Skip to content
CHANGES 668 KiB
Newer Older
  *) Fix a bug where 416 "Range not satisfiable" was being
     returned for content that should have been redirected.
     [Greg Ames]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix memory leak in mod_ssl from internal SSL library allocations
     within SSL_get_peer_certificate and X509_get_pubkey.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Zvi Har'El <rl math.technion.ac.il>
      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) mod_ssl uses free() inappropriately in several places, to free
     memory which has been previously allocated inside OpenSSL.
     Such memory should be freed with OPENSSL_free(), not with free().
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Nadav Har'El <nyh math.technion.ac.il>,
      Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
  *) Emit a message to the error log when we return 404 because
     the URI contained '%2f'.  (This was previously nastily silent
     and difficult to debug.)  [Ken Coar]

  *) Fix streaming output from an nph- CGI script.  CGI:IRC now
     works.  PR 8482  [Jeff Trawick]

  *) More accurate logging of bytes sent in mod_logio when
     the client terminates the connection before the response
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     is completely sent  [Bojan Smojver <bojan rexursive.com>]
  *) Fix some problems in the perchild MPM.  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jonas Eriksson <jonas webkonsulterna.com>]
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Change the CacheRoot processing to check for a required
     value at config time. This saves a lot of wasted processing
     if the mod_disk_cache module is loaded but no CacheRoot
     was provided. This fix also adds code to log an error
     and avoid useless pallocs and procesing when the computed
     cache file name cannot be opened. This also updates the
     docs accordingly.  [Paul J. Reder]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce the EnableSendfile directive, allowing users of NFS 
     shares to disable sendfile mechanics when they either fail
     outright or provide intermitantly corrupted data.  PR 
     [William Rowe]

  *) Resolve the error "An operation was attempted on something 
     that is not a socket.  : winnt_accept: AcceptEx failed. 
     Attempting to recover." for users of various firewall and
     anti-virus software on Windows.  PR 8325  [William Rowe]

  *) Add the ProxyBadHeader directive, which gives the admin some
     control on how mod_proxy should handle bogus HTTP headers from
     proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
     desired. [Jim Jagielski]

  *) Change the LDAP modules to export their symbols correctly
     during a Windows build. Add dsp files for Windows. Update
     README.ldap file for Windows build instructions.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Andre Schild <A.Schild aarboard.ch>]
  *) Performance improvements for the code that generates HTTP
     response headers  [Brian Pane]

  *) Add -S as a synonym for -t -DDUMP_VHOSTS.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Thom May <thom planetarytramp.net>]
  *) Fix a bug with dbm rewrite maps which caused the wrong value to
     be used when the key was not found in the dbm.  PR 13204
     [Jeff Trawick]

  *) Fix a problem with streaming script output and mod_cgid.
     [Jeff Trawick]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Add ap_register_provider/ap_lookup_provider API.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [John K. Sterling <john sterls.com>, Justin Erenkrantz]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

Changes with Apache 2.0.43

Joe Orton's avatar
Joe Orton committed
  *) SECURITY: CVE-2002-0840 (cve.mitre.org)
     HTML-escape the address produced by ap_server_signature() against
     this cross-site scripting vulnerability exposed by the directive
     'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME
     environment variable for CGI and SSI requests.  It's safe to
     escape as only the '<', '>', and '&' characters are affected,
     which won't appear in a valid hostname.  Reported by Matthew
     Murphy <mattmurphy kc.rr.com>.  [Brian Pane]
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix a core dump in mod_cache when it attemtped to store uncopyable
     buckets. This happened, for instance, when a file to be cached
     contained SSI tags to execute a CGI script (passed as a pipe
     bucket). [Paul J. Reder]

  *) Ensure that output already available is flushed to the network
     when the content-length filter realizes that no new output will
     be available for a while.  This helps some streaming CGIs as
     well as some other dynamically-generated content.  [Jeff Trawick]

  *) Fix a mutex problem in mod_ssl session cache support which
     could lead to an infinite loop.  PR 12705  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
Joe Orton's avatar
Joe Orton committed
  *) SECURITY: CVE-2002-1156 (cve.mitre.org)
     Fix the exposure of CGI source when a POST request is sent to 
     a location where both DAV and CGI are enabled. [Ryan Bloom]
  *) Allow the UserDir directive to accept a list of directories.
     This matches what Apache 1.3 does.  Also add documentation for
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     this feature. [Jay Ball <jay veggiespam.com>]
Ian Holsman's avatar
Ian Holsman committed
  *) New Module: mod_logio. adds the ability to log bytes sent and
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     received. [Bojan Smojver <bojan rexursive.com>]
  *) SuExec needs to use the same default directory as the rest of
     server, namely /usr/local/apache2.  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [SangBeom han <sbhan os.korea.ac.kr>]
  *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
  *) Make sure the contents of the WWW-Authenticate header is
     passed on a 4xx error by proxy. Previously all headers
     were dropped, resulting in the browser being unable to
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
     Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
     <gwiseman fscinternet.com>, David Henderson
     <dhenderson fscinternet.com>]
  *) Make mod_cache's CacheMaxStreamingBuffer directive work
     properly for virtual hosts that override server-wide mod_cache
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     setttings.  [Matthieu Estrade <estrade-m ifrance.com>]
  *) Add -p option to apxs to allow programs to be compiled with apxs.
     [Justin Erenkrantz]

Sander Striker's avatar
Sander Striker committed
Changes with Apache 2.0.42

  *) SECURITY: CVE-2002-1593 (cve.mitre.org) [CERT VU#406121]
Joe Orton's avatar
Joe Orton committed
     mod_dav: Check for versioning hooks before using them.
Sander Striker's avatar
Sander Striker committed
     [Greg Stein]
Sander Striker's avatar
Sander Striker committed
Changes with Apache 2.0.41
  *) The protocol version (eg: HTTP/1.1) in the request line parsing
     is now case insensitive. [Jim Jagielski]

  *) Allow AddOutputFilterByType to add multiple filters per directive.
     [Justin Erenkrantz]

  *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]

  *) Fixed mod_disk_cache's generation of 304s
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
  *) Add support for using fnmatch patterns in the final path
     segment of an Include statement (eg.. include /foo/bar/*.conf).
     and remove the noise on stderr during config dir processing.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Joe Orton <jorton redhat.com>]
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) mod_cache: cache_storage.c. Add the hostname and any request
     args to the key generated for caching. This provides a unique
     key for each virtual host and for each request with unique
     args. [Paul J. Reder, args code provided by Kris Verbeeck]

  *) mod_cache: Do not cache responses to GET requests with query
     URLs if the origin server does not explicitly provide an
     Expires header on the response (RFC 2616 Section 13.9)
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Kris Verbeeck <krisv be.ubizen.com>]
  *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]

  *) Update OpenSSL detection to work on Darwin.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Sander Temme <sctemme covalent.net>]
  *) Update the xslt and css to give the documentation a more
     modern style.
     [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
  *) Fix some bucket memory leaks in the chunking code
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Joe Schaefer <joe+apache sunstarsys.com>]
  *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]

  *) mod_cache: added support for caching streamed responses (proxy,
     CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]

  *) Add image/x-icon to httpd.conf PR 10993.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ian Holsman, Peter Bieringer <pb bieringer.de>]
  *) Fix FileETags none operation.  PR 12207.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
  *) Restored the experimental leader/followers MPM to working
     condition and converted its thread synchronization from
     mutexes to atomic CAS.  [Brian Pane]

  *) Fix Logic on non-html file removal in mod_deflate
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
Martin Kraemer's avatar
Martin Kraemer committed
  *) Fix "ab -g"'s truncated year: the last digit was cut off.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Leon Brocard <acme astray.com>]
  *) mod_rewrite can now sets cookies in err_headers, uses the correct
     expiry date, and can now set the path as well
     PR 12132,12181,12172.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
  *) The content-length filter no longer tries to buffer up
     the entire output of a long-running request before sending
     anything to the client.  [Brian Pane]

  *) Win32: Lower the default stack size from 1MB to 256K. This will
     allow around 8000 threads to be started per child process. 
     'EDITBIN /STACK:size apache.exe' can be used to change this 
     value directly in the apache.exe executable.
     [Bill Stoddard]

  *) Win32: Implement ThreadLimit directive in the Windows MPM.
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Remove CacheOn config directive since it is set but never checked.
     No sense wasting cycles on unused code. Besides, the only truly
     bug free code is deleted code. :)   [Paul J. Reder]

  *) BufferLogs are now run-time enabled, and the log_config now has 2 new
     callbacks to allow a 3rd party module to actually do the writing of the
     log file [Ian Holsman]

  *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
     [André Malo, Astrid Keßler <kess kess-net.de>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix a null pointer dereference in the merge_env_dir_configs
     function of the mod_env module. PR 11791
     [Paul J. Reder]

  *) New option to ServerTokens 'maj[or]'. Only show the major version
     Also Surfaced this directive in the standard config (default FULL)
     [Ian Holsman]

  *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
     maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
     RewriteMap directive.  PR 10644  [Jeff Trawick]
  *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
     pairs will no longer get out of sync with each other.  PR 9534
     [Cliff Woolley]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fixes required to get quoted and escaped command args working in
     mod_ext_filter. PR 11793 [Paul J. Reder]

  *) mod-proxy: handle proxied responses with no status lines
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
Ian Holsman's avatar
Ian Holsman committed

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix bug where environment or command line arguments containing 
     non-ASCII-7 characters would cause the Win32 child process creation
     to fail.  PR 11854  [William Rowe]

  *) Bug #11213.. make module loading error messages more informative 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ian Darwin <Ian779 darwinsys.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
Ian Holsman's avatar
Ian Holsman committed

Bill Stoddard's avatar
Bill Stoddard committed
  *) mod_disk_cache works much better. This module should still
     be considered experimental. [Eric Prud'hommeaux]
  *) Performance improvement for keepalive requests: when setting
     aside a small file for potential concatenation with the next
     response on the connection, set aside the file descriptor rather
     than copying the file into the heap.  [Brian Pane]
Roy T. Fielding's avatar
Roy T. Fielding committed
  *) Modified version check on openssl so that it finds the executable
     first and then performs a check of the version, only warning the
     user if they chose, or we selected, an old version of OpenSSL.
     This change also allows the code to work for non-openssl libraries
     selected via the --with-ssl=dir option, which can override the
     automated library check in any case.  [Roy Fielding]

Cliff Woolley's avatar
Cliff Woolley committed
Changes with Apache 2.0.40
  *) SECURITY: CVE-2002-0661 (cve.mitre.org) 
     Close a very significant security hole that 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     applies only to the Win32, OS2 and Netware platforms.  Unix was not 
     affected, Cygwin may be affected.  Certain URIs will bypass security
     and allow users to invoke or access any file depending on the system 
     configuration.  Without upgrading, a single .conf change will close 
     the vulnerability.  Add the following directive in the global server
     httpd.conf context before any other Alias or Redirect directives;
         RedirectMatch 400 "\\\.\."
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     Reported by Auriemma Luigi <bugtest sitoverde.com>.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Brad Nicholes]

  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
     Close a path-revealing exposure in multiview type
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     map negotiation (such as the default error documents) where the
     module would report the full path of the typemapped .var file when
     multiple documents or no documents could be served based on the mime
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) SECURITY: CVE-2002-0654 (cve.mitre.org)
     Close a path-revealing exposure in cgi/cgid when we 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     fail to invoke a script.  The modules would report "couldn't create 
     child process /path-to-script/script.pl" revealing the full path
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     of the script.  Reported by Jim Race <jrace qualys.com>.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Set aside the apr-iconv and apr_xlate() features for the Win32
     build of 2.0.40 so development can be completed.  A patch, from
     <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
     will be available for those that wish to work with apr-iconv.
     [William Rowe]

  *) Fix proxy so that it is possible to access ftp: URLs via a proxy
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
     set to 1, so we can exclude things from the general case with
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Accept multiple leading /'s for requests within the DocumentRoot.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 10946  [William Rowe, David Shane Holden <dpejesh yahoo.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Solved the reports of .pdf byterange failures on Win32 alone.
     APR's sendfile for the win32 platform collapses header and trailer
     buffers into a single buffer.  However, we destroyed the pointers
     to the header buffer if a trailer buffer was present.  PR 10781
     [William Rowe]

  *) mod_ext_filter: Add the ability to enable or disable a filter via
     an environment variable.  Add the ability to register a filter of
     type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]

  *) Restore the ability to specify host names on Listen directives.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 11030.  [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
  *) When deciding on the default address family for listening sockets, 
     make sure we can actually bind to an AF_INET6 socket before
     deciding that we should default to AF_INET6.  This fixes a startup
     problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]

  *) Replace usage of atol() to parse strings when we might want a
     larger-than-long value with apr_atoll(), which returns long long.
     This allows HTTPD to deal with larger files correctly.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Shantonu Sen <ssen apple.com>]
  *) mod_ext_filter: Ignore any content-type parameters when checking if
     the response should be filtered.  Previously, "intype=text/html"
     wouldn't match something like "text/html;charset=8859_1".
     [Jeff Trawick]

  *) mod_ext_filter: Set up environment variables for external programs.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Craig Sebenik <craig netapp.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Modified the HTTP_IN filter to immediately append the EOS (end of
     stream) bucket for C-L POST bodies, saving a roundtrip and allowing
     the caller to determine that no content remains without prefetching
     additional POST body.  [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Get proxy ftp to work over IPv6.  [Shoichi Sakane <sakane kame.net>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Look for OpenSSL libraries in /usr/lib64.  [Peter Poeml <poeml suse.de>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Update SuSE layout.  [Peter Poeml <poeml suse.de>]
  *) Changes to the internationalized error documents:
     Comment them out in the default config file to make the default
     install as simple as possible; Correct the english 500 error to
     be more understandable; Add a Swedish translation.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Thomas Sjogren <thomas northernsecurity.net>, 
      Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
  *) Increase the limit on file descriptors per process in apachectl.
     [Brian Pane]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix a dependency error when building ApacheMonitor, so that Win32
     and MSVC now trust that the project is current (when it is).
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [James Cox <imajes php.net>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) mod_ext_filter: don't segfault if content-type is not set.  PR 10617.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
Ian Holsman's avatar
Ian Holsman committed
  *) APR-Util Renames pending have been completed [Thom May]

  *) Performance improvements for the code that reads request
     headers (ap_rgetline_core() and related functions)  [Brian Pane]

  *) Add a new directive: MaxMemFree.  MaxMemFree makes it possible
     to configure the maximum amount of memory the allocators will
     hold on to for reuse.  Anything over the MaxMemFree threshold
Jeff Trawick's avatar
Jeff Trawick committed
     will be free()d.  This directive is useful when uncommon large
     peaks occur in memory usage.  It should _not_ be used to mask
     defective modules' memory use.  [Sander Striker]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

Cliff Woolley's avatar
Cliff Woolley committed
  *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
     scripts would not result in a truncated response.
     [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]

  *) Add a filter_init parameter to the filter registration functions
     so that a filter can execute arbitrary code before the handlers
     are invoked.  This resolves a problem where mod_include requests
     would incorrectly return a 304.  [Justin Erenkrantz]

  *) Fix a long-standing bug in 2.0, CGI scripts were being called
     with relative paths instead of absolute paths.  Apache 1.3 used
     absolute paths for everything except for SuExec, this brings back
     that standard.  [Ryan Bloom]

  *) Fix infinite loop due to two HTTP_IN filters being present for
     internally redirected requests.  PR 10146.  [Justin Erenkrantz]

  *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
     [Justin Erenkrantz]

  *) Fix mod_ext_filter to look in the main server for filter definitions
     when running in a vhost if the filter definition is not found in
     the vhost.  PR 10147  [Jeff Trawick]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Support WinNT CGI invocation through ScriptInterpreterSource 
     'registry' for script interpreter paths and names with non-ascii
     characters in the executable filepath.  [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Support the -w flag on to keep the Win32 console open on error.
     [William Rowe]

  *) Normalize the hostname value in the request_rec to all-lowercase
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Perry Harrington <pedward webcom.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     extended characters (non US-ASCII) in non-utf8 format.  This brings
     Win32 back into CGI/1.1 compliance, and leaves charset decoding up
     to the cgi application itself.  [William Rowe]

  *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
     modules to bring them up to the current apr/apr-util APIs.
     [William Rowe]

  *) Fix segfault in mod_mem_cache most frequently observed when
     serving the same file to multiple clients on an MP machine.
     [Bill Stoddard]
Cliff Woolley's avatar
Cliff Woolley committed

  *) mod_rewrite can now set cookies  (RewriteRule (.*) - [CO=name:$1:.domain])
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
  *) Fix perchild to work with apachectl by adding -k support to perchild.
     PR 10074  [Jeff Trawick]

  *) Fix a silly htpasswd.c logic error that incorrectly reported that
     both -c and -n had been used.  PR 9989  [Cliff Woolley]

  *) Fixed a mod_include error case in which no HTTP response was sent
     to the client if an shtml document contained an unterminated SSI
     directive [Brian Pane]

Cliff Woolley's avatar
Cliff Woolley committed
  *) Improve ap_get_client_block implementation by using APR-util brigade
     helper functions and relying on current filter assumptions.
     [Justin Erenkrantz]

Cliff Woolley's avatar
Cliff Woolley committed
Changes with Apache 2.0.39

  *) Fixed a build problem in htpasswd.c on Win32.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
Cliff Woolley's avatar
Cliff Woolley committed

Cliff Woolley's avatar
Cliff Woolley committed
Changes with Apache 2.0.38

  *) Rewrite htpasswd to use APR.  The removes the annoying warning about
     tmpnam being unsafe.   [Ryan Bloom]

  *) We must set the MIME-type for .shtml files to text/html if we want them
     to be parsed for SSI tags.  Add the config for that to the default 
     config file so that it is easier to enable .shtml parsing.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Dave Dyer <ddyer real-me.net>]
  *) Fixed a problem with 'make install' on ReliantUnix.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
  *) Make the default_handler catch all requests that aren't served by
     another handler.  This also gets us to return a 404 if a directory
     is requested, there is no DirectoryIndex, and mod_autoindex isn't
     loaded.  [Justin Erenkrantz]

  *) Fixed the handling of nested if-statements in shtml files.
     PR 9866  [Brian Pane]

  *) Allow 'make install DESTDIR=/path'.  This allows packagers to install
     into a directory different from the one that was configured.  This 
     also mirrors the root= feature from 1.3.  We cannot use prefix=,
     because both APR and APR-util resolve their installation paths at 
     configuration time.  This means that there is no variable prefix 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     to replace.  [Andreas Hasenack <andreas netbank.com.br>]
  *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
     These levels of AIX don't have a thundering herd problem with
     accept().  [Jeff Trawick]

  *) prefork MPM: Ignore mutex errors during graceful restart.  For
     certain types of mutexes (particularly SysV semaphores), we
     should expect to occasionally fail to obtain or release the
     mutex during restart processing.  [Jeff Trawick]

  *) Fix install-bindist.sh so that it finds any perl instead of just
     early perl 5.x versions.  This is consistent with a build/install
     from source, and it allows the perl scripts installed by a bindist 
     to work on systems with perl 5.6.  [Jeff Trawick]

  *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
     Tru64 (and probably some other platforms).  [Jeff Trawick]

  *) Allow CGI scripts to return their Content-Length.  This also fixes a
     hang on HEAD requests seen on certain platforms (such as FreeBSD).
     [Justin Erenkrantz]

  *) Added log rotation based on file size to the RotateLog support
     utility. [Brad Nicholes]

  *) Fix some casting in mod_rewrite which broke random maps.
     PR 9770  [Allan Edwards, Greg Ames, Jeff Trawick]
Cliff Woolley's avatar
Cliff Woolley committed

Changes with Apache 2.0.37

Doug MacEachern's avatar
Doug MacEachern committed
  *) allow POST method over SSL when per-directory client cert
     authentication is used with 'SSLOptions +OptRenegotiate' enabled
     and a client cert was found in the ssl session cache.

Doug MacEachern's avatar
Doug MacEachern committed
  *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
     session cache when there is no cert chain in the cache.  prior to
     the fix this situation would result in a FORBIDDEN response and
     error message "Cannot find peer certificate chain"
     [Doug MacEachern]

  *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
     one was already sent.  PR 9644  [Jeff Trawick]

  *) Fix the display of the default name for the mime types config
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     file.  PR 9729  [Matthew Brecknell <mbrecknell orchestream.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix the working directory *for WinNT/2K/XP services only* to
     change to the Apache directory (one level above the location 
     of Apache.exe, in the case that Apache.exe resides in bin/.)
     Solves the case of ServerRoot /foo paths where /foo was not
     on the same drive as /winnt/system32.  [William Rowe]

  *) Make 2.0's "AcceptMutex" startup message now "completely"
     match how 1.3 does it. [Jim Jagielski]

  *) Implement a fixed size memory cache using a priority queue
     [Ian Holsman]

  *) Fix apxs to allow "apxs -q installbuilddir" and to allow
     querying certain other variables from config_vars.mk.  PR 9316  
     [Jeff Trawick]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Added the "detached" attribute to the cgi_exec_info_t internals
     so that Win32 and Netware won't create a new window or console
     for each CGI invoked.  PR 8387
     [Brad Nicholes, William Rowe]

  *) Consolidated the command line parameters and attributes that are 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     manipulated by the optional function ap_cgi_build_command() in
     mod_cgi into a single structure.
  *) Get rid of uninitialized value errors with "apxs -q" on certain
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     variables.  [Stas Bekman <stas stason.org>]
  *) Fix apxs to allow it to work when the build directory is somewhere
     besides server-root/build.  PR 8453  
     [Jeff Trawick and a host of others]

  *) Allow ap_discard_request_body to be called multiple times in the
     same request.  Essentially, ap_http_filter keeps track of whether
     it has sent an EOS bucket up the stack, if so, it will only ever
     send an EOS bucket for this request.  
     [Ryan Bloom, Justin Erenkrantz, Greg Stein]

  *) Remove all special mod_ssl URIs.  This also fixes the bug where
     redirecting (.*) will allow an SSL protected page to be viewed
     without SSL.  [Ryan Bloom]

  *) Fix the binary build install script so that the build logic
     created by "apxs -g" will work when the user has a binary
     build.  [Jeff Trawick]

  *) Allow instdso.sh to work with full paths to the shared module.
     [Justin Erenkrantz]

  *) NetWare: Enabled CGI functionality and added mod_cgi as a built
     in module for NetWare  [Brad Nicholes]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Changed cgi and piped log behavior to accept 65536 characters
     on Win32 (matching Linux) before deadlocking between outputing
     client stdin, slurping the output from stdout and then the stderr
     stream.  PR 8179  [William Rowe]

  *) Fixed Win32 wintty.exe support to assure the window title is valid.
     Elimiates possible gpfault or garbage title without the -t option.
     [William Rowe]

  *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
     brigades and input filters.  [Justin Erenkrantz]
  *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
     body.  [Justin Erenkrantz]
    
  *) NetWare: Piping log entries through RotateLogs using the 
     CustomLogs directive is finally supported now that we have 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     the pipes and spawning functionality working.
Joe Orton's avatar
Joe Orton committed
  *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
Bill Stoddard's avatar
Bill Stoddard committed
     Detect overflow when reading the hex bytes forming a chunk line.
  *) Allow RewriteMap prg:'s to take command-line arguments.  PR 8464.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [James Tait <JTait wyrddreams.demon.co.uk>]
  *) Correctly return 413 when an invalid chunk size is given on
     input.  Also modify ap_discard_request_body to not do anything
     on sub-requests or when the connection will be dropped.
     [Justin Erenkrantz]

  *) Fix the TIME_* SSL var lookups to be threadsafe.  PR 9469.
     [Cliff Woolley]

  *) Ensure that apr_brigade_write() flushes in all of the cases that
     it should to avoid conditions in some modules that could cause
     large amounts of data to be buffered.  [Cliff Woolley]

  *) Fix problem where mod_cache/mod_disk_cache was incorrectly
     stripping the content_type from cached responses.
     [Bill Stoddard]
Jeff Trawick's avatar
Jeff Trawick committed

  *) apachectl passes through any httpd options.  Note: apachectl
     should be used in preference to httpd since it ensures that any
     appropriate environment variables have been set up.
     [Jeff Trawick]

  *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 7810  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
  *) Fix suexec execution of CGI scripts from mod_include.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 7791, 8291  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
  *) Fix segfaults at startup on some platforms when mod_auth_digest,
     mod_suexec, or mod_ssl were used as DSO's due to the way they
     were tracking the current init phase since DSO's get completely
     unloaded and reloaded between phases.  PR 9413.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
  *) Fix mod_include's handling of regular expressions in
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
  *) Fix the worker MPM deadlock problem  [Brian Pane]

  *) Modify the module documentation to allow for translations.
     [Yoshiki Hayashi, Joshua Slive]

  *) Fix a file permissions problem which prevented mod_disk_cache
     from working on Unix.  [Jeff Trawick]

  *) Add "-k start|restart|graceful|stop" support to httpd for the Unix 
     MPMs.  These have semantics very similar to the old apachectl 
     commands of the same name.  [Justin Erenkrantz, Jeff Trawick]
  *) Make sure that the runtime dir is created by make install.
     PR 9233.  [Jeff Trawick]

Cliff Woolley's avatar
Cliff Woolley committed
  *) Fix an unusual set of ./configure arguments that could cause
     mod_http to be built as a DSO, which it currently doesn't
     support.  PR 9244.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
  *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
     of the %X, %b and %B logformat options. PR 8253, 8996.
     [Bill Stoddard]
Ian Holsman's avatar
Ian Holsman committed
  *) If content-encoding is already present, do not run deflate (PR 9222)
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Kazuhisa ASADA <kaz asada.sytes.net>]
Ian Holsman's avatar
Ian Holsman committed

  *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
     It is currently ignored and it will be removed in a future release
     of Apache.  [Jeff Trawick]

  *) Removed documentation references to the no-longer-supported
     "make certificate" feature of mod_ssl for Apache 1.3.x.  Test
     certificates, if truly desired, can be generated using openssl
     commands.  PR 8724.  [Cliff Woolley]

  *) Remove SSLLog and SSLLogLevel directives in favor of having
     mod_ssl use the standard ErrorLog directives.  [Justin Erenkrantz]

  *) OS/390: LIBPATH no longer has to be manually uncommented in
     envvars to get apachectl to set up httpd properly.  [Jeff Trawick]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
     may now be specified to the <File/Directory > container, rather
     than by vhost.  [William Rowe]

  *) mod_isapi: Experimental support for faux async support for ISAPI
     modules.  [William Rowe]

  *) mod_isapi: Major refactoring of the code to rely on apr internals
     rather than MS APIs (using our own mod_isapi.h headers for ISAPI
     symbol definitions.)  [William Rowe]

  *) mod_isapi: Fixed the return string length from GetServerVariable
     callback, it was not including the trailing null in the consumed
     buffer size.  This was particularly bad for Delphi 6.0 users.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 8934  [Sebastian Hantsch <sebastian.hantsch gmx.de>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
     [William Rowe]

  *) Make apxs look in the correct directory for envvars.  It was
     broken when sbindir != bindir.  PR 8869
     [Andreas Sundström <sunkan zappa.cx>]
  *) Fix mod_deflate corruption when using multiple buckets.  PR 9014.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Asada Kazuhisa <kaz asada.sytes.net>]
  *) Performance enhancements for access logger when using
     default timestamp formatting  [Brian Pane]

  *) Added EnableMMAP config directive to enable the server
     administrator to disable memory-mapping of delivered files
     on a per-directory basis.  [Brian Pane]

Brian Pane's avatar
Brian Pane committed
  *) Performance enhancements for mod_setenvif  [Brian Pane]

  *) Fix a mod_ssl build problem on OS/390.  [Jeff Trawick]

  *) Fixed If-Modified-Since on Win32, which would give false positives
     because of the sub-second resolution of file timestamps on that
     platform.  [Cliff Woolley]

Joshua Slive's avatar
 
Joshua Slive committed
  *) Reverse the hook ordering for mod_userdir and mod_alias so
     that Alias/ScriptAlias will override Userdir.  PR 8841
     [Joshua Slive]

  *) Move mod_deflate out of experimental and into filters.
     [Justin Erenkrantz]

  *) Get proxy CONNECT basically working.  [Jeff Trawick]

  *) Fix mod_rewrite hang when APR uses SysV Semaphores and
     RewriteLogLevel is set to anything other than 0.  PR: 8143
     [Aaron Bannert, Cliff Woolley]

  *) Fix byterange requests from returning 416 when using dynamic data
     (such as filters like mod_include).  [Justin Erenkrantz]

  *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
     to be extended by third-party modules via an optional function.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
Brian Pane's avatar
Brian Pane committed
  *) Fix mod_include expression parser's handling of unquoted strings
     followed immediately by a closing paren.  PR 8462.  [Brian Pane]

  *) Remove autom4te.cache in 'make distclean'.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Thom May <thom planetarytramp.net>]
  *) Fix generated httpd.conf to respect layout for LoadModule lines.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 8170.  [Thom May <thom planetarytramp.net>]
  *) Win32: During a graceful restart, threads in the new process
     were accessing scoreboard slots still in use by active threads in 
Joe Orton's avatar
Joe Orton committed
     the old process. [Bill Stoddard]
Changes with Apache 2.0.36

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix some minor formatting issues with ab. Part of this is
     in reference to PR 8544, the rest I noticed while testing
     the PR fix. [Paul J. Reder]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix a case where an invalid pass phrase is entered and an
     error message is given, but the prompt is not shown again.
Paul J. Reder's avatar
 
Paul J. Reder committed
     This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
Paul J. Reder's avatar
 
Paul J. Reder committed

  *) Close sockets on worker MPM when doing a graceless restart.
     [Aaron Bannert]

  *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
     as the session id context rather that a MD5 hash of that vhost ID,
     because it caused very long vhost id's to be unusable with mod_ssl.
     PR 8572.  [Cliff Woolley]

  *) Fix the link to the description of the CoredumpDirectory 
     directive in the server-wide document.  PR 8643.  [Jeff Trawick]

  *) Fixed SHMCB session caching.  [Aaron Bannert, Cliff Woolley]

  *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
     - Avoid SIGBUS on sparc machines with SHMCB session caches
     - Allow whitespace between the pipe and the name of the
     program in SSLLog "| /path/to/program".  [Cliff Woolley]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce mod_ext_filter and mod_deflate experimental modules
     to the Win32 build (zlib sources must be in srclib\zlib.)
     [William Rowe]

  *) Changes to the worker MPM's queue management and thread
     synchronization code to reduce mutex contention  [Brian Pane]

Aaron Bannert's avatar
Aaron Bannert committed
  *) Don't install *.in configuration files since we already install
     *-std.conf files.  [Aaron Bannert]

  *) Many improvements to the threadpool MPM.  [Aaron Bannert]

  *) Fix subreqs that are promoted via fast_redirect from having invalid
     frec->r structures.  This would cause subtle errors later on in
     request processing such as seen in PR 7966.  [Justin Erenkrantz]

  *) More efficient pool recycling logic for the worker MPM [Brian Pane]

  *) Modify the worker MPM to not accept() new connections until
     there is an available worker thread. This prevents queued
     connections from starving for processing time while long-running
     connections were hogging all the available threads.  [Aaron Bannert]

  *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
     [Aaron Bannert]

  *) Get basic HTTP proxy working on EBCDIC machines.  [Jeff Trawick]

  *) Allow mod_unique_id to work on systems with no IPv4 address
     corresponding to their host name.  [Jeff Trawick]

  *) Fix suexec behavior with user directories.  PR 7810.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Colm <colmmacc redbrick.dcu.ie>]
  *) Reject a blank UserDir directive since it is ambiguous.  PR 8472.
     [Justin Erenkrantz]

  *) Make mod_mime use case-insensitive matching when examining
     extensions on all platforms.  PR 8223.  [Justin Erenkrantz]

  *) Add an intelligent error message should no proxy submodules be
     valid to handle a request. PR 8407 [Graham Leggett]

Aaron Bannert's avatar
Aaron Bannert committed
  *) Major improvements in concurrent processing for AB by enabling
     non-blocking connect()s and preventing APR from doing blocking
     read()s. Also implement fatal error checking for apr_recv().
     [Aaron Bannert]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fix Win32 NTFS Junctions (symlinks).  PR 8014  [William Rowe]

  *) Fix Win32 'short name' aliases in httpd.conf directives.
     PR 8009  [William Rowe]

  *) Fix generation of default httpd.conf when the layout paths are
     disjoint.  PR 7979, 8227.  [Justin Erenkrantz]
  *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
     that downgraded responses can have force-response.  PR 8357.
     [Justin Erenkrantz]

  *) Fix perchild MPM so that it can be configured with the move to the
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     experimental directory.  [Scott Lamb <slamb slamb.org>]

  *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     ap_uname2id. [Scott Lamb <slamb slamb.org>]
  *) Fix AcceptPathInfo. PR 8234  [Cliff Woolley]

  *) SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803]
Joe Orton's avatar
Joe Orton committed
     Added the APLOG_TOCLIENT flag to ap_log_rerror() to
     explicitly tell the server that warning messages should be sent 
     to the client in addition to being recorded in the error log. 
     Prior to this change, ap_log_rerror() always sent warning 
     messages to the client. In one case, a faulty CGI script caused
     the server to send a warning message to the client that contained
     the full path to the CGI script. This could be considered a
     minor security exposure. [Bill Stoddard]
  *) mod_autoindex output when SuppressRules was specified would
     omit the first carriage return so the first item in the list
     would appear to the right of the column headings instead of
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     underneath them. PR 8016  [David Shane Holden <dpejesh yahoo.com>]
Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Moved the call to apr_mmap_dup outside the error branch so
     that it would actually get called. This fixes a core dump
     at init everytime you use the MMapFile directive. PR 8314
     [Paul J. Reder]
Justin Erenkrantz's avatar
Justin Erenkrantz committed

  *) Trigger an error when a LoadModule directive attempts to
     load a module which is built-in.  This is a common error when
     switching from a DSO build to a static build.  [Jeff Trawick]

  *) Change instdso.sh to use libtool --install everywhere and then
     clean up some stray files and symlinks that libtool leaves around
     on some platforms.  This gets subversion building properly since
     it needed a re-link to be performed by libtool at install time,
     and the old instdso.sh logic to simply cp the DSO didn't handle
     that requirement.  [Sander Striker]

  *) Allow VPATH builds to succeed when configured from an empty
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     directory.  [Thom May <thom planetarytramp.net>]
  *) Fix 'control reaches end of non-void function' warning in
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     server/log.c.  [Ben Collins-Sussman <sussman collab.net>]
Justin Erenkrantz's avatar
Justin Erenkrantz committed
  *) Perchild MPM is now correctly deemed as experimental and is now
     located in server/mpm/experimental.  [Justin Erenkrantz]

  *) Fix segfault in mod_mem_cache when garabge collecting an expired
     cache entry.  [Bill Stoddard]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduced -E startup_logfile_name option to httpd to allow admins
     to begin logging errors immediately.  This provides Win32 users 
     an alternative to sending startup errors to the event viewer, and
     allows other daemon tool authors an alternative to logging to stderr.
     [William Rowe] 
     
  *) Fix subreqs with non-defined Content-Types being served improperly.
     [Justin Erenkrantz]

  *) Merge in latest GNU config.guess and config.sub files.  PR 7818.
     [Justin Erenkrantz]

  *) Move 100 - Continue support to the HTTP_IN filter so that filters
     are guaranteed to support 100 - Continue logic without any
     intervention.  [Justin Erenkrantz]

  *) Add HTTP chunked input trailer support.  [Justin Erenkrantz]

  *) Rename and export get_mime_headers as ap_get_mime_headers.
     [Justin Erenkrantz]

  *) Allow empty Host: header arguments.  PR 7441.  [Justin Erenkrantz]

  *) Properly substitute sbindir as httpd's location in apachectl.  PR 7840.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Andreas Hasenack <andreas netbank.com.br>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Allow Win32 shebang scripts to follow the path (or omit the .exe
     suffix from the shebang command), and allow ScriptInterpreterSource
     Registry or RegistryStrict to override shebang lines, as 1.3 did.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     PR 8004  [William Rowe]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) worker MPM: Fix a situation where a child exited without releasing
     the accept mutex.  Depending on the OS and mutex mechanism this 
     could result in a hang.  [Jeff Trawick]

  *) Update the instructions for how to get started with mod_example.
     [Stas Bekman]
  
  *) Fix PidFile to default to rel_runtimedir instead of
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     rel_logfiledir.  PR 7841.  [Andreas Hasenack <andreas netbank.com.br>]
  *) Win32: Fix problem that caused rapid performance degradation
     when number of connecting clients exceeded ThreadsPerChild.
     [Bill Stoddard]
  *) Fixed a segfault parsing large SSIs on non-mmap systems.
     [Brian Havard]

  *) Proxy was bombing out every second keepalive request, caused by a
     stray CRLF before the second response's status line. Proxy now
     tries to read one more line if it encounters a CRLF where it
     expected a status. PR 10010 [Graham Leggett]

  *) Deprecated the apr_lock.h API. Please see the following files
     for the improved thread and process locking and signaling: 
     apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
     apr_thread_cond.h, and apr_global_mutex.h.  [Aaron Bannert]

Doug MacEachern's avatar
Doug MacEachern committed
  *) Change mod_status to use scoreboard accessor functions so it can
     be used in any MPM without having to be recompiled.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ryan Morgan <rmorgan covalent.net>]
Doug MacEachern's avatar
Doug MacEachern committed

  *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
     handle declarations are recognized.  This fixes problems loading 
     mod_autoindex on some platforms.  [Brian Havard]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
Doug MacEachern's avatar
Doug MacEachern committed

  *) Remind the admin about the User and Group directives when we are
     unable to set permissions on a semaphore.  PR 7812  [Jeff Trawick]

Doug MacEachern's avatar
Doug MacEachern committed
  *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
     [Doug MacEachern]

  *) fix possible infinite loop in mod_ssl triggered by certain
     netscape clients [Doug MacEachern]

  *) fix ProxyPass when frontend is https and backend is http
     [Doug MacEachern]

  *) Add DASL support to mod_dav
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Sung Kim <hunkim cse.ucsc.edu>]
  *) mod_rewrite: updated to use the new APR global mutex type.
     [Aaron Bannert]

  *) Fixes for mod_include errors on boundary conditions in which
     "<!--#" occurs at the very end of a bucket
     [Paul Reder, Brian Pane]

  *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to 
     cause the Apache parent process to run in the foreground (similar to
     -DNO_DETACH except that it doesn't switch session ids).  
     [Jeff Trawick]