in the calculation of the buffer size for the line ++ continuation facility in Apache's configuration files which could ++ lead to a buffer overflow situation. ++ [Thomas Devanneaux <Thomas.Devanneaux enst.fr>] PR#3617 ++ ++ *) Make documentation and error messages of APACI's --activate-module=FILE ++ option more clear. [Jan Wolter <janc wwnet.net>] PR#3995 ++ ++ *) Fix the gcc version check (for enabling the `inline' facility) to ++ really support all future gcc versions >= 2.7 until we know more. ++ [John Tobey <jtobey banta-im.com>] PR#3983 ++ ++ *) Let APACI's configure script correctly complain for unknown --enable-XXX ++ and --disable-XXX options. [Ralf S. Engelschall] PR#3958 ++ ++ *) Link the shared core bootstrap program (``Rule SHARED_CORE=yes'') also ++ against libap.a and use its ap_snprintf() instead of sprintf() to avoid ++ possible buffer overflows. [Ralf S. Engelschall] ++ ++ *) Remove no longer used non-API function ap_single_module_init(). ++ [Ralf S. Engelschall] ++ ++ *) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout. ++ [Wilfredo Sanchez] ++ ++ *) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order ++ to make platform installations easier. [Wilfredo Sanchez] ++ ++ *) In configure, do not append the target name to the directory path if ++ the path already contains "apache". [Ralf S. Engelschall] ++ ++ *) SIGPIPE is now ignored by the server core. The request write routines ++ (ap_rputc, ap_rputs, ap_rvputs, ap_rwrite, ap_rprintf, ap_rflush) now ++ correctly check for output errors and mark the connection as aborted. ++ Replaced many direct (unchecked) calls to ap_b* routines with the ++ analogous ap_r* calls. [Roy Fielding] ++ ++ *) Enhanced mod_rewrite's mapfile handling: The in-core cache for text and ++ DBM format mapfiles now uses a 4-way hash table with LRU functionality. ++ Furthermore map lookups for non-existent keys are now cached as well. ++ Additionally "txt" maps are now parsed with simple string functions ++ instead of using ap_pregcomp(). As a side effect a bug that prevented ++ the usage of keys containing the "," character was fixed. ++ The changes drastically improve the performance when large rewrite maps ++ are in use. ++ [Michael van Elst <mlelstv serpens.swb.de>, Lars Eilebrecht] PR#3160 ++ ++ *) Added ap_sub_req_method_uri() for doing a subrequest with a method ++ other than GET, and const'd the definition of method in request_rec. ++ [Greg Stein] ++ ++ *) Use proper pid_t type for saving PIDs in alloc.c. [John Bley] ++ ++ *) Replaced use of WIN32 define with HAVE_DRIVE_LETTERS to indicate ++ when the OS allows a DOS drive letter within pathnames. [Brian Havard] ++ ++ *) Add %V to mod_log_config, this logs the hostname according to the ++ UseCanonicalName setting (this is the pre-1.3.4 behaviour of ++ %v). Useful for mass vhosting. [Tony Finch <dot dotat.at>] ++ ++ *) Add support for \n and \t to mod_log_config, can be used to produce ++ more reliable logs with multiline entries. [Tony Finch <dot dotat.at>] ++ ++ *) Fixed a few compiler nits. [John Bley <jbb6 acpub.duke.edu>] ++ ++ *) Added informative error messages for failed munmap() and fseek() calls ++ in http_core.c. [John Bley, Roy Fielding] ++ ++ *) Added some informative error messages for some failed malloc() ++ calls. [John Bley <jbb6 acpub.duke.edu>, Jim Jagielski] ++ ++ *) OS/2 ap_os_canonical_filename()'s behaviour is improved: ap_assert() ++ is removed. This allows <Directory proxy:*> directives to work and ++ prevents invalid requests from killing the process. ++ [Brian Havard <brianh kheldar.apana.org.au>] ++ ++ *) Reorganised FAQ document. ++ [Joshua Slive <slive finance.commerce.ubc.ca>] PR#2497 ++ ++ *) src/support/: The ApacheBench benchmark program was overhauled by ++ David N. Welton: you can now have it generate an HTML TABLE, presumably ++ for integration into other HTML sources. David updated the ab man page ++ as well and added some missing descriptions. Thanks! ++ [David N. Welton <davidw prosa.it>] ++ ++ *) Win32: The filename validity checker now allows filenames containing ++ characters in the range 0x80 to 0xff (for example accented characters). ++ [Paul Sutton] PR#3890 ++ ++ *) Added conditional logging based upon environment variables to ++ mod_log_config. mod_log_referer and mod_log_agent ++ are now deprecated. [Ken Coar] ++ ++ *) Allow apache acting as a proxy server to relay the real ++ reason of a failure to a client rather than the "internal ++ server error" it does currently. The general exposure mechanism ++ can be triggered by any module by setting the "verbose-error-to" ++ note to "*"; this allows more than just proxy errors to be exposed. ++ [Cliff Skolnick, Roy Fielding, Martin Kraemer] Related to PR#3455, 4086 ++ ++ *) Moved man pages for ab and apachectrl to section 8. ++ [Wilfredo Sanchez, Roy Fielding] ++ ++ *) Added -S option to install.sh so that options can be passed to ++ strip on some platforms. [Ralf S. Engelschall, Wilfredo Sanchez] ++ ++ *) Tweak modules Makefile generated by Configure so that it handles ++ the test case of no modules being selected. [<chaz reliant.com>] ++ ++ *) Added a <LimitExcept method ...> sectioning directive that allows ++ the user to assign authentication control to any HTTP method that ++ is *not* given in the argument list; i.e., the logical negation ++ of the <Limit> directive. This is particularly useful for controlling ++ access on methods unknown to the Apache core, but perhaps known by ++ some module or CGI script. [Roy Fielding, Tony Finch] ++ ++ *) Prevent apachectl from complaining if the PIDFILE exists but ++ does not contain a process id, as might occur if the server is ++ being rapidly restarted. [Wilfredo Sanchez] ++ ++ *) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen] ++ ++ *) Entity tag comparisons for If-Match and If-None-Match were not being ++ performed correctly -- weak tags might cause false positives. Also, ++ strong comparison wasn't properly enforced in all cases. ++ [Roy Fielding, Ken Coar, Dean Gaudet] PR#2065, 3657 ++ ++ *) OS/2: Supply OS/2 error code instead of errno on semaphore errors. ++ [Brian Havard] ++ ++ *) Work around a bug in Lynx regarding its sending "Negotiate: trans" ++ even though it doesn't understand TCN. [Koen Holtman, Roy Fielding] ++ ++ *) Added ap_size_list_item(), ap_get_list_item(), and ap_find_list_item() ++ to util.c for parsing an HTTP header field value to extract the next ++ list item, taking into account the possible presence of nested comments, ++ quoted-pairs, and quoted-strings. ap_get_list_item() also removes ++ insignificant whitespace and lowercases non-quoted tokens. ++ [Roy Fielding] PR#2065 ++ ++ *) proxy: The various calls to ap_proxyerror() can return HTTP/1.1 status ++ code different from 500. This allows the proxy to, e.g., return ++ "403 Forbidden" for ProxyBlock'ed URL's. [Martin Kraemer] Related to PR#3455 ++ ++ *) Fix ordering of language variants for the case where the traditional ++ negotiation algorithm is being used with multiple language variants ++ and no Accept-Language. [James Treacy <treacy debian.org>] PR#3299, 3688 ++ ++ *) Do not round the TCN quality calculation to 5 decimal places, ++ unlike RFC 2296, because the calculation might need 12 decimal places ++ to get the right result. [Roy Fielding] ++ ++ *) Remove unused code to disable transparent negotiation when ++ negotiating on encoding only, as we now handle encoding too ++ (though this is nonstandard for TCN), remove charset=ISO-8859-1 ++ fiddle from the fiddle-averse RVSA comparison, and fix bugs in ++ some debugging statements within mod_negotiation. [Koen Holtman] ++ ++ *) Fixed a rare memory corruption possibility in mod_dir if the index ++ file is negotiable and no acceptable variant can be found. ++ [Dean Gaudet, Roy Fielding, Martin Kraemer] ++ ++ *) Win32: Add new config directive, ScriptInterpreterSource, to enable ++ searching the Win32 registry for script interpreters. ++ [Bill Stoddard] ++ ++ *) Win32: The compiled-in default filename for the error log is now ++ error.log, which matches the default in the distributed httpd.conf. ++ [Paul Sutton] ++ ++ *) Win32: Any error messages from -i or -u command line options are now ++ displayed on the console output rather than sent to the error log. ++ Also the "Running Apache..." message is not output unless Apache is ++ going to serve requests. [Paul Sutton] ++ ++ *) Rework the MD5 authentication scheme to use FreeBSD's algorithm, ++ and use a private significator ('$apr1$') to mark passwords as ++ being smashed with our own algorithm. Also abstract the password ++ checking into a new ap_validate_password() routine. [Ken Coar] ++ ++ *) Win32: The filename validity checker now allows "COM" but refuses ++ access to "COM1" through "COM4". This allows filenames such ++ as "com.name" to be served. [Paul Sutton] PR#3769. ++ ++ *) BS2000: Adapt to the new ufork() system call interface which will ++ make subtasking easier on the OSD/POSIX mainframe environment. ++ [Martin Kraemer] ++ ++ *) Add a compatibility define for escape_uri() -> ap_escape_uri() to ++ ap_compat.h. [David White <david persimmon.com>] PR#3725 ++ ++ *) Make NDBM file suffix determination for mod_rewrite more accurate, i.e. ++ use `.db' instead of `.pag' not only for FreeBSD, but also when ++ the NDBM library looks like Berkeley-DB based. ++ [Ralf S. Engelschall] PR#3773 ++ ++ *) Add ability to handle DES or MD5 authentication passwords. ++ [Ryan Bloom <rbb Raleigh.IBM.Com>] ++ ++ *) Fix O(n^2) memory consumption in mod_speling. [Dean Gaudet] ++ ++ *) SECURITY: Avoid some buffer overflow problems when escaping ++ quoted strings. (This overflow was on the heap and we believe ++ impossible to exploit.) [Rick Perry <perry ece.vill.edu>] ++ ++ *) Let src/Configure be aware of CFLAGS options starting with plus ++ signs as it's the case for the HP/UX compiler. ++ [Doug Yatcilla <yatcilda umdnj.edu>] PR#3681 ++ ++ *) Remove the hard-wire of TAR=tar (we now check for gtar and gnutar first) ++ and check to see if the tar we wind up with supports '-h'. ++ [Jim Jagielski] PR#3671 ++ ++ *) A consistent and conservative style for all shell scripts has been ++ implemented. Basically, all shell string tests use the traditional ++ hack of 'if [ "x$var" != "x" ]' or 'if [ "x$var" = "xstring" ]' ++ to protect against bare null variable strings (ie: wrapping both ++ sides with double quotes and prepending 'x'). 'x' was chosen ++ because it's more universal and hopefully easier for old shell ++ prgrammers, as well as being easier to search for in 'vi' (/x\$) :) ++ [Jim Jagielski] ++ ++ *) The status module now prints out both the main server generation as ++ well as the generation of each process. Also, the vhost info is ++ printed with '?notable'. [Jim Jagielski] ++ ++ *) Move src/main/md5c.c to src/ap/ap_md5c.c; it's httpd-neutral ++ and this makes its functions available to things in src/support. ++ [Ken Coar] ++ ++Changes with Apache 1.3.4 ++ ++ *) Renamed macros status_drops_connection to ap_status_drops_connection ++ and vestigial scan_script_header to ap_scan_script_header_err, ++ mostly for aesthetic reasons. [Roy Fielding] ++ ++ *) The query switch "httpd -S" didn't exit after showing the ++ vhost settings. That was inconsistent with the other query functions. ++ [Martin Kraemer] ++ ++ *) Moved the MODULE_MAGIC_COOKIE from before the versions and ++ filename to the end of the STANDARD_MODULE_STUFF. Its ++ presence at the beginning prevented reporting of the filename ++ for modules compiled before 1 January 1999. [Ken Coar] ++ ++ *) SECURITY: ap_os_is_filename_valid() has been added to Win32 ++ to detect and prevent access to special DOS device file names. ++ [Paul Sutton, Ken Parzygnat] ++ ++ *) WIN32: Created new makefiles Makefile_win32.txt (normal build) ++ and Makefile_win32_debug.txt (debug build) that work on Win95. ++ Run each of the following from the src directory: ++ nmake /f Makefile_win32.txt # compiles normal build ++ nmake /f Makefile_win32.txt install # compiles and installs ++ nmake /f Makefile_win32.txt clean # removes compiled junk ++ nmake /f Makefile_win32_debug.txt # compiles debug build ++ nmake /f Makefile_win32_debug.txt install ++ nmake /f Makefile_win32_debug.txt clean ++ [Roy Fielding] ++ ++ *) Added binbuild.sh and findprg.sh helpers to make it easier for us ++ to build binary distributions. [Lars Eilebrecht] ++ ++ *) IndexOptions SuppressColumnSorting only turned off making ++ the column headers anchors; you could still change the display ++ order by manually adding a '?N=A' or similar query string to the ++ URL. Now SuppressColumnSorting locks in the sort order so ++ it can't be overridden this way. [Ken Coar] ++ ++ *) Added IndexOrderDefault directive to supply a default sort order ++ for FancyIndexed directory listings. [Ken Coar] PR#1699 ++ ++ *) Change the ap_assert macro to a variant that works on all platforms. ++ [Richard Prinz <richard.prinz cso.net>] PR#2575 ++ ++ *) Make sure under ELF-based NetBSD (now) and OpenBSD (future) we don't ++ search for an underscore on dlsym() (as it's already the case ++ for FreeBSD 3.0). [Todd Vierling <tv pobox.com>] PR#2462 ++ ++ *) Small fix for mod_env.html: The module was documented as to be _not_ ++ compiled into Apache per default, although it _IS_ compiled into ++ Apache per default. [Sim Harbert <sim mindspring.com>] PR#3572 ++ ++ *) Instead of fixing a bug in the generation procedure for config.status (a ++ backslash was missing) we remove the bug together with it's complete ++ context because the special cases of the past can now no longer occur ++ because of the recent magic for the --with-layout default. ++ [Ralf S. Engelschall] PR#3590 ++ ++ *) Make top-level Makefile aware of a parallel build procedures (make -j) by ++ making sure the src/support/ tools are _forced_ to be build last (they ++ depend on other libraries). ++ [Markus Theissinger <markus.theissinger gmx.de>] ++ ++ *) Fix installation procedure: Now that os-inline.c is actually used (a ++ recently fixed bug prevented this) we need to also install os-include.c ++ in addition to os.h into the PREFIX/include/ location or building of ++ module DSOs with APXS fails. [Ralf S. Engelschall] PR#3527 ++ ++ *) Added MODULE_MAGIC_COOKIE as the first field in a module structure to ++ allow us to distinguish between a garbled DSO (or even a file which isn't ++ an Apache module DSO at all) and a DSO which doesn't match the current ++ Apache API. [Ralf S. Engelschall] PR#3152 ++ ++ *) Two minor enhancements to mod_rewrite: First RewriteRule now also ++ supports the ``nocase|NC'' flag (as RewriteCond already does for ages) to ++ match case insensitive (this especially avoids nasty patterns like ++ `[tT][eE][sS][tT]'). Second two additional internal map functions ++ `escape' and `unescape' were added which can be used to escape/unescape ++ to/from hex-encodings in URLs parts (this is especially useful in ++ combination with map lookups). ++ [Magnus Bodin, Ian Kallen, Ralf S. Engelschall] ++ ++ *) Renamed the macro escape_uri() to ap_escape_uri() which was ++ forgotten (because it was a macro) in the symbol renaming process. ++ [Ralf S. Engelschall] ++ ++ *) Fix some inconsistencies related to the scopes of directives. The only ++ user visible change is that the directives `UseCanonicalName' and ++ `ContentDigest' now use the (more correct) `Options' scope instead of ++ (less correct) `AuthConfig' scope. [Ralf S. Engelschall] ++ ++ *) Using DSO, the Server token was being mangled. Specifically, the ++ module's token was being added first before the Apache token. This ++ has been fixed. [Jim Jagielski] ++ ++ *) Major overhaul of mod_negotiation.c, part 2. ++ - properly handle "identity" within Accept-Encoding. ++ - allow encoded variants in RVSA negotiation and let them appear in ++ the Alternates field using the non-standard "encoding" tag-list. ++ - fixed both negotiation algorithms so that an explicitly accepted ++ encoding is preferred over no encoding if "identity" is not ++ included within Accept-Encoding. ++ - added ap_array_pstrcat() to alloc.c for efficient concatenation ++ of large substring sequences. ++ - replaced O(n^2) memory hogs in mod_negotiation with ap_array_pstrcat. ++ [Roy Fielding] ++ ++ *) Major overhaul of mod_negotiation.c, part 1. ++ - cleanups to mod_negotiation comments and code structure ++ - made compliant with HTTP/1.1 proposed standard (rfc2068) and added ++ support for everything in the upcoming HTTP/1.1 ++ revision (draft-ietf-http-v11-spec-rev-06.txt). ++ - language tag matching also handles tags with more than 2 ++ levels like x-y-z ++ - empty Accept, Accept-Language, Accept-Charset headers are ++ processed correctly; previously an empty header would make all ++ values acceptable instead of unacceptable. ++ - allowed for q values in Accept-Encoding ++ - added support for transparent content negotiation (rfc2295 and ++ rfc2296) (though we do not implement all features in these drafts, ++ e.g. no feature negotiation). Removed old experimental version. ++ - implemented 'structured entity tags' for better cache correctness ++ (structured entity tags ensure that caches which can deal with Vary ++ will (eventually) be updated if the set of variants on the server ++ is changed) ++ - this involved adding a vlist_validator element to request_rec ++ - this involved adding the ap_make_etag() function to the global API ++ - modified guessing of charsets used by Apache negotiation algorithm ++ to guess 'no charset' if the variant is not a text/* type ++ - added code to sort multiviews variants into a canonical order so that ++ negotiation results are consistent across backup/restores and mirrors ++ - removed possibility of a type map file resolving to another type map ++ file as its best variant ++ [Koen Holtman, Roy Fielding, Lars Eilebrecht] PR#3451, 3299, 1987 ++ ++ *) RFC2396 allows the syntax http://host:/path (with no port number) ++ but the proxy disallowed it (ap_proxy_canon_netloc()). ++ [David Kristol <dmk bell-labs.com>] PR#3530 ++ ++ *) When modules update/modify the file name in the configfile_t structure, ++ syntax errors will report the updated name, not the original one. ++ [Fabien Coelho <coelho cri.ensmp.fr>] PR#3573 ++ ++ *) Correct some filename case assumptions from WIN32 to ++ CASE_BLIND_FILESYSTEM. [Brian Havard <brianh kheldar.apana.org.au>] ++ ++ *) For %v log ServerName regardless of the UseCanonicalName ++ setting (similarly for %p). [Dean Gaudet] ++ ++ *) Configure was initializing the variables $OSDIR, $INCDIR and $SHELL ++ rather late (too late for some invocations of TestCompile). ++ This improves the make environment available to TestCompile and ++ the *.module scripts. [Martin Kraemer] ++ ++ *) The hashbang emulation code in ap_execve.c would interpret ++ #!/hashbang/scripts correctly, but failed to fall back to a ++ standard shell for scripts which did NOT start with #! ++ Now SHELL_PATH is started in these cases. [Martin Kraemer] ++ ++ *) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg lentil.org>] ++ PR#3336 ++ ++ *) Update APXS manual page: some -q option arguments were missing ++ and another was incorrect. [Mark Anderson <mda discerning.com>] PR#3553 ++ ++ *) Cleanup the command line options: `-?' was documented to show ++ the usage list but does it with an error because `?' is not a valid ++ command. OTOH a lot of users expect `-h' to print such a usage list and ++ instead are annoyed for ages by our huge unreadable list of directives. ++ So we now changed the command line options this way: ++ 1. `-L' => `-R' ++ Intent: we need `-L' to be free, and `-R' for the DSO run-time path is ++ very similar to the popular linker option. ++ 2. `-h' => `-L' ++ Intent: while -l gives the small list of modules, -L now gives the ++ large list of directives implemented by these modules. This is also ++ consistent with -v (short version info) and -V (large version info). ++ 3. `-?' => `-h' ++ Intent: it's now the expected option ;-) ++ The manual page was adjusted accordingly. ++ [Ralf S. Engelschall] PR#2714 ++ ++ *) Fixed problem of fclose() on an unopened file in suexec if LOG_EXEC ++ wasn't defined. [Rick Franchuk <rickf transpect.net>] ++ ++ *) Removed recently introduced bugs and disfigurements in APACI: ++ o fixed argument line processing: using $args was broken: It was not ++ initialized and using args="$args $apc_option" and even args="$args ++ \"$apc_option\"" fails in the second processing round for any arguments ++ containing whitespaces. The only correct way is to use the construct ++ "$@" (but not possible here) or iterate _both_ times over the implicit ++ argument line (no argument to for-loop) which is what we now use. ++ o make --with-layout=Apache the default without creating ++ redundancy (copying the --with-layout block in the argument parsing ++ loop). We achieve this by using the "$@" construct together with the ++ `set' command to prepend --with-layout=Apache to the command line in ++ case --with-layout is not used. ++ o fixed auto-suffix handling now that config.layout exists. ++ Paths which are auto-suffixed are marked with a trailing plus sign in ++ config.layout and every path now can be marked this way (not only the ++ four paths for which we do it currently). Additionally the suffix is ++ no longer a static one. Instead it's now `/<target>' where <target> is ++ the argument of the --target option or per default `httpd'. ++ o allow also tabs (and only spaces) where we match whitespaces ++ o various fixes and cleanups related to used shell coding style ++ o made Jim happy by replacing `Written by' with `Initially written by' ;-) ++ o trimmed output of --help to fit into 80 columns ++ [Ralf S. Engelschall] ++ ++ *) Added two new core API functions, ap_single_module_configure() and ++ ap_single_module_init(), which are now used by mod_so to configure a module ++ after loading. [Ralf S. Engelschall] ++ ++ *) PORT: Add defines for USE_FLOCK_SERIALIZED_ACCEPT and ++ SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section ++ of ap_config.h to allow serialized accept for multiport listens. ++ [Roy Fielding, Curt Sampson] PR#3120 ++ ++ *) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section ++ of ap_config.h that would skip several defines if DEFAULT_GROUP ++ was overridden. [Roy Fielding] ++ ++ *) PORT: The I86 version of DGUX has support for strncasecmp and ++ strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247 ++ ++ *) Fix ordering of definitions in ap_config.h so that ap_inline is ++ defined before it might be used. [Victor Khimenko] ++ ++ *) PORT: Add Dynamic Shared Object (DSO) support for BSDI (v4.0). ++ [Tom Serkowski <tks bsdi.com>] PR#3453 ++ ++ *) Make generation of src/Configuration.apaci more robust: It failed to ++ differenciate between modules when one module name was a postfix of ++ another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even ++ just XXX (think about totally non-standard names like "apache_ssl", too). ++ [Ralf S. Engelschall] PR#3380 ++ ++ *) In src/Configure remove the SERVER_SUBVERSION support (already deprecated ++ since 1.3b7) and make whitespace handling more robust (it failed horrible ++ when whitespaces were present in the arguments of -D options). ++ [Ralf S. Engelschall] PR#3240 ++ ++ *) Add APACI --shadow=DIR variant (in addition to --shadow). This now first ++ creates an external package shadow tree in DIR before the local build ++ shadow tree is generated under DIR. This way one can have the extracted ++ Apache distribution tree read-only on NFS or CDROM and still build Apache ++ from these sources. An automatically triggered VPATH-like mechanism is ++ provided through the TOP variable, too. ++ [Ralf S. Engelschall, Wilfredo Sanchez <wsanchez apple.com>] ++ ++ *) Fix negotiation so that a Vary response header is correctly ++ generated when, for a particular dimension, variants only vary ++ in having or not having a value for that dimension. [Paul Sutton] ++ ++ *) Fix negotiation so that we prefer an encoded variant over an ++ unencoded variant if the user-agent explicitly says it can ++ accept that encoding. Previously we always preferred the unencoded ++ variant. ++ [Paul Ausbeck <paula alumni.cse.ucsc.edu>, Paul Sutton] PR#3447 ++ ++ *) Fix APXS tool: query variables LIBS_SHLIB and TARGET were not recognized ++ and the usage page was inconsistent with the functionality and manpage. ++ [Ralf S. Engelschall] ++ ++ *) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command. ++ They can occur multiple times and their arguments (`xxx') are passed AS ++ IS to the compiler/linker command. [Ralf S. Engelschall] ++ ++ *) Fixed possible (but harmless in practice) bug in the DBM lookup ++ procedure of mod_rewrite: very long keys were truncated. ++ [Ralf S. Engelschall] ++ ++ *) Added a generic --with-layout=[FILE:]ID option. ID here is a layout ++ identifier, currently "Apache" and "GNU" are pre-defined in the file ++ config.layout. Custom layouts are possible by using FILE:ID as the ++ argument where the layout ID is taken from FILE. ++ ++ The config.layout file consists of <Layout ID>..</Layout> sections ++ where inside those sections "path_variable: path_value" pairs can be ++ specified. These lines are converted to path_variable='path_value'. ++ ++ *) Add a DefaultLanguage directive so that files missing a language ++ extension (e.g., .fr, .de) can be labelled as being some other ++ default language. DefaultLanguage can appear in <Directory> and ++ <Files> containers as well as .htaccess files. [Paul Sutton] ++ PR#1180 ++ ++ *) Fix TARGET configuration when configuring and installing using ++ APACI configure. TARGET now defines the basename of the configuration ++ file, startup script, manual page, etc. log_error_core() now reports ++ the server binary name given by argv[0]. TARGET can now also be defined ++ with --target=TARGET parameter passed to APACI configure. ++ [Ralf Engelschall, Randy Terbush] ++ ++ *) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC ++ rather than OPT_INCLUDES [Rainer Schoepf <schoepf uni-mainz.de>] ++ ++ *) ap_md5_binary() was using sprintf() rather than a table lookup ++ to convert binary bytes to hex digits. ++ [Ronald Tschalär <ronald innovation.ch>] PR#3409 ++ ++ *) Fix SEGV in TCN negotiation if no variants are acceptable. ++ [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>] PR#1987 ++ ++ *) API: ap_exists_config_define() function is now "public" [Doug MacEachern] ++ ++ *) Fix documentation of `Action' directive: It can activate a CGI script ++ when either a handler or a MIME content type is triggered by the request. ++ [Andrew Pimlott <pimlott math.harvard.edu>] PR#3340 ++ ++ *) Document the `add' command of `dbmmanage' in `dbmmanage.1' manpage. ++ [David MacKenzie <djm uu.net>] PR#3394 ++ ++ *) Ignore a "ErrorDocument 401" directive with a full URL and write a ++ notice to the error log. It is not possible to send a 401 response ++ and a redirect at the same time. [Lars Eilebrecht] ++ ++ *) Fallback to native compilers for IRIX-32 platform. It seems that ++ a gcc 2.8.1 compiled apache is logging client addresses with all ++ bits set (255.255.255.255). This is the second such problem caused ++ by gcc 2.8.1 compiler. The first being broken semaphore locking. ++ [Randy Terbush] ++ ++ *) Updated mime.types to reflect current Internet media types ++ and include a URL to the registry. ++ [Manoj Kasichainula, Roy Fielding] PR#2380, 2286, 2246 ++ ++ *) SECURITY: Do a more complete check in mod_include to avoid ++ an infinite loop of recursive SSI includes. [Marc Slemko] PR#3323 ++ ++ *) Add APACI --suexec-docroot and --suexec-logfile options which can be ++ used to set the document root directory (DOC_ROOT) and the suexec ++ logfile (LOG_EXEC), respectively. Additionally the --layout option ++ was changed to show more information about the suEXEC setup. ++ [Lars Eilebrecht] PR#3316, 3357, 3361 ++ ++ *) Added the last two WebDAV status codes of 424 (Failed Dependency) ++ and 507 (Insufficient Storage) for use by third-party modules. ++ [Roy Fielding] ++ ++ *) Enabled all of the WebDAV method names for use by third-party ++ modules, Limit, and Script directives. That includes PATCH, ++ PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. ++ Improved mod_actions.c so that it can use any of the methods ++ defined in httpd.h. Added ap_method_number_of(method) for ++ getting the internal method number. [Roy Fielding] ++ ++ *) PORT: Add a port to the TPF OS. [Joe Moenich <moenich us.ibm.com> and ++ others at IBM] ++ ++ *) Fix problems with handling of UNC names (e.g., \\host\path) ++ on Win32. [Ken Parzygnat <kparz us.ibm.com>] ++ ++ *) Rework os_canonical_*() on Win32 so it's simpler, more ++ robust, and works. [Ken Parzygnat <kparz us.ibm.com>] ++ PR#2555, 2915, 3064, 3232 ++ ++ *) Work around incomplete implementation of strftime on Win32. ++ [Manoj Kasichainula, Ken Parzygnat <kparz us.ibm.com>] ++ ++ *) Move a typedef to fix compile problems on Linux with 1.x kernels. ++ [Manoj Kasichainula] PR#3177 ++ ++ *) PORT: Add a port to the Concurrent PowerMAX OS. [Tom Horsley ++ <Tom.Horsley mail.ccur.com>] ++ ++ *) WIN32: Log more explicit error messages if spawning an interpreted ++ script failed, including the command line used to attempt to execute ++ the interpreter and the Win32 error code returned. [Marc Slemko] ++ ++ *) Disable sending of error-notes on a 500 (Internal Server Error) response ++ since it often includes file path info. Enable sending of error-notes ++ on a 501 (Method Not Implemented). [Roy Fielding] PR#3173 ++ ++ *) http_config.c would respond with 501 (Method Not Implemented) if a ++ content type handler was specified but could not be found, which ++ should have been a 500 response. Likewise, mod_proxy.c would responsd ++ with a 501 if the URI scheme is unrecognized instead of the correct ++ response of 403 (Forbidden). [Roy Fielding] ++ ++ *) SECURITY: Eliminate DoS attack when a bad URI path contains what ++ looks like a printf format escape. [Marc Slemko, Studenten Net Twente] ++ ++ *) Fix in mod_autoindex: for files where the last modified time stamp was ++ unavailable, an empty string was printed which was 2 bytes short. ++ The size and description columns were therefore not aligned correctly. ++ [Martin Kraemer] (no PR#) ++ ++ *) Update BS2000 OS code to work with recent versions. Starting with ++ release A17, the child fork() must be replaced by a _rfork(). ++ (BS2000 only) [Martin Kraemer] ++ ++ *) Add the actual server_rec structure of the specific Vhost to the ++ scoreboard file and avoid a string copy (as well as allow some ++ further future enhancements). [Harrie Hazewinkel ++ <harrie.hazewinkel jrc.it>] ++ ++ *) Add APACI --permute-module=foo:bar option which can be used to ++ on-the-fly/batch permute the order of two modules (mod_foo and mod_bar) ++ in the Configuration[.apaci] file. Two special and important variants are ++ supported for the option argument: first BEGIN:foo which permutes module ++ mod_foo with the begin of the module list, i.e. it `moves' the module to ++ the begin of the list (gives it lowest priority). And second foo:END ++ which permutes mod_foo with the end of the module list, i.e. it `moves' ++ the module to the end of the list (gives it highest priority). ++ [Ralf S. Engelschall] ++ ++ *) Fix problem with 'apache -k shutdown' and startup event ++ synchronisation (Win32). [Ken Parzygnat <kparz raleigh.ibm.com>] ++ PR#3255 ++ ++ *) The config parser wasn't correctly noticing a missing '>' ++ on container start lines (e.g., it wouldn't spot ++ "<Directory /" as a syntax error). [Ryan Bloom <rbbloom us.ibm.com>] ++ PR#3279 ++ ++ *) Add a 'RemoveHandler' directive which will selectively remove ++ all handler associations for the specified file extensions. ++ [Ryan Bloom <rbbloom us.ibm.com>] PR#1799. ++ ++ *) Properly handle & allow "nul" and ".*/null" in AccessConfig and ++ ResourceConfig directives on Win32. Also add a note to the effect ++ of 'useless User directive ignored on Win32' to the errorlog if ++ a User directive is encountered on Win32. ++ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2078, 2303. ++ ++ *) Fix multiple whitespace handling in imagemaps for mod_imap which was ++ broken since Apache 1.3.1 where we took out compressing of multiple ++ spaces in ap_cfg_getline(). ++ [Ivan Richwalski <ivan seppuku.net>] PR#3249 ++ ++ *) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not ++ initialized correctly and the db_open() call used an invalid mode ++ parameter. [Ron Klatchko <ron ckm.ucsf.edu>] PR#3171 ++ ++ *) PORT: DSO support for UnixWare 7 ++ [Ralf S. Engelschall, Ron Record <rr sco.com>] ++ ++ *) Merge the contents of the {srm,access}.conf-dist* files into the ++ httpd.conf-dist* files. The srm and access files now contain ++ only comments, and httpd.conf has all the combined contents in ++ a rational order. [Ken Coar] ++ ++ *) PORT: DSO/ELF support for FreeBSD 3.0. ++ [Ralf S. Engelschall, Dirk Froemberg <ibex physik.TU-Berlin.DE>] ++ ++ *) Add a "default-handler" handler that calls the default_hander() ++ function which is normally called for static content. This allows ++ you to override a specific handler. [Marc Slemko] ++ ++ *) Further simplify checking for absolute paths by replacing an ++ hard-coded syntax check with a call to a routine we already created to ++ do this. [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074 ++ ++ *) Log an error if we encounter a malformed "require" directive ++ in mod_auth if we know that we know that no other module can ++ deal with it. [Marc Slemko] ++ ++ *) Remove ap_private_extern method of hiding conflicting symbols ++ on the NEXT platform because it is not correct for all versions, ++ and the versions for which it is correct are unknown. ++ [Wilfredo Sanchez <wsanchez apple.com>] ++ ++ *) Fix inheritance of IndexOptions NameWidth and remove unintended ++ restriction on +NameWidth, +IconHeight, and +IconWidth. [Ken Coar] ++ ++ *) Fix per-directory config merging for cases in which a 500 error ++ is encountered in an .htaccess file somewhere down the tree. ++ [Ken Coar] PR#2409 ++ ++ *) Minor performance improvement to ap_escape_html(). [Roy Fielding] ++ ++ *) Fixed a segmentation violation in mod_proxy when a response is ++ non-cachable. [Roy Fielding, traced by Doug Bloebaum]. PR#2950, 3056 ++ ++Changes with Apache 1.3.3 ++ ++ *) Added a complete implementation of the Expect header field as ++ specified in rev-05 of HTTP/1.1. Disabled the 100 Continue ++ response when we already know the final status, which is mighty ++ useful for PUT responses that result in 302 or 401. [Roy Fielding] ++ ++ *) Remove extra trailing whitespace from the getline results as part ++ of the protocol processing, which is extra nice because it works ++ between continuation lines, is almost no cost in the normal case ++ of no extra whitespace, and saves memory. [Roy Fielding] ++ ++ *) Added new HTTP status codes and default response bodies from the ++ revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and ++ HTTP Extension Framework (510) specifications. Did not add the ++ WebDAV 424 and 425 codes because they are bogus. We don't use any ++ of these codes yet, but they are now available to 3rd-party modules. ++ [Roy Fielding] ++ ++ *) Fix a possible race condition between timed-out requests and the ++ ap_bhalfduplex select that might result in an infinite loop on ++ platforms that do not validate the descriptor. [Roy Fielding] ++ ++ *) WIN32: Add "-k shutdown" and "-k restart" options to signal a ++ running Apache server [Paul Sutton] ++ ++ *) Fix mod_autoindex bug where directories got a size of "0k" instead ++ of "-". [Martin Plechsmid <plechsmi karlin.mff.cuni.cz>, Marc Slemko] ++ PR#3130 ++ ++ *) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker jetair.be>] ++ ++ *) Add the server signature text (from the core ServerSignature directive) ++ to the list of envariables available to scripts, SSI, and the like. ++ [Ken Coar] ++ ++ *) PORT: Fix sys/resource.h handling for SCO 3.x platform. ++ [M. Laak <maert proinv.ee>] PR#3108 ++ ++ *) Fallback from sysconf-based to plain HZ-based `ticks per second' ++ calculation in mod_status for all systems which don't have POSIX ++ sysconf() (like UTS 2.1) and not only for the NEXT platform. ++ [Dave Dykstra <dwd bell-labs.com>] PR#3055 ++ ++ *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and ++ mod_auth_db by using ap_getword_white() (which uses ap_isspace()) ++ instead of ap_getword(..., ' ') (which parses only according to spaces ++ but not tabs). [James Morris <jmorris intercode.com.au>, ++ Ralf S. Engelschall] PR#3105 ++ ++ *) Fix the SERVER_NAME variable under sub-request situations (where ++ `UseCanonicalName off' is used) like CGI's called from SSI pages or ++ RewriteCond variables by adopting r->hostname to sub-requests. ++ [James Grinter <jrg blodwen.demon.co.uk>] PR#3111 ++ ++ *) Fix stderr redirection under syslog-based error logging situation. ++ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3095 ++ ++ *) Document `ErrorLog syslog:facility' variant of error logging. ++ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#3096 ++ ++ *) Fix http://localhost/ hints in top-level INSTALL document. ++ [Rob Jenson <robjen spotch.com>, Ralf S. Engelschall] PR#3088 ++ ++ *) Quote paths in default configuration files. [Wilfredo Sanchez] ++ ++ *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since ++ it is now taken care of properly by the header file tests. ++ [Wilfredo Sanchez <wsanchez apple.com>] ++ ++ *) Fix problem with scripts and filehandle inheritance on Win32. ++ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2884, 2910 ++ ++ *) Win32 name canonicalisation could end up using the server's ++ working directory to fill in some blanks. [Ken Parzygnat ++ <kparz raleigh.ibm.com>] PR#3001 ++ ++ *) Correct invalid assumption by ap_sub_req_lookup_file() that all ++ absolute paths begin with "/" -- because they don't on Win32. ++ [Ken Parzygnat <kparz raleigh.ibm.com>] PR#2976, 3074 ++ ++ *) Add [REDIRECT_]VARIANTS environment variable to mod_speling ++ so that ErrorDocument 300 processors can reformat the list ++ if desired. [Ken Coar] PR#2859 ++ ++ *) Add +/- incremental prefixes to IndexOptions keywords, and ++ enable merging of multiple IndexOptions directives. [Ken Coar] ++ ++ *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron ++ <steve.cameron compaq.com>] ++ ++ *) Reconstructed the loop through multiple htaccess file names so ++ that missing files are not confused with unreadable files. ++ [Roy Fielding] ++ ++ *) The ap_pfopen and ap_pfdopen routines were failing to protect the ++ errno on an error, which leads to one error being mistaken for ++ another when reading non-existent .htaccess files. ++ [Jim Jagielski] ++ ++ *) OS/2: The new header tests get things right, need to update ++ ap_config.h. [Brian Havard] ++ ++ *) The Perl %ENV hash will now be setup by default when using the ++ mod_include `perl' command [Doug MacEachern] ++ ++ *) PORT: Add Pyramid DC/OSx support to configuration mechanism. ++ [Earle Ake <akee wpdiss1.wpafb.af.mil>] ++ ++ *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1 ++ [Dave Dykstra <dwd bell-labs.com>] PR#3054 ++ ++ *) Correct comment in mod_log_config.c about its internals. ++ [Elf Sternberg <elf halcyon.com>] ++ ++ *) Avoid possible line overflow in Configure: Use an awkfile to ++ handle the creation of modules.c [Jim Jagielski] ++ ++Changes with Apache 1.3.2 ++ ++ *) Fix bug in ap_remove_module(), which caused problems for dso's ++ who were the top_module. [Doug MacEachern] ++ ++ *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to ++ mod_auth_db to both be friendly to users who wants to use this version ++ and to avoid problems under platforms where only version 2.x is present. ++ [Dan Jacobowitz <drow false.org>, Ralf S. Engelschall] ++ ++ *) When using ap_log_rerror(), make the error message available to the ++ *ERROR_NOTES envariables by default. [Ken Coar] ++ ++ *) BS2000 platform only: get rid of the nasty BS2000AuthFile. ++ You now must define a BS2000Account name for the server User. ++ This has fewer security implications than the old approach. ++ [Martin Kraemer] ++ ++ *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl' ++ instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this ++ platform to make the braindead HPUX linker happy. Notice, for the module ++ DSOs we don't have to use this, because these are loaded manually (and ++ not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968 ++ ++ *) Remove 64 thread limit on Win32. ++ [Bill Stoddard <stoddard raleigh.ibm.com>] ++ ++ *) Remove redundant substitutions in top-level Makefile.tmpl. ++ [Ralf S. Engelschall] ++ ++ *) Fix APACI's `Group' configuration adjustment - especially for Linux ++ platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall] ++ ++ *) Make PrintPath work generically instead of having one version ++ strictly for OS/2. [Jim Jagielski, Brian Havard] ++ ++ *) Fix the recently introduced C header file checking: We now use the C ++ pre-processor pass only (and no longer the complete compiler pass) to ++ determine whether a C header file exists or not. Because only this way ++ we're safe against inter-header dependencies (which caused horrible ++ portability problems). The only drawback is that we now have a CPP ++ configuration variable which has to be determined first (we do a similar ++ approach as GNU Autoconf does here). When all fails the user still has ++ the possibility to override it manually via APACI or src/Configuration. ++ As a fallback for the header check itself we can directly check the ++ existance of the file under /usr/include, too. ++ [Ralf S. Engelschall] PR#2777 ++ ++ *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined ++ as an alternate mechanism for mmap'd shared memory for RHAPSODY. ++ ap_private_extern defined to hide symbols that conflict with loaded ++ dynamic libraries on the NEXT and RHAPSODY platforms. ++ [Wilfredo Sanchez <wsanchez apple.com>] ++ ++ *) Delete PID file on clean shutdowns. ++ [Charles Randall <crandall matchlogic.com>] PR#2947 ++ ++ *) Fix mod_auth_*.html documents: NSCA -> NCSA ++ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2991 ++ ++ *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org ++ [Karl Berry <karl gnu.org>] PR#2994 ++ ++ *) Fix dbmmanage.1 manual page. ++ [Youichirou Koga <y-koga jp.FreeBSD.org>] PR#2992 ++ ++ *) Fix possible buffer overflow situation in suexec.c. ++ [Jeff Stewart <jws purdue.edu>] PR#2790 ++ ++ *) Add some more LIBS for the SCO5 platform which are needed for the already ++ used -lprot. It's actually a bug in SCO5, of course. ++ [Ronald Record <rr sco.com>] PR#2533 ++ ++ *) Fix documentation of ProxyPass/ProxyPassReverse according to the ++ trailing slash problem. [Jon Drukman <jsd gamespot.com>] PR#2933 ++ ++ *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1) ++ platform, because it's only supported under version 4.0 and higher. But ++ because our GuessOS is still unaware of Digital UNIX versions and the ++ -msym is just to optimize the DSO statup time a little bit it's safe and ++ best when we leave it out now. [Ralf S. Engelschall] PR#2969 ++ ++ *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf() ++ functions: First all three functions no longer fail on strings containing ++ "%" chars and second ap_log_printf() no longer does a double-formatting ++ (instead it directly passes through the message to be formatted to the ++ real internal formatting function). [Ralf S. Engelschall] PR#2941 ++ ++ *) Allow "Include" directives anywhere in the server config ++ files (but not .htaccess files). [Ken Coar] PR#2727 ++ ++ *) The proxy was refusing to serve CONNECT requests except to ++ port 443 (https://) and 563 (snews://). The new AllowCONNECT ++ directive allows the configuration of the ports to which a ++ CONNECT is allowed. [Sameer Parekh, Martin Kraemer] ++ ++ *) mod_expires will now act on content that is not sent from a file ++ on disk. Previously it would never add an Expires: header to ++ any response that did not come from a file on disk; the only ++ case where it still doesn't (and can't) add one for that type of ++ content is if you are using a modification date based setting. ++ [Marc Slemko, Paul Phillips <paulp go2net.com>] ++ ++ *) Problems encountered during .htaccess parsing or CGI execution ++ that lead to a "500 Server Error" condition now provide explanatory ++ text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts. ++ [Ken Coar] PR#1291 ++ ++ *) Add NameWidth keyword to IndexOptions directive so that the ++ width of the filename column is customisable. [Ken Coar, Dean Gaudet] ++ PR#1949, 2324. ++ ++ *) Recognize lowercase _and_ uppercase `uname' results under ++ SCO OpenServer. [David Coelho <drc ppt.com>] ++ ++ *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be ++ a common problem of (mis-administrated?) IIS servers, make the apache ++ proxy immune to these errors (and ignore the duplicates, but log ++ the fact to error_log). [Martin Kraemer], after the proposal in PR#2914 ++ ++ *) The <IfModule and <IfDefine block starting directives now only ++ allow exactly one argument. Previously, the optional negation ++ character '!' could be separated by whitespace without a syntax ++ error being reported, albeit defeating the IfModule functionality ++ (enclosed directives would ALWAYS be executed). By using the ++ stricter syntax, these hard-to-track errors can be avoided. ++ [Martin Kraemer] ++ ++ *) Simplify handling of IndexOptions in mod_autoindex -- and BTW ++ cause the standalone FancyIndexing directive to logically OR ++ into any existing IndexOptions settings rather than wiping ++ them out. [Ken Coar] ++ ++ *) Changes in ftp proxy: make URL parsing simpler by using the ++ parsed_uri stuff. ++ + Add display of the "current directory" in cases where it's ++ different from the supplied path (e.g., ftp://user@host/ lives ++ in /home/user, not in /, therefore clicking on "../" in the ++ starting directory might send us to /home/). ++ + When ftp login fails, (esp. when a user name was part of the ++ URL already), we now return [401 Unauthorized ] to allow the ++ browser to pop up an authorization dialog. This makes passwords ++ slightly less visible (they don't appear in the regular log files) ++ and implements a functionality that other www proxy servers ++ already offered. ++ [Martin Kraemer] ++ ++ *) Triggered by the recent "Via:" header changes, the proxy module would ++ dump core for replies with invalid headers (e.g., duplicate ++ "HTTP/1.0 200 OK" lines). These errors are now logged and the ++ core dump is avoided. Also, broken replies are not cached. ++ [Martin Kraemer] PR#2914 ++ ++ *) new `GprofDir' directive when compiled with -DGPROF, where gprof can ++ plop gmon.out profile data for each child [Doug MacEachern] ++ ++ *) Use the construct ``"$@"'' instead of ``$*'' in the generated ++ config.status script to be immune against arguments with whitespaces. ++ [Yves Arrouye <yves apple.com>] PR#2866 ++ ++ *) Replace the inlined information grabbing stuff for the configuration ++ adjustment feature (no --without-confadjust) with calls to a new helper ++ script `buildinfo.sh' which is both more flexible and already proofed to ++ be more robust against platform differences. This mainly fixes the ++ recently occured ``sed: command garbled: ...'' problems. ++ [Ralf S. Engelschall] PR#2776, PR#2848 ++ ++ *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align ++ -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline'' ++ without complains after we recently added the POST feature. ++ [Ralf S. Engelschall] ++ ++ *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside ++ modules as API functions and we forgot them at the big symbol renaming. ++ [Ralf S. Engelschall] ++ ++ *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html ++ [Youichirou Koga <y-koga jp.FreeBSD.ORG>] PR#2895 ++ ++ *) Dynamically size the filename column of mod_autoindex output. ++ [Dean Gaudet] ++ ++ *) Add the ability to do POST requests to the ab benchmarking tool. ++ [Kurt Sussman <kls best.com>] PR#2871 ++ ++ *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of ++ 5 to 10 because there are some users out there who always have 5 to 8 ++ variables in one RewriteRule and had to patch mod_rewrite.h for every ++ release. So 15 should be now more than enough, even for them. (I never ++ needed more than 4 in my RewriteRules ;-) ++ [Ralf S. Engelschall] ++ ++ *) Make the proxy generate and understand Via: headers ++ [Martin Kraemer] ++ ++ *) Change the proxy to use tables instead of array_headers for ++ the header lines. [Martin Kraemer] ++ ++ *) Make sure the config.status file is not overridden when just ++ ``configure --help'' is used. [Ralf S. Engelschall] PR#2844 ++ ++ *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should ++ provide a way to trace API changes that add functionality but do ++ not create a compatibility issue for precompiled modules, etc. ++ See include/ap_mmn.h for more details. [Randy Terbush] ++ ++ *) Fix suexec installation under `make install root=xxx' situation. ++ [Ralf S. Engelschall] ++ ++ *) Extend the output of the -V switch to include the paths of all ++ compiled-in configuration files, if they were overridden at ++ compile time, for least astonishment of the user. ++ [Martin Kraemer] ++ ++ *) When READing a request in ExtendedStatus mode, the "old" ++ vhost, request and client information is not displayed. ++ [Jim Jagielski] ++ ++ *) STATUS is no longer available. Full status information now ++ run-time configurable using the ExtendedStatus directive. ++ [Jim Jagielski] ++ ++ *) SECURITY [CAN-1999-1199] (cve.mitre.org): ++ Eliminate O(n^2) space DoS attacks (and other O(n^2) ++ cpu time attacks) in header parsing. Add ap_overlap_tables(), ++ a function which can be used to perform bulk update operations ++ on tables in a more efficient manner. ++ [Dean Gaudet] ++ ++ *) SECURITY: Added compile-time and configurable limits for ++ various aspects of reading a client request to avoid some simple ++ denial of service attacks, including limits on maximum request-line ++ size (LimitRequestLine), number of header fields (LimitRequestFields), ++ and size of any one header field (LimitRequestFieldsize). Also added ++ a configurable directive LimitRequestBody for limiting the size of the ++ request message body. [Roy Fielding] ++ ++ *) Make status module aware of DNS and logging states, even if ++ STATUS not defined. [Jim Jagielski] ++ ++ *) Fix a problem with the new OS/2 mutexes. [Brian Havard] ++ ++ *) Enhance mod_speling so that CheckSpelling can be used in ++ <Directory> containers and .htaccess files. [Ken Coar] ++ ++ *) API: new ap_custom_response() function for hooking into the ++ ErrorDocument mechanism at runtime [Doug MacEachern] ++ ++ *) API: new ap_uuencode() function [Doug MacEachern] ++ ++ *) API: scan_script_header_err_core() now "public" and renamed ++ ap_scan_script_header_err_core() [Doug MacEachern] ++ ++ *) The 'status' module will now show the process pid's and their ++ state even without full STATUS accounting. [Jim Jagielski] ++ ++ *) Restore the client IP address to the error log messages, this ++ was lost during the transition from 1.2 to 1.3. Add a new ++ function ap_log_rerror() which takes a request_rec * and ++ formats it appropriately. [Dean Gaudet] PR#2661 ++ ++ *) Cure ap_cfg_getline() of its nasty habit of compressing internal ++ whitespace in input lines -- including within quoted strings. ++ [Ken Coar] ++ but leading and trailing whitespace should continue to be ++ stripped [Martin Kraemer] ++ ++ *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid ++ the ugly use of an env. variable and use command-line args for ++ alternate $PATH. Make more like advanced 'type's as well. ++ [Jim Jagielski] ++ ++ *) The IRIXN32 Rule was being ignored. Configure now correctly adds ++ -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis ++ <alain.st-denis ec.gc.ca>] PR#2736 ++ ++ *) Clean up a warning in mod_proxy. [Ralf S. Engelschall] ++ ++ *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2 ++ following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/ ++ directory was renamed to src/os/os2/ for consistency. ++ [Brian Havard, Ralf S. Engelschall] ++ ++ *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO ++ files (here modules) against other DSO files (here shared libraries). ++ This is done by determining a subset of LIBS which can be safely used for ++ linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is ++ disabled for all platforms to avoid problems with this (experimental) ++ rule. But we provide it now for those people how ran into problems and ++ want to came out by forcing linking against DSOs. ++ [Ralf S. Engelschall] PR#2587 ++ ++ *) Fix suEXEC start message: Has to be of `notice' level to really get ++ printed together with the standard startup message because the `notice' ++ level is handled special inside ap_log_error() for startup messages. ++ [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765 ++ ++ *) Add correct `model' MIME types from RFC2077 to mime.types file. ++ [Ralf S. Engelschall] PR#2732 ++ ++ *) Fixed examples in mod_rewrite.html document. ++ [Youichirou Koga <y-koga jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756 ++ ++ *) Allow ap_read_request errors to propagate through the normal request ++ handling loop so that the connection can be properly closed with ++ lingering_close, thus avoiding a potential TCP reset that would ++ cause the client to miss the HTTP error response. [Roy Fielding] ++ ++ *) One more portability fix for APACI shadow tree support: Swap order of awk ++ and sed in top-level configure script to avoid sed fails on some ++ platforms (for instance SunOS 4.1.3 and NCR SysV) because of the ++ non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729 ++ ++ *) PORT: NEC EWS4800 support. ++ [MATSUURA Takanori <t-matsuu protein.osaka-u.ac.jp>] ++ ++ *) Fix a segfault in the proxy on OS/2. [Brian Havard] ++ ++ *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info ++ structure instead of just NULL. This fixes at least the RewriteMap ++ programs under Win32. [Marco De Michele <mdemichele tin.it>] PR#2483 ++ ++ *) Add workaround to top-level `configure' script for brain dead ++ `echo' commands which interpet escape sequences per default. ++ [Ralf S. Engelschall] PR#2654 ++ ++ *) Make sure that the path to the Perl interpreter is correctly ++ adjusted under `make install' also for the printenv CGI script. ++ [Ralf S. Engelschall] PR#2595 ++ ++ *) Update the mod_rewrite.html document to correctly reflect the situation ++ of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679 ++ ++ *) Fix `install-includes' sub-target of `install' target in top-level ++ Makefile.tmpl: The umask+cp approach didn't work as expected (especially ++ for users which extracted the distribution under 'umask 077'), so replace ++ it by an explicit cp+chmod approach. ++ [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626 ++ ++ *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same ++ behavior and to cleanup correctly even under enabled SHARED_CORE rule. ++ [Ralf S. Engelschall] ++ ++ *) Use a more straight forward and thus less problematic Sed command in ++ src/helper/mkdir.sh script. [Ralf S. Engelschall] ++ ++ *) Make sure the `configure' scripts doesn't fail when trying to guess the ++ domainname of the machine and there are multiple `domainname' and ++ `search' entries in /etc/resolv.conf. ++ [Ralf S. Engelschall] PR#2710 ++ ++ *) Add note about the SHARED_CORE requirement on some platforms also to the ++ INSTALL file because a lot of users don't read htdocs/manual/dso.html ++ first. [Ralf S. Engelschall] PR#2701 ++ ++ *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl ++ [Knut A.Syed <Knut.Syed nhh.no>] PR#2674 ++ ++ *) Modify mod_rewrite to update the Vary response field if the URL rewriting ++ engine does any manipulations or decisions based upon request fields. ++ [Ken Coar] PR#1644 ++ ++ *) Document the special APACI behavior for installation paths where ++ ``/apache'' is appended to paths under some (well defined, of course) ++ situations to prevent pollution of system locations with Apache files. ++ [Ralf S. Engelschall] PR#2660 ++ ++ *) Fixed problem with buffered response message not being sent for ++ the read_request error conditions of URI-too-long (414) and ++ malformed header fields (400). [Roy Fielding] PR#2646 ++ ++ *) Add support for the Max-Forwards: header line required by RFC2068 for ++ the TRACE method. This allows apache to TRACE along a chain of proxies ++ up to a predetermined depth. [Martin Kraemer] ++ ++ *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled ++ (compilers complained) and the .so.V.R.P filename extension was adjusted ++ to correctly reflect the 1.3.2 version. ++ [Ralf S. Engelschall] PR#2644 ++ ++ *) SECURITY: Plug "..." and other canonicalization holes under OS/2. ++ [Brian Havard] ++ ++ *) PORT: implement serialized accepts for OS/2. [Brian Havard] ++ ++ *) mod_include had problems with the fsize and flastmod directives ++ under WIN32. Fix also avoids the minor security hole of using ++ ".." paths for fsize and flastmod. ++ [Manoj Kasichainula <manojk raleigh.ibm.com>] PR#2355 ++ ++ *) Fixed some Makefile dependency problems. [Dean Gaudet] ++ ++Changes with Apache 1.3.1 ++ ++ *) Disable the incorrect entry for application/msword in the ++ mod_mime_magic "magic" file because it also matches other Office ++ documents. [Ralf S. Engelschall] PR#2608 ++ ++ *) Fix broken RANLIB handling in src/Configure (the entry from ++ src/Configuration.tmpl was ignored) and additionally force RANLIB to ++ /bin/true under HP/UX where ranlib exists but is deprecated. ++ [Ralf S. Engelschall] PR#2627 ++ ++ *) 'apachectl status' failed on some systems. ++ [Steve VanDevender <stevev darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613 ++ ++ *) Add new flags for ap_unparse_uri_components() to make it generate ++ the scheme://sitepart string only, or to omit the query string. ++ [Martin Kraemer] ++ ++ *) WIN32: Canonicalize ServerRoot before checking to see if it ++ is a valid directory. The failure to do this caused certain ++ ServerRoot settings (eg. "ServerRoot /apache") to be improperly ++ rejected. [Marc Slemko] ++ ++ *) Global renaming of C header files to both get rid of conflicts with third ++ party packages and to again reach consistency: ++ 1. conf.h -> ap_config.h ++ 2. conf_auto.h -> ap_config_auto.h \ these are now merged ++ 3. ap_config.h -> ap_config_auto.h / in the config process ++ 4. compat.h -> ap_compat.h ++ 5. apctype.h -> ap_ctype.h ++ Backward compatibility files for conf.h and compat.h were created. ++ ++ *) mod_mmap_static will no longer take action on requests unless at ++ least one "mmapfile" directive is present in the configuration. ++ This experimental module has to do some black magic to operate ++ inside the current API and thus creates side-effects for other ++ modules under some circumstances. ++ [Ralf S. Engelschall] ++ ++ *) Add conservative ticks around more egrep arguments in top-level configure ++ to avoid problems under brain-dead platforms like Digital UNIX (OSF1). ++ [Ralf S. Engelschall] PR#2596 ++ ++ *) mod_rewrite created RewriteLock files under the UID of the parent ++ process, thus the child processes had no write access to the files. ++ Now a chown() is done on the file to the uid of the children, ++ if applicable. [Lars Eilebrecht, Ralf S. Engelschall] PR#2341 ++ ++ *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via ++ TestCompile) instead of defining them manually in conf.h based on less ++ accurate platform definitions. This way we no longer have to fiddle with ++ OS-type and/or OS-version identifiers to discover whether a system header ++ file exists or not. Instead we now directly check for the existence of ++ those esoteric ones. ++ [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434, ++ PR#2524, PR#2525, PR#2533, PR#2569 ++ ++ *) mod_setenvif (BrowserMatch* and friends) will now match a missing ++ field with "^$". [Ken Coar] ++ ++ *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded ++ modules to load their own modules dynamically. This improves mod_perl ++ and mod_php3 when these modules are loaded dynamically into Apache. ++ [Rasmus Lerdorf] ++ ++ *) Cache a proxied request in the event that the client cancels the ++ transfer, provided that the configured percentage of the file has ++ already been transfered. It works for HTTP transfers only. The ++ new configuration directive is called CacheForceCompletion. ++ [Glen Parker <glenebob nwlink.com>] PR#2277 ++ ++ *) Add the "<!DOCTYPE HTML" magic cookie used by modern documents (and ++ required by HTML 3.2 and later) to mod_mime_magic's conf/magic. ++ [Anna Shergold <anna inext.co.uk>] ++ ++ *) Fix yet another signal-based race condition involving nested timers. ++ Signals suck. [Dean Gaudet] ++ ++ *) suexec's error messages have been clarified a little bit. [Ken Coar] ++ ++ *) Clean up some, but perhaps not all, 8-bit character set problems ++ with config file parsing, and URL parsing. We now define ++ ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char). ++ This should work on most modern unixes. ++ [Dean Gaudet] PR#800, 2282, 2553 (and others) ++ ++ *) The "handler not found" error was issued in cases where the handler ++ really did exist, but was just declining to serve the request. ++ [John Van Essen <jve gamers.org>] PR#2529 ++ ++ *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x). ++ [Ronald Record <rr sco.com>] PR#2533 ++ ++ *) The APACI libexecdir was not extended with an "apache/" subdir ++ if the installation prefix didn't already contain "apache", but ++ it should be because the DSO files are Apache-specific. Now ++ libexecdir is treated the same way sysconfdir, datadir, localstatedir ++ and includedir are already treated. ++ [Charles Levert <charles comm.polymtl.ca>] PR#2551 ++ ++ *) The <Limit> parsing routine was incorrectly treating methods as ++ case-insensitive. [Ken Coar] ++ ++ *) The ap_bprintf() code neglected to test if there was an error on ++ the connection. ap_bflush() misdiagnosed a failure as a success. ++ [Dean Gaudet] ++ ++ *) add support for #perl arg interpolation in mod_include ++ [Doug MacEachern] ++ ++ *) API: Name changes of table_elts to ap_table_elts, is_table_empty ++ to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie] ++ ++ *) PORT: Add UnixWare 7 support ++ [Vadim Kostoglodoff <vadim olly.ru>] PR#2463 ++ ++ *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was ++ used instead of "$PERL" which contains the correctly determined Perl ++ interpreter (important for instance on systems where "perl" and "perl5" ++ exists, like BSDI or FreeBSD, etc). ++ [Ralf S. Engelschall] PR#2505 ++ ++ *) Move the initial suEXEC-related startup message from plain ++ fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems ++ when Apache is started from inetd (instead of standalone). Under this ++ situation startup messages on stderr lead to problems (the line is sent ++ to the client in front of the requested document). ++ [Ralf S. Engelschall] PR#871, PR#1318 ++ ++ *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching. ++ [Ken Coar, Dean Gaudet] ++ ++ *) WIN32: Don't collapse multiple slashes in PATH_INFO. ++ [Ben Laurie, Bill Stoddard <wgstodda us.ibm.com>] PR#2274 ++ ++ *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are ++ ignored by the Windows filesystem, and so can be used to bypass security. ++ [Ben Laurie, Alexei Kosut]. ++ ++ *) We now attempt to dump core when we get SIGILL. [Jim Jagielski] ++ ++ *) PORT: remove broken test for MAP_FILE in http_main.c. ++ [Wilfredo Sanchez <wsanchez apple.com>] ++ ++ *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the ++ httpd is running. This should be more portable than figuring out ++ which of three dozen different versions of "ps" are installed. ++ [a cast of dozens] ++ ++ *) WIN32: If we can't figure out how to execute a file in a script ++ directory, bail out of the request with an error message. [W G Stoddard] ++ ++ *) WIN32 SECURITY: Eliminate directories consisting of three or more dots; ++ these are treated by Win32 as if they are ".." but are not detected by ++ other machinery within Apache. This is something of a kludge but ++ eliminates a security hole. [Manoj Kasichainula, Ben Laurie] ++ ++ *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses ++ pools and thus pollutes libap (until the pool stuff is moved there). ++ [Ken Coar] ++ ++ *) IndexIgnore should be case-blind on Win32 (and any other case-aware ++ but case-insensitive platforms). New #define for this added to conf.h ++ (CASE_BLIND_FILESYSTEM). [Ken Coar] PR#2455 ++ ++ *) Enable DSO support for OpenBSD in general, not only for 2.x, because it ++ also works for OpenBSD 1.x. [Ralf S. Engelschall] ++ ++ *) PORT: Fix compilation problem on ARM Linux. ++ [Sam Kington <sam illuminated.co.uk>] PR#2443 ++ ++ *) Let APACI's configure script determine some configuration parameters ++ (Group, Port, ServerAdmin, ServerName) via some intelligent tests to ++ remove some of the classical hurdles for new users when setting up ++ Apache. This is done per default because it is useful for the average ++ user. Package authors can use the --without-confadjust option to disable ++ these configuration adjustments. ++ [Ralf S. Engelschall] ++ ++ *) Added an EXTRA_DEPS configuration parameter which can be used ++ to add an extra Makefile dependency for the httpd target, for instance ++ to external third-party libraries, etc. ++ [Ralf S. Engelschall] ++ ++ *) Add <IfDefine>..</IfDefine> sections to the core module (with same spirit ++ as <IfModule>..</IfModule> sections) which can be used to skip or process ++ contained commands dependend of ``-D PARAMETER'' options on the command ++ line. This can be used to achieve logical conditions like <IfDefine ++ ReverseProxy> instead of physically ones (e.g. <IfModule mod_proxy.c>) ++ and thus especially can be used for conditionally loading DSO-based ++ modules via LoadModule, etc. [Ralf S. Engelschall] ++ ++ *) PORT: clean up a warning in mod_status for OS/2. [Brian Havard] ++ ++ *) Make table elements const. This may prevent obscure errors. [Ben Laurie] ++ ++ *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not ++ truncated which forced following HTTP headers to be data in the HTTP ++ reponse. [Ralf S. Engelschall, Charles Fu <ccwf bacchus.com>] ++ PR#2412, 2367 ++ ++ *) Portability fix for APACI shadow tree support: Swap order of awk and sed ++ in top-level configure script to avoid sed fails on some platforms (for ++ instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined ++ output of Awk. [Bill Houle <bhoule sandiegoca.ncr.com>] PR#2435 ++ ++ *) Improve performance of directory listings (mod_autoindex) by comparing ++ integer keys (last-modified and size) as integers rather than converting ++ them to strings first. Also use a set of explicit byte tests rather ++ than strcmp() to check for parent directory-ness of an entry. Oh, and ++ make sure the parent directory (if displayed) is *always* listed first ++ regardless of the sort key. Overall performance winnage should be good ++ in CPU time, instruction cache, and memory usage, particularly for large ++ directories. [Ken Coar] ++ ++ *) Add a tiny but useful goody to APACI's configure script: The generation ++ of a config.status script (as GNU Autoconf does) which remembers the used ++ configure command and hence can be used to restore the configuration by ++ just re-running this script or for remembering the configuration between ++ releases. ++ [Ralf S. Engelschall] ++ ++ *) Add httpd -t (test) option for running configuration syntax tests only. ++ If something is broken it complains and exits with a return code ++ non-equal to 0. This can be used manually by the user to check the Apache ++ configuration after editing and is also automatically used by apachectl ++ on (graceful) restart command to make sure Apache doesn't die on restarts ++ because of a configuration which is now broken since the last (re)start. ++ This way `apachectl restart' can be used inside cronjobs without having ++ to expect Apache to be falling down. Additionally the httpd -t can be run ++ via `apachectl configtest'. ++ [Ralf S. Engelschall] PR#2393 ++ ++ *) Minor display fix for "install" target of top-level Makefile: ++ the displayed installation command was incorrect although the ++ executed command was correct. Now they are in sync. ++ [Ralf S. Engelschall] PR#2402 ++ ++ *) Correct initialization of variable `allowed_globals' in http_main.c ++ [Justin Bradford <justin ukans.edu>] PR#2400 ++ ++ *) Apache would incorrectly downcase the entire Content-Type passed from ++ CGIs. This affected server-push scripts and such which use ++ multipart/x-mixed-replace;boundary=ThisRandomString. ++ [Dean Gaudet] PR#2394 ++ ++ *) PORT: QNX update to properly guess 32-bit systems. ++ [Sean Boudreau <seanb qnx.com>] PR#2390 ++ ++ *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx() ++ functions which are in libdld under HPUX 9/10. ++ [Ralf S. Engelschall] PR#2378 ++ ++ *) Make sure the "install" target of the top-level Makefile doesn't break ++ because of a return code of 1 from an "if" (for instance under braindead ++ Ultrix the result code of an "if" construct is 1 if the "then" clause ++ didn't match). [Ralf S. Engelschall] ++ ++ *) Add an additional "dummy" target to the "$(LIB)" target in generated ++ modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO" ++ situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are ++ empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer] ++ ++ *) Replace two bad sprintf() calls with ap_snprintf() variants in ++ mod_rewrite. [Ralf S. Engelschall] ++ ++ *) Fix missing usage description for MetaFiles directive. ++ [David MacKenzie <djm va.pubnix.com>] PR#2384 ++ ++ *) mod_log_config wouldn't let vhosts use log formats defined in the ++ main server. [Christof Damian <damian mediaconsult.com>] PR#2090 ++ ++ *) mod_usertrack was corrupting the client hostname. As part of the ++ fix, the cookie values were slightly extended to include the ++ fully qualified hostname of the client. ++ [Dean Gaudet] PR#2190, 2229, 2366 ++ ++ *) Fix a typo in pool debugging code. [Alvaro Martinez Echevarria] ++ ++ *) mod_unique_id did not work on alpha linux (in general on any ++ architecture that has 64-bit time_t). ++ [Alvaro Martinez Echevarria] ++ ++ *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie] ++ ++ *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that ++ Solaris systems experience. So define WORKAROUND_SOLARIS_BUG. ++ [Klaus Weber <kweber chephren.germany.ncr.com>] PR#1973 ++ ++ *) Change "Options None" to "Options FollowSymLinks" in the ++ <Directory /> section of the default access.conf-dist ++ (and -win even though it doesn't matter there). This has better ++ performance, and more intuitive semantics. [Dean Gaudet] ++ ++ *) PORT: Updated support for UTS 2.1.2. ++ [Dave Dykstra <dwd bell-labs.com>] PR#2320 ++ ++ *) Fix symbol export list (src/support/httpd.exp) after recent ++ API changes in the child spawning area. ++ [Jens-Uwe Mager <jum helios.de>] ++ ++ *) Workaround for configure script and old `test' commands which do not ++ support the -x flag (for instance under platforms like Ultrix). This is ++ solved by another helper script findprg.sh which searches for Perl and ++ Awk like PrintPath but _via different names_. ++ [Ralf S. Engelschall] ++ ++ *) Remove the system() call from htpasswd.c, which eliminates a system ++ dependancy. ["M.D.Parker" <mdpc netcom.com>] PR#2332 ++ ++ *) PORT: Fix compilation failures on NEXTSTEP. ++ [Rex Dieter <rdieter math.unl.edu>] PR#2293, 2316 ++ ++ *) PORT: F_NDELAY is a typo, should have been FNDELAY. There's also ++ O_NDELAY on various systems. [Dave Dykstra <dwd bell-labs.com>] PR#2313 ++ ++ *) PORT: helpers/GuessOS updates for various versions for NCR SVR4. ++ [juerg schreiner <j.schreiner zh.ch>, ++ Bill Houle <Bill.Houle SanDiegoCA.NCR.COM>] PR#2310 ++ ++ *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which ++ was broken because of invalid ap_pstrcat() -> strcat() transformation. ++ [Ralf S. Engelschall] ++ ++ *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection ++ to continue in background, use predefined types (off_t, size_t, time_t), ++ log the current cache usage percentage at LogLevel debug ++ [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik] ++ ++Changes with Apache 1.3.0 ++ ++ *) Using a type map file as a custom error document was not possible. ++ [Lars Eilebrecht] PR#1031 ++ ++ *) Avoid problems with braindead Awks by additionally searching for gawk ++ and nawk in APACI's configure script. ++ [Dave Dykstra <dwd bell-labs.com>, Ralf S. Engelschall] PR#2319 ++ ++ *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on ++ some systems. [Randy Terbush] ++ ++ *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to ++ more proper ap_log_error() variants. ++ [Ralf S. Engelschall] ++ ++ *) Make sure the argument for the --add-module option to APACI's configure ++ script is of type [path/to/]mod_xxx.c because all calculations inside ++ configure and src/Configure depend on this. ++ [Ralf S. Engelschall] PR#2307 ++ ++ *) Changes usage of perror/fprintf to stderr to more proper ap_log_error ++ in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config. ++ [Brian Behlendorf] ++ ++ *) Various OS/2 cleanups ["Brian Havard" <brianh kheldar.apana.org.au>] ++ ++ *) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock ++ serialized accept to handle multiple sockets. ++ [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2295, 2296 ++ ++ *) Have NT properly set the directory for CGI scripts ++ (& other spawned children) ++ [W G Stoddard <wgstodda us.ibm.com>] ++ ++ *) Propagate environment to CGI scripts correctly in Win32. ++ [W G Stoddard <wgstodda us.ibm.com>] PR#2294 ++ ++ *) Some symbol renaming: ++ ap_spawn_child_err became ap_spawn_child ++ ap_spawn_child_err_buff became ap_bspawn_child ++ spawn_child was obsoleted and moved to compat.h ++ [Brian Behlendorf] ++ ++ *) Upgrade the child spawning code in mod_rewrite for the RewriteMap ++ programs: ap_spawn_child_err() is used and the Win32 case now uses ++ CreateProcess() instead of a low-level execl() (which caused problems in ++ the past under Win32). ++ [Ralf S. Engelschall] ++ ++ *) A few cosmetics and trivial enhancements to APXS to make the ++ generated Makefile more user friendly. [Ralf S. Engelschall] ++ ++ *) Proxy Fix: The proxy special failure routine ap_proxyerror() ++ was updated to use the normal apache error processing, thereby allowing ++ proxy errors to be treated by ErrorDocument's as well. For this ++ purpose, a new module-to-core communication variable "error-notes" ++ was introduced; the proxy (and possibly other modules) communicates ++ its error text using this variable. Its content is copied to a new ++ cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments. ++ The old proxy special error routine ap_proxy_log_uerror() ++ was replaced by regular ap_log_error() calls, many messages were made ++ more informative. ++ [Martin Kraemer] PR#494, 1259 ++ ++ *) SECURITY: A possible buffer overflow in the ftp proxy was fixed. ++ [Martin Kraemer] ++ ++ *) Transform the configure message "You need root privileges for suEXEC" ++ from a fatal error into a (more friendly) warning because the building ++ ("make") of Apache we can allow, of course. Root privileges are needed ++ only for the installation step ("make install"). So make sure the ++ user is aware of this fact but let him proceed as long as he can. ++ [Ralf S. Engelschall] PR#2288 ++ ++ *) Renamed three more functions to common ap_ prefix which we missed at the ++ Big Symbol Renaming because they're #defines and not real C functions: ++ is_default_port(), default_port(), http_method(). ++ [Ralf S. Engelschall] ++ ++ *) A zero-length name after a $ in an SSI document should cause ++ just the $ to be in the expansion. This was broken during the ++ security fixes in 1.2.5. [Dean Gaudet] PR#1921, 2249 ++ ++ *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some ++ memory. [Rob Saccoccio <robs InfiniteTechnology.com>] PR#2252 ++ ++ *) Fix src/support/httpd.exp (DSO export file which is currently only ++ used under AIX) because of recent changes to function names. ++ [Ralf S. Engelschall] ++ ++Changes with Apache 1.3b7 ++ ++ *) Make sure a MIME-type can be forced via a RewriteRule even when no ++ substitution takes place, for instance via the following rule: ++ ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often ++ requested by users in the past to force a single script without a .cgi ++ extension and outside any cgi-bin dirs to be executed as a CGI program. ++ [Ralf S. Engelschall] PR#2254 ++ ++ *) A fix for protocol issues surrounding 400, 408, and ++ 414 responses. [Ed Korthof] ++ ++ *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf] ++ ++ *) Fix discrepancy in proxy_ftp.c which was causing failures when ++ trying to connect to certain ftpd's, such as anonftpd. ++ [Rick Ohnemus <rick ecompcon.com>] ++ ++ *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's ++ logfile instead of fiddling around itself with child spawning stuff. ++ [Ralf S. Engelschall] ++ ++ *) Made RefererIgnore case-insensitive. ++ ++ *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs. ++ [Brian Behlendorf] ++ ++ *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything ++ "safe" under Win32. In: mod_include.c, mod_mime_magic.c ++ [Brian Behlendorf] ++ ++ *) Improve RFC1413 support. [Bob Beck <beck bofh.ucs.ualberta.ca>] ++ ++ *) Fix support script `dbmmanage': It was unable to handle some sort ++ of passwords, especially passwords with "0" chars. ++ [Ralf S. Engelschall] PR#2242 ++ ++ *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed. ++ [Ben Laurie] PR#2238 ++ ++ *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C ++ library), so CGI handling has been changed to use Win32 native handles ++ instead of C file descriptors. ++ [Ben Laurie and Bill Stoddard <wgstodda us.ibm.com>] PR#1129, 1607 ++ ++ *) The proxy cache would store an incorrect content-length in the cached ++ file copy after a cache update. That resulted in repeated fetching ++ of the original copy instead of using the cached copy. ++ [Ernst Kloppenburg <kloppen isr.uni-stuttgart.de>] PR#2094 ++ ++ *) The Makefiles assumed that DSO files are build via $(LD). This ++ is broken for two reasons: First we never defined at least LD=ld ++ somewhere to make sure this works (it was silently assumed that most Make ++ provide a built-in LD definition - ARGL!) and second using the generic LD ++ variable is not the truth. Instead a special variable named LD_SHLIB is ++ reasonable because although "ld" is usually the default, the command for ++ building DSO files can be "libtool" or even "cc" on some systems. ++ [Ralf S. Engelschall] ++ ++ *) Replace the AddVersionPlatform directive with ServerTokens which ++ provides for more control over the format of the Server: ++ header line. SERVER_SUBVERSION is no longer supported; ++ all module should use the ap_add_version_component() ++ API function instead. [Jim Jagielski] ++ ++ *) Support for the NCR MP/RAS 3.0 ++ [John Withers <withers semi.kcsc.mwr.irs.gov>] ++ ++ *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was ++ not retrieved in src/Configure and thus was not useable. ++ [Ralf S. Engelschall] ++ ++ *) Various Makefile consistency cleanups: ++ - make OSDIR also automatically be relative to src/ like INCDIR ++ - SUBDIRS is now generated in src/Makefile only and not in ++ Makefile.config because it is a local define for this location. ++ - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside ++ any Makefile but make sure that at least the "-K inline" is kept in ++ CFLAGS for SCO 5. ++ - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too. ++ - updated the dependencies theirself ++ - removed not existing SHLIB variable from "clean" targets ++ - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS ++ already exists and OBJS_PIC are also just plain objects and have not ++ directly to do with "shared" things. The only difference is that they ++ contain PIC. So OBJS_PIC is the more canonical name. ++ - Updated the Makefile-dependency lines for OBJS_PIC ++ - Removed the Makefile-dependency line in Configure to avoid double ++ definitions ++ - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage ++ of xxx.lo as GNU libtool does with its PIC objects ++ - reduce local complexity in modules Makefile.tmpl by moving the last ++ existing target "depend" to the generation section in Configure, too. ++ - removed the historical $(SPACER) which was used in the past together ++ with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This ++ is no longer needed. ++ - force the build and run of the gen_xxx programs under main/ as the ++ first step before building the objects because it looks cleaner ++ [Ralf S. Engelschall] ++ ++ *) WIN32: Make Win32 work again after the /dev/null DoS fix. ++ [Ben Laurie] ++ ++ *) WIN32: Check for buffer overflows in ap_os_canonical_filename. ++ [Ben Laurie] ++ ++ *) WIN32: Don't force ISAPI headers to finish with \n. ++ [Jim Patterson <Jim.Patterson Cognos.COM>, Ben Laurie] PR#2060 ++ ++ *) When opening "configuration" files (like httpd.conf, htaccess ++ and htpasswd), Apache will not allow them to be non-/dev/null ++ device files. This closes a DoS hole. At the same time, ++ we use ap_pfopen to open these files to handle timeouts. ++ [Jim Jagielski, Martin Kraemer] ++ ++ *) Apache will now log the reason its httpd children exit if they exit ++ due to an unexpected signal. (It requires a new porting define, ++ SYS_SIGLIST, which if defined should point to a list of text ++ descriptions of the signals available. See PORTING.) [Dean Gaudet] ++ ++ *) WIN32: chdir() doesn't make sense in a multithreaded environment ++ like WIN32. Before, Win32 CGI's could have had sporadic failures ++ if a chdir call from one thread was made between another chdir call ++ and a spawn in another thread. So, for now don't chdir for CGI scripts ++ in WIN32. The current CGI "spec" is unclear as to whether it's ++ necessary. Long-term fix is to either serialize the chdir/spawn combo ++ or use WIN32 native calls to spawn a process. This temp fix was ++ necessary to remove this as a showstopper for 1.3's release. ++ [Brian Behlendorf] ++ ++ *) Cleanup the suEXEC support in APACI and make it more safe: ++ 1. Add big fat hint in INSTALL about risks and to read the ++ htdocs/manual/suexec.html document before using the suexec-related ++ configure options. ++ 2. Make sure the user has at least provided one --suexec-xxxx option ++ (specifies suEXEC parameters) in addition to --enable-suexec option. ++ If only --enable-suexec is given APACI stops with a hint to INSTALL ++ and htdocs/manual/suexec.html documents. ++ 3. Provide two additional --suexec-xxxx options to make the suEXEC ++ configuration complete (especially for package maintainers who else ++ had to patch the source tree) by providing ways to configure minimal ++ UID/GID and safe PATH, too. ++ [Ralf S. Engelschall] ++ ++ *) Cleanup of the `configure --shadow' process: ++ - make sure the configure script creates its temporary files in the ++ shadow tree to avoid conflicts with parallel configure runs ++ - removed unnecessary option "-r" from "rm" call for Makefiles ++ - make sure the configure scripts creates the shadow-wrapper Makefile ++ only when no shadow trees already exists ++ - make sure "make distclean" removes the shadow-wrapper Makefile but only ++ when no more shadow trees exists ++ - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice ++ as fast (in the past it needed 70sec, now it runs just 38sec) ++ - make sure CVS does not complain about the created files ++ Makefille.<gnutriple> and directories src.<gnutriple> ++ [Ralf S. Engelschall] ++ ++ *) Added the ap_add_version_component() API routine and the ++ AddVersionPlatform core directive. The first allows modules to ++ declare themselves in the Server response header field value, ++ augmenting the SERVER_SUBVERSION define in the Configuration file ++ with run-time settings (more useful in a loadable-module environment). ++ AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)" ++ into the server version string. [Ken Coar] PR#2056 ++ ++ *) Minor stability tweaks to avoid core dumps in ap_snprintf. ++ [Martin Kraemer] ++ ++ *) Emit the "Accept-Range" header for the default handler. ++ [Brian Behlendorf] PR#1464 ++ ++ *) Add a note to httpd.conf-dist that apache will on some systems fail ++ to start when the Group # is set to a negative or large positive value. ++ [Martin Kraemer] ++ ++ *) Make sure the module execution order is correct even when some modules ++ are loaded under runtime (`LoadModule') via the DSO mechanism: ++ 1. The list of loaded modules is now a dynamically allocated one ++ and not the original statically list from modules.c ++ 2. The loaded modules are now correctly setup by LoadModule for ++ later use by the AddModule command. ++ 3. When the DSO mechanism for modules is used APACI's `install' ++ target now enables all created `LoadModule' lines per default because ++ this is both already expected by the user _and_ needed to avoid ++ confusion with the next point and reduces the Makefile.tmpl complexity ++ 4. When the DSO mechanism for modules is used, APACI's `install' ++ target now additionally makes sure the module list is reconstructed ++ via a complete `ClearModuleList+AddModule...' entry. ++ 5. The support tool `apxs' now also makes sure an AddModule command ++ is added in addition to the LoadModule command. ++ 6. The modules.c generation was extended to now contain two ++ comments to make sure no one is confused by the confusing terminology ++ of loading/linking (we use load=link+load & link=activate instead of ++ the obvious load=activate & link=link :-( ) ++ This way now there is no longer a difference under execution time between ++ statically and dynamically linked modules. ++ [Ralf S. Engelschall] ++ ++ *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the ++ Big Symbol Renaming. [Ralf S. Engelschall] ++ ++ *) Add a comment to mod_example.c showing the format of a FLAG command ++ handler. [Ken Coar] ++ ++ *) Standardized the time format in mod_status to match that of other ++ places in the code (e.g. DATE_GMT). PR#1551 ++ ++ *) Fix handling of %Z in timefmt strings for those platforms with no time ++ zone information in their tm struct. [Paul Eggert <eggert twinsun.com>] ++ PR#754 ++ ++ *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature ++ feature compatible with 'UseCanonicalName off' by changing ++ r->server->server_hostname to ap_get_server_name(). And I changed some ++ functions which use r->server->port to use ap_get_server_port() instead, ++ because if there's no Port directive in the config r->server->port is 0. ++ [Lars Eilebrecht] ++ ++ *) get/set_module_config are trivial enough to be better off inline. Worth ++ 1.5% performance boost. [Dean Gaudet] ++ ++ *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c ++ when ensuring 'x' is at least 30-chars big. [Jim Jagielski, ++ Brian Behlendorf] ++ ++ *) [BS2000 security] BS2000 needs an extra authentication to initialize ++ the task environment to the unprivileged User id. Otherwise CGI scripts ++ would have a way to gain super user access. [Martin Kraemer] ++ ++ *) Fix debug log messages for BS2000/OSD: instead of logging the whole ++ absolute path, only log base name of logging source as is done ++ in unix. [Martin Kraemer] ++ ++ *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in ++ the encoding type from the Accept-Encoding header (if it's there) ++ and use it in the response, as that's probably what it'll be expecting. ++ [<Ronald.Tschalaer psi.ch>] ++ ++ *) Fix to mod_alias: translate_alias_redir is dealing with ++ a URI, not a filename, so the check for drive letters for win32 ++ and emx is not necessary. [Dean Gaudet] ++ ++ *) WIN32: Allow .cmd as an executable extension. ++ [Kari Likovuori <Kari.Likovuori mol.fi>] PR#2146 ++ ++ *) Make Apache header files, and some variables, C++ friendly. ++ [Michael Anderson's <mka redes.int.com.mx>] ++ ++ *) Child processes can now "signal" (by exiting with a status ++ of APEXIT_CHILDFATAL) the parent process to abort and ++ shutdown the server if the error in the child process was ++ fatal enough. [Jim Jagielski] ++ ++ *) mod_autoindex's find_itme() was sensitive to MIME type case. ++ [Jim Jagielski] PR#2112 ++ ++ *) Make sure the referer_log and agent_log entries in the default httpd.conf ++ file are also adjusted for the actual relative installation paths. ++ [Ralf S. Engelschall] PR#2175 ++ ++ *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie] ++ ++ *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie] ++ PR#1558 ++ ++ *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3. ++ Additionally the checks for finding the vendor DSO library were moved ++ from mod_so.c to Configure because first it needs $PLAT etc. and second ++ mod_so already uses an abstraction layer and does not fiddle with the ++ vendor functions itself. ++ [Jens-Uwe Mager, Ralf S. Engelschall] ++ ++ *) PORT: Some optimization defines for NetBSD ++ [Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165 ++ ++ *) PORT: Dynamic Shared Object (DSO) support for NetBSD. ++ [Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158 ++ ++ *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older ++ AIX variants should work fine, too. Even AIX 3.x should work). This is ++ accomplished by using the free DSO emulation code from Jens-Uwe Mager ++ which we put into a os/unix/os-dso-aix.c file. ++ [Ralf S. Engelschall] ++ ++ *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply ++ that we should use NET_SIZE_T == int but the include files force size_t. ++ [Ralf S. Engelschall] ++ ++ *) Fix two bugs in select() handling in http_main.c. ++ [Roy Fielding] ++ ++ *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO ++ is unset (as it is in situations like timeouts) where it is unclear ++ whether errno is set or not. [Martin Kraemer] ++ ++ *) Just having APACI's localstatedir is too general and not enough for most ++ of the systems. 1.3b6 again required manual APACI patches by package ++ maintainers from Red Hat and FreeBSD because for their filesystem layout a ++ little bit more flexibility in configuring the paths is needed. Hence we ++ provide three additional configure options (--runtimedir, --logfiledir, ++ --proxycachedir) which now can be used for more granular adjustments if ++ --localstatedir is not enough to fit the particular needs. As a nice ++ side-effect this reduces some subdir fiddling in configure+Makefile.tmpl. ++ [Ralf S. Engelschall] ++ ++ *) Make the install root for "make install" in APACI's Makefile overrideable ++ by package authors. This way we are even more friendly to package ++ maintainers (especially Debian and Red Hat) who build for the real prefix ++ via "configure --prefix=/<real>" but use a different local prefix via ++ "make root=/tmp/apache install" for rolling the package without bristling ++ the target location on their system. ++ [Ralf S. Engelschall] ++ ++ *) Workaround sed limitations in APACI's configure script by now ++ substituting in chunks of 50 commands (because for instance HPUX's vendor ++ sed has a limit of max. 98 commands) ++ [Ralf S. Engelschall] PR#2136 ++ ++ *) Adding SOCKS5 support and fixing existing SOCKS4 support. ++ [Ralf S. Engelschall] PR#2140 ++ ++ *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG ++ RENAMING process because they are defined as pre-processor macros instead ++ of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd ++ [Ralf S. Engelschall] ++ ++ *) Workaround braindead AWK's when generating ap_config.h: The split() and ++ substr() functions cannot be nested under vendor AWK from Solaris 2.6. ++ [Ralf S. Engelschall] PR#2139 ++ ++ *) Various bugfixes and cleanups for the APACI configure script: ++ o fix IFS handling for _nested_ situation ++ o fix Perl interpreter search: take first one found instead of last one ++ o fix DSO consistency check ++ o print error messages to stderr instead of stdout ++ o add install-quiet for --shadow situation to Makefile stub ++ o reduce complexity by avoiding sed-hacks for rule and module list loops ++ [Ralf S. Engelschall] ++ ++ *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114 ++ ++ *) Make sure the input field separator (IFS) shell variable is explicitly ++ initialized correctly before _every_ `for' loop and also restored after ++ the loops. [Ralf S. Engelschall] ++ ++ *) Make sure that "make install" doesn't overwrite the `mime.types' and ++ `magic' files from an existing Apache installation. Because people often ++ customize these for own MIME and content types. ++ [Ralf S. Engelschall] ++ ++ *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x ++ [Peter Galbavy, Ralf S. Engelschall] PR#2109 ++ ++ *) Fix the path to the ScoreBoardFile in the install-config target, too. ++ [Ralf S. Engelschall] PR#2105 ++ ++ *) Let "configure" clear out the users parameters (provided as shell ++ variables) to avoid side-effects in "src/Configure" when the user ++ exported them (which is not needed, but some users do it). ++ [Ralf S. Engelschall] PR#2101 ++ ++ *) Provide backward compatibility from some old src/Configuration.tmpl ++ parameter names to the canonical Autoconf-style shell variable names. For ++ instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now ++ but a hint message is displayed. [Ralf S. Engelschall] ++ ++ *) Make sure that "make install" doesn't overwrite the DocumentRoot and ++ CGI scripts from an existing Apache installation. ++ [Ralf S. Engelschall, Jim Jagielski] PR#2084 ++ ++ *) Make `configure --compat' more "compatible" by first ++ let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and ++ second by making sure the "avoid-bristling-suffix" /apache is not ++ appended to sysconfdir, datadir, localstatedir and includedir when ++ --compat is used. [Ralf S. Engelschall, Lars Eilebrecht] ++ ++ *) NeXT required strdup() in support/logresolve.c ++ [Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082 ++ ++ *) AIX required sys/select.h in support/ab.c ++ [Jens Schleusener <Jens.Schleusener dlr.de>] PR#2081 ++ ++ *) Fix the path to the MimeMagicFile in the install-config target, too. ++ [Ralf S. Engelschall] PR#2089 ++ ++ *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>] ++ ++ *) If you start apache with the -S command line option it will dump ++ out the parsed vhost settings. This is useful for folks trying ++ to figure out what is wrong with their vhost configuration. ++ (Other dumps may be added in the future.) [Dean Gaudet] ++ ++ *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf, ++ ap_snprintf, and ap_psprintf). See include/ap.h for docs. ++ [Dean Gaudet] ++ ++ *) Because /usr/local/apache is the default prefix the ``configure ++ --compat'' option no longer has to set prefix, again. This way the ++ --compat option honors a leading --prefix option. [Lars Eilebrecht] ++ ++ *) PORT: Cast the first argument of dlopen() in ap_os_dso_load() ++ to `char *' under OSF1 and FreeBSD 2.x where it is defined this way ++ to avoid "discard const" warnings. [Ralf S. Engelschall] ++ ++ *) If a specific handler is set for a file yet the request still ++ ends up being handled by the default handler, log an error ++ message before handling it. This catches things such as trying ++ to use SSIs without mod_include enabled. [Marc Slemko] ++ ++ *) Fix error logging for the startup case where ap_log_error() still uses ++ stderr as the target. Now the default log level is honored here, too. ++ [Ralf S. Engelschall] ++ ++ *) PORT: Make sure some AWK's don't fail in src/Configure with "string too ++ long" errors when generating the MODULES entry for src/Makefile ++ [Ben Hyde, Ralf S. Engelschall] ++ ++ *) Make sure src/Configure doesn't complain about the old directory ++ /usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht] ++ ++Changes with Apache 1.3b6 ++ ++ *) PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde] ++ ++ *) Adding DSO support for the HP/UX platform by emulating the dlopen-style ++ interface via the similar but proprietary HP/UX shl_xxx-style system ++ calls. [Ralf S. Engelschall] ++ ++ *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made ++ APACI Makefile.tmpl "install" target more robust for sensible UnixWare ++ Make. [Ralf S. Engelschall] ++ ++ *) ++++ THE BIG SYMBOL RENAMING ++++ ++ To avoid symbol clashes with third-party code compiled into the server, ++ we globally applied the prefix "ap_" to the following classes of ++ functions: ++ - Apache provided general functions (e.g., ap_cpystrn) ++ - Public API functions (e.g., palloc, bgets) ++ - Private functions which we can't make static (because of ++ cross-object usage) but should be (e.g., new_connection) ++ For backward source compatibility a new header file named compat.h was ++ created which provides defines for the old symbol names and can be used ++ by third-party module authors. ++ [The Apache Group] ++ ++ *) Added dynamic shared object (DSO) support for SVR4-derivates: The ++ problem under SVR4 is that there is no command flag to force the linker ++ to export the global symbols of the httpd executable therewith they are ++ available to the DSO's. Instead of problematic hacks like creating a ++ dummy.so file (containing dummy references to all global symbols) the ++ httpd binary is linked against, we use a clean trick stolen from Perl 5: ++ Placing the Apache core code itself into a DSO library named libhttpd.so. ++ This way the global symbols _HAVE_ to be exported and thus are available ++ to any manually loaded DSO's under runtime. To reduce the impact to the ++ user to null we go even further and create a stub httpd executable which ++ automatically keeps track of the DSO library loading itself and thus ++ hides the complete mechanism from the user. Although the generation of ++ this DSO library is automatically triggered for platforms which ++ essentially need it (mostly all SVR4-derivates) it can be also enabled ++ manually via the Rule SHARED_CORE. This can be interesting in the future ++ where we perhaps exploit this libhttpd.so mechanism for providing nifty ++ features like graceful upgrades, or whatever. ++ [Ralf S. Engelschall, Martin Kraemer] ++ ++ *) Build the libraries before building the rest of the tools. [Ben Hyde] ++ ++ *) Add "distclean" target to src/-Makefiles to provide "make distclean" also ++ inside the src subtree (i.e. for non-APACI users). Following GNU Makefile ++ conventions while "clean" removes only stuff created by "all" targets, ++ "distclean" additionally removes the stuff from the configuration ++ process. This way "make distclean" (hence the name) provides a fresh ++ source tree as it was for distribution. ++ [Ralf S. Engelschall] ++ ++ *) Allow top-level (APACI) Makefile to break on build errors ++ the same way the src/ subtree Makefiles breaks on them by replacing the ++ initial APACI sed-subdir-display-kludge with a more clean ++ variable-passing-solution: variable SDP can optionally hold the subdir ++ prefix which is consistently used for displaying the subdir movement. ++ This way even the top-level Makefile can stop correctly on errors as the ++ user expects. [Ralf S. Engelschall] ++ ++ *) Fixed ordering of argument checks for RewriteBase directive. ++ [Todd Eigenschink <eigenstr mixi.net>] PR#2045 ++ ++ *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of ++ indicating that a module is being compiled for dynamic loading. Also ++ remove #define IS_MODULE from modules and add SHARED_MODULE define ++ to the mak/dsp files. [Alexei Kosut] ++ ++ *) Reduce logging level of "normal" warning messages to APLOG_INFO, ++ since we are now logging APLOG_WARNING by default. [Roy Fielding] ++ ++ *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard] ++ ++ *) Add documentation file and src/Configuration.tmpl entry for the ++ experimental mod_mmap_static module. Because although it is and marked as ++ an experimental one it is distributed and thus should be documented and ++ prepared for configuration the same way as all others modules. ++ [Ralf S. Engelschall] ++ ++ *) Add query (-q) option to apxs support tool to be able to manually query ++ specific settings from apxs. This is needed for instance when you ++ manually want to access Apache's header files and you need to assemble ++ the -I option. Now you can do -I`apxs -q INCLUDEDIR`. ++ [Ralf S. Engelschall] ++ ++ *) Now src/Configure uses a fallback strategy for the shared object support ++ on platforms where no explicit information is available: If a Perl ++ installation exists we ask it about its shared object support and if it's ++ the dlopen-style one we shamelessly guess the compiler and linker flags ++ for creating shared objects from Perls knowledge. Of course, the user is ++ warning about what we are doing and informed that he should send us ++ the guessed flags when they work. [Ralf S. Engelschall] ++ ++ *) Provide APACI --without-support option to be able to disable the build ++ and installation of the support tools from the src/support/ area. ++ Although its useful to have these installed per default we should provide ++ a way to compile and install without them for backward-compatibility. ++ [Ralf S. Engelschall] ++ ++ *) Add of the new APache eXtenSion (apxs) support tool for building and ++ installing modules into an _already installed_ Apache package through the ++ dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that ++ this approach actually doesn't need the Apache source tree. The ++ (APACI-installed) server package is enough, because this now includes the ++ Apache C header files (PREFIX/include) and the new APXS tool ++ (SBINDIR/apxs). The intend is to provide a handy tool for third-party ++ module authors to build their Apache modules _OUTSIDE_ the Apache source ++ tree while avoiding them to fiddle around with the totally platform ++ dependend way of compiling DSO files. The tool supports all ranges of ++ modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3 ++ which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can ++ on-the-fly generate a minimalistic Makefile and sample module for the ++ first step to provide both a quick success event and to demonstrate the ++ APXS mechanism to module authors. [Ralf S. Engelschall] ++ ++ *) Fix core dumps in use of CONNECT in proxy. ++ [<Rainer.Scherg rexroth.de>] PR#1326, #1573, #1942 ++ ++ *) Modify the log directives in httpd.conf-dist files to use CustomLog ++ so that users have examples of how CustomLog can be used. ++ [Lars Eilebrecht] ++ ++ *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of ++ the Apache distribution tree. Until Apache 1.3 there was no real ++ out-of-the-box batch-capable build and installation procedure for the ++ complete Apache package. This is now provided by a top-level "configure" ++ script and a corresponding top-level "Makefile.tmpl" file. The goal is ++ to provide a GNU Autoconf-style frontend which is capable to both drive ++ the old src/Configure stuff in batch and additionally installs the ++ package with a GNU-conforming directory layout. Any options from the old ++ configuration scheme are available plus a lot of new options for flexibly ++ customizing Apache. [Ralf S. Engelschall] ++ ++ *) The floating point ap_snprintf code wasn't threadsafe. ++ Had to remove the HAVE_CVT macro in order to do threadsafe ++ calling of the ?cvt() floating point routines. [Dean Gaudet] ++ ++ *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962 ++ ++ *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler ++ [Jim Jagielski] PR#1901 ++ ++ *) BUG: Configure was using TCC and CC inconsistently. Make sure ++ Configure knows which CC we are using. [Jim Jagielski] ++ ++ *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec" ++ was defined in a parent directory. [Lars Eilebrecht] ++ ++ *) API: ap_snprintf() code mutated into ap_vformatter(), which is ++ a generic printf-style routine that can call arbitrary output ++ routines. Use this to replace http_bprintf.c. Add new routines ++ psprintf(), pvsprintf() which allocate the exact amount of memory ++ required for a string from a pool. Use psprintf() to clean up ++ various bits of code which used ap_snprintf()/pstrdup(). ++ [Dean Gaudet] ++ ++ *) PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because ++ ap_snprintf() has different semantics and formatting codes than ++ snprintf(). [Dean Gaudet] ++ ++ *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This ++ is necessary on at least Solaris where the /etc/rc?.d scripts ++ are run with these signals ignored, and "SIG_IGN" settings are ++ maintained across exec(). ++ [Rein Tollevik <reint sys.sol.no>] PR#2009 ++ ++ *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was ++ used instead of lstat() and thus this flag didn't work as expected. ++ [Rein Tollevik <reint sys.sol.no>] PR#2010 ++ ++ *) Fix the proxy pass-through feature of mod_rewrite for the case of ++ existing QUERY_STRING now that mod_proxy was recently changed because of ++ the new URL parsing stuff. [Ralf S. Engelschall] ++ ++ *) A few changes to scoreboard definitions which helps gcc generate ++ better code. [Dean Gaudet] ++ ++ *) ANSI C doesn't guarantee that "int foo : 2" in a structure will ++ be a signed bitfield. So mark a few bitfields as signed to ++ ensure correct code. [Dean Gaudet] ++ ++ *) The default for HostnameLookups was changed to Off, but there ++ was a problem and it wasn't taking effect. [Dean Gaudet] ++ ++ *) PORT: Clean up undefined signals on some platforms (SCO, BeOS). ++ [Dean Gaudet] ++ ++ *) After a SIGHUP the listening sockets in the parent weren't ++ properly marked for closure on fork(). ++ [Jürgen Keil <jk tools.de>] PR#2000 ++ ++ *) Allow %2F in two situations: 1) it is in the query part of the URI, ++ therefore not exposed to %2F -> '/' translations and 2) the request ++ is a proxy request, so we're not dealing with a local resource anyway. ++ Without this, the proxy would fail to work for any URL's with ++ %2f in them (occurs quite often in ++ http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer] ++ ++ *) Protect against FD_SETSIZE mismatches. [Dean Gaudet] ++ ++ *) Make the shared object compilation command more portable by avoiding ++ the direct combination of `-c' & `-o' which is not honored by some ++ compilers like UnixWare's cc. [Ralf S. Engelschall] ++ ++ *) WIN32: the proxy was creating filenames missing the last four ++ characters. While this normally doesn't stop anything from ++ working, it can result in extra collisions. ++ [Tim Costello <tjcostel socs.uts.edu.au>] PR#1890 ++ ++ *) Now mod_proxy uses the response string (in addition to the response status ++ code) from the already used FTP SIZE command to setup the Content-Length ++ header if available. [Ralf S. Engelschall] PR#1183 ++ ++ *) Reanimated the (still undocumented) proxy receive buffer size directive: ++ Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old ++ name was really too generic, added documentation for this directive to ++ the mod_proxy.html and corrected the hyperlink to it in the ++ new_features_1.3.html document. [Ralf S. Engelschall] PR#1348 ++ ++ *) Fix a bug in the src/helpers/fp2rp script and make it a little bit ++ faster [Martin Kraemer] ++ ++ *) Make Configure die when you give it an unknown command switch. ++ [Ben Hyde] ++ ++ *) Add five new and fresh manpages for the support programs: dbmmanage.1, ++ suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date ++ and per default compiled support programs have manual pages - just to ++ document our stuff a little bit more and to be able to do really ++ Unix-like installations ;-) [Ralf S. Engelschall] ++ ++ *) Major cleanups to the Configure script to make it and its generated ++ Makefiles again readable and maintainable: add SRCDIR option, removed ++ INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of ++ generated sections, consequently added Makefile headers with inheritance ++ information, added subdir movement messages for easier following where ++ the build process currently stays (more verbose then standard Make, less ++ verbose than GNU make), same style to comments in the Configure script, ++ added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall] ++ ++ *) Add the new ApacheBench program "ab" to src/support/: This is derived ++ from the ZeusBench benchmarking program and can be used to determine the ++ response performance of an Apache installation. This version is ++ officially licensed with Zeus Technology, Ltd. See the license agreement ++ statements in <199803171224.NAA24547 en1.engelschall.com> in apache-core. ++ [Ralf S. Engelschall] ++ ++ *) API: Various core functions that are definately not part of the API ++ have been made static, and a few have been marked API_EXPORT. Still ++ more have been marked CORE_EXPORT and are not intended for general ++ use by modules. [Doug MacEachern, Dean Gaudet] ++ ++ *) mod_proxy was not clearing the Proxy-Connection header from ++ requests; now it does. This did not violate any spec, however ++ causes poor interactions when you are talking to remote proxies. ++ [Marc Slemko] PR#1741 ++ ++ *) Various cleanups to the command line interface and manual pages. ++ [Ralf S. Engelschall] ++ ++ *) cfg_getline() was not properly handling lines that did not end ++ with a line termination character. [Marc Slemko] PR#1869, 1909 ++ ++ *) Performance tweak to mod_log_config. [Dmitry Khrustalev] ++ ++ *) Clean up some undocumented behavior of mod_setenvif related to ++ "merging" two SetEnvIf directives when they match the same header ++ and regex. Document that mod_setenvif will perform comparisons in ++ the order they appear in the config file. Optimize mod_setenvif by ++ doing more work at config time rather than at runtime. ++ [Dean Gaudet] ++ ++ *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's ++ to allow for modules to overrule them and to reduce redefinition ++ warnings [Jim Jagielski] ++ ++ *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3. ++ [Jim Jagielski] ++ ++ *) Making the hard-coded cross-module function call mime_find_ct() (from ++ mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type ++ checking is really called even for proxy requests except for URLs with ++ HTTP schemes (because there we can optimize by not running the type ++ checking hooks due to the fact that the proxy gets the MIME Content-type ++ from the remote host later). This change cleans up mod_mime by removing ++ the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and ++ especially unbundles mod_proxy and mod_mime. This way they both now can ++ be compiled as shared objects and are no longer tied together. ++ [Ralf S. Engelschall] ++ ++ *) util.c cleanup and speedup. [Dean Gaudet] ++ ++ *) API: Clarification, pstrndup() will always copy n bytes of the source ++ and NUL terminate at the (n+1)st byte. [Dean Gaudet] ++ ++ *) Mark module command_rec and handler_rec structures const so that they ++ end up in the read-only data section (and are friendlier to systems ++ that don't do optimistic memory allocation on fork()). [Dean Gaudet] ++ ++ *) Add check to the "Port" directive to make sure the specified ++ port is in the appropriate range. [Ben Hyde] ++ ++ *) Performance improvements to invoke_handler(). ++ [Dmitry Khrustalev <dima bog.msu.su>] ++ ++ *) Added support for building shared objects even for library-style modules ++ (which are built from more than one object file). This now provides the ++ ability to build mod_proxy as a shared object module. Additionally ++ modules like mod_example are now also supported for shared object ++ building because the generated Makefiles now no longer assume there is at ++ least one statically linked module. [Ralf S. Engelschall] ++ ++ *) API: Clarify usage of content_type, handler, content_encoding, ++ content_language and content_languages fields in request_rec. They ++ must always be lowercased; and the strings pointed to shouldn't ++ be modified (you must copy them to modify them). Fix a few bugs ++ related to this. [Dean Gaudet] ++ ++ *) API: Clarification: except for RAW_ARGS, all command handlers can ++ treat the char * parameters as permanent, and modifiable. There ++ is no need to pstrdup() them. Clean up some needless pstrdup(). ++ [Dean Gaudet] ++ ++ *) Now mod_so keeps track of which module shared objects with which names ++ are loaded and thus avoids multiple loading and unloading and irritating ++ error_log messages. [Ralf S. Engelschall] ++ ++ *) Prior to the existence of mod_setenv it was necessary to tweak the TZ ++ environment variable in the apache core. But that tweaking interferes ++ with mod_setenv. So don't tweak if the user has specified an explicit ++ TZ variable. [Jay Soffian <jay cimedia.com>] PR#1888 ++ ++ *) rputs() did not calculate r->sent_bodyct properly. ++ [Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900 ++ ++ *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's ++ name, or left unset if this value is unavailable. Apache was setting ++ it to the IP address when unavailable. ++ [Tony Finch <fanf demon.net>] PR#1925 ++ ++ *) Various improvements to the configuration and build support for compiling ++ modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and ++ OSF1 support with GCC and vendor compilers was added. This way shared ++ object support is now provided out-of-the-box for FreeBSD, Linux, ++ Solaris, SunOS, IRIX and OSF1. In short: On all major platforms! ++ [Ralf S. Engelschall] ++ ++ *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap" ++ scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD ++ and USE_OS2_SCOREBOARD. [Dean Gaudet] ++ ++ *) Fix one more special locking problem for RewriteMap programs in ++ mod_rewrite: According to the documentation of flock(), "Locks are on ++ files, not file descriptors. That is, file descriptors duplicated ++ through dup(2) or fork(2) do not result in multiple instances of a lock, ++ but rather multiple references to a single lock. If a process holding a ++ lock on a file forks and the child explicitly unlocks the file, the ++ parent will lose its lock.". To overcome this we have to make sure the ++ RewriteLock file is opened _AFTER_ the childs were spawned which is now ++ the case by opening it in the child_init instead of the module_init API ++ hook. [Ralf S. Engelschall] PR#1029 ++ ++ *) Change to Location and LocationMatch semantics. LocationMatch no ++ longer lets a single slash match multiple adjacent slashes in the ++ URL. This change is for consistency with RewriteRule and ++ AliasMatch. Multiple slashes have meaning in URLs that they do ++ not have in (some) filesystems. Location on the other hand can ++ be considered a shorthand for a more complicated regex, and it ++ does match multiple slashes with a single slash -- which is ++ also consistent with the Alias directive. ++ [Dean Gaudet] related PR#1440 ++ ++ *) Fix bug with mod_mime_magic causing certain files, including files ++ of length 0, to result in no response from the server. ++ [Dean Gaudet] ++ ++ *) The Configure script now generates src/include/ap_config.h which ++ contains the set of defines used when Apache is compiled on a platform. ++ This file can then be included by external modules before including ++ any Apache header files in case they are being built separately from ++ Apache. Along with this change, a couple of minor changes were ++ made to make Apache's #defines coexist peacefully with any autoconf ++ defines an external module might have. [Rasmus Lerdorf] ++ ++ *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist ++ but without any RewriteXXXXX directives. Here mod_rewrite is given no ++ chance by the API to initialize its per-server configuration and thus ++ receives the wrong one from the main server. This is now avoided by ++ remembering the server together with the config structure while ++ configuring and later assuming there is no config when we see a ++ difference between the remembered server and the one calling us. ++ [Ralf S. Engelschall] PR#1790 ++ ++ *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now ++ is automatically disabled under configure time when the dbm_xxx functions ++ are not available. Second, two heavy source code errors in the DBM ++ support code were fixed. This makes DBM RewriteMap's usable again after ++ a long time of brokenness. [Ralf S. Engelschall] PR#1696 ++ ++ *) Now all configuration files support Unix-style line-continuation via ++ the trailing backslash ("\") character. This enables us to write down ++ complex or just very long directives in a more readable way. The ++ backslash character has to be really the last character before the ++ newline and it has not been prefixed by another (escaping) backslash. ++ [Ralf S. Engelschall] ++ ++ *) When using ProxyPass the ?querystring was not passed correctly. ++ [Joel Truher <truher wired.com>] ++ ++ *) To deal with modules being compiled and [dynamically] linked ++ at a different time from the core, the SERVER_VERSION and ++ SERVER_BUILT symbols have been abstracted through the new ++ API routines apapi_get_server_version() and apapi_get_server_built(). ++ [Ken Coar] PR#1448 ++ ++ *) WIN32: Preserve trailing slash in canonical path (and hence ++ in PATH_INFO). [Paul Sutton, Ben Laurie] ++ ++ *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable ++ depending on the rev of Solaris and what mixture of modules ++ are in use. So it has been disabled, and Solaris is back to ++ using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with ++ USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed ++ up static content only servers. Or it may fail unpredictably. ++ [Dean Gaudet] PR#1779, 1854, 1904 ++ ++ *) mod_test_util_uri.c created which tests the logic in util_uri.c. ++ [Dean Gaudet] ++ ++ *) API: Rewrite of absoluteURI handling, and in particular how ++ absoluteURIs match vhosts. Unless a request is a proxy request, a ++ "http://host" url is treated as if a similar "Host:" header had been ++ supplied. This change was made to support future HTTP/1.x protocols ++ which may require clients to send absoluteURIs for all requests. ++ ++ In order to achieve this change subtle changes were made to the API. In a ++ request_rec, r->hostlen has been removed. r->unparsed_uri now exists so ++ that the unmodified uri can be retrieved easily. r->proxyreq is not set ++ by the core, modules must set it during the post_read_request or ++ translate_names phase. ++ ++ Plus changes to the virtualhost test suite for absoluteURI testing. ++ ++ This fixes several bugs with the proxy proxying requests to vhosts ++ managed by the same httpd. ++ [Dean Gaudet] ++ ++ *) API: Cleanup of code in http_vhost.c, and remove vhost matching ++ code from mod_rewrite. The vhost matching is now performed by a ++ globally available function matches_request_vhost(). [Dean Gaudet] ++ ++ *) Reduce memory usage, and speed up ServerAlias support. As a ++ side-effect users can list multiple ServerAlias directives ++ and they're all considered. ++ [Chia-liang Kao <clkao cirx.org>] PR#1531 ++ ++ *) The "poly" directive in image maps did not include the borders of the ++ polygon, whereas the "rect" directive does. Fix this inconsistency. ++ [Konstantin Morshnev <moko design.ru>] PR#1771 ++ ++ *) Make \\ behave as expected. [<Ronald.Tschalaer psi.ch>] ++ ++ *) Add the `%a' construct to LogFormat and CustomLog to log the client IP ++ address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885 ++ ++ *) API: A new source module main/util_uri.c; It contains a routine ++ parse_uri_components() and friends which breaks a URI into its component ++ parts. These parts are stored in a uri_components structure called ++ parsed_uri within each request_rec, and are available to all modules. ++ Additionally, an unparse routine is supplied which re-assembles the URI ++ components back to an URI, optionally hiding the username:password@ part ++ from ftp proxy requests, and other useful routines. Within the structure, ++ you find on a ready-for-use basis: ++ scheme; /* scheme ("http"/"ftp"/...) */ ++ hostinfo; /* combined [user[:password]@]host[:port] */ ++ user; /* user name, as in http://user:passwd@host:port/ */ ++ password; /* password, as in http://user:passwd@host:port/ */ ++ hostname; /* hostname from URI (or from Host: header) */ ++ port_str; /* port string (integer representation is in "port") */ ++ path; /* the request path (or "/" if only scheme://host was given) */ ++ query; /* Everything after a '?' in the path, if present */ ++ fragment; /* Trailing "#fragment" string, if present */ ++ This is meant to serve as the platform for *BIG* savings in ++ code complexity for the proxy module (and maybe the vhost logic). ++ [Martin Kraemer] ++ ++ *) Make all possible meta-construct expansions ($N, %N, %{NAME} and ++ ${map:key}) available for all location where a string is created in ++ mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of ++ RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the ++ possible expansions are consequently usable at all string creation ++ locations. [Ralf S. Engelschall] ++ ++ *) Fix initialization of RewriteLogLevel (default now is 0 as documented ++ and not 1) and the per-virtual-server merging of directives. Now all ++ directives except `RewriteEngine' and `RewriteOption' are either ++ completely overridden (default) or completely inherited (when ++ `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325 ++ ++ *) Fix `RewriteMap' program lookup in situations where such maps are ++ defined but disabled (`RewriteEngine off') in per-server context. ++ [Ralf S. Engelschall] PR#1431 ++ ++ *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause ++ server to bind to port 0 rather than 80. [Dean Gaudet] ++ ++ *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates ++ (like SunOS and FreeBSD) which don't accept the locking of pipes ++ directly. A new directive RewriteLock is introduced which can be used to ++ setup a separate locking file which then is used for synchronization. ++ [Ralf S. Engelschall] PR#1029 ++ ++ *) WIN32: The server root is obtained from the registry key ++ HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently ++ "1.3 beta"), unless overridden by the -d command line flag. The ++ value is stored by running "apache -i -d serverroot". [Paul Sutton] ++ ++ *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support ++ dynamic loading on Win32 and Unix via the same module. [Paul Sutton] ++ ++ *) Now mod_rewrite no longer makes problematic assumptions on the characters ++ a username can contain when trying to expand it via /etc/passwd. ++ [Ralf S. Engelschall] ++ ++ *) The mod_setenvif BrowserMatch backwards compatibility command did not ++ work properly with spaces in the regex. [Ronald Tschalaer] PR#1825 ++ ++ *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt' ++ type but with a special post-processing for the looked-up value: It ++ parses it into alternatives according to `|' chars and then only one ++ particular alternative is chosen randomly (this is an essential ++ functionality needed for balancing between backend-servers when using ++ Apache as a Reverse Proxy. The looked up value here is a list of ++ servers). Second, `int' with the built-in maps named `tolower' and ++ `toupper' which can be used to map URL parts to a fixed case (this is an ++ essential feature to fix the case of server names when doing mass ++ virtual-hosting with the help of mod_rewrite instead of using ++ <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from ++ Jay Soffian <jay cimedia.com>] PR#1631 ++ ++ *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'. ++ This directive lets Apache adjust the URL in Location-headers on HTTP ++ redirect responses sent by the remote server. This way the virtually ++ mapped area is no longer left on redirects and thus by-passed which is ++ especially essential when running Apache as a reverse proxy. ++ [Ralf S. Engelschall] ++ ++ *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is ++ hidden. [Alvaro Martinez Echevarria] ++ ++ *) Apache will, when started with the -X (single process) debugging flag, ++ honor the SIGINT or SIGQUIT signals again now. This capability got lost ++ a while ago during OS/2 signal handling changes. ++ ++ *) [PORT] Work around the fact that NeXT runs on more than the ++ m68k chips in mod_status [Scott Anguish and Timothy Luoma ++ <luomat peak.org>] ++ ++ *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well ++ as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov ++ <ache nagual.pp.ru> and Jim] PR#1450 ++ ++ *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers. ++ In particular the handlers could trigger themselves into an infinite ++ loop if RLimitMem was used with a small amount of memory -- too small ++ for the signal stack frame to be set up. [Dean Gaudet] ++ ++ *) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet, ++ Alvaro Martinez Echevarria <alvaro lander.es>] ++ ++ *) Fix multiple UserDir problem introduced during 1.3b4-dev. ++ [Dean Gaudet] PR#1850 ++ ++ *) ap_cpystrn() had an off-by-1 error. ++ [Charles Fu <ccwf klab.caltech.edu>] PR#1847 ++ ++ *) API: As Ken suggested the check_cmd_context() function and related ++ defines are non-static now so modules can use 'em. [Martin Kraemer] ++ ++ *) mod_info would occasionally produce an unpaired <tt> in its ++ output. Fixed. [Martin Kraemer] ++ ++ *) By default AIX binds a process (and it's children) to a single ++ processor. httpd children now unbind themselves from that cpu ++ and re-bind to one selected at random via bindprocessor() ++ [Doug MacEachern] ++ ++ *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no ++ effect. Work around it by using RLIMIT_AS for the RLimitMEM ++ directive. [Enrik Berkhan <enrik inka.de>] PR#1816 ++ ++ *) mod_mime_magic error message should indicate the filename when ++ reads fail. ["M.D.Parker" <mdpc netcom.com>] PR#1827 ++ ++ *) Previously Apache would permit </Files> to end <FilesMatch> (and ++ similary for Location and Directory), now this is diagnosed as an ++ error. Improve error messages for mismatched sections (<Files>, ++ <FilesMatch>, <Directory>, <DirectoryMatch>, ...). ++ [Dean Gaudet, Martin Kraemer] ++ ++ *) <Files> is not permitted within <Location> (because of the ++ semantic ordering). [Dean Gaudet] PR#379 ++ ++ *) <Files> with wildcards was broken by the change in wildcard ++ semantics (* does not match /). To fix this, <Files> now ++ apply only to the basename of the request filename. This ++ fixes some other inconsistencies in <Files> semantics ++ (such as <Files a*b> not working). [Dean Gaudet] PR#1817 ++ ++ *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure ++ backup files are removed on "clean" target [Ralf S. Engelschall] ++ ++ *) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639 ++ ++ *) Various errors from select() and accept() in child_main() would ++ result in an infinite loop. It seems these two tickle kernel ++ or library bugs occasionally, and result in log spammage and ++ a generally bad scene. Now the child exits immediately, ++ which seems to be a good workaround. ++ [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588 ++ ++ *) Cleaned up some race conditions in unix child_main during ++ initialization. [Dean Gaudet] ++ ++ *) SECURITY: "UserDir /abspath" without a * in the path would allow ++ remote users to access "/~.." and bypass access restrictions ++ (but note /~../.. was handled properly). ++ [Lauri Jesmin <jesmin ut.ee>] PR#1701 ++ ++ *) API: os_is_path_absolute() now takes a const char * instead of a char *. ++ [Dean Gaudet] ++ ++Changes with Apache 1.3b5 ++ ++ *) Source file dependencies in Makefile.tmpl files throughout the ++ source tree were updated to accurately reflect reality. ++ [Dean Gaudet] ++ ++ *) Preserve the content encoding given by the AddEncoding directive ++ when the client doesn't otherwise specify an encoding. ++ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] ++ ++ *) Sort out problems with canonical filename handling happening too late. ++ [Dean Gaudet, Ben Laurie] ++ ++Changes with Apache 1.3b4 ++ ++ *) The module structure was modified to include a *dynamic_load_handle ++ in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER ++ has been bumped accordingly. [Paul Sutton] ++ ++ *) All BrowserMatch directives mentioned in ++ htdocs/manual/known_client_problems.html are in the default ++ configuration files. [Lars Eilebrecht] ++ ++ *) MiNT port update. [Jan Paul Schmidt] ++ ++ *) HTTP/1.1 requires x-gzip and gzip encodings be treated ++ equivalent, similarly for x-compress and compress. Apache ++ now ignores a leading x- when comparing encodings. It also ++ preserves the encoding the client requests (for example if ++ it requests x-gzip, then Apache will respond with x-gzip ++ in the Content-Encoding header). ++ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] PR#1772 ++ ++ *) Fix a memory leak on keep-alive connections. [Igor Tatarinov] ++ ++ *) Added mod_so module to support dynamic loading of modules on Unix ++ (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule ++ instead of AddModule in Configuration to build shared modules ++ [Sameer Parekh, Paul Sutton] ++ ++ *) Minor cleanups to r->finfo handling in some modules. ++ [Dean Gaudet] ++ ++ *) Abstract read()/write() to ap_read()/ap_write(). ++ Makes it easier to add other types of IO code such as SFIO. ++ [Randy Terbush] ++ ++ *) API: Generalize default_port manipulations to make support of ++ different protocols easier. [Ben Laurie, Randy Terbush] ++ ++ *) There are many cases where users do not want Apache to form ++ self-referential urls using the "canonical" ServerName and Port. ++ The new UseCanonicalName directive (default on), if set to off ++ will cause Apache to use the client-supplied hostname and port. ++ API: Part of this change required a change to the construct_url() ++ prototype; and the addition of get_server_name() and ++ get_server_port(). ++ [Michael Douglass <mikedoug texas.net>, Dean Gaudet] ++ PR#315, 459, 485, 1433 ++ ++ *) Yet another rearrangement of the source tree.. now all the common ++ header files are in the src/include directory. The -Imain -Iap ++ references in Makefiles have been changed to the simpler -Iinclude ++ instead. In addition to simplifying the build a little bit, this ++ also makes it clear when a module is referencing something in a ++ other than kosher manner (e.g., the proxy including mod_mime.h). ++ Module-private header files (the proxy, mod_mime, the regex library, ++ and mod_rewrite) have not been moved to src/include; nor have ++ the OS-abstraction files. [Ken Coar] ++ ++ *) Fix a bug where r->hostname didn't have the :port stripped ++ from it. [Dean Gaudet] ++ ++ *) Tweaked the headers_out table size, and the subprocess_env ++ table size guess in rename_original_environment(). Added ++ MAKE_TABLE_PROFILE which can help discover make_table() ++ calls that use too small an initial guess, see alloc.c. ++ [Dean Gaudet] ++ ++ *) Options and AllowOverride weren't properly merging in the main ++ server setting inside vhosts (only an issue when you have no ++ <Directory> or other section containing an Options that affects ++ a request). Options +foo or -foo in the main_server wouldn't ++ affect the main_server's lookup defaults. [Dean Gaudet] ++ ++ *) Variable 'cwd' was being used pointlessly before being set. ++ [Ken Coar] PR#1738 ++ ++ *) r->allowed handling cleaned up in the standard modules. ++ [Dean Gaudet] ++ ++ *) Some case-sensitivity issues cleaned up to be consistent with ++ RFC2068. [Dean Gaudet] ++ ++ *) SIGURG doesn't exist everywhere. ++ [Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>] ++ ++ *) mod_unique_id was erroneously generating a second unique id when ++ an internal redirect occured. Such redirects occur, for example, ++ when processing a DirectoryIndex match. [Dean Gaudet] ++ ++ *) API: table_add, table_merge, and table_set include implicit pstrdup() ++ of the key and value. But in many cases this is not required ++ because the key/value is a constant, or the value has been built ++ by pstrcat() or other similar means. New routines table_addn, ++ table_mergen, and table_setn have been added to the API, these ++ routines do not pstrdup() their arguments. The core code and ++ standard modules were changed to take advantage of these routines. ++ The resulting server is up to 20% faster in some situations. ++ ++ Note that it is easy to get code subtly wrong if you pass a key/value ++ which is in a pool other than the pool of the table. The only ++ safe thing to do is to pass key/values which are in the pool of ++ the table, or in one of the ancestors of the pool of the table. ++ i.e. if the table is part of a subrequest, a value from the main ++ request's pool is OK since the subrequest pool is a sub_pool of the ++ main request's pool (and therefore has a lifespan at most as long as ++ the main pool). There is debugging code which can detect improper ++ usage, enabled by defining POOL_DEBUG. See alloc.c for more details. ++ [Dmitry Khrustalev <dima bog.msu.su>, Dean Gaudet] ++ ++ *) More mod_mime_magic cleanup: fewer syscalls; should handle "files" ++ which don't exist on disk more gracefully; handles vhosts properly. ++ Update documentation to reflect the code -- if there's no ++ MimeMagicFile directive then the module is not enabled. ++ [Dean Gaudet] ++ ++ *) PORT: Some older *nix dialects cannot automatically start scripts ++ which begin with a #! interpreter line (the shell starts the scripts ++ appropriately on these platforms). Apache now supports starting of ++ "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set. ++ [Martin Kraemer, with code from Peter Wemm <peter zeus.dialix.oz.au> ++ taken from tcsh] ++ ++ *) API: "typedef array_header table" removed from alloc.h, folks should ++ have been writing to use table as if it were an opaque type, but even ++ some standard modules got this wrong. By changing the definition ++ to "typedef struct table table" module authors will receive compile ++ time warnings that they're doing the wrong thing. This change ++ facilitates future changes with more sophisticated table ++ structures. Specifically, module authors should be using table_elts() ++ to get access to an array_header * for the table. [Dean Gaudet] ++ ++ *) API: Renamed new_connection() to avoid namespace collision with LDAP ++ library routines. [Ken Coar, Rasmus Lerdorf] ++ ++ *) WIN32: mod_speling is now available on the Win32 platform. ++ [Marc Slemko] ++ ++ *) For clarity the following compile time definition was changed: ++ ++ SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT ++ ++ Also, for example, HAVE_MMAP would mean to use mmap() scoreboards ++ and not be a general notice that the OS has mmap(). Now the ++ HAVE_MMAP/SHMGET #defines strictly are informational that the ++ OS has that method of shared memory; the type to use for ++ the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD ++ and USE_SHMGET_SCOREBOARD). This allows outside modules to ++ determine if shared memory is available and allows Apache ++ to determine the best method to use for the scoreboard. ++ [Jim Jagielski] ++ ++ *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT, ++ as do various earlier versions. It should be safe on all versions. ++ Unixware 1.x appears to have the same SIGHUP bug as solaris does with ++ the slack code. A few other cleanups for Unixware. ++ [Tom Hughes <thh cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553 ++ ++ *) PORT: A/UX can handle single-listen accepts without mutex ++ locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski] ++ ++ *) When die() happens we need to eat any request body if one exists. ++ Otherwise we can't continue with a keepalive session. This shows up ++ as a POST problem with MSIE 4.0, typically against pages which are ++ authenticated. [Roy Fielding] PR#1399 ++ ++ *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization ++ header will be passed to CGIs. This is generally a security hole, so ++ it's not a default. [Marc Slemko] PR#549 ++ ++ *) Fix Y2K problem with date printing in suexec log. ++ [Paul Eggert <eggert twinsun.com>] PR#1343 ++ ++ *) WIN32 deserves a pid file. [Ben Hyde] ++ ++ *) suexec errors now include the errno/description. [Marc Slemko] PR#1543 ++ ++ *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467. ++ The choice of flock vs. fcntl was made based on timings which showed that ++ even on non-NFS, non-exported filesystems fcntl() was an order of ++ magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so ++ that single socket users will see no difference. [Dean Gaudet] PR#467 ++ ++ *) "File does not exist" error message was erroneously including the ++ errno. [Marc Slemko] ++ ++ *) Improve the warning message generated when a client drops the ++ connection (hits stop button, etc.) during a send. [Roy Fielding] ++ ++ *) Defining GPROF will disable profiling in the parent and enable it ++ in the children. If you're profiling under Linux this is pretty much ++ necessary because SIGPROF is lost across a fork(). [Dean Gaudet] ++ ++ *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32. ++ [Brian Havard] ++ ++ *) The NeXT cc (which is gcc hacked up) doesn't appear to support some ++ gcc functionality. Work around it. ++ [Keith Severson <keith sssd.navy.mil>] PR#1613 ++ ++ *) Some linkers complain when .o files contain no functions. ++ [Keith Severson <keith sssd.navy.mil>] PR#1614 ++ ++ *) Some const declarations in mod_imap.c that were added for debugging ++ purposes caused some compilers heartburn without adding any ++ significant value, so they've been removed. [Ken Coar] ++ ++ *) The src/main/*.h header files have had #ifndef wrappers added to ++ insulate them against duplicate calls if they get included through ++ multiple paths (e.g., in .c files as well as other .h files). ++ [Ken Coar] ++ ++ *) The libap routines now have a header file for their prototypes, ++ src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar] ++ ++ *) mod_autoindex with a plaintext header file would emit the <PRE> ++ start-tag before the HTML preamble, rather than after the preamble ++ but before the header file contents. [John Van Essen <jve gamers.org>] ++ PR#1667 ++ ++ *) SECURITY: Fix a possible buffer overflow in logresolve. This is ++ only an issue on systems without a MAXDNAME define or where ++ the resolver returns domain names longer than MAXDNAME. [Marc Slemko] ++ ++ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which ++ is used to read various types of files such as htaccess and ++ htpasswd files. [Marc Slemko] ++ ++ *) SECURITY: Ensure that the buffer returned by ht_time is always ++ properly null terminated. [Marc Slemko] ++ ++ *) The "Connection" header could be sent back with multiple "close" ++ tokens. Not an error, but a waste. ++ [<Ronald.Tschalaer psi.ch>] PR#1683 ++ ++ *) mod_rewrite's RewriteLog should behave like mod_log_config, it ++ shouldn't force hostname lookups. [Dean Gaudet] PR#1684 ++ ++ *) "basic" auth needs a case-insensitive comparison. ++ [<Ronald.Tschalaer psi.ch>] PR#1666 ++ ++ *) For maximum portability, the environment passed to CGIs should ++ only contain variables whose names match the regex ++ /[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping ++ underscores over any character outside the regex. This ++ affects HTTP_* variables, in a way that should be backward ++ compatible for all the standard headers; and affects variables ++ set with SetEnv/BrowserMatch and similar directives. ++ [Dean Gaudet] ++ ++ *) mod_speling returned incorrect HREF's when an ambigous match ++ was found. Noticed by <robinton amtrash.comlink.de> (Soeren Ziehe) ++ [Soeren Ziehe <robinton amtrash.comlink.de>, Martin Kraemer] ++ ++ *) PORT: Apache now compiles & runs on an EBCDIC mainframe ++ (the Siemens BS2000/OSD family) in the POSIX subsystem ++ [Martin Kraemer] ++ ++ *) PORT: Fix problem killing children when terminating. Allow ^C ++ to shut down the server. [Brian Havard] ++ ++ *) pstrdup() is implicit in calls to table_* functions, so there's ++ no need to do it before calling. Clean up a few cases. ++ [Marc Slemko, Dean Gaudet] ++ ++ *) new -C and -c command line arguments ++ usage: ++ -C "directive" : process directive before reading config files ++ -c "directive" : process directive after reading config files ++ example: ++ httpd -C "PerlModule Apache::httpd_conf" ++ [Doug MacEachern, Martin Kraemer] ++ ++ *) WIN32: Fix the execution of CGIs that are scripts and called ++ with path info that does not have an '=' in. ++ (eg. http://server/cgi-bin/printenv?foobar) ++ [Marc Slemko] PR#1591 ++ ++ *) WIN32: Fix a call to os_canonical_filename so it doesn't try to ++ mess with fake filenames. This fixes proxy caching on ++ win32. PR#1265 ++ ++ *) SECURITY: General mod_include cleanup, including fixing several ++ possible buffer overflows and a possible infinite loop. ++ [Dean Gaudet, Marc Slemko] ++ ++ *) SECURITY: Numerous changes to mod_imap in a general cleanup ++ including fixing a possible buffer overflow. [Dean Gaudet] ++ ++ *) WIN32: overhaul of multithreading code. Shutdowns are now graceful ++ (connections are not dropped). Code can handle graceful restarts ++ (but there is as yet no way to signal this to Apache). Various ++ other cleanups. [Paul Sutton] ++ ++ *) The aplog_error changes specific to 1.3 introduced a buffer ++ overrun in the (now legacy) log_printf function. Fixed. ++ [Dean Gaudet] ++ ++ *) mod_digest didn't properly deal with proxy authentication. It ++ also lacked a case-insensitive comparision of the "Digest" ++ token. [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] PR#1599 ++ ++ *) A few cleanups in mod_status for efficiency. [Dean Gaudet] ++ ++ *) A few cleanups in mod_info to make it thread-safe, and remove an ++ off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet] ++ ++ *) no2slash() was O(n^2) in the length of the input. Make it O(n). ++ [Dean Gaudet] ++ ++ *) API: migration from strncpy() to our "enhanced" version called ++ ap_cpystrn() for performance and functionality reasons. ++ Located in libap.a. [Jim Jagielski] ++ ++ *) table_set() and table_unset() did not deal correctly with ++ multiple occurrences of the same key. ++ [Stephen Scheck <sscheck infonex.net>, Ben Laurie] PR#1604 ++ ++ *) The AuthName must now be enclosed in quotes if it is to contain ++ spaces. [Ken Coar] PR#1195 ++ ++ *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195 ++ ++ *) WIN32: Work around optimiser bug that killed ISAPI in release ++ versions. [Ben Laurie] PR#1533 ++ ++ *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski] ++ ++ *) Interim (slow) fix for p->sub_pool critical sections in ++ alloc.c (affects win32 only). [Ben Hyde] ++ ++ *) non-WIN32 was missing destroy_mutex definition. [Ben Hyde] ++ ++ *) send_fd_length() did not calculate total_bytes_sent properly. ++ [Ben Reser <breser regnow.com>] PR#1366 ++ ++ *) The bputc() macro was not properly integrated with the chunking ++ code; in many cases modules using bputc() could cause completely ++ bogus chunked output. (Typically this will show up as problems ++ with Internet Explorer 4.0 reading a page, but other browsers ++ having no problem.) [Dean Gaudet] ++ ++ *) Create LARGE_WRITE_THRESHOLD define which determines how many ++ bytes have to be supplied to bwrite() before it will consider ++ doing a writev() to assemble multiple buffers in one system ++ call. This is critical for modules such as mod_include, ++ mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller ++ strings in some cases. The result would be extra effort ++ setting up writev(), and in many cases extra effort building ++ chunks. The default is 31, it can be overriden at compile ++ time. [Dean Gaudet] ++ ++ *) Move the gid switching code into the child so that log files ++ and pid files are opened with the root gid. ++ [Gregory A Lundberg <lundberg vr.net>] ++ ++ *) WIN32: Check for binaries by looking for the executable header ++ instead of counting control characters. ++ [Jim Patterson <Jim.Patterson Cognos.COM>] PR#1340 ++ ++ *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c ++ so the functionality is available to applications other than the ++ server itself (like the src/support tools). [Ken Coar] ++ ++ *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of ++ the libap consolidation work. [Ken Coar] ++ ++ *) ap_snprintf() with a len of 0 behaved like sprintf(). This is not ++ useful, and isn't what the standards require. Now it returns 0 ++ and writes nothing. [Dean Gaudet] ++ ++ *) When an error occurs in fcntl() locking suggest the user look up ++ the docs for LockFile. [Dean Gaudet] ++ ++ *) Eliminate some dead code from writev_it_all(). ++ [Igor Tatarinov <tatarino prairie.NoDak.edu>] ++ ++ *) mod_autoindex had an fread() without checking the result code. ++ It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*" ++ (note the missing closing paren) properly. [Dean Gaudet] ++ ++ *) It appears the "257th byte" bug (see ++ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen ++ at the 256th byte as well. Fixed. [Dean Gaudet] ++ ++ *) PORT: Fix mod_mime_magic under OS/2, no support for block devices. ++ [Brian Havard] ++ ++ *) Fix memory corruption caused by allocating auth usernames in the ++ wrong pool. [Dean Gaudet] PR#1500 ++ ++ *) Fix an off-by-1, and an unterminated string error in ++ mod_mime_magic. [Dean Gaudet] ++ ++ *) Fix a potential SEGV problem in mod_negotiation when dealing ++ with type-maps. [Dean Gaudet] ++ ++ *) Better glibc support under Linux. [Dean Gaudet] PR#1542 ++ ++ *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319 ++ ++ *) WIN32: avoid overflows during file canonicalisations. ++ [<malcolm mgdev.demon.co.uk>] PR#1378 ++ ++ *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie] ++ PR#1511, 1508 ++ ++ *) WIN32: mod_status display header didn't match fields. [Ben Laurie] ++ ++ *) The pthread_mutex_* functions return an error code, and don't ++ set errno. [Igor Tatarinov <tatarino prairie.NoDak.edu>] ++ ++ *) WIN32: Allow spaces to prefix the interpreter in #! lines. ++ [Ben Laurie] PR#1101 ++ ++ *) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti net4all.be>] PR#1523 ++ ++ *) proxy_ftp: the directory listings generated by the proxy ftp module ++ now have a title in which the path components are clickable and allow ++ quick navigation to the clicked-on directory on the currently listed ++ ftp server. This also fixes a bug where the ".." directory links would ++ sometimes refer to the wrong directory. [Martin Kraemer] ++ ++ *) WIN32: Allocate the correct amount of memory for the scoreboard. ++ [Ben Hyde] PR#1387 ++ ++ *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie] ++ PR#1505 ++ ++ *) Fix problems with timeouts in inetd mode and -X mode. [Dean Gaudet] ++ ++ *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed" ++ error messages. [Ben Hyde] ++ ++Changes with Apache 1.3b3 ++ ++ *) WIN32: Work around brain-damaged spawn calls that can't deal ++ with spaces and slashes. [Ben Laurie] ++ ++ *) WIN32: Fix the code so CGIs can use socket calls on Windows. ++ The problem was that certain undocumented environment variables ++ needed for sockets to work under Win32 were not being passed. ++ [Frank Faubert <frank sane.com>] ++ ++ *) Add a "-V" command line flag to the httpd binary. This ++ flag shows some of the defines that Apache was compiled with. ++ It is useful for debugging purposes. [Martin Kraemer] ++ ++ *) Start separating the ap_*() routines into their own library, so they ++ can be used by items in src/support among other things. ++ [Ken Coar] PR#512, 905, 1252, 1308 ++ ++ *) Give a more informative error when no AuthType is set. ++ [Lars Eilebrecht] ++ ++ *) Remove strtoul() use from mod_proxy because it isn't available ++ on all platforms. [Marc Slemko] PR#1214 ++ ++ *) WIN32: Some Win32 systems terminated all responses after 16 kB. ++ This turns out to be a bug in Winsock - select() doesn't always ++ return the correct status. [Ben Laurie] ++ ++ *) Directives owned by http_core can now use the new check_cmd_context() ++ routine to ensure that they're not being used within a container ++ (e.g., <Directory>) where they're invalid. [Martin Kraemer] ++ ++ *) PORT: Recent changes made it necessary to add explicit prototype ++ for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde] ++ ++ *) It was necessary to distinguish between resources which are ++ allocated in the parent, for cleanup in the parent, and resources ++ which are allocated in each child, for cleanup in each child. ++ A new pool was created which is passed to the module child_init ++ and child_exit functions; modules are free to register per-child ++ cleanups there. This fixes a bug with reliable piped logs. ++ [Dean Gaudet] ++ ++ *) mod_autoindex wasn't displaying the ReadmeName file at the bottom ++ unless it was also doing FancyIndexes, but it displayed the ++ HeaderName file at the top under all circumstances. It now shows ++ the ReadmeName file for simple indices, too, as it should. ++ [Ken Coar] PR#1373 ++ ++ *) http_core was mmap()ing even in cases where it wasn't going to ++ read the file. [Ben Hyde <bhyde gensym.com>] ++ ++ *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine: ++ Now the rewriting engine (the heart of mod_rewrite) is organized more ++ straight-forward, first time well documented and reduced to the really ++ essential parts. All redundant cases were stripped off and processing now ++ is the same for both per-server and per-directory context with only a ++ minimum difference (the prefix stripping in per-dir context). As a ++ side-effect some subtle restrictions and two recently discovered problems ++ are gone: Wrong escaping of QUERY_STRING on redirects in per-directory ++ context and restrictions on the substitution URL on redirects. ++ Additionally some minor source cleanups were done. ++ [Ralf S. Engelschall] ++ ++ *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals ++ documentation, examples, explanations and caveats. They live in a new ++ subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx unix-ag.org>] ++ ++ *) If ap_slack fails to allocate above the low slack line it's a good ++ indication that further problems will occur; it's a better indication ++ than many external libraries give us when we actually run out of ++ descriptors. So report it to the user once per restart. ++ [Dean Gaudet] PR#1181 ++ ++ *) Change mod_include and mod_autoindex to use Y2K-safe date formats ++ by default. [Ken Coar] ++ ++ *) Add a "SuppressColumnSorting" option to the IndexOptions list, ++ which will keep the column heading from being links for sorting ++ the display. [Ken Coar, suggested by Brian Tiemann <btman pacific.net>] ++ PR #1261 ++ ++ *) PORT: Update the LynxOS port. [Marius Groeger <mag sysgo.de>] ++ ++ *) Fix logic error when issuing a mmap() failed message ++ with a non-zero MMAP_THRESHOLD. ++ [David Chambers <davidc flosun.salk.edu>] PR#1294 ++ ++ *) Preserve handler value on ProxyPass'ed requests by not ++ calling find_types on a proxy'd request; fixes problems ++ where some ProxyPass'ed URLs weren't actually passed ++ to the proxy. ++ [Lars Eilebrecht] PR#870 ++ ++ *) Fix a byte ordering problem in mod_access which prevented ++ the old-style syntax (i.e. "a.b.c." to match a class C) ++ from working properly. [Dean Gaudet] PR#1248, 1328, 1384 ++ ++ *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working ++ properly. Each child needs to open the lockfile instead ++ of using the passed file-descriptor from the parent. ++ [Jim Jagielski] PR#1056 ++ ++ *) Fix the error logging in mod_cgi; the recent error log changes ++ introduced a bug that prevented it from working correctly. ++ [M.D.Parker] PR#1352 ++ ++ *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly ++ handle multiple Listen directives. [Marc Slemko] PR#872 ++ ++ *) Inherit a bugfix to fnmatch.c from FreeBSD sources. ++ ["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" <ache nagual.pp.ru>] PR#1311 ++ ++ *) When a configuration parse complained about a bad directive, ++ the logger would use whatever (unrelated) value was in errno. ++ errno is now forced to EINVAL first in this case. [Ken Coar] ++ ++ *) A sed command in the Configure script pushed the edge of POSIXness, ++ breaking on some systems. [Bhaba R.Misra <system vt.edu>] PR#1368 ++ ++ *) Solaris >= 2.5 was totally broken due to a mess up using pthread ++ mutexes. [Roy Fielding, Dean Gaudet] ++ ++ *) OS/2 Port updated; it should be possible to build OS/2 from the same ++ sources as Unix now. [Brian Havard <brianh kheldar.apana.org.au>] ++ ++ *) Fix a year formatting bug in mod_usertrack. ++ [Paul Eggert <eggert twinsun.com>] PR#1342 ++ ++ *) A mild SIGTERM/SIGALRM race condition was eliminated. ++ [Dean Gaudet] PR#1211 ++ ++ *) Warn user that default path has changed if /usr/local/etc/httpd ++ is found on the system. [Lars Eilebrecht] ++ ++ *) Various mod_mime_magic bug fixes and cleanups: Uncompression ++ should work, it should work on WIN32, and a few resource ++ leaks and abort conditions are fixed. ++ [Dean Gaudet] PR#1205 ++ ++ *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache ++ to use '%' instead of '@' in its encodings. ++ [David Schuler <schuld btv.ibm.com>] PR#1317 ++ ++ *) Improve the warning message generated when the "server is busy". ++ [Dean Gaudet] PR#1293 ++ ++ *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will ++ get Spencer regex by default. This is to avoid having to ++ discover bugs in operating system libraries. [Dean Gaudet] ++ ++ *) PORT: "Fix" PR#467 by generating warnings on systems which we have ++ not been able to get working USE_*_SERIALIZED_ACCEPT settings for. ++ Document this a bit more in src/PORTING. [Dean Gaudet] PR#467 ++ ++ *) Ensure that one copy of config warnings makes it to the ++ error_log. [Dean Gaudet] ++ ++ *) Invent new structure and associated methods to handle config file ++ reading. Add "custom" hook to use config file cfg_getline() on ++ something which is not a FILE* [Martin Kraemer] ++ ++ *) Make single-exe Windows install. [Ben Laurie and Eric Esselink] ++ ++ *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton] ++ ++ *) WIN32: Make index.html and friends work under Win95. [Ben Laurie] ++ ++ *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken. ++ [John Line <jml4 cam.ac.uk>] PR#1321 ++ ++ *) Default pathname has been changed everywhere to /usr/local/apache ++ [Sameer <sameer c2.net>] ++ ++ *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT. ++ [David Bronder <David-Bronder uiowa.edu>] PR#849 ++ ++ *) PORT: i386 AIX does not have memmove. ++ [David Schuler <schuld btv.ibm.com>] PR#1267 ++ ++ *) PORT: HPUX now defaults to using Spencer regex. ++ [Philippe Vanhaesendonck <pvanhaes be.oracle.com>, ++ Omar Del Rio <al112263 academ01.lag.itesm.mx>] PR#482, 1246 ++ ++ *) PORT: Some versions of NetBSD don't automatically define ++ __NetBSD__. Workaround by defining NETBSD. ++ [Chris Craft <ccraft cncc.cc.co.us>] PR#977 ++ ++ *) PORT: UnixWare 2.x requires -lgen for syslog. ++ [Hans Snijder <hs meganet.nl>] PR#1249 ++ ++ *) PORT: ULTRIX appears to not have syslog. ++ [Lars Eilebrecht <Lars.Eilebrecht unix-ag.org>] ++ ++ *) PORT: Basic Gemini port (treat it like unixware212). ++ ["Pavel Yakovlev (Paul McHacker)" <hac tomcat.olly.ru>] ++ ++ *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and ++ use USE_SHMGET_SCOREBOARD. ++ [Martin Kraemer] ++ ++ *) Various improvements in detecting config file errors (missing closing ++ directives for <Directory>, <Files> etc. blocks, prohibiting global ++ server settings in <VirtualHost> blocks, flagging unhandled multiple ++ arguments to <Directory>, <Files> etc.) ++ [Martin Kraemer] ++ ++ *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID ++ variable to provide this one to suexec'd CGIs, too. ++ [M.D.Parker <mdpc netcom.com>] PR#1284 ++ ++ *) New support tool: src/support/split-logfile, a sample Perl script which ++ splits up a combined access log into separate files based on the ++ name of the virtual host (listed first in the log records by "%v"). ++ [Ken Coar] ++ ++Changes with Apache 1.3b2 (there is no 1.3b1) ++ ++ *) TestCompile was not passing $LIBS [Dean Gaudet] ++ ++ *) Makefile.tmpl was not using $CFLAGS in the link phase. ++ [Martin Kraemer] ++ ++ *) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a ++ rudimentary memory debugger which can be used on live servers with ++ low impact -- it sets all allocated and freed memory bytes to 0xa5. ++ Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc() ++ and free() for each object. This is far more expensive and should ++ only be used for testing with tools such as Electric Fence and ++ Purify. See main/alloc.c for more details. [Dean Gaudet] ++ ++ *) Configure uses a sh trap and didn't set its exitcode properly. ++ [Dean Gaudet] PR#1159 ++ ++ *) Yet another vhost revamp. Add the NameVirtualHost directive which ++ explicitly lists the ip:port pairs that are to be used for name-vhosts. ++ From a given ip:port, regardless what the Host: header is, you can ++ only reach the vhosts defined on that ip:port. The precedence of ++ vhosts was reversed to match other precedences in the config -- ++ the earlier vhosts override the later vhosts. All vhost matching was ++ moved into http_vhost.[ch]. [Dean Gaudet] ++ ++ *) ap_inline can be used to force inlining. GNUC __attribute__() can ++ be used for whatever reason is appropriate (i.e. format() warnings ++ for printf style functions). Both are enabled only with ++ gcc >= 2.7.x (so that we have fewer support issues with older ++ versions). [Dean Gaudet] ++ ++ *) Fix support for Proxy Authentication (we were testing the response ++ status too early). [Marc Slemko] ++ ++ *) CoreDumpDirectory directive directs where the core file is ++ written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are ++ received. [Marc Slemko, Dean Gaudet] ++ ++ *) PORT: Support for Atari MINT. ++ [Jan Paul Schmidt <Jan.P.Schmidt mni.fh-giessen.de>] ++ ++ *) When booting, apache will now detach itself from stdin, stdout, ++ and stderr. stderr will not be detached until after the config ++ files have been read so you will be able to see initial error ++ messages. After that all errors are logged in the error_log. ++ This makes it more convenient to start apache via rsh, ssh, ++ or crontabs. [Dean Gaudet] PR#523 ++ ++ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake. ++ Also removed the auto-generated link to www.apache.org that was the ++ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko] ++ ++ *) send_fb would not detect aborted connections in some situations. ++ [Dean Gaudet] ++ ++ *) mod_include would use uninitialized data when parsing certain ++ expressions involving && and ||. [Brian Slesinsky] PR#1139 ++ ++ *) mod_imap should only handle GET methods. [Jay Bloodworth] ++ ++ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour] ++ ++ *) mod_autoindex improperly counted &escapes; as more than one ++ character in the description. It also improperly truncated ++ descriptions that were exactly the maximum length. ++ [Martin Kraemer] ++ ++ *) RedirectMatch was not properly escaping the result (PR#1155). Also ++ "RedirectMatch /advertiser/(.*) $1" is now permitted. ++ [Dean Gaudet] ++ ++ *) mod_include now uses symbolic names to check for request success ++ and return HTTP errors, and correctly handles all types of ++ redirections (previously it only did temporary redirect correctly). ++ [Ken Coar, Roy Fielding] ++ ++ *) mod_userdir was modifying r->finfo in cases where it wasn't setting ++ r->filename. Since those two are meant to be in sync with each other ++ this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>] ++ ++ *) PORT: Support Unisys SVR4, whose uname returns mostly useless data. ++ ["Kaufman, Steven E" <Steven.Kaufman unisys.com>] ++ ++ *) Inetd mode (which is buggy) uses timeouts without having setup the ++ jmpbuffer. [Dean Gaudet] PR#1064 ++ ++ *) Work around problem under Linux where a child will start looping ++ reporting a select error over and over. ++ [Rick Franchuk <rickf transpect.net>] PR#1107, 987, 588 ++ ++ *) Fixed error in proxy_util.c when looping through multiple host IP ++ addresses. [Lars Eilebrecht] PR#974 ++ ++ *) If BUFFERED_LOGS is defined then mod_log_config will do atomic ++ buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k) ++ bytes before writing, but it will never split a log entry across a ++ buffer boundary. [Dean Gaudet] ++ ++ *) API: the short_score record has been split into two pieces, one which ++ the parent writes on, and one which the child writes on. As part of ++ this change the get_scoreboard_info() function was removed, and ++ scoreboard_image was exported. This change fixes a race condition ++ in file based scoreboard systems, and speeds up changes involving the ++ scoreboard in earlier 1.3 development. [Dean Gaudet] ++ ++ *) API: New register_other_child() API (see http_main.h) which allows ++ modules to register children with the parent for maintenance. It ++ is disabled by defining NO_OTHER_CHILD. [Dean Gaudet] ++ ++ *) API: New piped_log API (see http_log.h) which implements piped logs, ++ and will use register_other_child to implement reliable piped logs ++ when it is available. The reliable piped logs part can be disabled ++ by defining NO_RELIABLE_PIPED_LOGS. At the moment reliable piped ++ logs is only available on Unix. [Dean Gaudet] ++ ++ *) API: set_last_modified() broken into set_last_modified(), set_etag(), and ++ meets_conditions(). This allows conditional HTTP selection to be ++ handled separately from the storing of the header fields, and provides ++ the ability for CGIs to set their own ETags for conditional checking. ++ [Ken Coar, Roy Fielding] PR#895 ++ ++ *) Changes to mod_log_config to allow naming of format strings. ++ Format nicknames are defined with "LogFormat fmt nickname", and can ++ be used with "LogFormat nickname" and "CustomLog logtarget nickname". ++ [Ken Coar] ++ ++ *) New module, "mod_speling", which can help find files even when ++ the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut] ++ ++ *) API: New function child_terminate() triggers the child process to ++ exit, while allowing the child finish what it needs to for the ++ current request first. ++ [Doug MacEachern, Alexei Kosut] ++ ++ *) Windows now defaults to using full status reports with mod_status. ++ [Alexei Kosut] PR #1094 ++ ++ *) *Really* disable all mod_rewrite operations if the engine is off. ++ Some things (like RewriteMaps) were checked/performed even if they ++ weren't supposed to be. [Ken Coar] PR #991 ++ ++ *) Implement a new timer scheme which eliminates the need to call alarm() all ++ the time. Instead a counter in the scoreboard for each child is used to ++ show when the child has made forward progress. The parent samples this ++ counter every scoreboard maintenance cycle, and issues SIGALRM if no ++ progress has been made in the timeout period. This reduces the static ++ request best-case syscall count to 22 from 29. This scheme is only ++ used by systems with memory-based scoreboards. [Dean Gaudet] ++ ++ *) The proxy now properly handles CONNECT requests which are sent ++ to proxy servers when using ProxyRemote. [Marc Slemko] PR#1024 ++ ++ *) A script called apachectl has been added to the support ++ directory. This script allows you to do things such as ++ "apachectl start" and "apachectl restart" from the command ++ line. [Marc Slemko] ++ ++ *) Modules and core routines are now put into libraries, which ++ simplifies the link line tremendously (among other advantages). ++ [Paul Sutton] ++ ++ *) Some of the MD5 names defined in Apache have been renamed to have ++ an `ap_' prefix to avoid conflicts with routines supplied by ++ external libraries. [Ken Coar] ++ ++ *) Removal of mod_auth_msql.c from the distribution. There are many ++ other options for databases today. Rather than offer one option, ++ offer none at this time. mod_auth_msql and other SQL database ++ authentication modules can be found at the Apache Module Registry. ++ http://modules.apache.org/ It would be nice to offer a generic ++ mod_auth_sql option in the near future. ++ ++ *) PORT: BeOS support added [Alexei Kosut] ++ ++ *) Configure no longer accepts the -make option, since it creates ++ Makefile on the fly based on Makefile.tmpl and Configuration. ++ ++ *) Apache now gracefully shuts down when it receives a SIGTERM, instead ++ of forcibly killing off all its processes and exiting without ++ cleaning up. [Alexei Kosut] ++ ++ *) API: A new field in the request_rec, r->mtime, has been added to ++ avoid gratuitous parsing of date strings. It is intended to hold ++ the last-modified date of the resource (if applicable). An ++ update_mtime() routine has also been added to advance it if ++ appropriate. [Roy Fielding, Ken Coar] ++ ++ *) SECURITY: If a htaccess file can not be read due to bad permissions, ++ deny access to the directory with a HTTP_FORBIDDEN. The previous ++ behavior was to ignore the htaccess file if it could not be read. ++ This change may make some setups with unreadable htaccess files ++ stop working. [Marc Slemko] PR#817 ++ ++ *) Add aplog_error() providing a mechanism to define levels of ++ verbosity to the server error logging. This addition also provides ++ the ability to log errors using syslogd. Error logging is configurable ++ on a per-server basis using the LogLevel directive. Conversion ++ of log_*() in progress. [Randy Terbush] ++ ++ *) Further enhance aplog_error() to not log filename, line number, and ++ errno information when it isn't applicable. [Ken Coar, Dean Gaudet] ++ ++ *) WIN32: Canonicalise filenames under Win32. Short filenames are ++ converted to long ones. Backslashes are converted to forward ++ slashes. Case is converted to lower. Parts of URLs that do not ++ correspond to files are left completely alone. [Ben Laurie] ++ ++ *) PORT: 2 new OSs added to the list of ports: ++ Encore's UMAX V: Arieh Markel <amarkel encore.com> ++ Acorn RISCiX: Stephen Borrill <sborrill xemplar.co.uk> ++ ++ *) Add the server version (SERVER_VERSION macro) to the "server ++ configured and running" entry in the error_log. Also build an ++ object file at link-time that contains the current time ++ (SERVER_BUILT global const char[]), and include that in the ++ message. [Ken Coar] ++ ++ *) Set r->headers_out when sending responses from the proxy. ++ This fixes things such as the logging of headers sent from ++ the proxy. [Marc Slemko] PR#659 ++ ++ *) support/httpd_monitor is no longer distributed because the ++ scoreboard should not be file based if at all possible. Use ++ mod_status to see current server snapshot. ++ ++ *) (set_file_slot): New function, allowing auth directives to be ++ independent of the server root, so the server documents can be ++ moved to a different directory or machine more easily. ++ [David J. MacKenzie] ++ ++ *) If no TransferLog is given explicitly, decline ++ to log. This supports coexistence with other logging modules, ++ such as the custom one that UUNET uses. [David J. MacKenzie] ++ ++ *) Check for titles in server-parsed HTML files. ++ Ignore leading newlines and returns in titles. The old behavior ++ of replacing a newline after <title> with a space causes the ++ title to be misaligned in the listing. [David J. MacKenzie] ++ ++ *) Change mod_cern_meta to be configurable on a per-directory basis. ++ [David J. MacKenzie] ++ ++ *) Add 'Include' directive to allow inclusion of configuration ++ files within configuration files. [Randy Terbush] ++ ++ *) Proxy errors on connect() are logged to the error_log (nothing ++ new); now they include the IP address and port that failed ++ (*that's* new). [Ken Coar, Marc Slemko] PR#352 ++ ++ *) Various architectures now define USE_MMAP_FILES which causes ++ the server to use mmap() for static files. There are two ++ compile-time tunables MMAP_THRESHOLD (minimum number of bytes ++ required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum ++ number of bytes written in one cycle from a single mmap()d object, ++ default 32768). [Dean Gaudet] ++ ++ *) API: Added post_read_request API phase which is run right after reading ++ the request from a client, or right after an internal redirect. It is ++ useful for modules setting environment variables that depend only on ++ the headers/contents of the request. It does not run during subrequests ++ because subrequests inherit pretty much everything from the main ++ request. [Dean Gaudet] ++ ++ *) Added mod_unique_id which is used to generate a unique identifier for ++ each hit, available in the environment variable UNIQUE_ID. ++ [Dean Gaudet] ++ ++ *) init_modules is now called after the error logs have been opened. This ++ allows modules to emit information messages into the error logs. ++ [Dean Gaudet] ++ ++ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging ++ information for case where proxy module is not available. [Marc Slemko] ++ ++ *) PORT: Apache has need for mutexes to serialize its children around ++ accept. In prior versions either fcntl file locking or flock file ++ locking were used. The method is chosen by the definition of ++ USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(), ++ and FLOCK for flock(). New options have been added: ++ - SYSVSEM to use System V style semaphores ++ - PTHREAD to use POSIX threads (appears to work on Solaris only) ++ - USLOCK to use IRIX uslock ++ Based on timing various techniques, the following changes were made ++ to the defaults: ++ - Linux 2.x uses flock instead of fcntl ++ - Solaris 2.x uses pthreads ++ - IRIX uses SysV semaphores -- however multiprocessor IRIX boxes ++ work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT ++ [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec vtcom.fr>, ++ Martijn Koster <m.koster pobox.com>] ++ ++ *) PORT: The semantics of accept/select make it very desirable to use ++ mutexes to serialize accept when multiple Listens are in use. But ++ in the case where only a single socket is open it is sometimes ++ redundant to serialize accept(). Not all unixes do a good job with ++ potentially dozens of children blocked on accept() on the same ++ socket. It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and ++ the server will avoid serialization when listening on only one socket, ++ and use serialization when listening on multiple sockets. ++ [Dean Gaudet] PR#467 ++ ++ *) Configure changes: TestLib replaced by TestCompile, which has ++ some additional capability (such as doing a sanity check of ++ the compiler and flags selected); the version of Solaris is now ++ available via the #define value of SOLARIS2; IRIX n32bit libs ++ now supported and selectable by new Configuration Rule: IRIXN32; ++ We no longer default to -O2 optimization. [Jim Jagielski] ++ ++ *) Updated Configure: Configuration now uses AddModule to specify ++ module source or binary file location, relative to src directory. ++ Modules can be dropped into modules/extra, or in their own ++ directory, and modules can come with a Makefile or Configure can ++ create one. Modules can add compiler or library information to ++ generated Makefiles. [Paul Sutton] ++ ++ *) Source core re-organisation: distributed modules are now in ++ modules/standard. All other source code is in main. OS-specific ++ code is in os/{unix,emx,win32} directories. [Paul Sutton] ++ ++ *) mod_browser has been removed, since it's replaced by mod_setenvif. ++ [Ken Coar] ++ ++ *) Fix another long-standing bug in sub_req_lookup_file where it would ++ happily skip past access checks on subdirectories looked up with ++ relative paths. (It's used by mod_dir, mod_negotiation, ++ and mod_include.) [Dean Gaudet] ++ ++ *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where ++ N is the number of <Directory> sections, and M is the number of ++ components in the filename of an object. ++ ++ To achieve this optimization the following config changes were made: ++ - Wildcards (* and ?, not the regex forms) in <Directory>s, ++ <Files>s, and <Location>s now treat a slash as a special ++ character. For example "/home/*/public_html" previously would ++ match "/home/a/andrew/public_html", now it only matches things ++ like "/home/bob/public_html". This mimics /bin/sh behaviour. ++ - It's possible now to use [] wildcarding in <Directory>, <Files> ++ or <Location>. ++ - Regex <Directory>s are applied after all non-regex <Directory>s. ++ ++ [Dean Gaudet] ++ ++ *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files ++ and corrupted paths. [Dean Gaudet] ++ ++ *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite: ++ First the grouped parts of RewriteRule pattern matches (parenthesis!) can ++ be accessed now via backreferences $1..$9 in RewriteConds test-against ++ strings in addition to RewriteRules subst string. Second the grouped ++ parts of RewriteCond pattern matches (parenthesis!) can be accessed now ++ via backreferences %1..%9 both in following RewriteCond test-against ++ strings and RewriteRules subst string. This provides maximum flexibility ++ through the use of backreferences. ++ Additionally the rewriting engine was cleaned up by putting common ++ code to the new expand_backrefs_inbuffer() function. ++ [Ralf S. Engelschall] ++ ++ *) When merging the main server's <Directory> and <Location> sections into ++ a vhost, put the main server's first and the vhost's second. Otherwise ++ the vhost can't override the main server. [Dean Gaudet] PR#717 ++ ++ *) The <Directory> code would merge and re-merge the same section after ++ a match was found, possibly causing problems with some modules. ++ [Dean Gaudet] ++ ++ *) ip-based vhosts are stored and queried using a hashing function, which ++ has been shown to improve performance on servers with many ip-vhosts. ++ Some other changes had to be made to accommodate this: ++ - the * address for vhosts now behaves like _default_ ++ - the matching process now is: ++ - match an ip-vhost directly via hash (possibly matches main ++ server) ++ - if that fails, just pretend it matched the main server ++ - if so far only the main server has been matched, perform ++ name-based lookups (ServerName, ServerAlias, ServerPath) ++ *only on name-based vhosts* ++ - if they fail, look for _default_ vhosts ++ [Dean Gaudet, Dave Hankins <dhankins sugarat.net>] ++ ++ *) dbmmanage overhaul: ++ - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new ++ - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or ++ GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order) ++ - provide better seed for rand ++ - prompt for password as per getpass(3) (turn off echo, read from ++ /dev/tty, etc.) ++ - use "newstyle" crypt based on $Config{osname} ($^O) ++ - will not add a user if already in database, use new `update' command ++ instead ++ - added `check' command to check a users' password ++ - added `import' command to convert existing password text-files or ++ dbm files exported with `view' ++ - more descriptive usage, general cleanup, 'use strict' clean, etc. ++ [Doug MacEachern] ++ ++ *) Added psocket() which is a pool form of socket(), various places within ++ the proxy weren't properly blocking alarms while registering the cleanup ++ for its sockets. bclose() now uses pclose() and pclosesocket(). There ++ was a bug where the client socket was being close()d twice due a still ++ registered cleanup. [Dean Gaudet] ++ ++ *) A few cleanups were made to reduce time(), getpid(), and signal() calls. ++ [Dean Gaudet] ++ ++ *) PORT: AIX >= 4.2 requires -lm due to libc changes. ++ [Jason Venner <jason idiom.com>] PR#667 ++ ++ *) Enable ``=""'' for RewriteCond directives to match against ++ the empty string. This is the preferred way instead of ``^$''. ++ [Ralf S. Engelschall] ++ ++ *) Fixed an infinite loop in mod_imap for references above the server root ++ [Dean Gaudet] PR#748 ++ ++ *) mod_proxy now has a ReceiveBufferSize directive, similar to ++ SendBufferSize, so that the TCP window can be set appropriately ++ for LFNs. [Phillip A. Prindeville] ++ ++ *) mod_browser has been replaced by the more general mod_setenvif ++ (courtesy of Paul Sutton). BrowserMatch* directives are still ++ available, but are now joined by SetEnvIf*, UnSetEnvIf*, and ++ UnSetEnvIfZero directives. [Ken Coar] ++ ++ *) "HostnameLookups double" forces double-reverse DNS to succeed in ++ order for remote_host to be set (for logging, or for the env var ++ REMOTE_HOST). The old define MAXIMUM_DNS has been deprecated. ++ [Dean Gaudet] ++ ++ *) mod_access overhaul: ++ - Now understands network/netmask syntax (i.e. 10.1.0.0/255.255.0.0) ++ and cidr syntax (i.e. 10.1.0.0/16). PR#762 ++ - Critical path was sped up by pre-computing a few things at config time. ++ - The undocumented syntax "allow user-agents" was removed, ++ the replacement is "allow from env=foobar" combined with mod_browser. ++ - When used with hostnames it now forces a double-reverse lookup ++ no matter what the directory settings are. This double-reverse ++ doesn't affect any of the other routines that use the remote ++ hostname. In particular it's still passed to CGIs and the log ++ without the double-reverse check. Related PR#860. ++ [Dean Gaudet] ++ ++ *) When a large bwrite() occurs (larger than the internal buffer size), ++ while there is already something in the buffer, apache will combine ++ the large write and the buffer into a single writev(). (This is ++ in anticipation of using mmap() for reading files.) ++ [Dean Gaudet] ++ ++ *) In obscure cases where a partial socket write occurred while chunking, ++ Apache would omit the chunk header/footer on the next block. Cleaned ++ up other bugs/inconsistencies in error conditions in buff.c. Fixed ++ a bug where a long pause in DNS lookups could cause the last packet ++ of a response to be unduly delayed. [Roy Fielding, Dean Gaudet] ++ ++ *) API: Added child_exit function to module structure. This is called ++ once per "heavy-weight process" just before a server child exit()'s ++ e.g. when max_requests_per_child is reached, etc. ++ [Doug MacEachern, Dean Gaudet] ++ ++ *) mod_include cleanup showed that handle_else was being used to handle ++ endif. It didn't cause problems, but it was cleaned up too. ++ [Howard Fear] ++ ++ *) mod_cern_meta would attempt to find meta files for the directory itself ++ in some cases, but not in others. It now avoids it in all cases. ++ [Dean Gaudet] ++ ++ *) mod_mime_magic would core dump if there was a decompression error. ++ [Martin Kraemer <Martin.Kraemer mch.sni.de>] PR#904 ++ ++ *) PORT: some variants of DGUX require -lsocket -lnsl ++ [Alexander L Jones <alex systems-options.co.uk>] PR#732 ++ ++ *) mod_autoindex now allows sorting of FancyIndexed directory listings ++ by the various fields (name, size, et cetera), either in ascending ++ or descending order. Just click on the column header. [Ken Coar] ++ ++ *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit ++ CPUs like the Alpha. Apache still stores ints in pointers, but that's ++ the relatively safe direction. [Dean Gaudet] PR#344 ++ ++ *) PORT: QNX mmap() support for faster/more reliable scoreboard handling. ++ [Igor N Kovalenko <infoh mail.wplus.net>] PR#683 ++ ++ *) child_main avoids an unneeded call to select() when there is only one ++ listening socket. [Dean Gaudet] ++ ++ *) In the event that the server is starved for idle servers it will ++ spawn 1, then 2, then 4, ..., then 32 servers each second, ++ doubling each second. It'll also give a warning in the errorlog ++ since the most common reason for this is a poor StartServers ++ setting. The define MAX_SPAWN_RATE can be used to raise/lower ++ the maximum. [Dean Gaudet] ++ ++ *) Apache now provides an effectively unbuffered connection for ++ CGI scripts. This means that data will be sent to the client ++ as soon as the CGI pauses or stops output; previously, Apache would ++ buffer the output up to a fixed buffer size before sending, which ++ could result in the user viewing an empty page until the CGI finished ++ or output a complete buffer. It is no longer necessary to use an ++ "nph-" CGI to get unbuffered output. Given that most CGIs are written ++ in a language that by default does buffering (e.g. perl) this ++ shouldn't have a detrimental effect on performance. ++ ++ "nph-" CGIs, which formerly provided a direct socket to the client ++ without any server post-processing, were not fully compatible with ++ HTTP/1.1 or SSL support. As such they would have had to implement ++ the transport details, such as encryption or chunking, in order ++ to work properly in certain situations. Now, the only difference ++ between nph and non-nph scripts is "non-parsed headers". ++ [Dean Gaudet, Sameer Parekh, Roy Fielding] ++ ++ *) If a BUFF is switched from buffered to unbuffered reading the first ++ bread() will return whatever remained in the buffer prior to the ++ switch. [Dean Gaudet] ++ ++Changes with Apache 1.3a1 ++ ++ *) Added another Configure helper script: TestLib. It determines ++ if a specified library exists. [Jim Jagielski] ++ ++ *) PORT: Allow for use of n32bit libraries under IRIX 6.x ++ [derived from patch from Jeff Hayes <jhayes aw.sgi.com>] ++ PR#721 ++ ++ *) PORT: Some architectures use size_t for various lengths in network ++ functions such as accept(), and getsockname(). The definition ++ NET_SIZE_T is used to control this. [Dean Gaudet] ++ ++ *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h ++ and -lcrypt. Test for various db libraries (dbm, ndbm, db) when ++ mod_auth_dbm or mod_auth_db are included. [Dean Gaudet] ++ ++ *) PORT: QNX doesn't have initgroups() which support/suexec.c uses. ++ [Igor N Kovalenko <infoh mail.wplus.net>] ++ ++ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to ++ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added ++ "downgrade-1.0" which causes Apache to pretend it received a 1.0. ++ [Dean Gaudet] related PR#875 ++ ++ *) API: Correct child_init() slot declaration from int to void, to ++ match the init() declaration. Update mod_example to use the new ++ hook. [Ken Coar] ++ ++ *) added transport handle slot (t_handle) to the BUFF structure ++ [Doug MacEachern] ++ ++ *) get_client_block() returns wrong length if policy is ++ REQUEST_CHUNKED_DECHUNK. ++ [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815 ++ ++ *) Support the image map format of FrontPage. For example: ++ rect /url.hrm 10 20 30 40 ++ ["Chris O'Byrne" <obyrne iol.ie>] PR#807 ++ ++ *) PORT: -lresolv and -lsocks were in the wrong order for Solaris. ++ ["Darren O'Shaughnessy" <darren aaii.oz.au>] PR#846 ++ ++ *) AddModuleInfo directive for mod_info which allows you to annotate ++ the output of mod_info. ["Lou D. Langholtz" <ldl usi.utah.edu>] ++ ++ *) Added NoProxy directive to avoid using ProxyRemote for selected ++ addresses. Added ProxyDomain directive to cause unqualified ++ names to be qualified by redirection. ++ [Martin Kraemer <Martin.Kraemer mch.sni.de>] ++ ++ *) Support Proxy Authentication, and don't pass the Proxy-Authorize ++ header to the remote host in the proxy. [Sameer Parekh and ++ Wallace] ++ ++ *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version ++ 3.0.9. This upgrade includes: fixed deadlooping on rewriting to same ++ URLs, fixed rewritelog(), fixed forced response code handling on ++ redirects from within .htaccess files, disabled pipe locking under ++ braindead SunOS 4.1.x, allow env variables to be set even on rules with ++ no substitution, bugfixed situations where HostnameLookups is off, made ++ mod_rewrite more thread-safe for NT port and fixed problem when creating ++ an empty query string via "xxx?". ++ This update also removes the copyright of Ralf S. Engelschall, ++ i.e. now mod_rewrite no longer has a shared copyright. Instead is is ++ exclusively copyrighted by the Apache Group now. This happened because ++ the author now has gifted mod_rewrite exclusively to the Apache Group and ++ no longer maintains an external version. ++ [Ralf S. Engelschall] ++ ++ *) API: Added child_init function to module structure. This is called ++ once per "heavy-weight process" before any requests are handled. ++ See http_config.h for more details. [Dean Gaudet] ++ ++ *) Anonymous_LogEmail was logging on each subrequest. ++ [Dean Gaudet] PR#421, 868 ++ ++ *) API: Added is_initial_req() which tests if the request being ++ processed is the initial request, or a subrequest. ++ [Doug MacEachern] ++ ++ *) Extended SSI (mod_include) now handles additional relops for ++ string comparisons (<, >, <=, and >=). [Bruno Wolff III] PR#41 ++ ++ *) Configure fixed to correctly propagate user-selected options and ++ settings (such as CC and OPTIM) to Makefiles other than ++ src/Makefile (notably support/Makefile). [Ken Coar] PR#666, #834 ++ ++ *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of ++ directory indices to start with the contents of the HeaderName file ++ if there is one. If there isn't one, the behaviour is unchanged. ++ [Ken Coar, Roy Fielding, Andrey A. Chernov] ++ ++ *) WIN32: Modules can now be dynamically loaded DLLs using the ++ LoadModule/LoadFile directives. Note that module DLLs must be ++ compiled with the multithreaded DLL version of the runtime library. ++ [Alexei Kosut and Ben Laurie] ++ ++ *) Automatic indexing removed from mod_dir and placed into mod_autoindex. ++ This allows the admin to completely remove automatic indexing ++ from the server, while still supporting the basic functions of ++ trailing-slash redirects and DirectoryIndex files. Note that if ++ you're carrying over an old Configuration file and you use directory ++ indexing then you'll want to add: ++ ++ Module autoindex_module mod_autoindex.o ++ ++ before mod_dir in your Configuration. [Dean Gaudet] ++ ++ *) popendir/pclosedir created to properly protect directory scanning. ++ [Dean Gaudet] PR#525 ++ ++ *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added, ++ giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch> ++ and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc... ++ [Alexei Kosut] ++ ++ *) The AccessFileName directive can now take more than one filename. ++ ["Lou D. Langholtz" <ldl usi.utah.edu>] ++ ++ *) The new mod_mime_magic can be used to "magically" determine the type ++ of a file if the extension is unknown. Based on the unix file(1) ++ command. [Ian Kluft <ikluft cisco.com>] ++ ++ *) We now determine and display the time spent processing a ++ request if desired. [Jim Jagielski] ++ ++ *) mod_status: PID field of "dead" child slots no longer displays ++ main httpd process's PID. [Jim Jagielski] ++ ++ *) Makefile.nt added - to build all the bits from the command line: ++ nmake -f Makefile.nt ++ Doesn't yet work properly. [Ben Laurie] ++ ++ *) Default text of 404 error is now "Not Found" rather than the ++ potentially misleading "File Not Found". [Ken Coar] ++ ++ *) CONFIG: "HostnameLookups" now defaults to off because it is far better ++ for the net if we require people that actually need this data to ++ enable it. [Linus Torvalds] ++ ++ *) directory_walk() is an expensive function, keep a little more state to ++ avoid needless string counting. Add two new functions make_dirstr_parent ++ and make_dirstr_prefix which replace all existing uses of make_dirstr. ++ The new functions are a little less general than make_dirstr, but ++ work more efficiently (less memory, less string counting). ++ [Dean Gaudet] ++ ++ *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed ++ to LDFLAGS) to avoid complications with lex rules in make files. ++ [Dean Gaudet] PR#372 ++ ++ *) run_method optimized to avoid needless scanning over NULLs in the ++ module list. [Dean Gaudet] ++ ++ *) Revamp of (unix) scoreboard management code such that it avoids ++ unnecessary traversals of the scoreboard on each hit. This is ++ particularly important for high volume sites with a large ++ HARD_SERVER_LIMIT. Some of the previous operations were O(n^2), ++ and are now O(n). See also SCOREBOARD_MAINTENANCE_INTERVAL in ++ httpd.h. [Dean Gaudet] ++ ++ *) In configurations using multiple Listen statements it was possible for ++ busy sockets to starve other sockets of service. [Dean Gaudet] ++ ++ *) Added hook so standalone_main can be replaced at compile time ++ (define STANDALONE_MAIN) ++ [Doug MacEachern] ++ ++ *) Lowest-level read/write functions in buff.c will be replaced with ++ the SFIO library calls sfread/sfwrite if B_SFIO is defined at ++ compile time. The default sfio discipline will behave as apache ++ would without sfio compiled in. ++ [Doug MacEachern] ++ ++ *) Enhance UserDir directive (mod_userdir) to accept a list of ++ usernames for the 'disable' keyword, and add 'enable user...' to ++ selectively *en*able userdirs if they're globally disabled. ++ [Ken Coar] ++ ++ *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache ++ will work with Netscape dbm files. (dbmmanage will probably not ++ work however.) [Alexander Spohr <aspohr netmatic.com>] PR#444 ++ ++ *) Add a ListenBacklog directive to control the backlog parameter ++ passed to listen(). Also change the default to 511 from 512. ++ [Marc Slemko] ++ ++ *) API: A new handler response DONE which informs apache that the ++ request has been handled and it can finish off quickly, similar to ++ how it handles errors. [Rob Hartill] ++ ++ *) Turn off chunked encoding after sending terminating chunk/footer ++ so that we can't do it twice by accident. [Roy Fielding] ++ ++ *) mod_expire also issues Cache-Control: max-age headers. ++ [Rob Hartill] ++ ++ *) API: Added kill_only_once option for free_proc_chain so that it won't ++ aggressively try to kill off specific children. For fastcgi. ++ [Stanley Gambarin <gambarin OpenMarket.com>] ++ ++ *) mod_auth deals with extra ':' delimited fields. [Marc Slemko] ++ ++ *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive. ++ When used together, these cause mod_dir to emit HEIGHT and WIDTH ++ attributes in the FancyIndexing IMG tags. [Ken Coar] ++ ++ *) PORT: Sequent and SONY NEWS-OS support added. [Jim Jagielski] ++ ++ *) PORT: Added Windows NT support ++ [Ben Laurie and Ambarish Malpani <ambarish valicert.com>] ++ ++Changes with Apache 1.2.6 ++ ++ *) mod_include when using XBitHack Full would send ETags in addition to ++ sending Last-Modifieds. This is incorrect HTTP/1.1 behaviour. ++ [Dean Gaudet] PR#1133 ++ ++ *) SECURITY: When a client connects to a particular port/addr, and ++ gives a Host: header ensure that the virtual host requested can ++ actually be reached via that port/addr. [Ed Korthof <ed organic.com>] ++ ++ *) Support virtual hosts with wildcard port and/or multiple ports ++ properly. [Ed Korthof <ed organic.com>] ++ ++ *) Fixed some case-sensitivity issues according to RFC2068. ++ [Dean Gaudet] ++ ++ *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c, ++ and mod_include.c. [Dean Gaudet] ++ ++ *) Variable 'cwd' was being used pointlessly before being set. ++ [Ken Coar] PR#1738 ++ ++ *) SIGURG doesn't exist on all platforms. ++ [Mark Andrew Heinrich <heinrich tinderbox.Stanford.EDU>] ++ ++ *) When an error occurs during a POST, or other operation with a ++ request body, the body has to be read from the net before allowing ++ a keepalive session to continue. [Roy Fielding] PR#1399 ++ ++ *) When an error occurs in fcntl() locking suggest the user look up ++ the docs for LockFile. [Dean Gaudet] ++ ++ *) table_set() and table_unset() did not deal correctly with ++ multiple occurrences of the same key. [Stephen Scheck ++ <sscheck infonex.net>, Ben Laurie] PR#1604 ++ ++ *) send_fd_length() did not calculate total_bytes_sent properly in error ++ cases. [Ben Reser <breser regnow.com>] PR#1366 ++ ++ *) r->connection->user was allocated in the wrong pool causing corruption ++ in some cases when used with mod_cern_meta. [Dean Gaudet] PR#1500 ++ ++ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake. ++ Also removed the auto-generated link to www.apache.org that was the ++ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko] ++ ++ *) Multiple "close" tokens may have been set in the "Connection" ++ header, not an error, but a waste. ++ [<Ronald.Tschalaer psi.ch>] PR#1683 ++ ++ *) "basic" and "digest" auth tokens should be tested case-insensitive. ++ [<Ronald.Tschalaer psi.ch>] PR#1599, PR#1666 ++ ++ *) It appears the "257th byte" bug (see ++ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen ++ at the 256th byte as well. Fixed. [Dean Gaudet] ++ ++ *) mod_rewrite would not handle %3f properly in some situations. ++ [Ralf Engelschall] ++ ++ *) Apache could generate improperly chunked HTTP/1.1 responses when ++ the bputc() or rputc() functions were used by modules (such as ++ mod_include). [Dean Gaudet] ++ ++ *) #ifdef wrap a few #defines in httpd.h to make life easier on ++ some ports. [Ralf Engelschall] ++ ++ *) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby] ++ ++ *) Quote CC='$(CC)' to improve recurse make calls. [Martin Kraemer] ++ ++ *) Avoid B_ERROR redeclaration on sysvr4 systems. [Martin Kraemer] ++ ++Changes with Apache 1.2.5 ++ ++ *) SECURITY: Fix a possible buffer overflow in logresolve. This is ++ only an issue on systems without a MAXDNAME define or where ++ the resolver returns domain names longer than MAXDNAME. [Marc Slemko] ++ ++ *) Fix an improper length in an ap_snprintf call in proxy_date_canon(). ++ [Marc Slemko] ++ ++ *) Fix core dump in the ftp proxy when reading incorrectly formatted ++ directory listings. [Marc Slemko] ++ ++ *) SECURITY: Fix possible minor buffer overflow in the proxy cache. ++ [Marc Slemko] ++ ++ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which ++ is used to read various types of files such as htaccess and ++ htpasswd files. [Marc Slemko] ++ ++ *) SECURITY: Ensure that the buffer returned by ht_time is always ++ properly null terminated. [Marc Slemko] ++ ++ *) SECURITY: General mod_include cleanup, including fixing several ++ possible buffer overflows and a possible infinite loop. This cleanup ++ was done against 1.3 code and then backported to 1.2, the result ++ is a large difference (due to indentation cleanup in 1.3 code). ++ Users interested in seeing a smaller set of relevant differences ++ should consider comparing against src/modules/standard/mod_include.c ++ from the 1.3b3 release. Non-indentation changes to mod_include ++ between 1.2 and 1.3 were minimal. [Dean Gaudet, Marc Slemko] ++ ++ *) SECURITY: Numerous changes to mod_imap in a general cleanup ++ including fixing a possible buffer overflow. This cleanup also ++ was done with 1.3 code as a basis, see the previous note ++ about mod_include. [Dean Gaudet] ++ ++ *) SECURITY: If a htaccess file can not be read due to bad ++ permissions, deny access to the directory with a HTTP_FORBIDDEN. ++ The previous behavior was to ignore the htaccess file if it could not ++ be read. This change may make some setups with unreadable ++ htaccess files stop working. PR#817 [Marc Slemko] ++ ++ *) SECURITY: no2slash() was O(n^2) in the length of the input. ++ Make it O(n). This inefficiency could be used to mount a denial ++ of service attack against the Apache server. Thanks to ++ Michal Zalewski <lcamtuf boss.staszic.waw.pl> for reporting ++ this. [Dean Gaudet] ++ ++ *) mod_include used uninitialized data for some uses of && and ||. ++ [Brian Slesinsky <bslesins wired.com>] PR#1139 ++ ++ *) mod_imap should decline all non-GET methods. ++ [Jay Bloodworth <jay pathways.sde.state.sc.us>] ++ ++ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour] ++ ++ *) mod_userdir was modifying r->finfo in cases where it wasn't setting ++ r->filename. Since those two are meant to be in sync with each other ++ this is a bug. ["Paul B. Henson" <henson intranet.csupomona.edu>] ++ ++ *) mod_include did not properly handle all possible redirects from sub- ++ requests. [Ken Coar] ++ ++ *) Inetd mode (which is buggy) uses timeouts without having setup the ++ jmpbuffer. [Dean Gaudet] PR#1064 ++ ++ *) Work around problem under Linux where a child will start looping ++ reporting a select error over and over. ++ [Rick Franchuk <rickf transpect.net>] PR#1107 ++ ++Changes with Apache 1.2.4 ++ ++ *) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy ++ always making requests with the full-URI instead of just the URI path. ++ [Marc Slemko, Roy Fielding] ++ ++ *) Add -lm for AIX versions >= 4.2 to allow Apache to link properly ++ on this platform. [Marc Slemko] ++ ++Changes with Apache 1.2.3 ++ ++ *) The request to a remote proxy was mangled if it was generated as the ++ result of a ProxyPass directive. URL schemes other than http:// were not ++ supported when ProxyRemote was used. PR#260, PR#656, PR#699, PR#713, ++ PR#812 [Lars Eilebrecht] ++ ++ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging ++ information for case where proxy module is not available. [Marc Slemko] ++ ++ *) Force proxy to always respond as HTTP/1.0, which it was failing to ++ do for errors and cached responses. [Roy Fielding] ++ ++ *) PORT: Improved support for ConvexOS 11. [Jeff Venters] ++ ++Changes with Apache 1.2.2 [not released] ++ ++ *) Fixed another long-standing bug in sub_req_lookup_file where it would ++ happily skip past access checks on subdirectories looked up with relative ++ paths. (It's used by mod_dir, mod_negotiation, and mod_include.) ++ [Dean Gaudet] ++ ++ *) Add lockfile name to error message printed out when ++ USE_FLOCK_SERIALIZED_ACCEPT is defined. ++ [Marc Slemko] ++ ++ *) Enhanced the chunking and error handling inside the buffer functions. ++ [Dean Gaudet, Roy Fielding] ++ ++ *) When merging the main server's <Directory> and <Location> sections into ++ a vhost, put the main server's first and the vhost's second. Otherwise ++ the vhost can't override the main server. [Dean Gaudet] PR#717 ++ ++ *) The <Directory> code would merge and re-merge the same section after ++ a match was found, possibly causing problems with some modules. ++ [Dean Gaudet] ++ ++ *) Fixed an infinite loop in mod_imap for references above the server root. ++ [Dean Gaudet] PR#748 ++ ++ *) mod_include cleanup showed that handle_else was being used to handle ++ endif. It didn't cause problems, but it was cleaned up too. ++ [Howard Fear] ++ ++ *) Last official synchronization of mod_rewrite with author version (because ++ mod_rewrite is now directly developed by the author at the Apache Group): ++ o added diff between mod_rewrite 3.0.6+ and 3.0.9 ++ minus WIN32/NT stuff, but plus copyright removement. ++ In detail: ++ - workaround for detecting infinite rewriting loops ++ - fixed setting of env vars when "-" is used as subst string ++ - fixed forced response code on redirects (PR#777) ++ - fixed cases where r->args is "" ++ - kludge to disable locking on pipes under braindead SunOS ++ - fix for rewritelog in cases where remote hostname is unknown ++ - fixed totally damaged request_rec walk-back loop ++ o remove static from local data and add static to global ones. ++ o replaced ugly proxy finding stuff by simple ++ find_linked_module("mod_proxy") call. ++ o added missing negation char on rewritelog() ++ o fixed a few comment typos ++ [Ralf S. Engelschall] ++ ++ *) Anonymous_LogEmail was logging on each subrequest. ++ [Dean Gaudet] PR#421, PR#868 ++ ++ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to ++ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added ++ "downgrade-1.0" which causes Apache to pretend it received a 1.0. ++ Additionally mod_browser now triggers during translate_name to workaround ++ a deficiency in the header_parse phase. ++ [Dean Gaudet] PR#875 ++ ++ *) get_client_block() returns wrong length if policy is ++ REQUEST_CHUNKED_DECHUNK. ++ [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#815 ++ ++ *) Properly treat <files> container like other containers in mod_info. ++ [Marc Slemko] PR#848 ++ ++ *) The proxy didn't treat the "Host:" keyword of the host header as case- ++ insensitive. The proxy would corrupt the first line of a response from ++ an HTTP/0.9 server. [Kenichi Hori <ken d2.bs1.fc.nec.co.jp>] PR#813,814 ++ ++ *) mod_include would log some bogus values occasionally. ++ [Skip Montanaro <skip calendar.com>, Marc Slemko] PR#797 ++ ++ *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP ++ under Solaris 2.x (up through 2.5.1). It has been fixed. ++ [Dean Gaudet] PR#832 ++ ++ *) API: In HTTP/1.1, whether or not a request message contains a body ++ is independent of the request method and based solely on the presence ++ of a Content-Length or Transfer-Encoding. Therefore, our default ++ handlers need to be prepared to read a body even if they don't know ++ what to do with it; otherwise, the body would be mistaken for the ++ next request on a persistent connection. discard_request_body() ++ has been added to take care of that. [Roy Fielding] PR#378 ++ ++ *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache ++ release version number, such that it always increases along the ++ same lines as our source code branching. [Roy Fielding] ++ ++ *) Minor oversight on multiple variants fixed. [Paul Sutton] PR#94 ++ ++Changes with Apache 1.2.1 ++ ++ *) SECURITY: Don't serve file system objects unless they are plain files, ++ symlinks, or directories. This prevents local users from using pipes ++ or named sockets to invoke programs for an extremely crude form of ++ CGI. [Dean Gaudet] ++ ++ *) SECURITY: HeaderName and ReadmeName were settable in .htaccess and ++ could contain "../" allowing a local user to "publish" any file on ++ the system. No slashes are allowed now. [Dean Gaudet] ++ ++ *) SECURITY: It was possible to violate the symlink Options using mod_dir ++ (headers, readmes, titles), mod_negotiation (type maps), or ++ mod_cern_meta (meta files). [Dean Gaudet] ++ ++ *) SECURITY: Apache will refuse to run as "User root" unless ++ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet] ++ ++ *) CONFIG: If a symlink pointed to a directory then it would be disallowed ++ if it contained a .htaccess disallowing symlinks. This is contrary ++ to the rule that symlink permissions are tested with the symlink ++ options of the parent directory. [Dean Gaudet] PR#353 ++ ++ *) CONFIG: The LockFile directive can be used to place the serializing ++ lockfile in any location. It previously defaulted to /usr/tmp/htlock. ++ [Somehow it took four of us: Randy Terbush, Jim Jagielski, Dean Gaudet, ++ Marc Slemko] ++ ++ *) Request processing now retains state of whether or not the request ++ body has been read, so that internal redirects and subrequests will ++ not try to read it twice (and block). [Roy Fielding] ++ ++ *) Add a placeholder in modules/Makefile to avoid errors with certain ++ makes. [Marc Slemko] ++ ++ *) QUERY_STRING was unescaped in mod_include, it shouldn't be. ++ [Dean Gaudet] PR#644 ++ ++ *) mod_include was not properly changing the current directory. ++ [Marc Slemko] PR#742 ++ ++ *) Attempt to work around problems with third party libraries that do not ++ handle high numbered descriptors (examples include bind, and ++ solaris libc). On all systems apache attempts to keep all permanent ++ descriptors above 15 (called the low slack line). Solaris users ++ can also benefit from adding -DHIGH_SLACK_LINE=256 to EXTRA_CFLAGS ++ which keeps all non-FILE * descriptors above 255. On all systems ++ this should make supporting large numbers of vhosts with many open ++ log files more feasible. If this causes trouble please report it, ++ you can disable this workaround by adding -DNO_SLACK to EXTRA_CFLAGS. ++ [Dean Gaudet] various PRs ++ ++ *) Related to the last entry, network sockets are now opened before ++ log files are opened. The only known case where this can cause ++ problems is under Solaris with many virtualhosts and many Listen ++ directives. But using -DHIGH_SLACK_LINE=256 described above will ++ work around this problem. [Dean Gaudet] ++ ++ *) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and ++ SunOS 4. ++ ++ *) Improved unix error response logging. [Marc Slemko] ++ ++ *) Update mod_rewrite from 3.0.5 to 3.0.6. New ruleflag ++ QSA=query_string_append. Also fixed a nasty bug in per-dir context: ++ when a URL http://... was used in conjunction with a special ++ redirect flag, e.g. R=permanent, the permanent status was lost. ++ [Ronald Tschalaer <Ronald.Tschalaer psi.ch>, Ralf S. Engelschall] ++ ++ *) If an object has multiple variants that are otherwise equal Apache ++ would prefer the last listed variant rather than the first. ++ [Paul Sutton] PR#94 ++ ++ *) "make clean" at the top level now removes *.o. [Dean Gaudet] PR#752 ++ ++ *) mod_status dumps core in inetd mode. [Marc Slemko and Roy Fielding] ++ PR#566 ++ ++ *) pregsub had an off-by-1 in its error checking code. [Alexei Kosut] ++ ++ *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333 ++ ++ *) PORT: Update UnixWare support for 2.1.2. ++ [Lawrence Rosenman <ler lerctr.org>] PR#511 ++ ++ *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim tandem.com>] PR#327 ++ ++ *) PORT: Update ConvexOS support for 11.5. ++ [David DeSimone <fox convex.com>] PR#399 ++ ++ *) PORT: Support for DEC cc compiler under ULTRIX. ++ ["P. Alejandro Lopez-Valencia" <alejolo ideam.gov.co>] PR#388 ++ ++ *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383 ++ ++ *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c. ++ [Marc Slemko] PR#725 ++ ++ *) PORT: fix problem compiling http_bprintf.c with gcc under SCO ++ [Marc Slemko] PR#695 ++ ++Changes with Apache 1.2 ++ ++Changes with Apache 1.2b11 ++ ++ *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko] ++ ++ *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl. ++ [Doug MacEachern, Rob Hartill] ++ ++ *) Proxy needs to use hard_timeout instead of soft_timeout when it is ++ reading from one buffer and writing to another, at least until it has ++ a custom timeout handler. [Roy Fielding and Petr Lampa] ++ ++ *) Fixed problem on IRIX with servers hanging in IdentityCheck, ++ apparently due to a mismatch between sigaction and setjmp. ++ [Roy Fielding] PR#502 ++ ++ *) Log correct status code if we timeout before receiving a request (408) ++ or if we received a request-line that was too long to process (414). ++ [Ed Korthof and Roy Fielding] PR#601 ++ ++ *) Virtual hosts with the same ServerName, but on different ports, were ++ not being selected properly. [Ed Korthof] ++ ++ *) Added code to return the requested IP address from proxy_host2addr() ++ if gethostbyaddr() fails due to reverse DNS lookup problems. Original ++ change submitted by Jozsef Hollosi <hollosi sbcm.com>. ++ [Chuck Murcko] PR#614 ++ ++ *) If multiple requests on a single connection are used to retrieve ++ data from different virtual hosts, the virtual host list would be ++ scanned starting with the most recently used VH instead of the first, ++ causing most virtual hosts to be ignored. ++ [Paul Sutton and Martin Mares] PR#610 ++ ++ *) The OS/2 handling of process group was broken by a porting patch for ++ MPE, so restored prior code for OS/2. [Roy Fielding and Garey Smiley] ++ ++ *) Inherit virtual server port from main server if none (or "*") is ++ given for VirtualHost. [Dean Gaudet] PR#576 ++ ++ *) If the lookup for a DirectoryIndex name with content negotiation ++ has found matching variants, but none are acceptable, return the ++ negotiation result if there are no more DirectoryIndex names to lookup. ++ [Petr Lampa and Roy Fielding] ++ ++ *) If a soft_timeout occurs after keepalive is set, then the main child ++ loop would try to read another request even though the connection ++ has been aborted. [Roy Fielding] ++ ++ *) Configure changes: Allow for whitespace at the start of a ++ Module declaration. Also, be more understanding about the ++ CC=/OPTIM= format in Configuration. Finally, fix compiler ++ flags if using HP-UX's cc compiler. [Jim Jagielski] ++ ++ *) Subrequests and internal redirects now inherit the_request from the ++ original request-line. [Roy Fielding] ++ ++ *) Test for error conditions before creating output header fields, since ++ we don't want the error message to include those fields. Likewise, ++ reset the content_language(s) and content_encoding of the response ++ before generating or redirecting to an error message, since the new ++ message will have its own Content-* definitions. [Dean Gaudet] ++ ++ *) Restored the semantics of headers_out (headers sent only with 200..299 ++ and 304 responses) and err_headers_out (headers sent with all responses). ++ Avoid the overhead of copying tables if err_headers_out is empty ++ (the usual case). [Roy Fielding] ++ ++ *) Fixed a couple places where a check for the default Content-Type was ++ not properly checking both the value configured by the DefaultType ++ directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value ++ of DEFAULT_TYPE to match the documented default (text/plain). ++ [Dean Gaudet] PR#506 ++ ++ *) Escape the HTML-sensitive characters in the Request-URI that is ++ output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501 ++ ++ *) Properly initialize the flock structures used by the mutex locking ++ around accept() when USE_FCNTL_SERIALIZED_ACCEPT is defined. ++ [Marc Slemko] ++ ++ *) The method for determining PATH_INFO has been restored to the pre-1.2b ++ (and NCSA httpd) definition wherein it was the extra path info beyond ++ the CGI script filename. The environment variable FILEPATH_INFO has ++ been removed, and instead we supply the original REQUEST_URI to any ++ script that wants to be Apache-specific and needs the real URI path. ++ This solves a problem with existing scripts that use extra path info ++ in the ScriptAlias directive to pass options to the CGI script. ++ [Roy Fielding] ++ ++ *) The _default_ change in 1.2b10 will change the behaviour on configs ++ that use multiple Listen statements for listening on multiple ports. ++ But that change is necessary to make _default_ consistent with other ++ forms of <VirtualHost>. It requires such configs to be modified ++ to use <VirtualHost _default_:*>. The documentation has been ++ updated. [Dean Gaudet] PR#530 ++ ++ *) If an ErrorDocument CGI script is used to respond to an error ++ generated by another CGI script which has already read the message ++ body of the request, the server would block trying to read the ++ message body again. [Rob Hartill] ++ ++ *) signal() replacement conflicted with a define on QNX (and potentially ++ other platforms). Fixed. [Ben Laurie] PR#512 ++ ++Changes with Apache 1.2b10 ++ ++ *) Allow HTTPD_ROOT, SERVER_CONFIG_FILE, DEFAULT_PATH, and SHELL_PATH ++ to be configured via -D in Configuration. [Dean Gaudet] PR#449 ++ ++ *) <VirtualHost _default_:portnum> didn't work properly. [Dean Gaudet] ++ ++ *) Added prototype for mktemp() for SUNOS4 [Marc Slemko] ++ ++ *) In mod_proxy.c, check return values for proxy_host2addr() when reading ++ config, in case the hostent struct returned is trash. ++ [Chuck Murcko] PR #491 ++ ++ *) Fixed the fix in 1.2b9 for parsing URL query info into args for CGI ++ scripts. [Dean Gaudet, Roy Fielding, Marc Slemko] ++ ++Changes with Apache 1.2b9 [never announced] ++ ++ *) Reset the MODULE_MAGIC_NUMBER to account for the unsigned port ++ changes and in anticipation of 1.2 final release. [Roy Fielding] ++ ++ *) Fix problem with scripts not receiving a SIGPIPE when client drops ++ the connection (e.g., when user presses Stop). Apache will now stop ++ trying to send a message body immediately after an error from write. ++ [Roy Fielding and Nathan Kurz] PR#335 ++ ++ *) Rearrange Configuration.tmpl so that mod_rewrite has higher priority ++ than mod_alias, and mod_alias has higher priority than mod_proxy; ++ rearranged other modules to enhance understanding of their purpose ++ and relative order (and maybe even reduce some overhead). ++ [Roy Fielding and Sameer Parekh] ++ ++ *) Fix graceful restart. Eliminate many signal-related race ++ conditions in both forms of restart, and in SIGTERM. See ++ htdocs/manual/stopping.html for details on stopping and ++ restarting the parent. [Dean Gaudet] ++ ++ *) Fix memory leaks in mod_rewrite, mod_browser, mod_include. Tune ++ memory allocator to avoid a behaviour that required extra blocks to ++ be allocated. [Dean Gaudet] ++ ++ *) Allow suexec to access files relative to current directory but not ++ above. (Excluding leading / or any .. directory.) [Ken Coar] ++ PR#269, 319, 395 ++ ++ *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro] ++ PR#367, 368, 354, 453 ++ ++ *) Fix the above fix: if suexec is enabled, avoid destroying r->url ++ while obtaining the /~user and save the username in a separate data ++ area so that it won't be overwritten by the call to getgrgid(), and ++ fix some misuse of the pool string allocation functions. Also fixes ++ a general problem with parsing URL query info into args for CGI scripts. ++ [Roy Fielding] PR#339, 367, 354, 453 ++ ++ *) Fix IRIX warning about bzero undefined. [Marc Slemko] ++ ++ *) Fix problem with <Directory proxy:...>. [Martin Kraemer] PR#271 ++ ++ *) Corrected spelling of "authoritative". AuthDBAuthoratative became ++ AuthDBAuthoritative. [Marc Slemko] PR#420 ++ ++ *) MaxClients should be at least 1. [Lars Eilebrecht] PR#375 ++ ++ *) The default handler now logs invalid methods or URIs (i.e. PUT on an ++ object that can't be PUT, or FOOBAR for some method FOOBAR that ++ apache doesn't know about at all). Log 404s that occur in mod_include. ++ [Paul Sutton, John Van Essen] ++ ++ *) If a soft timeout (or lingerout) occurs while trying to flush a ++ buffer or write inside buff.c or fread'ing from a CGI's output, ++ then the timeout would be ignored. [Roy Fielding] PR#373 ++ ++ *) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's ++ parsing of headers. If the terminating empty-line CRLF occurs starting ++ at the 256th or 257th byte of output, then Navigator will think a normal ++ image is invalid. We are guessing that this is because their initial ++ read of a new request uses a 256 byte buffer. We check the bytes written ++ so far and, if we are about to tickle the bug, we instead insert a ++ padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232 ++ ++ *) Fixed SIGSEGV problem when a DirectoryIndex file is also the source ++ of an external redirection. [Roy Fielding and Paul Sutton] ++ ++ *) Configure would create a broken Makefile if the configuration file ++ contained a commented-out Rule. [Roy Fielding] ++ ++ *) Promote per_dir_config and subprocess_env from the subrequest to the ++ main request in mod_negotiation. In particular this fixes a bug ++ where <Files> sections wouldn't properly apply to negotiated content. ++ [Dean Gaudet] ++ ++ *) Fix a potential deadlock in mod_cgi script_err handling. ++ [Ralf S. Engelschall] ++ ++ *) rotatelogs zero-pads the logfile names to improve alphabetic sorting. ++ [Mitchell Blank Jr] ++ ++ *) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within ++ .htaccess files because the RewriteBase was not replaced correctly. ++ Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside ++ <Directory> sections missing a trailing /. [Ralf S. Engelschall] ++ ++ *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x. For ++ 1.x the settings are those of pre-1.2b8. For 2.x we include ++ USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and ++ HAVE_SYS_RESOURCE_H (enable the RLimit commands). ++ [Dean Gaudet] PR#336, PR#340 ++ ++ *) Redirect did not preserve ?query_strings when present in the client's ++ request. [Dean Gaudet] ++ ++ *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380 ++ ++ *) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369 ++ ++ *) Add UnixWare compile/install instructions. [Chuck Murcko] ++ ++ *) Add mod_example (illustration of API techniques). [Ken Coar] ++ ++ *) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko] ++ ++ *) Improve handling of directories when filenames have spaces in them. ++ [Chuck Murcko] ++ ++ *) For hosts with multiple IP addresses, try all additional addresses if ++ necessary to get a connect. Fail only if hostent address list is ++ exhausted. [Chuck Murcko] ++ ++ *) More signed/unsigned port fixes. [Dean Gaudet] ++ ++ *) HARD_SERVER_LIMIT can be defined in the Configuration file now. ++ [Dean Gaudet] ++ ++Changes with Apache 1.2b8 ++ ++ *) suexec.c doesn't close the log file, allowing CGIs to continue writing ++ to it. [Marc Slemko] ++ ++ *) The addition of <Location> and <File> directives made the ++ sub_req_lookup_simple() function bogus, so we now handle ++ the special cases directly. [Dean Gaudet] ++ ++ *) We now try to log where the server is dumping core when a fatal ++ signal is received. [Ken Coar] ++ ++ *) Improved lingering_close by adding a special timeout, removing the ++ spurious log messages, removing the nonblocking settings (they ++ are not needed with the better timeout), and adding commentary ++ about the NO_LINGCLOSE and USE_SO_LINGER issues. NO_LINGCLOSE is ++ now the default for SunOS4, UnixWare, NeXT, and IRIX. [Roy Fielding] ++ ++ *) Send error messages about setsockopt failures to the server error ++ log instead of stderr. [Roy Fielding] ++ ++ *) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore] ++ ++ *) Stopgap solution for CGI 3-second delay with server-side includes: if ++ processing a subrequest, allocate memory from r->main->pool instead ++ of r->pool so that we can avoid waiting for free_proc_chain to cleanup ++ in the middle of an SSI request. [Dean Gaudet] PR #122 ++ ++ *) Fixed status of response when POST is received for a nonexistent URL ++ (was sending 405, now 404) and when any method is sent with a ++ full-URI that doesn't match the server and the server is not acting ++ as a proxy (was sending 501, now 403). [Roy Fielding] ++ ++ *) Host port changed to unsigned short. [Ken Coar] PR #276 ++ ++ *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246 ++ ++ *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux. [Dean Gaudet] ++ ++ *) Report extra info from errno with many errors that cause httpd to exit. ++ spawn_child, popenf, and pclosef now have valid errno returns in the ++ event of an error. Correct problems where errno was stomped on ++ before being reported. [Dean Gaudet] ++ ++ *) In the proxy, if the cache filesystem was full, garbage_coll() was ++ never called, and thus the filesystem would remain full indefinitely. ++ We now also remove incomplete cache files left if the origin server ++ didn't send a Content-Length header and either the client has aborted ++ transfer or bwrite() to client has failed. [Petr Lampa] ++ ++ *) Fixed the handling of module and script-added header fields. ++ Improved the interface for sending header fields and reduced ++ the duplication of code between sending okay responses and errors. ++ We now always send both headers_out and err_headers_out, and ++ ensure that the server-reserved fields are not being overridden, ++ while not overriding those that are not reserved. [Roy Fielding] ++ ++ *) Moved transparent content negotiation fields to err_headers_out ++ to reflect above changes. [Petr Lampa] ++ ++ *) Fixed the determination of whether or not we should make the ++ connection persistent for all of the cases where some other part ++ of the server has already indicated that we should not. Also ++ improved the ordering of the test so that chunked encoding will ++ be set whenever it is desired instead of only when KeepAlive ++ is enabled. Added persistent connection capability for most error ++ responses (those that do not indicate a bad input stream) when ++ accessed by an HTTP/1.1 client. [Roy Fielding] ++ ++ *) Added missing timeouts for sending header fields, error responses, ++ and the last chunk of chunked encoding, each of which could have ++ resulted in a process being stuck in write forever. Using soft_timeout ++ requires that the sender check for an aborted connection rather than ++ continuing after an EINTR. Timeouts that used to be initiated before ++ send_http_header (and never killed) are now initiated only within or ++ around the routines that actually do the sending, and not allowed to ++ propagate above the caller. [Roy Fielding] ++ ++ *) mod_auth_anon required an @ or a . in the email address, not both. ++ [Dirk vanGulik] ++ ++ *) per_dir_defaults weren't set correctly until directory_walk for ++ name-based vhosts. This fixes an obscure bug with the wrong config ++ info being used for vhosts that share the same ip as the server. ++ [Dean Gaudet] ++ ++ *) Improved generation of modules/Makefile to be more generic for ++ new module directories. [Ken Coar, Chuck Murcko, Roy Fielding] ++ ++ *) Generate makefile dependency for Configuration based on the actual ++ name given when running the Configure process. [Dean Gaudet] ++ ++ *) Fixed problem with vhost error log not being set prior to ++ initializing virtual hosts. [Dean Gaudet] ++ ++ *) Fixed infinite loop when a trailing slash is included after a type map ++ file URL (extra path info). [Petr Lampa] ++ ++ *) Fixed server status updating of per-connection counters. [Roy Fielding] ++ ++ *) Add documentation for DNS issues (reliability and security), and try ++ to explain the virtual host matching process. [Dean Gaudet] ++ ++ *) Try to continue gracefully by disabling the vhost if a DNS lookup ++ fails while parsing the configuration file. [Dean Gaudet] ++ ++ *) Improved calls to setsockopt. [Roy Fielding] ++ ++ *) Negotiation changes: Don't output empty content-type in variant list; ++ Output charset in variant list; Return sooner from handle_multi() if ++ no variants found; Add handling of '*' wildcard in Accept-Charset. ++ [Petr Lampa and Paul Sutton] ++ ++ *) Fixed overlaying of request/sub-request notes and headers in ++ mod_negotiation. [Dean Gaudet] ++ ++ *) If two variants' charset quality are equal and one is the default ++ charset (iso-8859-1), then prefer the variant that was specifically ++ listed in Accept-Charset instead of the default. [Petr Lampa] ++ ++ *) Memory allocation problem in push_array() -- it would corrupt memory ++ when nalloc==0. [Kai Risku <krisku tf.hut.fi> and Roy Fielding] ++ ++ *) invoke_handler() doesn't handle mime arguments in content-type ++ [Petr Lampa] PR#160 ++ ++ *) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum. ++ [Ken Coar] ++ ++ *) Fixed problem with ErrorDocument not working for virtual hosts ++ due to one of the performance changes in 1.2b7. [Dean Gaudet] ++ ++ *) Log an error message if we get a request header that is too long, ++ since it may indicate a buffer overflow attack. [Marc Slemko] ++ ++ *) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and ++ not reject URLs without a double-slash, as per RFC2068 section 3.2. ++ [Ken Coar] PR #146, #187 ++ ++ *) Added table entry placeholder for new header_parser callback ++ in all of the distributed modules. [Ken Coar] PR #191 ++ ++ *) Allow for cgi files without the .EXE extension on them under OS/2. ++ [Garey Smiley] PR #59 ++ ++ *) Fixed error message when resource is not found and URL contains ++ path info. [Petr Lampa and Dean Gaudet] PR #40 ++ ++ *) Fixed user and server confusion over what should be a virtual host ++ and what is the main server, resulting in access to something ++ other than the name defined in the virtualhost directive (but ++ with the same IP address) failing. [Dean Gaudet] ++ ++ *) Updated mod_rewrite to version 3.0.2, which: fixes compile error on ++ AIX; improves the redirection stuff to enable the users to generally ++ redirect to http, https, gopher and ftp; added TIME variable for ++ RewriteCond which expands to YYYYMMDDHHMMSS strings and added the ++ special patterns >STRING, <STRING and =STRING to RewriteCond, which ++ can be used in conjunction with %{TIME} or other variables to create ++ time-dependent rewriting rules. [Ralf S. Engelschall] ++ ++ *) bpushfd() no longer notes cleanups for the file descriptors it is handed. ++ Module authors may need to adjust their code for proper cleanup to take ++ place (that is, call note_cleanups_for_fd()). This change fixes problems ++ with file descriptors being erroneously closed when the proxy module was ++ in use. [Ben Laurie] ++ ++ *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows ++ initgroups() to hose the group information needed for later ++ comparisons. [Randy Terbush] ++ ++ *) Remove unnecessary call to va_end() in create_argv() which ++ caused a SEGV on some systems. ++ ++ *) Use proper MAXHOSTNAMELEN symbol for limiting length of server name. ++ [Dean Gaudet] ++ ++ *) Clear memory allocated for listeners. [Randy Terbush] ++ ++ *) Improved handling of IP address as a virtualhost address and ++ introduced "_default_" as a synonym for the default vhost config. ++ [Dean Gaudet] PR #212 ++ ++Changes with Apache 1.2b7 ++ ++ *) Port to UXP/DS(V20) [Toshiaki Nomura <nom yk.fujitsu.co.jp>] ++ ++ *) unset Content-Length if chunked (RFC-2068) [Petr Lampa] ++ ++ *) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159 ++ - replace protocol response numbers with symbols ++ - save variant-list into main request notes ++ - free allocated memory from subrequests ++ - merge notes, headers_out and err_headers_out ++ ++ *) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to ++ "HTTP/#.# ###*" to be more lenient about what we accept. ++ [Chuck Murcko] ++ ++ *) more proxy FTP bug fixes: ++ - Changed send_dir() to remove user/passwd from displayed URL. ++ - Changed login error messages to be more descriptive. ++ - remove setting of SO_DEBUG socket option ++ - Make ftp_getrc() more lenient about multiline responses, ++ specifically, 230 responses which don't have continuation 230- ++ on each line). These seem to be all NT FTP servers, and while ++ perhaps questionable, they appear to be legal by RFC 959. ++ - Add missing kill_timeout() after transfer to user completes. ++ [Chuck Murcko] ++ ++ *) Fixed problem where a busy server could hang when restarting ++ after being sent a SIGHUP due to child processes not exiting. ++ [Marc Slemko] ++ ++ *) Modify mod_include escaping so a '\' only signifies an escaped ++ character if the next character is one that needs ++ escaping. [Ben Laurie] ++ ++ *) Eliminated possible infinite loop in mod_imap when relative URLs are ++ used with a 'base' directive that does not have a '/' in it. ++ [Marc Slemko, reported by Onno Witvliet <onno tc.hsa.nl>] ++ ++ *) Reduced the default timeout from 1200 seconds to 300, and the ++ one in the sample configfile from 400 to 300. [Marc Slemko] ++ ++ *) Stop vbprintf from crashing if given a NULL string pointer; ++ print (null) instead. [Ken Coar] ++ ++ *) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY. ++ [Marc Slemko and Roy Fielding] ++ ++ *) Fixed problem with mod_cgi-generated internal redirects trying to ++ read the request message-body twice. [Archie Cobbs and Roy Fielding] ++ ++ *) Reduced timeout on lingering close, removed possibility of a blocked ++ read causing the child to hang, and stopped logging of errors if ++ the socket is not connected (reset by client). [Roy Fielding] ++ ++ *) Rearranged main child loop to remove duplication of code in ++ select/accept and keep-alive requests, fixed several bugs regarding ++ checking scoreboard_image for exit indication and failure to ++ account for all success conditions and trap all error conditions, ++ prevented multiple flushes before closing the socket; close the entire ++ socket buffer instead of just one descriptor, prevent logging of ++ EPROTO and ECONNABORTED on platforms where supported, and generally ++ improved readability. [Roy Fielding] ++ ++ *) Extensive performance improvements. Cleaned up inefficient use of ++ auto initializers, multiple is_matchexp calls on a static string, ++ and excessive merging of response_code_strings. [Dean Gaudet] ++ ++ *) Added double-buffering to mod_include to improve performance on ++ server-side includes. [Marc Slemko] ++ ++ *) Several fixes for suexec wrapper. [Randy Terbush] ++ - Make wrapper work for files on NFS filesystem. ++ - Fix portability problem of MAXPATHLEN. ++ - Fix array overrun problem in clean_env(). ++ - Fix allocation of PATH environment variable ++ ++ *) Removed extraneous blank line is description of mod_status chars. ++ [Kurt Kohler] ++ ++ *) Logging of errors from the call_exec routine simply went nowhere, ++ since the logfile fd has been closed, so now we send them to stderr. ++ [Harald T. Alvestrand] ++ ++ *) Fixed core dump when DocumentRoot is a CGI. ++ [Ben Laurie, reported by <geddis tesserae.com>] ++ ++ *) Fixed potential file descriptor leak in mod_asis; updated it and ++ http_core to use pfopen/pfclose instead of fopen/fclose. ++ [Randy Terbush and Roy Fielding] ++ ++ *) Fixed handling of unsigned ints in ap_snprintf() on some chips such ++ as the DEC Alpha which is 64-bit but uses 32-bit ints. ++ [Dean Gaudet and Ken Coar] ++ ++ *) Return a 302 response code to the client when sending a redirect ++ due to a missing trailing '/' on a directory instead of a 301; now ++ it is cacheable. [Markus Gyger] ++ ++ *) Fix condition where, if a bad directive occurs in .htaccess, and ++ sub_request() goes first to this directory, then log_reason() will ++ SIGSEGV because it doesn't have initialized r->per_dir_config. ++ [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet] ++ ++ *) Fix handling of lang_index in is_variant_better(). This was ++ causing problems which resulted in the server sending the ++ wrong language document in some cases. [Petr Lampa] ++ ++ *) Remove free() from clean_env() in suexec wrapper. This was nuking ++ the clean environment on some systems. ++ ++ *) Tweak byteserving code (e.g. serving PDF files) to work around ++ bugs in Netscape Navigator and Microsoft Internet Explorer. ++ Emit Content-Length header when sending multipart/byteranges. ++ [Alexei Kosut] ++ ++ *) Port to HI-UX/WE2. [Nick Maclaren] ++ ++ *) Port to HP MPE operating system for HP 3000 machines ++ [Mark Bixby <markb cccd.edu>] ++ ++ *) Fixed bug which caused a segmentation fault if only one argument ++ given to RLimit* directives. [Ed Korthof] ++ ++ *) Continue persistent connection after 204 or 304 response. [Dean Gaudet] ++ ++ *) Improved buffered output to the client by delaying the flush decision ++ until the BUFF code is actually about to read the next request. ++ This fixes a problem introduced in 1.2b5 with clients that send ++ an extra CRLF after a POST request. Also improved chunked output ++ performance by combining writes using writev() and removing as ++ many bflush() calls as possible. NOTE: Platforms without writev() ++ must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration ++ or Configure, unless we have already done so. [Dean Gaudet] ++ ++ *) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko] ++ ++ *) Fixed mod_info output corruption bug introduced by buffer overflow ++ fixes. [Dean Gaudet] ++ ++ *) Fixed http_protocol to correctly output all HTTP/1.1 headers, including ++ for the special case of a 304 response. [Paul Sutton] ++ ++ *) Improved handling of TRACE method by bypassing normal method handling ++ and header parsing routines; fixed Allow response to always allow TRACE. ++ [Dean Gaudet] ++ ++ *) Fixed compiler warnings in the regex library. [Dean Gaudet] ++ ++ *) Cleaned-up some of the generated HTML. [Ken Coar] ++ ++Changes with Apache 1.2b6 ++ ++ *) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko] ++ ++ *) Fix typo introduced in fix for potential infinite loop around ++ accept() in child_main(). This change caused the rev to 1.2b6. ++ 1.2b5 was never a public beta. ++ ++Changes with Apache 1.2b5 ++ ++ *) Change KeepAlive semantics (On|Off instead of a number), add ++ MaxKeepAliveRequests directive. [Alexei Kosut] ++ ++ *) Various NeXT compilation patches, as well as a change in ++ regex/regcomp.c since that file also used a NEXT define. ++ [Andreas Koenig] ++ ++ *) Allow * to terminate the end of a directory match in mod_dir. ++ Allows /~* to match for both /~joe and /~joe/. [David Bronder] ++ ++ *) Don't call can_exec() if suexec_enabled. Calling this requires ++ scripts executed by the suexec wrapper to be world executable, which ++ defeats one of the advantages of running the wrapper. [Randy Terbush] ++ ++ *) Portability Fix: IRIX complained with 'make clean' about *pure* (removed) ++ [Jim Jagielski] ++ ++ *) Migration from sprintf() to snprintf() to avoid buffer ++ overflows. [Marc Slemko] ++ ++ *) Provide portable snprintf() implementation (ap_snprintf) ++ as well as *cvt family. [Jim Jagielski] ++ ++ *) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion ++ [Jim Jagielski] ++ ++ *) Remove mod_fastcgi.c from the distribution. This module appears ++ to be maintained more through the Open Market channels and should ++ continue to be easily available at http://www.fastcgi.com/ ++ ++ *) Fixed bug in modules/Makefile that wouldn't allow building in more ++ than one subdirectory (or cleaning, either). [Jeremy Laidman] ++ ++ *) mod_info assumed that the config files were relative to ServerRoot. ++ [Ken the Rodent] ++ ++ *) CGI scripts called as an error document resulting from failed ++ CGI execution would hang waiting for POST'ed data. [Rob Hartill] ++ ++ *) Log reason when mod_dir returns access HTTP_FORBIDDEN ++ [Ken the Rodent] ++ ++ *) Properly check errno to prevent display of a directory index ++ when server receives a long enough URL to confuse stat(). ++ [Marc Slemko] ++ ++ *) Several security enhancements to suexec wrapper. It is _highly_ ++ recommended that previously installed versions of the wrapper ++ be replaced with this version. [Randy Terbush, Jason Dour] ++ ++ - ~user execution now properly restricted to ~user's home ++ directory and below. ++ - execution restricted to UID/GID > 100 ++ - restrict passed environment to known variables ++ - call setgid() before initgroups() (portability fix) ++ - remove use of setenv() (portability fix) ++ ++ *) Add HTTP/1.0 response forcing. [Ben Laurie] ++ ++ *) Add access control via environment variables. [Ben Laurie] ++ ++ *) Add rflush() function. [Alexei Kosut] ++ ++ *) remove duplicate pcalloc() call in new_connection(). ++ ++ *) Fix incorrect comparison which could allow number of children = ++ MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential ++ problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof] ++ ++ *) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD ++ AIX PS/2, CONVEXOS. [Jim Jagielski] ++ ++ *) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock. ++ It's more portable. [Martin Kraemer] ++ ++ *) Replace references to make in Makefile.tmpl with $(MAKE). ++ [Chuck Murcko] ++ ++ *) Add ProxyBlock directive w/IP address caching. Add IP address ++ caching to NoCache directive as well. ProxyBlock works with all ++ handlers; NoCache now also works with FTP for anonymous logins. ++ Still more code cleanup. [Chuck Murcko] ++ ++ *) Add "header parse" API hook [Ben Laurie] ++ ++ *) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko] ++ ++ *) suEXEC wrapper was freeing memory that had not been malloc'ed. ++ ++ *) Correctly allow access and auth directives in <Files> sections in ++ server config files. [Alexei Kosut] ++ ++ *) Fix bug with ServerPath that could cause certain files to be not ++ found by the server. [Alexei Kosut] ++ ++ *) Fix handling of ErrorDocument so that it doesn't remove a trailing ++ double-quote from text and so that it properly checks for unsupported ++ status codes using the new index_of_response interface. [Roy Fielding] ++ ++ *) Multiple fixes to the lingering_close code in order to avoid being ++ interrupted by a stray timeout, to avoid lingering on a connection ++ that has already been aborted or never really existed, to ensure that ++ we stop lingering as soon as any error condition is received, and to ++ prevent being stuck indefinitely if the read blocks. Also improves ++ reporting of error conditions. [Marc Slemko and Roy Fielding] ++ ++ *) Fixed initialization of parameter structure for sigaction. ++ [<mgyger itr.ch>, Adrian Filipi-Martin] ++ ++ *) Fixed reinitializing the parameters before each call to accept and ++ select, and removed potential for infinite loop in accept. ++ [Roy Fielding, after useful PR from <adrian virginia.edu>] ++ ++ *) Fixed condition where, if a child fails to fork, the scoreboard would ++ continue to say SERVER_STARTING forever. Eventually, the main process ++ would refuse to start new children because count_idle_servers() will ++ count those SERVER_STARTING entries and will always report that there ++ are enough idle servers. [Phillip Vandry] ++ ++ *) Fixed bug in bcwrite regarding failure to account for partial writes. ++ Avoided calling bflush() when the client is pipelining requests. ++ Removed unnecessary flushes from http_protocol. [Dean Gaudet] ++ ++ *) Added description of "." mode in server-status [Jim Jagielski] ++ ++Changes with Apache 1.2b4 ++ ++ *) Fix possible race condition in accept_mutex_init() that ++ could leave a small security hole open allowing files to be ++ overwritten in cases where the server UID has write permissions. ++ [Marc Slemko] ++ ++ *) Fix awk compatibilty problem in Configure. [Jim Jagielski] ++ ++ *) Fix portablity problem in util_script where ARG_MAX may not be ++ defined for some systems. ++ ++ *) Add changes to allow compilation on Machten 4.0.3 for PowerPC. ++ [Randal Schwartz] ++ ++ *) OS/2 changes to support an MMAP style scoreboard file and UNIX ++ style magic #! token for better script portability. [Garey Smiley] ++ ++ *) Fix bug in suexec wrapper introduced in b3 that would cause failed ++ execution for ~userdir CGI. [Jason Dour] ++ ++ *) Fix initgroups() business in suexec wrapper. [Jason Dour] ++ ++ *) Fix month off by one in suexec wrapper logging. ++ ++Changes with Apache 1.2b3: ++ ++ *) Fix error in mod_cgi which could cause resources not to be properly ++ freed, or worse. [Dean Gaudet] ++ ++ *) Fix find_string() NULL pointer dereference. [Howard Fear] ++ ++ *) Add set_flag_slot() at the request of Dirk and others. ++ [Dirk vanGulik] ++ ++ *) Sync mod_rewrite with patch level 10. [Ralf Engelschall] ++ ++ *) Add changes to improve the error message given for invalid ++ ServerName parameters. [Dirk vanGulik] ++ ++ *) Add "Authoritative" directive for Auth modules that don't ++ currently have it. This gives admin control to assign authoritative ++ control to an authentication scheme and allow "fall through" for ++ those authentication modules that aren't "Authoritative" thereby ++ allowing multiple authentication mechanisms to be chained. ++ [Dirk vanGulik] ++ ++ *) Remove requirement for ResourceConfig/AccessConfig if not using ++ the three config file layout. [Randy Terbush] ++ ++ *) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko] ++ ++ *) Changes to suexec wrapper to fix the following problems: ++ 1. symlinked homedirs will kill ~userdirs. ++ 2. initgroups() on Linux 2.0.x clobbers gr->grid. ++ 3. CGI command lines paramters problems ++ 4. pw-pwdir for "docroot check" still the httpd user's pw record. ++ [Randy Terbush, Jason Dour] ++ ++ *) Change create_argv() to accept variable arguments. This fixes ++ a problem where arguments were not getting passed to the CGI via ++ argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz] ++ ++ *) Collapse multiple slashes in path URLs to properly apply ++ handlers defined by <Location>. [Alexei Kosut] ++ ++ *) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX. ++ ++ *) Improve the accuracy of request duration timings by setting ++ r->request_time in read_request_line() instead of read_request(). ++ [Dean Gaudet] ++ ++ *) Reset timeout while reading via get_client_block() in mod_cgi.c ++ Fixes problem with timed out transfers of large files. [Rasmus Lerdorf] ++ ++ *) Add the ability to pass different Makefile.tmpl files to Configure ++ using the -make flag. [Rob Hartill] ++ ++ *) Fix coredump triggered when sending a SIGHUP to the server caused ++ by an assertion failure, in turn caused by an uninitialised field in a ++ listen_rec. ++ [Ben Laurie] ++ ++ *) Add FILEPATH_INFO variable to CGI environment, which is equal to ++ PATH_INFO from previous versions of Apache (in certain situations, ++ Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut] ++ [later removed in 1.2b11] ++ ++ *) Add rwrite() function to API to allow for sending strings of ++ arbitrary length. [Doug MacEachern] ++ ++ *) Remove rlim_t typedef for NetBSD. Do older versions need this? ++ ++ *) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for ++ NeXT. [Jim Jagielski] ++ ++ *) Removed recent modification to promote the status code on internal ++ redirects, since the correct fix was to change the default log format ++ in mod_log_config so that it outputs the original status. [Rob Hartill] ++ ++Changes with Apache 1.2b2: ++ ++ *) Update set_signals() to use sigaction() for setting handlers. ++ This appears to fix a re-entrant problem in the seg_fault() ++ bus_error() handlers. [Randy Terbush] ++ ++ *) Changes to allow mod_status compile for OS/2 [Garey Smiley] ++ ++ *) changes for DEC AXP running OSF/1 v3.0. [Marc Evans] ++ ++ *) proxy_http.c bugfixes: [Chuck Murcko] ++ 1) fixes possible NULL pointer reference w/NoCache ++ 2) fixes NoCache behavior when using ProxyRemote (ProxyRemote ++ host would cache nothing if it was in the local domain, ++ and the local domain was in the NoCache list) ++ 3) Adds Host: header when not available ++ 4) Some code cleanup and clarification ++ ++ *) mod_include.c bugfixes: ++ 1) Fixed an ommission that caused include variables to not ++ be parsed in config errmsg directives [Howard Fear] ++ 2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut] ++ 3) Patch to fix compiler warnings [<perrot lal.in2p3.fr>] ++ 4) Allow backslash-escaping to all quoted text ++ [Ben Yoshino <ben wiliki.eng.hawaii.edu>] ++ 5) Pass variable to command line if not set in XSSI's env ++ [Howard Fear] ++ ++ *) Fix infinite loop when processing Content-language lines in ++ type-map files. [Alexei Kosut] ++ ++ *) Closed file-globbing hole in test-cgi script. [Brian Behlendorf] ++ ++ *) Fixed problem in set_[user|group] that prevented CGI execution ++ for non-virtualhosts when suEXEC was enabled. [Randy Terbush] ++ ++ *) Added PORTING information file. [Jim Jagielski] ++ ++ *) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie] ++ ++ *) Changed default group to "nogroup" instead of "nobody" [Randy Terbush] ++ ++ *) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where ++ USE_FCNTL_SERIALIZED_ACCEPT was intended. ++ ++ *) Fixed additional uses of 0xffffffff where INADDR_NONE was intended, ++ which caused problems of systems where socket s_addr is >32bits. ++ ++ *) Added comment to explain (r->chunked = 1) side-effect in ++ http_protocol.c [Roy Fielding] ++ ++ *) Replaced use of index() in mod_expires.c with more appropriate ++ and portable isdigit() test. [Ben Laurie] ++ ++ *) Updated Configure for ... ++ OS/2 (DEF_WANTHSREGEX=yes, other code changes) ++ *-dg-dgux* (bad pattern match) ++ QNX (DEF_WANTHSREGEX=yes) ++ *-sunos4* (DEF_WANTHSREGEX=yes, -DUSEBCOPY) ++ *-ultrix (new) ++ *-unixware211 (new) ++ and added some user diagnostic info. [Ben Laurie] ++ ++ *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation ++ for better portability. [Jim Jagielski] ++ ++ *) Updated helpers/GuessOS for ... ++ SCO 5 (recognize minor releases) ++ SCO UnixWare (braindamaged uname, whatever-whatever-unixware2) ++ SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h) ++ IRIX64 (-sgi-irix64) ++ ULTRIX (-unknown-ultrix) ++ SINIX (-whatever-sysv4) ++ NCR Unix (-ncr-sysv4) ++ and fixed something in helpers/PrintPath [Ben Laurie] ++ ++Changes with Apache 1.2b1 ++ ++ *) Not listed. See <http://www.apache.org/docs/new_features_1_2.html> ++ ++Changes with Apache 1.1.1 ++ ++ *) Fixed bug where Cookie module would make two entries in the ++ logfile for each access [Mark Cox] ++ ++ *) Fixed bug where Redirect in .htaccess files would cause memory ++ leak. [Nathan Neulinger] ++ ++ *) MultiViews now works correctly with AddHandler [Alexei Kosut] ++ ++ *) Problems with mod_auth_msql fixed [Dirk vanGulik] ++ ++ *) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon. ++ ++Changes with Apache 1.1.0 ++ ++ *) Bring NeXT support up to date. [Takaaki Matsumoto] ++ ++ *) Bring QNX support up to date. [Ben Laurie] ++ ++ *) Make virtual hosts default to main server keepalive parameters. ++ [Alexei Kosut, Ben Laurie] ++ ++ *) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut] ++ ++ *) Fix missing address family for connect, also remove unreachable statement ++ in mod_proxy. [Ben Laurie] ++ ++ *) mod_env now turned on by default in Configuration.tmpl. ++ ++ *) Bugs which were fixed: ++ a) yet more mod_proxy bugs [Ben Laurie] ++ b) CGI works again with inetd [Alexei Kosut] ++ c) Leading colons were stripped from passwords [<osm interguide.com>] ++ d) Another fix to multi-method Limit problem [<jk tools.de>] ++ ++Changes with Apache 1.1b4 ++ ++ *) r->bytes_sent variable restored. [Robert Thau] ++ ++ *) Previously broken multi-method <Limit> parsing fixed. [Robert Thau] ++ ++ *) More possibly unsecure programs removed from the support directory. ++ ++ *) More mod_auth_msql authentication improvements. ++ ++ *) VirtualHosts based on Host: headers no longer conflict with the ++ Listen directive. ++ ++ *) OS/2 compatibility enhancements. [Gary Smiley] ++ ++ *) POST now allowed to directory index CGI scripts. ++ ++ *) Actions now work with files of the default type. ++ ++ *) Bugs which were fixed: ++ a) more mod_proxy bugs ++ b) early termination of inetd requests ++ c) compile warnings on several systems ++ d) problems when scripts stop reading output early ++ ++Changes with Apache 1.1b3 ++ ++ *) Much of cgi-bin and all of cgi-src has been removed, due to ++ various security holes found and that we could no longer support ++ them. ++ ++ *) The "Set-Cookie" header is now special-cased to not merge multiple ++ instances, since certain popular browsers can not handle multiple ++ Set-Cookie instructions in a single header. [Paul Sutton] ++ ++ *) rprintf() added to buffer code, occurrences of sprintf removed. ++ [Ben Laurie] ++ ++ *) CONNECT method for proxy module, which means tunneling SSL should work. ++ (No crypto needed) Also a NoCache config directive. ++ ++ *) Several API additions: pstrndup(), table_unset() and get_token() ++ functions now available to modules. ++ ++ *) mod_imap fixups, in particular Location: headers are now complete ++ URL's. ++ ++ *) New "info" module which reports on installed module set through a ++ special URL, a la mod_status. ++ ++ *) "ServerPath" directive added - allows for graceful transition ++ for Host:-header-based virtual hosts. ++ ++ *) Anonymous authentication module improvements. ++ ++ *) MSQL authentication module improvements. ++ ++ *) Status module design improved - output now table-based. [Ben Laurie] ++ ++ *) htdigest utility included for use with digest authentication ++ module. ++ ++ *) mod_negotiation: Accept values with wildcards to be treated with ++ less priority than those without wildcards at the same quality ++ value. [Alexei Kosut] ++ ++ *) Bugs which were fixed: ++ a) numerous mod_proxy bugs ++ b) CGI early-termination bug [Ben Laurie] ++ c) Keepalives not working with virtual hosts ++ d) RefererIgnore problems ++ e) closing fd's twice in mod_include (causing core dumps on ++ Linux and elsewhere). ++ ++Changes with Apache 1.1b2 ++ ++ *) Bugfixes: ++ a) core dumps in mod_digest ++ b) truncated hostnames/ip address in the logs ++ c) relative URL's in mod_imap map files ++ ++Changes with Apache 1.1b1 ++ ++ *) Not listed. See <http://www.apache.org/docs/new_features_1_1.html> ++ ++Changes with Apache 1.0.3 ++ ++ *) Internal redirects which occur in mod_dir.c now preserve the ++ query portion of a request (the bit after the question mark). ++ [Adam Sussman] ++ ++ *) Escape active characters '<', '>' and '&' in html output in ++ directory listings, error messages and redirection links. ++ [David Robinson] ++ ++ *) Apache will now work with LynxOS 2.3 and later [Steven Watt] ++ ++ *) Fix for POSIX compliance in waiting for processes in alloc.c. ++ [Nick Williams] ++ ++ *) setsockopt no longer takes a const declared argument [Martijn Koster] ++ ++ *) Reset timeout timer after each successful fwrite() to the network. ++ This patch adds a reset_timeout() procedure that is called by ++ send_fd() to reset the timeout ever time data is written to the net. ++ [Nathan Schrenk] ++ ++ *) timeout() signal handler now checks for SIGPIPE and reports ++ lost connections in a more user friendly way. [Rob Hartill] ++ ++ *) Location of the "scoreboard" file which used to live in /tmp is ++ now configurable (for OSes that can't use mmap) via ScoreBoardFile ++ which works similar to PidFile (in httpd.conf) [Rob Hartill] ++ ++ *) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh] ++ ++ *) the pstrcat call in mod_cookies.c didn't have an ending NULL, ++ which caused a SEGV with cookies enabled ++ ++ *) Output warning when MinSpareServers is set to <= 0 and change it to 1 ++ [Rob Hartill] ++ ++ *) Log the UNIX textual error returned by some system calls, in ++ particular errors from accept() [David Robinson] ++ ++ *) Add strerror function to util.c for SunOS4 [Randy Terbush] ++ ++Changes with Apache 1.0.2 ++ ++ *) patch to get Apache compiled on UnixWare 2.x, recommended as ++ a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko] ++ ++ *) Fix get_basic_auth_pw() to set the auth_type of the request. ++ [David Robinson] ++ ++ *) past changes to http_config.c to only use the ++ setrlimit function on systems defining RLIMIT_NOFILE ++ broke the feature on SUNOS4. Now defines HAVE_RESOURCE ++ for SUNOS and prototypes the needed functions. ++ ++ *) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines. ++ [David Robinson] ++ ++ *) Fix use of pointer to scratch memory. [Cliff Skolnick] ++ ++ *) Merge multiple headers from CGI scripts instead of taking last ++ one. [David Robinson] ++ ++ *) Add support for SCO 5. [Ben Laurie] ++ ++Changes with Apache 1.0.1 ++ ++ *) Silence mod_log_referer and mod_log_agent if not configured ++ [Randy Terbush] ++ ++ *) Recursive includes can occur if the client supplies PATH_INFO data ++ and the server provider uses relative links; as file.html ++ relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson] ++ ++ *) The replacement for initgroups() did not call {set,end}grent(). This ++ had two implications: if anything else used getgrent(), then ++ initgroups() would fail, and it was consuming a file descriptor. ++ [Ben Laurie] ++ ++ *) On heavily loaded servers it was possible for the scoreboard to get ++ out of sync with reality, as a result of a race condition. ++ The observed symptoms are far more Apaches running than should ++ be, and heavy system loads, generally followed by catastrophic ++ system failure. [Ben Laurie] ++ ++ *) Fix typo in license. [David Robinson] ++ ++Changes with Apache 1.0.0 23 Nov 1995 ++ ++ *) Not listed. See <http://www.apache.org/docs/new_features_1_0.html> ++ ++Changes with Apache 0.8.16 05 Nov 1995 ++ ++ *) New man page for 'httpd' added to support directory [David Robinson] ++ ++ *) .htgroup files can have more than one line giving members for a ++ given group (each must have the group name in front), for NCSA ++ back-compatibility [Robert Thau] ++ ++ *) Mutual exclusion around accept() is on by default for SVR4 systems ++ generally, since they generally can't handle multiple processes in ++ accept() on the same socket. This should cure flaky behavior on ++ a lot of those systems. [David Robinson] ++ ++ *) AddType, AddEncoding, and AddLanguage directives take multiple ++ extensions on a single command line [David Robinson] ++ ++ *) UserDir can be disabled for a given virtual host by saying ++ "UserDir disabled" in the <VirtualHost> section --- it was a bug ++ that this didn't work. [David Robinson] ++ ++ *) Compiles on QNX [Ben Laurie] ++ ++ *) Corrected parsing of ctime time format [David Robinson] ++ ++ *) httpd does a perror() before exiting if it can't log its pid ++ to the PidFile, to make diagnosing the error a bit easier. ++ [David Robinson] ++ ++ *) <!--#include file="..."--> can no longer include files in the ++ parent directory, for NCSA back-compatibility. [David Robinson] ++ ++ *) '~' is *not* escaped in URIs generated for directory listings ++ [Roy Fielding] ++ ++ *) Eliminated compiler warning in the imagemap module [Randy Terbush] ++ ++ *) Fixed bug involving handling URIs with escaped %-characters ++ in redirects [David Robinson] ++ ++Changes with Apache 0.8.15 14 Oct 1995 ++ ++ *) Switched to new, simpler license ++ ++ *) Eliminated core dumps with improperly formatted DBM group files [Mark Cox] ++ ++ *) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie] ++ ++ *) Reject paths containing %-escaped '%' or null characters [David Robinson] ++ ++ *) Correctly handles internal redirects to files with names containing '%' ++ [David Robinson] ++ ++ *) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson] ++ ++ *) Use geteuid() rather than getuid() to see if we have root privilege, ++ so that server correctly resets privilege if run setuid root. [Andrew ++ Wilson] ++ ++ *) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module) ++ [Randy Terbush] ++ ++ *) Fix relative URLs in imagemap files [Randy Terbush] ++ ++ *) Somewhat better fix for the old "Alias /foo/ /bar/" business ++ [David Robinson] ++ ++ *) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost> ++ entries all name the same one. [David Robinson] ++ ++ *) Fix directory listings with filenames containing unusual characters ++ [David Robinson] ++ ++ *) Better URI-escaping for generated URIs in directories with filenames ++ containing unusual characters [Ben Laurie] ++ ++ *) Fixed potential FILE* leak in http_main.c [Ben Laurie] ++ ++ *) Unblock alarms on error return from spawn_child() [David Robinson] ++ ++ *) Sample Config files have extra note for SCO users [Ben Laurie] ++ ++ *) Configuration has note for HP-UX users [Rob Hartill] ++ ++ *) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh] ++ ++ *) Nuked bogus #define in httpd.h [David Robinson] ++ ++ *) Better test for whether a system has setrlimit() [David Robinson] ++ ++ *) Calls update_child_status() after reopen_scoreboard() [David Robinson] ++ ++ *) Doesn't send itself SIGHUP on startup when run in the -X debug-only mode ++ [Ben Laurie] ++ ++Changes with Apache 0.8.14 19 Sep 1995 ++ ++ *) Compiles on SCO ODT 3.0 [Ben Laurie] ++ ++ *) AddDescription works (better) [Ben Laurie] ++ ++ *) Leaves an intelligible error diagnostic when it can't set group ++ privileges on standalone startup [Andrew Wilson] ++ ++ *) Compiles on NeXT again --- the 0.8.13 RLIMIT patch was failing on ++ that machine, which claims to be BSD but does not support RLIMIT. ++ [Randy Terbush] ++ ++ *) gcc -Wall no longer complains about an unused variable when util.c ++ is compiled with -DMINIMAL_DNS [Andrew Wilson] ++ ++ *) Nuked another compiler warning for -Wall on Linux [Aram Mirzadeh] ++ ++Changes with Apache 0.8.13 07 Sep 1995 ++ ++ *) Make IndexIgnore *work* (ooops) [Jarkko Torppa] ++ ++ *) Have built-in imagemap code recognize & honor Point directive [James ++ Cloos] ++ ++ *) Generate cleaner directory listings in directories with a mix of ++ long and short filenames [Rob Hartill] ++ ++ *) Properly initialize dynamically loaded modules [Royston Shufflebotham] ++ ++ *) Properly default ServerName for virtual servers [Robert Thau] ++ ++ *) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush, ++ Paul Richards and a cast of thousands...] ++ ++ *) On self-identified BSD systems (we don't try to guess any more), ++ allocate a few extra file descriptors per virtual host with setrlimit, ++ if we can, to avoid running out. [Randy Terbush] ++ ++ *) Write 22-character lock file name into buffer with enough space ++ on startup [Konstantin Olchanski] ++ ++ *) Use archaic setpgrp() interface on NeXT, which requires it [Brian ++ Pinkerton] ++ ++ *) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh] ++ ++ *) Suppress -Wall warning by initializing variable in negotiation code ++ [Tobias Weingartner] ++ ++Changes with Apache 0.8.12 31 Aug 1995 ++ ++ *) Doesn't pause three seconds after including a CGI script which is ++ too slow to die off (this is done by not even trying to kill off ++ subprocesses, including the SIGTERM/pause/SIGKILL routine, until ++ after the entire document has been processed). [Robert Thau] ++ ++ *) Doesn't do SSI if Options Includes is off. (Ooops). [David Robinson] ++ ++ *) Options IncludesNoExec allows inclusion of at least text/* [Roy Fielding] ++ ++ *) Allows .htaccess files to override <Directory> sections naming the ++ same directory [David Robinson] ++ ++ *) Removed an efficiency hack in sub_req_lookup_uri which was ++ causing certain extremely marginal cases (e.g., ScriptAlias of a ++ *particular* index.html file) to fail. [David Robinson] ++ ++ *) Doesn't log an error when the requested URI requires ++ authentication, but no auth header line was supplied by the ++ client; this is a normal condition (the client doesn't no auth is ++ needed here yet). [Robert Thau] ++ ++ *) Behaves more sanely when the name server loses its mind [Sean Welch] ++ ++ *) RFC931 code compiles cleanly on old BSDI releases [Randy Terbush] ++ ++ *) RFC931 code no longer passes out name of prior clients on current ++ requests if the current request came from a server that doesn't ++ do RFC931. [David Robinson] ++ ++ *) Configuration script accepts "Module" lines with trailing whitespace. ++ [Robert Thau] ++ ++ *) Cleaned up compiler warning from mod_access.c [Robert Thau] ++ ++ *) Cleaned up comments in mod_cgi.c [Robert Thau] ++ ++Changes with Apache 0.8.11 24 Aug 1995 ++ ++ *) Wildcard <Directory> specifications work. [Robert Thau] ++ ++ *) Doesn't loop for buggy CGI on Solaris [Cliff Skolnick] ++ ++ *) Symlink checks (FollowSymLinks off, or SymLinkIfOwnerMatch) always check ++ the file being requested itself, in addition to the directories leading ++ up to it. [Robert Thau] ++ ++ *) Logs access failures due to symlink checks or invalid client address ++ in the error log [Roy Fielding, Robert Thau] ++ ++ *) Symlink checks deal correctly with systems where lstat of ++ "/path/to/some/link/" follows the link. [Thau, Fielding] ++ ++ *) Doesn't reset DirectoryIndex to 'index.html' when ++ other directory options are set in a .htaccess file. [Robert Thau] ++ ++ *) Clarified init code and nuked bogus warning in mod_access.c ++ [Florent Guillaume] ++ ++ *) Corrected several directives in sample srm.conf ++ --- includes corrections to directory indexing icon-related directives ++ (using unknown.gif rather than unknown.xbm as the DefaultIcon, doing ++ icons for encodings right, and turning on AddEncoding by default). ++ [Roy Fielding] ++ ++ *) Corrected descriptions of args to AddIcon and AddAlt in command table ++ [James Cloos] ++ ++ *) INSTALL & README mention "contributed modules" directory [Brian ++ Behlendorf] ++ ++ *) Fixed English in the license language... "for for" --> "for". ++ [Roy Fielding] ++ ++ *) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to ++ mod_alias.c, merging it almost completely with handling of Alias, and ++ adding a 'notes' field to the request_rec which allows the CGI module ++ to discover whether the Alias module has put this request through ++ ScriptAlias (which it needs to know for back-compatibility, as the old ++ NCSA code did not check Options ExecCGI in ScriptAlias directories). ++ [Robert Thau] ++ ++Changes with Apache 0.8.10 18 Aug 1995 ++ ++ *) AllowOverride applies to the named directory, and not just ++ subdirectories. [David Robinson] ++ ++ *) Do locking for accept() exclusion (on systems that need it) ++ using a special file created for the purpose in /usr/tmp, and ++ not the error log; using the error log causes real problems ++ if it's NFS-mounted; this is known to be the cause of a whole ++ lot of "server hang" problems with Solaris. [David Robinson; ++ thanks to Merten Schumann for help diagnosing the problem]. ++ ++Changes with Apache 0.8.9 12 Aug 1995 ++ ++ *) Compiles with -DMAXIMUM_DNS ---- ooops! [Henrik Mortensen] ++ ++ *) Nested includes see environment variables of the including document, ++ for NCSA bug-compatibility (some sites have standard footer includes ++ which try to print out the last-modified date). [Eric Hagberg/Robert ++ Thau] ++ ++ *) <!--exec cgi="/some/uri/here"--> always treats the item named by the ++ URI as a CGI script, even if it would have been treated as something ++ else if requested directly, for NCSA back-compatibility. (Note that ++ this means that people who know the name of the script can see the ++ code just by asking for it). [Robert Thau] ++ ++ *) New version of dbmmanage script included in support directory as ++ dbmmanage.new. ++ ++ *) Check if scoreboard file couldn't be opened, and say so, rather ++ then going insane [David Robinson] ++ ++ *) POST to CGI works on A/UX [Jim Jagielski] ++ ++ *) AddIcon and AddAlt commands work properly [Rob Hartill] ++ ++ *) NCSA server push works properly --- the Arena bug compatibility ++ workaround, which broke it, is gone (use -DARENA_BUG_WORKAROUND ++ if you still want the workaround). [Rob Hartill] ++ ++ *) If client didn't submit any Accept-encodings, ignore encodings in ++ content negotiation. (NB this will all have to be reworked anyway ++ for the new HTTP draft). [Florent Guillaume] ++ ++ *) Don't dump core when trying to log timed-out requests [Jim Jagielski] ++ ++ *) Really honor CacheNegotiatedDocs [Florent Guillaume] ++ ++ *) Give Redirect priority over Alias, for NCSA bug compatibility ++ [David Robinson] ++ ++ *) Correctly set PATH_TRANSLATED in all cases from <!--#exec cmd=""-->, ++ paralleling earlier bug fix for CGI [David Robinson] ++ ++ *) If DBM auth is improperly configured, report a server error and don't ++ dump core. ++ ++ *) Deleted FCNTL_SERIALIZED_ACCEPTS from conf.h entry for A/UX; ++ it seems to work well enough without it (even in a 10 hits/sec ++ workout), and the overhead for the locking under A/UX is ++ alarmingly high (though it is very low on other systems). ++ [Eric Hagberg, Jim Jagielski] ++ ++ *) Fixed portability problems with mod_cookies.c [Cliff Skolnick] ++ ++ *) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian ++ Behlendorf/Eric Hagberg] ++ ++ *) More improvements to default Configuration for A/UX [Jim Jagielski] ++ ++ *) Compiles clean on NEXT [Rob Hartill] ++ ++ *) Compiles clean on SGI [Robert Thau] ++ ++Changes with Apache 0.8.8 08 Aug 1995 ++ ++ *) SunOS library prototypes now never included unless explicitly ++ requested in the configuration (via -DSUNOS_LIB_PROTOTYPES); ++ people using GNU libc on SunOS are screwed by prototypes for the ++ standard library. ++ ++ (Those who wish to compile clean with gcc -Wall on a standard ++ SunOS setup need the prototypes, and may obtain them using ++ -DSUNOS_LIB_PROTOTYPES. Those wishing to use -Wall on a system ++ with nonstandard libraries are presumably competent to make their ++ own arrangements). ++ ++ *) Strips trailing '/' characters off both args to the Alias command, ++ to make 'Alias /foo/ /bar/' work. ++ ++Changes with Apache 0.8.7 03 Aug 1995 ++ ++ *) Don't hang when restarting with a child from 'TransferLog "|..."' running ++ [reported by David Robinson] ++ ++ *) Compiles clean on OSF/1 [David Robinson] ++ ++ *) Added some of the more recent significant changes (AddLanguage stuff, ++ experimental LogFormat support) to CHANGES file in distribution root ++ directory ++ ++Changes with Apache 0.8.6 02 Aug 1995 ++ ++ *) Deleted Netscape reload workaround --- it's in violation of HTTP specs. ++ (If you actually wanted a conditional GET which bypassed the cache, you ++ couldn't get it). [Reported by Roy Fielding] ++ ++ *) Properly terminate headers on '304 Not Modified' replies to conditional ++ GETs --- no browser we can find cares much, but the CERN proxy chokes. ++ [Reported by Cliff Skolnick; fix discovered independently by Rob Hartill] ++ ++ *) httpd -v doesn't call itself "Shambhala". [Reported by Chuck Murcko] ++ ++ *) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__, ++ not __SUNPRO_C (they're needed to quiet gcc -Wall, but acc chokes on 'em, ++ and older versions don't set the __SUNPRO_C preprocessor variable). On ++ all other systems, these are never used anyway. [Reported by Mark Cox]. ++ ++ *) Scoreboard file (/tmp/htstatus.*) no longer publically writable. ++ ++Changes with Apache 0.8.5 01 Aug 1995 ++ ++ *) Added last-minute configurable log experiment, as optional module ++ ++ *) Correctly set r->bytes_sent for HTTP/0.9 requests, so they get logged ++ properly. (One-line fix to http_protocol.c). ++ ++ *) Work around bogus behavior when reloading from Netscape. ++ It's Netscape's bug --- for some reason they expect a request with ++ If-modified-since: to not function as a conditional GET if it also ++ comes with Pragma: no-cache, which is way out of line with the HTTP ++ spec (according to Roy Fielding, the redactor). ++ ++ *) Added parameter to set maximum number of server processes. ++ ++ *) Added patches to make it work on A/UX. A/UX is *weird*. [Eric Hagberg, ++ Jim Jagielski] ++ ++ *) IdentityCheck bugfix [Chuck Murcko]. ++ ++ *) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut] ++ ++ *) More sample config file corrections; add extension to AddType for ++ *.asis, move AddType generic description to its proper place, and ++ fix miscellaneous typos. [ Alexei Kosut ] ++ ++ *) Deleted the *other* reference to the regents from the Berkeley ++ legal disclaimer (everyplace). ++ ++ *) Nuked Shambhala name from src/README; had already cleaned it out ++ of everywhere else. ++ ++Changes with Apache 0.8.4 ++ ++ *) Changes to server-pool management parms --- renamed current ++ StartServers to MinSpareServers, created separate StartServers ++ parameter which means what it says, and renamed MaxServers to ++ MaxSpareServers (though the old name still works, for NCSA 1.4 ++ back-compatibility). The old names were generally regarded as ++ too confusing. Also altered "docs" in sample config files. ++ ++ *) More improvements to default config files --- ++ sample directives (commented out) for XBitHack, BindAddress, ++ CacheNegotiatedDocs, VirtualHost; decent set of AddLanguage ++ defaults, AddTypes for send-as-is and imagemap magic types, and ++ improvements to samples for DirectoryIndex [Alexei Kosut] ++ ++ *) Yet more improvements to default config files --- changes to ++ Alexei's sample AddLanguage directives, and sample LanguagePriority ++ [ Florent Guillaume ] ++ ++ *) Set config file locations properly if not set in httpd.conf ++ [ David Robinson ] ++ ++ *) Don't escape URIs in internal redirects multiple times; don't ++ do that when translating PATH_INFO to PATH_TRANSLATED either. ++ [ David Robinson ] ++ ++ *) Corrected spelling of "Required" in 401 error reports [Andrew Wilson] ++ ++Changes with Apache 0.8.3 ++ ++ *) Edited distribution README to *briefly* summarize installation ++ procedures, and give a pointer to the INSTALL file in the src/ ++ directory. ++ ++ *) Upgraded imagemap script in cgi-bin to 1.8 version from more ++ recent NCSA distributions. ++ ++ *) Bug fix to previous bug fix --- if .htaccess file and <Directory> ++ exist for the same directory, use both and don't segfault. [Reported ++ by David Robinson] ++ ++ *) Proper makefile dependencies [David Robinson] ++ ++ *) Note (re)starts in error log --- reported by Rob Hartill. ++ ++ *) Only call no2slash() after get_path_info() has been done, to ++ preserve multiple slashes in the PATH_INFO [NCSA compatibility, ++ reported by Andrew Wilson, though this one is probably a real bug] ++ ++ *) Fixed mod_imap.c --- relative paths with base_uri referer don't ++ dump core when Referer is not supplied. [Randy Terbush] ++ ++ *) Lightly edited sample config files to refer people to our documentation ++ instead of NCSA's, and to list Rob McCool as *original* author (also ++ deleted his old, and no doubt non-functional email address). Would be ++ nice to have examples of new features... ++ ++Changes with Apache 0.8.2 19 Jul 1995 ++ ++ *) Added AddLanuage code [Florent Guillaume] ++ ++ *) Don't say "access forbidden" when a CGI script is not found. [Mark Cox] ++ ++ *) All sorts of problems when MultiViews finds a directory. It would ++ be nice if mod_dir.c was robust enough to handle that, but for now, ++ just punt. [reported by Brian Behlendorf] ++ ++ *) Wait for all children on restart, to make sure that the old socket ++ is gone and we can reopen it. [reported by Randy Terbush] ++ ++ *) Imagemap module is enabled in default Configuration ++ ++ *) RefererLog and UserAgentLog modules properly default the logfile ++ [Randy Terbush] ++ ++ *) Mark Cox's mod_cookies added to the distribution as an optional ++ module (commented out in the default Configuration, and noted as ++ an experiment, along with mod_dld). [Mark Cox] ++ ++ *) Compiles on ULTRIX (a continuing battle...). [Robert Thau] ++ ++ *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush] ++ ++ *) Changed "Shambhala" to "Apache" in API docs. [Robert Thau] ++ ++ *) Added new, toothier legal disclaimer. [Robert Thau; copied from BSD ++ license] ++ ++Changes with Apache 0.8.1 ++ ++ *) New imagemap module [Randy Terbush] ++ ++ *) Replacement referer log module with NCSA-compatible RefererIgnore ++ [Matthew Gray again] ++ ++ *) Don't mung directory listings with very long filenames. ++ [Florent Guillaume] ++ ++Changes with Apache 0.8.0 (nee Shambhala 0.6.2) 16 Jul 1995 ++ ++ *) New config script. See INSTALL for info. [Robert Thau] ++ ++ *) Scoreboard mechanism for regulating the number of extant server ++ processes. MaxServers and StartServers defaults are the same as ++ for NCSA, but the meanings are slightly different. (Actually, ++ I should probably lower the MaxServers default to 10). ++ ++ Before asking for a new connection, each server process checks ++ the number of other servers which are also waiting for a ++ connection. If there are more than MaxServers, it quietly dies ++ off. Conversely, every second, the root, or caretaker, process ++ looks to see how many servers are waiting for a new connection; ++ if there are fewer than StartServers, it starts a new one. This ++ does not depend on the number of server processes already extant. ++ The accounting is arranged through a "scoreboard" file, named ++ /tmp/htstatus.*, on which each process has an independent file ++ descriptor (they need to seek without interference). ++ ++ The end effect is that MaxServers is the maximum number of ++ servers on an *inactive* server machine, but more will be forked ++ off to handle unusually heavy loads (or unusually slow clients); ++ these will die off when they are no longer needed --- without ++ reverting to the overhead of full forking operation. There is a ++ hard maximum of 150 server processes compiled in, largely to ++ avoid forking out of control and dragging the machine down. ++ (This is arguably too high). ++ ++ In my server endurance tests, this mechanism did not appear to ++ impose any significant overhead, even after I forced it to put the ++ scoreboard file on a normal filesystem (which might have more ++ overhead than tmpfs). [Robert Thau] ++ ++ *) Set HTTP_FOO variables for SSI <!--#exec cmd-->s, not just CGI scripts. ++ [Cliff Skolnick] ++ ++ *) Read .htaccess files even in directory with <Directory> section. ++ (Former incompatibility noted on mailing list, now fixed). [Robert ++ Thau] ++ ++ *) "HEAD /" gives the client a "Bad Request" error message, rather ++ than trying to send no body *and* no headers. [Cliff Skolnick]. ++ ++ *) Don't produce double error reports for some very obscure cases ++ mainly involving auth configuration (the "all modules decline to ++ handle" case which is a sure sign of a server bug in most cases, ++ but also happens when authentication is badly misconfigured). ++ [Robert Thau] ++ ++ *) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what ++ it's *for*, and this sort of thing really shouldn't be cluttering ++ up the Makefile). [Robert Thau] ++ ++ *) Incidental code cleanups in http_main.c --- stop dragging ++ sa_client around; just declare it where used. [Robert Thau] ++ ++ *) Another acc-related fix. (It doesn't like const char ++ in some places...). [Mark Cox] ++ ++Changes with Shambhala 0.6.1 13 Jul 1995 ++ ++ *) Fixed auth_name-related typos in http_core.c [Brian Behlendorf] ++ Also, fixed auth typo in http_protocol.c unmasked by this fix. ++ ++ *) Compiles clean with acc on SunOS [Paul Sutton] ++ ++ *) Reordered modules in modules.c so that Redirect takes priority ++ over ScriptAlias, for NCSA bug-compatibility [Rob Hartill] --- ++ believe it or not, he has an actual site with a ScriptAlias and ++ a Redirect declared for the *exact same directory*. Even *my* ++ compatibility fetish wouldn't motivate me to fix this if the fix ++ required any effort, but it doesn't, so what the hey. ++ ++ *) Fixed to properly default several server_rec fields for virtual ++ servers from the corresponding fields in the main server_rec. ++ [Cliff Skolnick --- 'port' was a particular irritant]. ++ ++ *) No longer kills off nph- child processes before they are ++ finished sending output. [Matthew Gray] ++ ++Changes with Shambhala 0.6.0 10 Jul 1995 ++ ++ *) Two styles of timeout --- hard and soft. soft_timeout()s just put ++ the connection to the client in an "aborted" state, but otherwise ++ allow whatever handlers are running to clean up. hard_timeout()s ++ abort the request in progress completely; anything not tied to some ++ resource pool cleanup will leak. They're still around because I ++ haven't yet come up with a more elegant way of handling ++ timeouts when talking to something that isn't the client. The ++ default_handler and the dir_handler now use soft timeouts, largely ++ so I can test the feature. [Robert Thau] ++ ++ *) TransferLog "| my_postprocessor ..." seems to be there. Note that ++ the case of log handlers dying prematurely is probably handled VERY ++ gracelessly at this point, and if the logger stops reading input, ++ the server will hang. (It is known to correctly restart the ++ logging process on server restart; this is (should be!) going through ++ the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI ++ script). [Robert Thau] ++ ++ *) asis files supported (new module). [Robert Thau] ++ ++ *) IdentityCheck code is compiled in, but has not been tested. (I ++ don't know anyone who runs identd). [Robert Thau] ++ ++ *) PATH_INFO and PATH_TRANSLATED are not set unless some real PATH_INFO ++ came in with the request, for NCSA bug-compatibility. [Robert Thau] ++ ++ *) Don't leak the DIR * on HEAD request for a directory. [Robert Thau] ++ ++ *) Deleted the block_alarms() stuff from dbm_auth; no longer necessary, ++ as timeouts are not in scope. [Robert Thau] ++ ++ *) quoted-string args in config files now handled correctly (doesn't drop ++ the last character). [Robert Thau; reported by Randy Terbush] ++ ++ *) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX. ++ How the hell did it ever work? [Robert Thau; reported by Rob Hartill] ++ ++ *) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time ++ default default type); the former default default behavior when all ++ type-checkers defaulted had been a core dump. [Paul Sutton] ++ ++ *) Copy filenames out of the struct dirent when indexing ++ directories. (On Linux, readdir() returns a pointer to the same ++ memory area every time). Fix is in mod_dir.c. [Paul Sutton] ++ ++Changes with Shambhala 0.5.3 [not released] ++ ++ *) Default response handler notes "file not found" in the error log, ++ if the file was not found. [Cliff Skolnick]. ++ ++ *) Another Cliff bug --- "GET /~user" now properly redirects (the userdir ++ code no longer sets up bogus PATH_INFO which fakes out the directory ++ handler). [Cliff Skolnick] ++ ++Changes with Shambhala 0.5.2 06 Jul 1995 ++ ++ *) Changes to http_main.c --- root server no longer plays silly ++ games with SIGCHLD, and so now detects and replaces dying ++ children. Child processes just die on SIGTERM, without taking ++ the whole process group with them. Potential problem --- if any ++ child process refuses to die, we hang in restart. ++ MaxRequestsPerChild may still not work, but it certainly works ++ better than it did before this! [Robert Thau] ++ ++ *) mod_dir.c bug fixes: ReadmeName and HeaderName ++ work (or work better, at least); over-long description lines ++ properly terminated. [Mark Cox] ++ ++ *) http_request.c now calls unescape_url() more places where it ++ should [Paul Sutton]. ++ ++ *) More directory handling bugs (reported by Cox) ++ Parent Directory link is now set correctly. [Robert Thau] ++ ++Changes with Shambhala 0.5.1 04 Jul 1995 ++ ++ *) Generalized cleanup interface in alloc.c --- any function can be ++ registered with alloc.c as a cleanup for a resource pool; ++ tracking of files and file descriptors has been reimplemented in ++ terms of this interface, so I can give it some sort of a test. ++ [Robert Thau] ++ ++ *) More changes in alloc.c --- new cleanup_for_exec() function, ++ which tracks down and closes all file descriptors which have been ++ registered with the alloc.c machinery before the server exec()s a ++ child process for CGI or <!--#exec-->. CGI children now get ++ started with exactly three file descriptors open. Hopefully, ++ this cures the problem Rob H. was having with overly persistent ++ CGI connections. [Robert Thau] ++ ++ *) Mutual exclusion around the accept() in child_main() --- this is ++ required on at least SGI, Solaris and Linux, and is #ifdef'ed in ++ by default on those systems only (-DFCNTL_SERIALIZED_ACCEPT). ++ This uses fcntl(F_SETLK,...) on the error log descriptor because ++ flock() on that descriptor won't work on systems which have BSD ++ flock() semantics, including (I think) Linux 1.3 and Solaris. ++ ++ This does work on SunOS (when the server is idle, only one ++ process in the pool is waiting on accept()); it *ought* to work ++ on the other systems. [Robert Thau] ++ ++ *) FreeBSD and BSDI portability tweaks [Chuck Murcko] ++ ++ *) sizeof(*sa_client) bugfix from [Rob Hartill] ++ ++ *) pstrdup(..., NULL) returns NULL, [Randy Terbush] ++ ++ *) block_alarms() to avoid leaking the DBM* in dbm auth (this should ++ be unnecessary if I go to the revised timeout-handling scheme). ++ [Robert Thau] ++ ++ *) For NCSA bug-compatibility, set QUERY_STRING env var (to a null ++ string) even if none came in with the request. [Robert Thau] ++ ++ *) CHANGES file added to distribution ;-). ++ ++Changes with Shambhala 0.4.5 ++ ++ *) mod_dld --- early dynamic loading support [rst] ++ *) Add wildcard content handlers for XBITHACK; default_hander now ++ invoked with that mechanism (as a handler hanging off mod_core) [rst] ++ *) XBITHACK supported as a wildcard content-handler, and ++ configurable at run-time (not just at compile time, as in the ++ "patchy server" releases) [rst] ++ ++Changes with Shambhala 0.4.4 30 Jun 1995 ++ ++ *) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox] ++ *) Handle Addtype x/y .z [rst, reported by Cox] ++ ++Changes with Shambhala 0.4.3 ++ ++ *) Fixed very dumb bug in mod_alias; "Alias" and "Redirect" are not ++ synonymous [rst, terbush] ++ ++Changes with Shambhala 0.4.1 28 Jun 1995 ++ ++ *) First-cut virtual host implementation; some refit in the config ++ reading code, and log management, was necessary to support this [rst] ++ *) Sub-pool machinery, originally added to avoid excessive storage ++ allocation on listings of large directories (which turned out to ++ be the problem that the 0.3 storage accounting was added to ++ find). Subrequests and mod_dir changed to use subpools. [rst] ++ *) More memory debugging --- free list consistency checks. [rst] ++ *) Added err_headers to request_rec, with support elsewhere [rst] ++ *) Other fixes to minor bugs in mod_dir and mod_includes [rst, terbush] ++ ++Changes with Shambhala 0.3 19 Jun 1995 ++ ++ *) Switch ONE_PROCESS to a runtime command-line option (-X) ++ *) Don't compile in mod_ai_backcompat by default ++ *) Switch name of server from Apache to Shambhala in Makefile ++ *) Add some accounting routines to track memory usage in the pools, ++ for debugging ++ ++Changes with Shambhala 0.2 ++ ++ *) Set DOCUMENT_ROOT CGI variable ++ *) Add single-process debugging, as a compile-time option (ONE_PROCESS) ++ *) Add critical section protection to handling of cleanup structures ++ in alloc.c [rst] ++ *) Significant code reorg within the server core to group related ++ functions together [rst] ++ *) Correctly handle clients that hang up before sending any request ++ [rst] ++ *) Replace dying child processes. [rst] ++ ++Changes with Shambhala 0.1 12 Jun 1995 ++ ++ Major rewrite of the pre-existing "patchy server" codebase, by ++ Robert Thau (rst). Significant portions of the server code, such ++ as configuration-file handling and HTTP authentication support, ++ were ripped out and rewritten from scratch. Code that was not ++ completely rewritten was significantly altered. ++ ++ Major changes with this release include: ++ ++ *) Introduction of the module API; in request handling, the central ++ machinery just dispatches to various modules, which actually do ++ most of the work. Configuration handling is similar --- modules ++ declare their own commands, and the central machinery just ++ dispatches to them. ++ ++ API features from shambhala/0.1 were substantially unchanged in ++ Apache 1.0 and 1.1. (1.0 API features not yet present in this ++ release, such as wildcard handlers and subpools, were added in ++ subsequent Shambhala releases, and were also generally rst's ++ work). ++ ++ *) This release included the following modules: ++ ++ mod_access (access control --- allow and deny directives), ++ mod_alias (Alias and Redirect commands), ++ mod_auth (straight HTTP authentication, based on flat-files) ++ mod_auth_dbm (same, with dbm files) ++ mod_cgi (CGI scripts and, in this release, ScriptAlias) ++ mod_common_log (CLF access logs; later renamed mod_log_common) ++ mod_dir (directory indexing) ++ mod_include (server-side includes) ++ mod_mime (AddType directives) ++ mod_negotiation (content negotiation) ++ mod_userdir (support for users' public_html directories) ++ ++ It also included a mod_ai_backcompat, which was a private hack ++ for back-compatibility with rst's own AI-lab servers. ++ ++ All of these modules were substantially complete, and functional ++ or nearly so (a few, which implemented features not in use at ++ Thau's site, required patches of a few lines). ++ ++ *) sub-request machinery, to allow modules to determine how other ++ modules would assign MIME types to a given file, or optionally ++ serve its content (this is heavily used by mod_dir, mod_include ++ and mod_negotiation). ++ ++ *) Resource pool system for keeping track of memory allocated and ++ files opened in service of a particular request. Much of the ++ code in the modules (when they weren't rewrites) was adjusted to ++ replace a pervasive convention of using fixed-size buffers on ++ the stack with an equally pervasive convention of using memory ++ allocated with palloc(). ++ ++ *) Reorganization of data structures associated with a given ++ request to eliminate use of global variables and the troublesome ++ unmunge_name function (used in NCSA and early Apache releases to ++ attempt to determine the URI which mapped to a given filename ++ --- a difficult proposition, given that it is easy to produce ++ setups in which multiple URIs map to the same file). ++ ++ *) Source files renamed and rearranged ++ ++ *) Very simple pre-forking behavior --- parent process forked off a ++ fixed number of children, and then just waited for SIGHUP. ++ ++ *) Other more minor changes too numerous to list. ++ ++ This release included modified versions of a lot of code from the ++ Apache 0.6.4 public release, plus an early pre-forking patch ++ codeveloped by Robert Thau and Rob Hartill. ++ ++Changes with Apache 0.7.3 20 Jun 1995 ++ ++ *) There were a bunch of changes between Apache 0.6.4 and 0.7.3 that ++ were incorporated by Rob Hartill on the main branch while Robert Thau ++ worked on the Shambhala rewrite above. Most were merged into the ++ Shambala architecture after Apache 0.8.0. ++ ++Changes with Apache 0.6.4 13 May 1995 ++ ++ *) Patches by Rob Hartill, Cliff Skolnick, Randy Terbush, Robert Thau, ++ and others. ++ ++Changes with Apache 0.5.1 10 Apr 1995 ++ ++Changes with Apache 0.4 02 Apr 1995 ++ ++ *) Patches by Brian Behlendorf, Andrew Wilson, Robert Thau, ++ and Rob Hartill. ++ ++Changes with Apache 0.3 24 Mar 1995 ++ ++ *) Patches by Robert Thau, David Robinson, Rob Hartill, and ++ Carlos Varela. ++ ++Changes with Apache 0.2 18 Mar 1995 ++ ++ *) Based on NCSA httpd 1.3 by Rob McCool and patches by CERT, ++ Roy Fielding, Robert Thau, Nicolas Pioch, David Robinson, ++ Brian Behlendorf, Rob Hartill, and Cliff Skolnick. +diff -Naur httpd-2.0.49/CHANGES.rej httpd-2.0.49-gentoo/CHANGES.rej +--- httpd-2.0.49/CHANGES.rej 1970-01-01 00:00:00.000000000 +0000 ++++ httpd-2.0.49-gentoo/CHANGES.rej 2004-05-20 00:52:06.000000000 +0000 +@@ -0,0 +1,18 @@ ++*************** ++*** 2,7 **** ++ ++ [Remove entries to the current 2.0 section below, when backported] ++ ++ *) Fix a potential SEGV in the 'shmcb' session cache when session data ++ size is greater than the size of the cache. PR 27751 ++ [Geoff Thorpe <geoff geoffthorpe.net>] ++--- 2,10 ---- ++ ++ [Remove entries to the current 2.0 section below, when backported] ++ +++ *) External rewrite map responses are no longer limited to 2048 +++ bytes. [André Malo] +++ ++ *) Fix a potential SEGV in the 'shmcb' session cache when session data ++ size is greater than the size of the cache. PR 27751 ++ [Geoff Thorpe <geoff geoffthorpe.net>] +diff -Naur httpd-2.0.49/modules/loggers/mod_log_config.c httpd-2.0.49-gentoo/modules/loggers/mod_log_config.c +--- httpd-2.0.49/modules/loggers/mod_log_config.c 2004-03-03 11:07:50.000000000 +0000 ++++ httpd-2.0.49-gentoo/modules/loggers/mod_log_config.c 2004-05-20 21:17:05.979020712 +0000 +@@ -170,8 +170,11 @@ + + module AP_MODULE_DECLARE_DATA log_config_module; + ++#ifndef APR_LARGEFILE ++#define APR_LARGEFILE 0 ++#endif + +-static int xfer_flags = (APR_WRITE | APR_APPEND | APR_CREATE); ++static int xfer_flags = (APR_WRITE | APR_APPEND | APR_CREATE | APR_LARGEFILE); + static apr_fileperms_t xfer_perms = APR_OS_DEFAULT; + static apr_hash_t *log_hash; + static apr_status_t ap_default_log_writer(request_rec *r, +diff -Naur httpd-2.0.49/server/log.c httpd-2.0.49-gentoo/server/log.c +--- httpd-2.0.49/server/log.c 2004-03-08 23:12:44.000000000 +0000 ++++ httpd-2.0.49-gentoo/server/log.c 2004-05-20 20:11:22.000000000 +0000 +@@ -50,6 +50,10 @@ + #include "util_time.h" + #include "ap_mpm.h" + ++#ifndef APR_LARGEFILE ++#define APR_LARGEFILE 0 ++#endif ++ + typedef struct { + char *t_name; + int t_val; +@@ -158,7 +162,7 @@ + return APR_EBADPATH; + } + if ((rc = apr_file_open(&stderr_file, filename, +- APR_APPEND | APR_READ | APR_WRITE | APR_CREATE, ++ APR_APPEND | APR_WRITE | APR_CREATE | APR_LARGEFILE, + APR_OS_DEFAULT, p)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_STARTUP, rc, NULL, + "%s: could not open error log file %s.", +@@ -271,7 +275,7 @@ + return DONE; + } + if ((rc = apr_file_open(&s->error_log, fname, +- APR_APPEND | APR_READ | APR_WRITE | APR_CREATE, ++ APR_APPEND | APR_WRITE | APR_CREATE | APR_LARGEFILE, + APR_OS_DEFAULT, p)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_STARTUP, rc, NULL, + "%s: could not open error log file %s.", +diff -Naur httpd-2.0.49/server/protocol.c httpd-2.0.49-gentoo/server/protocol.c +--- httpd-2.0.49/server/protocol.c 2004-03-08 22:54:20.000000000 +0000 ++++ httpd-2.0.49-gentoo/server/protocol.c 2004-05-20 00:47:13.000000000 +0000 +@@ -250,6 +250,15 @@ + /* Would this overrun our buffer? If so, we'll die. */ + if (n < bytes_handled + len) { + *read = bytes_handled; ++ if (*s) { ++ /* ensure this string is terminated */ ++ if (bytes_handled < n) { ++ (*s)[bytes_handled] = '\0'; ++ } ++ else { ++ (*s)[n-1] = '\0'; ++ } ++ } + return APR_ENOSPC; + } + +@@ -380,6 +389,8 @@ + /* Do we have enough space? We may be full now. */ + if (bytes_handled >= n) { + *read = n; ++ /* ensure this string is terminated */ ++ (*s)[n-1] = '\0'; + return APR_ENOSPC; + } + else { diff --git a/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch new file mode 100644 index 000000000000..46f8f85e5fa1 --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/01_gentoo_ipv6.patch @@ -0,0 +1,22 @@ +--- httpd-2.0.49/server/.orig/listen.c 2004-03-24 18:01:40.000000000 -0600 ++++ httpd-2.0.49/server/listen.c 2004-03-24 18:07:30.000000000 -0600 +@@ -74,19 +74,6 @@ + return stat; + } + +-#if APR_HAVE_IPV6 +- if (server->bind_addr->family == APR_INET6) { +- stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting); +- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) { +- ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p, +- "make_sock: for address %pI, apr_socket_opt_set: " +- "(IPV6_V6ONLY)", +- server->bind_addr); +- apr_socket_close(s); +- return stat; +- } +- } +-#endif + + /* + * To send data over high bandwidth-delay connections at full diff --git a/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch b/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch new file mode 100644 index 000000000000..cbab37aaa3cc --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/01_ssl_verify_client.patch @@ -0,0 +1,244 @@ +*** modules/ssl/mod_ssl.h.patched Thu Dec 18 13:11:48 2003 +--- modules/ssl/mod_ssl.h Thu Dec 18 13:13:19 2003 +*************** +*** 709,714 **** +--- 709,715 ---- + void ssl_io_filter_init(conn_rec *, SSL *); + void ssl_io_filter_register(apr_pool_t *); + long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long); ++ long ssl_io_suck(request_rec *); + + /* PRNG */ + int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *); +*** modules/ssl/ssl_engine_kernel.c.patched Thu Dec 18 13:11:39 2003 +--- modules/ssl/ssl_engine_kernel.c Thu Dec 18 13:15:04 2003 +*************** +*** 583,596 **** + * + * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! + */ +! if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "SSL Re-negotiation in conjunction " + "with POST method not supported!\n" + "hint: try SSLOptions +OptRenegotiate"); +! + return HTTP_METHOD_NOT_ALLOWED; + } + + /* + * now do the renegotiation if anything was actually reconfigured +--- 583,602 ---- + * + * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! + */ +! if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { +! #ifdef SSL_CONSERVATIVE + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "SSL Re-negotiation in conjunction " + "with POST method not supported!\n" + "hint: try SSLOptions +OptRenegotiate"); +! + return HTTP_METHOD_NOT_ALLOWED; ++ #else ++ if( ssl_io_suck(r) != OK) { ++ return HTTP_METHOD_NOT_ALLOWED; ++ } + } ++ #endif /* SSL_CONSERVATIVE */ + + /* + * now do the renegotiation if anything was actually reconfigured +*** modules/ssl/ssl_engine_io.c.patched Thu Dec 18 13:12:02 2003 +--- modules/ssl/ssl_engine_io.c Thu Dec 18 13:21:31 2003 +*************** +*** 897,902 **** +--- 897,987 ---- + } + + static const char ssl_io_filter[] = "SSL/TLS Filter"; ++ static const char ssl_buff_filter[] = "SSL/TLS Buffering Filter"; ++ /* ++ * reads the buffered data during a POST request with renegotiation ++ * will be registere at runtime. ++ * NOTE: we try to buffer the complete body. Use the attribute 'LimitRequestBody' ++ * preventing DOS attacks. ++ */ ++ long ssl_io_suck(request_rec *r) ++ { ++ apr_bucket *bucket; ++ apr_bucket_brigade *bb = apr_brigade_create(r->pool,r->connection->bucket_alloc); ++ ++ int readed = 0; ++ int len = 0; ++ int toRead= 0; ++ char *buffer = NULL; ++ char *pos = NULL; ++ ++ if(ap_setup_client_block(r,REQUEST_CHUNKED_DECHUNK) !=OK) { ++ return HTTP_METHOD_NOT_ALLOWED; ++ } ++ ++ if(!ap_should_client_block(r)) { ++ return OK; ++ } ++ ++ do { ++ buffer = apr_pcalloc(r->pool,HUGE_STRING_LEN); ++ toRead = HUGE_STRING_LEN; ++ ++ /* check malloc */ ++ if(buffer == NULL) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ++ "SSL Re-negotiation in conjunction " ++ "with POST (buffering body failed)!\n"); ++ apr_brigade_destroy(bb); ++ return HTTP_METHOD_NOT_ALLOWED; ++ } ++ ++ /* fill the bucket */ ++ pos = buffer; ++ len = 0; ++ do { ++ readed = ap_get_client_block(r,pos,toRead); ++ ++ if(readed <=0) { ++ break; ++ } ++ ++ toRead -= readed; ++ ++ /* sanity */ ++ if(toRead<0) { ++ return HTTP_METHOD_NOT_ALLOWED; ++ } ++ ++ pos += readed; ++ len += readed; ++ } ++ while(toRead>0); ++ ++ /* check last read result */ ++ if(readed<0) { ++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ++ "SSL Re-negotiation in conjunction " ++ "with POST (reading body failed)!\n"); ++ apr_brigade_destroy(bb); ++ return HTTP_METHOD_NOT_ALLOWED; ++ } ++ ++ /* check if we have readed everything */ ++ if(len == 0) { ++ break; ++ } ++ bucket = apr_bucket_pool_create(buffer,len,r->pool,r->connection->bucket_alloc); ++ ++ APR_BRIGADE_INSERT_TAIL(bb, bucket); ++ } ++ while(1); ++ ++ //add the ssl_buff_filter_input ++ ap_add_input_filter(ssl_buff_filter, bb, r, r->connection); ++ ++ return OK; ++ } + + /* + * Close the SSL part of the socket connection +*************** +*** 1361,1366 **** +--- 1446,1529 ---- + return status; + } + ++ static apr_status_t ssl_buff_filter_input(ap_filter_t *f, ++ apr_bucket_brigade *bb, ++ ap_input_mode_t mode, ++ apr_read_type_e block, ++ apr_off_t readbytes) ++ { ++ apr_bucket_brigade *aa = f->ctx; ++ apr_status_t rv; ++ ++ if(aa && !APR_BRIGADE_EMPTY(aa)) { ++ ++ if(mode == AP_MODE_READBYTES) { ++ apr_bucket *b; ++ apr_off_t missing = readbytes; ++ apr_size_t len; ++ const char *tmp; ++ ++ while (!APR_BRIGADE_EMPTY(aa)) { ++ b = APR_BRIGADE_FIRST(aa); ++ ++ rv = apr_bucket_read(b, &tmp, &len, APR_BLOCK_READ); ++ if (rv != APR_SUCCESS) { ++ return rv; ++ } ++ ++ /* consume whole bucket */ ++ if(missing >= len) { ++ APR_BUCKET_REMOVE(b); ++ APR_BRIGADE_INSERT_TAIL(bb,b); ++ } ++ /* comsume only a part */ ++ else{ ++ rv = apr_bucket_split(b, missing); ++ if (rv != APR_SUCCESS) { ++ return rv; ++ } ++ ++ APR_BUCKET_REMOVE(b); ++ APR_BRIGADE_INSERT_TAIL(bb, b); ++ break; ++ } ++ ++ missing -= len; ++ ++ if (missing = 0) { ++ break; ++ } ++ ++ if(missing<0) { ++ return AP_FILTER_ERROR; ++ } ++ } ++ return APR_SUCCESS; ++ } ++ else if (mode == AP_MODE_READBYTES) { ++ apr_bucket_brigade *nb = apr_brigade_create(f->r->pool,f->c->bucket_alloc); ++ ++ /* split */ ++ rv = apr_brigade_split_line(nb,aa,block,readbytes); ++ if( rv != APR_SUCCESS) { ++ return rv; ++ } ++ ++ /* concatinate */ ++ APR_BRIGADE_CONCAT(bb,aa); ++ ++ /* remember the rest */ ++ f->ctx = nb; ++ ++ return APR_SUCCESS; ++ } ++ ++ } ++ ++ ++ return ap_pass_brigade(f->next, bb); ++ } ++ + static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, + SSL *ssl) + { +*************** +*** 1417,1422 **** +--- 1580,1586 ---- + { + ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); ++ ap_register_input_filter (ssl_buff_filter, ssl_buff_filter_input, NULL, AP_FTYPE_PROTOCOL - 1); + return; + } + diff --git a/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch b/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch new file mode 100644 index 000000000000..c6ee0f773b03 --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/03_redhat_xfsz.patch @@ -0,0 +1,15 @@ + +Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with +E2BIG rather than killing the process + +--- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002 ++++ ./server/mpm/prefork/prefork.c Mon Aug 26 15:40:24 2002 +@@ -461,7 +461,7 @@ + ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)"); + #endif + #ifdef SIGXFSZ +- sa.sa_handler = SIG_DFL; ++ sa.sa_handler = SIG_IGN; + if (sigaction(SIGXFSZ, &sa, NULL) < 0) + ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)"); + #endif diff --git a/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES b/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES new file mode 100644 index 000000000000..8a616d540b2d --- /dev/null +++ b/net-www/apache/files/patches/2.0.49-r2/Readme.PATCHES @@ -0,0 +1,13 @@ +00_gentoo_base.patch - Our base patch. + +01_gentoo_cvs_sync.patch - Features extracted from apache cvs. Ability for 2 GB + log files. + +01_gentoo_cgi.patch - CGI DoS bug. + +01_gentoo_ipv6.patch - Fix for weird ipv6 error message. + +01_ssl_verity_client.patch - Fix for SSLVerifyClient - PR 12355 + +03_redhat_xfs.patch - Set SIGXFSZ to be ignored, so a write() beyond 2gb will fa il with E2BIG rather than killing the process + |