Newer
Older
[Remove entries to the current 2.0 section below, when backported]
*) Add code to buildconf that produces an httpd.spec file from
httpd.spec.in, using build/get-version.sh from APR.
[Graham Leggett]
*) ssl_toolkit_compat.h and code fixes to build clean on SSLC.
[William Rowe, Madhusudan Mathihalli]
*) Fix the inability to log errors like exec failure in
mod_ext_filter/mod_cgi script children. This was broken after
such children stopped inheriting the error log handle.
[Jeff Trawick]
*) Fix a compile failure with recent OpenSSL and picky compilers
(e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick]
*) Fix a build problem with passing unsupported --enable-layout
args to apr and apr-util. This broke binbuild.sh as well as
user-specified layout parameters. PR 18649 [Justin Erenkrantz,
Jeff Trawick]
*) ap_get_mime_headers_core: allocate space for the trailing null
when folding is in effect.
PR 18170 [Peter Mayne <PeterMayne@SPAM_SUX.ap.spherion.com>]
*) Do not bypass output filters when redirecting subrequests internally.
PR 17629. [André Malo]
Madhusudan Mathihalli
committed
*) OpenSSL headers should be included as "openssl/ssl.h", and not rely on
the INCLUDE path to be defined properly.
PR 11310. [Geoff Thrope <geoff@geoffthorpe.net>]
Madhusudan Mathihalli
committed
*) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
Madhusudan Mathihalli
committed
*) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using
autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
[Geoff Thorpe <geoff@geoffthorpe.net>]
*) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
caching. PR 17864.
[Andreas Leimbacher <andreasl67@yahoo.de>, Madhusudan Mathihalli]
*) change directive name from 'compressionlevel' to 'deflatecompressionlevel'
[Ian Holsman, André Malo]
*) mod_negotiation: quality values are now parsed independent from
the current locale. level values are now really parsed as integers.
PR 17564. [André Malo]
*) Linux 2.4+: enable coredumps when Apache is started as root
if CoreDumpDir is configured [Greg Ames]
*) Added the WindowsSocketsWorkaround directive for Windows NT/2000/XP
to work around problems with certain VPN and Firewall products that
have buggy AcceptEx implementations.
[Allan Edwards w/ suggestions from Bill Stoddard & Bill Rowe]
*) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
the pattern will not always match as desired. PR 12596.
[André Malo]
*) mod_autoindex now emits and accepts modern query string parameter
delimiters (;). Thus column headers no longer contain unescaped
ampersands. PR 10880 [André Malo]
*) Extend mod_negotiation to evaluate the environment variables
no-gzip and gzip-only-text/html the same way as mod_deflate does.
[André Malo]
*) mod_rewrite: Fix some problems reporting errors with mapping
programs (RewriteMap prg:/something). [Jeff Trawick]
*) When using Redirect in directory context, append requested query
string if there's no one supplied by configuration. PR 10961.
[André Malo]
*) Fix mod_rewrite's handling of absolute URIs. The escaping routines
now work scheme dependent and the query string will only be
appended if supported by the particular scheme. [André Malo]
Justin Erenkrantz
committed
*) Return 413 if chunk-ext-header is too long rather than reading from
the truncated line. PR 15857. [Justin Erenkrantz]
Justin Erenkrantz
committed
*) If mod_mime_magic does not know the content-type, do not attempt to
guess. PR 16908. [Andrew Gapon <agapon@telcordia.com>]
*) Allow restart of httpd to occur even with syntax errors in the config
file. PR 16813. [Justin Erenkrantz]
*) Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679.
[Justin Erenkrantz]
*) Remove files on 'make distclean' that should be. PR 15592.
[Justin Erenkrantz]
Justin Erenkrantz
committed
*) Allow apachectl to perform status with links and elinks as well.
[Justin Erenkrantz]
*) Extend the SetEnvIf directive to capture subexpressions of the
matched value. [André Malo]
*) mod_log_config change optional hook to return previous handler
[Ian Holsman]
*) Forward port of mod_actions' ability to handle arbitrary methods
with the Script directive. [André Malo]
*) Let suexec send a message to stderr, if it failed or its policy
was violated. This message appears in the error log and allows
for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo]
Justin Erenkrantz
committed
*) Modify buildconf to copy all required files into httpd's tree.
[Thom May <thom@planetarytramp.net>]
Justin Erenkrantz
committed
*) Allow mod_dav to do weak entity comparison functions.
[Justin Erenkrantz]
*) mod_negotiation: Introduce "prefer-language" environment variable,
which allows to influence the negotiation process on request basis
to prefer a certain language. [André Malo]
*) Added AllowEncodedSlashes directive which permits request URIs
to encode '/' as '%2f' and pass it to scripts in path-info without
triggering the 'no encoded slashes anywhere' legacy rule.
PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639. [Ken Coar]
*) Move RFC 1413 ident requests from core to new module mod_ident.
[André Malo]
*) Add mod_authz_owner - a forward port of "Require file-owner"
and "Require file-group", which was already present in version
1.3.21. [André Malo]
Justin Erenkrantz
committed
*) Add mod_dav_lock - a generic subset of the DAV locking implementation.
[Justin Erenkrantz]
*) Replace some of the mutex locking in the worker MPM with
atomic operations for higher concurrency. [Brian Pane]
*) Allow 'make depend' to work with non-GCC compilers.
[Justin Erenkrantz]
*) If an httpd.conf has commented out AddModule directives,
apxs -i -a will add an un-commented AddModule directive for
the new module, which breaks the config.
PR: 11212 [Joe Orton]
Justin Erenkrantz
committed
*) Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz]
*) Move the check of the Expect request header field after the hook
for ap_post_read_request, since that is the only opportunity for
modules to handle Expect extensions. [Justin Erenkrantz]
*) Rewrite of aaa modules to an authn/authz model.
[Dirk-Willem van Gulik, Justin Erenkrantz]
[Apache 2.1.0-dev includes those bug fixes and changes with the
Apache 2.0.xx tree as documented, and except as noted, below.]
*) Fixed a segfault when multiple ProxyBlock directives were used.
PR: 19023 [Sami Tikka <sami.tikka@f-secure.com>]
*) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability
identified and reported by Robert Howard <rihoward@rawbw.com> that
where device names faulted the running OS2 worker process.
The fix is actually in APR 0.9.4. [Brian Havard]
*) Forward port: Escape special characters (especially control
characters) in mod_log_config to make a clear distinction between
client-supplied strings (with special characters) and server-side
strings. This was already introduced in version 1.3.25.
[André Malo]
*) mod_deflate: Check also err_headers_out for an already set
Content-Encoding: gzip header. This prevents gzip compressed content
from a CGI script from being compressed once more. PR 17797.
[André Malo]
Changes with Apache 2.0.45
*) Fix possible segfaults under obscure error conditions within the
cgid daemon. [Jeff Trawick, William Rowe]
*) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability
identified by David Endler <DEndler@iDefense.com> on all platforms.
An unlimited stream of newlines were acceptable between requests
where each <lf> would allocate an 80 byte buffer, leading very
quickly to memory exahustion. [Brian Pane]
*) Added an rpm build script.
[Graham Leggett, Joe Orton <jorton@redhat.com>]
*) Simpler, faster code path for request header scanning [Brian Pane]
Loading full blame...