Newer
Older
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
parse_uri_components() and friends which breaks a URI into its component
parts. These parts are stored in a uri_components structure called
parsed_uri within each request_rec, and are available to all modules.
Additionally, an unparse routine is supplied which re-assembles the URI
components back to an URI, optionally hiding the username:password@ part
from ftp proxy requests, and other useful routines. Within the structure,
you find on a ready-for-use basis:
scheme; /* scheme ("http"/"ftp"/...) */
hostinfo; /* combined [user[:password]@]host[:port] */
user; /* user name, as in http://user:passwd@host:port/ */
password; /* password, as in http://user:passwd@host:port/ */
hostname; /* hostname from URI (or from Host: header) */
port_str; /* port string (integer representation is in "port") */
path; /* the request path (or "/" if only scheme://host was given) */
query; /* Everything after a '?' in the path, if present */
fragment; /* Trailing "#fragment" string, if present */
This is meant to serve as the platform for *BIG* savings in
code complexity for the proxy module (and maybe the vhost logic).
[Martin Kraemer]
*) Make all possible meta-construct expansions ($N, %N, %{NAME} and
${map:key}) available for all location where a string is created in
mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
possible expansions are consequently usable at all string creation
locations. [Ralf S. Engelschall]
*) Fix initialization of RewriteLogLevel (default now is 0 as documented
and not 1) and the per-virtual-server merging of directives. Now all
directives except `RewriteEngine' and `RewriteOption' are either
completely overridden (default) or completely inherited (when
`RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
*) Fix `RewriteMap' program lookup in situations where such maps are
defined but disabled (`RewriteEngine off') in per-server context.
[Ralf S. Engelschall] PR#1431
*) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
server to bind to port 0 rather than 80. [Dean Gaudet]
*) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
(like SunOS and FreeBSD) which don't accept the locking of pipes
directly. A new directive RewriteLock is introduced which can be used to
setup a separate locking file which then is used for synchronization.
[Ralf S. Engelschall] PR#1029
*) WIN32: The server root is obtained from the registry key
HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
"1.3 beta"), unless overridden by the -d command line flag. The
value is stored by running "apache -i -d serverroot". [Paul Sutton]
*) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
*) Now mod_rewrite no longer makes problematic assumptions on the characters
a username can contain when trying to expand it via /etc/passwd.
[Ralf S. Engelschall]
*) The mod_setenvif BrowserMatch backwards compatibility command did not
work properly with spaces in the regex. [Ronald Tschalaer] PR#1825
*) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
type but with a special post-processing for the looked-up value: It
parses it into alternatives according to `|' chars and then only one
particular alternative is chosen randomly (this is an essential
functionality needed for balancing between backend-servers when using
Apache as a Reverse Proxy. The looked up value here is a list of
servers). Second, `int' with the built-in maps named `tolower' and
`toupper' which can be used to map URL parts to a fixed case (this is an
essential feature to fix the case of server names when doing mass
virtual-hosting with the help of mod_rewrite instead of using
<VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
Jay Soffian <jay@cimedia.com>] PR#1631
*) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
This directive lets Apache adjust the URL in Location-headers on HTTP
redirect responses sent by the remote server. This way the virtually
mapped area is no longer left on redirects and thus by-passed which is
especially essential when running Apache as a reverse proxy.
[Ralf S. Engelschall]
*) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
hidden. [Alvaro Martinez Echevarria]
*) Apache will, when started with the -X (single process) debugging flag,
honor the SIGINT or SIGQUIT signals again now. This capability got lost
a while ago during OS/2 signal handling changes.
*) [PORT] Work around the fact that NeXT runs on more than the
m68k chips in mod_status [Scott Anguish and Timothy Luoma
<luomat@peak.org>]
*) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
<ache@nagual.pp.ru> and Jim] PR#1450
*) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
In particular the handlers could trigger themselves into an infinite
loop if RLimitMem was used with a small amount of memory -- too small
for the signal stack frame to be set up. [Dean Gaudet]
*) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet,
Alvaro Martinez Echevarria <alvaro@lander.es>]
*) Fix multiple UserDir problem introduced during 1.3b4-dev.
[Dean Gaudet] PR#1850
*) ap_cpystrn() had an off-by-1 error.
[Charles Fu <ccwf@klab.caltech.edu>] PR#1847
*) API: As Ken suggested the check_cmd_context() function and related
defines are non-static now so modules can use 'em. [Martin Kraemer]
*) mod_info would occasionally produce an unpaired <tt> in its
output. Fixed. [Martin Kraemer]
*) By default AIX binds a process (and it's children) to a single
processor. httpd children now unbind themselves from that cpu
and re-bind to one selected at random via bindprocessor()
[Doug MacEachern]
*) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
effect. Work around it by using RLIMIT_AS for the RLimitMEM
directive. [Enrik Berkhan <enrik@inka.de>] PR#1816
*) mod_mime_magic error message should indicate the filename when
reads fail. ["M.D.Parker" <mdpc@netcom.com>] PR#1827
*) Previously Apache would permit </Files> to end <FilesMatch> (and
similary for Location and Directory), now this is diagnosed as an
error. Improve error messages for mismatched sections (<Files>,
<FilesMatch>, <Directory>, <DirectoryMatch>, ...).
[Dean Gaudet, Martin Kraemer]
*) <Files> is not permitted within <Location> (because of the
semantic ordering). [Dean Gaudet] PR#379
*) <Files> with wildcards was broken by the change in wildcard
semantics (* does not match /). To fix this, <Files> now
apply only to the basename of the request filename. This
fixes some other inconsistencies in <Files> semantics
(such as <Files a*b> not working). [Dean Gaudet] PR#1817
*) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
backup files are removed on "clean" target [Ralf S. Engelschall]
*) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639
*) Various errors from select() and accept() in child_main() would
result in an infinite loop. It seems these two tickle kernel
or library bugs occasionally, and result in log spammage and
a generally bad scene. Now the child exits immediately,
which seems to be a good workaround.
[Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
*) Cleaned up some race conditions in unix child_main during
initialization. [Dean Gaudet]
*) SECURITY: "UserDir /abspath" without a * in the path would allow
remote users to access "/~.." and bypass access restrictions
(but note /~../.. was handled properly).
[Lauri Jesmin <jesmin@ut.ee>] PR#1701
*) API: os_is_path_absolute() now takes a const char * instead of a char *.
[Dean Gaudet]
Changes with Apache 1.3b5
*) Source file dependencies in Makefile.tmpl files throughout the
source tree were updated to accurately reflect reality.
[Dean Gaudet]
*) Preserve the content encoding given by the AddEncoding directive
when the client doesn't otherwise specify an encoding.
[Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]
*) Sort out problems with canonical filename handling happening too late.
[Dean Gaudet, Ben Laurie]
Changes with Apache 1.3b4
*) The module structure was modified to include a *dynamic_load_handle
in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
has been bumped accordingly. [Paul Sutton]
*) All BrowserMatch directives mentioned in
htdocs/manual/known_client_problems.html are in the default
configuration files. [Lars Eilebrecht]
*) MiNT port update. [Jan Paul Schmidt]
*) HTTP/1.1 requires x-gzip and gzip encodings be treated
equivalent, similarly for x-compress and compress. Apache
now ignores a leading x- when comparing encodings. It also
preserves the encoding the client requests (for example if
it requests x-gzip, then Apache will respond with x-gzip
in the Content-Encoding header).
[Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772
*) Fix a memory leak on keep-alive connections. [Igor Tatarinov]
*) Added mod_so module to support dynamic loading of modules on Unix
(like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
instead of AddModule in Configuration to build shared modules
[Sameer Parekh, Paul Sutton]
*) Minor cleanups to r->finfo handling in some modules.
[Dean Gaudet]
*) Abstract read()/write() to ap_read()/ap_write().
Makes it easier to add other types of IO code such as SFIO.
[Randy Terbush]
*) API: Generalize default_port manipulations to make support of
different protocols easier. [Ben Laurie, Randy Terbush]
*) There are many cases where users do not want Apache to form
self-referential urls using the "canonical" ServerName and Port.
The new UseCanonicalName directive (default on), if set to off
will cause Apache to use the client-supplied hostname and port.
API: Part of this change required a change to the construct_url()
prototype; and the addition of get_server_name() and
get_server_port().
[Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
PR#315, 459, 485, 1433
*) Yet another rearrangement of the source tree.. now all the common
header files are in the src/include directory. The -Imain -Iap
references in Makefiles have been changed to the simpler -Iinclude
instead. In addition to simplifying the build a little bit, this
also makes it clear when a module is referencing something in a
other than kosher manner (e.g., the proxy including mod_mime.h).
Module-private header files (the proxy, mod_mime, the regex library,
and mod_rewrite) have not been moved to src/include; nor have
the OS-abstraction files. [Ken Coar]
*) Fix a bug where r->hostname didn't have the :port stripped
from it. [Dean Gaudet]
*) Tweaked the headers_out table size, and the subprocess_env
table size guess in rename_original_environment(). Added
MAKE_TABLE_PROFILE which can help discover make_table()
calls that use too small an initial guess, see alloc.c.
[Dean Gaudet]
*) Options and AllowOverride weren't properly merging in the main
server setting inside vhosts (only an issue when you have no
<Directory> or other section containing an Options that affects
a request). Options +foo or -foo in the main_server wouldn't
affect the main_server's lookup defaults. [Dean Gaudet]
*) Variable 'cwd' was being used pointlessly before being set.
[Ken Coar] PR#1738
*) r->allowed handling cleaned up in the standard modules.
[Dean Gaudet]
*) Some case-sensitivity issues cleaned up to be consistent with
RFC2068. [Dean Gaudet]
*) SIGURG doesn't exist everywhere.
[Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
*) mod_unique_id was erroneously generating a second unique id when
an internal redirect occured. Such redirects occur, for example,
when processing a DirectoryIndex match. [Dean Gaudet]
*) API: table_add, table_merge, and table_set include implicit pstrdup()
of the key and value. But in many cases this is not required
because the key/value is a constant, or the value has been built
by pstrcat() or other similar means. New routines table_addn,
table_mergen, and table_setn have been added to the API, these
routines do not pstrdup() their arguments. The core code and
standard modules were changed to take advantage of these routines.
The resulting server is up to 20% faster in some situations.
Note that it is easy to get code subtly wrong if you pass a key/value
which is in a pool other than the pool of the table. The only
safe thing to do is to pass key/values which are in the pool of
the table, or in one of the ancestors of the pool of the table.
i.e. if the table is part of a subrequest, a value from the main
request's pool is OK since the subrequest pool is a sub_pool of the
main request's pool (and therefore has a lifespan at most as long as
the main pool). There is debugging code which can detect improper
usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
[Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]
*) More mod_mime_magic cleanup: fewer syscalls; should handle "files"
which don't exist on disk more gracefully; handles vhosts properly.
Update documentation to reflect the code -- if there's no
MimeMagicFile directive then the module is not enabled.
[Dean Gaudet]
*) PORT: Some older *nix dialects cannot automatically start scripts
which begin with a #! interpreter line (the shell starts the scripts
appropriately on these platforms). Apache now supports starting of
"hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
[Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
taken from tcsh]
*) API: "typedef array_header table" removed from alloc.h, folks should
have been writing to use table as if it were an opaque type, but even
some standard modules got this wrong. By changing the definition
to "typedef struct table table" module authors will receive compile
time warnings that they're doing the wrong thing. This change
facilitates future changes with more sophisticated table
structures. Specifically, module authors should be using table_elts()
to get access to an array_header * for the table. [Dean Gaudet]
*) API: Renamed new_connection() to avoid namespace collision with LDAP
library routines. [Ken Coar, Rasmus Lerdorf]
*) WIN32: mod_speling is now available on the Win32 platform.
[Marc Slemko]
*) For clarity the following compile time definition was changed:
SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT
Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
and not be a general notice that the OS has mmap(). Now the
HAVE_MMAP/SHMGET #defines strictly are informational that the
OS has that method of shared memory; the type to use for
the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
and USE_SHMGET_SCOREBOARD). This allows outside modules to
determine if shared memory is available and allows Apache
to determine the best method to use for the scoreboard.
[Jim Jagielski]
*) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
as do various earlier versions. It should be safe on all versions.
Unixware 1.x appears to have the same SIGHUP bug as solaris does with
the slack code. A few other cleanups for Unixware.
[Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
*) PORT: A/UX can handle single-listen accepts without mutex
locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
*) When die() happens we need to eat any request body if one exists.
Otherwise we can't continue with a keepalive session. This shows up
as a POST problem with MSIE 4.0, typically against pages which are
authenticated. [Roy Fielding] PR#1399
*) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
header will be passed to CGIs. This is generally a security hole, so
it's not a default. [Marc Slemko] PR#549
*) Fix Y2K problem with date printing in suexec log.
[Paul Eggert <eggert@twinsun.com>] PR#1343
*) WIN32 deserves a pid file. [Ben Hyde]
*) suexec errors now include the errno/description. [Marc Slemko] PR#1543
*) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
The choice of flock vs. fcntl was made based on timings which showed that
even on non-NFS, non-exported filesystems fcntl() was an order of
magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
that single socket users will see no difference. [Dean Gaudet] PR#467
*) "File does not exist" error message was erroneously including the
errno. [Marc Slemko]
*) Improve the warning message generated when a client drops the
connection (hits stop button, etc.) during a send. [Roy Fielding]
*) Defining GPROF will disable profiling in the parent and enable it
in the children. If you're profiling under Linux this is pretty much
necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
*) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
[Brian Havard]
*) The NeXT cc (which is gcc hacked up) doesn't appear to support some
gcc functionality. Work around it.
[Keith Severson <keith@sssd.navy.mil>] PR#1613
*) Some linkers complain when .o files contain no functions.
[Keith Severson <keith@sssd.navy.mil>] PR#1614
*) Some const declarations in mod_imap.c that were added for debugging
purposes caused some compilers heartburn without adding any
significant value, so they've been removed. [Ken Coar]
*) The src/main/*.h header files have had #ifndef wrappers added to
insulate them against duplicate calls if they get included through
multiple paths (e.g., in .c files as well as other .h files).
[Ken Coar]
*) The libap routines now have a header file for their prototypes,
src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
*) mod_autoindex with a plaintext header file would emit the <PRE>
start-tag before the HTML preamble, rather than after the preamble
but before the header file contents. [John Van Essen <jve@gamers.org>]
PR#1667
*) SECURITY: Fix a possible buffer overflow in logresolve. This is
only an issue on systems without a MAXDNAME define or where
the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
*) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
is used to read various types of files such as htaccess and
htpasswd files. [Marc Slemko]
*) SECURITY: Ensure that the buffer returned by ht_time is always
properly null terminated. [Marc Slemko]
*) The "Connection" header could be sent back with multiple "close"
tokens. Not an error, but a waste.
[Ronald.Tschalaer@psi.ch] PR#1683
*) mod_rewrite's RewriteLog should behave like mod_log_config, it
shouldn't force hostname lookups. [Dean Gaudet] PR#1684
*) "basic" auth needs a case-insensitive comparison.
[Ronald.Tschalaer@psi.ch] PR#1666
*) For maximum portability, the environment passed to CGIs should
only contain variables whose names match the regex
/[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping
underscores over any character outside the regex. This
affects HTTP_* variables, in a way that should be backward
compatible for all the standard headers; and affects variables
set with SetEnv/BrowserMatch and similar directives.
[Dean Gaudet]
*) mod_speling returned incorrect HREF's when an ambigous match
was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
[robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
*) PORT: Apache now compiles & runs on an EBCDIC mainframe
(the Siemens BS2000/OSD family) in the POSIX subsystem
[Martin Kraemer]
*) PORT: Fix problem killing children when terminating. Allow ^C
to shut down the server. [Brian Havard]
*) pstrdup() is implicit in calls to table_* functions, so there's
no need to do it before calling. Clean up a few cases.
[Marc Slemko, Dean Gaudet]
*) new -C and -c command line arguments
usage:
-C "directive" : process directive before reading config files
-c "directive" : process directive after reading config files
example:
httpd -C "PerlModule Apache::httpd_conf"
[Doug MacEachern, Martin Kraemer]
*) WIN32: Fix the execution of CGIs that are scripts and called
with path info that does not have an '=' in.
(eg. http://server/cgi-bin/printenv?foobar)
[Marc Slemko] PR#1591
*) WIN32: Fix a call to os_canonical_filename so it doesn't try to
mess with fake filenames. This fixes proxy caching on
win32. PR#1265
*) SECURITY: General mod_include cleanup, including fixing several
possible buffer overflows and a possible infinite loop.
[Dean Gaudet, Marc Slemko]
*) SECURITY: Numerous changes to mod_imap in a general cleanup
including fixing a possible buffer overflow. [Dean Gaudet]
*) WIN32: overhaul of multithreading code. Shutdowns are now graceful
(connections are not dropped). Code can handle graceful restarts
(but there is as yet no way to signal this to Apache). Various
other cleanups. [Paul Sutton]
*) The aplog_error changes specific to 1.3 introduced a buffer
overrun in the (now legacy) log_printf function. Fixed.
[Dean Gaudet]
*) mod_digest didn't properly deal with proxy authentication. It
also lacked a case-insensitive comparision of the "Digest"
token. [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599
*) A few cleanups in mod_status for efficiency. [Dean Gaudet]
*) A few cleanups in mod_info to make it thread-safe, and remove an
off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
*) no2slash() was O(n^2) in the length of the input. Make it O(n).
[Dean Gaudet]
*) API: migration from strncpy() to our "enhanced" version called
ap_cpystrn() for performance and functionality reasons.
Located in libap.a. [Jim Jagielski]
*) table_set() and table_unset() did not deal correctly with
multiple occurrences of the same key.
[Stephen Scheck <sscheck@infonex.net>, Ben Laurie] PR#1604
*) The AuthName must now be enclosed in quotes if it is to contain
spaces. [Ken Coar] PR#1195
*) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
*) WIN32: Work around optimiser bug that killed ISAPI in release
versions. [Ben Laurie] PR#1533
*) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
*) Interim (slow) fix for p->sub_pool critical sections in
alloc.c (affects win32 only). [Ben Hyde]
*) non-WIN32 was missing destroy_mutex definition. [Ben Hyde]
*) send_fd_length() did not calculate total_bytes_sent properly.
[Ben Reser <breser@regnow.com>] PR#1366
*) The bputc() macro was not properly integrated with the chunking
code; in many cases modules using bputc() could cause completely
bogus chunked output. (Typically this will show up as problems
with Internet Explorer 4.0 reading a page, but other browsers
having no problem.) [Dean Gaudet]
*) Create LARGE_WRITE_THRESHOLD define which determines how many
bytes have to be supplied to bwrite() before it will consider
doing a writev() to assemble multiple buffers in one system
call. This is critical for modules such as mod_include,
mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
strings in some cases. The result would be extra effort
setting up writev(), and in many cases extra effort building
chunks. The default is 31, it can be overriden at compile
time. [Dean Gaudet]
*) Move the gid switching code into the child so that log files
and pid files are opened with the root gid.
[Gregory A Lundberg <lundberg@vr.net>]
*) WIN32: Check for binaries by looking for the executable header
instead of counting control characters.
[Jim Patterson <Jim.Patterson@Cognos.COM>] PR#1340
*) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
so the functionality is available to applications other than the
server itself (like the src/support tools). [Ken Coar]
*) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
the libap consolidation work. [Ken Coar]
*) ap_snprintf() with a len of 0 behaved like sprintf(). This is not
useful, and isn't what the standards require. Now it returns 0
and writes nothing. [Dean Gaudet]
*) When an error occurs in fcntl() locking suggest the user look up
the docs for LockFile. [Dean Gaudet]
*) Eliminate some dead code from writev_it_all().
[Igor Tatarinov <tatarino@prairie.NoDak.edu>]
*) mod_autoindex had an fread() without checking the result code.
It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
(note the missing closing paren) properly. [Dean Gaudet]
*) It appears the "257th byte" bug (see
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
at the 256th byte as well. Fixed. [Dean Gaudet]
*) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
[Brian Havard]
*) Fix memory corruption caused by allocating auth usernames in the
wrong pool. [Dean Gaudet] PR#1500
*) Fix an off-by-1, and an unterminated string error in
mod_mime_magic. [Dean Gaudet]
*) Fix a potential SEGV problem in mod_negotiation when dealing
with type-maps. [Dean Gaudet]
*) Better glibc support under Linux. [Dean Gaudet] PR#1542
*) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
*) WIN32: avoid overflows during file canonicalisations.
[malcolm@mgdev.demon.co.uk] PR#1378
*) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
PR#1511, 1508
*) WIN32: mod_status display header didn't match fields. [Ben Laurie]
*) The pthread_mutex_* functions return an error code, and don't
set errno. [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
*) WIN32: Allow spaces to prefix the interpreter in #! lines.
[Ben Laurie] PR#1101
*) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti@net4all.be>] PR#1523
*) proxy_ftp: the directory listings generated by the proxy ftp module
now have a title in which the path components are clickable and allow
quick navigation to the clicked-on directory on the currently listed
ftp server. This also fixes a bug where the ".." directory links would
sometimes refer to the wrong directory. [Martin Kraemer]
*) WIN32: Allocate the correct amount of memory for the scoreboard.
[Ben Hyde] PR#1387
*) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
PR#1505
*) Fix problems with timeouts in inetd mode and -X mode. [Dean Gaudet]
*) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
error messages. [Ben Hyde]
Changes with Apache 1.3b3
*) WIN32: Work around brain-damaged spawn calls that can't deal
with spaces and slashes. [Ben Laurie]
*) WIN32: Fix the code so CGIs can use socket calls on Windows.
The problem was that certain undocumented environment variables
needed for sockets to work under Win32 were not being passed.
[Frank Faubert <frank@sane.com>]
*) Add a "-V" command line flag to the httpd binary. This
flag shows some of the defines that Apache was compiled with.
It is useful for debugging purposes. [Martin Kraemer]
*) Start separating the ap_*() routines into their own library, so they
can be used by items in src/support among other things.
[Ken Coar] PR#512, 905, 1252, 1308
*) Give a more informative error when no AuthType is set.
[Lars Eilebrecht]
*) Remove strtoul() use from mod_proxy because it isn't available
on all platforms. [Marc Slemko] PR#1214
*) WIN32: Some Win32 systems terminated all responses after 16 kB.
This turns out to be a bug in Winsock - select() doesn't always
return the correct status. [Ben Laurie]
*) Directives owned by http_core can now use the new check_cmd_context()
routine to ensure that they're not being used within a container
(e.g., <Directory>) where they're invalid. [Martin Kraemer]
*) PORT: Recent changes made it necessary to add explicit prototype
for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
*) It was necessary to distinguish between resources which are
allocated in the parent, for cleanup in the parent, and resources
which are allocated in each child, for cleanup in each child.
A new pool was created which is passed to the module child_init
and child_exit functions; modules are free to register per-child
cleanups there. This fixes a bug with reliable piped logs.
[Dean Gaudet]
*) mod_autoindex wasn't displaying the ReadmeName file at the bottom
unless it was also doing FancyIndexes, but it displayed the
HeaderName file at the top under all circumstances. It now shows
the ReadmeName file for simple indices, too, as it should.
[Ken Coar] PR#1373
*) http_core was mmap()ing even in cases where it wasn't going to
read the file. [Ben Hyde <bhyde@gensym.com>]
*) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
Now the rewriting engine (the heart of mod_rewrite) is organized more
straight-forward, first time well documented and reduced to the really
essential parts. All redundant cases were stripped off and processing now
is the same for both per-server and per-directory context with only a
minimum difference (the prefix stripping in per-dir context). As a
side-effect some subtle restrictions and two recently discovered problems
are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
context and restrictions on the substitution URL on redirects.
Additionally some minor source cleanups were done.
[Ralf S. Engelschall]
*) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
documentation, examples, explanations and caveats. They live in a new
subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx@unix-ag.org>]
*) If ap_slack fails to allocate above the low slack line it's a good
indication that further problems will occur; it's a better indication
than many external libraries give us when we actually run out of
descriptors. So report it to the user once per restart.
[Dean Gaudet] PR#1181
*) Change mod_include and mod_autoindex to use Y2K-safe date formats
by default. [Ken Coar]
*) Add a "SuppressColumnSorting" option to the IndexOptions list,
which will keep the column heading from being links for sorting
the display. [Ken Coar, suggested by Brian Tiemann <btman@pacific.net>]
PR #1261
*) PORT: Update the LynxOS port. [Marius Groeger <mag@sysgo.de>]
*) Fix logic error when issuing a mmap() failed message
with a non-zero MMAP_THRESHOLD.
[David Chambers <davidc@flosun.salk.edu>] PR#1294
*) Preserve handler value on ProxyPass'ed requests by not
calling find_types on a proxy'd request; fixes problems
where some ProxyPass'ed URLs weren't actually passed
to the proxy.
[Lars Eilebrecht] PR#870
*) Fix a byte ordering problem in mod_access which prevented
the old-style syntax (i.e. "a.b.c." to match a class C)
from working properly. [Dean Gaudet] PR#1248, 1328, 1384
*) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
properly. Each child needs to open the lockfile instead
of using the passed file-descriptor from the parent.
[Jim Jagielski] PR#1056
*) Fix the error logging in mod_cgi; the recent error log changes
introduced a bug that prevented it from working correctly.
[M.D.Parker] PR#1352
*) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly
handle multiple Listen directives. [Marc Slemko] PR#872
*) Inherit a bugfix to fnmatch.c from FreeBSD sources.
["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" <ache@nagual.pp.ru>] PR#1311
*) When a configuration parse complained about a bad directive,
the logger would use whatever (unrelated) value was in errno.
errno is now forced to EINVAL first in this case. [Ken Coar]
*) A sed command in the Configure script pushed the edge of POSIXness,
breaking on some systems. [Bhaba R.Misra <system@vt.edu>] PR#1368
*) Solaris >= 2.5 was totally broken due to a mess up using pthread
mutexes. [Roy Fielding, Dean Gaudet]
*) OS/2 Port updated; it should be possible to build OS/2 from the same
sources as Unix now. [Brian Havard <brianh@kheldar.apana.org.au>]
*) Fix a year formatting bug in mod_usertrack.
[Paul Eggert <eggert@twinsun.com>] PR#1342
*) A mild SIGTERM/SIGALRM race condition was eliminated.
[Dean Gaudet] PR#1211
*) Warn user that default path has changed if /usr/local/etc/httpd
is found on the system. [Lars Eilebrecht]
*) Various mod_mime_magic bug fixes and cleanups: Uncompression
should work, it should work on WIN32, and a few resource
leaks and abort conditions are fixed.
[Dean Gaudet] PR#1205
*) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
to use '%' instead of '@' in its encodings.
[David Schuler <schuld@btv.ibm.com>] PR#1317
*) Improve the warning message generated when the "server is busy".
[Dean Gaudet] PR#1293
*) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
get Spencer regex by default. This is to avoid having to
discover bugs in operating system libraries. [Dean Gaudet]
*) PORT: "Fix" PR#467 by generating warnings on systems which we have
not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
*) Ensure that one copy of config warnings makes it to the
error_log. [Dean Gaudet]
*) Invent new structure and associated methods to handle config file
reading. Add "custom" hook to use config file cfg_getline() on
something which is not a FILE* [Martin Kraemer]
*) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
*) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
*) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
*) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
[John Line <jml4@cam.ac.uk>] PR#1321
*) Default pathname has been changed everywhere to /usr/local/apache
[Sameer <sameer@c2.net>]
*) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
[David Bronder <David-Bronder@uiowa.edu>] PR#849
*) PORT: i386 AIX does not have memmove.
[David Schuler <schuld@btv.ibm.com>] PR#1267
*) PORT: HPUX now defaults to using Spencer regex.
[Philippe Vanhaesendonck <pvanhaes@be.oracle.com>,
Omar Del Rio <al112263@academ01.lag.itesm.mx>] PR#482, 1246
*) PORT: Some versions of NetBSD don't automatically define
__NetBSD__. Workaround by defining NETBSD.
[Chris Craft <ccraft@cncc.cc.co.us>] PR#977
*) PORT: UnixWare 2.x requires -lgen for syslog.
[Hans Snijder <hs@meganet.nl>] PR#1249
*) PORT: ULTRIX appears to not have syslog.
[Lars Eilebrecht <Lars.Eilebrecht@unix-ag.org>]
*) PORT: Basic Gemini port (treat it like unixware212).
["Pavel Yakovlev (Paul McHacker)" <hac@tomcat.olly.ru>]
*) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
use USE_SHMGET_SCOREBOARD.
[Martin Kraemer]
*) Various improvements in detecting config file errors (missing closing
directives for <Directory>, <Files> etc. blocks, prohibiting global
server settings in <VirtualHost> blocks, flagging unhandled multiple
arguments to <Directory>, <Files> etc.)
[Martin Kraemer]
*) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
variable to provide this one to suexec'd CGIs, too.
[M.D.Parker <mdpc@netcom.com>] PR#1284
*) New support tool: src/support/split-logfile, a sample Perl script which
splits up a combined access log into separate files based on the
name of the virtual host (listed first in the log records by "%v").
[Ken Coar]
Changes with Apache 1.3b2 (there is no 1.3b1)
*) TestCompile was not passing $LIBS [Dean Gaudet]
*) Makefile.tmpl was not using $CFLAGS in the link phase.
[Martin Kraemer]
*) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
rudimentary memory debugger which can be used on live servers with
low impact -- it sets all allocated and freed memory bytes to 0xa5.
Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
and free() for each object. This is far more expensive and should
only be used for testing with tools such as Electric Fence and
Purify. See main/alloc.c for more details. [Dean Gaudet]
*) Configure uses a sh trap and didn't set its exitcode properly.
[Dean Gaudet] PR#1159
*) Yet another vhost revamp. Add the NameVirtualHost directive which
explicitly lists the ip:port pairs that are to be used for name-vhosts.
From a given ip:port, regardless what the Host: header is, you can
only reach the vhosts defined on that ip:port. The precedence of
vhosts was reversed to match other precedences in the config --
the earlier vhosts override the later vhosts. All vhost matching was
moved into http_vhost.[ch]. [Dean Gaudet]
*) ap_inline can be used to force inlining. GNUC __attribute__() can
be used for whatever reason is appropriate (i.e. format() warnings
for printf style functions). Both are enabled only with
gcc >= 2.7.x (so that we have fewer support issues with older
versions). [Dean Gaudet]
*) Fix support for Proxy Authentication (we were testing the response
status too early). [Marc Slemko]
*) CoreDumpDirectory directive directs where the core file is
written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
received. [Marc Slemko, Dean Gaudet]
*) PORT: Support for Atari MINT.
[Jan Paul Schmidt <Jan.P.Schmidt@mni.fh-giessen.de>]
*) When booting, apache will now detach itself from stdin, stdout,
and stderr. stderr will not be detached until after the config
files have been read so you will be able to see initial error
messages. After that all errors are logged in the error_log.
This makes it more convenient to start apache via rsh, ssh,
or crontabs. [Dean Gaudet] PR#523
*) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
Also removed the auto-generated link to www.apache.org that was the
source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
*) send_fb would not detect aborted connections in some situations.
[Dean Gaudet]
*) mod_include would use uninitialized data when parsing certain
expressions involving && and ||. [Brian Slesinsky] PR#1139
*) mod_imap should only handle GET methods. [Jay Bloodworth]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
*) mod_autoindex improperly counted &escapes; as more than one
character in the description. It also improperly truncated
descriptions that were exactly the maximum length.
[Martin Kraemer]
*) RedirectMatch was not properly escaping the result (PR#1155). Also
"RedirectMatch /advertiser/(.*) $1" is now permitted.
[Dean Gaudet]
*) mod_include now uses symbolic names to check for request success
and return HTTP errors, and correctly handles all types of
redirections (previously it only did temporary redirect correctly).
[Ken Coar, Roy Fielding]
*) mod_userdir was modifying r->finfo in cases where it wasn't setting
r->filename. Since those two are meant to be in sync with each other
this is a bug. ["Paul B. Henson" <henson@intranet.csupomona.edu>]
*) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
["Kaufman, Steven E" <Steven.Kaufman@unisys.com>]
*) Inetd mode (which is buggy) uses timeouts without having setup the
jmpbuffer. [Dean Gaudet] PR#1064
*) Work around problem under Linux where a child will start looping
reporting a select error over and over.
[Rick Franchuk <rickf@transpect.net>] PR#1107, 987, 588
*) Fixed error in proxy_util.c when looping through multiple host IP
addresses. [Lars Eilebrecht] PR#974
*) If BUFFERED_LOGS is defined then mod_log_config will do atomic
buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
bytes before writing, but it will never split a log entry across a
buffer boundary. [Dean Gaudet]
*) API: the short_score record has been split into two pieces, one which
the parent writes on, and one which the child writes on. As part of
this change the get_scoreboard_info() function was removed, and
scoreboard_image was exported. This change fixes a race condition
in file based scoreboard systems, and speeds up changes involving the
scoreboard in earlier 1.3 development. [Dean Gaudet]
*) API: New register_other_child() API (see http_main.h) which allows
modules to register children with the parent for maintenance. It
is disabled by defining NO_OTHER_CHILD. [Dean Gaudet]
*) API: New piped_log API (see http_log.h) which implements piped logs,
and will use register_other_child to implement reliable piped logs
when it is available. The reliable piped logs part can be disabled
by defining NO_RELIABLE_PIPED_LOGS. At the moment reliable piped
logs is only available on Unix. [Dean Gaudet]
*) API: set_last_modified() broken into set_last_modified(), set_etag(), and
meets_conditions(). This allows conditional HTTP selection to be
handled separately from the storing of the header fields, and provides
the ability for CGIs to set their own ETags for conditional checking.
[Ken Coar, Roy Fielding] PR#895
*) Changes to mod_log_config to allow naming of format strings.
Format nicknames are defined with "LogFormat fmt nickname", and can
be used with "LogFormat nickname" and "CustomLog logtarget nickname".
[Ken Coar]
*) New module, "mod_speling", which can help find files even when
the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
*) API: New function child_terminate() triggers the child process to
exit, while allowing the child finish what it needs to for the
current request first.
[Doug MacEachern, Alexei Kosut]
*) Windows now defaults to using full status reports with mod_status.
[Alexei Kosut] PR #1094
*) *Really* disable all mod_rewrite operations if the engine is off.
Some things (like RewriteMaps) were checked/performed even if they
weren't supposed to be. [Ken Coar] PR #991
*) Implement a new timer scheme which eliminates the need to call alarm() all
the time. Instead a counter in the scoreboard for each child is used to
show when the child has made forward progress. The parent samples this
counter every scoreboard maintenance cycle, and issues SIGALRM if no
progress has been made in the timeout period. This reduces the static
request best-case syscall count to 22 from 29. This scheme is only
used by systems with memory-based scoreboards. [Dean Gaudet]
*) The proxy now properly handles CONNECT requests which are sent
to proxy servers when using ProxyRemote. [Marc Slemko] PR#1024
*) A script called apachectl has been added to the support
directory. This script allows you to do things such as
"apachectl start" and "apachectl restart" from the command
line. [Marc Slemko]
*) Modules and core routines are now put into libraries, which
simplifies the link line tremendously (among other advantages).
[Paul Sutton]
*) Some of the MD5 names defined in Apache have been renamed to have
an `ap_' prefix to avoid conflicts with routines supplied by
external libraries. [Ken Coar]
*) Removal of mod_auth_msql.c from the distribution. There are many
other options for databases today. Rather than offer one option,
offer none at this time. mod_auth_msql and other SQL database
authentication modules can be found at the Apache Module Registry.
http://modules.apache.org/ It would be nice to offer a generic
mod_auth_sql option in the near future.