Newer
Older
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
buffer or write inside buff.c or fread'ing from a CGI's output,
then the timeout would be ignored. [Roy Fielding] PR#373
*) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's
parsing of headers. If the terminating empty-line CRLF occurs starting
at the 256th or 257th byte of output, then Navigator will think a normal
image is invalid. We are guessing that this is because their initial
read of a new request uses a 256 byte buffer. We check the bytes written
so far and, if we are about to tickle the bug, we instead insert a
padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232
*) Fixed SIGSEGV problem when a DirectoryIndex file is also the source
of an external redirection. [Roy Fielding and Paul Sutton]
*) Configure would create a broken Makefile if the configuration file
contained a commented-out Rule. [Roy Fielding]
*) Promote per_dir_config and subprocess_env from the subrequest to the
main request in mod_negotiation. In particular this fixes a bug
where <Files> sections wouldn't properly apply to negotiated content.
[Dean Gaudet]
*) Fix a potential deadlock in mod_cgi script_err handling.
[Ralf S. Engelschall]
*) rotatelogs zero-pads the logfile names to improve alphabetic sorting.
[Mitchell Blank Jr]
*) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within
.htaccess files because the RewriteBase was not replaced correctly.
Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside
<Directory> sections missing a trailing /. [Ralf S. Engelschall]
*) Clean up Linux settings in conf.h by detecting 2.x versus 1.x. For
1.x the settings are those of pre-1.2b8. For 2.x we include
USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
HAVE_SYS_RESOURCE_H (enable the RLimit commands).
[Dean Gaudet] PR#336, PR#340
*) Redirect did not preserve ?query_strings when present in the client's
request. [Dean Gaudet]
*) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
*) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
*) Add UnixWare compile/install instructions. [Chuck Murcko]
*) Add mod_example (illustration of API techniques). [Ken Coar]
*) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
*) Improve handling of directories when filenames have spaces in them.
[Chuck Murcko]
*) For hosts with multiple IP addresses, try all additional addresses if
necessary to get a connect. Fail only if hostent address list is
exhausted. [Chuck Murcko]
*) More signed/unsigned port fixes. [Dean Gaudet]
*) HARD_SERVER_LIMIT can be defined in the Configuration file now.
[Dean Gaudet]
Changes with Apache 1.2b8
*) suexec.c doesn't close the log file, allowing CGIs to continue writing
to it. [Marc Slemko]
*) The addition of <Location> and <File> directives made the
sub_req_lookup_simple() function bogus, so we now handle
the special cases directly. [Dean Gaudet]
*) We now try to log where the server is dumping core when a fatal
signal is received. [Ken Coar]
*) Improved lingering_close by adding a special timeout, removing the
spurious log messages, removing the nonblocking settings (they
are not needed with the better timeout), and adding commentary
about the NO_LINGCLOSE and USE_SO_LINGER issues. NO_LINGCLOSE is
now the default for SunOS4, UnixWare, NeXT, and IRIX. [Roy Fielding]
*) Send error messages about setsockopt failures to the server error
log instead of stderr. [Roy Fielding]
*) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
*) Stopgap solution for CGI 3-second delay with server-side includes: if
processing a subrequest, allocate memory from r->main->pool instead
of r->pool so that we can avoid waiting for free_proc_chain to cleanup
in the middle of an SSI request. [Dean Gaudet] PR #122
*) Fixed status of response when POST is received for a nonexistent URL
(was sending 405, now 404) and when any method is sent with a
full-URI that doesn't match the server and the server is not acting
as a proxy (was sending 501, now 403). [Roy Fielding]
*) Host port changed to unsigned short. [Ken Coar] PR #276
*) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
*) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux. [Dean Gaudet]
*) Report extra info from errno with many errors that cause httpd to exit.
spawn_child, popenf, and pclosef now have valid errno returns in the
event of an error. Correct problems where errno was stomped on
before being reported. [Dean Gaudet]
*) In the proxy, if the cache filesystem was full, garbage_coll() was
never called, and thus the filesystem would remain full indefinitely.
We now also remove incomplete cache files left if the origin server
didn't send a Content-Length header and either the client has aborted
transfer or bwrite() to client has failed. [Petr Lampa]
*) Fixed the handling of module and script-added header fields.
Improved the interface for sending header fields and reduced
the duplication of code between sending okay responses and errors.
We now always send both headers_out and err_headers_out, and
ensure that the server-reserved fields are not being overridden,
while not overriding those that are not reserved. [Roy Fielding]
*) Moved transparent content negotiation fields to err_headers_out
to reflect above changes. [Petr Lampa]
*) Fixed the determination of whether or not we should make the
connection persistent for all of the cases where some other part
of the server has already indicated that we should not. Also
improved the ordering of the test so that chunked encoding will
be set whenever it is desired instead of only when KeepAlive
is enabled. Added persistent connection capability for most error
responses (those that do not indicate a bad input stream) when
accessed by an HTTP/1.1 client. [Roy Fielding]
*) Added missing timeouts for sending header fields, error responses,
and the last chunk of chunked encoding, each of which could have
resulted in a process being stuck in write forever. Using soft_timeout
requires that the sender check for an aborted connection rather than
continuing after an EINTR. Timeouts that used to be initiated before
send_http_header (and never killed) are now initiated only within or
around the routines that actually do the sending, and not allowed to
propagate above the caller. [Roy Fielding]
*) mod_auth_anon required an @ or a . in the email address, not both.
[Dirk vanGulik]
*) per_dir_defaults weren't set correctly until directory_walk for
name-based vhosts. This fixes an obscure bug with the wrong config
info being used for vhosts that share the same ip as the server.
[Dean Gaudet]
*) Improved generation of modules/Makefile to be more generic for
new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
*) Generate makefile dependency for Configuration based on the actual
name given when running the Configure process. [Dean Gaudet]
*) Fixed problem with vhost error log not being set prior to
initializing virtual hosts. [Dean Gaudet]
*) Fixed infinite loop when a trailing slash is included after a type map
file URL (extra path info). [Petr Lampa]
*) Fixed server status updating of per-connection counters. [Roy Fielding]
*) Add documentation for DNS issues (reliability and security), and try
to explain the virtual host matching process. [Dean Gaudet]
*) Try to continue gracefully by disabling the vhost if a DNS lookup
fails while parsing the configuration file. [Dean Gaudet]
*) Improved calls to setsockopt. [Roy Fielding]
*) Negotiation changes: Don't output empty content-type in variant list;
Output charset in variant list; Return sooner from handle_multi() if
no variants found; Add handling of '*' wildcard in Accept-Charset.
[Petr Lampa and Paul Sutton]
*) Fixed overlaying of request/sub-request notes and headers in
mod_negotiation. [Dean Gaudet]
*) If two variants' charset quality are equal and one is the default
charset (iso-8859-1), then prefer the variant that was specifically
listed in Accept-Charset instead of the default. [Petr Lampa]
*) Memory allocation problem in push_array() -- it would corrupt memory
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
*) invoke_handler() doesn't handle mime arguments in content-type
[Petr Lampa] PR#160
*) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
[Ken Coar]
*) Fixed problem with ErrorDocument not working for virtual hosts
due to one of the performance changes in 1.2b7. [Dean Gaudet]
*) Log an error message if we get a request header that is too long,
since it may indicate a buffer overflow attack. [Marc Slemko]
*) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and
not reject URLs without a double-slash, as per RFC2068 section 3.2.
[Ken Coar] PR #146, #187
*) Added table entry placeholder for new header_parser callback
in all of the distributed modules. [Ken Coar] PR #191
*) Allow for cgi files without the .EXE extension on them under OS/2.
[Garey Smiley] PR #59
*) Fixed error message when resource is not found and URL contains
path info. [Petr Lampa and Dean Gaudet] PR #40
*) Fixed user and server confusion over what should be a virtual host
and what is the main server, resulting in access to something
other than the name defined in the virtualhost directive (but
with the same IP address) failing. [Dean Gaudet]
*) Updated mod_rewrite to version 3.0.2, which: fixes compile error on
AIX; improves the redirection stuff to enable the users to generally
redirect to http, https, gopher and ftp; added TIME variable for
RewriteCond which expands to YYYYMMDDHHMMSS strings and added the
special patterns >STRING, <STRING and =STRING to RewriteCond, which
can be used in conjunction with %{TIME} or other variables to create
time-dependent rewriting rules. [Ralf S. Engelschall]
*) bpushfd() no longer notes cleanups for the file descriptors it is handed.
Module authors may need to adjust their code for proper cleanup to take
place (that is, call note_cleanups_for_fd()). This change fixes problems
with file descriptors being erroneously closed when the proxy module was
in use. [Ben Laurie]
*) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
initgroups() to hose the group information needed for later
comparisons. [Randy Terbush]
*) Remove unnecessary call to va_end() in create_argv() which
caused a SEGV on some systems.
*) Use proper MAXHOSTNAMELEN symbol for limiting length of server name.
[Dean Gaudet]
*) Clear memory allocated for listeners. [Randy Terbush]
*) Improved handling of IP address as a virtualhost address and
introduced "_default_" as a synonym for the default vhost config.
[Dean Gaudet] PR #212
Changes with Apache 1.2b7
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
*) unset Content-Length if chunked (RFC-2068) [Petr Lampa]
*) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159
- replace protocol response numbers with symbols
- save variant-list into main request notes
- free allocated memory from subrequests
- merge notes, headers_out and err_headers_out
*) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
"HTTP/#.# ###*" to be more lenient about what we accept.
[Chuck Murcko]
*) more proxy FTP bug fixes:
- Changed send_dir() to remove user/passwd from displayed URL.
- Changed login error messages to be more descriptive.
- remove setting of SO_DEBUG socket option
- Make ftp_getrc() more lenient about multiline responses,
specifically, 230 responses which don't have continuation 230-
on each line). These seem to be all NT FTP servers, and while
perhaps questionable, they appear to be legal by RFC 959.
- Add missing kill_timeout() after transfer to user completes.
[Chuck Murcko]
*) Fixed problem where a busy server could hang when restarting
after being sent a SIGHUP due to child processes not exiting.
[Marc Slemko]
*) Modify mod_include escaping so a '\' only signifies an escaped
character if the next character is one that needs
escaping. [Ben Laurie]
*) Eliminated possible infinite loop in mod_imap when relative URLs are
used with a 'base' directive that does not have a '/' in it.
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
*) Reduced the default timeout from 1200 seconds to 300, and the
one in the sample configfile from 400 to 300. [Marc Slemko]
*) Stop vbprintf from crashing if given a NULL string pointer;
print (null) instead. [Ken Coar]
*) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY.
[Marc Slemko and Roy Fielding]
*) Fixed problem with mod_cgi-generated internal redirects trying to
read the request message-body twice. [Archie Cobbs and Roy Fielding]
*) Reduced timeout on lingering close, removed possibility of a blocked
read causing the child to hang, and stopped logging of errors if
the socket is not connected (reset by client). [Roy Fielding]
*) Rearranged main child loop to remove duplication of code in
select/accept and keep-alive requests, fixed several bugs regarding
checking scoreboard_image for exit indication and failure to
account for all success conditions and trap all error conditions,
prevented multiple flushes before closing the socket; close the entire
socket buffer instead of just one descriptor, prevent logging of
EPROTO and ECONNABORTED on platforms where supported, and generally
improved readability. [Roy Fielding]
*) Extensive performance improvements. Cleaned up inefficient use of
auto initializers, multiple is_matchexp calls on a static string,
and excessive merging of response_code_strings. [Dean Gaudet]
*) Added double-buffering to mod_include to improve performance on
server-side includes. [Marc Slemko]
*) Several fixes for suexec wrapper. [Randy Terbush]
- Make wrapper work for files on NFS filesystem.
- Fix portability problem of MAXPATHLEN.
- Fix array overrun problem in clean_env().
- Fix allocation of PATH environment variable
*) Removed extraneous blank line is description of mod_status chars.
[Kurt Kohler]
*) Logging of errors from the call_exec routine simply went nowhere,
since the logfile fd has been closed, so now we send them to stderr.
[Harald T. Alvestrand]
*) Fixed core dump when DocumentRoot is a CGI.
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
*) Fixed potential file descriptor leak in mod_asis; updated it and
http_core to use pfopen/pfclose instead of fopen/fclose.
[Randy Terbush and Roy Fielding]
*) Fixed handling of unsigned ints in ap_snprintf() on some chips such
as the DEC Alpha which is 64-bit but uses 32-bit ints.
[Dean Gaudet and Ken Coar]
*) Return a 302 response code to the client when sending a redirect
due to a missing trailing '/' on a directory instead of a 301; now
it is cacheable. [Markus Gyger]
*) Fix condition where, if a bad directive occurs in .htaccess, and
sub_request() goes first to this directory, then log_reason() will
SIGSEGV because it doesn't have initialized r->per_dir_config.
[PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet]
*) Fix handling of lang_index in is_variant_better(). This was
causing problems which resulted in the server sending the
wrong language document in some cases. [Petr Lampa]
*) Remove free() from clean_env() in suexec wrapper. This was nuking
the clean environment on some systems.
*) Tweak byteserving code (e.g. serving PDF files) to work around
bugs in Netscape Navigator and Microsoft Internet Explorer.
Emit Content-Length header when sending multipart/byteranges.
[Alexei Kosut]
*) Port to HI-UX/WE2. [Nick Maclaren]
*) Port to HP MPE operating system for HP 3000 machines
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
*) Fixed bug which caused a segmentation fault if only one argument
given to RLimit* directives. [Ed Korthof]
*) Continue persistent connection after 204 or 304 response. [Dean Gaudet]
*) Improved buffered output to the client by delaying the flush decision
until the BUFF code is actually about to read the next request.
This fixes a problem introduced in 1.2b5 with clients that send
an extra CRLF after a POST request. Also improved chunked output
performance by combining writes using writev() and removing as
many bflush() calls as possible. NOTE: Platforms without writev()
must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration
or Configure, unless we have already done so. [Dean Gaudet]
*) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko]
*) Fixed mod_info output corruption bug introduced by buffer overflow
fixes. [Dean Gaudet]
*) Fixed http_protocol to correctly output all HTTP/1.1 headers, including
for the special case of a 304 response. [Paul Sutton]
*) Improved handling of TRACE method by bypassing normal method handling
and header parsing routines; fixed Allow response to always allow TRACE.
[Dean Gaudet]
*) Fixed compiler warnings in the regex library. [Dean Gaudet]
*) Cleaned-up some of the generated HTML. [Ken Coar]
Changes with Apache 1.2b6
*) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko]
*) Fix typo introduced in fix for potential infinite loop around
accept() in child_main(). This change caused the rev to 1.2b6.
1.2b5 was never a public beta.
Changes with Apache 1.2b5
*) Change KeepAlive semantics (On|Off instead of a number), add
MaxKeepAliveRequests directive. [Alexei Kosut]
*) Various NeXT compilation patches, as well as a change in
regex/regcomp.c since that file also used a NEXT define.
[Andreas Koenig]
*) Allow * to terminate the end of a directory match in mod_dir.
Allows /~* to match for both /~joe and /~joe/. [David Bronder]
*) Don't call can_exec() if suexec_enabled. Calling this requires
scripts executed by the suexec wrapper to be world executable, which
defeats one of the advantages of running the wrapper. [Randy Terbush]
*) Portability Fix: IRIX complained with 'make clean' about *pure* (removed)
[Jim Jagielski]
*) Migration from sprintf() to snprintf() to avoid buffer
overflows. [Marc Slemko]
*) Provide portable snprintf() implementation (ap_snprintf)
as well as *cvt family. [Jim Jagielski]
*) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
[Jim Jagielski]
*) Remove mod_fastcgi.c from the distribution. This module appears
to be maintained more through the Open Market channels and should
continue to be easily available at http://www.fastcgi.com/
*) Fixed bug in modules/Makefile that wouldn't allow building in more
than one subdirectory (or cleaning, either). [Jeremy Laidman]
*) mod_info assumed that the config files were relative to ServerRoot.
[Ken the Rodent]
*) CGI scripts called as an error document resulting from failed
CGI execution would hang waiting for POST'ed data. [Rob Hartill]
*) Log reason when mod_dir returns access HTTP_FORBIDDEN
[Ken the Rodent]
*) Properly check errno to prevent display of a directory index
when server receives a long enough URL to confuse stat().
[Marc Slemko]
*) Several security enhancements to suexec wrapper. It is _highly_
recommended that previously installed versions of the wrapper
be replaced with this version. [Randy Terbush, Jason Dour]
- ~user execution now properly restricted to ~user's home
directory and below.
- execution restricted to UID/GID > 100
- restrict passed environment to known variables
- call setgid() before initgroups() (portability fix)
- remove use of setenv() (portability fix)
*) Add HTTP/1.0 response forcing. [Ben Laurie]
*) Add access control via environment variables. [Ben Laurie]
*) Add rflush() function. [Alexei Kosut]
*) remove duplicate pcalloc() call in new_connection().
*) Fix incorrect comparison which could allow number of children =
MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential
problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof]
*) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD
AIX PS/2, CONVEXOS. [Jim Jagielski]
*) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock.
It's more portable. [Martin Kraemer]
*) Replace references to make in Makefile.tmpl with $(MAKE).
[Chuck Murcko]
*) Add ProxyBlock directive w/IP address caching. Add IP address
caching to NoCache directive as well. ProxyBlock works with all
handlers; NoCache now also works with FTP for anonymous logins.
Still more code cleanup. [Chuck Murcko]
*) Add "header parse" API hook [Ben Laurie]
*) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko]
*) suEXEC wrapper was freeing memory that had not been malloc'ed.
*) Correctly allow access and auth directives in <Files> sections in
server config files. [Alexei Kosut]
*) Fix bug with ServerPath that could cause certain files to be not
found by the server. [Alexei Kosut]
*) Fix handling of ErrorDocument so that it doesn't remove a trailing
double-quote from text and so that it properly checks for unsupported
status codes using the new index_of_response interface. [Roy Fielding]
*) Multiple fixes to the lingering_close code in order to avoid being
interrupted by a stray timeout, to avoid lingering on a connection
that has already been aborted or never really existed, to ensure that
we stop lingering as soon as any error condition is received, and to
prevent being stuck indefinitely if the read blocks. Also improves
reporting of error conditions. [Marc Slemko and Roy Fielding]
*) Fixed initialization of parameter structure for sigaction.
*) Fixed reinitializing the parameters before each call to accept and
select, and removed potential for infinite loop in accept.
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
*) Fixed condition where, if a child fails to fork, the scoreboard would
continue to say SERVER_STARTING forever. Eventually, the main process
would refuse to start new children because count_idle_servers() will
count those SERVER_STARTING entries and will always report that there
are enough idle servers. [Phillip Vandry]
*) Fixed bug in bcwrite regarding failure to account for partial writes.
Avoided calling bflush() when the client is pipelining requests.
Removed unnecessary flushes from http_protocol. [Dean Gaudet]
*) Added description of "." mode in server-status [Jim Jagielski]
Changes with Apache 1.2b4
*) Fix possible race condition in accept_mutex_init() that
could leave a small security hole open allowing files to be
overwritten in cases where the server UID has write permissions.
[Marc Slemko]
*) Fix awk compatibilty problem in Configure. [Jim Jagielski]
*) Fix portablity problem in util_script where ARG_MAX may not be
defined for some systems.
*) Add changes to allow compilation on Machten 4.0.3 for PowerPC.
[Randal Schwartz]
*) OS/2 changes to support an MMAP style scoreboard file and UNIX
style magic #! token for better script portability. [Garey Smiley]
*) Fix bug in suexec wrapper introduced in b3 that would cause failed
execution for ~userdir CGI. [Jason Dour]
*) Fix initgroups() business in suexec wrapper. [Jason Dour]
*) Fix month off by one in suexec wrapper logging.
Changes with Apache 1.2b3:
*) Fix error in mod_cgi which could cause resources not to be properly
freed, or worse. [Dean Gaudet]
*) Fix find_string() NULL pointer dereference. [Howard Fear]
*) Add set_flag_slot() at the request of Dirk and others.
[Dirk vanGulik]
*) Sync mod_rewrite with patch level 10. [Ralf Engelschall]
*) Add changes to improve the error message given for invalid
ServerName parameters. [Dirk vanGulik]
*) Add "Authoritative" directive for Auth modules that don't
currently have it. This gives admin control to assign authoritative
control to an authentication scheme and allow "fall through" for
those authentication modules that aren't "Authoritative" thereby
allowing multiple authentication mechanisms to be chained.
[Dirk vanGulik]
*) Remove requirement for ResourceConfig/AccessConfig if not using
the three config file layout. [Randy Terbush]
*) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko]
*) Changes to suexec wrapper to fix the following problems:
1. symlinked homedirs will kill ~userdirs.
2. initgroups() on Linux 2.0.x clobbers gr->grid.
3. CGI command lines paramters problems
4. pw-pwdir for "docroot check" still the httpd user's pw record.
[Randy Terbush, Jason Dour]
*) Change create_argv() to accept variable arguments. This fixes
a problem where arguments were not getting passed to the CGI via
argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz]
*) Collapse multiple slashes in path URLs to properly apply
handlers defined by <Location>. [Alexei Kosut]
*) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX.
*) Improve the accuracy of request duration timings by setting
r->request_time in read_request_line() instead of read_request().
[Dean Gaudet]
*) Reset timeout while reading via get_client_block() in mod_cgi.c
Fixes problem with timed out transfers of large files. [Rasmus Lerdorf]
*) Add the ability to pass different Makefile.tmpl files to Configure
using the -make flag. [Rob Hartill]
*) Fix coredump triggered when sending a SIGHUP to the server caused
by an assertion failure, in turn caused by an uninitialised field in a
listen_rec.
[Ben Laurie]
*) Add FILEPATH_INFO variable to CGI environment, which is equal to
PATH_INFO from previous versions of Apache (in certain situations,
Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut]
[later removed in 1.2b11]
*) Add rwrite() function to API to allow for sending strings of
arbitrary length. [Doug MacEachern]
*) Remove rlim_t typedef for NetBSD. Do older versions need this?
*) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for
NeXT. [Jim Jagielski]
*) Removed recent modification to promote the status code on internal
redirects, since the correct fix was to change the default log format
in mod_log_config so that it outputs the original status. [Rob Hartill]
Changes with Apache 1.2b2:
*) Update set_signals() to use sigaction() for setting handlers.
This appears to fix a re-entrant problem in the seg_fault()
bus_error() handlers. [Randy Terbush]
*) Changes to allow mod_status compile for OS/2 [Garey Smiley]
*) changes for DEC AXP running OSF/1 v3.0. [Marc Evans]
*) proxy_http.c bugfixes: [Chuck Murcko]
1) fixes possible NULL pointer reference w/NoCache
2) fixes NoCache behavior when using ProxyRemote (ProxyRemote
host would cache nothing if it was in the local domain,
and the local domain was in the NoCache list)
3) Adds Host: header when not available
4) Some code cleanup and clarification
*) mod_include.c bugfixes:
1) Fixed an ommission that caused include variables to not
be parsed in config errmsg directives [Howard Fear]
2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
4) Allow backslash-escaping to all quoted text
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
5) Pass variable to command line if not set in XSSI's env
[Howard Fear]
*) Fix infinite loop when processing Content-language lines in
type-map files. [Alexei Kosut]
*) Closed file-globbing hole in test-cgi script. [Brian Behlendorf]
*) Fixed problem in set_[user|group] that prevented CGI execution
for non-virtualhosts when suEXEC was enabled. [Randy Terbush]
*) Added PORTING information file. [Jim Jagielski]
*) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
*) Changed default group to "nogroup" instead of "nobody" [Randy Terbush]
*) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where
USE_FCNTL_SERIALIZED_ACCEPT was intended.
*) Fixed additional uses of 0xffffffff where INADDR_NONE was intended,
which caused problems of systems where socket s_addr is >32bits.
*) Added comment to explain (r->chunked = 1) side-effect in
http_protocol.c [Roy Fielding]
*) Replaced use of index() in mod_expires.c with more appropriate
and portable isdigit() test. [Ben Laurie]
*) Updated Configure for ...
OS/2 (DEF_WANTHSREGEX=yes, other code changes)
*-dg-dgux* (bad pattern match)
QNX (DEF_WANTHSREGEX=yes)
*-sunos4* (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
*-ultrix (new)
*-unixware211 (new)
and added some user diagnostic info. [Ben Laurie]
*) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
for better portability. [Jim Jagielski]
*) Updated helpers/GuessOS for ...
SCO 5 (recognize minor releases)
SCO UnixWare (braindamaged uname, whatever-whatever-unixware2)
SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
IRIX64 (-sgi-irix64)
ULTRIX (-unknown-ultrix)
SINIX (-whatever-sysv4)
NCR Unix (-ncr-sysv4)
and fixed something in helpers/PrintPath [Ben Laurie]
Changes with Apache 1.2b1
*) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
Changes with Apache 1.1.1
*) Fixed bug where Cookie module would make two entries in the
logfile for each access [Mark Cox]
*) Fixed bug where Redirect in .htaccess files would cause memory
leak. [Nathan Neulinger]
*) MultiViews now works correctly with AddHandler [Alexei Kosut]
*) Problems with mod_auth_msql fixed [Dirk vanGulik]
*) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon.
Changes with Apache 1.1.0
*) Bring NeXT support up to date. [Takaaki Matsumoto]
*) Bring QNX support up to date. [Ben Laurie]
*) Make virtual hosts default to main server keepalive parameters.
[Alexei Kosut, Ben Laurie]
*) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut]
*) Fix missing address family for connect, also remove unreachable statement
in mod_proxy. [Ben Laurie]
*) mod_env now turned on by default in Configuration.tmpl.
*) Bugs which were fixed:
a) yet more mod_proxy bugs [Ben Laurie]
b) CGI works again with inetd [Alexei Kosut]
c) Leading colons were stripped from passwords [<osm interguide.com>]
d) Another fix to multi-method Limit problem [<jk tools.de>]
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
Changes with Apache 1.1b4
*) r->bytes_sent variable restored. [Robert Thau]
*) Previously broken multi-method <Limit> parsing fixed. [Robert Thau]
*) More possibly unsecure programs removed from the support directory.
*) More mod_auth_msql authentication improvements.
*) VirtualHosts based on Host: headers no longer conflict with the
Listen directive.
*) OS/2 compatibility enhancements. [Gary Smiley]
*) POST now allowed to directory index CGI scripts.
*) Actions now work with files of the default type.
*) Bugs which were fixed:
a) more mod_proxy bugs
b) early termination of inetd requests
c) compile warnings on several systems
d) problems when scripts stop reading output early
Changes with Apache 1.1b3
*) Much of cgi-bin and all of cgi-src has been removed, due to
various security holes found and that we could no longer support
them.
*) The "Set-Cookie" header is now special-cased to not merge multiple
instances, since certain popular browsers can not handle multiple
Set-Cookie instructions in a single header. [Paul Sutton]
*) rprintf() added to buffer code, occurrences of sprintf removed.
[Ben Laurie]
*) CONNECT method for proxy module, which means tunneling SSL should work.
(No crypto needed) Also a NoCache config directive.
*) Several API additions: pstrndup(), table_unset() and get_token()
functions now available to modules.
*) mod_imap fixups, in particular Location: headers are now complete
URL's.
*) New "info" module which reports on installed module set through a
special URL, a la mod_status.
*) "ServerPath" directive added - allows for graceful transition
for Host:-header-based virtual hosts.
*) Anonymous authentication module improvements.
*) MSQL authentication module improvements.
*) Status module design improved - output now table-based. [Ben Laurie]
*) htdigest utility included for use with digest authentication
module.
*) mod_negotiation: Accept values with wildcards to be treated with
less priority than those without wildcards at the same quality
value. [Alexei Kosut]
*) Bugs which were fixed:
a) numerous mod_proxy bugs
b) CGI early-termination bug [Ben Laurie]
c) Keepalives not working with virtual hosts
d) RefererIgnore problems
e) closing fd's twice in mod_include (causing core dumps on
Linux and elsewhere).
Changes with Apache 1.1b2
*) Bugfixes:
a) core dumps in mod_digest
b) truncated hostnames/ip address in the logs
c) relative URL's in mod_imap map files
Changes with Apache 1.1b1
*) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
Changes with Apache 1.0.3
*) Internal redirects which occur in mod_dir.c now preserve the
query portion of a request (the bit after the question mark).
[Adam Sussman]
*) Escape active characters '<', '>' and '&' in html output in
directory listings, error messages and redirection links.
[David Robinson]
*) Apache will now work with LynxOS 2.3 and later [Steven Watt]
*) Fix for POSIX compliance in waiting for processes in alloc.c.
[Nick Williams]
*) setsockopt no longer takes a const declared argument [Martijn Koster]
*) Reset timeout timer after each successful fwrite() to the network.
This patch adds a reset_timeout() procedure that is called by
send_fd() to reset the timeout ever time data is written to the net.
[Nathan Schrenk]
*) timeout() signal handler now checks for SIGPIPE and reports
lost connections in a more user friendly way. [Rob Hartill]
*) Location of the "scoreboard" file which used to live in /tmp is
now configurable (for OSes that can't use mmap) via ScoreBoardFile
which works similar to PidFile (in httpd.conf) [Rob Hartill]
*) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
*) the pstrcat call in mod_cookies.c didn't have an ending NULL,
which caused a SEGV with cookies enabled
*) Output warning when MinSpareServers is set to <= 0 and change it to 1
[Rob Hartill]
*) Log the UNIX textual error returned by some system calls, in
particular errors from accept() [David Robinson]
*) Add strerror function to util.c for SunOS4 [Randy Terbush]
Changes with Apache 1.0.2
*) patch to get Apache compiled on UnixWare 2.x, recommended as
a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
*) Fix get_basic_auth_pw() to set the auth_type of the request.
[David Robinson]
*) past changes to http_config.c to only use the
setrlimit function on systems defining RLIMIT_NOFILE
broke the feature on SUNOS4. Now defines HAVE_RESOURCE
for SUNOS and prototypes the needed functions.
*) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
[David Robinson]
*) Fix use of pointer to scratch memory. [Cliff Skolnick]
*) Merge multiple headers from CGI scripts instead of taking last
one. [David Robinson]
*) Add support for SCO 5. [Ben Laurie]
Changes with Apache 1.0.1
*) Silence mod_log_referer and mod_log_agent if not configured
[Randy Terbush]
*) Recursive includes can occur if the client supplies PATH_INFO data
and the server provider uses relative links; as file.html
relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson]
*) The replacement for initgroups() did not call {set,end}grent(). This
had two implications: if anything else used getgrent(), then
initgroups() would fail, and it was consuming a file descriptor.
[Ben Laurie]
*) On heavily loaded servers it was possible for the scoreboard to get
out of sync with reality, as a result of a race condition.
The observed symptoms are far more Apaches running than should
be, and heavy system loads, generally followed by catastrophic
system failure. [Ben Laurie]
*) Fix typo in license. [David Robinson]
Changes with Apache 1.0.0 23 Nov 1995
*) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
Changes with Apache 0.8.16 05 Nov 1995
*) New man page for 'httpd' added to support directory [David Robinson]
*) .htgroup files can have more than one line giving members for a
given group (each must have the group name in front), for NCSA
back-compatibility [Robert Thau]
*) Mutual exclusion around accept() is on by default for SVR4 systems
generally, since they generally can't handle multiple processes in
accept() on the same socket. This should cure flaky behavior on
a lot of those systems. [David Robinson]
*) AddType, AddEncoding, and AddLanguage directives take multiple
extensions on a single command line [David Robinson]
*) UserDir can be disabled for a given virtual host by saying
"UserDir disabled" in the <VirtualHost> section --- it was a bug
that this didn't work. [David Robinson]
*) Compiles on QNX [Ben Laurie]
*) Corrected parsing of ctime time format [David Robinson]
*) httpd does a perror() before exiting if it can't log its pid
to the PidFile, to make diagnosing the error a bit easier.
[David Robinson]
*) <!--#include file="..."--> can no longer include files in the
parent directory, for NCSA back-compatibility. [David Robinson]
*) '~' is *not* escaped in URIs generated for directory listings
[Roy Fielding]
*) Eliminated compiler warning in the imagemap module [Randy Terbush]
*) Fixed bug involving handling URIs with escaped %-characters
in redirects [David Robinson]
Changes with Apache 0.8.15 14 Oct 1995
*) Switched to new, simpler license
*) Eliminated core dumps with improperly formatted DBM group files [Mark Cox]
*) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie]
*) Reject paths containing %-escaped '%' or null characters [David Robinson]
*) Correctly handles internal redirects to files with names containing '%'
[David Robinson]
*) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson]
*) Use geteuid() rather than getuid() to see if we have root privilege,
so that server correctly resets privilege if run setuid root. [Andrew
Wilson]
*) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module)
[Randy Terbush]
*) Fix relative URLs in imagemap files [Randy Terbush]
*) Somewhat better fix for the old "Alias /foo/ /bar/" business
[David Robinson]
*) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost>
entries all name the same one. [David Robinson]
*) Fix directory listings with filenames containing unusual characters
[David Robinson]
*) Better URI-escaping for generated URIs in directories with filenames
containing unusual characters [Ben Laurie]