Newer
Older
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
*) PORT: UnixWare 2.x requires -lgen for syslog.
[Hans Snijder <hs@meganet.nl>] PR#1249
*) PORT: ULTRIX appears to not have syslog.
[Lars Eilebrecht <Lars.Eilebrecht@unix-ag.org>]
*) PORT: Basic Gemini port (treat it like unixware212).
["Pavel Yakovlev (Paul McHacker)" <hac@tomcat.olly.ru>]
*) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
use USE_SHMGET_SCOREBOARD.
[Martin Kraemer]
*) Various improvements in detecting config file errors (missing closing
directives for <Directory>, <Files> etc. blocks, prohibiting global
server settings in <VirtualHost> blocks, flagging unhandled multiple
arguments to <Directory>, <Files> etc.)
[Martin Kraemer]
*) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
variable to provide this one to suexec'd CGIs, too.
[M.D.Parker <mdpc@netcom.com>] PR#1284
*) New support tool: src/support/split-logfile, a sample Perl script which
splits up a combined access log into separate files based on the
name of the virtual host (listed first in the log records by "%v").
[Ken Coar]
Changes with Apache 1.3b2 (there is no 1.3b1)
*) TestCompile was not passing $LIBS [Dean Gaudet]
*) Makefile.tmpl was not using $CFLAGS in the link phase.
[Martin Kraemer]
*) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
rudimentary memory debugger which can be used on live servers with
low impact -- it sets all allocated and freed memory bytes to 0xa5.
Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
and free() for each object. This is far more expensive and should
only be used for testing with tools such as Electric Fence and
Purify. See main/alloc.c for more details. [Dean Gaudet]
*) Configure uses a sh trap and didn't set its exitcode properly.
[Dean Gaudet] PR#1159
*) Yet another vhost revamp. Add the NameVirtualHost directive which
explicitly lists the ip:port pairs that are to be used for name-vhosts.
From a given ip:port, regardless what the Host: header is, you can
only reach the vhosts defined on that ip:port. The precedence of
vhosts was reversed to match other precedences in the config --
the earlier vhosts override the later vhosts. All vhost matching was
moved into http_vhost.[ch]. [Dean Gaudet]
*) ap_inline can be used to force inlining. GNUC __attribute__() can
be used for whatever reason is appropriate (i.e. format() warnings
for printf style functions). Both are enabled only with
gcc >= 2.7.x (so that we have fewer support issues with older
versions). [Dean Gaudet]
*) Fix support for Proxy Authentication (we were testing the response
status too early). [Marc Slemko]
*) CoreDumpDirectory directive directs where the core file is
written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
received. [Marc Slemko, Dean Gaudet]
*) PORT: Support for Atari MINT.
[Jan Paul Schmidt <Jan.P.Schmidt@mni.fh-giessen.de>]
*) When booting, apache will now detach itself from stdin, stdout,
and stderr. stderr will not be detached until after the config
files have been read so you will be able to see initial error
messages. After that all errors are logged in the error_log.
This makes it more convenient to start apache via rsh, ssh,
or crontabs. [Dean Gaudet] PR#523
*) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
Also removed the auto-generated link to www.apache.org that was the
source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
*) send_fb would not detect aborted connections in some situations.
[Dean Gaudet]
*) mod_include would use uninitialized data when parsing certain
expressions involving && and ||. [Brian Slesinsky] PR#1139
*) mod_imap should only handle GET methods. [Jay Bloodworth]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
*) mod_autoindex improperly counted &escapes; as more than one
character in the description. It also improperly truncated
descriptions that were exactly the maximum length.
[Martin Kraemer]
*) RedirectMatch was not properly escaping the result (PR#1155). Also
"RedirectMatch /advertiser/(.*) $1" is now permitted.
[Dean Gaudet]
*) mod_include now uses symbolic names to check for request success
and return HTTP errors, and correctly handles all types of
redirections (previously it only did temporary redirect correctly).
[Ken Coar, Roy Fielding]
*) mod_userdir was modifying r->finfo in cases where it wasn't setting
r->filename. Since those two are meant to be in sync with each other
this is a bug. ["Paul B. Henson" <henson@intranet.csupomona.edu>]
*) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
["Kaufman, Steven E" <Steven.Kaufman@unisys.com>]
*) Inetd mode (which is buggy) uses timeouts without having setup the
jmpbuffer. [Dean Gaudet] PR#1064
*) Work around problem under Linux where a child will start looping
reporting a select error over and over.
[Rick Franchuk <rickf@transpect.net>] PR#1107, 987, 588
*) Fixed error in proxy_util.c when looping through multiple host IP
addresses. [Lars Eilebrecht] PR#974
*) If BUFFERED_LOGS is defined then mod_log_config will do atomic
buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
bytes before writing, but it will never split a log entry across a
buffer boundary. [Dean Gaudet]
*) API: the short_score record has been split into two pieces, one which
the parent writes on, and one which the child writes on. As part of
this change the get_scoreboard_info() function was removed, and
scoreboard_image was exported. This change fixes a race condition
in file based scoreboard systems, and speeds up changes involving the
scoreboard in earlier 1.3 development. [Dean Gaudet]
*) API: New register_other_child() API (see http_main.h) which allows
modules to register children with the parent for maintenance. It
is disabled by defining NO_OTHER_CHILD. [Dean Gaudet]
*) API: New piped_log API (see http_log.h) which implements piped logs,
and will use register_other_child to implement reliable piped logs
when it is available. The reliable piped logs part can be disabled
by defining NO_RELIABLE_PIPED_LOGS. At the moment reliable piped
logs is only available on Unix. [Dean Gaudet]
*) API: set_last_modified() broken into set_last_modified(), set_etag(), and
meets_conditions(). This allows conditional HTTP selection to be
handled separately from the storing of the header fields, and provides
the ability for CGIs to set their own ETags for conditional checking.
[Ken Coar, Roy Fielding] PR#895
*) Changes to mod_log_config to allow naming of format strings.
Format nicknames are defined with "LogFormat fmt nickname", and can
be used with "LogFormat nickname" and "CustomLog logtarget nickname".
[Ken Coar]
*) New module, "mod_speling", which can help find files even when
the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
*) API: New function child_terminate() triggers the child process to
exit, while allowing the child finish what it needs to for the
current request first.
[Doug MacEachern, Alexei Kosut]
*) Windows now defaults to using full status reports with mod_status.
[Alexei Kosut] PR #1094
*) *Really* disable all mod_rewrite operations if the engine is off.
Some things (like RewriteMaps) were checked/performed even if they
weren't supposed to be. [Ken Coar] PR #991
*) Implement a new timer scheme which eliminates the need to call alarm() all
the time. Instead a counter in the scoreboard for each child is used to
show when the child has made forward progress. The parent samples this
counter every scoreboard maintenance cycle, and issues SIGALRM if no
progress has been made in the timeout period. This reduces the static
request best-case syscall count to 22 from 29. This scheme is only
used by systems with memory-based scoreboards. [Dean Gaudet]
*) The proxy now properly handles CONNECT requests which are sent
to proxy servers when using ProxyRemote. [Marc Slemko] PR#1024
*) A script called apachectl has been added to the support
directory. This script allows you to do things such as
"apachectl start" and "apachectl restart" from the command
line. [Marc Slemko]
*) Modules and core routines are now put into libraries, which
simplifies the link line tremendously (among other advantages).
[Paul Sutton]
*) Some of the MD5 names defined in Apache have been renamed to have
an `ap_' prefix to avoid conflicts with routines supplied by
external libraries. [Ken Coar]
*) Removal of mod_auth_msql.c from the distribution. There are many
other options for databases today. Rather than offer one option,
offer none at this time. mod_auth_msql and other SQL database
authentication modules can be found at the Apache Module Registry.
http://modules.apache.org/ It would be nice to offer a generic
mod_auth_sql option in the near future.
*) PORT: BeOS support added [Alexei Kosut]
*) Configure no longer accepts the -make option, since it creates
Makefile on the fly based on Makefile.tmpl and Configuration.
*) Apache now gracefully shuts down when it receives a SIGTERM, instead
of forcibly killing off all its processes and exiting without
cleaning up. [Alexei Kosut]
*) API: A new field in the request_rec, r->mtime, has been added to
avoid gratuitous parsing of date strings. It is intended to hold
the last-modified date of the resource (if applicable). An
update_mtime() routine has also been added to advance it if
appropriate. [Roy Fielding, Ken Coar]
*) SECURITY: If a htaccess file can not be read due to bad permissions,
deny access to the directory with a HTTP_FORBIDDEN. The previous
behavior was to ignore the htaccess file if it could not be read.
This change may make some setups with unreadable htaccess files
stop working. [Marc Slemko] PR#817
*) Add aplog_error() providing a mechanism to define levels of
verbosity to the server error logging. This addition also provides
the ability to log errors using syslogd. Error logging is configurable
on a per-server basis using the LogLevel directive. Conversion
of log_*() in progress. [Randy Terbush]
*) Further enhance aplog_error() to not log filename, line number, and
errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
*) WIN32: Canonicalise filenames under Win32. Short filenames are
converted to long ones. Backslashes are converted to forward
slashes. Case is converted to lower. Parts of URLs that do not
correspond to files are left completely alone. [Ben Laurie]
*) PORT: 2 new OSs added to the list of ports:
Encore's UMAX V: Arieh Markel <amarkel@encore.com>
Acorn RISCiX: Stephen Borrill <sborrill@xemplar.co.uk>
*) Add the server version (SERVER_VERSION macro) to the "server
configured and running" entry in the error_log. Also build an
object file at link-time that contains the current time
(SERVER_BUILT global const char[]), and include that in the
message. [Ken Coar]
*) Set r->headers_out when sending responses from the proxy.
This fixes things such as the logging of headers sent from
the proxy. [Marc Slemko] PR#659
*) support/httpd_monitor is no longer distributed because the
scoreboard should not be file based if at all possible. Use
mod_status to see current server snapshot.
*) (set_file_slot): New function, allowing auth directives to be
independent of the server root, so the server documents can be
moved to a different directory or machine more easily.
[David J. MacKenzie]
*) If no TransferLog is given explicitly, decline
to log. This supports coexistence with other logging modules,
such as the custom one that UUNET uses. [David J. MacKenzie]
*) Check for titles in server-parsed HTML files.
Ignore leading newlines and returns in titles. The old behavior
of replacing a newline after <title> with a space causes the
title to be misaligned in the listing. [David J. MacKenzie]
*) Change mod_cern_meta to be configurable on a per-directory basis.
[David J. MacKenzie]
*) Add 'Include' directive to allow inclusion of configuration
files within configuration files. [Randy Terbush]
*) Proxy errors on connect() are logged to the error_log (nothing
new); now they include the IP address and port that failed
(*that's* new). [Ken Coar, Marc Slemko] PR#352
*) Various architectures now define USE_MMAP_FILES which causes
the server to use mmap() for static files. There are two
compile-time tunables MMAP_THRESHOLD (minimum number of bytes
required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
number of bytes written in one cycle from a single mmap()d object,
default 32768). [Dean Gaudet]
*) API: Added post_read_request API phase which is run right after reading
the request from a client, or right after an internal redirect. It is
useful for modules setting environment variables that depend only on
the headers/contents of the request. It does not run during subrequests
because subrequests inherit pretty much everything from the main
request. [Dean Gaudet]
*) Added mod_unique_id which is used to generate a unique identifier for
each hit, available in the environment variable UNIQUE_ID.
[Dean Gaudet]
*) init_modules is now called after the error logs have been opened. This
allows modules to emit information messages into the error logs.
[Dean Gaudet]
*) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
information for case where proxy module is not available. [Marc Slemko]
*) PORT: Apache has need for mutexes to serialize its children around
accept. In prior versions either fcntl file locking or flock file
locking were used. The method is chosen by the definition of
USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
and FLOCK for flock(). New options have been added:
- SYSVSEM to use System V style semaphores
- PTHREAD to use POSIX threads (appears to work on Solaris only)
- USLOCK to use IRIX uslock
Based on timing various techniques, the following changes were made
to the defaults:
- Linux 2.x uses flock instead of fcntl
- Solaris 2.x uses pthreads
- IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
[Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec@vtcom.fr>,
Martijn Koster <m.koster@pobox.com>]
*) PORT: The semantics of accept/select make it very desirable to use
mutexes to serialize accept when multiple Listens are in use. But
in the case where only a single socket is open it is sometimes
redundant to serialize accept(). Not all unixes do a good job with
potentially dozens of children blocked on accept() on the same
socket. It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
the server will avoid serialization when listening on only one socket,
and use serialization when listening on multiple sockets.
[Dean Gaudet] PR#467
*) Configure changes: TestLib replaced by TestCompile, which has
some additional capability (such as doing a sanity check of
the compiler and flags selected); the version of Solaris is now
available via the #define value of SOLARIS2; IRIX n32bit libs
now supported and selectable by new Configuration Rule: IRIXN32;
We no longer default to -O2 optimization. [Jim Jagielski]
*) Updated Configure: Configuration now uses AddModule to specify
module source or binary file location, relative to src directory.
Modules can be dropped into modules/extra, or in their own
directory, and modules can come with a Makefile or Configure can
create one. Modules can add compiler or library information to
generated Makefiles. [Paul Sutton]
*) Source core re-organisation: distributed modules are now in
modules/standard. All other source code is in main. OS-specific
code is in os/{unix,emx,win32} directories. [Paul Sutton]
*) mod_browser has been removed, since it's replaced by mod_setenvif.
[Ken Coar]
*) Fix another long-standing bug in sub_req_lookup_file where it would
happily skip past access checks on subdirectories looked up with
relative paths. (It's used by mod_dir, mod_negotiation,
and mod_include.) [Dean Gaudet]
*) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
N is the number of <Directory> sections, and M is the number of
components in the filename of an object.
To achieve this optimization the following config changes were made:
- Wildcards (* and ?, not the regex forms) in <Directory>s,
<Files>s, and <Location>s now treat a slash as a special
character. For example "/home/*/public_html" previously would
match "/home/a/andrew/public_html", now it only matches things
like "/home/bob/public_html". This mimics /bin/sh behaviour.
- It's possible now to use [] wildcarding in <Directory>, <Files>
or <Location>.
- Regex <Directory>s are applied after all non-regex <Directory>s.
[Dean Gaudet]
*) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
and corrupted paths. [Dean Gaudet]
*) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
First the grouped parts of RewriteRule pattern matches (parenthesis!) can
be accessed now via backreferences $1..$9 in RewriteConds test-against
strings in addition to RewriteRules subst string. Second the grouped
parts of RewriteCond pattern matches (parenthesis!) can be accessed now
via backreferences %1..%9 both in following RewriteCond test-against
strings and RewriteRules subst string. This provides maximum flexibility
through the use of backreferences.
Additionally the rewriting engine was cleaned up by putting common
code to the new expand_backrefs_inbuffer() function.
[Ralf S. Engelschall]
*) When merging the main server's <Directory> and <Location> sections into
a vhost, put the main server's first and the vhost's second. Otherwise
the vhost can't override the main server. [Dean Gaudet] PR#717
*) The <Directory> code would merge and re-merge the same section after
a match was found, possibly causing problems with some modules.
[Dean Gaudet]
*) ip-based vhosts are stored and queried using a hashing function, which
has been shown to improve performance on servers with many ip-vhosts.
Some other changes had to be made to accommodate this:
- the * address for vhosts now behaves like _default_
- the matching process now is:
- match an ip-vhost directly via hash (possibly matches main
server)
- if that fails, just pretend it matched the main server
- if so far only the main server has been matched, perform
name-based lookups (ServerName, ServerAlias, ServerPath)
*only on name-based vhosts*
- if they fail, look for _default_ vhosts
[Dean Gaudet, Dave Hankins <dhankins@sugarat.net>]
*) dbmmanage overhaul:
- merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new
- tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
- provide better seed for rand
- prompt for password as per getpass(3) (turn off echo, read from
/dev/tty, etc.)
- use "newstyle" crypt based on $Config{osname} ($^O)
- will not add a user if already in database, use new `update' command
instead
- added `check' command to check a users' password
- added `import' command to convert existing password text-files or
dbm files exported with `view'
- more descriptive usage, general cleanup, 'use strict' clean, etc.
[Doug MacEachern]
*) Added psocket() which is a pool form of socket(), various places within
the proxy weren't properly blocking alarms while registering the cleanup
for its sockets. bclose() now uses pclose() and pclosesocket(). There
was a bug where the client socket was being close()d twice due a still
registered cleanup. [Dean Gaudet]
*) A few cleanups were made to reduce time(), getpid(), and signal() calls.
[Dean Gaudet]
*) PORT: AIX >= 4.2 requires -lm due to libc changes.
[Jason Venner <jason@idiom.com>] PR#667
*) Enable ``=""'' for RewriteCond directives to match against
the empty string. This is the preferred way instead of ``^$''.
[Ralf S. Engelschall]
*) Fixed an infinite loop in mod_imap for references above the server root
[Dean Gaudet] PR#748
*) mod_proxy now has a ReceiveBufferSize directive, similar to
SendBufferSize, so that the TCP window can be set appropriately
for LFNs. [Phillip A. Prindeville]
*) mod_browser has been replaced by the more general mod_setenvif
(courtesy of Paul Sutton). BrowserMatch* directives are still
available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
UnSetEnvIfZero directives. [Ken Coar]
*) "HostnameLookups double" forces double-reverse DNS to succeed in
order for remote_host to be set (for logging, or for the env var
REMOTE_HOST). The old define MAXIMUM_DNS has been deprecated.
[Dean Gaudet]
*) mod_access overhaul:
- Now understands network/netmask syntax (i.e. 10.1.0.0/255.255.0.0)
and cidr syntax (i.e. 10.1.0.0/16). PR#762
- Critical path was sped up by pre-computing a few things at config time.
- The undocumented syntax "allow user-agents" was removed,
the replacement is "allow from env=foobar" combined with mod_browser.
- When used with hostnames it now forces a double-reverse lookup
no matter what the directory settings are. This double-reverse
doesn't affect any of the other routines that use the remote
hostname. In particular it's still passed to CGIs and the log
without the double-reverse check. Related PR#860.
[Dean Gaudet]
*) When a large bwrite() occurs (larger than the internal buffer size),
while there is already something in the buffer, apache will combine
the large write and the buffer into a single writev(). (This is
in anticipation of using mmap() for reading files.)
[Dean Gaudet]
*) In obscure cases where a partial socket write occurred while chunking,
Apache would omit the chunk header/footer on the next block. Cleaned
up other bugs/inconsistencies in error conditions in buff.c. Fixed
a bug where a long pause in DNS lookups could cause the last packet
of a response to be unduly delayed. [Roy Fielding, Dean Gaudet]
*) API: Added child_exit function to module structure. This is called
once per "heavy-weight process" just before a server child exit()'s
e.g. when max_requests_per_child is reached, etc.
[Doug MacEachern, Dean Gaudet]
*) mod_include cleanup showed that handle_else was being used to handle
endif. It didn't cause problems, but it was cleaned up too.
[Howard Fear]
*) mod_cern_meta would attempt to find meta files for the directory itself
in some cases, but not in others. It now avoids it in all cases.
[Dean Gaudet]
*) mod_mime_magic would core dump if there was a decompression error.
[Martin Kraemer <Martin.Kraemer@mch.sni.de>] PR#904
*) PORT: some variants of DGUX require -lsocket -lnsl
[Alexander L Jones <alex@systems-options.co.uk>] PR#732
*) mod_autoindex now allows sorting of FancyIndexed directory listings
by the various fields (name, size, et cetera), either in ascending
or descending order. Just click on the column header. [Ken Coar]
*) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
CPUs like the Alpha. Apache still stores ints in pointers, but that's
the relatively safe direction. [Dean Gaudet] PR#344
*) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
[Igor N Kovalenko <infoh@mail.wplus.net>] PR#683
*) child_main avoids an unneeded call to select() when there is only one
listening socket. [Dean Gaudet]
*) In the event that the server is starved for idle servers it will
spawn 1, then 2, then 4, ..., then 32 servers each second,
doubling each second. It'll also give a warning in the errorlog
since the most common reason for this is a poor StartServers
setting. The define MAX_SPAWN_RATE can be used to raise/lower
the maximum. [Dean Gaudet]
*) Apache now provides an effectively unbuffered connection for
CGI scripts. This means that data will be sent to the client
as soon as the CGI pauses or stops output; previously, Apache would
buffer the output up to a fixed buffer size before sending, which
could result in the user viewing an empty page until the CGI finished
or output a complete buffer. It is no longer necessary to use an
"nph-" CGI to get unbuffered output. Given that most CGIs are written
in a language that by default does buffering (e.g. perl) this
shouldn't have a detrimental effect on performance.
"nph-" CGIs, which formerly provided a direct socket to the client
without any server post-processing, were not fully compatible with
HTTP/1.1 or SSL support. As such they would have had to implement
the transport details, such as encryption or chunking, in order
to work properly in certain situations. Now, the only difference
between nph and non-nph scripts is "non-parsed headers".
[Dean Gaudet, Sameer Parekh, Roy Fielding]
*) If a BUFF is switched from buffered to unbuffered reading the first
bread() will return whatever remained in the buffer prior to the
switch. [Dean Gaudet]
Changes with Apache 1.3a1
*) Added another Configure helper script: TestLib. It determines
if a specified library exists. [Jim Jagielski]
*) PORT: Allow for use of n32bit libraries under IRIX 6.x
[derived from patch from Jeff Hayes <jhayes@aw.sgi.com>]
PR#721
*) PORT: Some architectures use size_t for various lengths in network
functions such as accept(), and getsockname(). The definition
NET_SIZE_T is used to control this. [Dean Gaudet]
*) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
and -lcrypt. Test for various db libraries (dbm, ndbm, db) when
mod_auth_dbm or mod_auth_db are included. [Dean Gaudet]
*) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
[Igor N Kovalenko <infoh@mail.wplus.net>]
*) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
"downgrade-1.0" which causes Apache to pretend it received a 1.0.
[Dean Gaudet] related PR#875
*) API: Correct child_init() slot declaration from int to void, to
match the init() declaration. Update mod_example to use the new
hook. [Ken Coar]
*) added transport handle slot (t_handle) to the BUFF structure
[Doug MacEachern]
*) get_client_block() returns wrong length if policy is
REQUEST_CHUNKED_DECHUNK.
[Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
*) Support the image map format of FrontPage. For example:
rect /url.hrm 10 20 30 40
["Chris O'Byrne" <obyrne@iol.ie>] PR#807
*) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
["Darren O'Shaughnessy" <darren@aaii.oz.au>] PR#846
*) AddModuleInfo directive for mod_info which allows you to annotate
the output of mod_info. ["Lou D. Langholtz" <ldl@usi.utah.edu>]
*) Added NoProxy directive to avoid using ProxyRemote for selected
addresses. Added ProxyDomain directive to cause unqualified
names to be qualified by redirection.
[Martin Kraemer <Martin.Kraemer@mch.sni.de>]
*) Support Proxy Authentication, and don't pass the Proxy-Authorize
header to the remote host in the proxy. [Sameer Parekh and
Wallace]
*) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
URLs, fixed rewritelog(), fixed forced response code handling on
redirects from within .htaccess files, disabled pipe locking under
braindead SunOS 4.1.x, allow env variables to be set even on rules with
no substitution, bugfixed situations where HostnameLookups is off, made
mod_rewrite more thread-safe for NT port and fixed problem when creating
an empty query string via "xxx?".
This update also removes the copyright of Ralf S. Engelschall,
i.e. now mod_rewrite no longer has a shared copyright. Instead is is
exclusively copyrighted by the Apache Group now. This happened because
the author now has gifted mod_rewrite exclusively to the Apache Group and
no longer maintains an external version.
[Ralf S. Engelschall]
*) API: Added child_init function to module structure. This is called
once per "heavy-weight process" before any requests are handled.
See http_config.h for more details. [Dean Gaudet]
*) Anonymous_LogEmail was logging on each subrequest.
[Dean Gaudet] PR#421, 868
*) API: Added is_initial_req() which tests if the request being
processed is the initial request, or a subrequest.
[Doug MacEachern]
*) Extended SSI (mod_include) now handles additional relops for
string comparisons (<, >, <=, and >=). [Bruno Wolff III] PR#41
*) Configure fixed to correctly propagate user-selected options and
settings (such as CC and OPTIM) to Makefiles other than
src/Makefile (notably support/Makefile). [Ken Coar] PR#666, #834
*) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
directory indices to start with the contents of the HeaderName file
if there is one. If there isn't one, the behaviour is unchanged.
[Ken Coar, Roy Fielding, Andrey A. Chernov]
*) WIN32: Modules can now be dynamically loaded DLLs using the
LoadModule/LoadFile directives. Note that module DLLs must be
compiled with the multithreaded DLL version of the runtime library.
[Alexei Kosut and Ben Laurie]
*) Automatic indexing removed from mod_dir and placed into mod_autoindex.
This allows the admin to completely remove automatic indexing
from the server, while still supporting the basic functions of
trailing-slash redirects and DirectoryIndex files. Note that if
you're carrying over an old Configuration file and you use directory
indexing then you'll want to add:
Module autoindex_module mod_autoindex.o
before mod_dir in your Configuration. [Dean Gaudet]
*) popendir/pclosedir created to properly protect directory scanning.
[Dean Gaudet] PR#525
*) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
[Alexei Kosut]
*) The AccessFileName directive can now take more than one filename.
["Lou D. Langholtz" <ldl@usi.utah.edu>]
*) The new mod_mime_magic can be used to "magically" determine the type
of a file if the extension is unknown. Based on the unix file(1)
command. [Ian Kluft <ikluft@cisco.com>]
*) We now determine and display the time spent processing a
request if desired. [Jim Jagielski]
*) mod_status: PID field of "dead" child slots no longer displays
main httpd process's PID. [Jim Jagielski]
*) Makefile.nt added - to build all the bits from the command line:
nmake -f Makefile.nt
Doesn't yet work properly. [Ben Laurie]
*) Default text of 404 error is now "Not Found" rather than the
potentially misleading "File Not Found". [Ken Coar]
*) CONFIG: "HostnameLookups" now defaults to off because it is far better
for the net if we require people that actually need this data to
enable it. [Linus Torvalds]
*) directory_walk() is an expensive function, keep a little more state to
avoid needless string counting. Add two new functions make_dirstr_parent
and make_dirstr_prefix which replace all existing uses of make_dirstr.
The new functions are a little less general than make_dirstr, but
work more efficiently (less memory, less string counting).
[Dean Gaudet]
*) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
to LDFLAGS) to avoid complications with lex rules in make files.
[Dean Gaudet] PR#372
*) run_method optimized to avoid needless scanning over NULLs in the
module list. [Dean Gaudet]
*) Revamp of (unix) scoreboard management code such that it avoids
unnecessary traversals of the scoreboard on each hit. This is
particularly important for high volume sites with a large
HARD_SERVER_LIMIT. Some of the previous operations were O(n^2),
and are now O(n). See also SCOREBOARD_MAINTENANCE_INTERVAL in
httpd.h. [Dean Gaudet]
*) In configurations using multiple Listen statements it was possible for
busy sockets to starve other sockets of service. [Dean Gaudet]
*) Added hook so standalone_main can be replaced at compile time
(define STANDALONE_MAIN)
[Doug MacEachern]
*) Lowest-level read/write functions in buff.c will be replaced with
the SFIO library calls sfread/sfwrite if B_SFIO is defined at
compile time. The default sfio discipline will behave as apache
would without sfio compiled in.
[Doug MacEachern]
*) Enhance UserDir directive (mod_userdir) to accept a list of
usernames for the 'disable' keyword, and add 'enable user...' to
selectively *en*able userdirs if they're globally disabled.
[Ken Coar]
*) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
will work with Netscape dbm files. (dbmmanage will probably not
work however.) [Alexander Spohr <aspohr@netmatic.com>] PR#444
*) Add a ListenBacklog directive to control the backlog parameter
passed to listen(). Also change the default to 511 from 512.
[Marc Slemko]
*) API: A new handler response DONE which informs apache that the
request has been handled and it can finish off quickly, similar to
how it handles errors. [Rob Hartill]
*) Turn off chunked encoding after sending terminating chunk/footer
so that we can't do it twice by accident. [Roy Fielding]
*) mod_expire also issues Cache-Control: max-age headers.
[Rob Hartill]
*) API: Added kill_only_once option for free_proc_chain so that it won't
aggressively try to kill off specific children. For fastcgi.
[Stanley Gambarin <gambarin@OpenMarket.com>]
*) mod_auth deals with extra ':' delimited fields. [Marc Slemko]
*) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
When used together, these cause mod_dir to emit HEIGHT and WIDTH
attributes in the FancyIndexing IMG tags. [Ken Coar]
*) PORT: Sequent and SONY NEWS-OS support added. [Jim Jagielski]
*) PORT: Added Windows NT support
[Ben Laurie and Ambarish Malpani <ambarish@valicert.com>]
Changes with Apache 1.2.6
*) mod_include when using XBitHack Full would send ETags in addition to
sending Last-Modifieds. This is incorrect HTTP/1.1 behaviour.
[Dean Gaudet] PR#1133
*) SECURITY: When a client connects to a particular port/addr, and
gives a Host: header ensure that the virtual host requested can
actually be reached via that port/addr. [Ed Korthof <ed@organic.com>]
*) Support virtual hosts with wildcard port and/or multiple ports
properly. [Ed Korthof <ed@organic.com>]
*) Fixed some case-sensitivity issues according to RFC2068.
[Dean Gaudet]
*) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
and mod_include.c. [Dean Gaudet]
*) Variable 'cwd' was being used pointlessly before being set.
[Ken Coar] PR#1738
*) SIGURG doesn't exist on all platforms.
[Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
*) When an error occurs during a POST, or other operation with a
request body, the body has to be read from the net before allowing
a keepalive session to continue. [Roy Fielding] PR#1399
*) When an error occurs in fcntl() locking suggest the user look up
the docs for LockFile. [Dean Gaudet]
*) table_set() and table_unset() did not deal correctly with
multiple occurrences of the same key. [Stephen Scheck
<sscheck@infonex.net>, Ben Laurie] PR#1604
*) send_fd_length() did not calculate total_bytes_sent properly in error
cases. [Ben Reser <breser@regnow.com>] PR#1366
*) r->connection->user was allocated in the wrong pool causing corruption
in some cases when used with mod_cern_meta. [Dean Gaudet] PR#1500
*) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
Also removed the auto-generated link to www.apache.org that was the
source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
*) Multiple "close" tokens may have been set in the "Connection"
header, not an error, but a waste.
[Ronald.Tschalaer@psi.ch] PR#1683
*) "basic" and "digest" auth tokens should be tested case-insensitive.
[Ronald.Tschalaer@psi.ch] PR#1599, PR#1666
*) It appears the "257th byte" bug (see
htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
at the 256th byte as well. Fixed. [Dean Gaudet]
*) mod_rewrite would not handle %3f properly in some situations.
[Ralf Engelschall]
*) Apache could generate improperly chunked HTTP/1.1 responses when
the bputc() or rputc() functions were used by modules (such as
mod_include). [Dean Gaudet]
*) #ifdef wrap a few #defines in httpd.h to make life easier on
some ports. [Ralf Engelschall]
*) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
*) Quote CC='$(CC)' to improve recurse make calls. [Martin Kraemer]
*) Avoid B_ERROR redeclaration on sysvr4 systems. [Martin Kraemer]
Changes with Apache 1.2.5
*) SECURITY: Fix a possible buffer overflow in logresolve. This is
only an issue on systems without a MAXDNAME define or where
the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
*) Fix an improper length in an ap_snprintf call in proxy_date_canon().
[Marc Slemko]
*) Fix core dump in the ftp proxy when reading incorrectly formatted
directory listings. [Marc Slemko]
*) SECURITY: Fix possible minor buffer overflow in the proxy cache.
[Marc Slemko]
*) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
is used to read various types of files such as htaccess and
htpasswd files. [Marc Slemko]
*) SECURITY: Ensure that the buffer returned by ht_time is always
properly null terminated. [Marc Slemko]
*) SECURITY: General mod_include cleanup, including fixing several
possible buffer overflows and a possible infinite loop. This cleanup
was done against 1.3 code and then backported to 1.2, the result
is a large difference (due to indentation cleanup in 1.3 code).
Users interested in seeing a smaller set of relevant differences
should consider comparing against src/modules/standard/mod_include.c
from the 1.3b3 release. Non-indentation changes to mod_include
between 1.2 and 1.3 were minimal. [Dean Gaudet, Marc Slemko]
*) SECURITY: Numerous changes to mod_imap in a general cleanup
including fixing a possible buffer overflow. This cleanup also
was done with 1.3 code as a basis, see the the previous note
about mod_include. [Dean Gaudet]
*) SECURITY: If a htaccess file can not be read due to bad
permissions, deny access to the directory with a HTTP_FORBIDDEN.
The previous behavior was to ignore the htaccess file if it could not
be read. This change may make some setups with unreadable
htaccess files stop working. PR#817 [Marc Slemko]
*) SECURITY: no2slash() was O(n^2) in the length of the input.
Make it O(n). This inefficiency could be used to mount a denial
of service attack against the Apache server. Thanks to
Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for reporting
this. [Dean Gaudet]
*) mod_include used uninitialized data for some uses of && and ||.
[Brian Slesinsky <bslesins@wired.com>] PR#1139
*) mod_imap should decline all non-GET methods.
[Jay Bloodworth <jay@pathways.sde.state.sc.us>]
*) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
*) mod_userdir was modifying r->finfo in cases where it wasn't setting
r->filename. Since those two are meant to be in sync with each other
this is a bug. ["Paul B. Henson" <henson@intranet.csupomona.edu>]
*) mod_include did not properly handle all possible redirects from sub-
requests. [Ken Coar]
*) Inetd mode (which is buggy) uses timeouts without having setup the
jmpbuffer. [Dean Gaudet] PR#1064
*) Work around problem under Linux where a child will start looping
reporting a select error over and over.
[Rick Franchuk <rickf@transpect.net>] PR#1107
Changes with Apache 1.2.4
*) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
always making requests with the full-URI instead of just the URI path.
[Marc Slemko, Roy Fielding]
*) Add -lm for AIX versions >= 4.2 to allow Apache to link properly
on this platform. [Marc Slemko]
Changes with Apache 1.2.3
*) The request to a remote proxy was mangled if it was generated as the
result of a ProxyPass directive. URL schemes other than http:// were not
supported when ProxyRemote was used. PR#260, PR#656, PR#699, PR#713,
PR#812 [Lars Eilebrecht]
*) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
information for case where proxy module is not available. [Marc Slemko]
*) Force proxy to always respond as HTTP/1.0, which it was failing to
do for errors and cached responses. [Roy Fielding]
*) PORT: Improved support for ConvexOS 11. [Jeff Venters]
Changes with Apache 1.2.2 [not released]
*) Fixed another long-standing bug in sub_req_lookup_file where it would
happily skip past access checks on subdirectories looked up with relative
paths. (It's used by mod_dir, mod_negotiation, and mod_include.)
[Dean Gaudet]
*) Add lockfile name to error message printed out when
USE_FLOCK_SERIALIZED_ACCEPT is defined.
[Marc Slemko]
*) Enhanced the chunking and error handling inside the buffer functions.
[Dean Gaudet, Roy Fielding]
*) When merging the main server's <Directory> and <Location> sections into
a vhost, put the main server's first and the vhost's second. Otherwise
the vhost can't override the main server. [Dean Gaudet] PR#717
*) The <Directory> code would merge and re-merge the same section after
a match was found, possibly causing problems with some modules.
[Dean Gaudet]
*) Fixed an infinite loop in mod_imap for references above the server root.
[Dean Gaudet] PR#748
*) mod_include cleanup showed that handle_else was being used to handle
endif. It didn't cause problems, but it was cleaned up too.
[Howard Fear]
*) Last official synchronization of mod_rewrite with author version (because
mod_rewrite is now directly developed by the author at the Apache Group):
o added diff between mod_rewrite 3.0.6+ and 3.0.9
minus WIN32/NT stuff, but plus copyright removement.
In detail:
- workaround for detecting infinite rewriting loops
- fixed setting of env vars when "-" is used as subst string
- fixed forced response code on redirects (PR#777)
- fixed cases where r->args is ""
- kludge to disable locking on pipes under braindead SunOS
- fix for rewritelog in cases where remote hostname is unknown
- fixed totally damaged request_rec walk-back loop
o remove static from local data and add static to global ones.
o replaced ugly proxy finding stuff by simple
find_linked_module("mod_proxy") call.
o added missing negation char on rewritelog()
o fixed a few comment typos
[Ralf S. Engelschall]
*) Anonymous_LogEmail was logging on each subrequest.
[Dean Gaudet] PR#421, PR#868
*) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
"downgrade-1.0" which causes Apache to pretend it received a 1.0.
Additionally mod_browser now triggers during translate_name to workaround
a deficiency in the header_parse phase.
[Dean Gaudet] PR#875
*) get_client_block() returns wrong length if policy is
REQUEST_CHUNKED_DECHUNK.
[Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
*) Properly treat <files> container like other containers in mod_info.
[Marc Slemko] PR#848
*) The proxy didn't treat the "Host:" keyword of the host header as case-
insensitive. The proxy would corrupt the first line of a response from
an HTTP/0.9 server. [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#813,814
*) mod_include would log some bogus values occasionally.
[Skip Montanaro <skip@calendar.com>, Marc Slemko] PR#797
*) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP
under Solaris 2.x (up through 2.5.1). It has been fixed.