Skip to content
CHANGES 596 KiB
Newer Older
  *) When opening "configuration" files (like httpd.conf, htaccess
     and htpasswd), Apache will not allow them to be non-/dev/null
     device files. This closes a DoS hole. At the same time,
     we use ap_pfopen to open these files to handle timeouts.
     [Jim Jagielski, Martin Kraemer]

  *) Apache will now log the reason its httpd children exit if they exit
     due to an unexpected signal.  (It requires a new porting define,
     SYS_SIGLIST, which if defined should point to a list of text
     descriptions of the signals available.  See PORTING.)  [Dean Gaudet]

  *) WIN32: chdir() doesn't make sense in a multithreaded environment 
     like WIN32.  Before, Win32 CGI's could have had sporadic failures 
     if a chdir call from one thread was made between another chdir call 
     and a spawn in another thread.  So, for now don't chdir for CGI scripts 
     in WIN32.  The current CGI "spec" is unclear as to whether it's 
     necessary.  Long-term fix is to either serialize the chdir/spawn combo 
     or use WIN32 native calls to spawn a process.  This temp fix was 
     necessary to remove this as a showstopper for 1.3's release. 
     [Brian Behlendorf]

  *) Cleanup the suEXEC support in APACI and make it more safe:
     1. Add big fat hint in INSTALL about risks and to read the
        htdocs/manual/suexec.html document before using the suexec-related
        configure options.
     2. Make sure the user has at least provided one --suexec-xxxx option
        (specifies suEXEC parameters) in addition to --enable-suexec option.
        If only --enable-suexec is given APACI stops with a hint to INSTALL
        and htdocs/manual/suexec.html documents.
     3. Provide two additional --suexec-xxxx options to make the suEXEC
        configuration complete (especially for package maintainers who else
        had to patch the source tree) by providing ways to configure minimal
        UID/GID and safe PATH, too.
     [Ralf S. Engelschall]

  *) Cleanup of the `configure --shadow' process:
     - make sure the configure script creates its temporary files in the
       shadow tree to avoid conflicts with parallel configure runs
     - removed unnecessary option "-r" from "rm" call for Makefiles
     - make sure the configure scripts creates the shadow-wrapper Makefile
       only when no shadow trees already exists
     - make sure "make distclean" removes the shadow-wrapper Makefile but only
       when no more shadow trees exists
     - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
       as fast (in the past it needed 70sec, now it runs just 38sec)
     - make sure CVS does not complain about the created files
       Makefille.<gnutriple> and directories src.<gnutriple>
     [Ralf S. Engelschall]

  *) Added the ap_add_version_component() API routine and the
     AddVersionPlatform core directive.  The first allows modules to
     declare themselves in the Server response header field value,
     augmenting the SERVER_SUBVERSION define in the Configuration file
     with run-time settings (more useful in a loadable-module environment).
     AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)"
     into the server version string.  [Ken Coar] PR#2056

  *) Minor stability tweaks to avoid core dumps in ap_snprintf.
     [Martin Kraemer]

  *) Emit the "Accept-Range" header for the default handler.
     [Brian Behlendorf] PR#1464

  *) Add a note to httpd.conf-dist that apache will on some systems fail
     to start when the Group # is set to a negative or large positive value.
     [Martin Kraemer]

  *) Make sure the module execution order is correct even when some modules
     are loaded under runtime (`LoadModule') via the DSO mechanism:
     1. The list of loaded modules is now a dynamically allocated one
        and not the original statically list from modules.c
     2. The loaded modules are now correctly setup by LoadModule for
        later use by the AddModule command.
     3. When the DSO mechanism for modules is used APACI's `install'
        target now enables all created `LoadModule' lines per default because
        this is both already expected by the user _and_ needed to avoid
        confusion with the next point and reduces the Makefile.tmpl complexity
     4. When the DSO mechanism for modules is used, APACI's `install'
        target now additionally makes sure the module list is reconstructed
        via a complete `ClearModuleList+AddModule...' entry.
     5. The support tool `apxs' now also makes sure an AddModule command
        is added in addition to the LoadModule command.
     6. The modules.c generation was extended to now contain two
        comments to make sure no one is confused by the confusing terminology
        of loading/linking (we use load=link+load & link=activate instead of
        the obvious load=activate & link=link :-( )
     This way now there is no longer a difference under execution time between
     statically and dynamically linked modules.
     [Ralf S. Engelschall]

  *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
     Big Symbol Renaming. [Ralf S. Engelschall]

  *) Add a comment to mod_example.c showing the format of a FLAG command
     handler.  [Ken Coar]

  *) Standardized the time format in mod_status to match that of other 
     places in the code (e.g. DATE_GMT).  PR#1551

  *) Fix handling of %Z in timefmt strings for those platforms with no time
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     zone information in their tm struct. [Paul Eggert <eggert twinsun.com>]
     PR#754

  *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature 
     feature compatible with 'UseCanonicalName off' by changing  
     r->server->server_hostname to ap_get_server_name().  And I changed some 
     functions which use r->server->port to use ap_get_server_port() instead, 
     because if there's no Port directive in the config r->server->port is 0.
     [Lars Eilebrecht]

  *) get/set_module_config are trivial enough to be better off inline.  Worth
     1.5% performance boost. [Dean Gaudet]

  *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
     when ensuring 'x' is at least 30-chars big. [Jim Jagielski,
     Brian Behlendorf]

  *) [BS2000 security] BS2000 needs an extra authentication to initialize
     the task environment to the unprivileged User id. Otherwise CGI scripts
     would have a way to gain super user access. [Martin Kraemer]

  *) Fix debug log messages for BS2000/OSD: instead of logging the whole
     absolute path, only log base name of logging source as is done
     in unix. [Martin Kraemer]

  *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in
     the encoding type from the Accept-Encoding header (if it's there)
     and use it in the response, as that's probably what it'll be expecting.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [<Ronald.Tschalaer psi.ch>]

  *) Fix to mod_alias: translate_alias_redir is dealing with
     a URI, not a filename, so the check for drive letters for win32 
     and emx is not necessary. [Dean Gaudet]

  *) WIN32: Allow .cmd as an executable extension.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Kari Likovuori <Kari.Likovuori mol.fi>] PR#2146

  *) Make Apache header files, and some variables, C++ friendly.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Michael Anderson's <mka redes.int.com.mx>]

  *) Child processes can now "signal" (by exiting with a status
     of APEXIT_CHILDFATAL) the parent process to abort and
     shutdown the server if the error in the child process was
     fatal enough. [Jim Jagielski]

  *) mod_autoindex's find_itme() was sensitive to MIME type case.
     [Jim Jagielski] PR#2112

  *) Make sure the referer_log and agent_log entries in the default httpd.conf
     file are also adjusted for the actual relative installation paths.
     [Ralf S. Engelschall] PR#2175

  *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]

  *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
     PR#1558

  *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3.
     Additionally the checks for finding the vendor DSO library were moved
     from mod_so.c to Configure because first it needs $PLAT etc. and second
     mod_so already uses an abstraction layer and does not fiddle with the
     vendor functions itself.
     [Jens-Uwe Mager, Ralf S. Engelschall]

  *) PORT: Some optimization defines for NetBSD
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jaromir Dolecek <dolecek ics.muni.cz>] PR#2165

  *) PORT: Dynamic Shared Object (DSO) support for NetBSD.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jaromir Dolecek <dolecek ics.muni.cz>, Ralf S. Engelschall] PR#2158

  *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older
     AIX variants should work fine, too. Even AIX 3.x should work). This is
     accomplished by using the free DSO emulation code from Jens-Uwe Mager
     which we put into a os/unix/os-dso-aix.c file.
     [Ralf S. Engelschall]
  
  *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply
     that we should use NET_SIZE_T == int but the include files force size_t.
     [Ralf S. Engelschall]

  *) Fix two bugs in select() handling in http_main.c.
     [Roy Fielding]

  *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO
     is unset (as it is in situations like timeouts) where it is unclear
     whether errno is set or not.  [Martin Kraemer]

  *) Just having APACI's localstatedir is too general and not enough for most
     of the systems. 1.3b6 again required manual APACI patches by package
Mark J. Cox's avatar
Mark J. Cox committed
     maintainers from Red Hat and FreeBSD because for their filesystem layout a
     little bit more flexibility in configuring the paths is needed. Hence we
     provide three additional configure options (--runtimedir, --logfiledir,
     --proxycachedir) which now can be used for more granular adjustments if
     --localstatedir is not enough to fit the particular needs. As a nice
     side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
     [Ralf S. Engelschall]

  *) Make the install root for "make install" in APACI's Makefile overrideable
     by package authors.  This way we are even more friendly to package
Mark J. Cox's avatar
Mark J. Cox committed
     maintainers (especially Debian and Red Hat) who build for the real prefix
     via "configure --prefix=/<real>" but use a different local prefix via
     "make root=/tmp/apache install" for rolling the package without bristling
     the target location on their system. 
     [Ralf S. Engelschall]

  *) Workaround sed limitations in APACI's configure script by now
     substituting in chunks of 50 commands (because for instance HPUX's vendor
     sed has a limit of max. 98 commands)
     [Ralf S. Engelschall] PR#2136

  *) Adding SOCKS5 support and fixing existing SOCKS4 support.
     [Ralf S. Engelschall] PR#2140

  *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG
     RENAMING process because they are defined as pre-processor macros instead
     of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd
     [Ralf S. Engelschall]

  *) Workaround braindead AWK's when generating ap_config.h: The split() and
     substr() functions cannot be nested under vendor AWK from Solaris 2.6.
     [Ralf S. Engelschall] PR#2139

  *) Various bugfixes and cleanups for the APACI configure script:
     o fix IFS handling for _nested_ situation
     o fix Perl interpreter search: take first one found instead of last one
     o fix DSO consistency check
     o print error messages to stderr instead of stdout
     o add install-quiet for --shadow situation to Makefile stub
     o reduce complexity by avoiding sed-hacks for rule and module list loops
     [Ralf S. Engelschall]

  *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114

  *) Make sure the input field separator (IFS) shell variable is explicitly
     initialized correctly before _every_ `for' loop and also restored after
     the loops. [Ralf S. Engelschall]

  *) Make sure that "make install" doesn't overwrite the `mime.types' and
     `magic' files from an existing Apache installation. Because people often
     customize these for own MIME and content types.
     [Ralf S. Engelschall]

  *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
     [Peter Galbavy, Ralf S. Engelschall] PR#2109

  *) Fix the path to the ScoreBoardFile in the install-config target, too.
     [Ralf S. Engelschall] PR#2105

  *) Let "configure" clear out the users parameters (provided as shell
     variables) to avoid side-effects in "src/Configure" when the user
     exported them (which is not needed, but some users do it). 
     [Ralf S. Engelschall] PR#2101

  *) Provide backward compatibility from some old src/Configuration.tmpl
     parameter names to the canonical Autoconf-style shell variable names. For
     instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now
     but a hint message is displayed. [Ralf S. Engelschall]
  
  *) Make sure that "make install" doesn't overwrite the DocumentRoot and
     CGI scripts from an existing Apache installation. 
     [Ralf S. Engelschall, Jim Jagielski] PR#2084

  *) Make `configure --compat' more "compatible" by first 
     let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
     second by making sure the "avoid-bristling-suffix" /apache is not
     appended to sysconfdir, datadir, localstatedir and includedir when
     --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]

  *) NeXT required strdup() in support/logresolve.c
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Francisco Tomei <fatomei sandburg.unm.edu>] PR#2082

  *) AIX required sys/select.h in support/ab.c
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jens Schleusener <Jens.Schleusener dlr.de>] PR#2081

  *) Fix the path to the MimeMagicFile in the install-config target, too.
     [Ralf S. Engelschall] PR#2089

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick colby.edu>]

  *) If you start apache with the -S command line option it will dump
     out the parsed vhost settings.  This is useful for folks trying
     to figure out what is wrong with their vhost configuration.
     (Other dumps may be added in the future.) [Dean Gaudet]

  *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
     ap_snprintf, and ap_psprintf).  See include/ap.h for docs.
     [Dean Gaudet]

  *) Because /usr/local/apache is the default prefix the ``configure
     --compat'' option no longer has to set prefix, again. This way the
     --compat option honors a leading --prefix option. [Lars Eilebrecht]

  *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
     to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
     to avoid "discard const" warnings. [Ralf S. Engelschall]

  *) If a specific handler is set for a file yet the request still
     ends up being handled by the default handler, log an error
     message before handling it.  This catches things such as trying 
     to use SSIs without mod_include enabled.  [Marc Slemko]

  *) Fix error logging for the startup case where ap_log_error() still uses
     stderr as the target. Now the default log level is honored here, too.
     [Ralf S. Engelschall]
    
  *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
     long" errors when generating the MODULES entry for src/Makefile
     [Ben Hyde, Ralf S. Engelschall]

  *) Make sure src/Configure doesn't complain about the old directory
     /usr/local/etc/httpd/ when APACI is used.  [Lars Eilebrecht]
   
Changes with Apache 1.3b6

  *) PORT: Clean up warnings on Ultrix and HPUX.  [Ben Hyde]
 
  *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
     interface via the similar but proprietary HP/UX shl_xxx-style system
     calls. [Ralf S. Engelschall]

  *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
     APACI Makefile.tmpl "install" target more robust for sensible UnixWare
     Make. [Ralf S. Engelschall]

  *) ++++ THE BIG SYMBOL RENAMING ++++
     To avoid symbol clashes with third-party code compiled into the server,
     we globally applied the prefix "ap_" to the following classes of
     functions:
        - Apache provided general functions (e.g., ap_cpystrn)
        - Public API functions (e.g., palloc, bgets)
        - Private functions which we can't make static (because of
          cross-object usage) but should be (e.g., new_connection)
     For backward source compatibility a new header file named compat.h was
     created which provides defines for the old symbol names and can be used
     by third-party module authors.
     [The Apache Group]

  *) Added dynamic shared object (DSO) support for SVR4-derivates: The
     problem under SVR4 is that there is no command flag to force the linker
     to export the global symbols of the httpd executable therewith they are
     available to the DSO's. Instead of problematic hacks like creating a
     dummy.so file (containing dummy references to all global symbols) the
     httpd binary is linked against, we use a clean trick stolen from Perl 5:
     Placing the Apache core code itself into a DSO library named libhttpd.so.
     This way the global symbols _HAVE_ to be exported and thus are available
     to any manually loaded DSO's under runtime. To reduce the impact to the
     user to null we go even further and create a stub httpd executable which
     automatically keeps track of the DSO library loading itself and thus
     hides the complete mechanism from the user. Although the generation of
     this DSO library is automatically triggered for platforms which
     essentially need it (mostly all SVR4-derivates) it can be also enabled
     manually via the Rule SHARED_CORE. This can be interesting in the future
     where we perhaps exploit this libhttpd.so mechanism for providing nifty
     features like graceful upgrades, or whatever. 
     [Ralf S. Engelschall, Martin Kraemer]

  *) Build the libraries before building the rest of the tools. [Ben Hyde]

  *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
     inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
     conventions while "clean" removes only stuff created by "all" targets,
     "distclean" additionally removes the stuff from the configuration
     process. This way "make distclean" (hence the name) provides a fresh
     source tree as it was for distribution.
     [Ralf S. Engelschall]

  *) Allow top-level (APACI) Makefile to break on build errors
     the same way the src/ subtree Makefiles breaks on them by replacing the
     initial APACI sed-subdir-display-kludge with a more clean
     variable-passing-solution: variable SDP can optionally hold the subdir
     prefix which is consistently used for displaying the subdir movement.
     This way even the top-level Makefile can stop correctly on errors as the
     user expects. [Ralf S. Engelschall]

  *) Fixed ordering of argument checks for RewriteBase directive.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Todd Eigenschink <eigenstr mixi.net>] PR#2045

  *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
     indicating that a module is being compiled for dynamic loading. Also
     remove #define IS_MODULE from modules and add SHARED_MODULE define
     to the mak/dsp files. [Alexei Kosut]

  *) Reduce logging level of "normal" warning messages to APLOG_INFO,
     since we are now logging APLOG_WARNING by default. [Roy Fielding]

  *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
 
  *) Add documentation file and src/Configuration.tmpl entry for the
     experimental mod_mmap_static module. Because although it is and marked as
     an experimental one it is distributed and thus should be documented and
     prepared for configuration the same way as all others modules. 
     [Ralf S. Engelschall]

  *) Add query (-q) option to apxs support tool to be able to manually query
     specific settings from apxs. This is needed for instance when you
     manually want to access Apache's header files and you need to assemble
     the -I option.  Now you can do -I`apxs -q INCLUDEDIR`.
     [Ralf S. Engelschall]

  *) Now src/Configure uses a fallback strategy for the shared object support
     on platforms where no explicit information is available: If a Perl
     installation exists we ask it about its shared object support and if it's
     the dlopen-style one we shamelessly guess the compiler and linker flags
     for creating shared objects from Perls knowledge. Of course, the user is
     warning about what we are doing and informed that he should send us
     the guessed flags when they work. [Ralf S. Engelschall]

  *) Provide APACI --without-support option to be able to disable the build
     and installation of the support tools from the src/support/ area.
     Although its useful to have these installed per default we should provide
     a way to compile and install without them for backward-compatibility.
     [Ralf S. Engelschall]

  *) Add of the new APache eXtenSion (apxs) support tool for building and
     installing modules into an _already installed_ Apache package through the
     dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
     this approach actually doesn't need the Apache source tree.  The
     (APACI-installed) server package is enough, because this now includes the
     Apache C header files (PREFIX/include) and the new APXS tool
     (SBINDIR/apxs).  The intend is to provide a handy tool for third-party
     module authors to build their Apache modules _OUTSIDE_ the Apache source
     tree while avoiding them to fiddle around with the totally platform
     dependend way of compiling DSO files. The tool supports all ranges of
     modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
     which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
     on-the-fly generate a minimalistic Makefile and sample module for the
     first step to provide both a quick success event and to demonstrate the
     APXS mechanism to module authors. [Ralf S. Engelschall]

  *) Fix core dumps in use of CONNECT in proxy.  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [<Rainer.Scherg rexroth.de>] PR#1326, #1573, #1942

  *) Modify the log directives in httpd.conf-dist files to use CustomLog
     so that users have examples of how CustomLog can be used.
     [Lars Eilebrecht]

  *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
     the Apache distribution tree.  Until Apache 1.3 there was no real
     out-of-the-box batch-capable build and installation procedure for the
     complete Apache package. This is now provided by a top-level "configure"
     script and a corresponding top-level "Makefile.tmpl" file.  The goal is
     to provide a GNU Autoconf-style frontend which is capable to both drive
     the old src/Configure stuff in batch and additionally installs the
     package with a GNU-conforming directory layout. Any options from the old
     configuration scheme are available plus a lot of new options for flexibly
     customizing Apache. [Ralf S. Engelschall]

  *) The floating point ap_snprintf code wasn't threadsafe.
     Had to remove the HAVE_CVT macro in order to do threadsafe
     calling of the ?cvt() floating point routines.  [Dean Gaudet]

  *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962

  *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
     [Jim Jagielski] PR#1901

  *) BUG: Configure was using TCC and CC inconsistently. Make sure
     Configure knows which CC we are using. [Jim Jagielski]

  *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
     was defined in a parent directory. [Lars Eilebrecht]

  *) API: ap_snprintf() code mutated into ap_vformatter(), which is
     a generic printf-style routine that can call arbitrary output
     routines.  Use this to replace http_bprintf.c.  Add new routines
     psprintf(), pvsprintf() which allocate the exact amount of memory
     required for a string from a pool.  Use psprintf() to clean up
     various bits of code which used ap_snprintf()/pstrdup().
     [Dean Gaudet]

  *) PORT: HAVE_SNPRINTF doesn't do anything any longer.  This is because
     ap_snprintf() has different semantics and formatting codes than
     snprintf().  [Dean Gaudet]

  *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time.  This
     is necessary on at least Solaris where the /etc/rc?.d scripts
     are run with these signals ignored, and "SIG_IGN" settings are
     maintained across exec().
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Rein Tollevik <reint sys.sol.no>] PR#2009

  *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
     used instead of lstat() and thus this flag didn't work as expected.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Rein Tollevik <reint sys.sol.no>] PR#2010

  *) Fix the proxy pass-through feature of mod_rewrite for the case of
     existing QUERY_STRING now that mod_proxy was recently changed because of
     the new URL parsing stuff. [Ralf S. Engelschall]

  *) A few changes to scoreboard definitions which helps gcc generate
     better code.  [Dean Gaudet]

  *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
     be a signed bitfield.  So mark a few bitfields as signed to
     ensure correct code.  [Dean Gaudet]

  *) The default for HostnameLookups was changed to Off, but there
     was a problem and it wasn't taking effect. [Dean Gaudet]

  *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
     [Dean Gaudet]

  *) After a SIGHUP the listening sockets in the parent weren't
     properly marked for closure on fork().
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Jürgen Keil <jk tools.de>] PR#2000
 
  *) Allow %2F in two situations: 1) it is in the query part of the URI,
     therefore not exposed to %2F -> '/' translations and 2) the request
     is a proxy request, so we're not dealing with a local resource anyway.
     Without this, the proxy would fail to work for any URL's with
     %2f in them (occurs quite often in
     http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]

  *) Protect against FD_SETSIZE mismatches.  [Dean Gaudet]

  *) Make the shared object compilation command more portable by avoiding
     the direct combination of `-c' & `-o' which is not honored by some
     compilers like UnixWare's cc. [Ralf S. Engelschall]

  *) WIN32: the proxy was creating filenames missing the last four
     characters.  While this normally doesn't stop anything from 
     working, it can result in extra collisions.  
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Tim Costello <tjcostel socs.uts.edu.au>] PR#1890

  *) Now mod_proxy uses the response string (in addition to the response status
     code) from the already used FTP SIZE command to setup the Content-Length
     header if available. [Ralf S. Engelschall] PR#1183

  *) Reanimated the (still undocumented) proxy receive buffer size directive:
     Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
     name was really too generic, added documentation for this directive to
     the mod_proxy.html and corrected the hyperlink to it in the
     new_features_1.3.html document.  [Ralf S. Engelschall] PR#1348

  *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
     faster [Martin Kraemer]
  
  *) Make Configure die when you give it an unknown command switch.
     [Ben Hyde]

  *) Add five new and fresh manpages for the support programs: dbmmanage.1,
     suexec.8, htdigest.1, rotatelogs.8 and logresolve.8.  Now all up-to-date
     and per default compiled support programs have manual pages - just to
     document our stuff a little bit more and to be able to do really
     Unix-like installations ;-) [Ralf S. Engelschall]

  *) Major cleanups to the Configure script to make it and its generated
     Makefiles again readable and maintainable: add SRCDIR option, removed
     INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
     generated sections, consequently added Makefile headers with inheritance
     information, added subdir movement messages for easier following where
     the build process currently stays (more verbose then standard Make, less
     verbose than GNU make), same style to comments in the Configure script,
     added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
     
  *) Add the new ApacheBench program "ab" to src/support/: This is derived
     from the ZeusBench benchmarking program and can be used to determine the
     response performance of an Apache installation. This version is
     officially licensed with Zeus Technology, Ltd. See the license agreement
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     statements in <199803171224.NAA24547 en1.engelschall.com> in apache-core.
     [Ralf S. Engelschall]

  *) API: Various core functions that are definately not part of the API
     have been made static, and a few have been marked API_EXPORT.  Still
     more have been marked CORE_EXPORT and are not intended for general
     use by modules.  [Doug MacEachern, Dean Gaudet]

  *) mod_proxy was not clearing the Proxy-Connection header from
     requests; now it does.  This did not violate any spec, however 
     causes poor interactions when you are talking to remote proxies.  
     [Marc Slemko] PR#1741

  *) Various cleanups to the command line interface and manual pages.
     [Ralf S. Engelschall]

  *) cfg_getline() was not properly handling lines that did not end
     with a line termination character.  [Marc Slemko] PR#1869, 1909

  *) Performance tweak to mod_log_config.  [Dmitry Khrustalev]

  *) Clean up some undocumented behavior of mod_setenvif related to
     "merging" two SetEnvIf directives when they match the same header
     and regex.  Document that mod_setenvif will perform comparisons in
     the order they appear in the config file.  Optimize mod_setenvif by
     doing more work at config time rather than at runtime.
     [Dean Gaudet]

  *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
     to allow for modules to overrule them and to reduce redefinition
     warnings [Jim Jagielski]

  *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
     [Jim Jagielski]

  *) Making the hard-coded cross-module function call mime_find_ct() (from
     mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
     checking is really called even for proxy requests except for URLs with
     HTTP schemes (because there we can optimize by not running the type
     checking hooks due to the fact that the proxy gets the MIME Content-type
     from the remote host later). This change cleans up mod_mime by removing
     the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
     especially unbundles mod_proxy and mod_mime. This way they both now can
     be compiled as shared objects and are no longer tied together. 
     [Ralf S. Engelschall]

  *) util.c cleanup and speedup. [Dean Gaudet]

  *) API: Clarification, pstrndup() will always copy n bytes of the source
     and NUL terminate at the (n+1)st byte.  [Dean Gaudet]

  *) Mark module command_rec and handler_rec structures const so that they
     end up in the read-only data section (and are friendlier to systems
     that don't do optimistic memory allocation on fork()). [Dean Gaudet]

  *) Add check to the "Port" directive to make sure the specified 
     port is in the appropriate range.  [Ben Hyde]

  *) Performance improvements to invoke_handler().
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Dmitry Khrustalev <dima bog.msu.su>]

  *) Added support for building shared objects even for library-style modules
     (which are built from more than one object file). This now provides the
     ability to build mod_proxy as a shared object module. Additionally
     modules like mod_example are now also supported for shared object
     building because the generated Makefiles now no longer assume there is at
     least one statically linked module. [Ralf S. Engelschall]

  *) API: Clarify usage of content_type, handler, content_encoding,
     content_language and content_languages fields in request_rec.  They
     must always be lowercased; and the strings pointed to shouldn't
     be modified (you must copy them to modify them).  Fix a few bugs
     related to this.  [Dean Gaudet]

  *) API: Clarification: except for RAW_ARGS, all command handlers can
     treat the char * parameters as permanent, and modifiable.  There
     is no need to pstrdup() them.  Clean up some needless pstrdup().
     [Dean Gaudet]

  *) Now mod_so keeps track of which module shared objects with which names
     are loaded and thus avoids multiple loading and unloading and irritating
     error_log messages. [Ralf S. Engelschall]

  *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
     environment variable in the apache core.  But that tweaking interferes
     with mod_setenv.  So don't tweak if the user has specified an explicit
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     TZ variable.  [Jay Soffian <jay cimedia.com>] PR#1888

  *) rputs() did not calculate r->sent_bodyct properly.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Siegmund Stirnweiss <siegst kat.ina.de>] PR#1900

  *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
     name, or left unset if this value is unavailable.  Apache was setting
     it to the IP address when unavailable.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Tony Finch <fanf demon.net>] PR#1925

  *) Various improvements to the configuration and build support for compiling
     modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
     OSF1 support with GCC and vendor compilers was added.  This way shared
     object support is now provided out-of-the-box for FreeBSD, Linux,
     Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
     [Ralf S. Engelschall]

  *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
     scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
     and USE_OS2_SCOREBOARD.  [Dean Gaudet]

  *) Fix one more special locking problem for RewriteMap programs in
     mod_rewrite: According to the documentation of flock(), "Locks are on
     files, not file descriptors.  That is, file descriptors duplicated
     through dup(2) or fork(2) do not result in multiple instances of a lock,
     but rather multiple references to a single lock. If a process holding a
     lock on a file forks and the child explicitly unlocks the file, the
     parent will lose its lock.". To overcome this we have to make sure the
     RewriteLock file is opened _AFTER_ the childs were spawned which is now
     the case by opening it in the child_init instead of the module_init API
     hook. [Ralf S. Engelschall] PR#1029

  *) Change to Location and LocationMatch semantics.  LocationMatch no
     longer lets a single slash match multiple adjacent slashes in the
     URL.  This change is for consistency with RewriteRule and
     AliasMatch.  Multiple slashes have meaning in URLs that they do
     not have in (some) filesystems.  Location on the other hand can
     be considered a shorthand for a more complicated regex, and it
     does match multiple slashes with a single slash -- which is
     also consistent with the Alias directive.
     [Dean Gaudet] related PR#1440

  *) Fix bug with mod_mime_magic causing certain files, including files
     of length 0, to result in no response from the server.
     [Dean Gaudet]

  *) The Configure script now generates src/include/ap_config.h which
     contains the set of defines used when Apache is compiled on a platform.
     This file can then be included by external modules before including
     any Apache header files in case they are being built separately from
     Apache.  Along with this change, a couple of minor changes were
     made to make Apache's #defines coexist peacefully with any autoconf
     defines an external module might have. [Rasmus Lerdorf]

  *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
     but without any RewriteXXXXX directives. Here mod_rewrite is given no
     chance by the API to initialize its per-server configuration and thus
     receives the wrong one from the main server. This is now avoided by
     remembering the server together with the config structure while
     configuring and later assuming there is no config when we see a
     difference between the remembered server and the one calling us. 
     [Ralf S. Engelschall] PR#1790

  *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
     is automatically disabled under configure time when the dbm_xxx functions
     are not available. Second, two heavy source code errors in the DBM
     support code were fixed.  This makes DBM RewriteMap's usable again after
     a long time of brokenness. [Ralf S. Engelschall] PR#1696

  *) Now all configuration files support Unix-style line-continuation via 
     the trailing backslash ("\") character. This enables us to write down
     complex or just very long directives in a more readable way.  The
     backslash character has to be really the last character before the
     newline and it has not been prefixed by another (escaping) backslash.
     [Ralf S. Engelschall]

  *) When using ProxyPass the ?querystring was not passed correctly.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Joel Truher <truher wired.com>]

  *) To deal with modules being compiled and [dynamically] linked
     at a different time from the core, the SERVER_VERSION and
     SERVER_BUILT symbols have been abstracted through the new
     API routines apapi_get_server_version() and apapi_get_server_built().
     [Ken Coar]  PR#1448

  *) WIN32: Preserve trailing slash in canonical path (and hence
     in PATH_INFO). [Paul Sutton, Ben Laurie]

  *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
     depending on the rev of Solaris and what mixture of modules
     are in use.  So it has been disabled, and Solaris is back to
     using USE_FCNTL_SERIALIZED_ACCEPT.  Users may experiment with
     USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
     up static content only servers.  Or it may fail unpredictably.
     [Dean Gaudet] PR#1779, 1854, 1904

  *) mod_test_util_uri.c created which tests the logic in util_uri.c.
     [Dean Gaudet]

  *) API: Rewrite of absoluteURI handling, and in particular how
     absoluteURIs match vhosts.  Unless a request is a proxy request, a
     "http://host" url is treated as if a similar "Host:" header had been
     supplied.  This change was made to support future HTTP/1.x protocols
     which may require clients to send absoluteURIs for all requests.

     In order to achieve this change subtle changes were made to the API.  In a
     request_rec, r->hostlen has been removed.  r->unparsed_uri now exists so
     that the unmodified uri can be retrieved easily.  r->proxyreq is not set
     by the core, modules must set it during the post_read_request or
     translate_names phase.

     Plus changes to the virtualhost test suite for absoluteURI testing.

     This fixes several bugs with the proxy proxying requests to vhosts
     managed by the same httpd.
     [Dean Gaudet]

  *) API: Cleanup of code in http_vhost.c, and remove vhost matching
     code from mod_rewrite.  The vhost matching is now performed by a
     globally available function matches_request_vhost().  [Dean Gaudet]

  *) Reduce memory usage, and speed up ServerAlias support.  As a
     side-effect users can list multiple ServerAlias directives
     and they're all considered.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Chia-liang Kao <clkao cirx.org>] PR#1531

  *) The "poly" directive in image maps did not include the borders of the
     polygon, whereas the "rect" directive does.  Fix this inconsistency.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Konstantin Morshnev <moko design.ru>] PR#1771
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Make \\ behave as expected.  [<Ronald.Tschalaer psi.ch>]

  *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     address. [Todd Eigenschink <eigenstr mixi.net>] PR#1885

  *) API: A new source module main/util_uri.c; It contains a routine
     parse_uri_components() and friends which breaks a URI into its component
     parts.  These parts are stored in a uri_components structure called
     parsed_uri within each request_rec, and are available to all modules.
     Additionally, an unparse routine is supplied which re-assembles the URI
     components back to an URI, optionally hiding the username:password@ part
     from ftp proxy requests, and other useful routines.  Within the structure,
     you find on a ready-for-use basis:
        scheme;     /* scheme ("http"/"ftp"/...) */
        hostinfo;   /* combined [user[:password]@]host[:port] */
        user;       /* user name, as in http://user:passwd@host:port/ */
        password;   /* password, as in http://user:passwd@host:port/ */
        hostname;   /* hostname from URI (or from Host: header) */
        port_str;   /* port string (integer representation is in "port") */
        path;       /* the request path (or "/" if only scheme://host was given) */
        query;      /* Everything after a '?' in the path, if present */
        fragment;   /* Trailing "#fragment" string, if present */
     This is meant to serve as the platform for *BIG* savings in
     code complexity for the proxy module (and maybe the vhost logic).
     [Martin Kraemer]

  *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
     ${map:key}) available for all location where a string is created in
     mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
     RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
     possible expansions are consequently usable at all string creation
     locations. [Ralf S. Engelschall]

  *) Fix initialization of RewriteLogLevel (default now is 0 as documented 
     and not 1) and the per-virtual-server merging of directives. Now all
     directives except `RewriteEngine' and `RewriteOption' are either
     completely overridden (default) or completely inherited (when
     `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325

  *) Fix `RewriteMap' program lookup in situations where such maps are
     defined but disabled (`RewriteEngine off') in per-server context. 
     [Ralf S. Engelschall] PR#1431

  *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
     server to bind to port 0 rather than 80.  [Dean Gaudet]

  *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
     (like SunOS and FreeBSD) which don't accept the locking of pipes
     directly.  A new directive RewriteLock is introduced which can be used to
     setup a separate locking file which then is used for synchronization.
     [Ralf S. Engelschall] PR#1029

  *) WIN32: The server root is obtained from the registry key
     HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
     "1.3 beta"), unless overridden by the -d command line flag. The
     value is stored by running "apache -i -d serverroot". [Paul Sutton]

  *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
     dynamic loading on Win32 and Unix via the same module. [Paul Sutton]

  *) Now mod_rewrite no longer makes problematic assumptions on the characters
     a username can contain when trying to expand it via /etc/passwd. 
     [Ralf S. Engelschall]

  *) The mod_setenvif BrowserMatch backwards compatibility command did not
     work properly with spaces in the regex.  [Ronald Tschalaer] PR#1825

  *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
     type but with a special post-processing for the looked-up value: It
     parses it into alternatives according to `|' chars and then only one
     particular alternative is chosen randomly (this is an essential
     functionality needed for balancing between backend-servers when using
     Apache as a Reverse Proxy.  The looked up value here is a list of
     servers). Second, `int' with the built-in maps named `tolower' and
     `toupper' which can be used to map URL parts to a fixed case (this is an
     essential feature to fix the case of server names when doing mass
     virtual-hosting with the help of mod_rewrite instead of using
     <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     Jay Soffian <jay cimedia.com>] PR#1631

  *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
     This directive lets Apache adjust the URL in Location-headers on HTTP
     redirect responses sent by the remote server. This way the virtually
     mapped area is no longer left on redirects and thus by-passed which is
     especially essential when running Apache as a reverse proxy.  
     [Ralf S. Engelschall]

  *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
     hidden. [Alvaro Martinez Echevarria]

  *) Apache will, when started with the -X (single process) debugging flag,
     honor the SIGINT or SIGQUIT signals again now. This capability got lost
     a while ago during OS/2 signal handling changes.

  *) [PORT] Work around the fact that NeXT runs on more than the
     m68k chips in mod_status [Scott Anguish and Timothy Luoma
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     <luomat peak.org>]

  *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
     as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     <ache nagual.pp.ru> and Jim] PR#1450

  *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
     In particular the handlers could trigger themselves into an infinite
     loop if RLimitMem was used with a small amount of memory -- too small
     for the signal stack frame to be set up.  [Dean Gaudet]

  *) Fix problems with absoluteURIs introduced during 1.3b4.  [Dean Gaudet,
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     Alvaro Martinez Echevarria <alvaro lander.es>]

  *) Fix multiple UserDir problem introduced during 1.3b4-dev.
     [Dean Gaudet] PR#1850

  *) ap_cpystrn() had an off-by-1 error.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Charles Fu <ccwf klab.caltech.edu>] PR#1847

  *) API: As Ken suggested the check_cmd_context() function and related
     defines are non-static now so modules can use 'em.  [Martin Kraemer]

  *) mod_info would occasionally produce an unpaired <tt> in its
     output. Fixed. [Martin Kraemer]

  *) By default AIX binds a process (and it's children) to a single
     processor.  httpd children now unbind themselves from that cpu
     and re-bind to one selected at random via bindprocessor()
     [Doug MacEachern]

  *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
     effect.  Work around it by using RLIMIT_AS for the RLimitMEM
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     directive.  [Enrik Berkhan <enrik inka.de>] PR#1816

  *) mod_mime_magic error message should indicate the filename when
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     reads fail.  ["M.D.Parker" <mdpc netcom.com>] PR#1827

  *) Previously Apache would permit </Files> to end <FilesMatch> (and
     similary for Location and Directory), now this is diagnosed as an
     error.  Improve error messages for mismatched sections (<Files>,
     <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
     [Dean Gaudet, Martin Kraemer]

  *) <Files> is not permitted within <Location> (because of the
     semantic ordering).  [Dean Gaudet] PR#379

  *) <Files> with wildcards was broken by the change in wildcard
     semantics (* does not match /).  To fix this, <Files> now
     apply only to the basename of the request filename.  This
     fixes some other inconsistencies in <Files> semantics
     (such as <Files a*b> not working).  [Dean Gaudet] PR#1817

  *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
     backup files are removed on "clean" target [Ralf S. Engelschall]

  *) PORT: Add -lm to LIBS for HPUX.  [Dean Gaudet] PR#1639

  *) Various errors from select() and accept() in child_main() would
     result in an infinite loop.  It seems these two tickle kernel
     or library bugs occasionally, and result in log spammage and
     a generally bad scene.  Now the child exits immediately,
     which seems to be a good workaround.
     [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588

  *) Cleaned up some race conditions in unix child_main during
     initialization. [Dean Gaudet]

  *) SECURITY: "UserDir /abspath" without a * in the path would allow
     remote users to access "/~.." and bypass access restrictions
     (but note /~../.. was handled properly).
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Lauri Jesmin <jesmin ut.ee>] PR#1701

  *) API: os_is_path_absolute() now takes a const char * instead of a char *.
     [Dean Gaudet]

Changes with Apache 1.3b5

  *) Source file dependencies in Makefile.tmpl files throughout the
     source tree were updated to accurately reflect reality.
     [Dean Gaudet]

  *) Preserve the content encoding given by the AddEncoding directive
     when the client doesn't otherwise specify an encoding.
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ronald Tschalaer <Ronald.Tschalaer psi.ch>]

  *) Sort out problems with canonical filename handling happening too late.
     [Dean Gaudet, Ben Laurie]

Changes with Apache 1.3b4

  *) The module structure was modified to include a *dynamic_load_handle
     in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
     has been bumped accordingly.  [Paul Sutton]

  *) All BrowserMatch directives mentioned in
     htdocs/manual/known_client_problems.html are in the default
     configuration files.  [Lars Eilebrecht]

  *) MiNT port update. [Jan Paul Schmidt]

  *) HTTP/1.1 requires x-gzip and gzip encodings be treated
     equivalent, similarly for x-compress and compress.  Apache
     now ignores a leading x- when comparing encodings.  It also
     preserves the encoding the client requests (for example if
     it requests x-gzip, then Apache will respond with x-gzip
     in the Content-Encoding header).
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     [Ronald Tschalaer <Ronald.Tschalaer psi.ch>] PR#1772

  *) Fix a memory leak on keep-alive connections.  [Igor Tatarinov]

  *) Added mod_so module to support dynamic loading of modules on Unix
     (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
     instead of AddModule in Configuration to build shared modules
     [Sameer Parekh, Paul Sutton]

  *) Minor cleanups to r->finfo handling in some modules.
     [Dean Gaudet]

  *) Abstract read()/write() to ap_read()/ap_write().
     Makes it easier to add other types of IO code such as SFIO.
     [Randy Terbush]

  *) API: Generalize default_port manipulations to make support of
     different protocols easier. [Ben Laurie, Randy Terbush]

  *) There are many cases where users do not want Apache to form
     self-referential urls using the "canonical" ServerName and Port.
     The new UseCanonicalName directive (default on), if set to off
     will cause Apache to use the client-supplied hostname and port.