Skip to content
CHANGES 501 KiB
Newer Older
7001 7002 7003 7004 7005 7006 7007 7008 7009 7010 7011 7012 7013 7014 7015 7016 7017 7018 7019 7020 7021 7022 7023 7024 7025 7026 7027 7028 7029 7030 7031 7032 7033 7034 7035 7036 7037 7038 7039 7040 7041 7042 7043 7044 7045 7046 7047 7048 7049 7050 7051 7052 7053 7054 7055 7056 7057 7058 7059 7060 7061 7062 7063 7064 7065 7066 7067 7068 7069 7070 7071 7072 7073 7074 7075 7076 7077 7078 7079 7080 7081 7082 7083 7084 7085 7086 7087 7088 7089 7090 7091 7092 7093 7094 7095 7096 7097 7098 7099 7100 7101 7102 7103 7104 7105 7106 7107 7108 7109 7110 7111 7112 7113 7114 7115 7116 7117 7118 7119 7120 7121 7122 7123 7124 7125 7126 7127 7128 7129 7130 7131 7132 7133 7134 7135 7136 7137 7138 7139 7140 7141 7142 7143 7144 7145 7146 7147 7148 7149 7150 7151 7152 7153 7154 7155 7156 7157 7158 7159 7160 7161 7162 7163 7164 7165 7166 7167 7168 7169 7170 7171 7172 7173 7174 7175 7176 7177 7178 7179 7180 7181 7182 7183 7184 7185 7186 7187 7188 7189 7190 7191 7192 7193 7194 7195 7196 7197 7198 7199 7200 7201 7202 7203 7204 7205 7206 7207 7208 7209 7210 7211 7212 7213 7214 7215 7216 7217 7218 7219 7220 7221 7222 7223 7224 7225 7226 7227 7228 7229 7230 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 7242 7243 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 7263 7264 7265 7266 7267 7268 7269 7270 7271 7272 7273 7274 7275 7276 7277 7278 7279 7280 7281 7282 7283 7284 7285 7286 7287 7288 7289 7290 7291 7292 7293 7294 7295 7296 7297 7298 7299 7300 7301 7302 7303 7304 7305 7306 7307 7308 7309 7310 7311 7312 7313 7314 7315 7316 7317 7318 7319 7320 7321 7322 7323 7324 7325 7326 7327 7328 7329 7330 7331 7332 7333 7334 7335 7336 7337 7338 7339 7340 7341 7342 7343 7344 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 7356 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 7463 7464 7465 7466 7467 7468 7469 7470 7471 7472 7473 7474 7475 7476 7477 7478 7479 7480 7481 7482 7483 7484 7485 7486 7487 7488 7489 7490 7491 7492 7493 7494 7495 7496 7497 7498 7499 7500 7501 7502 7503 7504 7505 7506 7507 7508 7509 7510 7511 7512 7513 7514 7515 7516 7517 7518 7519 7520 7521 7522 7523 7524 7525 7526 7527 7528 7529 7530 7531 7532 7533 7534 7535 7536 7537 7538 7539 7540 7541 7542 7543 7544 7545 7546 7547 7548 7549 7550 7551 7552 7553 7554 7555 7556 7557 7558 7559 7560 7561 7562 7563 7564 7565 7566 7567 7568 7569 7570 7571 7572 7573 7574 7575 7576 7577 7578 7579 7580 7581 7582 7583 7584 7585 7586 7587 7588 7589 7590 7591 7592 7593 7594 7595 7596 7597 7598 7599 7600 7601 7602 7603 7604 7605 7606 7607 7608 7609 7610 7611 7612 7613 7614 7615 7616 7617 7618 7619 7620 7621 7622 7623 7624 7625 7626 7627 7628 7629 7630 7631 7632 7633 7634 7635 7636 7637 7638 7639 7640 7641 7642 7643 7644 7645 7646 7647 7648 7649 7650 7651 7652 7653 7654 7655 7656 7657 7658 7659 7660 7661 7662 7663 7664 7665 7666 7667 7668 7669 7670 7671 7672 7673 7674 7675 7676 7677 7678 7679 7680 7681 7682 7683 7684 7685 7686 7687 7688 7689 7690 7691 7692 7693 7694 7695 7696 7697 7698 7699 7700 7701 7702 7703 7704 7705 7706 7707 7708 7709 7710 7711 7712 7713 7714 7715 7716 7717 7718 7719 7720 7721 7722 7723 7724 7725 7726 7727 7728 7729 7730 7731 7732 7733 7734 7735 7736 7737 7738 7739 7740 7741 7742 7743 7744 7745 7746 7747 7748 7749 7750 7751 7752 7753 7754 7755 7756 7757 7758 7759 7760 7761 7762 7763 7764 7765 7766 7767 7768 7769 7770 7771 7772 7773 7774 7775 7776 7777 7778 7779 7780 7781 7782 7783 7784 7785 7786 7787 7788 7789 7790 7791 7792 7793 7794 7795 7796 7797 7798 7799 7800 7801 7802 7803 7804 7805 7806 7807 7808 7809 7810 7811 7812 7813 7814 7815 7816 7817 7818 7819 7820 7821 7822 7823 7824 7825 7826 7827 7828 7829 7830 7831 7832 7833 7834 7835 7836 7837 7838 7839 7840 7841 7842 7843 7844 7845 7846 7847 7848 7849 7850 7851 7852 7853 7854 7855 7856 7857 7858 7859 7860 7861 7862 7863 7864 7865 7866 7867 7868 7869 7870 7871 7872 7873 7874 7875 7876 7877 7878 7879 7880 7881 7882 7883 7884 7885 7886 7887 7888 7889 7890 7891 7892 7893 7894 7895 7896 7897 7898 7899 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 7921 7922 7923 7924 7925 7926 7927 7928 7929 7930 7931 7932 7933 7934 7935 7936 7937 7938 7939 7940 7941 7942 7943 7944 7945 7946 7947 7948 7949 7950 7951 7952 7953 7954 7955 7956 7957 7958 7959 7960 7961 7962 7963 7964 7965 7966 7967 7968 7969 7970 7971 7972 7973 7974 7975 7976 7977 7978 7979 7980 7981 7982 7983 7984 7985 7986 7987 7988 7989 7990 7991 7992 7993 7994 7995 7996 7997 7998 7999 8000

  *) Make `configure --compat' more "compatible" by first 
     let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
     second by making sure the "avoid-bristling-suffix" /apache is not
     appended to sysconfdir, datadir, localstatedir and includedir when
     --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]

  *) NeXT required strdup() in support/logresolve.c
     [Francisco Tomei <fatomei@sandburg.unm.edu>] PR#2082

  *) AIX required sys/select.h in support/ab.c
     [Jens Schleusener <Jens.Schleusener@dlr.de>] PR#2081

  *) Fix the path to the MimeMagicFile in the install-config target, too.
     [Ralf S. Engelschall] PR#2089

  *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick@colby.edu>]

  *) If you start apache with the -S command line option it will dump
     out the parsed vhost settings.  This is useful for folks trying
     to figure out what is wrong with their vhost configuration.
     (Other dumps may be added in the future.) [Dean Gaudet]

  *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
     ap_snprintf, and ap_psprintf).  See include/ap.h for docs.
     [Dean Gaudet]

  *) Because /usr/local/apache is the default prefix the ``configure
     --compat'' option no longer has to set prefix, again. This way the
     --compat option honors a leading --prefix option. [Lars Eilebrecht]

  *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
     to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
     to avoid "discard const" warnings. [Ralf S. Engelschall]

  *) If a specific handler is set for a file yet the request still
     ends up being handled by the default handler, log an error
     message before handling it.  This catches things such as trying 
     to use SSIs without mod_include enabled.  [Marc Slemko]

  *) Fix error logging for the startup case where ap_log_error() still uses
     stderr as the target. Now the default log level is honored here, too.
     [Ralf S. Engelschall]
    
  *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
     long" errors when generating the MODULES entry for src/Makefile
     [Ben Hyde, Ralf S. Engelschall]

  *) Make sure src/Configure doesn't complain about the old directory
     /usr/local/etc/httpd/ when APACI is used.  [Lars Eilebrecht]
   
Changes with Apache 1.3b6

  *) PORT: Clean up warnings on Ultrix and HPUX.  [Ben Hyde]
 
  *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
     interface via the similar but proprietary HP/UX shl_xxx-style system
     calls. [Ralf S. Engelschall]

  *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
     APACI Makefile.tmpl "install" target more robust for sensible UnixWare
     Make. [Ralf S. Engelschall]

  *) ++++ THE BIG SYMBOL RENAMING ++++
     To avoid symbol clashes with third-party code compiled into the server,
     we globally applied the prefix "ap_" to the following classes of
     functions:
        - Apache provided general functions (e.g., ap_cpystrn)
        - Public API functions (e.g., palloc, bgets)
        - Private functions which we can't make static (because of
          cross-object usage) but should be (e.g., new_connection)
     For backward source compatibility a new header file named compat.h was
     created which provides defines for the old symbol names and can be used
     by third-party module authors.
     [The Apache Group]

  *) Added dynamic shared object (DSO) support for SVR4-derivates: The
     problem under SVR4 is that there is no command flag to force the linker
     to export the global symbols of the httpd executable therewith they are
     available to the DSO's. Instead of problematic hacks like creating a
     dummy.so file (containing dummy references to all global symbols) the
     httpd binary is linked against, we use a clean trick stolen from Perl 5:
     Placing the Apache core code itself into a DSO library named libhttpd.so.
     This way the global symbols _HAVE_ to be exported and thus are available
     to any manually loaded DSO's under runtime. To reduce the impact to the
     user to null we go even further and create a stub httpd executable which
     automatically keeps track of the DSO library loading itself and thus
     hides the complete mechanism from the user. Although the generation of
     this DSO library is automatically triggered for platforms which
     essentially need it (mostly all SVR4-derivates) it can be also enabled
     manually via the Rule SHARED_CORE. This can be interesting in the future
     where we perhaps exploit this libhttpd.so mechanism for providing nifty
     features like graceful upgrades, or whatever. 
     [Ralf S. Engelschall, Martin Kraemer]

  *) Build the libraries before building the rest of the tools. [Ben Hyde]

  *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
     inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
     conventions while "clean" removes only stuff created by "all" targets,
     "distclean" additionally removes the stuff from the configuration
     process. This way "make distclean" (hence the name) provides a fresh
     source tree as it was for distribution.
     [Ralf S. Engelschall]

  *) Allow top-level (APACI) Makefile to break on build errors
     the same way the src/ subtree Makefiles breaks on them by replacing the
     initial APACI sed-subdir-display-kludge with a more clean
     variable-passing-solution: variable SDP can optionally hold the subdir
     prefix which is consistently used for displaying the subdir movement.
     This way even the top-level Makefile can stop correctly on errors as the
     user expects. [Ralf S. Engelschall]

  *) Fixed ordering of argument checks for RewriteBase directive.
     [Todd Eigenschink <eigenstr@mixi.net>] PR#2045

  *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
     indicating that a module is being compiled for dynamic loading. Also
     remove #define IS_MODULE from modules and add SHARED_MODULE define
     to the mak/dsp files. [Alexei Kosut]

  *) Reduce logging level of "normal" warning messages to APLOG_INFO,
     since we are now logging APLOG_WARNING by default. [Roy Fielding]

  *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
 
  *) Add documentation file and src/Configuration.tmpl entry for the
     experimental mod_mmap_static module. Because although it is and marked as
     an experimental one it is distributed and thus should be documented and
     prepared for configuration the same way as all others modules. 
     [Ralf S. Engelschall]

  *) Add query (-q) option to apxs support tool to be able to manually query
     specific settings from apxs. This is needed for instance when you
     manually want to access Apache's header files and you need to assemble
     the -I option.  Now you can do -I`apxs -q INCLUDEDIR`.
     [Ralf S. Engelschall]

  *) Now src/Configure uses a fallback strategy for the shared object support
     on platforms where no explicit information is available: If a Perl
     installation exists we ask it about its shared object support and if it's
     the dlopen-style one we shamelessly guess the compiler and linker flags
     for creating shared objects from Perls knowledge. Of course, the user is
     warning about what we are doing and informed that he should send us
     the guessed flags when they work. [Ralf S. Engelschall]

  *) Provide APACI --without-support option to be able to disable the build
     and installation of the support tools from the src/support/ area.
     Although its useful to have these installed per default we should provide
     a way to compile and install without them for backward-compatibility.
     [Ralf S. Engelschall]

  *) Add of the new APache eXtenSion (apxs) support tool for building and
     installing modules into an _already installed_ Apache package through the
     dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
     this approach actually doesn't need the Apache source tree.  The
     (APACI-installed) server package is enough, because this now includes the
     Apache C header files (PREFIX/include) and the new APXS tool
     (SBINDIR/apxs).  The intend is to provide a handy tool for third-party
     module authors to build their Apache modules _OUTSIDE_ the Apache source
     tree while avoiding them to fiddle around with the totally platform
     dependend way of compiling DSO files. The tool supports all ranges of
     modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
     which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
     on-the-fly generate a minimalistic Makefile and sample module for the
     first step to provide both a quick success event and to demonstrate the
     APXS mechanism to module authors. [Ralf S. Engelschall]

  *) Fix core dumps in use of CONNECT in proxy.  
     [Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942

  *) Modify the log directives in httpd.conf-dist files to use CustomLog
     so that users have examples of how CustomLog can be used.
     [Lars Eilebrecht]

  *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
     the Apache distribution tree.  Until Apache 1.3 there was no real
     out-of-the-box batch-capable build and installation procedure for the
     complete Apache package. This is now provided by a top-level "configure"
     script and a corresponding top-level "Makefile.tmpl" file.  The goal is
     to provide a GNU Autoconf-style frontend which is capable to both drive
     the old src/Configure stuff in batch and additionally installs the
     package with a GNU-conforming directory layout. Any options from the old
     configuration scheme are available plus a lot of new options for flexibly
     customizing Apache. [Ralf S. Engelschall]

  *) The floating point ap_snprintf code wasn't threadsafe.
     Had to remove the HAVE_CVT macro in order to do threadsafe
     calling of the ?cvt() floating point routines.  [Dean Gaudet]

  *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962

  *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
     [Jim Jagielski] PR#1901

  *) BUG: Configure was using TCC and CC inconsistently. Make sure
     Configure knows which CC we are using. [Jim Jagielski]

  *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
     was defined in a parent directory. [Lars Eilebrecht]

  *) API: ap_snprintf() code mutated into ap_vformatter(), which is
     a generic printf-style routine that can call arbitrary output
     routines.  Use this to replace http_bprintf.c.  Add new routines
     psprintf(), pvsprintf() which allocate the exact amount of memory
     required for a string from a pool.  Use psprintf() to clean up
     various bits of code which used ap_snprintf()/pstrdup().
     [Dean Gaudet]

  *) PORT: HAVE_SNPRINTF doesn't do anything any longer.  This is because
     ap_snprintf() has different semantics and formatting codes than
     snprintf().  [Dean Gaudet]

  *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time.  This
     is necessary on at least Solaris where the /etc/rc?.d scripts
     are run with these signals ignored, and "SIG_IGN" settings are
     maintained across exec().
     [Rein Tollevik <reint@sys.sol.no>] PR#2009

  *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
     used instead of lstat() and thus this flag didn't work as expected.
     [Rein Tollevik <reint@sys.sol.no>] PR#2010

  *) Fix the proxy pass-through feature of mod_rewrite for the case of
     existing QUERY_STRING now that mod_proxy was recently changed because of
     the new URL parsing stuff. [Ralf S. Engelschall]

  *) A few changes to scoreboard definitions which helps gcc generate
     better code.  [Dean Gaudet]

  *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
     be a signed bitfield.  So mark a few bitfields as signed to
     ensure correct code.  [Dean Gaudet]

  *) The default for HostnameLookups was changed to Off, but there
     was a problem and it wasn't taking effect. [Dean Gaudet]

  *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
     [Dean Gaudet]

  *) After a SIGHUP the listening sockets in the parent weren't
     properly marked for closure on fork().
     [Jürgen Keil <jk@tools.de>] PR#2000
 
  *) Allow %2F in two situations: 1) it is in the query part of the URI,
     therefore not exposed to %2F -> '/' translations and 2) the request
     is a proxy request, so we're not dealing with a local resource anyway.
     Without this, the proxy would fail to work for any URL's with
     %2f in them (occurs quite often in
     http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]

  *) Protect against FD_SETSIZE mismatches.  [Dean Gaudet]

  *) Make the shared object compilation command more portable by avoiding
     the direct combination of `-c' & `-o' which is not honored by some
     compilers like UnixWare's cc. [Ralf S. Engelschall]

  *) WIN32: the proxy was creating filenames missing the last four
     characters.  While this normally doesn't stop anything from 
     working, it can result in extra collisions.  
     [Tim Costello <tjcostel@socs.uts.edu.au>] PR#1890

  *) Now mod_proxy uses the response string (in addition to the response status
     code) from the already used FTP SIZE command to setup the Content-Length
     header if available. [Ralf S. Engelschall] PR#1183

  *) Reanimated the (still undocumented) proxy receive buffer size directive:
     Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
     name was really too generic, added documentation for this directive to
     the mod_proxy.html and corrected the hyperlink to it in the
     new_features_1.3.html document.  [Ralf S. Engelschall] PR#1348

  *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
     faster [Martin Kraemer]
  
  *) Make Configure die when you give it an unknown command switch.
     [Ben Hyde]

  *) Add five new and fresh manpages for the support programs: dbmmanage.1,
     suexec.8, htdigest.1, rotatelogs.8 and logresolve.8.  Now all up-to-date
     and per default compiled support programs have manual pages - just to
     document our stuff a little bit more and to be able to do really
     Unix-like installations ;-) [Ralf S. Engelschall]

  *) Major cleanups to the Configure script to make it and its generated
     Makefiles again readable and maintainable: add SRCDIR option, removed
     INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
     generated sections, consequently added Makefile headers with inheritance
     information, added subdir movement messages for easier following where
     the build process currently stays (more verbose then standard Make, less
     verbose than GNU make), same style to comments in the Configure script,
     added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
     
  *) Add the new ApacheBench program "ab" to src/support/: This is derived
     from the ZeusBench benchmarking program and can be used to determine the
     response performance of an Apache installation. This version is
     officially licensed with Zeus Technology, Ltd. See the license agreement
     statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core.
     [Ralf S. Engelschall]

  *) API: Various core functions that are definately not part of the API
     have been made static, and a few have been marked API_EXPORT.  Still
     more have been marked CORE_EXPORT and are not intended for general
     use by modules.  [Doug MacEachern, Dean Gaudet]

  *) mod_proxy was not clearing the Proxy-Connection header from
     requests; now it does.  This did not violate any spec, however 
     causes poor interactions when you are talking to remote proxies.  
     [Marc Slemko] PR#1741

  *) Various cleanups to the command line interface and manual pages.
     [Ralf S. Engelschall]

  *) cfg_getline() was not properly handling lines that did not end
     with a line termination character.  [Marc Slemko] PR#1869, 1909

  *) Performance tweak to mod_log_config.  [Dmitry Khrustalev]

  *) Clean up some undocumented behavior of mod_setenvif related to
     "merging" two SetEnvIf directives when they match the same header
     and regex.  Document that mod_setenvif will perform comparisons in
     the order they appear in the config file.  Optimize mod_setenvif by
     doing more work at config time rather than at runtime.
     [Dean Gaudet]

  *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
     to allow for modules to overrule them and to reduce redefinition
     warnings [Jim Jagielski]

  *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
     [Jim Jagielski]

  *) Making the hard-coded cross-module function call mime_find_ct() (from
     mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
     checking is really called even for proxy requests except for URLs with
     HTTP schemes (because there we can optimize by not running the type
     checking hooks due to the fact that the proxy gets the MIME Content-type
     from the remote host later). This change cleans up mod_mime by removing
     the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
     especially unbundles mod_proxy and mod_mime. This way they both now can
     be compiled as shared objects and are no longer tied together. 
     [Ralf S. Engelschall]

  *) util.c cleanup and speedup. [Dean Gaudet]

  *) API: Clarification, pstrndup() will always copy n bytes of the source
     and NUL terminate at the (n+1)st byte.  [Dean Gaudet]

  *) Mark module command_rec and handler_rec structures const so that they
     end up in the read-only data section (and are friendlier to systems
     that don't do optimistic memory allocation on fork()). [Dean Gaudet]

  *) Add check to the "Port" directive to make sure the specified 
     port is in the appropriate range.  [Ben Hyde]

  *) Performance improvements to invoke_handler().
     [Dmitry Khrustalev <dima@bog.msu.su>]

  *) Added support for building shared objects even for library-style modules
     (which are built from more than one object file). This now provides the
     ability to build mod_proxy as a shared object module. Additionally
     modules like mod_example are now also supported for shared object
     building because the generated Makefiles now no longer assume there is at
     least one statically linked module. [Ralf S. Engelschall]

  *) API: Clarify usage of content_type, handler, content_encoding,
     content_language and content_languages fields in request_rec.  They
     must always be lowercased; and the strings pointed to shouldn't
     be modified (you must copy them to modify them).  Fix a few bugs
     related to this.  [Dean Gaudet]

  *) API: Clarification: except for RAW_ARGS, all command handlers can
     treat the char * parameters as permanent, and modifiable.  There
     is no need to pstrdup() them.  Clean up some needless pstrdup().
     [Dean Gaudet]

  *) Now mod_so keeps track of which module shared objects with which names
     are loaded and thus avoids multiple loading and unloading and irritating
     error_log messages. [Ralf S. Engelschall]

  *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
     environment variable in the apache core.  But that tweaking interferes
     with mod_setenv.  So don't tweak if the user has specified an explicit
     TZ variable.  [Jay Soffian <jay@cimedia.com>] PR#1888

  *) rputs() did not calculate r->sent_bodyct properly.
     [Siegmund Stirnweiss <siegst@kat.ina.de>] PR#1900

  *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
     name, or left unset if this value is unavailable.  Apache was setting
     it to the IP address when unavailable.
     [Tony Finch <fanf@demon.net>] PR#1925

  *) Various improvements to the configuration and build support for compiling
     modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
     OSF1 support with GCC and vendor compilers was added.  This way shared
     object support is now provided out-of-the-box for FreeBSD, Linux,
     Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
     [Ralf S. Engelschall]

  *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
     scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
     and USE_OS2_SCOREBOARD.  [Dean Gaudet]

  *) Fix one more special locking problem for RewriteMap programs in
     mod_rewrite: According to the documentation of flock(), "Locks are on
     files, not file descriptors.  That is, file descriptors duplicated
     through dup(2) or fork(2) do not result in multiple instances of a lock,
     but rather multiple references to a single lock. If a process holding a
     lock on a file forks and the child explicitly unlocks the file, the
     parent will lose its lock.". To overcome this we have to make sure the
     RewriteLock file is opened _AFTER_ the childs were spawned which is now
     the case by opening it in the child_init instead of the module_init API
     hook. [Ralf S. Engelschall] PR#1029

  *) Change to Location and LocationMatch semantics.  LocationMatch no
     longer lets a single slash match multiple adjacent slashes in the
     URL.  This change is for consistency with RewriteRule and
     AliasMatch.  Multiple slashes have meaning in URLs that they do
     not have in (some) filesystems.  Location on the other hand can
     be considered a shorthand for a more complicated regex, and it
     does match multiple slashes with a single slash -- which is
     also consistent with the Alias directive.
     [Dean Gaudet] related PR#1440

  *) Fix bug with mod_mime_magic causing certain files, including files
     of length 0, to result in no response from the server.
     [Dean Gaudet]

  *) The Configure script now generates src/include/ap_config.h which
     contains the set of defines used when Apache is compiled on a platform.
     This file can then be included by external modules before including
     any Apache header files in case they are being built separately from
     Apache.  Along with this change, a couple of minor changes were
     made to make Apache's #defines coexist peacefully with any autoconf
     defines an external module might have. [Rasmus Lerdorf]

  *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
     but without any RewriteXXXXX directives. Here mod_rewrite is given no
     chance by the API to initialize its per-server configuration and thus
     receives the wrong one from the main server. This is now avoided by
     remembering the server together with the config structure while
     configuring and later assuming there is no config when we see a
     difference between the remembered server and the one calling us. 
     [Ralf S. Engelschall] PR#1790

  *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
     is automatically disabled under configure time when the dbm_xxx functions
     are not available. Second, two heavy source code errors in the DBM
     support code were fixed.  This makes DBM RewriteMap's usable again after
     a long time of brokenness. [Ralf S. Engelschall] PR#1696

  *) Now all configuration files support Unix-style line-continuation via 
     the trailing backslash ("\") character. This enables us to write down
     complex or just very long directives in a more readable way.  The
     backslash character has to be really the last character before the
     newline and it has not been prefixed by another (escaping) backslash.
     [Ralf S. Engelschall]

  *) When using ProxyPass the ?querystring was not passed correctly.
     [Joel Truher <truher@wired.com>]

  *) To deal with modules being compiled and [dynamically] linked
     at a different time from the core, the SERVER_VERSION and
     SERVER_BUILT symbols have been abstracted through the new
     API routines apapi_get_server_version() and apapi_get_server_built().
     [Ken Coar]  PR#1448

  *) WIN32: Preserve trailing slash in canonical path (and hence
     in PATH_INFO). [Paul Sutton, Ben Laurie]

  *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
     depending on the rev of Solaris and what mixture of modules
     are in use.  So it has been disabled, and Solaris is back to
     using USE_FCNTL_SERIALIZED_ACCEPT.  Users may experiment with
     USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
     up static content only servers.  Or it may fail unpredictably.
     [Dean Gaudet] PR#1779, 1854, 1904

  *) mod_test_util_uri.c created which tests the logic in util_uri.c.
     [Dean Gaudet]

  *) API: Rewrite of absoluteURI handling, and in particular how
     absoluteURIs match vhosts.  Unless a request is a proxy request, a
     "http://host" url is treated as if a similar "Host:" header had been
     supplied.  This change was made to support future HTTP/1.x protocols
     which may require clients to send absoluteURIs for all requests.

     In order to achieve this change subtle changes were made to the API.  In a
     request_rec, r->hostlen has been removed.  r->unparsed_uri now exists so
     that the unmodified uri can be retrieved easily.  r->proxyreq is not set
     by the core, modules must set it during the post_read_request or
     translate_names phase.

     Plus changes to the virtualhost test suite for absoluteURI testing.

     This fixes several bugs with the proxy proxying requests to vhosts
     managed by the same httpd.
     [Dean Gaudet]

  *) API: Cleanup of code in http_vhost.c, and remove vhost matching
     code from mod_rewrite.  The vhost matching is now performed by a
     globally available function matches_request_vhost().  [Dean Gaudet]

  *) Reduce memory usage, and speed up ServerAlias support.  As a
     side-effect users can list multiple ServerAlias directives
     and they're all considered.
     [Chia-liang Kao <clkao@cirx.org>] PR#1531

  *) The "poly" directive in image maps did not include the borders of the
     polygon, whereas the "rect" directive does.  Fix this inconsistency.
     [Konstantin Morshnev <moko@design.ru>] PR#1771

  *) Make \\ behave as expected.  [Ronald.Tschalaer@psi.ch]

  *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
     address. [Todd Eigenschink <eigenstr@mixi.net>] PR#1885

  *) API: A new source module main/util_uri.c; It contains a routine
     parse_uri_components() and friends which breaks a URI into its component
     parts.  These parts are stored in a uri_components structure called
     parsed_uri within each request_rec, and are available to all modules.
     Additionally, an unparse routine is supplied which re-assembles the URI
     components back to an URI, optionally hiding the username:password@ part
     from ftp proxy requests, and other useful routines.  Within the structure,
     you find on a ready-for-use basis:
        scheme;     /* scheme ("http"/"ftp"/...) */
        hostinfo;   /* combined [user[:password]@]host[:port] */
        user;       /* user name, as in http://user:passwd@host:port/ */
        password;   /* password, as in http://user:passwd@host:port/ */
        hostname;   /* hostname from URI (or from Host: header) */
        port_str;   /* port string (integer representation is in "port") */
        path;       /* the request path (or "/" if only scheme://host was given) */
        query;      /* Everything after a '?' in the path, if present */
        fragment;   /* Trailing "#fragment" string, if present */
     This is meant to serve as the platform for *BIG* savings in
     code complexity for the proxy module (and maybe the vhost logic).
     [Martin Kraemer]

  *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
     ${map:key}) available for all location where a string is created in
     mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
     RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
     possible expansions are consequently usable at all string creation
     locations. [Ralf S. Engelschall]

  *) Fix initialization of RewriteLogLevel (default now is 0 as documented 
     and not 1) and the per-virtual-server merging of directives. Now all
     directives except `RewriteEngine' and `RewriteOption' are either
     completely overridden (default) or completely inherited (when
     `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325

  *) Fix `RewriteMap' program lookup in situations where such maps are
     defined but disabled (`RewriteEngine off') in per-server context. 
     [Ralf S. Engelschall] PR#1431

  *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
     server to bind to port 0 rather than 80.  [Dean Gaudet]

  *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
     (like SunOS and FreeBSD) which don't accept the locking of pipes
     directly.  A new directive RewriteLock is introduced which can be used to
     setup a separate locking file which then is used for synchronization.
     [Ralf S. Engelschall] PR#1029

  *) WIN32: The server root is obtained from the registry key
     HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
     "1.3 beta"), unless overridden by the -d command line flag. The
     value is stored by running "apache -i -d serverroot". [Paul Sutton]

  *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
     dynamic loading on Win32 and Unix via the same module. [Paul Sutton]

  *) Now mod_rewrite no longer makes problematic assumptions on the characters
     a username can contain when trying to expand it via /etc/passwd. 
     [Ralf S. Engelschall]

  *) The mod_setenvif BrowserMatch backwards compatibility command did not
     work properly with spaces in the regex.  [Ronald Tschalaer] PR#1825

  *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
     type but with a special post-processing for the looked-up value: It
     parses it into alternatives according to `|' chars and then only one
     particular alternative is chosen randomly (this is an essential
     functionality needed for balancing between backend-servers when using
     Apache as a Reverse Proxy.  The looked up value here is a list of
     servers). Second, `int' with the built-in maps named `tolower' and
     `toupper' which can be used to map URL parts to a fixed case (this is an
     essential feature to fix the case of server names when doing mass
     virtual-hosting with the help of mod_rewrite instead of using
     <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
     Jay Soffian <jay@cimedia.com>] PR#1631

  *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
     This directive lets Apache adjust the URL in Location-headers on HTTP
     redirect responses sent by the remote server. This way the virtually
     mapped area is no longer left on redirects and thus by-passed which is
     especially essential when running Apache as a reverse proxy.  
     [Ralf S. Engelschall]

  *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
     hidden. [Alvaro Martinez Echevarria]

  *) Apache will, when started with the -X (single process) debugging flag,
     honor the SIGINT or SIGQUIT signals again now. This capability got lost
     a while ago during OS/2 signal handling changes.

  *) [PORT] Work around the fact that NeXT runs on more than the
     m68k chips in mod_status [Scott Anguish and Timothy Luoma
     <luomat@peak.org>]

  *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
     as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
     <ache@nagual.pp.ru> and Jim] PR#1450

  *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
     In particular the handlers could trigger themselves into an infinite
     loop if RLimitMem was used with a small amount of memory -- too small
     for the signal stack frame to be set up.  [Dean Gaudet]

  *) Fix problems with absoluteURIs introduced during 1.3b4.  [Dean Gaudet,
     Alvaro Martinez Echevarria <alvaro@lander.es>]

  *) Fix multiple UserDir problem introduced during 1.3b4-dev.
     [Dean Gaudet] PR#1850

  *) ap_cpystrn() had an off-by-1 error.
     [Charles Fu <ccwf@klab.caltech.edu>] PR#1847

  *) API: As Ken suggested the check_cmd_context() function and related
     defines are non-static now so modules can use 'em.  [Martin Kraemer]

  *) mod_info would occasionally produce an unpaired <tt> in its
     output. Fixed. [Martin Kraemer]

  *) By default AIX binds a process (and it's children) to a single
     processor.  httpd children now unbind themselves from that cpu
     and re-bind to one selected at random via bindprocessor()
     [Doug MacEachern]

  *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
     effect.  Work around it by using RLIMIT_AS for the RLimitMEM
     directive.  [Enrik Berkhan <enrik@inka.de>] PR#1816

  *) mod_mime_magic error message should indicate the filename when
     reads fail.  ["M.D.Parker" <mdpc@netcom.com>] PR#1827

  *) Previously Apache would permit </Files> to end <FilesMatch> (and
     similary for Location and Directory), now this is diagnosed as an
     error.  Improve error messages for mismatched sections (<Files>,
     <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
     [Dean Gaudet, Martin Kraemer]

  *) <Files> is not permitted within <Location> (because of the
     semantic ordering).  [Dean Gaudet] PR#379

  *) <Files> with wildcards was broken by the change in wildcard
     semantics (* does not match /).  To fix this, <Files> now
     apply only to the basename of the request filename.  This
     fixes some other inconsistencies in <Files> semantics
     (such as <Files a*b> not working).  [Dean Gaudet] PR#1817

  *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
     backup files are removed on "clean" target [Ralf S. Engelschall]

  *) PORT: Add -lm to LIBS for HPUX.  [Dean Gaudet] PR#1639

  *) Various errors from select() and accept() in child_main() would
     result in an infinite loop.  It seems these two tickle kernel
     or library bugs occasionally, and result in log spammage and
     a generally bad scene.  Now the child exits immediately,
     which seems to be a good workaround.
     [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588

  *) Cleaned up some race conditions in unix child_main during
     initialization. [Dean Gaudet]

  *) SECURITY: "UserDir /abspath" without a * in the path would allow
     remote users to access "/~.." and bypass access restrictions
     (but note /~../.. was handled properly).
     [Lauri Jesmin <jesmin@ut.ee>] PR#1701

  *) API: os_is_path_absolute() now takes a const char * instead of a char *.
     [Dean Gaudet]

Changes with Apache 1.3b5

  *) Source file dependencies in Makefile.tmpl files throughout the
     source tree were updated to accurately reflect reality.
     [Dean Gaudet]

  *) Preserve the content encoding given by the AddEncoding directive
     when the client doesn't otherwise specify an encoding.
     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]

  *) Sort out problems with canonical filename handling happening too late.
     [Dean Gaudet, Ben Laurie]

Changes with Apache 1.3b4

  *) The module structure was modified to include a *dynamic_load_handle
     in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
     has been bumped accordingly.  [Paul Sutton]

  *) All BrowserMatch directives mentioned in
     htdocs/manual/known_client_problems.html are in the default
     configuration files.  [Lars Eilebrecht]

  *) MiNT port update. [Jan Paul Schmidt]

  *) HTTP/1.1 requires x-gzip and gzip encodings be treated
     equivalent, similarly for x-compress and compress.  Apache
     now ignores a leading x- when comparing encodings.  It also
     preserves the encoding the client requests (for example if
     it requests x-gzip, then Apache will respond with x-gzip
     in the Content-Encoding header).
     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772

  *) Fix a memory leak on keep-alive connections.  [Igor Tatarinov]

  *) Added mod_so module to support dynamic loading of modules on Unix
     (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
     instead of AddModule in Configuration to build shared modules
     [Sameer Parekh, Paul Sutton]

  *) Minor cleanups to r->finfo handling in some modules.
     [Dean Gaudet]

  *) Abstract read()/write() to ap_read()/ap_write().
     Makes it easier to add other types of IO code such as SFIO.
     [Randy Terbush]

  *) API: Generalize default_port manipulations to make support of
     different protocols easier. [Ben Laurie, Randy Terbush]

  *) There are many cases where users do not want Apache to form
     self-referential urls using the "canonical" ServerName and Port.
     The new UseCanonicalName directive (default on), if set to off
     will cause Apache to use the client-supplied hostname and port.
     API: Part of this change required a change to the construct_url()
     prototype; and the addition of get_server_name() and
     get_server_port().
     [Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
     PR#315, 459, 485, 1433

  *) Yet another rearrangement of the source tree.. now all the common
     header files are in the src/include directory.  The -Imain -Iap
     references in Makefiles have been changed to the simpler -Iinclude
     instead.  In addition to simplifying the build a little bit, this
     also makes it clear when a module is referencing something in a
     other than kosher manner (e.g., the proxy including mod_mime.h).
     Module-private header files (the proxy, mod_mime, the regex library,
     and mod_rewrite) have not been moved to src/include; nor have
     the OS-abstraction files.  [Ken Coar]

  *) Fix a bug where r->hostname didn't have the :port stripped
     from it.  [Dean Gaudet]

  *) Tweaked the headers_out table size, and the subprocess_env
     table size guess in rename_original_environment().  Added
     MAKE_TABLE_PROFILE which can help discover make_table()
     calls that use too small an initial guess, see alloc.c.
     [Dean Gaudet]

  *) Options and AllowOverride weren't properly merging in the main
     server setting inside vhosts (only an issue when you have no
     <Directory> or other section containing an Options that affects
     a request).  Options +foo or -foo in the main_server wouldn't
     affect the main_server's lookup defaults.  [Dean Gaudet]

  *) Variable 'cwd' was being used pointlessly before being set.
     [Ken Coar] PR#1738

  *) r->allowed handling cleaned up in the standard modules.
     [Dean Gaudet]

  *) Some case-sensitivity issues cleaned up to be consistent with
     RFC2068.  [Dean Gaudet]

  *) SIGURG doesn't exist everywhere.
     [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]

  *) mod_unique_id was erroneously generating a second unique id when
     an internal redirect occured.  Such redirects occur, for example,
     when processing a DirectoryIndex match.  [Dean Gaudet]

  *) API: table_add, table_merge, and table_set include implicit pstrdup()
     of the key and value.  But in many cases this is not required
     because the key/value is a constant, or the value has been built
     by pstrcat() or other similar means.  New routines table_addn,
     table_mergen, and table_setn have been added to the API, these
     routines do not pstrdup() their arguments.  The core code and
     standard modules were changed to take advantage of these routines.
     The resulting server is up to 20% faster in some situations.

     Note that it is easy to get code subtly wrong if you pass a key/value
     which is in a pool other than the pool of the table.  The only
     safe thing to do is to pass key/values which are in the pool of
     the table, or in one of the ancestors of the pool of the table.
     i.e. if the table is part of a subrequest, a value from the main
     request's pool is OK since the subrequest pool is a sub_pool of the
     main request's pool (and therefore has a lifespan at most as long as
     the main pool).  There is debugging code which can detect improper
     usage, enabled by defining POOL_DEBUG.  See alloc.c for more details.
     [Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]

  *) More mod_mime_magic cleanup:  fewer syscalls; should handle "files"
     which don't exist on disk more gracefully; handles vhosts properly.
     Update documentation to reflect the code -- if there's no
     MimeMagicFile directive then the module is not enabled.
     [Dean Gaudet]

  *) PORT: Some older *nix dialects cannot automatically start scripts
     which begin with a #! interpreter line (the shell starts the scripts
     appropriately on these platforms). Apache now supports starting of
     "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
     [Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
     taken from tcsh]

  *) API: "typedef array_header table" removed from alloc.h, folks should
     have been writing to use table as if it were an opaque type, but even
     some standard modules got this wrong.  By changing the definition
     to "typedef struct table table" module authors will receive compile
     time warnings that they're doing the wrong thing.  This change
     facilitates future changes with more sophisticated table
     structures.  Specifically, module authors should be using table_elts()
     to get access to an array_header * for the table. [Dean Gaudet]

  *) API: Renamed new_connection() to avoid namespace collision with LDAP
     library routines.  [Ken Coar, Rasmus Lerdorf]

  *) WIN32: mod_speling is now available on the Win32 platform.
     [Marc Slemko]

  *) For clarity the following compile time definition was changed:

        SAFE_UNSERIALIZED_ACCEPT  ->   SINGLE_LISTEN_UNSERIALIZED_ACCEPT

     Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
     and not be a general notice that the OS has mmap(). Now the
     HAVE_MMAP/SHMGET #defines strictly are informational that the
     OS has that method of shared memory; the type to use for
     the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
     and USE_SHMGET_SCOREBOARD). This allows outside modules to
     determine if shared memory is available and allows Apache
     to determine the best method to use for the scoreboard.
     [Jim Jagielski]

  *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
     as do various earlier versions.  It should be safe on all versions.
     Unixware 1.x appears to have the same SIGHUP bug as solaris does with
     the slack code.  A few other cleanups for Unixware.
     [Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553

  *) PORT: A/UX can handle single-listen accepts without mutex
     locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]

  *) When die() happens we need to eat any request body if one exists.
     Otherwise we can't continue with a keepalive session.  This shows up
     as a POST problem with MSIE 4.0, typically against pages which are
     authenticated.  [Roy Fielding] PR#1399

  *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
     header will be passed to CGIs.  This is generally a security hole, so
     it's not a default.  [Marc Slemko] PR#549

  *) Fix Y2K problem with date printing in suexec log.
     [Paul Eggert <eggert@twinsun.com>] PR#1343

  *) WIN32 deserves a pid file.  [Ben Hyde]

  *) suexec errors now include the errno/description.  [Marc Slemko] PR#1543

  *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
     The choice of flock vs. fcntl was made based on timings which showed that
     even on non-NFS, non-exported filesystems fcntl() was an order of
     magnitude slower.  It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
     that single socket users will see no difference. [Dean Gaudet] PR#467

  *) "File does not exist" error message was erroneously including the
     errno.  [Marc Slemko]

  *) Improve the warning message generated when a client drops the
     connection (hits stop button, etc.) during a send.  [Roy Fielding]

  *) Defining GPROF will disable profiling in the parent and enable it
     in the children.  If you're profiling under Linux this is pretty much
     necessary because SIGPROF is lost across a fork(). [Dean Gaudet]

  *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
     [Brian Havard]

  *) The NeXT cc (which is gcc hacked up) doesn't appear to support some
     gcc functionality.  Work around it.
     [Keith Severson <keith@sssd.navy.mil>] PR#1613

  *) Some linkers complain when .o files contain no functions.
     [Keith Severson <keith@sssd.navy.mil>] PR#1614

  *) Some const declarations in mod_imap.c that were added for debugging
     purposes caused some compilers heartburn without adding any
     significant value, so they've been removed.  [Ken Coar]

  *) The src/main/*.h header files have had #ifndef wrappers added to
     insulate them against duplicate calls if they get included through
     multiple paths (e.g., in .c files as well as other .h files).
     [Ken Coar]

  *) The libap routines now have a header file for their prototypes,
     src/ap/ap.h, to ease their use in non-httpd applications.  [Ken Coar]

  *) mod_autoindex with a plaintext header file would emit the <PRE>
     start-tag before the HTML preamble, rather than after the preamble
     but before the header file contents.  [John Van Essen <jve@gamers.org>]
     PR#1667

  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
     only an issue on systems without a MAXDNAME define or where
     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]

  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
     is used to read various types of files such as htaccess and
     htpasswd files.  [Marc Slemko]

  *) SECURITY: Ensure that the buffer returned by ht_time is always
     properly null terminated.  [Marc Slemko]

  *) The "Connection" header could be sent back with multiple "close"
     tokens.  Not an error, but a waste.
     [Ronald.Tschalaer@psi.ch] PR#1683

  *) mod_rewrite's RewriteLog should behave like mod_log_config, it
     shouldn't force hostname lookups.  [Dean Gaudet] PR#1684

  *) "basic" auth needs a case-insensitive comparison.
     [Ronald.Tschalaer@psi.ch] PR#1666

  *) For maximum portability, the environment passed to CGIs should
     only contain variables whose names match the regex
     /[a-zA-Z][a-zA-Z0-9_]*/.  This is now enforced by stamping
     underscores over any character outside the regex.  This
     affects HTTP_* variables, in a way that should be backward
     compatible for all the standard headers; and affects variables
     set with SetEnv/BrowserMatch and similar directives.
     [Dean Gaudet]

  *) mod_speling returned incorrect HREF's when an ambigous match
     was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
     [robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]

  *) PORT: Apache now compiles & runs on an EBCDIC mainframe
     (the Siemens BS2000/OSD family) in the POSIX subsystem
     [Martin Kraemer]

  *) PORT: Fix problem killing children when terminating.  Allow ^C
     to shut down the server.  [Brian Havard]

  *) pstrdup() is implicit in calls to table_* functions, so there's
     no need to do it before calling.  Clean up a few cases.
     [Marc Slemko, Dean Gaudet]

  *) new -C and -c command line arguments
     usage:
     -C "directive" : process directive before reading config files
     -c "directive" : process directive after reading config files
     example:
     httpd -C "PerlModule Apache::httpd_conf"
     [Doug MacEachern, Martin Kraemer]

  *) WIN32: Fix the execution of CGIs that are scripts and called 
     with path info that does not have an '=' in.
     (eg. http://server/cgi-bin/printenv?foobar)  
     [Marc Slemko] PR#1591

  *) WIN32: Fix a call to os_canonical_filename so it doesn't try to 
     mess with fake filenames.  This fixes proxy caching on 
     win32. PR#1265

  *) SECURITY: General mod_include cleanup, including fixing several
     possible buffer overflows and a possible infinite loop.
     [Dean Gaudet, Marc Slemko]

  *) SECURITY: Numerous changes to mod_imap in a general cleanup
     including fixing a possible buffer overflow.  [Dean Gaudet]

  *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
     (connections are not dropped). Code can handle graceful restarts
     (but there is as yet no way to signal this to Apache). Various
     other cleanups. [Paul Sutton]

  *) The aplog_error changes specific to 1.3 introduced a buffer
     overrun in the (now legacy) log_printf function.  Fixed.
     [Dean Gaudet]

  *) mod_digest didn't properly deal with proxy authentication.  It
     also lacked a case-insensitive comparision of the "Digest"
     token.  [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599

  *) A few cleanups in mod_status for efficiency.  [Dean Gaudet]