« back to all changes in this revision
Viewing changes to CHANGES
- browse files at revision 70
- compare with another revision
- download diff
- download tarball
- view history from revision 70
- Committer: Package Import Robot
- Author(s): Steve Beattie
- Date: 2011-09-06 01:17:15 UTC
- mfrom: (14.3.28 sid)
- Revision ID: package-import@ubuntu.com-20110906011715-tca9jwg0gxy0gxt0
Tags: 2.2.20-1ubuntu1
* Merge from debian unstable to fix CVE-2011-3192 (LP: #837991).
Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
- debian/control: Add bzr tag and point it to our tree
- debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
- debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
Plymouth aware passphrase dialog program ask-for-passphrase.
Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
- debian/control: Add bzr tag and point it to our tree
- debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
- debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
Plymouth aware passphrase dialog program ask-for-passphrase.
- files added:
- debian/patches/083_range_regressions.dpatch
- files removed:
- debian/patches/069_no_deflate_for_HEAD.dpatch
- files modified:
- CHANGES
added
removed
CHANGES
1
1
-*- coding: utf-8 -*-
2
Changes with Apache 2.2.20
3
4
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
5
core: Fix handling of byte-range requests to use less memory, to avoid
6
denial of service. If the sum of all ranges in a request is larger than
7
the original file, ignore the ranges and send the complete file.
8
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
9
10
*) mod_authnz_ldap: If the LDAP server returns constraint violation,
11
don't treat this as an error but as "auth denied". [Stefan Fritsch]
12
13
*) mod_filter: Fix FilterProvider conditions of type "resp=" (response
14
headers) for CGI. [Joe Orton, Rainer Jung]
15
16
*) mod_reqtimeout: Fix a timed out connection going into the keep-alive
17
state after a timeout when discarding a request body. PR 51103.
18
[Stefan Fritsch]
19
20
*) core: Do the hook sorting earlier so that the hooks are properly sorted
21
for the pre_config hook and during parsing the config. [Stefan Fritsch]
22
2
23
Changes with Apache 2.2.19
3
24
4
25
*) Revert ABI breakage in 2.2.18 caused by the function signature change
5
26
of ap_unescape_url_keep2f(). This release restores the signature from
6
27
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
7
[Eric Covener]
28
[Eric Covener]
8
29
9
30
Changes with Apache 2.2.18
10
31
11
32
*) Log an error for failures to read a chunk-size, and return 408 instead
12
413 when this is due to a read timeout. This change also fixes some cases
13
of two error documents being sent in the response for the same scenario.
33
413 when this is due to a read timeout. This change also fixes some cases
34
of two error documents being sent in the response for the same scenario.
14
35
[Eric Covener] PR49167
15
36
16
37
*) core: Only log a 408 if it is no keepalive timeout. PR 39785
39
60
*) configure: Fix htpasswd/htdbm libcrypt link errors with some newer
40
61
linkers. [Stefan Fritsch]
41
62
42
*) MinGW build improvements. PR 49535. [John Vandenberg
63
*) MinGW build improvements. PR 49535. [John Vandenberg
43
64
<jayvdb gmail.com>, Jeff Trawick]
44
65
45
66
*) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
61
82
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
62
83
63
84
*) prefork: Update MPM state in children during a graceful restart.
64
Allow the HTTP connection handling loop to terminate early
85
Allow the HTTP connection handling loop to terminate early
65
86
during a graceful restart. PR 41743.
66
87
[Andrew Punch <andrew.punch 247realmedia.com>]
67
88
172
193
across multiple vhosts. PR 39915. [Joe Orton]
173
194
174
195
*) mod_proxy_http: Log the port of the remote server in various messages.
175
PR 48812. [Igor Galić <i galic brainsware org>]
196
PR 48812. [Igor Galić <i galic brainsware org>]
176
197
177
198
*) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
178
199
[Philip M. Gollucci]
274
295
PR 45875. [Joe Orton, Peter Sylvester <peter.sylvester edelweb.fr>]
275
296
276
297
*) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
277
password now result in an informational level log entry instead of
298
password now result in an informational level log entry instead of
278
299
warning level. [Eric Covener]
279
300
280
301
*) core: Preserve Port information over internal redirects
394
415
Changes with Apache 2.2.12
395
416
396
417
*) SECURITY: CVE-2009-1891 (cve.mitre.org)
397
Fix a potential Denial-of-Service attack against mod_deflate or other
398
modules, by forcing the server to consume CPU time in compressing a
418
Fix a potential Denial-of-Service attack against mod_deflate or other
419
modules, by forcing the server to consume CPU time in compressing a
399
420
large file after a client disconnects. PR 39605.
400
421
[Joe Orton, Ruediger Pluem]
401
422
402
423
*) SECURITY: CVE-2009-1195 (cve.mitre.org)
403
Prevent the "Includes" Option from being enabled in an .htaccess
424
Prevent the "Includes" Option from being enabled in an .htaccess
404
425
file if the AllowOverride restrictions do not permit it.
405
426
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
406
427
Ruediger Pluem, Jeff Trawick]
407
428
408
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
429
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
409
430
Fix a potential Denial-of-Service attack against mod_proxy in a
410
431
reverse proxy configuration, where a remote attacker can force a
411
432
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
507
528
508
529
*) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
509
530
way that per-directory rewrites append the previous notion of PATH_INFO
510
to each substitution before evaluating subsequent rules.
531
to each substitution before evaluating subsequent rules.
511
532
PR38642 [Eric Covener]
512
533
513
534
*) mod_authnz_ldap: Reduce number of initialization debug messages and make
534
555
PR 41120 [Nick Kew]
535
556
536
557
*) mod_include: support generating non-ASCII characters as entities in SSI
537
PR 25202 [Nick Kew]
558
PR 25202 [Nick Kew]
538
559
539
560
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII
540
561
chars [Nick Kew]
566
587
Changes with Apache 2.2.11
567
588
568
589
*) core: When the ap_http_header_filter processes an error bucket, cleanup
569
the passed brigade before returning AP_FILTER_ERROR down the filter
590
the passed brigade before returning AP_FILTER_ERROR down the filter
570
591
chain. This unambiguously ensures the same error bucket isn't revisited
571
592
[Ruediger Pluem]
572
593
629
650
them and thus preventing an overflow of the worker queue which causes
630
651
a SegFault. PR 45605 [Denis Ustimenko <denusk gmail.com>]
631
652
632
*) Windows: Always build the odbc dbd driver on windows, to be consistent
653
*) Windows: Always build the odbc dbd driver on windows, to be consistent
633
654
with the apr-util default. [Tom Donovan]
634
655
635
656
Changes with Apache 2.2.10
891
912
*) mod_proxy_ftp: Fix base for directory listings.
892
913
PR 27834 [Nick Kew]
893
914
894
*) mod_logio: Provide optional function to allow modules to adjust the
915
*) mod_logio: Provide optional function to allow modules to adjust the
895
916
bytes_in count [Eric Covener]
896
917
897
918
*) http_filters: Don't return 100-continue on client error
1066
1087
PR 43786 [Eric Covener]
1067
1088
1068
1089
*) mod_ldap: Stop passing a reference to pconf around for
1069
(limited) use during request processing, avoiding possible
1090
(limited) use during request processing, avoiding possible
1070
1091
memory corruption and crashes. [Eric Covener]
1071
1092
1072
1093
*) Event MPM: Add support for running under mod_ssl, by reverting to the
1085
1106
*) mod_rewrite: Add option to suppress URL unescaping
1086
1107
PR 34602 [Guenther Gsenger <guenther.gsenger gmail.com>]
1087
1108
1088
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
1109
*) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean
1089
1110
shutdown of the server when the MaxClients is higher then 257,
1090
1111
in a more responsive manner [Mladen Turk, William Rowe]
1091
1112
1158
1179
[Davi Arnaut, Nick Kew]
1159
1180
1160
1181
*) SECURITY: CVE-2007-1863 (cve.mitre.org)
1161
mod_cache: Prevent a segmentation fault if attributes are listed in a
1162
Cache-Control header without any value.
1182
mod_cache: Prevent a segmentation fault if attributes are listed in a
1183
Cache-Control header without any value.
1163
1184
[Niklas Edmundsson <nikke acc.umu.se>]
1164
1185
1165
1186
*) SECURITY: CVE-2007-3304 (cve.mitre.org)
1166
1187
prefork, worker, event MPMs: Ensure that the parent process cannot
1167
be forced to kill processes outside its process group.
1188
be forced to kill processes outside its process group.
1168
1189
[Joe Orton, Jim Jagielski]
1169
1190
1170
1191
*) SECURITY: CVE-2006-5752 (cve.mitre.org)
1218
1239
responding. PR 41644 [Stuart Children <stuart terminus.co.uk>]
1219
1240
1220
1241
*) mod_authnz_ldap: Don't return HTTP_UNAUTHORIZED during authorization when
1221
LDAP authentication is configured but we haven't seen any
1222
'Require ldap-*' directives, allowing authorization to be passed to lower
1223
level modules (e.g. Require valid-user)
1242
LDAP authentication is configured but we haven't seen any
1243
'Require ldap-*' directives, allowing authorization to be passed to lower
1244
level modules (e.g. Require valid-user)
1224
1245
PR 43281 [Eric Covener]
1225
1246
1226
1247
*) mod_proxy: don't URLencode tilde in path component
1241
1262
garbled log output. [Martin Kraemer]
1242
1263
1243
1264
*) mod_autoindex: Add in Type and Charset options to IndexOptions
1244
directive. This allows the admin to explicitly set the
1265
directive. This allows the admin to explicitly set the
1245
1266
content-type and charset of the generated page and is therefore
1246
1267
a viable workaround for buggy browsers affected by CVE-2007-4465
1247
1268
(cve.mitre.org). [Jim Jagielski]
1297
1318
or apr_pool_create() (when apr-based error reporting is not ready).
1298
1319
[William Rowe, Jeff Trawick]
1299
1320
1300
*) log core: fix the new piped logger case where we couldn't connect
1301
the replacement stderr logger's stderr to the NULL stdout stream.
1302
Continue in this case, since the previous alternative of no error
1321
*) log core: fix the new piped logger case where we couldn't connect
1322
the replacement stderr logger's stderr to the NULL stdout stream.
1323
Continue in this case, since the previous alternative of no error
1303
1324
logging at all (/dev/null) is far worse. [William Rowe]
1304
1325
1305
1326
*) mpm_winnt: Prevent the parent-child pipe from leaking into other
1401
1422
[Takashi Sato <serai lans-tv.com>]
1402
1423
1403
1424
*) mod_ldap: Remove the hardcoded size limit parameter for
1404
ldap_search_ext_s and replace it with an APR_ defined value that
1425
ldap_search_ext_s and replace it with an APR_ defined value that
1405
1426
is set according to the LDAP SDK being used, resolving a problem
1406
1427
with SDKs that define LDAP_NO_LIMIT to something other than -1.
1407
1428
[David Jones <oscaremma gmail com>]
1408
1429
1409
*) core: Correct a regression since 2.0.x in the handling of AllowOverride
1430
*) core: Correct a regression since 2.0.x in the handling of AllowOverride
1410
1431
Options. PR 41829. [Torsten Förtsch <torsten.foertsch gmx.net>]
1411
1432
1412
1433
*) mod_proxy_http: Handle request bodies larger than 2 GB by converting
1456
1477
*) mod_dbd: share per-request database handles across subrequests
1457
1478
and internal redirects [Chris Darroch]
1458
1479
1459
*) mod_dbd: key connection pools to virtual hosts correctly even when
1480
*) mod_dbd: key connection pools to virtual hosts correctly even when
1460
1481
ServerName is unset/unavailable [Graham Leggett]
1461
1482
1462
1483
*) Better detection and clean up of ldap connection that has been
1508
1529
[Brian <brectanu gmail.com>]
1509
1530
1510
1531
*) mod_proxy: Don't try to use dead backend connection. PR 37770.
1511
[Olivier BOEL <ob dorrboel.com>]
1532
[Olivier BOEL <ob dorrboel.com>]
1512
1533
1513
1534
*) mod_proxy_balancer: Extract stickysession routing information contained
1514
1535
as parameter in the URL correctly. PR 40400.
1516
1537
1517
1538
*) mod_proxy_ajp: Added cping/cpong support for the AJP protocol.
1518
1539
A new worker directive ping=timeout will cause CPING packet
1519
to be send expecting CPONG packet within defined timeout.
1540
to be send expecting CPONG packet within defined timeout.
1520
1541
In case the backend is too busy this will fail instead
1521
1542
sending the full header. [Mladen Turk]
1522
1543
1634
1655
each worker thread to wake them up if they're polling on a
1635
1656
Keep-Alive connection. PR 38737. [Chris Darroch]
1636
1657
1637
*) worker and event MPMs: fix excessive forking if fork() or child_init
1658
*) worker and event MPMs: fix excessive forking if fork() or child_init
1638
1659
take a long time. PR 39275.
1639
1660
[Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ]
1640
1661
1697
1718
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
1698
1719
mod_ssl: Fix a possible crash during access control checks if a
1699
1720
non-SSL request is processed for an SSL vhost (such as the
1700
"HTTP request received on SSL port" error message when an 400
1721
"HTTP request received on SSL port" error message when an 400
1701
1722
ErrorDocument is configured, or if using "SSLEngine optional").
1702
1723
PR 37791. [Rüdiger Plüm, Joe Orton]
1703
1724
1721
1742
connection: keep-alive and do not close backend connection if the client
1722
1743
sent connection: close. PR 38524. [Ruediger Pluem, Joe Orton]
1723
1744
1724
*) mod_disk_cache: Return the correct error codes from bucket read
1745
*) mod_disk_cache: Return the correct error codes from bucket read
1725
1746
failures, instead of APR_EGENERAL.
1726
1747
[Brian Akins <brian.akins turner.com>]
1727
1748
1728
1749
*) Add APR/APR-Util Compiled and Runtime Version numbers to the
1729
1750
output of 'httpd -V'. [William Rowe]
1730
1751
1731
*) http: If a connection is aborted while waiting for a chunked line,
1752
*) http: If a connection is aborted while waiting for a chunked line,
1732
1753
flag the connection as errored out. [Justin Erenkrantz]
1733
1754
1734
1755
*) core: Reject invalid Expect header immediately. PR 38123.
1763
1784
client. [Ruediger Pluem]
1764
1785
1765
1786
*) Ensure that the proper status line is written to the client, fixing
1766
incorrect status lines caused by filters which modify r->status without
1787
incorrect status lines caused by filters which modify r->status without
1767
1788
resetting r->status_line, such as the built-in byterange filter.
1768
1789
[Jeff Trawick]
1769
1790
1778
1799
when srclib/apr[-util] are symlinks rather than directories proper.
1779
1800
[William Rowe]
1780
1801
1781
*) Avoid Server-driven negotiation when a script has emitted an
1802
*) Avoid Server-driven negotiation when a script has emitted an
1782
1803
explicit Status: header. PR 38070. [Nick Kew]
1783
1804
1784
1805
*) Fix to avoid feeding C99 to C++ compilers. [Joe Orton]
1789
1810
*) Fix syntax error in httpd.h with strict compilers. PR 37840.
1790
1811
[Per Olausson <pao darkheim.freeserve.co.uk>]
1791
1812
1792
*) Fix recursive ErrorDocument handling. PR 36090.
1813
*) Fix recursive ErrorDocument handling. PR 36090.
1793
1814
[Chris Darroch <chrisd pearsoncmg.com>]
1794
1815
1795
1816
*) Don't hang on error return from post_read_request. PR 37790.
1819
1840
match for scheme and host, but case sensitive for the rest of
1820
1841
the path. [Jim Jagielski, Ruediger Pluem]
1821
1842
1822
*) Require use of APR >= 1.2.0 and APR-util >= 1.2.0 when configured
1823
to use external copies of the libraries. [Joe Orton]
1843
*) Require use of APR >= 1.2.0 and APR-util >= 1.2.0 when configured
1844
to use external copies of the libraries. [Joe Orton]
1824
1845
1825
1846
*) Fix DESTDIR=... installation when using bundled copy of APR.
1826
1847
[Torsten Foertsch <torsten.foertsch gmx.net>]
1871
1892
1872
1893
*) Fix use of pools in mod_dbd. [Brian J France, Nick Kew]
1873
1894
1874
*) Promote modules from "experimental": mod_dbd, mod_filter,
1895
*) Promote modules from "experimental": mod_dbd, mod_filter,
1875
1896
mod_charset_lite. [Nick Kew]
1876
1897
1877
1898
*) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
1902
1923
*) Doxygen fixups. [Neale Ranns <neale ranns.org>, Ian Holsman]
1903
1924
1904
1925
*) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing
1905
mod_dir from serving indexes correctly with mod_cache enabled.
1926
mod_dir from serving indexes correctly with mod_cache enabled.
1906
1927
[Colm MacCarthaigh]
1907
1928
1908
1929
Changes with Apache 2.1.8
1910
1931
*) Fix lingering close implementation to match 1.3.x behaviour.
1911
1932
PR 35292. [Joe Orton]
1912
1933
1913
*) mod_ssl: Support limited buffering of request bodies to allow
1934
*) mod_ssl: Support limited buffering of request bodies to allow
1914
1935
per-location renegotiation to proceed. PR 12355. [Joe Orton]
1915
1936
1916
*) Fix regression since 2.0.x in AllowOverride Options handling.
1937
*) Fix regression since 2.0.x in AllowOverride Options handling.
1917
1938
PR 35330. [kabe <kabe sra-tohoku.co.jp>]
1918
1939
1919
1940
*) mod_ssl: Fix memory leak in ssl_util_algotypeof().
1920
1941
PR 25659. [David Blake <dblake hp com>, Martin Kraemer]
1921
1942
1922
1943
*) prefork, worker and event MPMs: Support a graceful-stop procedure:
1923
Server will wait until existing requests are finished or until
1924
"GracefulShutdownTimeout" number of seconds before exiting.
1944
Server will wait until existing requests are finished or until
1945
"GracefulShutdownTimeout" number of seconds before exiting.
1925
1946
[Colm MacCarthaigh, Ken Coar, Bill Stoddard]
1926
1947
1927
*) prefork, worker and event MPMs: Prevent children from holding open
1928
listening ports upon graceful restart or stop. PR 28167.
1948
*) prefork, worker and event MPMs: Prevent children from holding open
1949
listening ports upon graceful restart or stop. PR 28167.
1929
1950
[Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
1930
1951
1931
1952
*) SECURITY: CVE-2005-2700 (cve.mitre.org)
1953
1974
*) mod_cgid: Append .PID to the script socket filename and remove the
1954
1975
script socket on exit. [Colm MacCarthaigh, Jim Jagielski]
1955
1976
1956
*) mod_cgid: run the get_suexec_identity hook within the request-handler
1977
*) mod_cgid: run the get_suexec_identity hook within the request-handler
1957
1978
instead of within cgid. PR 36410. [Colm MacCarthaigh]
1958
1979
1959
1980
*) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
1961
1982
1962
1983
Changes with Apache 2.1.7
1963
1984
1964
*) SECURITY: CVE-2005-2491 (cve.mitre.org):
1985
*) SECURITY: CVE-2005-2491 (cve.mitre.org):
1965
1986
Fix integer overflows in PCRE in quantifier parsing which could
1966
be triggered by a local user through use of a carefully-crafted
1987
be triggered by a local user through use of a carefully-crafted
1967
1988
regex in an .htaccess file. [Philip Hazel]
1968
1989
1969
1990
*) mod_proxy/mod_proxy_balancer: Provide a simple, functional
2004
2025
*) mod_negotiation: Correctly report 404 instead of 403 for missing files.
2005
2026
[Paul Querna]
2006
2027
2007
*) new hook (request_status) that gets ran in proxy_handler just before
2008
the final return. This gives modules an opportunity to do something
2028
*) new hook (request_status) that gets ran in proxy_handler just before
2029
the final return. This gives modules an opportunity to do something
2009
2030
based on the proxy status. (minor MMN bump)
2010
2031
[Brian Akins <bakins turner.com>, Ian Holsman]
2011
2032
2022
2043
*) Fixed complaints about unpackaged files within the RPM build
2023
2044
after changes to the config files. [Graham Leggett]
2024
2045
2025
*) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of
2026
just closing the socket, a HTTP request is made, to make sure the child is
2046
*) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of
2047
just closing the socket, a HTTP request is made, to make sure the child is
2027
2048
always awakened. [Paul Querna]
2028
2049
2029
2050
Changes with Apache 2.1.6
2036
2057
2037
2058
Changes with Apache 2.1.5
2038
2059
2039
*) mod_ssl: Setting the Protocol to 'https' can replace the use of the
2060
*) mod_ssl: Setting the Protocol to 'https' can replace the use of the
2040
2061
'SSLEngine on' command. [Paul Querna]
2041
2062
2042
*) core: Refactor the mapping of Accept Filters to Sockets. Add the
2063
*) core: Refactor the mapping of Accept Filters to Sockets. Add the
2043
2064
AcceptFilter and Protocol directives to aid in mapping filter types.
2044
2065
Extend the Listen directive to optionally take a protocol name.
2045
2066
[Paul Querna]
2049
2070
2050
2071
*) mod_disk_cache: Atomically create the header data file. [Paul Querna]
2051
2072
2052
*) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
2073
*) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
2053
2074
[Paul Querna]
2054
2075
2055
*) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'.
2076
*) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'.
2056
2077
[Paul Querna]
2057
2078
2058
2079
*) mod_mime_magic: Handle CRLF-format magic files so that it works with
2059
2080
the default installation on Windows. [Jeff Trawick]
2060
2081
2061
*) core: Allow multiple modules to register interest in a single
2082
*) core: Allow multiple modules to register interest in a single
2062
2083
configuration command. [Paul Querna]
2063
2084
2064
2085
*) authn_provider_alias: Adds the configuration block tag
2069
2090
the per_dir configuration just before the base provider is called.
2070
2091
[Brad Nicholes]
2071
2092
2072
*) ap_getword_conf: Fix backslashes at the end of configuration directives.
2093
*) ap_getword_conf: Fix backslashes at the end of configuration directives.
2073
2094
PR 34834. [Timo Viipuri <viipuri dlc.fi>]
2074
2095
2075
2096
*) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
2082
2103
2083
2104
*) mod_info: Show the Quick Handler [Paul Querna]
2084
2105
2085
*) mod_ldap: Add the directive LDAPVerifyServerCert to specify
2106
*) mod_ldap: Add the directive LDAPVerifyServerCert to specify
2086
2107
whether to force verification of the server certificate when
2087
establishing an SSL connection to the LDAP server.
2108
establishing an SSL connection to the LDAP server.
2088
2109
[Brad Nicholes]
2089
2110
2090
2111
*) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
2091
2112
hook. [Paul Querna]
2092
2113
2093
*) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump)
2114
*) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump)
2094
2115
[Paul Querna]
2095
2116
2096
2117
*) ap_get_local_host() rewritten for APR. [Jim Jagielski]
2102
2123
*) Remove the never working ap_method_list_do and ap_method_list_vdo.
2103
2124
[Paul Querna]
2104
2125
2105
*) Added makefile and doc for building mod_ssl on the NetWare
2126
*) Added makefile and doc for building mod_ssl on the NetWare
2106
2127
platform. [Guenter Knauf, Brad Nicholes]
2107
2128
2108
2129
*) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
2109
applications that send the Vary Header themselves, and also apply
2130
applications that send the Vary Header themselves, and also apply
2110
2131
mod_deflate as an output filter. [Paul Querna]
2111
2132
2112
2133
*) Change the default (when not present in the config file) setting
2126
2147
[Joshua Slive, Justin Erenkrantz]
2127
2148
2128
2149
*) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap,
2129
mod_userdir and mod_autoindex as shared modules rather than
2150
mod_userdir and mod_autoindex as shared modules rather than
2130
2151
built-in modules within the NetWare build.
2131
2152
[Brad Nicholes]
2132
2153
2152
2173
end of the request body to work with really old HTTP servers.
2153
2174
[Justin Erenkrantz]
2154
2175
2155
*) util_ldap: Keep track of the number of attributes retrieved from
2156
LDAP so that all the values can be properly cached even if the
2176
*) util_ldap: Keep track of the number of attributes retrieved from
2177
LDAP so that all the values can be properly cached even if the
2157
2178
value is NULL. PR 33901 [Brad Nicholes]
2158
2179
2159
2180
*) mod_cache: Fix error where incoming Cache-Control would be ignored.
2241
2262
2242
2263
*) mod_ssl: Add SSLCADNRequestFile and SSLCADNRequestPath directives
2243
2264
which can be used to configure a specific list of CA names to send
2244
in a client certificate request. PR 32848.
2265
in a client certificate request. PR 32848.
2245
2266
[Tim Taylor <tim.taylor dfas.mil>]
2246
2267
2247
2268
*) --with-module can now take more than one module to be statically
2299
2320
a Location header to generate a non-local redirect. PR 20111.
2300
2321
[Joe Orton]
2301
2322
2302
*) Added the Event MPM to more efficiently handle clients during a
2323
*) Added the Event MPM to more efficiently handle clients during a
2303
2324
Keep Alive request.
2304
2325
[Paul Querna, Greg Ames]
2305
2326
2327
2348
*) mod_usertrack: Run the fixups hook before other modules.
2328
2349
PR 29755. [Paul Querna]
2329
2350
2330
*) Allow mod_authnz_ldap authorization functionality to be used
2331
without requiring the user to also be authenticated through
2332
mod_authnz_ldap. This allows other authentication modules to
2351
*) Allow mod_authnz_ldap authorization functionality to be used
2352
without requiring the user to also be authenticated through
2353
mod_authnz_ldap. This allows other authentication modules to
2333
2354
take advantage of LDAP authorization only [PR 28253]
2334
2355
[Jari Ahonen jah progress.com, Brad Nicholes]
2335
2356
2336
2357
*) Log the client IP address when an error occurs disabling nagle on a
2337
connection, but log at a severity of debug since this error
2358
connection, but log at a severity of debug since this error
2338
2359
generally means that the connection was dropped before data was
2339
2360
sent. Log the client IP address when reporting errors in the core
2340
2361
output filter. [Jeff Trawick]
2345
2366
*) mod_rewrite: Removed the MaxRedirects option in favor of the
2346
2367
core LimitInternalRecursion directive. [André Malo]
2347
2368
2348
*) mod_info: Added listing of the Request Hooks and added more build
2349
information like 'httpd -V' contains. Changed output to XHTML.
2369
*) mod_info: Added listing of the Request Hooks and added more build
2370
information like 'httpd -V' contains. Changed output to XHTML.
2350
2371
[Paul Querna]
2351
2372
2352
2373
*) mod_info: Rewrote config tree walk using a recursive function.
2369
2390
The module is now called authnz_ldap and has been moved out of
2370
2391
the modules/experimental area and into modules/aaa with the other
2371
2392
auth modules. Both the authn_ldap provider and the authz_ldap
2372
handler are contained within the authnz_ldap module. The
2393
handler are contained within the authnz_ldap module. The
2373
2394
authz_ldap handler introduces 3 new "requires" values for handling
2374
authorization. These handlers are ldap-user, ldap-group and
2395
authorization. These handlers are ldap-user, ldap-group and
2375
2396
ldap-dn. [Brad Nicholes]
2376
2397
2377
2398
*) Fix some compiler warnings in proxy
2385
2406
2386
2407
*) Improve error handling for corrupted pid files. [Jeff Trawick]
2387
2408
2388
*) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD
2409
*) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD
2389
2410
(for backwards compatibility):
2390
2411
Avoids mod_ssl.h (not included in 2.0-HEAD) and
2391
use apr_socket_create_ex for 0.9.x
2412
use apr_socket_create_ex for 0.9.x
2392
2413
[Mladen Turk]
2393
2414
2394
2415
*) Added proxy_ajp.c module for proxy support to ajp:// backends.
2409
2430
*) Add load balancer support to the scoreboard in preparation for
2410
2431
load balancing support in mod_proxy. [Mladen Turk]
2411
2432
2412
*) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to
2433
*) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to
2413
2434
allow a non-secure connection to be upgraded to secure connections
2414
2435
[Brad Nicholes]
2415
2436
2416
2437
*) core: Add Options= syntax to AllowOverride to specify which options
2417
2438
may be overridden in .htaccess files. PR 29310.
2418
2439
[Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna]
2421
2442
PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]
2422
2443
2423
2444
*) mod_so, core: Add new command line options to print all loaded
2424
modules. '-t -D DUMP_MODULES' and '-M' will show all static
2445
modules. '-t -D DUMP_MODULES' and '-M' will show all static
2425
2446
and shared modules as loaded from the configuration file.
2426
2447
[Paul Querna]
2427
2448
2428
2449
*) mod_autoindex: Add ShowForbidden to IndexOptions to list files
2429
that are not shown because the subrequest returned 401 or 403.
2450
that are not shown because the subrequest returned 401 or 403.
2430
2451
PR 10575. [Paul Querna]
2431
2452
2432
2453
*) mod_headers: implement "Early" processing option in post_read_request
2445
2466
('always'), which keeps the former ErrorHeader functionality.
2446
2467
[André Malo]
2447
2468
2448
*) mod_deflate: Don't deflate responses with zero length
2469
*) mod_deflate: Don't deflate responses with zero length
2449
2470
e.g. proxied 304's [Allan Edwards]
2450
2471
2451
2472
*) <IfModule> now recognizes the module identifier in addition to the
2509
2530
"ProxyErrorOverride On" is configured. PR 20183.
2510
2531
[Marcus Janson <marcus.janson tre.se>, Joe Orton]
2511
2532
2512
*) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
2513
directive (previously NetWare-only) to override default thread
2514
stack size for threads which handle client connections. Required
2515
for some third-party modules on platforms with small default
2533
*) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
2534
directive (previously NetWare-only) to override default thread
2535
stack size for threads which handle client connections. Required
2536
for some third-party modules on platforms with small default
2516
2537
thread stack size. [Jeff Trawick]
2517
2538
2518
2539
*) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
2525
2546
the Apache License, Version 2.0 (http://www.apache.org/licenses).
2526
2547
[Apache Software Foundation]
2527
2548
2528
*) Delete some make-generated files in the server directory during
2549
*) Delete some make-generated files in the server directory during
2529
2550
"make clean" processing. PR 26552. [Jeff Trawick]
2530
2551
2531
2552
*) Add core version query function (ap_get_server_revision) and
2567
2588
header fields can be set for return even on errors or external
2568
2589
redirects. [Ken Coar]
2569
2590
2570
*) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
2571
in the initial container. PR 25414.
2591
*) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
2592
in the initial container. PR 25414.
2572
2593
[Geoffrey Young <geoff apache.org>]
2573
2594
2574
2595
*) Clean up httpd -V output: Instead of displaying the MPM source
2584
2605
*) mod_logio: Account for some bytes handed to the network layer prior to
2585
2606
dropped connections. [Jeff Trawick]
2586
2607
2587
*) mod_autoindex: new directive IndexStyleSheet
2608
*) mod_autoindex: new directive IndexStyleSheet
2588
2609
[Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
2589
2610
2590
2611
*) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
2591
2612
[Chris Knight <Christopher.D.Knight nasa.gov>]
2592
2613
2593
*) Log an error when requests for URIs which fail to map to a valid
2614
*) Log an error when requests for URIs which fail to map to a valid
2594
2615
filesystem name are rejected with 403. [Jeff Trawick]
2595
2616
2596
2617
*) Switch to APR 1.0 API.
2641
2662
*) mod_ext_filter: Add the ability to filter request bodies.
2642
2663
[Philipp Reisner <philipp.reisner linbit.com>]
2643
2664
2644
*) Fix some broken log messages in WinNT MPM.
2665
*) Fix some broken log messages in WinNT MPM.
2645
2666
[Juan Rivera <Juan.Rivera citrix.com>]
2646
2667
2647
*) prefork MPM: Use the right permissions for the directory created
2668
*) prefork MPM: Use the right permissions for the directory created
2648
2669
for gprof support. [Jim Carlson <jcarlson jnous.com>]
2649
2670
2650
2671
*) Fix a compile failure with recent OpenSSL and picky compilers
2657
2678
*) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
2658
2679
2659
2680
*) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using
2660
autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
2681
autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).
2661
2682
[Geoff Thorpe <geoff geoffthorpe.net>]
2662
2683
2663
2684
*) change directive name from 'compressionlevel' to 'deflatecompressionlevel'
2721
2742
*) Allow 'make depend' to work with non-GCC compilers.
2722
2743
[Justin Erenkrantz]
2723
2744
2724
*) If an httpd.conf has commented out AddModule directives,
2725
apxs -i -a will add an un-commented AddModule directive for
2745
*) If an httpd.conf has commented out AddModule directives,
2746
apxs -i -a will add an un-commented AddModule directive for
2726
2747
the new module, which breaks the config.
2727
2748
PR: 11212 [Joe Orton]
2728
2749
Loggerhead is a web-based interface for Breezy
Version: 2.0.1