Newer
Older
-*- coding: utf-8 -*-
Martin Kraemer
committed
Changes with Apache 2.3.0
[Remove entries to the current 2.0 and 2.2 section below, when backported]
*) SECURITY: CAN-2005-2700 (cve.mitre.org)
mod_ssl: Fix a security issue where "SSLVerifyClient" was not
enforced in per-location context if "SSLVerifyClient optional"
was configured in the vhost configuration. [Joe Orton]
*) mod_cgid: run the get_suexec_identity hook within the request-handler
instead of within cgid. PR36410. [Colm MacCarthaigh]
*) Correct mod_cgid's argv[0] so that the full path can be delved by the
invoked cgi application, to conform to the behavior of mod_cgi.
[Pradeep Kumar S <pradeep.smani gmail.com>]
*) Doxygen fixup [Neale Ranns <neale ranns.org>, Ian Holsman]
*) prefork, worker and event MPMs: Support a graceful-stop procedure:
Server will wait until existing requests are finished or until
"GracefulShutdownTimeout" number of seconds before exiting.
[Colm MacCarthaigh, Ken Coar, Bill Stoddard]
*) mod_cgid: Append .PID to the script socket filename and remove the
script socket on exit. [Colm MacCarthaigh]
*) prefork, worker and event MPMs: Prevent children from holding open
listening ports upon graceful restart or stop. PR28167.
*) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh]
*) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a
per-protocol, per-host and per-path basis. Intended for proxy
configurations. [Colm MacCarthaigh]
*) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
allowing string-valued client certificate attributes to be used for
access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
[Martin Kraemer, David Reid]
*) SECURITY: CAN-2005-2491 (cve.mitre.org):
Fix integer overflows in PCRE in quantifier parsing which could
be triggered by a local user through use of a carefully-crafted
regex in an .htaccess file. [Philip Hazel]
Jim Jagielski
committed
*) mod_proxy/mod_proxy_balancer: Provide a simple, functional
interface to add additional balancer lb selection methods
without requiring code changes to mod_proxy/mod_proxy_balancer;
these can be implemented via sub-modules now. [Jim Jagielski]
*) mod_cache: Fix incorrectly served 304 responses when expired cache
entity is valid, but cache is unwritable and headers cannot be
updated. [Colm MacCarthaigh <colm stdlib.net>]
*) mod_cache: Remove entities from the cache when re-validation
receives a 404 or other content-no-longer-present error.
[Rüdiger Plüm ruediger.pluem vodafone.com]
*) mod_disk_cache: Properly remove files from cache when needed.
[Rüdiger Plüm ruediger.pluem vodafone.com]
*) mod_disk_cache: Support htcacheclean removing directories.
[Andreas Steinmetz]
*) htcacheclean: Add -t option to remove empty directories.
[Colm MacCarthaigh <colm stdlib.net>]
*) Remove the base href tag from mod_proxy_ftp, as it breaks relative
links for clients not using an Authorization header. [Graham Leggett,
Jon Snow <jsnow27 gatesec.net>]
*) mod_cache: Restore the HTTP status of cached responses.
[Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]
*) mod_cache: Store varied contents all in the same prefix for a varied URI.
[Paul Querna]
*) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content
filters. [Paul Querna]
Paul Querna
committed
*) mod_negotiation: Correctly report 404 instead of 403 for missing files.
[Paul Querna]
*) new hook (request_status) that gets ran in proxy_handler just before
the final return. This gives modules an opportunity to do something
based on the proxy status. (minor MMN bump)
[Brian Akins <bakins turner.com>, Ian Holsman]
*) SECURITY: CAN-2005-2088
proxy: Correctly handle the Transfer-Encoding and Content-Length
the request includes a request body. Resolves an entire class of
proxy HTTP Request Splitting/Spoofing attacks. [William Rowe]
*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
*) Add additional SSLSessionCache option, 'nonenotnull', which is
similar to 'none' (disabling any external shared cache) but forces
OpenSSL to provide a non-null session ID. [Jim Jagielski]
Paul Querna
committed
*) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
[Paul Querna]
*) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
the negotiated compression. [Georg v. Zezschwitz <gvz 2scale.de>]
*) Fixed complaints about unpackaged files within the RPM build
after changes to the config files. [Graham Leggett]
*) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of
just closing the socket, a HTTP request is made, to make sure the child is
always awakened. [Paul Querna]
*) Fix htdbm password validation for records which included comments.
[Eric Covener <covener gmail.com>]
*) mod_cgid: Fix buffer overflow processing ScriptSock directive.
[Steve Kemp <steve steve.org.uk>]
*) mod_ssl: Setting the Protocol to 'https' can replace the use of the
'SSLEngine on' command. [Paul Querna]
*) core: Refactor the mapping of Accept Filters to Sockets. Add the
AcceptFilter and Protocol directives to aid in mapping filter types.
Extend the Listen directive to optionally take a protocol name.
[Paul Querna]
Paul Querna
committed
*) mod_disk_cache: Support storing multiple variations of one URL. PR 35211.
[Paul Querna]
Paul Querna
committed
*) mod_disk_cache: Atomically create the header data file. [Paul Querna]
Paul Querna
committed
*) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
[Paul Querna]
*) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'.
[Paul Querna]
*) proxy FTP: Fix confusion about globbing characters which could lead
to getting a directory listing when a file was requested. PR 34512.
[Sean <infamous41md hotmail.com>]
*) mod_mime_magic: Handle CRLF-format magic files so that it works with
the default installation on Windows. [Jeff Trawick]
Paul Querna
committed
*) core: Allow multiple modules to register interest in a single
configuration command. [Paul Querna]
*) EBCDIC: Handle chunked input from client or, with proxy, origin
server. [Jeff Trawick]
*) authn_provider_alias: Adds the configuration block tag
<AuthnProviderAlias baseProvider Alias>
Authentication directives contained within this block can be
referenced as a new authProvider using the AuthBasicProvider or
AuthDigestProvider directive. These directives will be merged in to
the per_dir configuration just before the base provider is called.
[Brad Nicholes]
*) ap_getword_conf: Fix backslashes at the end of configuration directives.
PR 34834. [Timo Viipuri <viipuri dlc.fi>]
*) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
Provide module hooks for apr_dbd; optimise for httpd
threaded and non-threaded arch [Nick Kew]
*) ab: SSL support rewritten, improved, and enabled if SSL is enabled
during the build; -f and -Z arguments added to specify SSL protocol
options. [Masaoki Kobayashi <masaoki techfirm.co.jp>]
*) Support the suppress-error-charset setting, as with Apache 1.3.x.
PR 31274. [Jeff Trawick]
*) Prevent hangs of child processes when writing to piped loggers at
the time of graceful restart. PR 26467. [Jeff Trawick]
*) mod_info: Show the Quick Handler [Paul Querna]
*) mod_ldap: Add the directive LDAPVerifyServerCert to specify
whether to force verification of the server certificate when
establishing an SSL connection to the LDAP server.
[Brad Nicholes]
*) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
Paul Querna
committed
hook. [Paul Querna]
Paul Querna
committed
*) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump)
[Paul Querna]
Loading full blame...