-Changes with Apache 2.0.23-dev
+Changes with Apache 2.0.26-dev
+
+ *) Fix a seg fault in mod_include. When we are generating an
+ internal redirect, we must set r->uri to "", not a bogus
+ string, and not NULL. [Ryan Bloom]
+
+ *) Optimized location_walk, so subrequests, redirects and second passes
+ now reuse previous section merges on a <Location > by <Location >
+ basis, until we mismatch with the original location_walk.
+ [William Rowe]
+
+ *) Back out the 1.45 change to util_script.c. This change made
+ us set the environment variable REQUEST_URI to the redirected
+ URI, instead of the originally requested URI.
+ [Taketo Kabe <kabe@sra-tohoku.co.jp>]
+
+ *) Make mod_include do lazy evaluation of potentially expensive to
+ compute variables. [Brian Pane <bpane@pacbell.net>]
+
+ *) Fix logging of bytes sent for HEAD requests. %b and %B should
+ log either - or 0, before this patch, they were both logging
+ the file size. [Taketo Kabe <kabe@sra-tohoku.co.jp>]
+
+ *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather
+ than per character. [Brian Pane <bpane@pacbell.net>]
+
+ *) Normalize the primary request, redirects and sub-requests to
+ run the same ap_process_request_internal for consistency in
+ robustness, behavior and security. [William Rowe]
+
+ *) Fix a segfault with mod_include when r->path_info is not set
+ (which is the case with mod_proxy). [Ian Holsman <ianh@cnet.com>]
+
+ *) Add -X functionality back. This indicates to all MPMs and any other
+ part of Apache that it should run in "debug" mode. [Justin Erenkrantz]
+
+ *) Some initial support for the cygwin platform [prefork only].
+ This is not to be confused with support for the WinNT/Win32
+ platform, which is the recommended configuration for native
+ Win32 users. The cygwin platform support is recommended for
+ cygwin platform users. [Stipe Tolj <tolj@wapme-systems.de>]
+
+ *) Changed syntax of Set{Input|Output}Filter. The list of filters
+ must be semicolon delimited (if more than one filter is given.)
+ The Set{Input|Output}Filter directive now overrides a parent
+ container's directive (e.g. SetInputFilter in <Directory /web/foo>
+ will override any SetInputFilter directive in <Directory /web>.)
+ This new syntax is more consistent with Add{Input|Output}Filter
+ directives defined in mod_mime. Also cures a bug in prior releases
+ where the Set{Input|Output}Filter directive would corrupt the
+ global configuration if the multiple directives were nested.
+ [William Rowe]
+
+ *) Cured what's ailed mime for quite some time. If an AddSomething
+ was given in the configuration (Language, Charset, Handler or
+ Encoding) Apache would set the content type as given by AddType,
+ but refused to check the mime.types file if AddType wasn't given
+ for that specific extension. Setting the AddHandler for .html
+ without setting the AddType text/html html would cause Apache to
+ use the default content type. [William Rowe]
+
+ *) Added some bulletproofing to memory allocation in the LDAP cache
+ code. [Graham Leggett]
+
+Changes with Apache 2.0.25
+
+ *) Move the installed /manual directory out of the /htdocs/ tree, so
+ that it can be kept more independently from the remaining document
+ root. The "Alias /manual ..." already allowed for easy projection
+ into existing private document trees. [Martin Kraemer]
+
+ *) Add specified user attributes to the environment when using
+ mod_auth_ldap. This allows you to use mod_include to embed specified
+ user attributes in a page like so:
+ Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
+ [Graham Leggett]
+
+ *) Fix a performance problem with the worker MPM. We now create
+ transaction pools once, and re-use them for each connection.
+ [Aaron Bannert <aaron@clove.org>]
+
+ *) Modfied mod_mime to prevent mod_negotation from serving a multiview
+ of a 'handler' or 'filter', so that any filename extension that does
+ not contribute to the negotiated metadata can't be served without
+ an explicit request. E.g., if the .Z extension is associated with
+ an unzip filter, the user request somefile.Z.html, mod_negotiation
+ won't serve it. It can serve somefile.Z.html when somefile.Z is
+ requested, since the .Z extension is explictly requested, if the
+ .html extension is associated with ContentType text/html.
+ [William Rowe]
+
+ *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
+ and corresponding AddOutputFilter syntax, to insert one or more
+ filters by mod_mime filename extension processing.
+ [William Rowe]
+
+ *) Fix a growing connection pool in core_output_filter() for
+ keepalive requests. [Jeff Trawick]
+
+ *) Moved split_and_pass_pretag_buckets back to being a
+ macro at Ryans's request. Removed the return from it
+ by setting and returning a return code instead. Updated
+ the code to check the return code from the macro and
+ do the right thing. [Paul J. Reder]
+
+ *) Fix a segfault when a numeric value was received for Host:.
+ [Jeff Trawick]
+
+ *) Add a function ap_remove_input_filter. This is to match
+ up with ap_remove_output_filter. [Ryan Bloom]
+
+ *) Clean up location_walk, so that this step performs a minimum
+ amount of redundant effort (it must be run twice, but it will no
+ longer reparse all <Location > blocks when the request uri
+ hadn't changed.) [William Rowe]
+
+ *) Eliminate proxy: (and all other 'special') processing from the
+ ap_directory_walk() phase. Modules that want to use special
+ walk logic should refer to the mod_proxy map_to_location example,
+ with it's proxy_walk and proxysection implementation. This makes
+ either directory_walk flavor much more legible, since that phase
+ only runs against real <Directory > blocks.
+ [William Rowe]
+
+ *) Fix a security problem in mod_include which would allow
+ an SSI document to be passed to the client unparsed.
+ [Cliff Woolley, Brian Pane]
+
+ *) Introduce the map_to_storage hook, which allows modules to bypass
+ the directory_walk and file_walk for non-file requests. TRACE
+ shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
+ directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
+ [William Rowe]
+
+ *) Add the ability for mod_include to add the INCLUDES filter
+ if the file is configured for the server-parsed handler.
+ This makes the configuration for .shtml files much easier
+ to understand, and allows mod_include to honor Apache 1.3
+ config files. Based on Doug MacEachern's patch to PHP
+ to do the same thing. [Ryan Bloom]
+
+ *) force OpenSSL to ignore process local-caching and to always
+ get/set/delete sessions using mod_ssl's callbacks
+ [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
+ Geoff Thorpe <geoff@geoffthorpe.net>]
+
+ *) Make the worker MPM shutdown and restart cleanly. This also
+ cleans up some race conditions, and gets the worker using
+ pools more cleanly. [Aaron Bannert <aaron@clove.org>]
+
+ *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
+ for mod_ssl
+ [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
+
+ *) Fix for mod_include. Ryan's patch to check error
+ codes put a return in the wrong place. Also, the
+ include handler return code wasn't being checked.
+ I don't like macros with returns, so I converted
+ SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
+ [Paul J. Reder <rederpj@raleigh.ibm.com>]
+
+ *) fix segv in mod_mime if no AddTypes are configured
+ [John Sterling <sterling@covalent.net>]
+
+ *) Enable ssl client authentication at SSL_accept time
+ [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
+
+ *) Fix a segfault in mod_include when the original request has no
+ associated filename (e.g., we're filtering the error document for
+ a bad URI). [Jeff Trawick]
+
+ *) Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick]
+
+ *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
+ of httpd is started and shuts down due to socket conflict. Moving the
+ call to ap_log_pid solves the problem.
+
+ *) Changed the late-1.3 log_config substitution %c to %X, to log the
+ status of the closed connection, as it conflicts with the far more
+ common, historical ssl logging directive %...{var}c. [William Rowe]
+
+ *) Added the common error/ tree to the build/install targets
+ (similar to the common icons/ tree) for the multi-language error
+ messages that Lars committed earlier. [William Rowe]
+
+ *) Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard]
+
+ *) Added a default commented-out mod_ldap and mod_auth_ldap
+ configuration to httpd-std.conf and httpd-win.conf
+ [Graham Leggett]
+
+ *) Added documentation for mod_ldap and mod_auth_ldap.
+ [Graham Leggett]
+
+ *) Enabled negative caching on attribute comparisons in the LDAP cache.
+ Fixed a problem where the default cache TTL was set in milliseconds
+ not microseconds causing the cache to time out almost immediately.
+ [Graham Leggett]
+
+ *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
+ module code to follow APR. [Graham Leggett]
+
+ *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
+ cleaned up when the connection pool pool is cleaned up.
+ [Graham Leggett]
+
+ *) Fix a minor issue with Jeff Trawick's mod_include
+ patch. Without this patch, the code will just allocate
+ more bytes in get_combined_directive than are needed.
+ [Paul Reder]
+
+ *) Added the LDAP authentication module mod_auth_ldap.
+ [Dave Carrigan <dave@rudedog.org>, Graham Leggett]
+
+ *) Added the LDAP cache and connection pooling module mod_ldap.
+ [Dave Carrigan <dave@rudedog.org>, Graham Leggett]
+
+ *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
+ by allowing a module to disable itself if its prerequisites are not
+ met. [Justin Erenkrantz]
+
+Changes with Apache 2.0.24
+
+ *) Fix a couple of issues in mod_include when the tag appeared at
+ offsets near 8192 in the file being parsed. [Jeff Trawick]
+
+ *) Fix an assertion failure in mod_ssl when the keepalive timeout is
+ reached. [Jeff Trawick]
+
+ *) Numerous improvements to the Win32 build system. Introduced command line
+ builds without requiring .mak files for MSVC 6.0 and later versions.
+ Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
+ [William Rowe]
+
+ *) Assorted corrections and improvements to the winnt_mpm startup code. Better
+ reporting of uninstalled services and other error conditions, and changed the
+ default service name to Apache2. [William Rowe]
+
+ *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm
+ compatibility with existing Apache 1.3 Win32 Apache management utilites.
+ [Mladen Turk <mturk@mappingsoft.com>, William Rowe]
+
+ *) Fixed the segfaults in mod_mime introduced by hash tables in 2.0.20.
+ [William Rowe, Greg Ames]
+
+ *) Rounded out the mod_mime Add/Remove pairs by adding RemoveLanguage
+ and RemoveCharset directives. [William Rowe]
+
+ *) The Unix MPMs other than perchild now allow child server
+ processes to use the accept mutex when starting as root and
+ using SysV sems for the accept mutex. Previously, this
+ combination would lead to fatal errors in the child server
+ processes. perchild can't use SysV sems because of security
+ issues. [Jeff Trawick, Greg Ames]
+
+ *) Added Win32 revision stamp resources to all http binaries
+ (including modules/ and support/ tools.) PR7322 [William Rowe]
+
+ *) Fix ap_rvprintf to support more than 4K of data at one time.
+ [Cody Sherr <csherr@covalent.net>]
+
+ *) We have always used the obsolete/deprecated Netscape syntax
+ for our tracking cookies; now the CookieStyle directive
+ allows the Webmaster to choose the Netscape, RFC2109, or
+ RFC2965 format. The new CookieDomain directive allows the
+ setting of the cookie's Domain= attribute, too. PR #s 5006,
+ 5023, 5920, 6140 [Ken Coar]
+
+ *) Tweak server/Makefile so that the rules for generating exports.c
+ are compatible with make utilities which don't expand wildcards
+ in a dependency list (e.g., OS/390 make, certain levels of GNU
+ make). [Jeff Trawick]
+
+ *) Install the SSL headers. [John Sterling <sterling@covalent.net>]
+
+ *) Begin to sanitize the MPM configuration directives. Now, all
+ MPMs use the same functions for all common MPM directives. This
+ should make it easier to catch all bugs in these directives once.
+ [Cody Sherr <csherr@covalent.net>]
+
+ *) Close a major resource leak. Every time we had issued a
+ graceful restart, we leaked a socket descriptor.
+ [Ryan Bloom]
+
+ *) Fix a problem with the new method code. We need to cast
+ the 1 to an apr_int64_t or it will be treated as a 32-bit
+ integer, and it will wrap after being shifted 32 times.
+ [Cody Sherr <csherr@covalent.net> and Ryan Morgan <rmorgan@covalent.net>]
+
+ *) Fix a bug in mod_expires. Previous to this patch, if you
+ told mod_expires to add 604800 seconds to the last-modified
+ time, it actually added 604800 usec's to the last-modified time,
+ so that when looking at the response it looked like nothing
+ had been done. The root of the problem was that we always compute
+ time in usec's, but we ask users to input sec's. This means we
+ need to convert to usec's before using those values.
+ [Ryan Bloom]
+
+ *) The worker MPM now handles shutdown and restart requests. It
+ definitely isn't perfect, but we do stop the servers correctly.
+ The biggest problem right now is that SIGHUP causes the server to
+ just die. [Ryan Bloom]
+
+Changes with Apache 2.0.23
+
+ *) Use the prefork MPM by default on Unix. [various]
+
+ *) Added a systray icon monitor application for Win32.
+ [Mladen Turk <mturk@mappingsoft.com>]
+
+ *) mod_rewrite: Fix the line ending on some non-Unix systems for
+ messages written to the rewrite log.
+ [Richard Labennett <rlabenn@us.ibm.com>]
+
+ *) All mod_autoindex query parsing is now quietly quashed with the
+ IndexOption IgnoreClient. The IndexOption SuppressColumnSorting
+ still drops the column sort <a href>'s for the column headers, but
+ IgnoreClient is required to ignore these Query options entirely.
+ [William Rowe]
+
+ *) Introduced new mod_autoindex query argument parsing for F=[0|1|2]
+ to allow the client to select plain, FancyIndexing or HTMLTable
+ formatting, V=[0|1] to inhibit or enable version sorting, and
+ P=pattern to return only specific files. The old Query Arguments
+ were reorganized as C=f for sorting column 'f' (same N, D, S, or M
+ as before), and O=A|D for ordering ascending or descending.
+ [William Rowe]
+
+ *) Fixed an error in mod_include's directive parsing routines which
+ caused #if, #elif, and #else expressions containing backslashes
+ to be improperly evaluated. [Cliff Woolley]
+
+ *) Introduced new mod_autoindex IndexOptions flags: SuppressIcon to
+ drop the icon column, SuppressRules to drop the <hr> elements,
+ and HTMLTable to create rudimentary HTML table listings (implies
+ FancyIndexing). [William Rowe]
+
+ *) Re-introduced the mod_autoindex IndexOptions flag TrackModified
+ from Apache 1.3.15. This is needed for two reasons, first, given
+ multiple machines within a server farm, ETags and Last-Modified
+ stamps won't correspond from machine to machine, and second, many
+ Unixes don't capture changes to the date or time stamp of existing
+ files, since these don't modify the dirent itself. [William Rowe]
+
+ *) Re-introduced the mod_autoindex IndexOptions flag FoldersFirst
+ and DirectoryWidth options from Apache 1.3.10.
+ [William Rowe, Ken Coar]
+
+ *) Eliminated FancyIndexing directive, deprecated early in Apache
+ 1.3 by the IndexOptions FancyIndexing syntax. [William Rowe]
+
+ *) mod_autoindex now excludes any file names that would result in
+ an error, other than a success or redirect. Also optimized
+ the parent directory, always included except in the URI '/'.
+ [William Rowe]
+
+ *) Refactored mod_negotiation and mod_mime to help mod_dir accept
+ negotiated index pages, and prevent the server from defaulting
+ to an autoindex of the directory. mod_negotiation will now die
+ with a 500 Internal Error if it could match some filenames
+ (e.g. for mod_dir) but none can be served. mod_negotation now
+ refuses to serve any file with an extention that mod_mime doesn't
+ recognize, and wasn't part of the request. [William Rowe]
+
+ *) Eliminate mod_cgi's handling of .exe files without the .exe file
+ extension. This is already handled by multiviews, if the admin
+ wishes to AddHandler .exe or define a content type handler and
+ associate .exe files with that content type. Multiviews must be
+ enabled to allow these to be served. [William Rowe]
+
+ *) Speed up the server's response to a spike in incoming workload
+ or restarts by assigning empty scoreboard slots to new processes
+ when they are available. [Greg Ames]
+
+ *) Add a handler to mod_includes.c. This handler is designed to
+ implement the XbitHack directive. This can't be done with a
+ fixup, because we need to check the content-type, which is
+ only available in the handler phase. [Ryan Bloom]
+
+ *) Make the includes filter check return codes from filters lower in
+ the filter chain. If a lower level filter returns an error, then
+ the request needs to stop immediately. This allows mod_include to
+ stop parsing data once a lower filter recognizes an error.
+ [Ryan Bloom]
+
+ *) Add the ability to extend the methods that Apache understands
+ and have those methods <limit>able in the httpd.conf. It uses
+ the same bit mask/shifted offset as the original HTTP methods
+ such as M_GET or M_POST, but expands the total bits from an int to
+ an ap_int64_t to handle more bits for new request methods than
+ an int provides. [Cody Sherr <csherr@covalent.net>]
+
+ *) Fix broken mod_mime behavior in merging its arguments. Possible
+ cause of unexplicable crashes introduced in 2.0.20. [William Rowe]
+
+ *) Solve many mod_ssl porting issues (too many to detail) with
+ help from the whole team, but most notably [Ralf S. Engelschall,
+ Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>,
+ Doug MacEachern, William Rowe, Cliff Woolley]
+
+ *) More stall fixes for the threaded & worker mpm's.
+ Make mod_status output more accurate. Don't
+ count workers in processes which aren't actively
+ serving requests. [Greg Ames]
+
+ *) Win32: Get SSI exec cgi tag working. [Bill Stoddard]
*) Add a single listener/multiple worker MPM. This MPM is
definately not fully correct, but it allows us to solve many