Newer
Older
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
*) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick@colby.edu>]
*) If you start apache with the -S command line option it will dump
out the parsed vhost settings. This is useful for folks trying
to figure out what is wrong with their vhost configuration.
(Other dumps may be added in the future.) [Dean Gaudet]
*) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
ap_snprintf, and ap_psprintf). See include/ap.h for docs.
[Dean Gaudet]
*) Because /usr/local/apache is the default prefix the ``configure
--compat'' option no longer has to set prefix, again. This way the
--compat option honors a leading --prefix option. [Lars Eilebrecht]
*) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
to avoid "discard const" warnings. [Ralf S. Engelschall]
*) If a specific handler is set for a file yet the request still
ends up being handled by the default handler, log an error
message before handling it. This catches things such as trying
to use SSIs without mod_include enabled. [Marc Slemko]
*) Fix error logging for the startup case where ap_log_error() still uses
stderr as the target. Now the default log level is honored here, too.
[Ralf S. Engelschall]
*) PORT: Make sure some AWK's don't fail in src/Configure with "string too
long" errors when generating the MODULES entry for src/Makefile
[Ben Hyde, Ralf S. Engelschall]
*) Make sure src/Configure doesn't complain about the old directory
/usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
Changes with Apache 1.3b6
*) PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde]
*) Adding DSO support for the HP/UX platform by emulating the dlopen-style
interface via the similar but proprietary HP/UX shl_xxx-style system
calls. [Ralf S. Engelschall]
*) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
APACI Makefile.tmpl "install" target more robust for sensible UnixWare
Make. [Ralf S. Engelschall]
*) ++++ THE BIG SYMBOL RENAMING ++++
To avoid symbol clashes with third-party code compiled into the server,
we globally applied the prefix "ap_" to the following classes of
functions:
- Apache provided general functions (e.g., ap_cpystrn)
- Public API functions (e.g., palloc, bgets)
- Private functions which we can't make static (because of
cross-object usage) but should be (e.g., new_connection)
For backward source compatibility a new header file named compat.h was
created which provides defines for the old symbol names and can be used
by third-party module authors.
[The Apache Group]
*) Added dynamic shared object (DSO) support for SVR4-derivates: The
problem under SVR4 is that there is no command flag to force the linker
to export the global symbols of the httpd executable therewith they are
available to the DSO's. Instead of problematic hacks like creating a
dummy.so file (containing dummy references to all global symbols) the
httpd binary is linked against, we use a clean trick stolen from Perl 5:
Placing the Apache core code itself into a DSO library named libhttpd.so.
This way the global symbols _HAVE_ to be exported and thus are available
to any manually loaded DSO's under runtime. To reduce the impact to the
user to null we go even further and create a stub httpd executable which
automatically keeps track of the DSO library loading itself and thus
hides the complete mechanism from the user. Although the generation of
this DSO library is automatically triggered for platforms which
essentially need it (mostly all SVR4-derivates) it can be also enabled
manually via the Rule SHARED_CORE. This can be interesting in the future
where we perhaps exploit this libhttpd.so mechanism for providing nifty
features like graceful upgrades, or whatever.
[Ralf S. Engelschall, Martin Kraemer]
*) Build the libraries before building the rest of the tools. [Ben Hyde]
*) Add "distclean" target to src/-Makefiles to provide "make distclean" also
inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
conventions while "clean" removes only stuff created by "all" targets,
"distclean" additionally removes the stuff from the configuration
process. This way "make distclean" (hence the name) provides a fresh
source tree as it was for distribution.
[Ralf S. Engelschall]
*) Allow top-level (APACI) Makefile to break on build errors
the same way the src/ subtree Makefiles breaks on them by replacing the
initial APACI sed-subdir-display-kludge with a more clean
variable-passing-solution: variable SDP can optionally hold the subdir
prefix which is consistently used for displaying the subdir movement.
This way even the top-level Makefile can stop correctly on errors as the
user expects. [Ralf S. Engelschall]
*) Fixed ordering of argument checks for RewriteBase directive.
[Todd Eigenschink <eigenstr@mixi.net>] PR#2045
*) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
indicating that a module is being compiled for dynamic loading. Also
remove #define IS_MODULE from modules and add SHARED_MODULE define
to the mak/dsp files. [Alexei Kosut]
*) Reduce logging level of "normal" warning messages to APLOG_INFO,
since we are now logging APLOG_WARNING by default. [Roy Fielding]
*) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
*) Add documentation file and src/Configuration.tmpl entry for the
experimental mod_mmap_static module. Because although it is and marked as
an experimental one it is distributed and thus should be documented and
prepared for configuration the same way as all others modules.
[Ralf S. Engelschall]
*) Add query (-q) option to apxs support tool to be able to manually query
specific settings from apxs. This is needed for instance when you
manually want to access Apache's header files and you need to assemble
the -I option. Now you can do -I`apxs -q INCLUDEDIR`.
[Ralf S. Engelschall]
*) Now src/Configure uses a fallback strategy for the shared object support
on platforms where no explicit information is available: If a Perl
installation exists we ask it about its shared object support and if it's
the dlopen-style one we shamelessly guess the compiler and linker flags
for creating shared objects from Perls knowledge. Of course, the user is
warning about what we are doing and informed that he should send us
the guessed flags when they work. [Ralf S. Engelschall]
*) Provide APACI --without-support option to be able to disable the build
and installation of the support tools from the src/support/ area.
Although its useful to have these installed per default we should provide
a way to compile and install without them for backward-compatibility.
[Ralf S. Engelschall]
*) Add of the new APache eXtenSion (apxs) support tool for building and
installing modules into an _already installed_ Apache package through the
dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
this approach actually doesn't need the Apache source tree. The
(APACI-installed) server package is enough, because this now includes the
Apache C header files (PREFIX/include) and the new APXS tool
(SBINDIR/apxs). The intend is to provide a handy tool for third-party
module authors to build their Apache modules _OUTSIDE_ the Apache source
tree while avoiding them to fiddle around with the totally platform
dependend way of compiling DSO files. The tool supports all ranges of
modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
on-the-fly generate a minimalistic Makefile and sample module for the
first step to provide both a quick success event and to demonstrate the
APXS mechanism to module authors. [Ralf S. Engelschall]
*) Fix core dumps in use of CONNECT in proxy.
[Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942
*) Modify the log directives in httpd.conf-dist files to use CustomLog
so that users have examples of how CustomLog can be used.
[Lars Eilebrecht]
*) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
the Apache distribution tree. Until Apache 1.3 there was no real
out-of-the-box batch-capable build and installation procedure for the
complete Apache package. This is now provided by a top-level "configure"
script and a corresponding top-level "Makefile.tmpl" file. The goal is
to provide a GNU Autoconf-style frontend which is capable to both drive
the old src/Configure stuff in batch and additionally installs the
package with a GNU-conforming directory layout. Any options from the old
configuration scheme are available plus a lot of new options for flexibly
customizing Apache. [Ralf S. Engelschall]
*) The floating point ap_snprintf code wasn't threadsafe.
Had to remove the HAVE_CVT macro in order to do threadsafe
calling of the ?cvt() floating point routines. [Dean Gaudet]
*) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
*) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
[Jim Jagielski] PR#1901
*) BUG: Configure was using TCC and CC inconsistently. Make sure
Configure knows which CC we are using. [Jim Jagielski]
*) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
was defined in a parent directory. [Lars Eilebrecht]
*) API: ap_snprintf() code mutated into ap_vformatter(), which is
a generic printf-style routine that can call arbitrary output
routines. Use this to replace http_bprintf.c. Add new routines
psprintf(), pvsprintf() which allocate the exact amount of memory
required for a string from a pool. Use psprintf() to clean up
various bits of code which used ap_snprintf()/pstrdup().
[Dean Gaudet]
*) PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because
ap_snprintf() has different semantics and formatting codes than
snprintf(). [Dean Gaudet]
*) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This
is necessary on at least Solaris where the /etc/rc?.d scripts
are run with these signals ignored, and "SIG_IGN" settings are
maintained across exec().
[Rein Tollevik <reint@sys.sol.no>] PR#2009
*) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
used instead of lstat() and thus this flag didn't work as expected.
[Rein Tollevik <reint@sys.sol.no>] PR#2010
*) Fix the proxy pass-through feature of mod_rewrite for the case of
existing QUERY_STRING now that mod_proxy was recently changed because of
the new URL parsing stuff. [Ralf S. Engelschall]
*) A few changes to scoreboard definitions which helps gcc generate
better code. [Dean Gaudet]
*) ANSI C doesn't guarantee that "int foo : 2" in a structure will
be a signed bitfield. So mark a few bitfields as signed to
ensure correct code. [Dean Gaudet]
*) The default for HostnameLookups was changed to Off, but there
was a problem and it wasn't taking effect. [Dean Gaudet]
*) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
[Dean Gaudet]
*) After a SIGHUP the listening sockets in the parent weren't
properly marked for closure on fork().
[Jürgen Keil <jk@tools.de>] PR#2000
*) Allow %2F in two situations: 1) it is in the query part of the URI,
therefore not exposed to %2F -> '/' translations and 2) the request
is a proxy request, so we're not dealing with a local resource anyway.
Without this, the proxy would fail to work for any URL's with
%2f in them (occurs quite often in
http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
*) Protect against FD_SETSIZE mismatches. [Dean Gaudet]
*) Make the shared object compilation command more portable by avoiding
the direct combination of `-c' & `-o' which is not honored by some
compilers like UnixWare's cc. [Ralf S. Engelschall]
*) WIN32: the proxy was creating filenames missing the last four
characters. While this normally doesn't stop anything from
working, it can result in extra collisions.
[Tim Costello <tjcostel@socs.uts.edu.au>] PR#1890
*) Now mod_proxy uses the response string (in addition to the response status
code) from the already used FTP SIZE command to setup the Content-Length
header if available. [Ralf S. Engelschall] PR#1183
*) Reanimated the (still undocumented) proxy receive buffer size directive:
Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
name was really too generic, added documentation for this directive to
the mod_proxy.html and corrected the hyperlink to it in the
new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
*) Fix a bug in the src/helpers/fp2rp script and make it a little bit
faster [Martin Kraemer]
*) Make Configure die when you give it an unknown command switch.
[Ben Hyde]
*) Add five new and fresh manpages for the support programs: dbmmanage.1,
suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date
and per default compiled support programs have manual pages - just to
document our stuff a little bit more and to be able to do really
Unix-like installations ;-) [Ralf S. Engelschall]
*) Major cleanups to the Configure script to make it and its generated
Makefiles again readable and maintainable: add SRCDIR option, removed
INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
generated sections, consequently added Makefile headers with inheritance
information, added subdir movement messages for easier following where
the build process currently stays (more verbose then standard Make, less
verbose than GNU make), same style to comments in the Configure script,
added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
*) Add the new ApacheBench program "ab" to src/support/: This is derived
from the ZeusBench benchmarking program and can be used to determine the
response performance of an Apache installation. This version is
officially licensed with Zeus Technology, Ltd. See the license agreement
statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core.
[Ralf S. Engelschall]
*) API: Various core functions that are definately not part of the API
have been made static, and a few have been marked API_EXPORT. Still
more have been marked CORE_EXPORT and are not intended for general
use by modules. [Doug MacEachern, Dean Gaudet]
*) mod_proxy was not clearing the Proxy-Connection header from
requests; now it does. This did not violate any spec, however
causes poor interactions when you are talking to remote proxies.
[Marc Slemko] PR#1741
*) Various cleanups to the command line interface and manual pages.
[Ralf S. Engelschall]
*) cfg_getline() was not properly handling lines that did not end
with a line termination character. [Marc Slemko] PR#1869, 1909
*) Performance tweak to mod_log_config. [Dmitry Khrustalev]
*) Clean up some undocumented behavior of mod_setenvif related to
"merging" two SetEnvIf directives when they match the same header
and regex. Document that mod_setenvif will perform comparisons in
the order they appear in the config file. Optimize mod_setenvif by
doing more work at config time rather than at runtime.
[Dean Gaudet]
*) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
to allow for modules to overrule them and to reduce redefinition
warnings [Jim Jagielski]
*) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
[Jim Jagielski]
*) Making the hard-coded cross-module function call mime_find_ct() (from
mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
checking is really called even for proxy requests except for URLs with
HTTP schemes (because there we can optimize by not running the type
checking hooks due to the fact that the proxy gets the MIME Content-type
from the remote host later). This change cleans up mod_mime by removing
the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
especially unbundles mod_proxy and mod_mime. This way they both now can
be compiled as shared objects and are no longer tied together.
[Ralf S. Engelschall]
*) util.c cleanup and speedup. [Dean Gaudet]
*) API: Clarification, pstrndup() will always copy n bytes of the source
and NUL terminate at the (n+1)st byte. [Dean Gaudet]
*) Mark module command_rec and handler_rec structures const so that they
end up in the read-only data section (and are friendlier to systems
that don't do optimistic memory allocation on fork()). [Dean Gaudet]
*) Add check to the "Port" directive to make sure the specified
port is in the appropriate range. [Ben Hyde]
*) Performance improvements to invoke_handler().
[Dmitry Khrustalev <dima@bog.msu.su>]
*) Added support for building shared objects even for library-style modules
(which are built from more than one object file). This now provides the
ability to build mod_proxy as a shared object module. Additionally
modules like mod_example are now also supported for shared object
building because the generated Makefiles now no longer assume there is at
least one statically linked module. [Ralf S. Engelschall]
*) API: Clarify usage of content_type, handler, content_encoding,
content_language and content_languages fields in request_rec. They
must always be lowercased; and the strings pointed to shouldn't
be modified (you must copy them to modify them). Fix a few bugs
related to this. [Dean Gaudet]
*) API: Clarification: except for RAW_ARGS, all command handlers can
treat the char * parameters as permanent, and modifiable. There
is no need to pstrdup() them. Clean up some needless pstrdup().
[Dean Gaudet]
*) Now mod_so keeps track of which module shared objects with which names
are loaded and thus avoids multiple loading and unloading and irritating
error_log messages. [Ralf S. Engelschall]
*) Prior to the existence of mod_setenv it was necessary to tweak the TZ
environment variable in the apache core. But that tweaking interferes
with mod_setenv. So don't tweak if the user has specified an explicit
TZ variable. [Jay Soffian <jay@cimedia.com>] PR#1888
*) rputs() did not calculate r->sent_bodyct properly.
[Siegmund Stirnweiss <siegst@kat.ina.de>] PR#1900
*) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
name, or left unset if this value is unavailable. Apache was setting
it to the IP address when unavailable.
[Tony Finch <fanf@demon.net>] PR#1925
*) Various improvements to the configuration and build support for compiling
modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
OSF1 support with GCC and vendor compilers was added. This way shared
object support is now provided out-of-the-box for FreeBSD, Linux,
Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
[Ralf S. Engelschall]
*) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
and USE_OS2_SCOREBOARD. [Dean Gaudet]
*) Fix one more special locking problem for RewriteMap programs in
mod_rewrite: According to the documentation of flock(), "Locks are on
files, not file descriptors. That is, file descriptors duplicated
through dup(2) or fork(2) do not result in multiple instances of a lock,
but rather multiple references to a single lock. If a process holding a
lock on a file forks and the child explicitly unlocks the file, the
parent will lose its lock.". To overcome this we have to make sure the
RewriteLock file is opened _AFTER_ the childs were spawned which is now
the case by opening it in the child_init instead of the module_init API
hook. [Ralf S. Engelschall] PR#1029
*) Change to Location and LocationMatch semantics. LocationMatch no
longer lets a single slash match multiple adjacent slashes in the
URL. This change is for consistency with RewriteRule and
AliasMatch. Multiple slashes have meaning in URLs that they do
not have in (some) filesystems. Location on the other hand can
be considered a shorthand for a more complicated regex, and it
does match multiple slashes with a single slash -- which is
also consistent with the Alias directive.
[Dean Gaudet] related PR#1440
*) Fix bug with mod_mime_magic causing certain files, including files
of length 0, to result in no response from the server.
[Dean Gaudet]
*) The Configure script now generates src/include/ap_config.h which
contains the set of defines used when Apache is compiled on a platform.
This file can then be included by external modules before including
any Apache header files in case they are being built separately from
Apache. Along with this change, a couple of minor changes were
made to make Apache's #defines coexist peacefully with any autoconf
defines an external module might have. [Rasmus Lerdorf]
*) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
but without any RewriteXXXXX directives. Here mod_rewrite is given no
chance by the API to initialize its per-server configuration and thus
receives the wrong one from the main server. This is now avoided by
remembering the server together with the config structure while
configuring and later assuming there is no config when we see a
difference between the remembered server and the one calling us.
[Ralf S. Engelschall] PR#1790
*) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
is automatically disabled under configure time when the dbm_xxx functions
are not available. Second, two heavy source code errors in the DBM
support code were fixed. This makes DBM RewriteMap's usable again after
a long time of brokenness. [Ralf S. Engelschall] PR#1696
*) Now all configuration files support Unix-style line-continuation via
the trailing backslash ("\") character. This enables us to write down
complex or just very long directives in a more readable way. The
backslash character has to be really the last character before the
newline and it has not been prefixed by another (escaping) backslash.
[Ralf S. Engelschall]
*) When using ProxyPass the ?querystring was not passed correctly.
[Joel Truher <truher@wired.com>]
*) To deal with modules being compiled and [dynamically] linked
at a different time from the core, the SERVER_VERSION and
SERVER_BUILT symbols have been abstracted through the new
API routines apapi_get_server_version() and apapi_get_server_built().
[Ken Coar] PR#1448
*) WIN32: Preserve trailing slash in canonical path (and hence
in PATH_INFO). [Paul Sutton, Ben Laurie]
*) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
depending on the rev of Solaris and what mixture of modules
are in use. So it has been disabled, and Solaris is back to
using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with
USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
up static content only servers. Or it may fail unpredictably.
[Dean Gaudet] PR#1779, 1854, 1904
*) mod_test_util_uri.c created which tests the logic in util_uri.c.
[Dean Gaudet]
*) API: Rewrite of absoluteURI handling, and in particular how
absoluteURIs match vhosts. Unless a request is a proxy request, a
"http://host" url is treated as if a similar "Host:" header had been
supplied. This change was made to support future HTTP/1.x protocols
which may require clients to send absoluteURIs for all requests.
In order to achieve this change subtle changes were made to the API. In a
request_rec, r->hostlen has been removed. r->unparsed_uri now exists so
that the unmodified uri can be retrieved easily. r->proxyreq is not set
by the core, modules must set it during the post_read_request or
translate_names phase.
Plus changes to the virtualhost test suite for absoluteURI testing.
This fixes several bugs with the proxy proxying requests to vhosts
managed by the same httpd.
[Dean Gaudet]
*) API: Cleanup of code in http_vhost.c, and remove vhost matching
code from mod_rewrite. The vhost matching is now performed by a
globally available function matches_request_vhost(). [Dean Gaudet]
*) Reduce memory usage, and speed up ServerAlias support. As a
side-effect users can list multiple ServerAlias directives
and they're all considered.
[Chia-liang Kao <clkao@cirx.org>] PR#1531
*) The "poly" directive in image maps did not include the borders of the
polygon, whereas the "rect" directive does. Fix this inconsistency.
[Konstantin Morshnev <moko@design.ru>] PR#1771
*) Make \\ behave as expected. [Ronald.Tschalaer@psi.ch]
*) Add the `%a' construct to LogFormat and CustomLog to log the client IP
address. [Todd Eigenschink <eigenstr@mixi.net>] PR#1885
*) API: A new source module main/util_uri.c; It contains a routine
parse_uri_components() and friends which breaks a URI into its component
parts. These parts are stored in a uri_components structure called
parsed_uri within each request_rec, and are available to all modules.
Additionally, an unparse routine is supplied which re-assembles the URI
components back to an URI, optionally hiding the username:password@ part
from ftp proxy requests, and other useful routines. Within the structure,
you find on a ready-for-use basis:
scheme; /* scheme ("http"/"ftp"/...) */
hostinfo; /* combined [user[:password]@]host[:port] */
user; /* user name, as in http://user:passwd@host:port/ */
password; /* password, as in http://user:passwd@host:port/ */
hostname; /* hostname from URI (or from Host: header) */
port_str; /* port string (integer representation is in "port") */
path; /* the request path (or "/" if only scheme://host was given) */
query; /* Everything after a '?' in the path, if present */
fragment; /* Trailing "#fragment" string, if present */
This is meant to serve as the platform for *BIG* savings in
code complexity for the proxy module (and maybe the vhost logic).
[Martin Kraemer]
*) Make all possible meta-construct expansions ($N, %N, %{NAME} and
${map:key}) available for all location where a string is created in
mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
possible expansions are consequently usable at all string creation
locations. [Ralf S. Engelschall]
*) Fix initialization of RewriteLogLevel (default now is 0 as documented
and not 1) and the per-virtual-server merging of directives. Now all
directives except `RewriteEngine' and `RewriteOption' are either
completely overridden (default) or completely inherited (when
`RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
*) Fix `RewriteMap' program lookup in situations where such maps are
defined but disabled (`RewriteEngine off') in per-server context.
[Ralf S. Engelschall] PR#1431
*) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
server to bind to port 0 rather than 80. [Dean Gaudet]
*) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
(like SunOS and FreeBSD) which don't accept the locking of pipes
directly. A new directive RewriteLock is introduced which can be used to
setup a separate locking file which then is used for synchronization.
[Ralf S. Engelschall] PR#1029
*) WIN32: The server root is obtained from the registry key
HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
"1.3 beta"), unless overridden by the -d command line flag. The
value is stored by running "apache -i -d serverroot". [Paul Sutton]
*) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
*) Now mod_rewrite no longer makes problematic assumptions on the characters
a username can contain when trying to expand it via /etc/passwd.
[Ralf S. Engelschall]
*) The mod_setenvif BrowserMatch backwards compatibility command did not
work properly with spaces in the regex. [Ronald Tschalaer] PR#1825
*) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
type but with a special post-processing for the looked-up value: It
parses it into alternatives according to `|' chars and then only one
particular alternative is chosen randomly (this is an essential
functionality needed for balancing between backend-servers when using
Apache as a Reverse Proxy. The looked up value here is a list of
servers). Second, `int' with the built-in maps named `tolower' and
`toupper' which can be used to map URL parts to a fixed case (this is an
essential feature to fix the case of server names when doing mass
virtual-hosting with the help of mod_rewrite instead of using
<VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
Jay Soffian <jay@cimedia.com>] PR#1631
*) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
This directive lets Apache adjust the URL in Location-headers on HTTP
redirect responses sent by the remote server. This way the virtually
mapped area is no longer left on redirects and thus by-passed which is
especially essential when running Apache as a reverse proxy.
[Ralf S. Engelschall]
*) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
hidden. [Alvaro Martinez Echevarria]
*) Apache will, when started with the -X (single process) debugging flag,
honor the SIGINT or SIGQUIT signals again now. This capability got lost
a while ago during OS/2 signal handling changes.
*) [PORT] Work around the fact that NeXT runs on more than the
m68k chips in mod_status [Scott Anguish and Timothy Luoma
<luomat@peak.org>]
*) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
<ache@nagual.pp.ru> and Jim] PR#1450
*) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
In particular the handlers could trigger themselves into an infinite
loop if RLimitMem was used with a small amount of memory -- too small
for the signal stack frame to be set up. [Dean Gaudet]
*) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet,
Alvaro Martinez Echevarria <alvaro@lander.es>]
*) Fix multiple UserDir problem introduced during 1.3b4-dev.
[Dean Gaudet] PR#1850
*) ap_cpystrn() had an off-by-1 error.
[Charles Fu <ccwf@klab.caltech.edu>] PR#1847
*) API: As Ken suggested the check_cmd_context() function and related
defines are non-static now so modules can use 'em. [Martin Kraemer]
*) mod_info would occasionally produce an unpaired <tt> in its
output. Fixed. [Martin Kraemer]
*) By default AIX binds a process (and it's children) to a single
processor. httpd children now unbind themselves from that cpu
and re-bind to one selected at random via bindprocessor()
[Doug MacEachern]
*) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
effect. Work around it by using RLIMIT_AS for the RLimitMEM
directive. [Enrik Berkhan <enrik@inka.de>] PR#1816
*) mod_mime_magic error message should indicate the filename when
reads fail. ["M.D.Parker" <mdpc@netcom.com>] PR#1827
*) Previously Apache would permit </Files> to end <FilesMatch> (and
similary for Location and Directory), now this is diagnosed as an
error. Improve error messages for mismatched sections (<Files>,
<FilesMatch>, <Directory>, <DirectoryMatch>, ...).
[Dean Gaudet, Martin Kraemer]
*) <Files> is not permitted within <Location> (because of the
semantic ordering). [Dean Gaudet] PR#379
*) <Files> with wildcards was broken by the change in wildcard
semantics (* does not match /). To fix this, <Files> now
apply only to the basename of the request filename. This
fixes some other inconsistencies in <Files> semantics
(such as <Files a*b> not working). [Dean Gaudet] PR#1817
*) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
backup files are removed on "clean" target [Ralf S. Engelschall]
*) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639
*) Various errors from select() and accept() in child_main() would
result in an infinite loop. It seems these two tickle kernel
or library bugs occasionally, and result in log spammage and
a generally bad scene. Now the child exits immediately,
which seems to be a good workaround.
[Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
*) Cleaned up some race conditions in unix child_main during
initialization. [Dean Gaudet]
*) SECURITY: "UserDir /abspath" without a * in the path would allow
remote users to access "/~.." and bypass access restrictions
(but note /~../.. was handled properly).
[Lauri Jesmin <jesmin@ut.ee>] PR#1701
*) API: os_is_path_absolute() now takes a const char * instead of a char *.
[Dean Gaudet]
Changes with Apache 1.3b5
*) Source file dependencies in Makefile.tmpl files throughout the
source tree were updated to accurately reflect reality.
[Dean Gaudet]
*) Preserve the content encoding given by the AddEncoding directive
when the client doesn't otherwise specify an encoding.
[Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]
*) Sort out problems with canonical filename handling happening too late.
[Dean Gaudet, Ben Laurie]
Changes with Apache 1.3b4
*) The module structure was modified to include a *dynamic_load_handle
in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
has been bumped accordingly. [Paul Sutton]
*) All BrowserMatch directives mentioned in
htdocs/manual/known_client_problems.html are in the default
configuration files. [Lars Eilebrecht]
*) MiNT port update. [Jan Paul Schmidt]
*) HTTP/1.1 requires x-gzip and gzip encodings be treated
equivalent, similarly for x-compress and compress. Apache
now ignores a leading x- when comparing encodings. It also
preserves the encoding the client requests (for example if
it requests x-gzip, then Apache will respond with x-gzip
in the Content-Encoding header).
[Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772
*) Fix a memory leak on keep-alive connections. [Igor Tatarinov]
*) Added mod_so module to support dynamic loading of modules on Unix
(like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
instead of AddModule in Configuration to build shared modules
[Sameer Parekh, Paul Sutton]
*) Minor cleanups to r->finfo handling in some modules.
[Dean Gaudet]
*) Abstract read()/write() to ap_read()/ap_write().
Makes it easier to add other types of IO code such as SFIO.
[Randy Terbush]
*) API: Generalize default_port manipulations to make support of
different protocols easier. [Ben Laurie, Randy Terbush]
*) There are many cases where users do not want Apache to form
self-referential urls using the "canonical" ServerName and Port.
The new UseCanonicalName directive (default on), if set to off
will cause Apache to use the client-supplied hostname and port.
API: Part of this change required a change to the construct_url()
prototype; and the addition of get_server_name() and
get_server_port().
[Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
PR#315, 459, 485, 1433
*) Yet another rearrangement of the source tree.. now all the common
header files are in the src/include directory. The -Imain -Iap
references in Makefiles have been changed to the simpler -Iinclude
instead. In addition to simplifying the build a little bit, this
also makes it clear when a module is referencing something in a
other than kosher manner (e.g., the proxy including mod_mime.h).
Module-private header files (the proxy, mod_mime, the regex library,
and mod_rewrite) have not been moved to src/include; nor have
the OS-abstraction files. [Ken Coar]
*) Fix a bug where r->hostname didn't have the :port stripped
from it. [Dean Gaudet]
*) Tweaked the headers_out table size, and the subprocess_env
table size guess in rename_original_environment(). Added
MAKE_TABLE_PROFILE which can help discover make_table()
calls that use too small an initial guess, see alloc.c.
[Dean Gaudet]
*) Options and AllowOverride weren't properly merging in the main
server setting inside vhosts (only an issue when you have no
<Directory> or other section containing an Options that affects
a request). Options +foo or -foo in the main_server wouldn't
affect the main_server's lookup defaults. [Dean Gaudet]
*) Variable 'cwd' was being used pointlessly before being set.
[Ken Coar] PR#1738
*) r->allowed handling cleaned up in the standard modules.
[Dean Gaudet]
*) Some case-sensitivity issues cleaned up to be consistent with
RFC2068. [Dean Gaudet]
*) SIGURG doesn't exist everywhere.
[Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
*) mod_unique_id was erroneously generating a second unique id when
an internal redirect occured. Such redirects occur, for example,
when processing a DirectoryIndex match. [Dean Gaudet]
*) API: table_add, table_merge, and table_set include implicit pstrdup()
of the key and value. But in many cases this is not required
because the key/value is a constant, or the value has been built
by pstrcat() or other similar means. New routines table_addn,
table_mergen, and table_setn have been added to the API, these
routines do not pstrdup() their arguments. The core code and
standard modules were changed to take advantage of these routines.
The resulting server is up to 20% faster in some situations.
Note that it is easy to get code subtly wrong if you pass a key/value
which is in a pool other than the pool of the table. The only
safe thing to do is to pass key/values which are in the pool of
the table, or in one of the ancestors of the pool of the table.
i.e. if the table is part of a subrequest, a value from the main
request's pool is OK since the subrequest pool is a sub_pool of the
main request's pool (and therefore has a lifespan at most as long as
the main pool). There is debugging code which can detect improper
usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
[Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]
*) More mod_mime_magic cleanup: fewer syscalls; should handle "files"
which don't exist on disk more gracefully; handles vhosts properly.
Update documentation to reflect the code -- if there's no
MimeMagicFile directive then the module is not enabled.
[Dean Gaudet]
*) PORT: Some older *nix dialects cannot automatically start scripts
which begin with a #! interpreter line (the shell starts the scripts
appropriately on these platforms). Apache now supports starting of
"hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
[Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
taken from tcsh]
*) API: "typedef array_header table" removed from alloc.h, folks should
have been writing to use table as if it were an opaque type, but even
some standard modules got this wrong. By changing the definition
to "typedef struct table table" module authors will receive compile
time warnings that they're doing the wrong thing. This change
facilitates future changes with more sophisticated table
structures. Specifically, module authors should be using table_elts()
to get access to an array_header * for the table. [Dean Gaudet]
*) API: Renamed new_connection() to avoid namespace collision with LDAP
library routines. [Ken Coar, Rasmus Lerdorf]
*) WIN32: mod_speling is now available on the Win32 platform.
[Marc Slemko]
*) For clarity the following compile time definition was changed:
SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT
Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
and not be a general notice that the OS has mmap(). Now the
HAVE_MMAP/SHMGET #defines strictly are informational that the
OS has that method of shared memory; the type to use for
the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
and USE_SHMGET_SCOREBOARD). This allows outside modules to
determine if shared memory is available and allows Apache
to determine the best method to use for the scoreboard.
[Jim Jagielski]
*) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
as do various earlier versions. It should be safe on all versions.
Unixware 1.x appears to have the same SIGHUP bug as solaris does with
the slack code. A few other cleanups for Unixware.
[Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
*) PORT: A/UX can handle single-listen accepts without mutex
locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
*) When die() happens we need to eat any request body if one exists.
Otherwise we can't continue with a keepalive session. This shows up
as a POST problem with MSIE 4.0, typically against pages which are
authenticated. [Roy Fielding] PR#1399
*) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
header will be passed to CGIs. This is generally a security hole, so
it's not a default. [Marc Slemko] PR#549
*) Fix Y2K problem with date printing in suexec log.
[Paul Eggert <eggert@twinsun.com>] PR#1343
*) WIN32 deserves a pid file. [Ben Hyde]
*) suexec errors now include the errno/description. [Marc Slemko] PR#1543
*) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
The choice of flock vs. fcntl was made based on timings which showed that
even on non-NFS, non-exported filesystems fcntl() was an order of
magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
that single socket users will see no difference. [Dean Gaudet] PR#467
*) "File does not exist" error message was erroneously including the
errno. [Marc Slemko]
*) Improve the warning message generated when a client drops the
connection (hits stop button, etc.) during a send. [Roy Fielding]
*) Defining GPROF will disable profiling in the parent and enable it
in the children. If you're profiling under Linux this is pretty much
necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
*) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
[Brian Havard]
*) The NeXT cc (which is gcc hacked up) doesn't appear to support some
gcc functionality. Work around it.
[Keith Severson <keith@sssd.navy.mil>] PR#1613
*) Some linkers complain when .o files contain no functions.
[Keith Severson <keith@sssd.navy.mil>] PR#1614
*) Some const declarations in mod_imap.c that were added for debugging
purposes caused some compilers heartburn without adding any
significant value, so they've been removed. [Ken Coar]
*) The src/main/*.h header files have had #ifndef wrappers added to
insulate them against duplicate calls if they get included through
multiple paths (e.g., in .c files as well as other .h files).
[Ken Coar]
*) The libap routines now have a header file for their prototypes,
src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
*) mod_autoindex with a plaintext header file would emit the <PRE>
start-tag before the HTML preamble, rather than after the preamble
but before the header file contents. [John Van Essen <jve@gamers.org>]
PR#1667
*) SECURITY: Fix a possible buffer overflow in logresolve. This is
only an issue on systems without a MAXDNAME define or where
the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
*) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
is used to read various types of files such as htaccess and
htpasswd files. [Marc Slemko]
*) SECURITY: Ensure that the buffer returned by ht_time is always
properly null terminated. [Marc Slemko]
*) The "Connection" header could be sent back with multiple "close"
tokens. Not an error, but a waste.
[Ronald.Tschalaer@psi.ch] PR#1683
*) mod_rewrite's RewriteLog should behave like mod_log_config, it
shouldn't force hostname lookups. [Dean Gaudet] PR#1684
*) "basic" auth needs a case-insensitive comparison.
[Ronald.Tschalaer@psi.ch] PR#1666
*) For maximum portability, the environment passed to CGIs should
only contain variables whose names match the regex
/[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping
underscores over any character outside the regex. This
affects HTTP_* variables, in a way that should be backward
compatible for all the standard headers; and affects variables
set with SetEnv/BrowserMatch and similar directives.
[Dean Gaudet]
*) mod_speling returned incorrect HREF's when an ambigous match
was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
[robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
*) PORT: Apache now compiles & runs on an EBCDIC mainframe
(the Siemens BS2000/OSD family) in the POSIX subsystem
[Martin Kraemer]
*) PORT: Fix problem killing children when terminating. Allow ^C
to shut down the server. [Brian Havard]
*) pstrdup() is implicit in calls to table_* functions, so there's
no need to do it before calling. Clean up a few cases.
[Marc Slemko, Dean Gaudet]
*) new -C and -c command line arguments
usage:
-C "directive" : process directive before reading config files
-c "directive" : process directive after reading config files
example:
httpd -C "PerlModule Apache::httpd_conf"
[Doug MacEachern, Martin Kraemer]
*) WIN32: Fix the execution of CGIs that are scripts and called
with path info that does not have an '=' in.
(eg. http://server/cgi-bin/printenv?foobar)
[Marc Slemko] PR#1591
*) WIN32: Fix a call to os_canonical_filename so it doesn't try to
mess with fake filenames. This fixes proxy caching on
win32. PR#1265
*) SECURITY: General mod_include cleanup, including fixing several
possible buffer overflows and a possible infinite loop.
[Dean Gaudet, Marc Slemko]
*) SECURITY: Numerous changes to mod_imap in a general cleanup
including fixing a possible buffer overflow. [Dean Gaudet]
*) WIN32: overhaul of multithreading code. Shutdowns are now graceful
(connections are not dropped). Code can handle graceful restarts
(but there is as yet no way to signal this to Apache). Various
other cleanups. [Paul Sutton]
*) The aplog_error changes specific to 1.3 introduced a buffer
overrun in the (now legacy) log_printf function. Fixed.
[Dean Gaudet]
*) mod_digest didn't properly deal with proxy authentication. It
also lacked a case-insensitive comparision of the "Digest"
token. [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599
*) A few cleanups in mod_status for efficiency. [Dean Gaudet]
*) A few cleanups in mod_info to make it thread-safe, and remove an
off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
*) no2slash() was O(n^2) in the length of the input. Make it O(n).
[Dean Gaudet]
*) API: migration from strncpy() to our "enhanced" version called
ap_cpystrn() for performance and functionality reasons.
Located in libap.a. [Jim Jagielski]
*) table_set() and table_unset() did not deal correctly with
multiple occurrences of the same key.
[Stephen Scheck <sscheck@infonex.net>, Ben Laurie] PR#1604
*) The AuthName must now be enclosed in quotes if it is to contain
spaces. [Ken Coar] PR#1195