Skip to content
CHANGES 576 KiB
Newer Older
  *) Move the addition of the CORE filter to the post_read_request
     hook in http_core.c.  This removes the need to add the filter in
     multiple places and allows for an SSL module to be added much
     simpler. [Ryan Bloom]

  *) SECURITY [CVE-2000-0913] (cve.mitre.org):
     Fix a security problem that affects certain configurations of
5008 5009 5010 5011 5012 5013 5014 5015 5016 5017 5018 5019 5020 5021 5022 5023 5024 5025 5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037 5038 5039 5040 5041 5042 5043 5044 5045 5046 5047 5048 5049 5050 5051 5052 5053 5054 5055 5056 5057 5058 5059 5060 5061 5062 5063 5064 5065 5066 5067 5068 5069 5070 5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098 5099 5100 5101 5102 5103 5104 5105 5106 5107 5108 5109 5110 5111 5112 5113 5114 5115 5116 5117 5118 5119 5120 5121 5122 5123 5124 5125 5126 5127 5128 5129 5130 5131 5132 5133 5134 5135 5136 5137 5138 5139 5140 5141 5142 5143 5144 5145 5146 5147 5148 5149 5150 5151 5152 5153 5154 5155 5156 5157 5158 5159 5160 5161 5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193 5194 5195 5196 5197 5198 5199 5200 5201 5202 5203 5204 5205 5206 5207 5208 5209 5210 5211 5212 5213 5214 5215 5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229 5230 5231 5232 5233 5234 5235 5236 5237 5238 5239 5240 5241 5242 5243 5244 5245 5246 5247 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264 5265 5266 5267 5268 5269 5270 5271 5272 5273 5274 5275 5276 5277 5278 5279 5280 5281 5282 5283 5284 5285 5286 5287 5288 5289 5290 5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308 5309 5310 5311 5312 5313 5314 5315 5316 5317 5318 5319 5320 5321 5322 5323 5324 5325 5326 5327 5328 5329 5330 5331 5332 5333 5334 5335 5336 5337 5338 5339 5340 5341 5342 5343 5344 5345 5346 5347 5348 5349 5350 5351 5352 5353 5354 5355 5356 5357 5358 5359 5360 5361 5362 5363 5364 5365 5366 5367 5368 5369 5370 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 5386 5387 5388 5389 5390 5391 5392 5393 5394 5395
     mod_rewrite. If the result of a RewriteRule is a filename that
     contains expansion specifiers, especially regexp backreferences
     $0..$9 and %0..%9, then it may be possible for an attacker to
     access any file on the web server. [Tony Finch]

  *) Fix a bug where errors that are detected during early request parsing
     don't produce visible HTTP error messages at the browser, because
     the core_filter wasn't present.  [Greg Ames]

  *) Provide apr_socklen_t as a portability aid. 
     [Victor  J. Orlikowski]

  *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
     as well as a comment arg to the add, adduser and update cmds.
     update allows the user to clear or preserve pw/groups/comment.
     Fixed a bug in dbmmanage that prevented the check option from 
     parsing a password followed by :group... text.  Corrected the
     seed calcualation for Win32 systems, and added -lsdbm support.
     [William Rowe]

  *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
     [William Rowe]

  *) Avoid a segfault when parsing .htaccess files.  An 
     uninitialized tree pointer was passed to ap_build_config().
     [Jeff Trawick]

  *) Change the way that inet_addr & inet_network are checked for
     in APR's configure process to allow BeOS BONE to correctly
     find them. With this change BeOS BONE now builds from source
     with no problems.  [David Reid]

  *) Fix a bug in apr_create_process() for Unix.  The NULL signifying
     the end of the parameters to execve() was stored in the wrong
     location, overlaying the storage beyond the newargs[] array and 
     also passing uninitialized storage to execve(), which would 
     sometimes fail with EFAULT.  [Jeff Trawick]

  *) Fix a bug parsing configuration file containers.  With a sequence
     like this in the config file

       <IfModule mod_kilroy.c>
       any stuff
       </IfModule>
       <IfModule mod_lovejoy.c>
       (blank line)
       any stuff
       </IfModule>

     the second container would be terminated at the blank line due to
     sediment in the buffer from reading the prior </IfModule> and an 
     error message would be generated for the real </IfModule> for the
     second container.  Also due to this problem, any two characters 
     could be used for "</" in the close of a container.  
     [Jeff Trawick]

  *) ap_add_filter prototype changed to remove the ctx pointer.  The
     pointer still remains in the filter structure, but it can not be
     a part of the ap_add_filter prototype.  The reason is that when
     the core uses AddFilter to add a filter to the stack it doesn't
     know how to allocate the ctx pointer, or even how much memory should
     be allocated.  The filters will have to be responsible for allocating
     the ctx memory when they need it.
     [Ryan Bloom]

  *) Add an AddFilter directive.  This directive takes a list of filters
     that should be activated for the requested resource.
     [Ryan Bloom]

  *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
     some other platforms).  [Jeff Trawick]

  *) Modify mod_include to be a filter.  Currently, it has only been tested
     on actual files, but it should work for CGI scripts too.
     [Ryan Bloom]

  *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
     writes.  apr_flush() for Unix: handle interrupted writes.
     [Jeff Trawick]

  *) NameVirtualHost can now take "*" as an argument instead of
     an IP address. This allows you to create a purely name-based
     virtual hosting server that does not have any IP addresses in
     the configuration file and which ignores the local address
     of any connections. PR #5595, PR #4455 [Tony Finch]

  *) Fix some compile warnings in mod_mmap_static.c
     [Mike Abbott <mja@sgi.com>]

  *) Fix chunking problem with CGI scripts.  The general problem was that
     the CGI modules were adding an EOS bucket and then the core added an
     EOS bucket.  The chunking filter finalizes the chunked response when it
     encounters an EOS bucket.  Because two EOS buckets were sent, we
     finalized the response twice.  The fix is to make sure we only send one
     EOS, by utilizing a flag in the request_rec.
     [Ryan Bloom]

  *) apr_put_os_file() now sets up the unget byte appropriately on Unix
     and Win32.  Previously, the first read from an apr_file_t set up via
     apr_put_os_file() would return a '\0'.  [Jeff Trawick]

  *) Mod_cgid now creates a single element bucket brigade, with a pipe
     bucket, instead of using BUFF's and ap_r*.
     [Ryan Bloom]

  *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
     [Mike Abbott <mja@sgi.com>]

  *) Remove ap_bopenf from buff code.  This required modifying the file_cache
     code to use APR file's directly instead of going through BUFFs.
     [Ryan Bloom]

  *) Fix compile break on some platforms for mod_mime_magic.c
     [John K. Sterling <sterling@covalent.net>]

  *) Fix merging of AddDefaultCharset directive.
     PR #5872 (1.3) [Jun Kuriyama <kuriyama@imgsrc.co.jp>]

  *) Minor revamp of the rlimit sections of code. We now test
     explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
     is now "available" even if the platform doesn't support
     the rlimit family (it's just a noop though). [Jim Jagielski]

  *) Migrate the pre-selection of which MPM to use for specific
     platforms to hints.m4, which contains (or should contain)
     all platform specific "hints". [Jim Jagielski]

  *) Remove IOLs from Apache.  With filtering, IOLs are no longer necessary
     [Ryan Bloom]

  *) Add tables with non-string/binary values to APR.
     [Ken Coar]

  *) Fix some bad calls to ap_log_rerror() in mod_rewrite. 
     [Jeff Trawick]

  *) Update PCRE to version 3.2.  [Ryan Bloom]

  *) Change the way buckets' destroy functions are called so that
     they can be more directly used when changing the type of a
     bucket in place. [Tony Finch]

  *) Add generic support for reference-counting the resources used by
     buckets, and alter the HEAP and MMAP buckets to use it. Change
     the way buckets are initialised to support changing the type of
     buckets in place, and use it when setting aside TRANSIENT buckets.
     Change the implementation of TRANSIENT buckets so that it can be
     mostly shared with IMMORTAL buckets, which are now implemented.
     [Tony Finch]

Changes with Apache 2.0a6

  *) Add support to Apache and APR for dsos on OS/390.  [Greg Ames]

  *) Add a chunking filter to Apache.  This brings us one step closer
     to removing BUFF. [Ryan Bloom]

  *) ap_add_filter now adds filters in a LIFO fashion.  The first filter
     added to the stack is the last filter to be called.  [Ryan Bloom]

  *) Apache 2.0 has been completely documented using Scandoc.  The
     docs can be generated by running 'make docs'.  [Ryan Bloom]

  *) Add filtered I/O to Apache.  This is based on bucket brigades,
     Currently the buckets still use BUFF under the covers, but that
     should change quickly.  The only currently written filter is the
     core filter which just calls ap_bwrite.  [The Apache Group]

  *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
     built with thread support.  [Jeff Trawick]

  *) Abort configuration if --with-layout was specified and there's
     no layout definition file.  [Ken Coar]

  *) Add support for '--with-port=n' option to configure.  [Ken Coar]

  *) Add support for extension methods for the Allow response header
     field, and an API routine for accessing r->allowed and the
     list of extension methods in a unified manner.  [Ken Coar]

  *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
     [Rob Simonson <simo@us.ibm.com>]

  *) Get xlate builds working again.  The apr renaming in 2.0a5 broke
     APACHE_XLATE builds.  [Jeff Trawick]

  *) A configuration file parsing problem was fixed.  When the 
     configuration file started with an IfModule/IfDefine container, 
     only the last statement in the container would be retained.  
     [Jeff Trawick]

Changes with Apache 2.0a5

  *) Perchild is serving pages after passing them to different child
     processes.  There are still a lot of bugs, but this does work.  I
     have made requests against the same installation of Apache, and had
     different servers use different user IDs to serve the responses.
     This change moves to using socketpair instead of an AF_UNIX socket.
     [Ryan Bloom]

  *) Perchild MPM still doesn't work perfectly, but it is serving pages.
     It can't seem to pass between child processes yet, but I think we
     are closer now than before.  This moves us back to using Unix
     Domain Sockets.  [Ryan Bloom]

  *) libapr functions and types renamed with apr_ prefix.
     #include "apr_compat.h" for 1.3.x backwards compat
     [Perl]

  *) Fix problems with APR sockaddr handling on Win32.  It didn't always
     return the right information on the local socket address.
     [Gregory Nicholls <gnicholls@level8.com>]

  *) ap_recv() on Win32: Set bytes-read to 0 on error.  
     [Gregory Nicholls <gnicholls@level8.com>]

  *) Add an option to not detach from the controlling terminal without
     going into single process mode.  This allows for much easier
     debugging of the process startup code. [Ryan Bloom]

  *) ab: don't use perror() to report the failure of an APR function.
     [Jeff Trawick]

  *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
     scoreboard on graceful restarts.
     [Ryan Bloom]

  *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
     An invalid ap_proc_t was passed to ap_create_process().
     [Jeff Trawick]

  *) Allow modules to register filters.  Those filters are still
     never called, but this is a step in the right direction.
     [Ryan Bloom and Greg Stein]

  *) Register the mod_cgid daemon process for cleanup so that it is
     killed at termination if it does not die when the parent gets
     SIGTERM.  This change is to fix occasional problems where the
     process stays around.  Bugs in similar logic in mod_rewrite and
     mod_include were also fixed.  [Jeff Trawick]

  *) Fix a bug in the time handling.  Basically, we were imploding a time
     in ap_parseHTTPdate, but it had bogus data in the exploded time format.
     Namely, tm_usec and tm_gmtoff were not filled out.  ap_implode_time
     uses those two fields to adjust the time value.  Because of the HTTP
     spec, both of those values can be zero'ed out safely.  This fixes
     the bug correctly.  [Ryan Bloom]

  *) Fix a couple of place in the Windows code where the wrong error
     code was being returned. [Gregory Nicholls <gnicholls@level8.com>]

  *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]

  *) Added the APR_EOL_STR macro for platform dependent differences in 
     logfiles and other raw text (such as all APR files).  Fixes logfiles
     not terminated with cr/lf sequences in Win32.  [William Rowe]

  *) Move all strings functions in APR to src/lib/apr/strings and create
     apr_strings.h for the prototypes. [Ryan Bloom]

  *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
     to repeat the syscall until we stop getting EINTR.  I noticed a
     related problem at termination (SIGTERM) on FreeBSD when using
     fcntl().  Apache 1.3 had these new loops too.  Also, make the flock() 
     implementation work properly with child init.  Previously, ap_lock()
     was essentially a no-op because all children were using different
     locks and thus nobody ever blocked.  [Jeff Trawick]

  *) The htdocs/ tree has been moved out of the CVS source tree into
     a separate area for easier development.  This has NO EFFECT on
     end-users or Apache installations.  [Ken Coar]

  *) Integrate the mod_dav module for WebDAV protocol handling. This
     adds the dav and dav_fs modules, the SDBM library, and additional
     XML handling utilities. [Greg Stein]

  *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
     [Greg Stein]

  *) Update the lib/expat-lite/ library (bring forward changes from
     the Apache 1.3 repository). [Greg Stein]

  *) If sizeof(long long) == sizeof(long), then prefer long in APR
     configure.in.  [Dave Hill <ddhill@zk3.dec.com>]

  *) Add ap_sendfile for Tru64 Unix.  Also, add an error message for
     machines where sendfile is detected, but nobody has written ap_sendfile.
     [Dave Hill <ddhill@zk3.dec.com>]

  *) Compile fixes in mod_mmap_static.  [Victor J. Orlikowski]

  *) ab would start up more connections than needed, then quit when the
     desired number were finished. Also fixed a logic error involving
     ab keepalives.  [Victor J. Orlikowski]

  *) WinNT: Implement non-blocking pipes with timeouts to communicate
     with CGIs. Apache 2.0a4 had non-blocking pipes but without 
     timeouts (i.e, if a timeout was specified, the pipe reverted to
     a full blocking pipe). Now the behaviour is more in line with
     Unix non-blocking pipes.
     [Bill Stoddard]

  *) WinNT: Implement accept socket reuse. Using mod_file_cache to
     cache open file handles along with accept socket reuse enables
     Apache 2.0 to serve non-keepalive requests for static files at
     3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
     and Apache 2.0 will serve almost 1200 rps on my system).
     [Bill Stoddard]

  *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
     supports two config directives, mmapfile (same behavious as
     mod_mmap_static) and cachefile. Use the cachefile directive
     to cache open file handles. This directive only works on systems
     that have implemented the ap_sendfile API. cachefile works today
     on Windows NT, but has not been tested on any flavors of Unix.
     [Bill Stoddard]

  *) Cleanup the configuration.  With the last few changes the
     configuration process automatically:
         inherits information about how to build from APR.  Allowing
         APR to inform Apache that it should or should not use -ldl
        
         Detects which mod_cgi should be used mod_cgi or mod_cgid,
         based on the threading model

         Apache calls APR's configure process before finishing it's
         configuration processing, allowing for more information flow
         between the two.
     [Ryan Bloom]
         

  *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
     with non-zero argument makes the socket non-blocking.  BeOS and
     OS/2 already worked this way.  [Jeff Trawick]

  *) ap_close() now calls ap_flush() for buffered files, so write
     operations work a whole lot better on buffered files.
     [Jeff Trawick]

  *) Fix error messages issued from MPMs which explain where to change
     compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
     [Greg Ames]

  *) ap_create_pipe() now leaves pipes in blocking state.  (This helps 
     reduce the number of syscalls on Unix.)  ap_set_pipe_timeout() is
     now the way that the blocking state of a pipe is manipulated.
     ap_block_pipe() is gone.  [Jeff Trawick]

  *) Correct the problem where the only local host name that the IP stack
     can discover are 'undotted' private names.  If no fully qualified
     domain name can be identified, the default ServerName will be set to
     the machine's IP address string. A warning is always provided if the
     ServerName not specified, but assumed.  Solves PR6215 [William Rowe]

  *) Repair problems with config file processing which caused segfault
     at init when virtual hosts were defined and which caused ServerName to
     be ignored when there was no valid DNS setup.  [Jeff Trawick]

  *) Removed pointless ap_is_aborted macro function. [Roy Fielding]

  *) Add ap_sendfile implementation for AIX
     [Victor J. Orlikowski]

  *) Repair C++ compatibility in ap_config.h, apr_file_io.h, 
     apr_network_io.h, and apr_thread_proc.h.  
     [Tyler J. Brooks <tylerjbrooks@home.com>, Jeff Trawick]

  *) Bring the allocation and pool debugging code back into a working
     state.  This will need to be tested as so far it's only been used on
     BeOS. [David Reid]

  *) Change configuration command setup to be properly typesafe when in
     maintainer mode. Note that this requires a compiler that can initialise
     unions. [Ben Laurie]

  *) Turn on buffering for config file reads.  Part of this was to
     repair buffered I/O support in Unix and implement buffered
     ap_fgets() for all platforms.  [Brian Havard, Jeff Trawick]

  *) Win32: Fix problem where UTC offset was not being set correctly
     in the access log. Problem reported on news group by Jerry Baker.
     [Bill Stoddard]

  *) Fix segfault when reporting this type of syntax error:
     "</container> without matching <container> section", where
     container is VirtualHost or Directory or whatever.
     [Jeff Trawick]

  *) SECURITY [CAN-2000-1204] (cve.mitre.org):
     Prevent the source code for CGIs from being revealed when 
     using mod_vhost_alias and the CGI directory is under the document root
5399 5400 5401 5402 5403 5404 5405 5406 5407 5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425 5426 5427 5428 5429 5430 5431 5432 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 5444 5445 5446 5447 5448 5449 5450 5451 5452 5453 5454 5455 5456 5457 5458 5459 5460 5461 5462 5463 5464 5465 5466 5467 5468 5469 5470 5471 5472 5473 5474 5475 5476 5477 5478 5479 5480 5481 5482 5483 5484 5485 5486 5487 5488 5489 5490 5491 5492 5493 5494 5495 5496 5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511 5512 5513 5514 5515 5516 5517 5518 5519 5520 5521 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 5532 5533 5534 5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 5546 5547 5548 5549 5550 5551 5552 5553 5554 5555 5556 5557 5558 5559 5560 5561 5562 5563 5564 5565 5566 5567 5568 5569 5570 5571 5572 5573 5574 5575 5576 5577 5578 5579 5580 5581 5582 5583 5584 5585 5586 5587 5588 5589 5590 5591 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 5603 5604 5605 5606 5607 5608 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 5620 5621 5622 5623 5624 5625 5626 5627 5628 5629 5630 5631 5632 5633 5634 5635 5636 5637 5638 5639 5640 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 5652 5653 5654 5655 5656 5657 5658 5659 5660 5661 5662 5663 5664 5665 5666 5667 5668 5669 5670 5671 5672 5673 5674 5675 5676 5677 5678 5679 5680 5681 5682 5683 5684 5685 5686 5687 5688 5689 5690 5691 5692 5693 5694 5695 5696 5697 5698 5699 5700 5701 5702 5703
     and a user makes a request like http://www.example.com//cgi-bin/cgi
     as reported in <news:960999105.344321@ernani.logica.co.uk>
     [Tony Finch]

  *) Add support for the new Beos NetwOrking Environment (BONE)
     [David Reid]

  *) xlate: ap_xlate_conv_buffer() now tells the caller when the
     final input char is incomplete; ap_bwrite_xlate() now handles
     incomplete final input chars.  [Jeff Trawick]

  *) Yet another update to saferead/halfduplex stuff -- need to ensure
     that a bhalfduplex call occurs before logging or else DNS and
     such can delay the last packet of the response.  [Dean Gaudet]

  *) Some syscall reduction in APR on unix -- don't seek when setting
     up an mmap; and don't fcntl() more than once per socket.
     [Dean Gaudet]

  *) When mod_cgid is started as root, the cgi daemon now switches 
     to the configured User/Group (like other httpd processes) 
     instead of continuing as root.  [Jeff Trawick]

  *) The prefork MPM now uses an APR lock for the accept() mutex.
     It has not been getting a lock at all recently.  httpd -V now 
     displays APR's selection of the lock mechanism instead of the 
     symbols previously respected by prefork.  [Jeff Trawick]

  *) Change the mmap() feature test to check only for existence.
     The previous check required features not used by Apache.
     [Greg Ames]

  *) Fix a couple of bugs in mod_cgid:  The cgi arguments were
     sometimes mangled.  The len parm to accept() was not 
     initialized, leading sometimes to an endless loop of failed
     accept() calls on OS/390 and anywhere else that failed the call
     if the len was negative.  Use <sys/un.h> for struct sockaddr_un
     instead of declaring it ourselves to fix a compilation problem
     on Solaris.  [Jeff Trawick]

  *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]

  *) Fix zombie process problem with mod_cgi.  [Jeff Trawick]

  *) Port mod_mmap_static to 2.0.  Make it go faster.  [Greg Ames]

  *) Fix storage overlay when loading dsos.  Symptom: Apache dies at
     initialization if ALLOC_DEBUG is defined; no known symptom 
     otherwise.  [Jeff Trawick]

  *) Fix typo in configure script when checking for mod_so.  bash
     doesn't seem to have a problem but /bin/sh on Solaris does.
     Symptom: "./configure: test: unknown operator =="
     [Jeff Trawick]
   
  *) Rebind the Win32 NT and 9x services control into the MPM.  
     All console, WinNT SCM and Win9x pseudo-service control code is
     now wrapped within the WinNT MPM.
     [William Rowe]

  *) Make a copy of getenv("PATH") before storing for later use.  Some
     getenv() implementations use the same storage for successive calls.
     CGIs on OS/390 had a bad PATH due to this.  [Jeff Trawick]

  *) Server Tokens work in 2.0 again.  This also propogates the change
     to allow just the product name in the server string using
     PRODUCT_ONLY.
     [Ryan Bloom]

Changes with Apache 2.0a4

  *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
     won't need to call it.  [Greg Ames, Jeff Trawick]

  *) Move pre_config hook call to between configuration read and config
     tree walk.  This allows all modules to implement pre_config hooks
     and know that they will be called at an appropriate time.
     [Ryan Bloom] 

  *) mod_cgi, mod_cgid: Make ScriptLog directive work again.  
     [Jeff Trawick]

  *) Add pre-config hooks back to all modules.
     [Ryan Bloom]

  *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
     ContentDigest enabled and we can't/don't mmap the file. 
     [Jeff Trawick]

  *) We now report the correct line number for syntax errors in config
     files.  [Ryan Bloom, Greg Stein, Jeff Trawick]

  *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
     related bugs, and changed shmem/locking to use apr API. Shared-mem
     is currently disabled, however, because of problems with graceful
     restarts. [Ronald Tschalär]

  *) Fix corruption of IFS variable in --with-module= handling.  
     Depending on the user's shell or customization thereof, there 
     would be errors generating ap_config_auto.h later in the configure
     procedure.  [Jeff Trawick]

  *) mod_cgi: Restore logging of stderr from child process when ScriptLog 
     isn't used (as in 1.3), except that on Unix it is now logged via 
     ap_log_rerror() instead of by the child having STDERR_FILENO refer
     to the error log.  [Greg Ames, Jeff Trawick]

  *) Add '-D' argument processing for run time configuration defines.
     [William Rowe]

  *) Organize http_main.c as independent code, such that no code or
     global data is exported from it.  WIN32 will dynamically link it
     to the server core, so this will prevent mutual dependency.
     [William Rowe]

  *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
     and APR_VAR_EXPORT to correctly resolve apr functions and globals.
     [William Rowe]

  *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
     [William Rowe, Jan Just Keijser <KEIJSERJJ@logica.com>]

  *) Add mod_charset_lite for configuring character set translation.
     [Jeff Trawick]

  *) Add '-n' option to htpasswd to make it print its user:pw record
     on stdout rather than having to frob a text file.  [Ken Coar]

  *) Fix saferead.  Basically, we flush the output buffer if a read on the
     input will block.
     [Ryan Bloom]
 
  *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
     a conversion is single-byte only. [Jeff Trawick]

  *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
     the BeOS 5.0 documentation says that shutdown doesn't work yet.
     [Roy Fielding]

  *) Fix some minor errors where pid was being manipulated as an int
     instead of the portable pid_t.  [Roy Fielding]

  *) Fix some error log prints that were printing the pointer to a
     structure rather than the pid within the structure.
     [Jeff Trawick, Roy Fielding]

  *) ab: Fix a command-line processing bug; track bad headers in 
     err_response; support reading headers up to 2K. 
     [Ask Bjoern Hansen <ask@valueclick.com>]

  *) Fix ap_resolve_env() so that it handles new function added in a prior
     alpha (see "Added the capability to do ${ENVVAR} constructs in the
     config file.") as well as the constructs used by mod_rewrite.
     [Paul Reder <rederpj@raleigh.ibm.com>]

  *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]

  *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
     APR to perform translation, instead of accessing the hard-coded tables
     in 1.3's ebcdic.c. [Jeff Trawick]

  *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing. 
     [Jeff Trawick]

  *) Add the ability to hook into the config file reading phase.  Basically
     if a directive is specified EXEC_ON_READ, then when that directive is
     read from the config file, the assocaited function is executed.  This
     should only be used for those directives that must muck with HOW the
     server INTERPRETS the config.  This should not be used for directives
     that re-order or replace items in the config tree.  Those changes should
     be made in the pre-config step.
     [Ryan Bloom]

  *) Add mod_example to the build system.
     [Tony Finch]

  *) APR: Add ap_xlate_conv_byte() to convert one char between single-
     byte character sets. [Jeff Trawick]

  *) Pick up various EBCDIC fixes from 1.3 (from Martin
     Kraemer and Oliver Reh originally according to the change log).
     [Jeff Trawick]

  *) Fix a couple of problems in RFC1413 support (controlled by the
     IdentityCheck directive).  Apache did not build the request string
     properly and more importantly Apache would loop forever if the 
     would-be ident server dropped the connection before sending a
     properly terminated response. [Jeff Trawick]

  *) apxs works in 2.0.
     [Ryan Bloom]

  *) Reliable piped logs work in 2.0.
     [Ryan Bloom]

  *) Introduce a hash table implementation into APR to be used for
     replacing tables and other random data structures in Apache.
     [Tony Finch]

  *) Add some more error reporting to htpasswd in the case of problems
     generating or accessing the temporary file.  Also, pass in a
     buffer if the implementation knows how to use it (i.e., if L_tmpnam
     is defined).  [Ken Coar]

  *) Configure creates config.nice now containing your configure
     options. Syntax: ./config.nice [--more-options]
     [Sascha Schumann]

  *) Fix various return code problems in APR on Win32.  For most of
     these, APR was returning APR_EEXIST instead of GetLastError()/
     WSAGetLastError().  [Jeff Trawick]

  *) Make piped logs work again in version 2.0
     [Ryan Bloom]

  *) Add VPATH support to UNIX build system of Apache and APR.
     [Sascha Schumann]

  *) Fix ap_tokenize_to_argv to respect the const arguments that are
     passed to it.
     [Ryan Bloom]

  *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
     Patch submitted to author.
     [Sascha Schumann]

  *) Fix mm configuration on Solaris 8 x86 and OS/390.  Don't require
     /sbin in PATH on FreeBSD (all submitted to rse previously) 
     [Jeff Trawick]

  *) Fix building Pthread-based MPMs on OpenBSD
     [Sascha Schumann] PR#26

  *) Fix ap_readdir() problem on systems where d_name[] field in
     struct dirent is declared with only one byte.  (This problem only 
     affected multithreaded builds.)  This caused a segfault during
     pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at 
     least). [Jeff Trawick]

  *) Fix some make-portability problems on at least Tru64, Irix
     and UnixWare.
     [Sascha Schumann] PR#18, PR#39

  *) Add ap_sigwait() to support old-style sigwait() on systems
     like OS/390 and UnixWare.
     [Sascha Schumann] 

  *) Add POSIX-thread flags for more platforms.
     [Sascha Schumann]

  *) Fix some minor bugs in ap_strerror().  Teach ap_strerror()
     (on Unix, at least) to handle resolver errors.  Fix a bug in
     the definition of APR_ENOMEM so that ap_strerror() can spit
     out the correct error message for it.
     [Jeff Trawick]

Changes with Apache 2.0a3

  *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
     [Doug MacEachern]

  *) API: *HOOK* macros now have an AP_ prefix
     [Doug MacEachern]

  *) Win32: Eliminate redundant calls to initialize winsock.
     [Tim Costello <timcostello@ozemail.com.au>]

  *) Fix bugs initializing ungetchar for pipes. 
     [Chia-liang Kao <clkao@CirX.ORG>]

  *) The ab program in the src/support directory is now portable using
     APR.
     [Ryan Bloom]

  *) Support directory is being compiled when the server is built
     [Ryan Bloom]

  *) The configure option --with-program-name has been added to allow
     developers to rename the executable at configure time.  This also
     changes the name of the config files to match the executable's name.
     [Ryan Bloom]

  *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
     containing version numbers. [Martin Pool]

  *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
     Unix; access_log and error_log now created with these perms; non-
     Unix is unaffected [Jeff Trawick]
     
  *) Finished move of ap_md5 routines to apr_md5.  Removed ap_md5.h.
     Replaced more magic numbers with MD5_DIGESTSIZE.
     [William Rowe, Roy Fielding]

  *) Win32: Get mod_auth_digest compiling and added to the Windows
     build environment. Not tested and I'd be suprised if it 
     actually works. [Bill Stoddard]

  *) Revamp the Win32 make environment. Makefiles have been removed and
     Apache.dsw created to bring together all the pieces. Create new file
     os/win32/BaseAddr.ref to define module base addresses (to prevent
     dll relocation at start-up).
     [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]

  *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3.  This replaces most
     of the \015, \012, and \015\012 constants with macros.
     
  *) Add ap_xlate_open() et al for translation of text between different 
     character sets.  The initial implementation requires iconv().
     [Jeff Trawick]

  *) More FAQs and answers from comp.infosystems.www.servers.unix.
     [Joshua Slive <slive@finance.commerce.ubc.ca>]

  *) CGI output is being timed out now.
     [Ryan Bloom]

  *) Fix the problem with dieing quietly.  dupfile now takes a pool which
     is used by the new apr file.  There is no reason to create a new file
     with the same lifetime as the original file.
     [Ryan Bloom] 

  *) Win32: Attempt to eliminate dll relocation at start-up by specifying
     module base addresses. This will help shooting seg faults
     in the field. [William Rowe <wrowe@lnd.com>]

  *) Update Apache on Windows documentation. Add new document
     describing how to compile Apache on Windows.
     [William Rowe <wrowe@lnd.com>]

  *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take 
     microseconds instead of seconds.  Some storage leaks and other
     minor bugs in related code were fixed.  [Jeff Trawick]

  *) Win32: First cut at getting mod_isapi working under 2.0
     [William Rowe <wrowe@lnd.com>]

  *) First stab at getting mod_auth_digest working under 2.0
     quick change summary:
     - moved the random byte generation (ap_generate_random_bytes) into APR
     - now uses ap_time_t
     - compiles and runs on linux
     - tested with amaya
     [Brian Martin <bmartin@penguincomputing.com>]

  *) Win32: Move the space stripping of physical service names
     fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
     unresolved symbol. Add dependency checking to the
     CreateService call to ensure TCPIP and AFP (winsock) is started
     before Apache.
     [William Rowe <wrowe@lnd.com>]

  *) Win32: Add code to perform latebinding on functions that may
     not exist on all levels of Windows where Apache runs. This
     is needed to allow Apache to start-up on Win95/98. All calls
     to non portable functions should be protected with
     ap_oslevel checks to prevent runtime segfaults. 
     [William Rowe <wrowe@lnd.com>]

  *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]

  *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]

  *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
     This addresses PR 1623. Still need to address timing out runaway
     CGI scripts. [Bill Stoddard]
 
  *) Win32: Make ap_stat Windows 95/98 friendly
     [William Rowe <wrowe@lnd.com>]                                            

  *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to 
     always fail. Need to initialise the dwOSVersionInfoSize member of the 
     OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx 
     always fails. 

     The patch also enhances ap_get_oslevel (and the associated enum) to 
     handle selected service packs for NT4, and adds recognition for 
     Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then 
     we can use ReadFileScatter and WriteFileGather in readwrite.c. 
     [Tim Costello <Tim.Costello@BTFinancialgroup.com>]

  *) Get mod_rewrite building and running, and mod_status building for Win NT
     [Allan Edwards <ake@raleigh.ibm.com>]

  *) Patch to port mod_auth_db to the 2.0 api and also to support 
     Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and 
     2.7.7.  It should work with version 1 as well but I haven't tested it.  
     [Brian Martin <bmartin@penguincomputing.com>]

  *) Get APR DSO code working under Windows. Includes cross platform
     fixes to mod_so.c.
     [Tim.Costello@BTFinancialgroup.com]

  *) Fix some of the Windows APR time functions.
     [William Rowe]

  *) FAQ changes related to tidying up historical documents on the web site.
     [Joshua Slive <slive@finance.commerce.ubc.ca>]

  *) Move Windows DSO code into APR.
     [Bill Stoddard]

  *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
     Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
     at build time. At this point, the server will not compile on Windows because
     of the recent DSO commits. Fixing those next.
     [Bill Rowe & Bill Stoddard]

  *) Added error checking for file I/O APR routines.
     [Jon Travis <jtravis@covalent.net>]

  *) APR: Don't use the values of resolver error codes for the 
     corresponding APR error codes.  On Unix and Win32, return the 
     proper APR error code after a resolver error. [Jeff Trawick]

Changes with Apache 2.0a2

  *) Renamed the executable back to httpd on all platforms other 
     than Win32
     [Ryan Bloom]

  *) Allow BeOS to survive restarts, log properly and a few
     small things it had problems with due to the way it setup
     users and groups. [David Reid]

  *) Get mod_rewrite working with APR locks
     [Paul Reder <rederpj@raleigh.ibm.com>]

  *) Actually remove the sempahore when the lock cleanup routine
     is called on BeOS. [David Reid]

  *) Clear hook registrations between reads of the config file.
     When DSOs are unloaded and re-loaded the old hook pointers may
     no longer be valid. This fix eliminates potential segfaults.
     [Allan Edwards <ake@raleigh.ibm.com>]

  *) Fix a problem with Sigfunc not being defined or bypassed
     if sigaction() wasn't found. [Jim Jagielski]

  *) Fix the locking mechanism on BSD variants.  They now use fcntl
     locks.  This allows the server to start and serve pages.
     [Ryan Bloom]

  *) First cut at getting the Win32 installer to work
     [William Rowe <wrowe@lnd.com>]

  *) Get htpasswd compiling under Windows
     [William Rowe <wrowe@lnd.com>]

  *) Change the log message for a bind() failure to show the
     interface and port number. [Jeff Trawick]

  *) Import the documentation from 1.3.12 and bring parts of it
     up-to-date with respect to the changes that have occurred
     in 2.0.
     [Tony Finch]

  *) BeOS MPM updated.  CGI bug on BeOS fixed.  IP addresses
     now logged correctly on BeOS.
     [David Reid]

  *) Create one makefile for all Win32 distributions (NT/2000/95/98).
     Makefile.win includes the same user interface as the old 
     Makefile.nt 
     [William Rowe <wrowe@lnd.com>, Jeff Trawick <trawick@us.ibm.com>]

  *) Win32 exec now uses COMSPEC environment string for command 
     shell path resolution.
     [William Rowe <wrowe@lnd.com>] PR#3715

  *) Win32: ap_connect() was not returning correct error condition
     PR5866
     [Allen Prescott <allen@clanprescott.com>]

  *) Win32: ap_open() was broken on Win9x because an NT-specific
     flag was passed to CreateFile.  ap_puts() added an unnecessary
     '\n'.
     [Jeff Trawick <trawick@us.ibm.com>]

  *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
     which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
     confusing ee/et name and made all extensions language/dialect
     rather than country reflecting. Changed example files to
     explicit reflect the ISO charset and added a few common 
     ones to the example config [dirkx]

  *) Extend external module capability.  To use this, you call
     configure with --with-module=path/to/mod1,path/to/mod2,etc.
     [Ryan Bloom]

  *) Backported the various "default charset" fixes from 1.3.12,
     including the AddDefaultCharset directive. [Jim Jagielski]

  *) Added the capability to do ${ENVVAR} constructs in the
     config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
     it does this on a line by line basis; i.e. if the envvar
     expands to something with spaces you have to protect it
     by adding quotes around it (Unless of course you expect it
     to contains more than one argument. Alternatively you
     can compile it on a per token basis; which is what people
     usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
     hampers fancier hacks.
     [Dirk-Willem van Gulik]

  *) Changed the 'ErrorDocument' syntax in that it NO longer
     supports the asymetric

                ErrorDocument 301 "Some message

     Note the opening " quote, without a closing quote. It now
     has either the following syntaxes

                ErrorDocument XXX /local/uri
                ErrorDocument XXX http://valid/url
                ErrorDocument XXX "Some Message"

     The recognition heuristic is: if it has a space it
     is a message. If it has no spaces and starts with a /
     or is a valid URL then treat it that way. Otherwise it
     is assumed to be a message.

     This breaks backward compatibility but makes live a hell
     of a lot easier for GUI's and config file parsers.
     [Dirk-Willem van Gulik]

  *) Changed 'CacheNegotiatedDocs' from its present/not-present
     syntax into a 'on' or 'off' syntax. As it currently is the
     only non nesting token which uses NO_ARGS and thus is an
     absolute pain for any config interface automation. This
     breaks backward compatibility. [Dirk-Willem van Gulik]

  *) Add ability to add external modules to the build process.  This is
     done with --with-module=/path/to/module.  Modules can only be added
     as static modules at this point.
     [Ryan Bloom]

Changes with Apache 2.0a1

  *) Fix FreeBSD 3.3 core dump.
     Basically, ap_initialize() needs to get called before 
     create_process(), since create_process() passes op_on structure
     to semop() to get a lock, but op_on isn't initialized until 
     ap_initialize() calls setup_lock().  Here is a slight
     rearrangement to main() which calls ap_initialize() earlier...
     [Jeff Trawick <trawick@us.ibm.com>]

  *) Enable Apache to use sendfile/TransmitFile API
     [Bill Stoddard, David Reid, Paul Reder]

  *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
     APIs.
     [Bill Stoddard]

  *) Make file I/O and network I/O writev/sendv APIs consistent.
     Eliminate use of ap_iovec_t and use Posix struct iovec.
     Use seperate variable on ap_writev to set the number of iovecs
     passed in and number of bytes written.
     [Bill Stoddard]

  *) Adapt file iol to use APR functions. Replaced ap_open_file() 
     with ap_create_file_iol(). ap_create_file_iol() requires that 
     the file be opened prior to the call using ap_open().
     [Bill Stoddard]

  *) Port mod_include and mod_cgi to 2.0
     [Paul Reder, Bill Stoddard]

  *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
     bytes_read/bytes_written is always valid (never -1).  Plus
     some fixes to buff.c to correct problems introduced by the
     errno => ap_status_t changes a while back.  Plus a fix to
     chunked encoding introduced right at the beginning of 2.0.
     [Dean Gaudet]

  *) Revamped UNIX build system to use autoconf and libtool.
     [Manoj Kasichainula, Sascha Schumann]

  *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj@raleigh.ibm.com>]

  *) SECURITY: More rigorous checking of Host: headers to fix security 
     problems with mass name-based virtual hosting (whether using mod_rewrite
     or mod_vhost_alias).
     [Ben Hyde, Tony Finch]
  
  *) Add back support for UseCanonicalName in <Directory> containers.
     [Manoj Kasichainula]

  *) Added APLOG_STARTUP log type.  This allows us to write an error
     message without any of the date and time information.  As a part
     of this change, I also removed all of the calls to fprintf(stderr
     and replaced them with calls to ap_log_error using APLOG_STARTUP
     writing to stderr is no longer portable, because we don't direct 
     stderr to the error log on all platforms.
     [Ryan Bloom] 
 
  *) Convert error logging functions to take errno as an argument.
     This makes our error logs more portable, because some Windows API's 
     don't set errno.  This change allows us to still output a valid
     message on all of our platforms.
     [Ryan Bloom]

  *) mod_mime_magic runs in 2.0-dev now.