Skip to content
CHANGES 483 KiB
Newer Older
Ian Holsman's avatar
Ian Holsman committed
Changes with Apache 2.0.32-dev

  *) The Location: response header field, used for external
     redirect, *must* be an absoluteURI.  The Redirect directive
     tested for that, but RedirectMatch didn't -- it would allow
     almost anything through.  Now it will try to turn an abs_path
     into an absoluteURI, but it will correctly varf like Redirect
     if the final redirection target isn't an absoluteURI.  [Ken Coar]

Changes with Apache 2.0.31
Ian Holsman's avatar
Ian Holsman committed

  *) Create the scoreboard (in the parent) in a global pool context,
     so it survives graceful restarts. This fixes a SEGV during
     graceful restarts.  [Aaron Bannert]

  *) Add a timeout option to the proxy code 'ProxyTimeout' 
     [Ian Holsman]
  *) FTP directory listings are now always retrieved in ASCII mode.
     The FTP proxy properly escapes URI's and HTML in the generated
     listing, and escapes the path components when talking to the FTP
     server. It is now possible to browse the root directory by using
     a url like:   ftp://user@host/%2f/ (ported from apache_1.3.24)
     Also, the last path component may contain wildcard characters
     '*' and '?', and if they do, a directory listing is created instead
     of a file retrieval. Example: ftp://user@host/httpd/server/*.c
     [Martin Kraemer]

  *) Added single-listener unserialized accept support to the
     worker MPM [Brian Pane]

  *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
     the incoming host header through to the proxied server
     [Geoff <g.russell@ieee.org>]

Ian Holsman's avatar
Ian Holsman committed
  *) New Directive Option for ProxyPass. It now can block a location
     from being proxied [Jukka Pihl <jukka.pihl@entirem.com>]
  *) Don't let the default handler try to serve a raw directory.  At
     best you get gibberish.  Much worse things can happen depending
     on the OS.  [Jeff Trawick]
     
  *) Change the pre_config hook to return a value. Modules can now emit
     an error message and then cause the server to quit gracefully during
     startup. This required a bump to the MMN.  [Aaron Bannert]

  *) Fix some unix socket descriptor leaks in the handler side of
     mod_cgid (the part that runs in the server process).  Whack a
     silly "close(-1)" in the handler too.  [Jeff Trawick]

  *) Change the pre_mpm hook to return a value, so that scoreboard
     init errors percolate up to code that knows how to exit 
     cleanly.  This required a bump to the MMN.  [Jeff Trawick]
  *) Add the socket back to the conn_rec and remove the create_connection
     hook. The create_connection hook had a design flaw that did not 
     allow creating connections based on vhost info. [Bill Stoddard]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
     Resolves the common case of using negotation to resolve the request
     /script/foo for /script.cgi/foo.  [William Rowe]

  *) Added new functions ap_add_(input|output)_filter_handle to
     allow modules to bypass the usual filter name lookup when
     adding hard-coded filters to a request [Brian Pane]

  *) caching should now work on subrequests (still very experimental)
Ian Holsman's avatar
Ian Holsman committed
     [Ian Holsman]
  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) The Win32 mpm_winnt now has a shared scoreboard.  [William Rowe]

  *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
     [Justin Erenkrantz]

  *) Refactor ap_rgetline so that it does not use an internal brigade.
     Change ap_rgetline's prototype to return errors.  [Justin Erenkrantz]

  *) Remove mod_auth_db.  [Justin Erenkrantz]

  *) Do not install unnecessary pcre headers like config.h and internal.h.
     [Joe Orton <joe@manyfish.co.uk>]

  *) Change in quick_hanlder behavior for subrequests. it now passes DONE
     (as it does for a normal request). quick_handled sub-requests now work
     in mod-include [Ian Holsman]

  *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
     'CONTENT' one, as it needs to run AFTER all content headers
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
     [Lars Eilebrecht]

  *) Split out blocking from the mode in the input filters.
     [Justin Erenkrantz]

  *) Fix a segfault in mod_include.  [Justin Erenkrantz, Jeff Trawick]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Cause Win32 to capture all child-worker process errors in
     Apache to the main server error log, until the child can
     open its own error logs.  [William Rowe]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) HPUX 11.*: Do not kill the child process when accept() 
     returns ENOBUFS on HPUX 11.*. (ported from a 1.3 patch
     by [madhusudan_mathihalli@hp.com])
     [Bill Stoddard]

  *) Fix a problem in the parsing of the <Proxy foo> directive.
     [Jeff Trawick]

  *) rewrite of mod_ssl input filter for better performance and less
     memory usage [Doug MacEachern]

  *) allow quick_handler to be run on subrequests. [Ian Holsman]
  *) mod_dav now asks its provider to place content directly into the
     filter stack when handling a GET request. The mod_dav/provider
     API has changed, so providers need to be updated. [Greg Stein]

  *) Clear the output socket descriptor in unixd_accept() to make sure
     we don't supply a bogus socket to the caller if the accept fails.
     This caused problems with the worker MPM, which tried to process
     the returned socket if it was non-NULL.  [Brian Pane]

  *) Move a check for an empty brigade to the start of core input filter
     to avoid segfaults.  [Justin Erenkrantz, Jeff Trawick]

Ken Coar's avatar
 
Ken Coar committed
  *) Add FileETag directive to allow configurable control of what
     data are used to form ETag values for file-based URIs.  MMN
     bumped to 20020111 because of fields added to the end of
     the core_dir_config structure.  [Ken Coar]

  *) Fix a segfault in mod_rewrite's logging code caused by passing the
     wrong config to ap_get_remote_host().  [Jeff Trawick]

  *) Allow mod_cgid to work from a binary distribution install by
     using 755 for the permissions on the log directory instead of
     750.  [Jeff Trawick]

  *) Fixed a segfault that happened during graceful shutdown (or when
     the httpd ran out of file descriptors) with the worker MPM [Brian Pane]

  *) Split all Win32 modules [excluding the core components mod_core, 
     mod_so, mod_win32 and the winnt mpm] into individual loadable
     modules, so the administrator may individually disable the former
     compiled-in modules by simply commenting out their LoadModule
     directives.  [William Rowe]

  *) Saved Win32 module authors and porters many future headaches, by
     duplicating the appropriate .h files such as os.h into the include
     directory, including in the build tree.  [William Rowe]

  *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
      Use SSL functions/macros instead of directly dereferencing SSL
      structures wherever possible.
      Add type-casts for the cases where functions return a generic pointer.
      Add $SSL/include to configure search path.
     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Moved several pointers out of the shared Scoreboard so it is
     more portable, and will present the vhost name across server
     generation restarts.  [William Rowe]

  *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
     [Doug MacEachern]
Aaron Bannert's avatar
Aaron Bannert committed
Changes with Apache 2.0.30
David Reid's avatar
David Reid committed
  *) Fix the main bug for FreeBSD and threaded MPM's. There are
     still issues (see STATUS) but at least the server will now
     run without crashing the machine.
     [David Reid, Aaron Bannert, Justin Erenkrantz]

  *) Fix a typo in mod_deflate's m4 config section.
     [albert chin (china@thewrittenword.com)]

  *) Fix a couple of mod_proxy problems forwarding HTTP connections
     and handling CONNECT:
     (1) PR #9190  Proxy failed to connect to IPv6 hosts.
     (2) Proxy failed to connect when the first IP address returned by 
         the resolver was unreachable but a secondary IP address was.  
     [Jeff Trawick]

  *) Fix the module identifer as shown in the docs for various core
     modules (e.g., the identifer for mod_log_config was previously
     listed as config_log_module).  PR #9338
     [James Watson <ap2bug@sowega.org>]

  *) Fix LimitRequestBody directive by placing it in the HTTP
     filter.  [Justin Erenkrantz]

  *) Fix mod_proxy seg fault when the proxied server returns 
     an HTTP/0.9 response or a bogus status line.
     [Adam Sussman]

  *) Prevent mod_proxy from truncating one character off the
     end of the status line returned from the proxied server.
     [Adam Sussman, Bill Stoddard]

  *) Eliminate loop in ap_proxy_string_read().
     [Adam Sussman, Bill Stoddard]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Provide $0..$9 results from mod_include regex parsing.
     [William Rowe]

  *) Allow mod-include to look for alternate start & end tags [Ian Holsman]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduced the ForceLanguagePriority directive, to prevent
     returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
     when using Multiviews.  [William Rowe]

  *) Fix a problem which prevented mod_cgid and suexec from working
     together reliably [Greg Ames]

Aaron Bannert's avatar
Aaron Bannert committed
  *) Remove the call to exit() from within mod_auth_digest's post_config
     phase.  [Aaron Bannert]

  *) Fix a problem in mod_auth_digest that could potentially cause
     problems with initialized static data on a system that uses DSOs.
     [Aaron Bannert]

Aaron Bannert's avatar
Aaron Bannert committed
  *) Fix a segfault in the worker MPM that could happen during
     child process exits.  [Brian Pane, Aaron Bannert]

  *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]

  *) Fix matching of vhosts by ip address so we find IPv4
     vhost address when target address is v4-mapped form of
     that address.  [Jeff Trawick]

  *) More performance tweaks to the BNDM string-search algorithm
     used to find "<!--#" tokens in mod_include [Brian Pane]

  *) Miscellaneous small performance fixes: optimized away various
     string copy operations and removed large temp buffers from
     the stack [Brian Pane]

  *) Fixed startup segfault that occurred when a VirtualHost
     directive had a port but no address [Brian Pane]

  *) Allow htdbm to work with multiple DBM types [Ian Holsman]
  *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
     if oslevel < WINNT.  This should fix several problems reported
     Against 2.0.28 on Windows 98 [Bill Stoddard]
  *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
     to fail. [Bill Stoddard]

  *) Change core code to allow an MPM to set hard thread/server
     limits at startup.  prefork, worker, and perchild MPMs now have 
     directives to set these limits.  [Jeff Trawick]
  *) Win32: The async AcceptEx() event should be autoreset upon
     successful completion of a wait (WaitForSingleObject). This
     eliminates a number of spurious
     setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
     [Bill Stoddard]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Move any load library path environment variables out of 
     apachectl and into a separate environment variable file which
     can be more easily tailored by the admin.  The environment
     variable file as built by Apache may have additional system-
     specific settings.  For example, on OS/390 we tailor the heap
     settings to allow lots of threads.  [Jeff Trawick]
    
  *) Use the new APR pool code to reduce pool-related lock
     contention in the worker MPM.  [Sander Striker]

  *) The POD no longer assumes the child is listening on 127.0.0.1
     and now pulls the first hostname in the list of listeners to
     perform the dummy connect on. This fixes a bug when the user
     had configured the Listen directive for an IP other than
     127.0.0.1. This would result in undead children and error
     messages such as "Connection refused: connect to listener".
     [Aaron Bannert]

  *) The worker MPM now respects the LockFile setting, needed to
     avoid locking problems with NFS.  [Jeff Trawick]

  *) Fix segfault when worker MPM receives SIGHUP.
     [Ian Holsman, Aaron Bannert, Justin Erenkrantz]

  *) Fix bug that could potentially prevent the perchild MPM from
     working with more than one vhost/uid.  [Aaron Bannert]

  *) Change make install and apxs -i processing of DSO modules to 
     perform special handling on platforms where libtool doesn't install 
     mod_foo.so.  This fixes some wonkiness on HP-UX, Tru64, and AIX 
     which prevented standard LoadModule statements from working.
  *) Whenever mod_so is enabled (not just when there are DSOs for
     our modules), do whatever special magic is required for compiling/
     loading third-party modules.  This allows third-party DSOs to
     be used on an AIX build when there were no built-in modules
     built as DSOs.  (This should help on OS/390 and BeOS as well.)
     [Jeff Trawick]

  *) Allow apxs to be used to build DSOs on AIX without requiring the
     user to hard-code the list of import files.  (This should help
     on OS/390 and BeOS as well.)  [Jeff Trawick]
     
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
     PR 8563, 8919  [William Rowe]
  
  *) Get binary builds working when libapr and libaprutil are built
     shared [Greg Ames]
Ian Holsman's avatar
Ian Holsman committed

  *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
     working on AIX.  [Aaron Bannert, Dick Dunbar <RLDunbar@pacbell.net>,
     Gary Hook <ghook@us.ibm.com>, Victor Orlikowski, Jeff Trawick]

  *) Fix the handling of SSI directives in which the ">" of the
     terminating "-->" is the last byte in a file [Brian Pane]

  *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
     message that we had back in apache-1.3 and still have scattered
     throughout our docs.  [Aaron Bannert]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Prevent the Win32 port from continuing after encountering an
     error in the command line args to apache.  [William Rowe]

  *) On a error in the proxy, make it write a line to the error log
     [Ian Holsman]

  *) Various mod_ssl performance improvements [Doug MacEachern]

Ian Holsman's avatar
Ian Holsman committed
Changes with Apache 2.0.29
  *) Add buffering in core_output_filter to ensure that long
     lists of small buckets don't cause small packet writes.
     [Brian Pane, Ryan Bloom]

  *) Fix the installation target to make sure that the manual is 
     installed in the correct location.
     [Yoshifumi Hiramatsu <hiramatu@boreas.dti.ne.jp> and
      Gomez Henri <hgomez@slib.fr>]

  *) Fix the cmd command for mod_include.  When we are processing
     a cmd command, we do not want to use the r->filename to set
     the command name.  The command comes from the SSI tag.  To do this,
     I added a variable to the function that builds the command line
     in mod_cgi.  This allows the include_cmd function to specify
     the command line itself. [Ryan Bloom]

  *) Change open_logs hook to return a value, allowing you
     to flag a error while opening logs
     [Ian Holsman, Doug MacEachern]

  *) Change post_config hook to return a value, allowing you
     to flag a error post config
     [Ian Holsman, Jeff Trawick]

  *) Allow SUEXEC_BIN (the path to the suexec binary that is
     hard-coded into the server) to be specified to the configure
     script by the --with-suexec-bin parameter.  [Aaron Bannert]

  *) Fix segv in worker MPM following accept on pipe-of-death
     [Brian Pane]

  *) Add mod_deflate to experimental.  
     [Ian Holsman, Justin Erenkrantz]

  *) Bail out at configure time if an invalid MPM was specified.
     [jean-frederic clere <jfrederic.clere@fujitsu-siemens.com>]

  *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
     configured [John Sterling <sterling@covalent.net>]
  *) Fix apxs to use sbindir.  [Henri Gomez <hgomez@slib.fr>]

  *) Fix a problem with IPv6 vhosts.  PR #8118  [Jeff Trawick]

  *) Optimization for the BNDM string-search function in
     mod_include.  [Brian Pane]

  *) Fixed the behavior of the XBitHack directive.
     [Taketo Kabe <kabe@sra-tohoku.co.jp>, Cliff Woolley] PR#8804

  *) The threaded MPM for Unix has been removed.  Use the worker
     MPM instead.  [various]

  *) APR-ize the resolver logic in mod_unique_id.  This fixes a bug
     in logging the error from a failed DNS lookup.  [Jeff Trawick]

  *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
     [Cliff Woolley]

  *) Get mod_cgid killed when a MPM exits due to a fatal error.
     [Jeff Trawick]

  *) Fix a file descriptor leak in mod_include.  When we include a
     file, we use a sub-request, but we didn't destroy the sub-request
     immediately, instead we waited until the original request was
     done.  This patch closes the sub-request as soon as the data is
     done being generated.  [Brian Pane <bpane@pacbell.net>]

  *) Allow modules that add sockets to the ap_listeners list to
     define the function that should be used to accept on that
     socket.  Each MPM can define their own function to use for
     the accept function with the MPM_ACCEPT_FUNC macro.  This
     also abstracts out all of the Unix accept error handling
     logic, which has become out of synch across Unix MPMs.
     [Ryan Bloom]

  *) Fix a bug which would cause the response headers to be omitted
     when sending a negotiated ErrorDocument because the required
     filters were attached to the wrong request_rec.
     [John Sterling <sterling@covalent.net>]

  *) Remove commas from the end of the macros that define
     directives that are used by MPMs.  Prior to this patch,
     you would use these macros without commas, which was unlike
     the macros for any other directives.  Now, the caller provides
     the comma rather than the macro providing it.  This makes
     the macros look more like the rest of the directives.
     [Ryan Bloom and Cliff Woolley]
  *) Add 'redirect-carefully' environment option to disable sending
     redirects under special circumstances.  This is helpful for 
     Microsoft's WebFolders when accessing a directory resource via
     DAV methods.  [Justin Erenkrantz]

  *) Begin to abstract out the underlying transport layer.
     The first step is to remove the socket from the conn_rec,
     the server now lives in a context that is passed to the
     core's input and output filters. This forces us to be very
     careful when adding calls that use the socket directly,
     because the socket isn't available in most locations.
     [Ryan Bloom]

  *) Really reset the MaxClients value in worker and threaded
     when the configured value is not a multiple of the number 
     of threads per child.  We said we did previously but we 
     forgot to. [Jeff Trawick]
  *) Add Debian layout.  [Daniel Stone <daniel@sfarc.net>]

  *) If shared modules are requested and mod_so is not available,
     produce a fatal config-time error.  [Justin Erenkrantz]

  *) Improve http2env's performance by cutting the work it has to
     do.  [Brian Pane <bpane@pacbell.net>]

  *) use new 'apr_hash_merge' function in mod_mime (performance fix)
     [Brian Pane <bpane@pacbell.net>]

  *) Fix infinite loop in mod_cgid.c.  
     [Dale Ghent <daleg@elemental.org>, Brian Pane <bpane@pacbell.net>]

  *) When no port is given in a "ServerName host" directive, the
     server_rec->port is now set to zero, not 80. That allows for
     run-time deduction of the correct server port (depending on
     SSL/plain, and depending also on the current setting of
     UseCanonicalName). This change makes redirections
     work, even with https:// connections. As in Apache-1.3, the
     connection's actual port number is never used, only the ServerName
     setting or the client's Host: setting. Documentation updated
     to reflect the change. [Martin Kraemer]
  *) Add a '%{note-name}e' argument to mod-headers, which works in
     the same way as mod_log_confg.  [Ian Holsman]

  *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
     AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
     MPMs.  [Cliff Woolley]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce htdbm, a user management utility for db/dbm authorization
     databases.  [Mladen Turk <mturk@mappingsoft.com>]

  *) Optimize usage of strlen and strcat in ap_directory_walk.
     [Brian Pane <bpane@pacbell.net>]

  *) Introduce an Apache mod_ssl initial configuration template 
     (ssl.conf, generated from ssl-std.conf).  [Ralf S. Engelschall]

Aaron Bannert's avatar
Aaron Bannert committed
  *) Fixed a memory leak in the getline parsing code that could
     be triggered by arbitrarily large header lines. Requests
     from the core input filter for single lines are now limited
     to HUGE_STRING_LEN (8192 bytes).  [Aaron Bannert]

  *) Fix a truncation bug in how we print the port on the Via: header. 
     The routine that prints the Via: header now takes a length for
     the port string.  [Zvi Har'El <rl@math.technion.ac.il>]

  *) Some syntax errors in mod_mime_magic's magic file can result
     in a 500 error, which previously was unlogged.  Now we log the
     error.  [Jeff Trawick]

  *) Add the support/checkgid helper app, which checks the run-time
     validity of group identifiers usable in the Group directive.
     [Ken Coar]

  *) Various --enable-so options have been fixed: --enable-so is
     treated as "static"; explicit --enable-so=shared issues an error;
     and explicit --enable-so fails with error on systems without
     APR_HAS_DSO.  [Aaron Bannert]

  *) Fix a segfault in the core input filter when the client socket
     gets disconnected unexpectedly.  [Cliff Woolley]

  *) Fix the reporting for child processes that die.  This removes
     all of the non-portable W* macros from Apache. 
     [Jeff Trawick and Ryan Bloom]

  *) Win32: Track and display "Parent Server Generation:" in
     mod_status output. The generation will be bumped at
     server graceful restart, when the child process exits
     by hitting MaxRequestsPerChild or if the child 
     process exits abnormally. [Bill Stoddard]

  *) Win32: Fix problem where MaxRequestsPerChild directive was
     not being picked up in favor of the default. Enable
     the parent to start up a new child process immediately upon
     the old child starting shutdown.
     [Bill Stoddard]
  *) Fix some bungling of the remote port in rfc1413.c so that 
     IdentityCheck retrieves the proper user id instead of failing
     and thus always returning "nobody."  
     [Dick Streefland <Dick.Streefland@xs4all.nl>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduced thread saftey for mod_rewrite's internal cache.
     [Brian Pane <bpane@pacbell.net>]

  *) Simplified mod_env's directives to behave as most directives are
     expected, in that UnsetEnv will not unset a SetEnv and PassEnv 
     directive following that UnsetEnv within the same container.
     Also provides a runtime startup warning if a PassEnv configured 
     environment value is undefined.  [William Rowe]

  *) The worker MPM is now completely ported to APR's new lock API. It
     uses native APR types for thread mutexes, cross-process mutexes,
     and condition variables.  [Aaron Bannert]

  *) Sync up documentation to remove all references to the now deprecated
     Port directive.  [Justin Erenkrantz]

  *) Moved all ldap modules from the core to httpd-ldap sub-project
     [Ryan Bloom]

  *) Exit when we can't listen on any of the configured ports.  This
     is the same behavior as 1.3, and it avoids having the MPMs to
     deal with bogus ap_listen_rec structures.  [Jeff Trawick]

  *) Cleanup the proxy code that creates a request to the origin
     server.  This change adds an optional hook, which allows modules
     to gain control while the request is created if the proxy module
     is loaded.  The purpose of this hook is to allow modules to add
     input and/or output filters to the request to the origin.  While
     I was at it, I made the core use this hook, so that proxy request
     creation uses some of the code from the core.  This can still be
     greatly improved, but this is a good start.  [Ryan Bloom]

Changes with Apache 2.0.26
Ryan Bloom's avatar
Ryan Bloom committed

  *) Port the MaxClients changes from the worker MPM to the threaded
     MPM.  [Ryan Bloom]

  *) Fix mod_proxy so that it handles chunked transfer-encoding and works
     with the new input filtering system.  [Justin Erenkrantz]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce the MultiviewsMatch directive, to allow the operator
     to be flexible in recognizing Handlers and Filters filename
     extensions as part of the Multiviews matching logic, strict with
     MultiviewsMatch NegotiatedOnly to accept only filename extentions 
     that designate negotiated parameters, (content type, charset, etc.)
     or MultiviewsAll for the 1.3 behavior of matching any files, even
     if they have unregistered extensions.  [William Rowe]

  *) Fixed the configure script to add a LoadModule directive to
     the default httpd.conf for any module that was compiled
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     as a DSO.  [Aaron Bannert <aaron@clove.org>]
  *) rewrite mod_ssl input filtering to work with the new input filtering
     system.  [Justin Erenkrantz]

  *) prefork: Don't segfault when we are able to listen on some but
     not all of the configured ports.  [Jeff Trawick]

Justin Erenkrantz's avatar
Justin Erenkrantz committed
  *) Build mod_so even if no core modules are built shared.
     [Aaron Bannert <aaron@clove.org>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce ap_directory_walk rewrite (with further optimizations
     required) to adapt to the ap_process_request_internal() changes.
     Optimized so subrequests and redirects now reuse previous section 
     merges, until we mismatch with the original directory_walk, and
     precomputed r->finfo results will cause directory_walk to skip
     the most expensive phases of the function.  [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Allow ApacheMonitor to connect to and control Apache on other 
     WinNT/2K machines.   [Mladen Turk <mturk@mappingsoft.com>]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Remove the Port directive.  In it's place, the Listen directive
     is now a required directive, which tells Apache what port to
     listen on.  The ServerName directive has also been extended
     to accept an optional port.  If the port is specified to the
     ServerName, the server will report that port whenever it
     reports the port that it is listening on.  This change was
     made to ease configuration errors that stem from having a Port
     directive, and a Listen directive.  In that situation, the server
     would only listen to the port specified by the Listen command,
     which caused a lot of confusion to users.  [Ryan Bloom]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
     build, as loadable modules.  [William Rowe]

  *) Fix --enable-mods-shared processing.  If most is specified,
     then all modules that can be compiled as shared modules are.
     [Aaron Bannert <aaron@clove.org>]

Lars Eilebrecht's avatar
Lars Eilebrecht committed
  *) Update the mime.types file to map video/vnd.mpegurl to mxu
     and add commonly used audio/x-mpegurl for m3u extensions.        
     [Heiko Recktenwald <uzs106@uni-bonn.de>, Lars Eilebrecht]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Eliminate the depreciated r->content_language, in favor of the array
     r->content_languages introduced many years ago.  Module authors must
     substantially overhaul their modules, so this needs to be upgraded
     if the module still relied on backwards-brokeness.  [William Rowe]

  *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
     [Justin Erenkrantz]

Justin Erenkrantz's avatar
Justin Erenkrantz committed
  *) Rewrite the input filtering mechanisms to consolidate and reorganize
     code.  In short, core_input_filter does something now and
     ap_http_filter is now only concerned with HTTP.  [Justin Erenkrantz]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Update the Win32 build to re-absorb mod_proxy and family.
     [William Rowe]

  *) Resolved the build failure on Win32 using MSVC 5.0 (without the
     current SDK.)  [William Rowe]

Graham Leggett's avatar
Graham Leggett committed
  *) Some style changes to the code that does ProxyErrorOverride. Fixed
     config merge behaviour. [Graham Leggett]

  *) Allow support programs to be compiled against a static version
     of libapr.  This allows the smaller support programs to be 
     relocated.  [Aaron Bannert <aaron@clove.org>]

  *) Update the mime.types file to the registered media types as
     of 2001-09-25, and add mapping for xsl extension [Mark Cox]

  *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
     number of clients that can connect at the same time, instead of
     specifying the maximum number of child processes.
     [Aaron Bannert <aaron@clove.org>]

  *) Switch proc_pthread AcceptMutex configuration directive to pthread to 
     be consistent with 1.3.  [Justin Erenkrantz]

  *) Cache apr_explode_localtime() value for 15 seconds.
     [Brian Pane <bpane@pacbell.net>]

  *) Fix mod_include to not return ETag or Last-Modified headers.
     [Ian Holsman <ianh@cnet.com>]

  *) Fix worker MPM's scoreboard logic.  [Aaron Bannert <aaron@clove.org>]

  *) Eliminate the wasteful run-time conversion of method names from strings 
     to numbers in places where the methods are known at compile time.  
     [Brian Pane <bpane@pacbell.net>]

  *) Turn the worker MPM's queue into a LIFO.  This may
     improve cache-hit performance under some conditions.
     [Aaron Bannert <aaron@clove.org>]

  *) Switch back to SIGUSR1 for graceful restarts on all platforms that
     support it.  [Justin Erenkrantz]

  *) Cleanup the worker MPM.  We no longer re-use transaction
     pools.  This incurs less overhead than shuffling the pools
     around so that they can be re-used.  Remove one of the
     queue's condition variables.  We just redefined the API to
     state that you can't try to add more stuff than you allocated
     segments for.  [Aaron Bannert <aaron@clove.org>]

  *) Fix SSL VPATH builds [Cody Sherr <csherr@covalent.net>]

Greg Stein's avatar
Greg Stein committed
  *) Fixed persistent connections when a request contains a body.
     [Greg Stein]

  *) mod_dav uses a new API to speak to the backend provider for dead
     property management. [Greg Stein]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Remove the Win32 script-processing exception from mod_cgi, and
     roll build_command_line/build_argv_list into a unified, overrideable
     ap_cgi_build_command optional function.  [William Rowe]

  *) Rewrite find_start_sequence to use a better search algorithm
     to find the start tag.  [Justin Erenkrantz]

  *) Fix a seg fault in mod_include.  When we are generating an
     internal redirect, we must set r->uri to "", not a bogus
     string, and not NULL.  [Ryan Bloom]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Optimized location_walk, so subrequests, redirects and second passes
     now reuse previous section merges on a <Location > by <Location >
     basis, until we mismatch with the original location_walk. 
     [William Rowe]

  *) Back out the 1.45 change to util_script.c.  This change made
     us set the environment variable REQUEST_URI to the redirected
     URI, instead of the originally requested URI.
     [Taketo Kabe <kabe@sra-tohoku.co.jp>]

  *) Make mod_include do lazy evaluation of potentially expensive to
     compute variables.  [Brian Pane <bpane@pacbell.net>]

  *) Fix logging of bytes sent for HEAD requests.  %b and %B should
     log either - or 0, before this patch, they were both logging
     the file size.  [Taketo Kabe <kabe@sra-tohoku.co.jp>]

  *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather 
     than per character.  [Brian Pane <bpane@pacbell.net>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Normalize the primary request, redirects and sub-requests to
     run the same ap_process_request_internal for consistency in
     robustness, behavior and security.  [William Rowe]

  *) Fix a segfault with mod_include when r->path_info is not set
     (which is the case with mod_proxy).  [Ian Holsman <ianh@cnet.com>]

  *) Add -X functionality back.  This indicates to all MPMs and any other
     part of Apache that it should run in "debug" mode.  [Justin Erenkrantz]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Some initial support for the cygwin platform [prefork only].
     This is not to be confused with support for the WinNT/Win32
     platform, which is the recommended configuration for native
     Win32 users.  The cygwin platform support is recommended for
     cygwin platform users. [Stipe Tolj <tolj@wapme-systems.de>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Changed syntax of Set{Input|Output}Filter.  The list of filters
     must be semicolon delimited (if more than one filter is given.)
     The Set{Input|Output}Filter directive now overrides a parent
     container's directive (e.g. SetInputFilter in <Directory /web/foo>
     will override any SetInputFilter directive in <Directory /web>.)
     This new syntax is more consistent with Add{Input|Output}Filter
     directives defined in mod_mime.  Also cures a bug in prior releases
     where the Set{Input|Output}Filter directive would corrupt the 
     global configuration if the multiple directives were nested.
     [William Rowe]

  *) Cured what's ailed mime for quite some time.  If an AddSomething
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     was given in the configuration (Language, Charset, Handler or
     Encoding) Apache would set the content type as given by AddType, 
     but refused to check the mime.types file if AddType wasn't given 
     for that specific extension.  Setting the AddHandler for .html 
     without setting the AddType text/html html would cause Apache to 
     use the default content type.  [William Rowe]

  *) Added some bulletproofing to memory allocation in the LDAP cache
     code. [Graham Leggett]

  *) Move the installed /manual directory out of the /htdocs/ tree, so
     that it can be kept more independently from the remaining document
     root. The "Alias /manual ..." already allowed for easy projection
     into existing private document trees. [Martin Kraemer]

  *) Add specified user attributes to the environment when using
     mod_auth_ldap. This allows you to use mod_include to embed specified
     user attributes in a page like so:
     Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
     [Graham Leggett]

  *) Fix a performance problem with the worker MPM.  We now create
     transaction pools once, and re-use them for each connection.
     [Aaron Bannert <aaron@clove.org>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Modfied mod_mime to prevent mod_negotation from serving a multiview
     of a 'handler' or 'filter', so that any filename extension that does 
     not contribute to the negotiated metadata can't be served without
     an explicit request.  E.g., if the .Z extension is associated with
     an unzip filter, the user request somefile.Z.html, mod_negotiation
     won't serve it.  It can serve somefile.Z.html when somefile.Z is
     requested, since the .Z extension is explictly requested, if the
     .html extension is associated with ContentType text/html.
     [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
     and corresponding AddOutputFilter syntax, to insert one or more 
     filters by mod_mime filename extension processing.
     [William Rowe]

  *) Fix a growing connection pool in core_output_filter() for 
     keepalive requests.  [Jeff Trawick]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Moved split_and_pass_pretag_buckets back to being a
     macro at Ryans's request. Removed the return from it
     by setting and returning a return code instead. Updated
     the code to check the return code from the macro and
Paul J. Reder's avatar
 
Paul J. Reder committed
     do the right thing. [Paul J. Reder]
  *) Fix a segfault when a numeric value was received for Host:.
     [Jeff Trawick]

  *) Add a function ap_remove_input_filter.  This is to match
     up with ap_remove_output_filter.  [Ryan Bloom]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Clean up location_walk, so that this step performs a minimum
     amount of redundant effort (it must be run twice, but it will no
     longer reparse all <Location > blocks when the request uri
     hadn't changed.)  [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Eliminate proxy: (and all other 'special') processing from the
     ap_directory_walk() phase.  Modules that want to use special
     walk logic should refer to the mod_proxy map_to_location example,
     with it's proxy_walk and proxysection implementation.  This makes
     either directory_walk flavor much more legible, since that phase
     only runs against real <Directory > blocks.
     [William Rowe]
  *) Fix a security problem in mod_include which would allow
     an SSI document to be passed to the client unparsed.
     [Cliff Woolley, Brian Pane]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Introduce the map_to_storage hook, which allows modules to bypass
     the directory_walk and file_walk for non-file requests.  TRACE
     shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
     directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
     [William Rowe]

  *) Add the ability for mod_include to add the INCLUDES filter
     if the file is configured for the server-parsed handler.
     This makes the configuration for .shtml files much easier
     to understand, and allows mod_include to honor Apache 1.3
     config files.   Based on Doug MacEachern's patch to PHP
     to do the same thing.  [Ryan Bloom]

  *) force OpenSSL to ignore process local-caching and to always
     get/set/delete sessions using mod_ssl's callbacks
     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
      Geoff Thorpe <geoff@geoffthorpe.net>]

  *) Make the worker MPM shutdown and restart cleanly.  This also
     cleans up some race conditions, and gets the worker using
     pools more cleanly.  [Aaron Bannert <aaron@clove.org>]

  *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
     for mod_ssl
     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix for mod_include. Ryan's patch to check error
     codes put a return in the wrong place. Also, the
     include handler return code wasn't being checked.
     I don't like macros with returns, so I converted
     SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
     [Paul J. Reder <rederpj@raleigh.ibm.com>]

  *) fix segv in mod_mime if no AddTypes are configured
     [John Sterling <sterling@covalent.net>]

  *) Enable ssl client authentication at SSL_accept time
     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
  *) Fix a segfault in mod_include when the original request has no
     associated filename (e.g., we're filtering the error document for
     a bad URI).  [Jeff Trawick]

  *) Fix a storage leak (a strdup() call) in mod_mime_magic.  [Jeff Trawick]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
     of httpd is started and shuts down due to socket conflict. Moving the
     call to ap_log_pid solves the problem.

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Changed the late-1.3 log_config substitution %c to %X, to log the
     status of the closed connection, as it conflicts with the far more
     common, historical ssl logging directive %...{var}c.  [William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Added the common error/ tree to the build/install targets 
     (similar to the common icons/ tree) for the multi-language error 
     messages that Lars committed earlier.  [William Rowe]

Brian Havard's avatar
Brian Havard committed
  *) Added a multi process, multi threaded OS/2 MPM mpmt_os2.  [Brian Havard]

  *) Added a default commented-out mod_ldap and mod_auth_ldap
     configuration to httpd-std.conf and httpd-win.conf
     [Graham Leggett]

  *) Added documentation for mod_ldap and mod_auth_ldap.
     [Graham Leggett]

  *) Enabled negative caching on attribute comparisons in the LDAP cache.
     Fixed a problem where the default cache TTL was set in milliseconds
     not microseconds causing the cache to time out almost immediately.
     [Graham Leggett]

  *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
     module code to follow APR. [Graham Leggett]

  *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
     cleaned up when the connection pool pool is cleaned up.
     [Graham Leggett]

Paul J. Reder's avatar
 
Paul J. Reder committed
  *) Fix a minor issue with Jeff Trawick's mod_include
     patch. Without this patch, the code will just allocate
     more bytes in get_combined_directive than are needed.
Paul J. Reder's avatar
 
Paul J. Reder committed

Graham Leggett's avatar
Graham Leggett committed
  *) Added the LDAP authentication module mod_auth_ldap.
     [Dave Carrigan <dave@rudedog.org>, Graham Leggett]

  *) Added the LDAP cache and connection pooling module mod_ldap.
     [Dave Carrigan <dave@rudedog.org>, Graham Leggett]

  *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
     by allowing a module to disable itself if its prerequisites are not
     met.  [Justin Erenkrantz]

Ryan Bloom's avatar
Ryan Bloom committed
Changes with Apache 2.0.24
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Fix a couple of issues in mod_include when the tag appeared at
     offsets near 8192 in the file being parsed.  [Jeff Trawick]

  *) Fix an assertion failure in mod_ssl when the keepalive timeout is  
     reached.  [Jeff Trawick]

  *) Numerous improvements to the Win32 build system.  Introduced command line
     builds without requiring .mak files for MSVC 6.0 and later versions.
     Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
     [William Rowe]

  *) Assorted corrections and improvements to the winnt_mpm startup code.  Better
     reporting of uninstalled services and other error conditions, and changed the 
     default service name to Apache2.  [William Rowe]

  *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm 
     compatibility with existing Apache 1.3 Win32 Apache management utilites.  
     [Mladen Turk <mturk@mappingsoft.com>, William Rowe]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
     [William Rowe, Greg Ames]

  *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
     and RemoveCharset directives.  [William Rowe]

  *) The Unix MPMs other than perchild now allow child server 
     processes to use the accept mutex when starting as root and 
     using SysV sems for the accept mutex.  Previously, this 
     combination would lead to fatal errors in the child server 
     processes.  perchild can't use SysV sems because of security
     issues.  [Jeff Trawick, Greg Ames]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Added Win32 revision stamp resources to all http binaries
     (including modules/ and support/ tools.)  PR7322  [William Rowe]

  *) Fix ap_rvprintf to support more than 4K of data at one time.
     [Cody Sherr <csherr@covalent.net>]

Ken Coar's avatar
 
Ken Coar committed
  *) We have always used the obsolete/deprecated Netscape syntax
     for our tracking cookies; now the CookieStyle directive
     allows the Webmaster to choose the Netscape, RFC2109, or
     RFC2965 format.  The new CookieDomain directive allows the
Ken Coar's avatar
Ken Coar committed
     setting of the cookie's Domain= attribute, too.  PR #s 5006,
     5023, 5920, 6140 [Ken Coar]
Ken Coar's avatar
 
Ken Coar committed

  *) Tweak server/Makefile so that the rules for generating exports.c
     are compatible with make utilities which don't expand wildcards
     in a dependency list (e.g., OS/390 make, certain levels of GNU
     make).  [Jeff Trawick]

  *) Install the SSL headers.  [John Sterling <sterling@covalent.net>]

  *) Begin to sanitize the MPM configuration directives.  Now, all
     MPMs use the same functions for all common MPM directives.  This
     should make it easier to catch all bugs in these directives once.
     [Cody Sherr <csherr@covalent.net>]

Cliff Woolley's avatar
Cliff Woolley committed
  *) Close a major resource leak.  Every time we had issued a
     graceful restart, we leaked a socket descriptor.
     [Ryan Bloom]

  *) Fix a problem with the new method code.  We need to cast
     the 1 to an apr_int64_t or it will be treated as a 32-bit
     integer, and it will wrap after being shifted 32 times.
     [Cody Sherr <csherr@covalent.net> and Ryan Morgan <rmorgan@covalent.net>]

  *) Fix a bug in mod_expires.  Previous to this patch, if you
     told mod_expires to add 604800 seconds to the last-modified
     time, it actually added 604800 usec's to the last-modified time,
     so that when looking at the response it looked like nothing
     had been done.  The root of the problem was that we always compute
     time in usec's, but we ask users to input sec's.  This means we
     need to convert to usec's before using those values.
     [Ryan Bloom]

  *) The worker MPM now handles shutdown and restart requests.  It
Cliff Woolley's avatar
Cliff Woolley committed
     definitely isn't perfect, but we do stop the servers correctly.
     The biggest problem right now is that SIGHUP causes the server to
     just die.  [Ryan Bloom]

Cliff Woolley's avatar
Cliff Woolley committed
Changes with Apache 2.0.23
  *) Use the prefork MPM by default on Unix.  [various]