--- /dev/null
+Changes with Apache 2.0a9
+
+ *) Distribution directory structure reorganized to reflect a
+ normal source distribution with external install targets.
+ [Roy Fielding]
+
+ *) The MPMs that need multiple segments of shared memory now create
+ two apr_shmem_t variables, one for each shared memory allocation.
+ the problem is that we can't determine how much memory will be required
+ for shared memory allocations once we try to allocate more than one
+ variable. The MM code automatically aligns the shared memory allocations,
+ so we end up needing to pad the amount of shared memory we want based
+ on how many variables will be allocated out of the shared memory segment.
+ It is just easier to create a second apr_shmem_t variable, and two
+ shmem memory blocks.
+ [Ryan Bloom]
+
+ *) Cleanup the export list a bit. This creates a single unified list of
+ functions exported by APR. The export list is generated at configure
+ time, and that list is then used to generate the exports.c file.
+ Because of the way the export list is generated, we only export those
+ functions that are valid on the platform we are building on.
+ [Ryan Bloom]
+
+ *) Enable logging the cookie with mod_log_config
+ [Sander van Zoest <sander@covalent.net>]
+
+ *) Fix a segfault in mod_info when it reaches the end of the configuration.
+ [Jeff Trawick]
+
+ *) Added lib/aputil/ as a placeholder for utility functions which are not
+ specific to the Apache HTTP Server (but do not make sense with APR).
+ The first utility is "apu_dbm": a set of functions to work with DBM
+ files. This first version can be compiled for SDBM or GDBM databases.
+ [Greg Stein]
+
+ *) Complete re-write of mod_include. This makes mod_include a filter that
+ uses buckets directly. This has now served the FAQ correctly.
+ [Paul Reder <rederpj@raleigh.ibm.com>]
+
+ *) Allow modules to specify the first filter in a sub_request when
+ making the sub_request. This keeps modules from having to change the
+ output_filter immediately after creating the sub-request, and therefore
+ skip the sub_req_output_filter. [Ryan Bloom]
+
+ *) Update ab to accept URLs with IPv6 literal address strings (in the
+ format described in RFC 2732), and to build Host header fields in
+ the same format. This allows IPv6 literal address strings to be
+ used with ab. This support has been tested against Apache 1.3 with
+ the KAME patch, but Apache 2.0 does not yet work with this format
+ of the Host header field. [Jeff Trawick]
+
+ *) Accomodate an out-of-space condition in the piped logs and the
+ rotatelogs.c code, and no longer churn log processes for this
+ condition. [Victor J. Orlikowski]
+
+ *) Add support for partial writes with apr_sendfile() to core_output_filter.
+ [Greg Ames]
+
+Changes with Apache 2.0a8
+
+ *) Add a directive to mod_mime so that filters can be associated with
+ a given mime-type.
+ [Ryan Bloom]
+
+ *) Get multi-views working again. We were setting the path_info
+ field incorrectly if we couldn't find the specified file.
+ [Ryan Bloom]
+
+ *) Fix 304 processing. The core should never try to send the headers
+ down the filter stack. Always, just setup the table in the request
+ record, and let the header filter convert it to data that is ready
+ for the network.
+ [Ryan Bloom]
+
+ *) More fixes for the proxy. There are still bugs in the proxy code,
+ but this has now proxied www.yahoo.com and www.ntrnet.net (my ISP)
+ successfully.
+ [Ryan Bloom]
+
+ *) Fix params for apr_getaddrinfo() call in connect proxy handler.
+ [Chuck Murcko]
+
+ *) APR: Add new apr_getopt_long function to handle long options.
+ [B. W. Fitzpatrick <fitz@red-bean.com>]
+
+ *) APR: Change apr_connect() to take apr_sockaddr_t instead of hostname.
+ Add generic apr_create_socket(). Add apr_getaddrinfo() for doing
+ hostname resolution/address string parsing and building
+ apr_sockaddr_t. Add apr_get_sockaddr() for getting the address
+ of one of the apr_sockaddr_t structures for a socket. Change
+ apr_bind() to take apr_sockaddr_t. [David Reid and Jeff Trawick]
+
+ *) Remove the BUFF from the HTTP proxy. This is still a bit ugly, but
+ I have proxied pages with it, cleanup will commence soon.
+ [Ryan Bloom]
+
+ *) Make the proxy work with filters. This isn't perfect, because we
+ aren't dealing with the headers properly. [Ryan Bloom]
+
+ *) Do not send a content-length iff the C-L is 0 and this is a head
+ request. [Ryan Bloom]
+
+ *) Make cgi-bin work as a regular directory when using mod_vhost_alias
+ with no VirtualScriptAlias directives. PR#6829 [Tony Finch]
+
+ *) Remove BUFF from the PROXY connect handling. [Ryan Bloom]
+
+ *) Get the default_handler to stop trying to deal with HEAD requests.
+ The idea is to let the content-length filter compute the C-L before
+ we try to send the data. If we can get the C-L correctly, then we
+ should send it in the HEAD response.
+ [Ryan Bloom]
+
+ *) The Header filter can now determine if a body should be sent based
+ on r->header_only. The general idea of this is that if we delay
+ deciding to send the body, then we might be able to compute the
+ content-length correctly, which will help caching proxies to cache
+ our data better. Any handler that doesn't want to try to compute
+ the content-length can just send an EOS bucket without data and
+ everything will just work.
+ [Ryan Bloom]
+
+ *) Add the referer to the error log if one is available.
+ [Markus Gyger <mgyger@itr.ch>]
+
+ *) Mod_info.c has now been ported to Apache 2.0. As a part of this
+ change, the root of the configuration tree has been exposed to modules
+ as ap_conftree.
+ [Ryan Morgan <rmorgan@covalent.net>]
+
+ *) Get the core_output_filter to use the bucket interface directly.
+ This keeps us from calling the content-length filter multiple times
+ for a simple static request.
+ [Ryan Bloom]
+
+ *) We are sending the content-type correctly now.
+ [Ryan Bloom and Will Rowe]
+
+ *) APR on FreeBSD: Fix a bug in apr_sendfile() which caused us to report
+ a bogus bytes-sent value when the only thing being sent was trailers
+ and writev() returned an error (or EAGAIN). [Jeff Trawick]
+
+ *) Get SINGLE_LISTEN_UNSERIALIZED_ACCEPT working again. This uses the
+ hints file to determine which platforms define
+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
+ [Ryan Bloom]
+
+ *) APR: add apr_get_home_directory() [Jeff Trawick]
+
+ *) Initial import of 1.3-current mod_proxy. [Chuck Murcko]
+
+ *) Not all platforms have INADDR_NONE defined by default. Apache
+ used to make this check and define INADDR_NONE if appropriate,
+ but APR needs the check too, and I suspect other applications will
+ as well. APR now defines APR_INADDR_NONE, which is always a valid
+ value on all platforms.
+ [Branko Èibej <brane@xbc.nu>]
+
+ *) Destroy the pthread mutex in lock_intra_cleanup() for PR#6824.
+ [Shuichi Kitaguchi <ki@hh.iij4u.or.jp>]
+
+ *) Relax the syntax checking of Host: headers in order to support
+ iDNS. PR#6635 [Tony Finch]
+
+ *) When reading from file buckets we convert to an MMAP if it makes
+ sense. This also simplifies the default handler because the
+ default handler no longer needs to try to create MMAPs.
+ [Ryan Bloom]
+
+ *) BUFF has been removed from the main server. The BUFF code will remain
+ in the code until it has been purged from the proxy module as well.
+ [Ryan Bloom]
+
+ *) Byteranges have been completely re-written to be a filter. This
+ has been tested, and I believe it is working correctly, but it could
+ doesn't work for the Adobe Acrobat plug-in. The output almost matches
+ the output from 1.3, the only difference being that 1.3 includes
+ a content-length in the response, and this does not.
+ [Ryan Bloom]
+
+ *) APR read/write functions and bucket read functions now operate
+ on unsigned integers, instead of signed ones. It doesn't make
+ any sense to use signed ints, because we return the error codes,
+ so if we have an error we should report 0 bytes read or written.
+ [Ryan Bloom]
+
+ *) Always compute the content length, whether it is sent or not.
+ The reason for this, is that it allows us to correctly report
+ the bytes_sent when logging the request. This also simplifies
+ content-length filter a bit, and fixes the actual byte-reporing
+ code in mod_log_config.c
+ [Ryan Bloom]
+
+ *) Remove AP_END_OF_BRIGADE definition. This does not signify what
+ it says, because it was only used by EOS and FLUSH buckets. Since
+ neither of those are required at the end of a brigade, this was
+ really signifying FLUSH_THE_DATA, but that can be determined better
+ by checking AP_BUCKET_IS_EOS() or AP_BUCKET_IS_FLUSH. EOS and FLUSH
+ buckets now return a length of 0, which is actually the amount of data
+ read, so they make more sense.
+ [Ryan Bloom]
+
+ *) Allow the core_output_filter to save some data past the end of a
+ request. If we get an EOS bucket, we only send the data if it
+ makes sense to send it. This allows us to pipeline request
+ responses. As a part of this, we also need to allocate mmap
+ buckets out of the connection pool, not the request pool. This
+ allows the mmap to outlive the request.
+ [Ryan Bloom]
+
+ *) Make blocking and non-blocking bucket reads work correctly for
+ sockets and pipes. These are the only bucket types that should
+ have non-blocking reads, because the other bucket types should
+ ALWAYS be able to return something immediately.
+ [Ryan Bloom]
+
+ *) In the Apache/Win32 console window, accept Ctrl+C to stop the
+ server, but use Ctrl+Break to initiate a graceful restart
+ instead of duplicating behavior. [John Sterling]
+
+ *) Patch mod_autoindex to set the Last-Modified header based on
+ the directory's mtime, and add the ETag header. [William Rowe]
+
+ *) Merge the 1.3 patch to add support for logging query string in
+ such a way that "%m %U%q %H" is the same as "%r".
+ [Bill Stoddard]
+
+ *) Port three log methods from mod_log_config 1.3 to 2.0:
+ CLF compliant '-' byte count, method and protocol.
+ [Bill Stoddard]
+
+ *) Add a new LogFormat directive, %c, that will log connection
+ status at the end of the response as follows:
+ 'X' - connection aborted before the response completed.
+ '+' - connection may be kept-alive by the server.
+ '-' - connection will be closed by the server.
+ [Bill Stoddard]
+
+ *) Expand APR for WinNT to fully accept and return utf-8 encoded
+ Unicode file names and paths for Win32, and tag the Content-Type
+ from mod_autoindex to reflect that charset if the the feature
+ macro APR_HAS_UNICODE_FS is true. [William Rowe]
+
+ *) Compute the content length (and add appropriate header field) for
+ the response when no content length is available and we can't use
+ chunked encoding. [Jeff Trawick]
+
+ *) Changed ap_discard_request_body() to use REQUEST_CHUNKED_DECHUNK,
+ so that content input filters get dechunked data when using
+ the default handler. Also removed REQUEST_CHUNKED_PASS.
+ [Sascha Schumann]
+
+ *) Add mod_ext_filter as an experimental module. This module allows
+ the administrator to use external programs as filters. Currently,
+ only filtering of output is supported. [Jeff Trawick]
+
+ *) Most Apache functions work on EBCDIC machines again, as protocol
+ data is now translated (again). [Jeff Trawick]
+
+ *) Introduce ap_xlate_proto_{to|from}_ascii() to clean up some of
+ the EBCDIC support. They are noops on ASCII machines, so this
+ type of translation doesn't have to be surrounded by #ifdef
+ CHARSET_EBCDIC. [Jeff Trawick]
+
+ *) Fix mod_include. tag commands work again, and the server will
+ send the FAQ again. This also allows mod_include to set aside
+ buckets that include partial buckets.
+ [Ryan Bloom and David Reid]
+
+ *) Add suexec support back. [Manoj Kasichainula]
+
+ *) Lingering close now uses the socket directly instead of using
+ BUFF. This has been tested, but since all we can tell is that it
+ doesn't fail, this needs to be really hacked on.
+ [Ryan Bloom]
+
+ *) Allow filters to modify headers and have those headers be sent to
+ the client. The idea is that we have an http_header filter that
+ actually sends the headers to the network. This removes the need
+ for the BUFF to send headers.
+ [Ryan Bloom]
+
+ *) Charset translation: mod_charset_lite handles translation of
+ request bodies. Get rid of the xlate version of ap_md5_digest()
+ since we don't compute digests of filtered (e.g., translated)
+ response bodies this way anymore. (Note that we don't do it at
+ all at the present; somebody needs to write a filter to do so.)
+ [Jeff Trawick]
+
+ *) Input filters and ap_get_brigade() now have a input mode parameter
+ (blocking, non-blocking, peek) instead of a length parameter.
+ [hackathon]
+
+ *) Update the mime.types file to the registered media types as
+ of 2000-10-19. PR#6613 [Carsten Klapp <carsten.klapp@home.net>,
+ Tony Finch]
+
+ *) Namespace protect some macros declared in ap_config.h
+ [Ryan Bloom]
+
+ *) Support HTTP header line folding with input filtering.
+ [Greg Ames]
+
+ *) Mod_include works again. This should still be re-written, but at
+ least now we can serve an SHTML page again.
+ [Ryan Bloom]
+
+ *) Begin to remove BUFF from the core. Currently, we keep a pointer
+ to both the BUFF and the socket in the conn_rec. Functions that
+ want to use the BUFF can, functions that want to use the socket,
+ can. They point to the same place.
+ [Ryan Bloom]
+
+ *) apr_psprintf doesn't understand %lld as a format. Make it %ld.
+ [Tomas "Ögren" <stric@ing.umu.se>]
+
+ *) APR pipes on Unix and Win32 are now cleaned up automatically when the
+ associated pool goes away. (APR pipes on OS/2 were already had this
+ logic.) This resolvs a fatal file descriptor leak with CGIs.
+ [Jeff Trawick]
+
+ *) The final line of the config file was not being read if there was
+ no \n at the end of it. This was caused by apr_fgets returning
+ APR_EOF even though we had read valid data. This is solved by
+ making cfg_getline check the buff that was returned from apr_fgets.
+ If apr_fgets return APR_EOF, but there was data in the buf, then we
+ return the buf, otherwise we return NULL.
+ [Ryan Bloom]
+
+ *) Piped logs work again in the 2.0 series.
+ [Ryan Bloom]
+
+ *) Restore functionality broken by the mod_rewrite security fix:
+ rewrite map lookup keys and default values are now expanded
+ so that the lookup can depend on the requested URI etc.
+ PR #6671 [Tony Finch]
+
+ *) Tighten up the syntax checking of Host: headers to fix a
+ security bug in some mass virtual hosting configurations
+ that can allow a remote attacker to retrieve some files
+ on the system that should be inaccessible. [Tony Finch]
+
+ *) Add a pool bucket type. This bucket is used for data allocated out
+ of a pool. If the pool is cleaned before the bucket is destroyed, then
+ the data is converted to a heap bucket, allowing it to survive the
+ death of the pool.
+ [Ryan Bloom]
+
+ *) Add a flush bucket. This allows modules to signal that the filters
+ should all flush whatever data they currently have. There is no way
+ to actually force them to do this, so if a filter ignores this bucket,
+ that's life, but at least we can try with this.
+ [Ryan Bloom]
+
+ *) Add an output filter for sub-requests. This filter just strips the
+ EOS bucket so that we don't confuse the main request's core output
+ filter by sending multiple EOS buckets. This change also makes sub
+ requests start to send EOS buckets when they are finished.
+ [Ryan Bloom]
+
+ *) Make ap_bucket_(read|destroy|split|setaside) into macros. Also
+ makes ap_bucket_destroy a return void, which is okay because it
+ used to always return APR_SUCCESS, and nobody ever checked its
+ return value anyway.
+ [Cliff Woolley <cliffwoolley@yahoo.com>]
+
+ *) Remove the index into the bucket-type table from the buckets
+ structure. This has now been replaced with a pointer to the
+ bucket_type. Also add some macros to test the bucket-type.
+ [Ryan Bloom]
+
+ *) Renamed all MODULE_EXPORT symbols to AP_MODULE_DECLARE and all symbols
+ for CORE_EXPORT to AP_CORE_DECLARE (namespace protecting the wrapper)
+ and retitled API_EXPORT as AP_DECLARE and APR_EXPORT as APR_DECLARE.
+ All _VAR_ flavors changes to _DATA to be absolutely clear.
+ [William Rowe]
+
+ *) Add support for /, //, //servername and //server/sharename
+ parsing of <Directory> blocks under Win32 and OS2.
+ [Tim Costello, William Rowe, Brian Harvard]
+
+ *) Remove the function pointers from the ap_bucket type. They have been
+ replaced with a global table. Modules are allowed to register bucket
+ types and use then use those buckets.
+ [Ryan Bloom]
+
+ *) mod_cgid: In the handler, shut down the Unix socket (only for write)
+ once we finish writing the request body to the cgi child process;
+ otherwise, the client doesn't hit EOF on stdin. Small request bodies
+ worked without this change (for reasons I don't understand), but large
+ ones didn't. [Jeff Trawick]
+
+ *) Remove file bucket specific information from the ap_bucket type.
+ This has been moved to a file_bucket specific type that hangs off
+ the data pointer in the ap_bucket type.
+ [Ryan Bloom]
+
+ *) Input filtering now has a third argument. This is the amount of data
+ to read from lower filters. This argument can be -1, 0, or a positive
+ number. -1 means give me all the data you have, I'll deal with it and
+ let you know if I need more. 0 means give me one line and one line
+ only. A positive number means I want no more than this much data.
+
+ Currently, only 0 and a positive number are implemented. This allows
+ us to remove the remaining field from the conn_rec structure, which
+ has also been done.
+ [Ryan Bloom]
+
+ *) Big cleanup of the input filtering. The goal is that http_filter
+ understands two conditions, headers and body. It knows where it is
+ based on c->remaining. If c->remaining is 0, then we are in headers,
+ and http_filter returns a line at a time. If it is not 0, then we are
+ in body, and http_filter returns raw data, but only up to c->remaining
+ bytes. It can return less, but never more.
+ [Greg Ames, Ryan Bloom, Jeff Trawick]
+
+ *) mod_cgi: Write all of the request body to the child, not just what
+ the kernel would accept on the first write. [Jeff Trawick]
+
+ *) Back out the change that moved the brigade from the core_output_filters
+ ctx to the conn_rec. Since all requests over a given connection
+ go through the same core_output_filter, the ctx pointer has the
+ correct lifetime.
+ [Ryan Bloom]
+
+ *) Fix another bug in the send_the_file() read/write loop. A partial
+ send by apr_send would cause unsent data in the read buffer to
+ get clobbered. Complete making send_the_file handle partial
+ writes to the network.
+ [Bill Stoddard]
+
+ *) Fix a couple of type fixes to allow compilation on AIX again
+ [Victor J. Orlikowski <v.j.orlikowski@gte.net>]
+
+ *) Fix bug in send_the_file() which causes offset to be ignored
+ if there are no headers to send.
+ [Bill Stoddard]
+
+ *) Handle APR_ENOTIMPL returned from apr_sendfile in the core
+ filter. Useful for supporting Windows 9* with a binary
+ compiled on Windows NT.
+ [Bill Stoddard]
+
+Changes with Apache 2.0a7
+
+ *) Reimplement core_output_filter to buffer/save bucket brigades
+ across multiple calls to the core_filter. The brigade will be
+ sent when either MIN_BYTES_TO_SEND or MAX_IOVEC_TO_WRITE
+ thresholds are hit or the EOS bucket is received.
+ [Bill Stoddard]
+
+ *) Create experimental filter (buffer_filter) that coalesces bytes
+ into one large buffer before invoking the next filter in the
+ chain. This filter is particularly useful with the current
+ implementation of mod_autoindex when it inserted above the
+ chunk_filter. mod_autoindex generates a lot of brigades that
+ containing buckets holding just a few bytes each. The
+ buffer_filter coalesces these buckets into a single large bucket.
+ [Bill Stoddard]
+
+ *) Add apr_sendfile() support into the core_output_filter.
+ [Bill Stoddard]
+
+ *) Add apr_sendv() support into the core_output_filter.
+ [Bill Stoddard]
+
+ *) Fix mod_log_config so that it compiles cleanly with BUFFERED_LOGS
+ [Mike Abbott <mja@sgi.com>]
+
+ *) Remove ap_send_fb. This is no longer used in Apache, and it doesn't
+ make much sense, because Apache uses buckets instead of BUFFs now.
+ [Ryan Bloom]
+
+ *) send_the_file now falls back to a read/write loop on platforms that
+ do not have sendfile.
+ [Ryan Bloom and Brian Havard]
+
+ *) Install apachectl correctly, and substitute the proper values so
+ that it works again. [Ryan Bloom]
+
+ *) Better(??) handle platforms that lack sendfile().
+ [Jim Jagielski]
+
+ *) APR now has UUID generation/formatting/parsing support.
+ [Greg Stein]
+
+ *) Begin the http_filter. This is an input filter that understands
+ the absolute basic amount required to parse an HTTP Request. The
+ goal is to be able to split headers from request body before passing
+ the data back to the other filters.
+ [Ryan Bloom]
+
+ *) Bring forward from 1.3.13 the config directory implementation
+ [Jim Jagielski]
+
+ *) install apxs if it is created
+ [Ryan Bloom]
+
+ *) Added APR_IS_STATUS_condition test macros to eliminate canonical error
+ conversions. [William Rowe]
+
+ *) Now that we have ap_add_input_filter(), rename ap_add_filter() to
+ ap_add_output_filter(). [Jeff Trawick]
+
+ *) Multiple build and configuration fixes
+ Build process:
+
+ -add datadir and localstatedir substitutions
+ -fix layout name
+ -fix logfilename misspelling
+ -fix evaluation of installation dir variables and
+ -replace $foobar by $(foobar) to be usefull in the makefile
+
+ Cross compile:
+
+ -add rules for cross-compiling in rules.mk. Okay, rule to check for
+ $CC_FOR_BUILD is still missing
+ -use CHECK_TOOL instead of CHECK_PROG for ranlib
+ -add missing "AR=@AR@" to severaly Makefile.in's
+ -cache result for "struct rlimit"
+ -compile all helper programs with native and cross compiler
+ and use the native version to generate header file
+ ["Rüdiger" Kuhlmann <Tadu@gmx.de>]
+
+ *) Prepare our autoconf setup for autoconf 2.14a and for cross-
+ compiling.
+ ["Rüdiger" Kuhlmann <Tadu@gmx.de>]
+
+ *) Fix a bug where a client which only sends \n to delimit header
+ lines (netcat) gets a strange looking HTTP_NOT_IMPLEMENTED
+ message. Start working on ebcdic co-existance with input
+ filtering.
+ [William Rowe, Greg Ames]
+
+ *) If mod_so is enabled in the server always create libexec, even
+ if there are no modules installed in this directory. This is a
+ requirement for APXS to work correctly.
+ [Ryan Bloom]
+
+ *) Connection oriented output filters are now stored in the
+ conn_rec instead of the request_rec. This allows us to add the
+ output filter in the pre-connection phase instead of the
+ post_read_request phase, which keeps us from trying to write an
+ error page before we have a filter to write to the network.
+ [Ryan Bloom, Jeff Trawick, and Greg Ames]
+
+ *) Cleaning up an mmap bucket no longer deletes the mmap. An
+ mmap can be used across multiple buckets (default_handler with
+ byte ranges, mod_file_cache, mod_mmap_static), so cleanup of
+ the mmap itself can't be associated with the bucket.
+ [Jeff Trawick]
+
+ *) Add .dll caching directive ISAPICacheFile to mod_isapi.
+ [William Rowe]
+
+ *) Radical surgery to improve mod_isapi support under Win32.
+ Includes a number of newer ServerSupportFunction calls, support
+ for ReadClient (in order to retrieve POSTs greater than 48KB),
+ and general bug fixes to more reliably load ISAPI .dll's and
+ prevent leaking handle resources. Note: There are still
+ discrepancies between IIS's and Apache's ServerVariables, and
+ async calls are still not supported. Additional warnings are
+ logged to facilitate debugging of unsupported ISAPI calls.
+ [William Rowe]
+
+ *) Add input filtering to Apache. The basic idea for the input
+ filters is the same as the ideas for output filters. The biggest
+ difference is that instead of calling ap_pass_brigade, ap_get_brigade
+ should be called, and the order of execution for the filter itself is
+ different. When writing an output filter, a brigade is passed in,
+ and filters operate directly on that brigade, when done, they call
+ ap_pass_brigade. Input filters are the exact opposite. Because input
+ is not a push operation, filters first call ap_get_brigade. When this
+ function returns, the input filter will be left with a valid brigade.
+ The input filter should then operate on the brigade, and return.
+ [Ryan Bloom]
+
+ *) Fix building on BSD/OS using its native make. The build system
+ falls back to the BSD .include directive on that host platform.
+ [Sascha Schumann]
+
+ *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5,
+ SHA1 and plaintext password encodings. Make feature tests a
+ bit more flexible. [William Rowe]
+
+ *) Charset translation: mod_charset_lite handles output content
+ translation in a filter. mod_charset_lite no longer ignores
+ subrequests. A bunch of cruft related to BUFF's support for
+ translating request and response bodies was removed.
+ [Jeff Trawick]
+
+ *) Move the addition of the CORE filter to the post_read_request
+ hook in http_core.c. This removes the need to add the filter in
+ multiple places and allows for an SSL module to be added much
+ simpler. [Ryan Bloom]
+
+ *) Fix a security problem that affects certain configurations of
+ mod_rewrite. If the result of a RewriteRule is a filename that
+ contains expansion specifiers, especially regexp backreferences
+ $0..$9 and %0..%9, then it may be possible for an attacker to
+ access any file on the web server. [Tony Finch]
+
+ *) Fix a bug where errors that are detected during early request parsing
+ don't produce visible HTTP error messages at the browser, because
+ the core_filter wasn't present. [Greg Ames]
+
+ *) Provide apr_socklen_t as a portability aid.
+ [Victor J. Orlikowski]
+
+ *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
+ as well as a comment arg to the add, adduser and update cmds.
+ update allows the user to clear or preserve pw/groups/comment.
+ Fixed a bug in dbmmanage that prevented the check option from
+ parsing a password followed by :group... text. Corrected the
+ seed calcualation for Win32 systems, and added -lsdbm support.
+ [William Rowe]
+
+ *) Configured mod_auth_dbm to compile with sdbmlib under Win32.
+ [William Rowe]
+
+ *) Avoid a segfault when parsing .htaccess files. An
+ uninitialized tree pointer was passed to ap_build_config().
+ [Jeff Trawick]
+
+ *) Change the way that inet_addr & inet_network are checked for
+ in APR's configure process to allow BeOS BONE to correctly
+ find them. With this change BeOS BONE now builds from source
+ with no problems. [David Reid]
+
+ *) Fix a bug in apr_create_process() for Unix. The NULL signifying
+ the end of the parameters to execve() was stored in the wrong
+ location, overlaying the storage beyond the newargs[] array and
+ also passing uninitialized storage to execve(), which would
+ sometimes fail with EFAULT. [Jeff Trawick]
+
+ *) Fix a bug parsing configuration file containers. With a sequence
+ like this in the config file
+
+ <IfModule mod_kilroy.c>
+ any stuff
+ </IfModule>
+ <IfModule mod_lovejoy.c>
+ (blank line)
+ any stuff
+ </IfModule>
+
+ the second container would be terminated at the blank line due to
+ sediment in the buffer from reading the prior </IfModule> and an
+ error message would be generated for the real </IfModule> for the
+ second container. Also due to this problem, any two characters
+ could be used for "</" in the close of a container.
+ [Jeff Trawick]
+
+ *) ap_add_filter prototype changed to remove the ctx pointer. The
+ pointer still remains in the filter structure, but it can not be
+ a part of the ap_add_filter prototype. The reason is that when
+ the core uses AddFilter to add a filter to the stack it doesn't
+ know how to allocate the ctx pointer, or even how much memory should
+ be allocated. The filters will have to be responsible for allocating
+ the ctx memory when they need it.
+ [Ryan Bloom]
+
+ *) Add an AddFilter directive. This directive takes a list of filters
+ that should be activated for the requested resource.
+ [Ryan Bloom]
+
+ *) apr_snprintf(): Get quad format strings working on OS/390 (and perhaps
+ some other platforms). [Jeff Trawick]
+
+ *) Modify mod_include to be a filter. Currently, it has only been tested
+ on actual files, but it should work for CGI scripts too.
+ [Ryan Bloom]
+
+ *) apr_putc(), apr_puts() for Unix: handle buffered files and interrupted
+ writes. apr_flush() for Unix: handle interrupted writes.
+ [Jeff Trawick]
+
+ *) NameVirtualHost can now take "*" as an argument instead of
+ an IP address. This allows you to create a purely name-based
+ virtual hosting server that does not have any IP addresses in
+ the configuration file and which ignores the local address
+ of any connections. PR #5595, PR #4455 [Tony Finch]
+
+ *) Fix some compile warnings in mod_mmap_static.c
+ [Mike Abbott <mja@sgi.com>]
+
+ *) Fix chunking problem with CGI scripts. The general problem was that
+ the CGI modules were adding an EOS bucket and then the core added an
+ EOS bucket. The chunking filter finalizes the chunked response when it
+ encounters an EOS bucket. Because two EOS buckets were sent, we
+ finalized the response twice. The fix is to make sure we only send one
+ EOS, by utilizing a flag in the request_rec.
+ [Ryan Bloom]
+
+ *) apr_put_os_file() now sets up the unget byte appropriately on Unix
+ and Win32. Previously, the first read from an apr_file_t set up via
+ apr_put_os_file() would return a '\0'. [Jeff Trawick]
+
+ *) Mod_cgid now creates a single element bucket brigade, with a pipe
+ bucket, instead of using BUFF's and ap_r*.
+ [Ryan Bloom]
+
+ *) APRVARS.in no longer overwrites the EXTRA_LIBS variable.
+ [Mike Abbott <mja@sgi.com>]
+
+ *) Remove ap_bopenf from buff code. This required modifying the file_cache
+ code to use APR file's directly instead of going through BUFFs.
+ [Ryan Bloom]
+
+ *) Fix compile break on some platforms for mod_mime_magic.c
+ [John K. Sterling <sterling@covalent.net>]
+
+ *) Fix merging of AddDefaultCharset directive.
+ PR #5872 (1.3) [Jun Kuriyama <kuriyama@imgsrc.co.jp>]
+
+ *) Minor revamp of the rlimit sections of code. We now test
+ explicitly for setrlimit and getrlimit. Also, unixd_set_rlimit()
+ is now "available" even if the platform doesn't support
+ the rlimit family (it's just a noop though). [Jim Jagielski]
+
+ *) Migrate the pre-selection of which MPM to use for specific
+ platforms to hints.m4, which contains (or should contain)
+ all platform specific "hints". [Jim Jagielski]
+
+ *) Remove IOLs from Apache. With filtering, IOLs are no longer necessary
+ [Ryan Bloom]
+
+ *) Add tables with non-string/binary values to APR.
+ [Ken Coar]
+
+ *) Fix some bad calls to ap_log_rerror() in mod_rewrite.
+ [Jeff Trawick]
+
+ *) Update PCRE to version 3.2. [Ryan Bloom]
+
+ *) Change the way buckets' destroy functions are called so that
+ they can be more directly used when changing the type of a
+ bucket in place. [Tony Finch]
+
+ *) Add generic support for reference-counting the resources used by
+ buckets, and alter the HEAP and MMAP buckets to use it. Change
+ the way buckets are initialised to support changing the type of
+ buckets in place, and use it when setting aside TRANSIENT buckets.
+ Change the implementation of TRANSIENT buckets so that it can be
+ mostly shared with IMMORTAL buckets, which are now implemented.
+ [Tony Finch]
+
+Changes with Apache 2.0a6
+
+ *) Add support to Apache and APR for dsos on OS/390. [Greg Ames]
+
+ *) Add a chunking filter to Apache. This brings us one step closer
+ to removing BUFF. [Ryan Bloom]
+
+ *) ap_add_filter now adds filters in a LIFO fashion. The first filter
+ added to the stack is the last filter to be called. [Ryan Bloom]
+
+ *) Apache 2.0 has been completely documented using Scandoc. The
+ docs can be generated by running 'make docs'. [Ryan Bloom]
+
+ *) Add filtered I/O to Apache. This is based on bucket brigades,
+ Currently the buckets still use BUFF under the covers, but that
+ should change quickly. The only currently written filter is the
+ core filter which just calls ap_bwrite. [The Apache Group]
+
+ *) APR locks on Unix: Let APR_LOCKALL locks work when APR isn't
+ built with thread support. [Jeff Trawick]
+
+ *) Abort configuration if --with-layout was specified and there's
+ no layout definition file. [Ken Coar]
+
+ *) Add support for '--with-port=n' option to configure. [Ken Coar]
+
+ *) Add support for extension methods for the Allow response header
+ field, and an API routine for accessing r->allowed and the
+ list of extension methods in a unified manner. [Ken Coar]
+
+ *) mod_cern_meta: fix broken file reading loop in scan_meta_file().
+ [Rob Simonson <simo@us.ibm.com>]
+
+ *) Get xlate builds working again. The apr renaming in 2.0a5 broke
+ APACHE_XLATE builds. [Jeff Trawick]
+
+ *) A configuration file parsing problem was fixed. When the
+ configuration file started with an IfModule/IfDefine container,
+ only the last statement in the container would be retained.
+ [Jeff Trawick]
+
+Changes with Apache 2.0a5
+
+ *) Perchild is serving pages after passing them to different child
+ processes. There are still a lot of bugs, but this does work. I
+ have made requests against the same installation of Apache, and had
+ different servers use different user IDs to serve the responses.
+ This change moves to using socketpair instead of an AF_UNIX socket.
+ [Ryan Bloom]
+
+ *) Perchild MPM still doesn't work perfectly, but it is serving pages.
+ It can't seem to pass between child processes yet, but I think we
+ are closer now than before. This moves us back to using Unix
+ Domain Sockets. [Ryan Bloom]
+
+ *) libapr functions and types renamed with apr_ prefix.
+ #include "apr_compat.h" for 1.3.x backwards compat
+ [Perl]
+
+ *) Fix problems with APR sockaddr handling on Win32. It didn't always
+ return the right information on the local socket address.
+ [Gregory Nicholls <gnicholls@level8.com>]
+
+ *) ap_recv() on Win32: Set bytes-read to 0 on error.
+ [Gregory Nicholls <gnicholls@level8.com>]
+
+ *) Add an option to not detach from the controlling terminal without
+ going into single process mode. This allows for much easier
+ debugging of the process startup code. [Ryan Bloom]
+
+ *) ab: don't use perror() to report the failure of an APR function.
+ [Jeff Trawick]
+
+ *) Make dexter, mpmt_pthread, and perchild MPMs not destroy the
+ scoreboard on graceful restarts.
+ [Ryan Bloom]
+
+ *) Fix segfault/SIGSEGV when running gzip from mod_mime_magic.c.
+ An invalid ap_proc_t was passed to ap_create_process().
+ [Jeff Trawick]
+
+ *) Allow modules to register filters. Those filters are still
+ never called, but this is a step in the right direction.
+ [Ryan Bloom and Greg Stein]
+
+ *) Register the mod_cgid daemon process for cleanup so that it is
+ killed at termination if it does not die when the parent gets
+ SIGTERM. This change is to fix occasional problems where the
+ process stays around. Bugs in similar logic in mod_rewrite and
+ mod_include were also fixed. [Jeff Trawick]
+
+ *) Fix a bug in the time handling. Basically, we were imploding a time
+ in ap_parseHTTPdate, but it had bogus data in the exploded time format.
+ Namely, tm_usec and tm_gmtoff were not filled out. ap_implode_time
+ uses those two fields to adjust the time value. Because of the HTTP
+ spec, both of those values can be zero'ed out safely. This fixes
+ the bug correctly. [Ryan Bloom]
+
+ *) Fix a couple of place in the Windows code where the wrong error
+ code was being returned. [Gregory Nicholls <gnicholls@level8.com>]
+
+ *) Fix POOL_DEBUG (at least for prefork mpm). [Dean Gaudet]
+
+ *) Added the APR_EOL_STR macro for platform dependent differences in
+ logfiles and other raw text (such as all APR files). Fixes logfiles
+ not terminated with cr/lf sequences in Win32. [William Rowe]
+
+ *) Move all strings functions in APR to src/lib/apr/strings and create
+ apr_strings.h for the prototypes. [Ryan Bloom]
+
+ *) APR lock fixes: when using SysV sems, flock(), or fcntl(), be sure
+ to repeat the syscall until we stop getting EINTR. I noticed a
+ related problem at termination (SIGTERM) on FreeBSD when using
+ fcntl(). Apache 1.3 had these new loops too. Also, make the flock()
+ implementation work properly with child init. Previously, ap_lock()
+ was essentially a no-op because all children were using different
+ locks and thus nobody ever blocked. [Jeff Trawick]
+
+ *) The htdocs/ tree has been moved out of the CVS source tree into
+ a separate area for easier development. This has NO EFFECT on
+ end-users or Apache installations. [Ken Coar]
+
+ *) Integrate the mod_dav module for WebDAV protocol handling. This
+ adds the dav and dav_fs modules, the SDBM library, and additional
+ XML handling utilities. [Greg Stein]
+
+ *) Clean out obsolete names (from httpd.h) for the HTTP Status Codes
+ [Greg Stein]
+
+ *) Update the lib/expat-lite/ library (bring forward changes from
+ the Apache 1.3 repository). [Greg Stein]
+
+ *) If sizeof(long long) == sizeof(long), then prefer long in APR
+ configure.in. [Dave Hill <ddhill@zk3.dec.com>]
+
+ *) Add ap_sendfile for Tru64 Unix. Also, add an error message for
+ machines where sendfile is detected, but nobody has written ap_sendfile.
+ [Dave Hill <ddhill@zk3.dec.com>]
+
+ *) Compile fixes in mod_mmap_static. [Victor J. Orlikowski]
+
+ *) ab would start up more connections than needed, then quit when the
+ desired number were finished. Also fixed a logic error involving
+ ab keepalives. [Victor J. Orlikowski]
+
+ *) WinNT: Implement non-blocking pipes with timeouts to communicate
+ with CGIs. Apache 2.0a4 had non-blocking pipes but without
+ timeouts (i.e, if a timeout was specified, the pipe reverted to
+ a full blocking pipe). Now the behaviour is more in line with
+ Unix non-blocking pipes.
+ [Bill Stoddard]
+
+ *) WinNT: Implement accept socket reuse. Using mod_file_cache to
+ cache open file handles along with accept socket reuse enables
+ Apache 2.0 to serve non-keepalive requests for static files at
+ 3x the rate of Apache 1.3.(e.g, Apache 1.3 will serve 400 rps
+ and Apache 2.0 will serve almost 1200 rps on my system).
+ [Bill Stoddard]
+
+ *) Merge mod_mmap_static function into mod_file_cache. mod_file_cache
+ supports two config directives, mmapfile (same behavious as
+ mod_mmap_static) and cachefile. Use the cachefile directive
+ to cache open file handles. This directive only works on systems
+ that have implemented the ap_sendfile API. cachefile works today
+ on Windows NT, but has not been tested on any flavors of Unix.
+ [Bill Stoddard]
+
+ *) Cleanup the configuration. With the last few changes the
+ configuration process automatically:
+ inherits information about how to build from APR. Allowing
+ APR to inform Apache that it should or should not use -ldl
+
+ Detects which mod_cgi should be used mod_cgi or mod_cgid,
+ based on the threading model
+
+ Apache calls APR's configure process before finishing it's
+ configuration processing, allowing for more information flow
+ between the two.
+ [Ryan Bloom]
+
+
+ *) Change Unix and Win32 ap_setsockopt() so that APR_SO_NONBLOCK
+ with non-zero argument makes the socket non-blocking. BeOS and
+ OS/2 already worked this way. [Jeff Trawick]
+
+ *) ap_close() now calls ap_flush() for buffered files, so write
+ operations work a whole lot better on buffered files.
+ [Jeff Trawick]
+
+ *) Fix error messages issued from MPMs which explain where to change
+ compiled-in limits (e.g., ThreadsPerChild, MaxClients, StartTreads).
+ [Greg Ames]
+
+ *) ap_create_pipe() now leaves pipes in blocking state. (This helps
+ reduce the number of syscalls on Unix.) ap_set_pipe_timeout() is
+ now the way that the blocking state of a pipe is manipulated.
+ ap_block_pipe() is gone. [Jeff Trawick]
+
+ *) Correct the problem where the only local host name that the IP stack
+ can discover are 'undotted' private names. If no fully qualified
+ domain name can be identified, the default ServerName will be set to
+ the machine's IP address string. A warning is always provided if the
+ ServerName not specified, but assumed. Solves PR6215 [William Rowe]
+
+ *) Repair problems with config file processing which caused segfault
+ at init when virtual hosts were defined and which caused ServerName to
+ be ignored when there was no valid DNS setup. [Jeff Trawick]
+
+ *) Removed pointless ap_is_aborted macro function. [Roy Fielding]
+
+ *) Add ap_sendfile implementation for AIX
+ [Victor J. Orlikowski]
+
+ *) Repair C++ compatibility in ap_config.h, apr_file_io.h,
+ apr_network_io.h, and apr_thread_proc.h.
+ [Tyler J. Brooks <tylerjbrooks@home.com>, Jeff Trawick]
+
+ *) Bring the allocation and pool debugging code back into a working
+ state. This will need to be tested as so far it's only been used on
+ BeOS. [David Reid]
+
+ *) Change configuration command setup to be properly typesafe when in
+ maintainer mode. Note that this requires a compiler that can initialise
+ unions. [Ben Laurie]
+
+ *) Turn on buffering for config file reads. Part of this was to
+ repair buffered I/O support in Unix and implement buffered
+ ap_fgets() for all platforms. [Brian Havard, Jeff Trawick]
+
+ *) Win32: Fix problem where UTC offset was not being set correctly
+ in the access log. Problem reported on news group by Jerry Baker.
+ [Bill Stoddard]
+
+ *) Fix segfault when reporting this type of syntax error:
+ "</container> without matching <container> section", where
+ container is VirtualHost or Directory or whatever.
+ [Jeff Trawick]
+
+ *) Prevent the source code for CGIs from being revealed when using
+ mod_vhost_alias and the CGI directory is under the document root
+ and a user makes a request like http://www.example.com//cgi-bin/cgi
+ as reported in <news:960999105.344321@ernani.logica.co.uk>
+ [Tony Finch]
+
+ *) Add support for the new Beos NetwOrking Environment (BONE)
+ [David Reid]
+
+ *) xlate: ap_xlate_conv_buffer() now tells the caller when the
+ final input char is incomplete; ap_bwrite_xlate() now handles
+ incomplete final input chars. [Jeff Trawick]
+
+ *) Yet another update to saferead/halfduplex stuff -- need to ensure
+ that a bhalfduplex call occurs before logging or else DNS and
+ such can delay the last packet of the response. [Dean Gaudet]
+
+ *) Some syscall reduction in APR on unix -- don't seek when setting
+ up an mmap; and don't fcntl() more than once per socket.
+ [Dean Gaudet]
+
+ *) When mod_cgid is started as root, the cgi daemon now switches
+ to the configured User/Group (like other httpd processes)
+ instead of continuing as root. [Jeff Trawick]
+
+ *) The prefork MPM now uses an APR lock for the accept() mutex.
+ It has not been getting a lock at all recently. httpd -V now
+ displays APR's selection of the lock mechanism instead of the
+ symbols previously respected by prefork. [Jeff Trawick]
+
+ *) Change the mmap() feature test to check only for existence.
+ The previous check required features not used by Apache.
+ [Greg Ames]
+
+ *) Fix a couple of bugs in mod_cgid: The cgi arguments were
+ sometimes mangled. The len parm to accept() was not
+ initialized, leading sometimes to an endless loop of failed
+ accept() calls on OS/390 and anywhere else that failed the call
+ if the len was negative. Use <sys/un.h> for struct sockaddr_un
+ instead of declaring it ourselves to fix a compilation problem
+ on Solaris. [Jeff Trawick]
+
+ *) Add Resource limiting code back into Apache 2.0. [Ryan Bloom]
+
+ *) Fix zombie process problem with mod_cgi. [Jeff Trawick]
+
+ *) Port mod_mmap_static to 2.0. Make it go faster. [Greg Ames]
+
+ *) Fix storage overlay when loading dsos. Symptom: Apache dies at
+ initialization if ALLOC_DEBUG is defined; no known symptom
+ otherwise. [Jeff Trawick]
+
+ *) Fix typo in configure script when checking for mod_so. bash
+ doesn't seem to have a problem but /bin/sh on Solaris does.
+ Symptom: "./configure: test: unknown operator =="
+ [Jeff Trawick]
+
+ *) Rebind the Win32 NT and 9x services control into the MPM.
+ All console, WinNT SCM and Win9x pseudo-service control code is
+ now wrapped within the WinNT MPM.
+ [William Rowe]
+
+ *) Make a copy of getenv("PATH") before storing for later use. Some
+ getenv() implementations use the same storage for successive calls.
+ CGIs on OS/390 had a bad PATH due to this. [Jeff Trawick]
+
+ *) Server Tokens work in 2.0 again. This also propogates the change
+ to allow just the product name in the server string using
+ PRODUCT_ONLY.
+ [Ryan Bloom]
+
+Changes with Apache 2.0a4
+
+ *) EBCDIC: Rearrange calls to ap_checkconv() so that most handlers
+ won't need to call it. [Greg Ames, Jeff Trawick]
+
+ *) Move pre_config hook call to between configuration read and config
+ tree walk. This allows all modules to implement pre_config hooks
+ and know that they will be called at an appropriate time.
+ [Ryan Bloom]
+
+ *) mod_cgi, mod_cgid: Make ScriptLog directive work again.
+ [Jeff Trawick]
+
+ *) Add pre-config hooks back to all modules.
+ [Ryan Bloom]
+
+ *) Fix a SIGSEGV in ap_md5digest(), which is used when you have
+ ContentDigest enabled and we can't/don't mmap the file.
+ [Jeff Trawick]
+
+ *) We now report the correct line number for syntax errors in config
+ files. [Ryan Bloom, Greg Stein, Jeff Trawick]
+
+ *) Brought mod_auth_digest up to synch with 1.3, fixed ap_time_t-
+ related bugs, and changed shmem/locking to use apr API. Shared-mem
+ is currently disabled, however, because of problems with graceful
+ restarts. [Ronald Tschalär]
+
+ *) Fix corruption of IFS variable in --with-module= handling.
+ Depending on the user's shell or customization thereof, there
+ would be errors generating ap_config_auto.h later in the configure
+ procedure. [Jeff Trawick]
+
+ *) mod_cgi: Restore logging of stderr from child process when ScriptLog
+ isn't used (as in 1.3), except that on Unix it is now logged via
+ ap_log_rerror() instead of by the child having STDERR_FILENO refer
+ to the error log. [Greg Ames, Jeff Trawick]
+
+ *) Add '-D' argument processing for run time configuration defines.
+ [William Rowe]
+
+ *) Organize http_main.c as independent code, such that no code or
+ global data is exported from it. WIN32 will dynamically link it
+ to the server core, so this will prevent mutual dependency.
+ [William Rowe]
+
+ *) Add separate dynamic linkage tags APR_EXPORT(), APR_EXPORT_NONSTD()
+ and APR_VAR_EXPORT to correctly resolve apr functions and globals.
+ [William Rowe]
+
+ *) Add Win9x service execution and Ctrl+C/Ctrl+Break/Shutdown handlers.
+ [William Rowe, Jan Just Keijser <KEIJSERJJ@logica.com>]
+
+ *) Add mod_charset_lite for configuring character set translation.
+ [Jeff Trawick]
+
+ *) Add '-n' option to htpasswd to make it print its user:pw record
+ on stdout rather than having to frob a text file. [Ken Coar]
+
+ *) Fix saferead. Basically, we flush the output buffer if a read on the
+ input will block.
+ [Ryan Bloom]
+
+ *) APR: Add ap_xlate_get_sb() so that an app can find out whether or not
+ a conversion is single-byte only. [Jeff Trawick]
+
+ *) BEOS: ap_shutdown should return APR_SUCCESS or errno. Note that
+ the BeOS 5.0 documentation says that shutdown doesn't work yet.
+ [Roy Fielding]
+
+ *) Fix some minor errors where pid was being manipulated as an int
+ instead of the portable pid_t. [Roy Fielding]
+
+ *) Fix some error log prints that were printing the pointer to a
+ structure rather than the pid within the structure.
+ [Jeff Trawick, Roy Fielding]
+
+ *) ab: Fix a command-line processing bug; track bad headers in
+ err_response; support reading headers up to 2K.
+ [Ask Bjoern Hansen <ask@valueclick.com>]
+
+ *) Fix ap_resolve_env() so that it handles new function added in a prior
+ alpha (see "Added the capability to do ${ENVVAR} constructs in the
+ config file.") as well as the constructs used by mod_rewrite.
+ [Paul Reder <rederpj@raleigh.ibm.com>]
+
+ *) Apache 2.0 builds and runs on OS/390. [Jeff Trawick, Greg Ames]
+
+ *) Change the EBCDIC support in functions for MD5, SHA1, and base 64 to use
+ APR to perform translation, instead of accessing the hard-coded tables
+ in 1.3's ebcdic.c. [Jeff Trawick]
+
+ *) Fix some bugs (mostly lost 1.3 code) in ab's command-line processing.
+ [Jeff Trawick]
+
+ *) Add the ability to hook into the config file reading phase. Basically
+ if a directive is specified EXEC_ON_READ, then when that directive is
+ read from the config file, the assocaited function is executed. This
+ should only be used for those directives that must muck with HOW the
+ server INTERPRETS the config. This should not be used for directives
+ that re-order or replace items in the config tree. Those changes should
+ be made in the pre-config step.
+ [Ryan Bloom]
+
+ *) Add mod_example to the build system.
+ [Tony Finch]
+
+ *) APR: Add ap_xlate_conv_byte() to convert one char between single-
+ byte character sets. [Jeff Trawick]
+
+ *) Pick up various EBCDIC fixes from 1.3 (from Martin
+ Kraemer and Oliver Reh originally according to the change log).
+ [Jeff Trawick]
+
+ *) Fix a couple of problems in RFC1413 support (controlled by the
+ IdentityCheck directive). Apache did not build the request string
+ properly and more importantly Apache would loop forever if the
+ would-be ident server dropped the connection before sending a
+ properly terminated response. [Jeff Trawick]
+
+ *) apxs works in 2.0.
+ [Ryan Bloom]
+
+ *) Reliable piped logs work in 2.0.
+ [Ryan Bloom]
+
+ *) Introduce a hash table implementation into APR to be used for
+ replacing tables and other random data structures in Apache.
+ [Tony Finch]
+
+ *) Add some more error reporting to htpasswd in the case of problems
+ generating or accessing the temporary file. Also, pass in a
+ buffer if the implementation knows how to use it (i.e., if L_tmpnam
+ is defined). [Ken Coar]
+
+ *) Configure creates config.nice now containing your configure
+ options. Syntax: ./config.nice [--more-options]
+ [Sascha Schumann]
+
+ *) Fix various return code problems in APR on Win32. For most of
+ these, APR was returning APR_EEXIST instead of GetLastError()/
+ WSAGetLastError(). [Jeff Trawick]
+
+ *) Make piped logs work again in version 2.0
+ [Ryan Bloom]
+
+ *) Add VPATH support to UNIX build system of Apache and APR.
+ [Sascha Schumann]
+
+ *) Fix ap_tokenize_to_argv to respect the const arguments that are
+ passed to it.
+ [Ryan Bloom]
+
+ *) Fix mm's memcpy/memset macros, pointer arithmetic was broken.
+ Patch submitted to author.
+ [Sascha Schumann]
+
+ *) Fix mm configuration on Solaris 8 x86 and OS/390. Don't require
+ /sbin in PATH on FreeBSD (all submitted to rse previously)
+ [Jeff Trawick]
+
+ *) Fix building Pthread-based MPMs on OpenBSD
+ [Sascha Schumann] PR#26
+
+ *) Fix ap_readdir() problem on systems where d_name[] field in
+ struct dirent is declared with only one byte. (This problem only
+ affected multithreaded builds.) This caused a segfault during
+ pool cleanup with mod_autoindex on Solaris (Solaris 8 x86, at
+ least). [Jeff Trawick]
+
+ *) Fix some make-portability problems on at least Tru64, Irix
+ and UnixWare.
+ [Sascha Schumann] PR#18, PR#39
+
+ *) Add ap_sigwait() to support old-style sigwait() on systems
+ like OS/390 and UnixWare.
+ [Sascha Schumann]
+
+ *) Add POSIX-thread flags for more platforms.
+ [Sascha Schumann]
+
+ *) Fix some minor bugs in ap_strerror(). Teach ap_strerror()
+ (on Unix, at least) to handle resolver errors. Fix a bug in
+ the definition of APR_ENOMEM so that ap_strerror() can spit
+ out the correct error message for it.
+ [Jeff Trawick]
+
+Changes with Apache 2.0a3
+
+ *) mod_so reports ap_os_dso_error() if ap_dso_load() fails
+ [Doug MacEachern]
+
+ *) API: *HOOK* macros now have an AP_ prefix
+ [Doug MacEachern]
+
+ *) Win32: Eliminate redundant calls to initialize winsock.
+ [Tim Costello <timcostello@ozemail.com.au>]
+
+ *) Fix bugs initializing ungetchar for pipes.
+ [Chia-liang Kao <clkao@CirX.ORG>]
+
+ *) The ab program in the src/support directory is now portable using
+ APR.
+ [Ryan Bloom]
+
+ *) Support directory is being compiled when the server is built
+ [Ryan Bloom]
+
+ *) The configure option --with-program-name has been added to allow
+ developers to rename the executable at configure time. This also
+ changes the name of the config files to match the executable's name.
+ [Ryan Bloom]
+
+ *) mod_autoindex: Add `IndexOptions +VersionSort', to nicely sort filenames
+ containing version numbers. [Martin Pool]
+
+ *) ap_open(..,APR_OS_DEFAULT,..) uses perms 0666 instead of 0777 on
+ Unix; access_log and error_log now created with these perms; non-
+ Unix is unaffected [Jeff Trawick]
+
+ *) Finished move of ap_md5 routines to apr_md5. Removed ap_md5.h.
+ Replaced more magic numbers with MD5_DIGESTSIZE.
+ [William Rowe, Roy Fielding]
+
+ *) Win32: Get mod_auth_digest compiling and added to the Windows
+ build environment. Not tested and I'd be suprised if it
+ actually works. [Bill Stoddard]
+
+ *) Revamp the Win32 make environment. Makefiles have been removed and
+ Apache.dsw created to bring together all the pieces. Create new file
+ os/win32/BaseAddr.ref to define module base addresses (to prevent
+ dll relocation at start-up).
+ [William Rowe, Greg Marr, Tim Costello, Bill Stoddard]
+
+ *) [EBCDIC] Port Paul Gilmartin's CRLF patch from 1.3. This replaces most
+ of the \015, \012, and \015\012 constants with macros.
+ [Greg Ames <gregames@us.ibm.com>]
+
+ *) Add ap_xlate_open() et al for translation of text between different
+ character sets. The initial implementation requires iconv().
+ [Jeff Trawick]
+
+ *) More FAQs and answers from comp.infosystems.www.servers.unix.
+ [Joshua Slive <slive@finance.commerce.ubc.ca>]
+
+ *) CGI output is being timed out now.
+ [Ryan Bloom]
+
+ *) Fix the problem with dieing quietly. dupfile now takes a pool which
+ is used by the new apr file. There is no reason to create a new file
+ with the same lifetime as the original file.
+ [Ryan Bloom]
+
+ *) Win32: Attempt to eliminate dll relocation at start-up by specifying
+ module base addresses. This will help shooting seg faults
+ in the field. [William Rowe <wrowe@lnd.com>]
+
+ *) Update Apache on Windows documentation. Add new document
+ describing how to compile Apache on Windows.
+ [William Rowe <wrowe@lnd.com>]
+
+ *) ap_set_pipe_timeout(), ap_poll(), and APR_SO_TIMEOUT now take
+ microseconds instead of seconds. Some storage leaks and other
+ minor bugs in related code were fixed. [Jeff Trawick]
+
+ *) Win32: First cut at getting mod_isapi working under 2.0
+ [William Rowe <wrowe@lnd.com>]
+
+ *) First stab at getting mod_auth_digest working under 2.0
+ quick change summary:
+ - moved the random byte generation (ap_generate_random_bytes) into APR
+ - now uses ap_time_t
+ - compiles and runs on linux
+ - tested with amaya
+ [Brian Martin <bmartin@penguincomputing.com>]
+
+ *) Win32: Move the space stripping of physical service names
+ fix up from Apache 1.3. #include'ing "ap_mpm.h" fixes up an
+ unresolved symbol. Add dependency checking to the
+ CreateService call to ensure TCPIP and AFP (winsock) is started
+ before Apache.
+ [William Rowe <wrowe@lnd.com>]
+
+ *) Win32: Add code to perform latebinding on functions that may
+ not exist on all levels of Windows where Apache runs. This
+ is needed to allow Apache to start-up on Win95/98. All calls
+ to non portable functions should be protected with
+ ap_oslevel checks to prevent runtime segfaults.
+ [William Rowe <wrowe@lnd.com>]
+
+ *) Fix fallback default values for SHM_R and SHM_W [Martin Kraemer]
+
+ *) Get lingering_close() working again. [Dean Gaudet, Jeff Trawick]
+
+ *) Win32: Get non-blocking CGI pipe reads working under Windows NT.
+ This addresses PR 1623. Still need to address timing out runaway
+ CGI scripts. [Bill Stoddard]
+
+ *) Win32: Make ap_stat Windows 95/98 friendly
+ [William Rowe <wrowe@lnd.com>]
+
+ *) Win32: Fix a bug in ap_get_oslevel which causes GetVersionEx() to
+ always fail. Need to initialise the dwOSVersionInfoSize member of the
+ OSVERSIONINFO struct before calling GetVersionEx, so GetVersionEx
+ always fails.
+
+ The patch also enhances ap_get_oslevel (and the associated enum) to
+ handle selected service packs for NT4, and adds recognition for
+ Windows 2000. This is useful, eg. if we can recognise NT4 SP2 then
+ we can use ReadFileScatter and WriteFileGather in readwrite.c.
+ [Tim Costello <Tim.Costello@BTFinancialgroup.com>]
+
+ *) Get mod_rewrite building and running, and mod_status building for Win NT
+ [Allan Edwards <ake@raleigh.ibm.com>]
+
+ *) Patch to port mod_auth_db to the 2.0 api and also to support
+ Berlekey DB 3.0. It works for me with both Berkeley DB 3.0.55 and
+ 2.7.7. It should work with version 1 as well but I haven't tested it.
+ [Brian Martin <bmartin@penguincomputing.com>]
+
+ *) Get APR DSO code working under Windows. Includes cross platform
+ fixes to mod_so.c.
+ [Tim.Costello@BTFinancialgroup.com]
+
+ *) Fix some of the Windows APR time functions.
+ [William Rowe]
+
+ *) FAQ changes related to tidying up historical documents on the web site.
+ [Joshua Slive <slive@finance.commerce.ubc.ca>]
+
+ *) Move Windows DSO code into APR.
+ [Bill Stoddard]
+
+ *) Eliminate apr_win.h and apr_winconfig.h (and the ugly #ifdefs they cause).
+ Now, apr.h and apr_config.h are generated from apr.hw and apr_config.hw
+ at build time. At this point, the server will not compile on Windows because
+ of the recent DSO commits. Fixing those next.
+ [Bill Rowe & Bill Stoddard]
+
+ *) Added error checking for file I/O APR routines.
+ [Jon Travis <jtravis@covalent.net>]
+
+ *) APR: Don't use the values of resolver error codes for the
+ corresponding APR error codes. On Unix and Win32, return the
+ proper APR error code after a resolver error. [Jeff Trawick]
+
+Changes with Apache 2.0a2
+
+ *) Renamed the executable back to httpd on all platforms other
+ than Win32
+ [Ryan Bloom]
+
+ *) Allow BeOS to survive restarts, log properly and a few
+ small things it had problems with due to the way it setup
+ users and groups. [David Reid]
+
+ *) Get mod_rewrite working with APR locks
+ [Paul Reder <rederpj@raleigh.ibm.com>]
+
+ *) Actually remove the sempahore when the lock cleanup routine
+ is called on BeOS. [David Reid]
+
+ *) Clear hook registrations between reads of the config file.
+ When DSOs are unloaded and re-loaded the old hook pointers may
+ no longer be valid. This fix eliminates potential segfaults.
+ [Allan Edwards <ake@raleigh.ibm.com>]
+
+ *) Fix a problem with Sigfunc not being defined or bypassed
+ if sigaction() wasn't found. [Jim Jagielski]
+
+ *) Fix the locking mechanism on BSD variants. They now use fcntl
+ locks. This allows the server to start and serve pages.
+ [Ryan Bloom]
+
+ *) First cut at getting the Win32 installer to work
+ [William Rowe <wrowe@lnd.com>]
+
+ *) Get htpasswd compiling under Windows
+ [William Rowe <wrowe@lnd.com>]
+
+ *) Change the log message for a bind() failure to show the
+ interface and port number. [Jeff Trawick]
+
+ *) Import the documentation from 1.3.12 and bring parts of it
+ up-to-date with respect to the changes that have occurred
+ in 2.0.
+ [Tony Finch]
+
+ *) BeOS MPM updated. CGI bug on BeOS fixed. IP addresses
+ now logged correctly on BeOS.
+ [David Reid]
+
+ *) Create one makefile for all Win32 distributions (NT/2000/95/98).
+ Makefile.win includes the same user interface as the old
+ Makefile.nt
+ [William Rowe <wrowe@lnd.com>, Jeff Trawick <trawick@us.ibm.com>]
+
+ *) Win32 exec now uses COMSPEC environment string for command
+ shell path resolution.
+ [William Rowe <wrowe@lnd.com>] PR#3715
+
+ *) Win32: ap_connect() was not returning correct error condition
+ PR5866
+ [Allen Prescott <allen@clanprescott.com>]
+
+ *) Win32: ap_open() was broken on Win9x because an NT-specific
+ flag was passed to CreateFile. ap_puts() added an unnecessary
+ '\n'.
+ [Jeff Trawick <trawick@us.ibm.com>]
+
+ *) Put in Korean and Norwegian index.html pages (2.0 and 1.3)
+ which where donated by Lee Kuk Hyun and Lorant Czaran. 'Fixed'
+ confusing ee/et name and made all extensions language/dialect
+ rather than country reflecting. Changed example files to
+ explicit reflect the ISO charset and added a few common
+ ones to the example config [dirkx]
+
+ *) Extend external module capability. To use this, you call
+ configure with --with-module=path/to/mod1,path/to/mod2,etc.
+ [Ryan Bloom]
+
+ *) Backported the various "default charset" fixes from 1.3.12,
+ including the AddDefaultCharset directive. [Jim Jagielski]
+
+ *) Added the capability to do ${ENVVAR} constructs in the
+ config file. E.g. 'ServerAdmin ${POSTMASTER}'. As commited
+ it does this on a line by line basis; i.e. if the envvar
+ expands to something with spaces you have to protect it
+ by adding quotes around it (Unless of course you expect it
+ to contains more than one argument. Alternatively you
+ can compile it on a per token basis; which is what people
+ usually expect by setting RESOLVE_ENV_PER_TOKEN. But this
+ hampers fancier hacks.
+ [Dirk-Willem van Gulik]
+
+ *) Changed the 'ErrorDocument' syntax in that it NO longer
+ supports the asymetric
+
+ ErrorDocument 301 "Some message
+
+ Note the opening " quote, without a closing quote. It now
+ has either the following syntaxes
+
+ ErrorDocument XXX /local/uri
+ ErrorDocument XXX http://valid/url
+ ErrorDocument XXX "Some Message"
+
+ The recognition heuristic is: if it has a space it
+ is a message. If it has no spaces and starts with a /
+ or is a valid URL then treat it that way. Otherwise it
+ is assumed to be a message.
+
+ This breaks backward compatibility but makes live a hell
+ of a lot easier for GUI's and config file parsers.
+ [Dirk-Willem van Gulik]
+
+ *) Changed 'CacheNegotiatedDocs' from its present/not-present
+ syntax into a 'on' or 'off' syntax. As it currently is the
+ only non nesting token which uses NO_ARGS and thus is an
+ absolute pain for any config interface automation. This
+ breaks backward compatibility. [Dirk-Willem van Gulik]
+
+ *) Add ability to add external modules to the build process. This is
+ done with --with-module=/path/to/module. Modules can only be added
+ as static modules at this point.
+ [Ryan Bloom]
+
+Changes with Apache 2.0a1
+
+ *) Fix FreeBSD 3.3 core dump.
+ Basically, ap_initialize() needs to get called before
+ create_process(), since create_process() passes op_on structure
+ to semop() to get a lock, but op_on isn't initialized until
+ ap_initialize() calls setup_lock(). Here is a slight
+ rearrangement to main() which calls ap_initialize() earlier...
+ [Jeff Trawick <trawick@us.ibm.com>]
+
+ *) Enable Apache to use sendfile/TransmitFile API
+ [Bill Stoddard, David Reid, Paul Reder]
+
+ *) Re-Implement Win32 APR network I/O APIs and most of the file I/O
+ APIs.
+ [Bill Stoddard]
+
+ *) Make file I/O and network I/O writev/sendv APIs consistent.
+ Eliminate use of ap_iovec_t and use Posix struct iovec.
+ Use seperate variable on ap_writev to set the number of iovecs
+ passed in and number of bytes written.
+ [Bill Stoddard]
+
+ *) Adapt file iol to use APR functions. Replaced ap_open_file()
+ with ap_create_file_iol(). ap_create_file_iol() requires that
+ the file be opened prior to the call using ap_open().
+ [Bill Stoddard]
+
+ *) Port mod_include and mod_cgi to 2.0
+ [Paul Reder, Bill Stoddard]
+
+ *) ap_send{,v}, ap_recv, ap_sendfile API clarification --
+ bytes_read/bytes_written is always valid (never -1). Plus
+ some fixes to buff.c to correct problems introduced by the
+ errno => ap_status_t changes a while back. Plus a fix to
+ chunked encoding introduced right at the beginning of 2.0.
+ [Dean Gaudet]
+
+ *) Revamped UNIX build system to use autoconf and libtool.
+ [Manoj Kasichainula, Sascha Schumann]
+
+ *) port mod_rewrite to 2.0. [Paul J. Reder <rederpj@raleigh.ibm.com>]
+
+ *) More rigorous checking of Host: headers to fix security problems
+ with mass name-based virtual hosting (whether using mod_rewrite
+ or mod_vhost_alias).
+ [Ben Hyde, Tony Finch]
+
+ *) Add back support for UseCanonicalName in <Directory> containers.
+ [Manoj Kasichainula]
+
+ *) Added APLOG_STARTUP log type. This allows us to write an error
+ message without any of the date and time information. As a part
+ of this change, I also removed all of the calls to fprintf(stderr
+ and replaced them with calls to ap_log_error using APLOG_STARTUP
+ writing to stderr is no longer portable, because we don't direct
+ stderr to the error log on all platforms.
+ [Ryan Bloom]
+
+ *) Convert error logging functions to take errno as an argument.
+ This makes our error logs more portable, because some Windows API's
+ don't set errno. This change allows us to still output a valid
+ message on all of our platforms.
+ [Ryan Bloom]
+
+ *) mod_mime_magic runs in 2.0-dev now.
+ [Paul Reder <rederpj@raleigh.ibm.com>]
+
+ *) sendfile has been added to APR.
+ [John Zedlewski <zedlwski@Princeton.EDU>]
+
+ *) buff.c has been converted to no longer use errno.
+ [Manoj Kasichainula]
+
+ *) mod_speling runs in 2.0-dev now: a bug in readdir_r handling and
+ interface adaption to APR functions did it. [Martin Kraemer]
+
+ *) Support DSOs properly on 32-bit HP-UX 11.0
+ [Dilip Khandekar <dilip@cup.hp.com>]
+
+ *) Updated MM in APR source tree from version 1.0.8 to 1.0.11
+ [Ralf S. Engelschall]
+
+ *) Cleaned APR build environment integration and bootstrap APR
+ automatically for developers from src/Configure.
+ [Ralf S. Engelschall]
+
+ *) Fixed building of src/support/htpasswd.c
+ [Ralf S. Engelschall]
+
+ *) When generating the Location: header, mod_speling forgot
+ to escape the spelling-fixed uri. (Forw-Port from 1.3)
+ [Martin Kraemer]
+
+ *) Moved mod_auth_digest.c from experimental to standard. [Roy Fielding]
+
+ *) Change all pools to APR contexts. This is the first step to
+ incorporating APR into Apache. [Ryan Bloom]
+
+ *) Move "handler not found" warning message to below the check
+ for a wildcard handler. [Dirk <dirkm@teleport.com>, Roy Fielding]
+ PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807
+
+ *) Support line-continuation feature in config.option file and
+ allow the loading of multiple option sections at once via
+ ``--with-option=<section1>,<section2>,...''
+ [Ralf S. Engelschall]
+
+ *) Rebuilt CVS repository with Apache 1.3.9 as basis. [Roy Fielding]
+
+Changes with Apache MPM
+
+ *) Use asynchronous AcceptEx() and a completion port to accept and
+ dispatch connections to threads in Windows NT/2000.
+ [Bill Stoddard]
+
+ *) Implement WINNT Win32 MPM from original Win32 code in http_main.c
+ [Bill Stoddard]
+
+ *) Implement the APACI --with-option facility
+ (per default used the config.option file).
+ [Ralf S. Engelschall]
+
+ *) MPM BEOS port. [David Reid <abb37@dial.pipex.com>]
+
+ *) Start to implement module-defined hooks that are a) fast and b) typesafe.
+ Replace pre_connection module call with a register_hook call and
+ implement pre_connection as a hook. The intent is that these hooks will
+ be extended to allow Apache to be multi-protocol, and also to allow the
+ calling order to be specified on a per-hook/per-module basis.
+ [Ben Laurie]
+
+ *) Implement mpm_* methods as "modules". Each method gets its own
+ subdir in src/modules (eg: src/modules/prefork). Selection
+ of method uses Rule MPM_METHOD. [Jim Jagielski]
+
+ *) Port the hybrid server from the apache-apr repository as
+ mpm_mpmt_pthread. [Manoj Kasichainula]
+
+ *) os/unix/unixd.[ch]: detach, setuid, setgid, stuff which will be common
+ amongst the unix MPMs.
+
+ *) mpm_prefork: throw away all the alarm/timeout crud; and clean up the
+ signal handling for the new world order. [Dean Gaudet]
+
+ *) Crude ap_thread_mutex abstraction so that we get the pthread stuff out
+ of alloc.c for now. [Dean Gaudet]
+
+ *) Handle partial large writes correctly. [Ben Laurie]
+
+ *) Eliminate conn_rec's pointer to server. All it knows is the base server
+ based on IP/port. [Ben Laurie]
+
+ *) Port a bunch of modules to the new module structure.
+ ["Michael H. Voase" <mvoase@midcoast.com.au>]
+
+ *) I/O layering and BUFF revamp. See docs/buff.txt. [Dean Gaudet]
+
+ *) Basic restructuring to introduce the MPM concept; includes various
+ changes to the module API... better described by
+ docs/initial_blurb.txt. [Dean Gaudet]
+
+Changes with Apache pthreads
+
+ *) New buff option added: BO_TIMEOUT. It describes the timeout for
+ buff operations (generally over a network).
+ [Dean Gaudet, Ryan Bloom, Manoj Kasichainula]
+
+ *) Created http_accept abstraction. Added 4 new functions (not exported):
+ init_accept(), begin_accepting_requests(), get_request(),
+ stop_accepting_requests() [Bill Stoddard]
+
+ *) Fix to ap_rprintf call that allows mod_info to work properly.
+ [James Morris <jmorris@intercode.com.au>]
+
+ *) user and ap_auth_type fields were moved from connection_rec to
+ request_rec. [Ryan Bloom]
+
+ *) Removed the ap_block_alarms and ap_unblock_alarm calls. These aren't
+ needed in a threaded server.
+
+ *) Initial pthread implementation from from Dean's apache-nspr code.
+ [Bill Stoddard, Ryan Bloom]
+
+
+Changes with Apache 1.3.9
+
+ *) Remove bogus error message when a redirect doesn't set Location.
+ Instead, use an empty string to avoid coredump if the error message
+ was supposed to include a location. [Roy Fielding]
+
+ *) Don't allow configure to include mod_auth_digest unless it is
+ explicitly requested, even if the user asked for all modules.
+ [Roy Fielding]
+
+ *) Translate module names to dll names for OS/2 so that they are no more
+ than 8 characters long and have an extension of "dll" instead of "so".
+ [Brian Havard]
+
+ *) Print out pointer to Rule DEV_RANDOM when truerand lib not found.
+ Fix test-compile check to check for randbyte instead of trand32.
+ Use ap_base64encode_binary/decode instead of copy in mod_auth_digest.c
+ and tweak to make Amaya happier. [Ronald Tschalär]
+
+ *) Ensure that the installed expat include files are world readable,
+ just like the other header files. [Martin Kraemer]
+
+ *) Fixed generated AddModule adjustments in APACI's `configure' script
+ in order to allow (new) modules like mod_vhost_alias to be handled
+ correctly (which was touched by the adjustments for mod_alias).
+ [Ralf S. Engelschall]
+
+ *) For binary builds, add -R flag to apachectl to work around the lack of
+ an absolute path to the ./libexec directory where the libhttp.ep file
+ is needed for SHARED_CORE architectures. [Randy Terbush]
+
+ *) WIN32: Create the CGI script process as DETACHED. This may solve the
+ problem observed by some Win95/98 users where they get CGI script
+ output sent to the console. [Bill Stoddard]
+
+ *) Fix (re)naming in the uuencode/decode section. The ap/ap_
+ routines are now called ap_base64* and are 'plain' (i.e., no
+ pool access or anything clever). Inside util.c the routines acting
+ like pstrdup are called ap_pbase64encode() and ap_pbase64decode().
+ The oddly named ap_uuencode(), ap_uudecode() are kept around for
+ now but deprecated. [dirkx]
+
+ *) Clean up the base64 and SHA1 additions and make sure they are
+ represented in the ApacheCore.def, ApacheCoreOS2.def, and httpd.exp
+ files. [Roy Fielding]
+
+ *) WIN32: Migrate to InstallShield 5.5 and provide a bit more error
+ checking. Allow compiling on VS 6.0. [Randy Terbush]
+
+ *) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch]
+
+ *) Use TestCompile to search for the truerand library (rather than blindly
+ assuming its existence). If it is not found, complain (but do not
+ exit - yet). [Martin Kraemer]
+
+ *) We forgot to add the new exported function names to
+ src/support/httpd.exp. [Bill Stoddard, Randy Terbush]
+
+ *) Add description of -T command-line option to usage().
+ [Ralf S. Engelschall]
+
+ *) For "some" platforms (notably, EBCDIC based ones), libos needs to be
+ searched only AFTER libap has been searched, because libap needs
+ some symbols from libos. [Martin Kraemer]
+
+ *) Fix conflict with original mod_digest related to the symbol of the
+ module dispatch list (which has to be unique for DSO and follow the
+ usual conventions for the installation procedure).
+ [Ralf S. Engelschall]
+
+ *) Add a dbm-library check for the "usual places" (-ldbm, -lndbm, -ldb)
+ for other platforms as well. [Martin Kraemer]
+
+ *) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG
+ types by AP_LONG and replace reference to renamed variable 'ubuf'
+ by 'buffer'. [Martin Kraemer]
+
+Changes with Apache 1.3.8 [not released]
+
+ *) Flush the output buffer immediately after sending an error or redirect
+ response, since the result may be needed by the client to abort a
+ long data transfer or restart a series of pipelined requests.
+ [Tom Vaughan <tvaughan@aventail.com>, Roy Fielding]
+
+ *) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx.
+ [Ian Turner <iant@sequent.com>] PR#4735
+
+ *) Local struct mmap in http_core.c conflicted with system structure
+ name on DYNIX -- changed to mmap_rec. [Roy Fielding] PR#4735
+
+ *) Added updated mod_digest as modules/experimental/mod_auth_digest.
+ [Ronald Tschalär <ronald@innovation.ch>]
+
+ *) Fix a memory leak where the module counts were getting messed
+ up across restarts. [David Harris <dharris@drh.net>]
+
+ *) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled
+ properly in mod_access.
+ ["Paul J. Reder" <rederpj@raleigh.ibm.com>] PR#4770
+
+ *) RewriteLock/RewriteMap didn't work properly with virtual hosts.
+ [Dmitry Khrustalev <dima@bog.msu.su>] PR#3874
+
+ *) PORT: Support for compaq/tandem/com.
+ [Michael Ottati <michael.ottati@compaq.com>, dirkx]
+
+ *) Added SHA1 password encryption support to easy migration from
+ Netscape servers. See support/SHA1 for more information.
+ Caused the separation of ap_md5.c into md5, sha1 and a general
+ ap_checkpass.c with just a validate_passwd routine. Added a
+ couple of flags to support/htpasswd. Some reuse of the to64()
+ function; hence renamed to ap_to64().
+ [Dirk-Willem van Gulik, Clinton Wong <clintdw@netcom.com>]
+
+ *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal
+ with ASCII/EBCDIC conversions in "ident" query.
+ [David McCreedy <McCreedy@us.ibm.com>]
+
+ *) Get rid of redefinition warning on MAC_OS_X_SERVER platform.
+ Change "Power Macintosh" to Power* so if uname prints "Power Book"
+ we're still happy on Rhapsody platforms. [Wilfredo Sanchez]
+
+ *) Fix SIGSEGV on some systems because the Vary fix below included
+ a call to table_do with a variable argument list that was not
+ NULL terminated. Replaced with better implementation. [Roy Fielding]
+
+Changes with Apache 1.3.7 [not released]
+
+ *) The "Vary" response header field is now sanitised right before
+ the header is sent back to the client. Multiple "Vary" fields
+ are combined, and duplicate tokens (e.g., "Vary: host, host" or
+ "Vary: host, negotiate, host, accept-language") are reduced to
+ single instances. This is a better solution than the force-no-vary
+ one (which is still valid for clients that can't cope with Vary
+ at all). PR#3118 [Dean Gaudet, Roy Fielding, Ken Coar]
+
+ *) Portability changes for BeOS. [David Reid abb37@dial.pipex.com]
+
+ *) Link DSO's with "gcc -shared" instead of "ld -Bshareable" at
+ least on Linux and FreeBSD for now.
+ [Rasmus Lerdorf]
+
+ *) Win32: More apache -k restart work. Restarts are now honored
+ immediately and connections in the listen queue are -not- lost.
+ This is made possible by the use of the WSADuplicateSocket()
+ call. The listeners are opened in the parent, duplicated, then
+ the duplicates are passed to the child. The original listen sockets
+ are not closed by the parent across a restart, thus the listen queue
+ is preserved.
+ [Bill Stoddard <stoddard@raleigh.ibm.com>]
+
+ *) Fix handling of case when a client has sent "Expect: 100-continue"
+ and we are going to respond with an error, but get stuck waiting to
+ discard the body in the pointless hope of preserving the connection.
+ [Roy Fielding, Joe Orton <jeo101@york.ac.uk>] PR#4499, PR#3806
+
+ *) Fix 'configure' to work correctly with SysV-based versions of
+ 'tr' (consistent with Configure's use as well). [Jim Jagielski]
+
+ *) apxs: Add "-S var=val" option which allows for override of CFG_*
+ built-in values. Add "-e" option which works like -i but doesn't
+ install the DSO; useful for editing httpd.conf with apxs. Fix
+ editing code so that multiple invocations of apxs -a will not
+ create duplicate LoadModule/AddModule entries; apxs can now be
+ used to re- enable/disable a module. [Wilfredo Sanchez]
+
+ *) Win32: Update the server to use Winsock 2. Specifically, link with
+ ws2_32.lib rather than wsock32.lib. This gives us access to
+ WSADuplcateSocket() in addition to some other enhanced comm APIs.
+ Win 95 users may need to update their TCP/IP stack to pick up
+ Winsock 2. (See http://www.microsoft.com/windows95/downloads/)
+ [Bill Stoddard stoddard@raleigh.ibm.com]
+
+ *) Win32: Redirect CGI script stderr (script debug info) into the
+ error.log when CGI scripts fail. This makes Apache on Win32
+ behave more like Unix.
+ [Bill Stoddard stoddard@raleigh.ibm.com]
+
+ *) Fixed `httpd' usage display: -D was missing.
+ [Ralf S. Engelschall] PR#4614
+
+ *) Fix `make r' test procedure in src/regex/: ap_isprint was not found.
+ [Ralf S. Engelschall] PR#4561, PR#4562
+
+ *) OS/2: Fix problem with accept lock semaphores where server would die with
+ "OS2SEM: Error 105 getting accept lock. Exiting!"
+ [Brian Havard] PR#4505
+
+ *) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms.
+ [Randy Terbush <randy@covalent.net>]
+
+ *) Add the new mass-vhost module (mod_vhost_alias.c) developed and
+ used by Demon Internet, Ltd. [Tony Finch <fanf@demon.net>]
+
+ *) Better GCC detection for DSO flags under Solaris 2 where the `cc'
+ command potentially _is_ GCC. [Ralf S. Engelschall]
+
+ *) Fix apxs build issues on AIX
+ [Rasmus Lerdorf <rasmus@raleigh.ibm.com>]
+
+ *) DocumentRoot Checking: Under previous versions, when Apache
+ first started up, it used to do a stat of each DocumentRoot to
+ see if it existed and was a directory. If not, then an error
+ message was printed. THIS HAS BEEN DISABLED. If DocumentRoot
+ does not exist, you will get error messages in error_log. If
+ the '-t' command line option is used (to check the configuration)
+ the check of DocumentRoot IS performed. An additional command
+ line option, '-T', has been added if you want to avoid the
+ DocumentRoot check even when checking the configuration.
+ [Jim Jagielski]
+
+ *) Win32: The query switch "apache -S" didn't exit after showing the
+ vhost settings. That was inconsistent with the other query functions.
+ [Bill Stoddard - Fixed by Martin on Unix in 1.3.4]
+
+ *) Win32: Changed behaviour of apache -k restart.
+ Previously, the server would drain all connections in the stack's
+ listen queue before honoring the restart. On a busy server, this
+ could take hours. Now, a restart is honored almost immediately.
+ All connections in Apache's queues are handled but connections in
+ the stack's listen queue are discarded. Restart triggered by
+ MaxRequestPerChild is unchanged.
+ [Bill Stoddard <stoddard@raleigh.ibm.com>]
+
+ *) Win32: Eliminated unnecessary call to wait_for_multiple_objects in
+ the accept loop. Good for a 5% performance boost. Cleaned up
+ parent/child process management code.
+ [Bill Stoddard <stoddard@raleigh.ibm.com>]
+
+ *) Added ceiling on file size for memory mapped files.
+ [John Giannandrea <jg@meer.net>] PR#4122
+
+ *) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which
+ has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528
+ [Henri Gomez <gomez@slib.fr>, Ralf S. Engelschall]
+
+ *) Determine AP_BYTE_ORDER for ap_config_auto.h and already
+ use this at least for Expat. [Ralf S. Engelschall]
+
+ *) Allow .module files to specify libraries with Lib:.
+ [Ben Laurie]
+
+ *) Allow SetEnvIf[NoCase] to test environment variables as well
+ as header fields and request attributes. [Ken Coar]
+
+ *) Fix mod_autoindex's handling of ScanHTMLTitles when file
+ content-types are "text/html;parameters". PR#4524 [Ken Coar]
+
+ *) Remove "mxb" support from mod_negotiation -- it was a draft feature
+ never accepted into any standard, and it opens up certain DoS
+ attacks. [Koen Holtman <Koen.Holtman@cern.ch>]
+
+ *) TestCompile updated. We can now run programs and output the
+ results during the Configure process. [ Jim Jagielski]
+
+ *) The source is now quad (long long) aware as needed. Specifically,
+ the Configure process determines the correct size of off_t and
+ *void. When the OS/platform/compiler supports quads, ap_snprintf()
+ provides for the 'q' format qualifier (if quads are not available,
+ 'q' is silently "demoted" to long). [Jim Jagielski]
+
+ *) When the username or password fed to htpasswd is too long, include the
+ size limit in the error message. Also report illegal characters
+ (currently only ':') in the username. Add the size restrictions
+ to the man page. [Ken Coar]
+
+ *) Fixed the configure --without-support option so it doesn't result in
+ an infinite loop. [Marc Slemko]
+
+ *) Piped error logs could cause a segfault if an error occured
+ during configuration after a restart.
+ [Aidan Cully <aidan@panix.com>] PR#4456
+
+ *) If a "Location" field was stored in r->err_headers_out rather
+ than r->headers_out, redirect processing wouldn't find it and
+ the server would core dump on ap_escape_html(NULL). Check both
+ tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message
+ if Location isn't set. [Doug MacEachern, Ken Coar]
+
+ *) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
+ of the Expat 1.0.2 distribution. [Greg Stein]
+
+ *) Replace regexec() calls with calls to a new API stub function
+ ap_regexec(). This solves problems with DSO modules which use the regex
+ library. [Jens-Uwe Mager <jum@helios.de>, Ralf S. Engelschall]
+
+ *) Add 'Request_Protocol' special keyword to mod_setenvif so that
+ environment variables can be set according to the protocol version
+ (e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar]
+
+ *) Add DSO support for OpenStep (Mach 4.2) platform.
+ [Ralf S. Engelschall, Rex Dieter <rdieter@math.unl.edu>] PR#3997
+
+ *) Fix sed regex for generating ap_config_auto.h in src/Configure.
+ [Jan Gallo <gallo@pvt.sk>] PR#3690, PR#4373
+
+ *) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with
+ their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372
+
+ *) Better DSO flags recognition on NetBSD platforms using ELF.
+ [Todd Vierling <tv@pobox.com>] PR#4310
+
+ *) Always log months in english format for %t in mod_log_config.
+ [Petr Lampa <lampa@fee.vutbr.cz>] PR#4366, 679
+
+ *) Support for server-parsed and multiview-determined ReadmeName and
+ HeaderName files in mod_autoindex. Removed the restriction on
+ "/"s in ReadmeName and HeaderName directives since the *sub_req*
+ routines will deal with the access issues. (It's now possible to
+ have {site|group|project|customer|...} wide readmes and headers.)
+ [Raymond S Brand <rsbx@rsbx.net>, Ken Coar] PR#1574, 3026, 3529,
+ 3569, 4256
+
+ *) When stat() fails, don't assume anything about the contents of
+ the struct stat. [Ed Korthof <ed@bitmechanic.com>]
+
+ *) It's OK for a semop to return EINTR, just loop around and try
+ again. [Dean Gaudet]
+
+ *) Fix configuration engine re-entrant hangups, which solve a
+ handful of problems seen with mod_perl <Perl> configuration sections
+ [Salvador Ortiz Garcia <sog@msg.com.mx>]
+
+ *) Mac OS and Mac OS X Server now use the appropriate custom layout
+ by default when building with APACI; allow for platform-specific
+ variable defaults in configure. [Wilfredo Sanchez]
+
+ *) Do setgid() before initgroups() in http_main; some platforms
+ zap the grouplist when setgid() is called. This was fixed in
+ suexec earlier, but the main httpd code missed the change.
+ [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2579
+
+ *) Add recognition of .tgz as a gzipped tarchive.
+ [Bertrand de Singly <bertrand.de-singly@polytechnique.fr>] PR#2364
+
+ *) mod_include's fsize/flastmod should allow only relative paths, just
+ like "include file". [Jaroslav Benkovsky <benkovsk@pha.pvt.cz>]
+
+ *) OS/2: Add support for building loadable modules using DLLs.
+ [Brian Havard]
+
+ *) Add iconsdir, htdocsdir, and cgidir to config.layout.
+ [Wilfredo Sanchez]
+
+ *) Fix minor but annoying bug with the test for Configuration.tmpl
+ being newer than Configuration so that it is less likely to fail
+ when using APACI and shadow sources. [Wilfredo Sanchez]
+
+ *) PORT: Add initial support for Mac OS (versions 10.0 and
+ greater). Use Mac OS X Server layout for now. Clean up dyld code
+ in unix/os.c, and don't install the dyld error handlers, which
+ are no longer needed in Mac OS. [Wilfredo Sanchez]
+
+ *) Rename Rhapsody layout to "Mac OS X Server". Change install
+ locations to appropriate ones for user-built (as opposed to
+ system) installs. [Wilfredo Sanchez]
+
+ *) Modify mod_autoindex's handling of AddDescription so that the
+ behaviour matches the documentation. [Ken Coar] PR#1898, 3072.
+
+ *) Add functionality to the install-bindist.sh script created by
+ binbuild.sh to use tar when copying distribution files to the
+ serverroot. This allows upgrading an existing installation
+ without nesting the new distribution in the old.
+
+ install-bindist.sh now detects the local perl5 path to install
+ apxs and dbmmanage with proper path to perl interpreter.
+
+ Add an install-binsupport target which copies the source files
+ for apxs and dbmmanage to bindist to allow these scripts to
+ be properly installed relative to the destination serverroot.
+ [Randy Terbush, Covalent Technologies, randy@covalent.net]
+
+ *) Fix intermittent SEGV in ap_proxy_cache_error() in
+ src/modules/proxy_util.c where a NULL filepointer and
+ temporary filename were closed and unlinked.
+ [Graham Leggett <minfrin@sharp.fm>,
+ Tim Costello <tjcostel@socs.uts.edu.au>] PR#3178
+
+ *) Fix inconsistent error messages reported by mod_proxy.
+ [Graham Leggett <minfrin@sharp.fm>]
+
+ *) OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a
+ connection is aborted. [Brian Havard]
+
+ *) Force the LANG envariable to the known state of "C" so that we
+ have assurance about how string manipulators (e.g., tr) will
+ function. [Ken Coar] PR#1630
+
+ *) Add a directive to allow customising of the tracking cookie name.
+ [Ken Coar] PR#2921, 4303
+
+ *) Add "force-no-vary" envariable to allow servers to work around
+ clients that choke on "Vary" fields in the response header.
+ [Ken Coar, Dmitry Khrustalev <dima@zippy.machaon.ru>] PR#4118
+
+ *) Fixed a bug in mod_dir that causes a child process will infinitely
+ recurse when it attemps to handle a request for a directory wnd the
+ value of the DirectoryIndex directive is a single dot. Also likely
+ to happen for anyother values of DirectoryIndex that will map back
+ to the same directory. The handler now only considers regular files
+ as being index candidates. No PR#s found.
+ [Raymond S Brand <rsbx@rsbx.net>]
+
+ *) Ease configuration debugging by making TestCompile fall back to
+ using "make" if the $MAKE variable is unset [Martin Kraemer]
+
+ *) Fixed the ServerSignature directive to work as documented.
+ [Raymond S Brand <rsbx@rsbx.net>] PR#4248
+
+ *) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand
+ <rsbx@rsbx.net>]
+
+ *) Add APACI --without-execstrip option which can be used to disable the
+ stripping of executables on installation. This is very important for DSO
+ and debugging situations. [Ralf S. Engelschall]
+
+ *) Add support for OS/2 (case insenstive filesystem, .exe suffix, etc)
+ to APACI files and related scripts.
+ [Yitzchak Scott-Thoennes <sthoenna@efn.org>, Ralf S. Engelschall] PR#4269
+
+ *) Add support for standalone mode in TPF
+ [Joe Moenich <moenich@us.ibm.com>]
+
+ *) Fix number of bytes copied by read_connection() in src/support/ab.c
+ [Jim Cox <jc@superlink.net>] PR#4271
+
+ *) Fix special RewriteCond "-s" pattern matching.
+ [Bob Finch <bob@nas.com>]
+
+ *) Fix value quoting in src/Configure script for ap_config_auto.h
+ [Paul Sutton <paul@awe.com>]
+
+ *) Make sure RewriteLock can be used only in the global context, (i.e.
+ outside of any <VirtualHost> sections) because it's a global facility of
+ the rewrite engine. [Ralf S. Engelschall]
+
+ *) Fix the ownership delegation for proxy directory under `make install'.
+ [Ralf S. Engelschall]
+
+ *) APACI would not correctly build suexec. [Maria Verina
+ <mariav@icgeb.trieste.it>] PR#4260
+
+ *) mod_mime_magic passed only the first 4k of a file to
+ uncompress/gzip, but those tools sometimes do not produce
+ any output unless a sufficient portion of the compressed
+ file is input. Change to pass the entire file -- but
+ only read 4k of output.
+ [Marcin Cieslak <saper@system.pl>] PR#4097
+
+ *) "IndexOptions None" generated extra spaces at the end of each
+ line. [inkling@firstnethou.com] PR#3770
+
+ *) The "100 Continue" response wasn't being sent after internal
+ redirects. [Jose KAHAN <kahan@w3.org>] PR#3910, 3806, 3575
+
+ *) When padding the name with spaces for display, mod_autoindex would
+ count &, <, and > in their escaped width, messing up the display.
+ [Dean Gaudet] PR#4075, 3758
+
+ *) PORT: fixed a compilation problem on NEXT.
+ [Jacques Distler <distler@golem.ph.utexas.edu>] PR#4130
+
+ *) r->request_time wasn't being set properly in certain error conditions.
+ [Dean Gaudet] PR#4156
+
+ *) PORT: deal with UTS compiler error in http_protocol.c
+ [Dave Dykstra <dwd@bell-labs.com>] PR#4189
+
+ *) Add ap_vrprintf() function. [John Tobey <jtobey@banta-im.com>] PR#4246
+
+ *) Fix the mod_mime hash table to work properly with locales other
+ than C. [Dean Gaudet] PR#3427
+
+ *) Fix a memory leak which is exacerbated by certain configurations.
+ [Dean Gaudet] PR#4225
+
+ *) Prevent clobbering saved IFS values in APACI. [Jim Jagielski]
+
+ *) Fix buffer overflows in ap_uuencode and ap_uudecode pointed out
+ by "Peter 'Luna' Altberg <peter@altberg.nu>" and PR#3422
+ [Peter 'Luna' Altberg <peter@altberg.nu>, Ronald Tschalär]
+
+ *) Make {Set,Unset,Pass}Env per-directory instead of per-server.
+ [Ben Laurie]
+
+ *) Correct an apparent typo: on the Windows and MPE platforms, the
+ htpasswd utility was limiting passwords to only 8 characters.
+ [Ken Coar]
+
+ *) EBCDIC platforms: David submitted patches for two bugs in the
+ MD5 digest port for EBCDIC machines:
+ a) the htdigest utility overwrote the old contents of the digest file
+ b) the Content-MD5 header value (ContentDigest directive) was wrong
+ when the returned file was not converted from EBCDIC, but was a
+ binary (e.g., image file) in the first place.
+ [David McCreedy <mccreedy@us.ibm.com>]
+
+ *) support/htpasswd now permits the password to be specified on the
+ command line with the '-b' switch. This is useful when passwords
+ need to be maintained by scripts -- particularly in the Win32
+ environment. [Ken Coar]
+
+ *) Win32: Win32 multiple services patch. Added capability to install and
+ run multiple copies of apache as individual services.
+
+ Example 1:
+ apache -n apache1 -i -f c:/httpd.conf
+ Installs apache as service 'apache1' and associates c:/httpd.conf
+ with that service.
+ net start apache1
+ Starts apache1 service.
+ net stop apache1
+ Stops apache1 service
+
+ Example 2:
+ apache -n apache2 -i
+ Installs apache as service 'apache2'. httpd.conf is located under
+ the default server root (/apache/conf/httpd.conf).
+ net start apache2
+ Starts apache2 service.
+
+ Example 3:
+ apache -n apache3 -i -d c:/program files/apache
+ Install apache as service 'apache3' and sets server root to
+ c:/program files/apache.
+
+ Example 4:
+ apache -n apache2 -k restart
+ Restart apache2 service
+
+ [Keith Wannamaker, Ken Parzygnat, Bill Stoddard]
+
+ *) Correct the signed/unsigned character handling for the MD5 routines;
+ mismatches were causing compilation problems with gcc -pedantic and
+ in the TPF cross-compilation. [Ken Coar]
+
+ *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving
+ a roughly 5 fold speed up. [Brian Havard]
+
+ *) proxy ftp: instead of using the hardwired string "text/plain" as
+ a fallback type for files served by the ftp proxy, use the
+ ap_default_type() function to determine the configured type.
+ This allows for special configurations like
+ <Directory proxy:ftp://some.host>
+ DefaultType gargle/blurb
+ </Directory>
+ Additionally, add the Content-Encoding: header to FTP proxy replies
+ when the encoding is defined (by the AddEncoding directive).
+ Because it was missing, it was almost impossible to browse compressed
+ files using the FTP proxy (works now perfectly in Communicator).
+ The ftp proxy now also returns the Date: and Server: header lines (if not
+ much else... This code is "somewhat" broken) like normal requests do.
+ [Martin Kraemer]
+
+ *) Be more smart in APACI's configure script when determining the UID/GID
+ for User/Group directives and use the determined UID/GID to initialize
+ the permissions on the proxycachedir.
+ [Dirk-Willem van Gulik, Ralf S. Engelschall]
+
+ *) Changed the forking-prior-to-cleanup in the proxy module to first
+ check wether it actually needs to collect garbage. This reduces
+ the number of fork()s from one/request to just the odd one an hour.
+ [Dirk-Willem van Gulik]
+
+ *) Added proxy, auth and header support to src/support/ab.c. Added a
+ README file to src/support/
+ [Dirk-Willem van Gulik]
+
+ *) Don't hard-code the path to AWK in --shadow bootstrapping Makefile.
+ [Ralf S. Engelschall] PR#4050
+
+ *) Add support for DSO module compilation on BSD/OS 3.x.
+ [Randy Terbush, Covalent Technologies]
+
+ *) Fix sed-substitutions in `make install': path elements like `httpd/conf'
+ (for instance from an APACI configure --sysconfdir=/etc/httpd/conf
+ option) were substituted with $(TARGET).conf, etc. Same for other strings
+ with dots where the dot wasn't matched as plain text.
+ [Ralf S. Engelschall]
+
+ *) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall]
+
+ *) Fix verbose output of APACI configure (option -v)
+ [Martin Kraemer, Ralf S. Engelschall]
+
+Changes with Apache 1.3.6
+
+ *) Removed new PassAllEnv code due to DSO problems. [Lars Eilebrecht]
+
+Changes with Apache 1.3.5 [not released]
+
+ *) M_INVALID needed a value within the scope of METHODS so that unknown
+ methods can be access controlled. [Roy Fielding] PR#3821
+
+ *) Added PassAllEnv; makes server's entire environment available
+ to CGIs and SSIs executed within directive's scope. [Ken Coar]
+
+ *) ap_uuencode() always added two trailing '='s and encoding of
+ 8 bit characters on a machine with signed char may produced
+ incorrect results. Additionally ap_uuencode() should now
+ work correctly on EBCDIC platforms.
+ [Ronald Tschalär <ronald@innovation.ch>] PR#3411
+
+ *) WIN32: Binary installer now runs the configuration DLL before
+ the reboot prompt (which is only given if MSVCRT.DLL system
+ DLL is new or updated). This should avoid the configuration
+ directory being empty after installation. [Paul Sutton]
+ PR#3767, 3800, 3827, 3850, 3900, 3953, 3988
+
+ *) WIN32: Binary installer now creates Start menu options to start
+ and stop Apache as a console application and to uninstall
+ the Apache service on NT. [Paul Sutton] PR#3741
+
+ *) WIN32: Apache.exe now contains an icon. [Paul Sutton]
+
+ *) PORT: Switch back to using fcntl() locking on Linux -- instabilities
+ have been reported with flock() locking (probably related to kernel
+ version). [Dean Gaudet] PR#2723, 3531
+
+ *) Using APACI, the main config file (usually httpd.conf) was
+ not being adjusted as $(TARGET).conf. [Wilfredo Sanchez
+ <wsanchez@apple.com>]
+
+ *) PORT: AIX does not require the SHARED_CODE "hack"
+ [Ryan Bloom <rbb@raleigh.ibm.com>]
+
+ *) Set-Cookie headers were being doubled up for some CGIs by the O(n^2)
+ avoidance code added in 1.3.3.
+ [Dean Gaudet, Jeff Lewis <lewis@stanford.edu>] PR#3872
+
+ *) ap_isxdigit was somehow neglected when adding the ap_isfoo() macros
+ for 8-bit safeness. [Dean Gaudet]
+
+ *) PORT: Use -fPIC instead of -fpic on Solaris and SunOS for compiling DSOs
+ because SPARCs have a small machine-specific maximum size for the Global
+ Offset Table which is often exceeded when compiling one of the larger
+ third-party modules with Apache. [Peter Urban <Peter.Urban@epfl.ch>] PR#3977
+
+ *) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the
+ DSO/DLL section because it's a directive from mod_status and isn't
+ available before the DLL of mod_status is loaded.
+ [Martin POESCHL <mpoeschl@gmx.net>] PR#3936
+
+ *) SECURITY: Fix a bug in the calculation of the buffer size for the line
+ continuation facility in Apache's configuration files which could
+ lead to a buffer overflow situation.
+ [Thomas Devanneaux <Thomas.Devanneaux@enst.fr>] PR#3617
+
+ *) Make documentation and error messages of APACI's --activate-module=FILE
+ option more clear. [Jan Wolter <janc@wwnet.net>] PR#3995
+
+ *) Fix the gcc version check (for enabling the `inline' facility) to
+ really support all future gcc versions >= 2.7 until we know more.
+ [John Tobey <jtobey@banta-im.com>] PR#3983
+
+ *) Let APACI's configure script correctly complain for unknown --enable-XXX
+ and --disable-XXX options. [Ralf S. Engelschall] PR#3958
+
+ *) Link the shared core bootstrap program (``Rule SHARED_CORE=yes'') also
+ against libap.a and use its ap_snprintf() instead of sprintf() to avoid
+ possible buffer overflows. [Ralf S. Engelschall]
+
+ *) Remove no longer used non-API function ap_single_module_init().
+ [Ralf S. Engelschall]
+
+ *) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout.
+ [Wilfredo Sanchez]
+
+ *) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order
+ to make platform installations easier. [Wilfredo Sanchez]
+
+ *) In configure, do not append the target name to the directory path if
+ the path already contains "apache". [Ralf S. Engelschall]
+
+ *) SIGPIPE is now ignored by the server core. The request write routines
+ (ap_rputc, ap_rputs, ap_rvputs, ap_rwrite, ap_rprintf, ap_rflush) now
+ correctly check for output errors and mark the connection as aborted.
+ Replaced many direct (unchecked) calls to ap_b* routines with the
+ analogous ap_r* calls. [Roy Fielding]
+
+ *) Enhanced mod_rewrite's mapfile handling: The in-core cache for text and
+ DBM format mapfiles now uses a 4-way hash table with LRU functionality.
+ Furthermore map lookups for non-existent keys are now cached as well.
+ Additionally "txt" maps are now parsed with simple string functions
+ instead of using ap_pregcomp(). As a side effect a bug that prevented
+ the usage of keys containing the "," character was fixed.
+ The changes drastically improve the performance when large rewrite maps
+ are in use.
+ [Michael van Elst <mlelstv@serpens.swb.de>, Lars Eilebrecht] PR#3160
+
+ *) Added ap_sub_req_method_uri() for doing a subrequest with a method
+ other than GET, and const'd the definition of method in request_rec.
+ [Greg Stein]
+
+ *) Use proper pid_t type for saving PIDs in alloc.c. [John Bley]
+
+ *) Replaced use of WIN32 define with HAVE_DRIVE_LETTERS to indicate
+ when the OS allows a DOS drive letter within pathnames. [Brian Havard]
+
+ *) Add %V to mod_log_config, this logs the hostname according to the
+ UseCanonicalName setting (this is the pre-1.3.4 behaviour of
+ %v). Useful for mass vhosting. [Tony Finch <dot@dotat.at>]
+
+ *) Add support for \n and \t to mod_log_config, can be used to produce
+ more reliable logs with multiline entries. [Tony Finch <dot@dotat.at>]
+
+ *) Fixed a few compiler nits. [John Bley <jbb6@acpub.duke.edu>]
+
+ *) Added informative error messages for failed munmap() and fseek() calls
+ in http_core.c. [John Bley, Roy Fielding]
+
+ *) Added some informative error messages for some failed malloc()
+ calls. [John Bley <jbb6@acpub.duke.edu>, Jim Jagielski]
+
+ *) OS/2 ap_os_canonical_filename()'s behaviour is improved: ap_assert()
+ is removed. This allows <Directory proxy:*> directives to work and
+ prevents invalid requests from killing the process.
+ [Brian Havard <brianh@kheldar.apana.org.au>]
+
+ *) Reorganised FAQ document.
+ [Joshua Slive <slive@finance.commerce.ubc.ca>] PR#2497
+
+ *) src/support/: The ApacheBench benchmark program was overhauled by
+ David N. Welton: you can now have it generate an HTML TABLE, presumably
+ for integration into other HTML sources. David updated the ab man page
+ as well and added some missing descriptions. Thanks!
+ [David N. Welton <davidw@prosa.it>]
+
+ *) Win32: The filename validity checker now allows filenames containing
+ characters in the range 0x80 to 0xff (for example accented characters).
+ [Paul Sutton] PR#3890
+
+ *) Added conditional logging based upon environment variables to
+ mod_log_config. mod_log_referer and mod_log_agent
+ are now deprecated. [Ken Coar]
+
+ *) Allow apache acting as a proxy server to relay the real
+ reason of a failure to a client rather than the "internal
+ server error" it does currently. The general exposure mechanism
+ can be triggered by any module by setting the "verbose-error-to"
+ note to "*"; this allows more than just proxy errors to be exposed.
+ [Cliff Skolnick, Roy Fielding, Martin Kraemer] Related to PR#3455, 4086
+
+ *) Moved man pages for ab and apachectrl to section 8.
+ [Wilfredo Sanchez, Roy Fielding]
+
+ *) Added -S option to install.sh so that options can be passed to
+ strip on some platforms. [Ralf S. Engelschall, Wilfredo Sanchez]
+
+ *) Tweak modules Makefile generated by Configure so that it handles
+ the test case of no modules being selected. [chaz@reliant.com]
+
+ *) Added a <LimitExcept method ...> sectioning directive that allows
+ the user to assign authentication control to any HTTP method that
+ is *not* given in the argument list; i.e., the logical negation
+ of the <Limit> directive. This is particularly useful for controlling
+ access on methods unknown to the Apache core, but perhaps known by
+ some module or CGI script. [Roy Fielding, Tony Finch]
+
+ *) Prevent apachectl from complaining if the PIDFILE exists but
+ does not contain a process id, as might occur if the server is
+ being rapidly restarted. [Wilfredo Sanchez]
+
+ *) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen]
+
+ *) Entity tag comparisons for If-Match and If-None-Match were not being
+ performed correctly -- weak tags might cause false positives. Also,
+ strong comparison wasn't properly enforced in all cases.
+ [Roy Fielding, Ken Coar, Dean Gaudet] PR#2065, 3657
+
+ *) OS/2: Supply OS/2 error code instead of errno on semaphore errors.
+ [Brian Havard]
+
+ *) Work around a bug in Lynx regarding its sending "Negotiate: trans"
+ even though it doesn't understand TCN. [Koen Holtman, Roy Fielding]
+
+ *) Added ap_size_list_item(), ap_get_list_item(), and ap_find_list_item()
+ to util.c for parsing an HTTP header field value to extract the next
+ list item, taking into account the possible presence of nested comments,
+ quoted-pairs, and quoted-strings. ap_get_list_item() also removes
+ insignificant whitespace and lowercases non-quoted tokens.
+ [Roy Fielding] PR#2065
+
+ *) proxy: The various calls to ap_proxyerror() can return HTTP/1.1 status
+ code different from 500. This allows the proxy to, e.g., return
+ "403 Forbidden" for ProxyBlock'ed URL's. [Martin Kraemer] Related to PR#3455
+
+ *) Fix ordering of language variants for the case where the traditional
+ negotiation algorithm is being used with multiple language variants
+ and no Accept-Language. [James Treacy <treacy@debian.org>] PR#3299, 3688
+
+ *) Do not round the TCN quality calculation to 5 decimal places,
+ unlike RFC 2296, because the calculation might need 12 decimal places
+ to get the right result. [Roy Fielding]
+
+ *) Remove unused code to disable transparent negotiation when
+ negotiating on encoding only, as we now handle encoding too
+ (though this is nonstandard for TCN), remove charset=ISO-8859-1
+ fiddle from the fiddle-averse RVSA comparison, and fix bugs in
+ some debugging statements within mod_negotiation. [Koen Holtman]
+
+ *) Fixed a rare memory corruption possibility in mod_dir if the index
+ file is negotiable and no acceptable variant can be found.
+ [Dean Gaudet, Roy Fielding, Martin Kraemer]
+
+ *) Win32: Add new config directive, ScriptInterpreterSource, to enable
+ searching the Win32 registry for script interpreters.
+ [Bill Stoddard]
+
+ *) Win32: The compiled-in default filename for the error log is now
+ error.log, which matches the default in the distributed httpd.conf.
+ [Paul Sutton]
+
+ *) Win32: Any error messages from -i or -u command line options are now
+ displayed on the console output rather than sent to the error log.
+ Also the "Running Apache..." message is not output unless Apache is
+ going to serve requests. [Paul Sutton]
+
+ *) Rework the MD5 authentication scheme to use FreeBSD's algorithm,
+ and use a private significator ('$apr1$') to mark passwords as
+ being smashed with our own algorithm. Also abstract the password
+ checking into a new ap_validate_password() routine. [Ken Coar]
+
+ *) Win32: The filename validity checker now allows "COM" but refuses
+ access to "COM1" through "COM4". This allows filenames such
+ as "com.name" to be served. [Paul Sutton] PR#3769.
+
+ *) BS2000: Adapt to the new ufork() system call interface which will
+ make subtasking easier on the OSD/POSIX mainframe environment.
+ [Martin Kraemer]
+
+ *) Add a compatibility define for escape_uri() -> ap_escape_uri() to
+ ap_compat.h. [David White <david@persimmon.com>] PR#3725
+
+ *) Make NDBM file suffix determination for mod_rewrite more accurate, i.e.
+ use `.db' instead of `.pag' not only for FreeBSD, but also when
+ the NDBM library looks like Berkeley-DB based.
+ [Ralf S. Engelschall] PR#3773
+
+ *) Add ability to handle DES or MD5 authentication passwords.
+ [Ryan Bloom <rbb@Raleigh.IBM.Com>]
+
+ *) Fix O(n^2) memory consumption in mod_speling. [Dean Gaudet]
+
+ *) SECURITY: Avoid some buffer overflow problems when escaping
+ quoted strings. (This overflow was on the heap and we believe
+ impossible to exploit.) [Rick Perry <perry@ece.vill.edu>]
+
+ *) Let src/Configure be aware of CFLAGS options starting with plus
+ signs as it's the case for the HP/UX compiler.
+ [Doug Yatcilla <yatcilda@umdnj.edu>] PR#3681
+
+ *) Remove the hard-wire of TAR=tar (we now check for gtar and gnutar first)
+ and check to see if the tar we wind up with supports '-h'.
+ [Jim Jagielski] PR#3671
+
+ *) A consistent and conservative style for all shell scripts has been
+ implemented. Basically, all shell string tests use the traditional
+ hack of 'if [ "x$var" != "x" ]' or 'if [ "x$var" = "xstring" ]'
+ to protect against bare null variable strings (ie: wrapping both
+ sides with double quotes and prepending 'x'). 'x' was chosen
+ because it's more universal and hopefully easier for old shell
+ prgrammers, as well as being easier to search for in 'vi' (/x\$) :)
+ [Jim Jagielski]
+
+ *) The status module now prints out both the main server generation as
+ well as the generation of each process. Also, the vhost info is
+ printed with '?notable'. [Jim Jagielski]
+
+ *) Move src/main/md5c.c to src/ap/ap_md5c.c; it's httpd-neutral
+ and this makes its functions available to things in src/support.
+ [Ken Coar]
+
+Changes with Apache 1.3.4
+
+ *) Renamed macros status_drops_connection to ap_status_drops_connection
+ and vestigial scan_script_header to ap_scan_script_header_err,
+ mostly for aesthetic reasons. [Roy Fielding]
+
+ *) The query switch "httpd -S" didn't exit after showing the
+ vhost settings. That was inconsistent with the other query functions.
+ [Martin Kraemer]
+
+ *) Moved the MODULE_MAGIC_COOKIE from before the versions and
+ filename to the end of the STANDARD_MODULE_STUFF. Its
+ presence at the beginning prevented reporting of the filename
+ for modules compiled before 1 January 1999. [Ken Coar]
+
+ *) SECURITY: ap_os_is_filename_valid() has been added to Win32
+ to detect and prevent access to special DOS device file names.
+ [Paul Sutton, Ken Parzygnat]
+
+ *) WIN32: Created new makefiles Makefile_win32.txt (normal build)
+ and Makefile_win32_debug.txt (debug build) that work on Win95.
+ Run each of the following from the src directory:
+ nmake /f Makefile_win32.txt # compiles normal build
+ nmake /f Makefile_win32.txt install # compiles and installs
+ nmake /f Makefile_win32.txt clean # removes compiled junk
+ nmake /f Makefile_win32_debug.txt # compiles debug build
+ nmake /f Makefile_win32_debug.txt install
+ nmake /f Makefile_win32_debug.txt clean
+ [Roy Fielding]
+
+ *) Added binbuild.sh and findprg.sh helpers to make it easier for us
+ to build binary distributions. [Lars Eilebrecht]
+
+ *) IndexOptions SuppressColumnSorting only turned off making
+ the column headers anchors; you could still change the display
+ order by manually adding a '?N=A' or similar query string to the
+ URL. Now SuppressColumnSorting locks in the sort order so
+ it can't be overridden this way. [Ken Coar]
+
+ *) Added IndexOrderDefault directive to supply a default sort order
+ for FancyIndexed directory listings. [Ken Coar] PR#1699
+
+ *) Change the ap_assert macro to a variant that works on all platforms.
+ [Richard Prinz <richard.prinz@cso.net>] PR#2575
+
+ *) Make sure under ELF-based NetBSD (now) and OpenBSD (future) we don't
+ search for an underscore on dlsym() (as it's already the case
+ for FreeBSD 3.0). [Todd Vierling <tv@pobox.com>] PR#2462
+
+ *) Small fix for mod_env.html: The module was documented as to be _not_
+ compiled into Apache per default, although it _IS_ compiled into
+ Apache per default. [Sim Harbert <sim@mindspring.com>] PR#3572
+
+ *) Instead of fixing a bug in the generation procedure for config.status (a
+ backslash was missing) we remove the bug together with it's complete
+ context because the special cases of the past can now no longer occur
+ because of the recent magic for the --with-layout default.
+ [Ralf S. Engelschall] PR#3590
+
+ *) Make top-level Makefile aware of a parallel build procedures (make -j) by
+ making sure the src/support/ tools are _forced_ to be build last (they
+ depend on other libraries).
+ [Markus Theissinger <markus.theissinger@gmx.de>]
+
+ *) Fix installation procedure: Now that os-inline.c is actually used (a
+ recently fixed bug prevented this) we need to also install os-include.c
+ in addition to os.h into the PREFIX/include/ location or building of
+ module DSOs with APXS fails. [Ralf S. Engelschall] PR#3527
+
+ *) Added MODULE_MAGIC_COOKIE as the first field in a module structure to
+ allow us to distinguish between a garbled DSO (or even a file which isn't
+ an Apache module DSO at all) and a DSO which doesn't match the current
+ Apache API. [Ralf S. Engelschall] PR#3152
+
+ *) Two minor enhancements to mod_rewrite: First RewriteRule now also
+ supports the ``nocase|NC'' flag (as RewriteCond already does for ages) to
+ match case insensitive (this especially avoids nasty patterns like
+ `[tT][eE][sS][tT]'). Second two additional internal map functions
+ `escape' and `unescape' were added which can be used to escape/unescape
+ to/from hex-encodings in URLs parts (this is especially useful in
+ combination with map lookups).
+ [Magnus Bodin, Ian Kallen, Ralf S. Engelschall]
+
+ *) Renamed the macro escape_uri() to ap_escape_uri() which was
+ forgotten (because it was a macro) in the symbol renaming process.
+ [Ralf S. Engelschall]
+
+ *) Fix some inconsistencies related to the scopes of directives. The only
+ user visible change is that the directives `UseCanonicalName' and
+ `ContentDigest' now use the (more correct) `Options' scope instead of
+ (less correct) `AuthConfig' scope. [Ralf S. Engelschall]
+
+ *) Using DSO, the Server token was being mangled. Specifically, the
+ module's token was being added first before the Apache token. This
+ has been fixed. [Jim Jagielski]
+
+ *) Major overhaul of mod_negotiation.c, part 2.
+ - properly handle "identity" within Accept-Encoding.
+ - allow encoded variants in RVSA negotiation and let them appear in
+ the Alternates field using the non-standard "encoding" tag-list.
+ - fixed both negotiation algorithms so that an explicitly accepted
+ encoding is preferred over no encoding if "identity" is not
+ included within Accept-Encoding.
+ - added ap_array_pstrcat() to alloc.c for efficient concatenation
+ of large substring sequences.
+ - replaced O(n^2) memory hogs in mod_negotiation with ap_array_pstrcat.
+ [Roy Fielding]
+
+ *) Major overhaul of mod_negotiation.c, part 1.
+ - cleanups to mod_negotiation comments and code structure
+ - made compliant with HTTP/1.1 proposed standard (rfc2068) and added
+ support for everything in the upcoming HTTP/1.1
+ revision (draft-ietf-http-v11-spec-rev-06.txt).
+ - language tag matching also handles tags with more than 2
+ levels like x-y-z
+ - empty Accept, Accept-Language, Accept-Charset headers are
+ processed correctly; previously an empty header would make all
+ values acceptable instead of unacceptable.
+ - allowed for q values in Accept-Encoding
+ - added support for transparent content negotiation (rfc2295 and
+ rfc2296) (though we do not implement all features in these drafts,
+ e.g. no feature negotiation). Removed old experimental version.
+ - implemented 'structured entity tags' for better cache correctness
+ (structured entity tags ensure that caches which can deal with Vary
+ will (eventually) be updated if the set of variants on the server
+ is changed)
+ - this involved adding a vlist_validator element to request_rec
+ - this involved adding the ap_make_etag() function to the global API
+ - modified guessing of charsets used by Apache negotiation algorithm
+ to guess 'no charset' if the variant is not a text/* type
+ - added code to sort multiviews variants into a canonical order so that
+ negotiation results are consistent across backup/restores and mirrors
+ - removed possibility of a type map file resolving to another type map
+ file as its best variant
+ [Koen Holtman, Roy Fielding, Lars Eilebrecht] PR#3451, 3299, 1987
+
+ *) RFC2396 allows the syntax http://host:/path (with no port number)
+ but the proxy disallowed it (ap_proxy_canon_netloc()).
+ [David Kristol <dmk@bell-labs.com>] PR#3530
+
+ *) When modules update/modify the file name in the configfile_t structure,
+ syntax errors will report the updated name, not the original one.
+ [Fabien Coelho <coelho@cri.ensmp.fr>] PR#3573
+
+ *) Correct some filename case assumptions from WIN32 to
+ CASE_BLIND_FILESYSTEM. [Brian Havard <brianh@kheldar.apana.org.au>]
+
+ *) For %v log ServerName regardless of the UseCanonicalName
+ setting (similarly for %p). [Dean Gaudet]
+
+ *) Configure was initializing the variables $OSDIR, $INCDIR and $SHELL
+ rather late (too late for some invocations of TestCompile).
+ This improves the make environment available to TestCompile and
+ the *.module scripts. [Martin Kraemer]
+
+ *) The hashbang emulation code in ap_execve.c would interpret
+ #!/hashbang/scripts correctly, but failed to fall back to a
+ standard shell for scripts which did NOT start with #!
+ Now SHELL_PATH is started in these cases. [Martin Kraemer]
+
+ *) PORT: Added the Cyberguard V2 port [Richard Stagg <stagg@lentil.org>]
+ PR#3336
+
+ *) Update APXS manual page: some -q option arguments were missing
+ and another was incorrect. [Mark Anderson <mda@discerning.com>] PR#3553
+
+ *) Cleanup the command line options: `-?' was documented to show
+ the usage list but does it with an error because `?' is not a valid
+ command. OTOH a lot of users expect `-h' to print such a usage list and
+ instead are annoyed for ages by our huge unreadable list of directives.
+ So we now changed the command line options this way:
+ 1. `-L' => `-R'
+ Intent: we need `-L' to be free, and `-R' for the DSO run-time path is
+ very similar to the popular linker option.
+ 2. `-h' => `-L'
+ Intent: while -l gives the small list of modules, -L now gives the
+ large list of directives implemented by these modules. This is also
+ consistent with -v (short version info) and -V (large version info).
+ 3. `-?' => `-h'
+ Intent: it's now the expected option ;-)
+ The manual page was adjusted accordingly.
+ [Ralf S. Engelschall] PR#2714
+
+ *) Fixed problem of fclose() on an unopened file in suexec if LOG_EXEC
+ wasn't defined. [Rick Franchuk <rickf@transpect.net>]
+
+ *) Removed recently introduced bugs and disfigurements in APACI:
+ o fixed argument line processing: using $args was broken: It was not
+ initialized and using args="$args $apc_option" and even args="$args
+ \"$apc_option\"" fails in the second processing round for any arguments
+ containing whitespaces. The only correct way is to use the construct
+ "$@" (but not possible here) or iterate _both_ times over the implicit
+ argument line (no argument to for-loop) which is what we now use.
+ o make --with-layout=Apache the default without creating
+ redundancy (copying the --with-layout block in the argument parsing
+ loop). We achieve this by using the "$@" construct together with the
+ `set' command to prepend --with-layout=Apache to the command line in
+ case --with-layout is not used.
+ o fixed auto-suffix handling now that config.layout exists.
+ Paths which are auto-suffixed are marked with a trailing plus sign in
+ config.layout and every path now can be marked this way (not only the
+ four paths for which we do it currently). Additionally the suffix is
+ no longer a static one. Instead it's now `/<target>' where <target> is
+ the argument of the --target option or per default `httpd'.
+ o allow also tabs (and only spaces) where we match whitespaces
+ o various fixes and cleanups related to used shell coding style
+ o made Jim happy by replacing `Written by' with `Initially written by' ;-)
+ o trimmed output of --help to fit into 80 columns
+ [Ralf S. Engelschall]
+
+ *) Added two new core API functions, ap_single_module_configure() and
+ ap_single_module_init(), which are now used by mod_so to configure a module
+ after loading. [Ralf S. Engelschall]
+
+ *) PORT: Add defines for USE_FLOCK_SERIALIZED_ACCEPT and
+ SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section
+ of ap_config.h to allow serialized accept for multiport listens.
+ [Roy Fielding, Curt Sampson] PR#3120
+
+ *) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section
+ of ap_config.h that would skip several defines if DEFAULT_GROUP
+ was overridden. [Roy Fielding]
+
+ *) PORT: The I86 version of DGUX has support for strncasecmp and
+ strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247
+
+ *) Fix ordering of definitions in ap_config.h so that ap_inline is
+ defined before it might be used. [Victor Khimenko]
+
+ *) PORT: Add Dynamic Shared Object (DSO) support for BSDI (v4.0).
+ [Tom Serkowski <tks@bsdi.com>] PR#3453
+
+ *) Make generation of src/Configuration.apaci more robust: It failed to
+ differenciate between modules when one module name was a postfix of
+ another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even
+ just XXX (think about totally non-standard names like "apache_ssl", too).
+ [Ralf S. Engelschall] PR#3380
+
+ *) In src/Configure remove the SERVER_SUBVERSION support (already deprecated
+ since 1.3b7) and make whitespace handling more robust (it failed horrible
+ when whitespaces were present in the arguments of -D options).
+ [Ralf S. Engelschall] PR#3240
+
+ *) Add APACI --shadow=DIR variant (in addition to --shadow). This now first
+ creates an external package shadow tree in DIR before the local build
+ shadow tree is generated under DIR. This way one can have the extracted
+ Apache distribution tree read-only on NFS or CDROM and still build Apache
+ from these sources. An automatically triggered VPATH-like mechanism is
+ provided through the TOP variable, too.
+ [Ralf S. Engelschall, Wilfredo Sanchez <wsanchez@apple.com>]
+
+ *) Fix negotiation so that a Vary response header is correctly
+ generated when, for a particular dimension, variants only vary
+ in having or not having a value for that dimension. [Paul Sutton]
+
+ *) Fix negotiation so that we prefer an encoded variant over an
+ unencoded variant if the user-agent explicitly says it can
+ accept that encoding. Previously we always preferred the unencoded
+ variant.
+ [Paul Ausbeck <paula@alumni.cse.ucsc.edu>, Paul Sutton] PR#3447
+
+ *) Fix APXS tool: query variables LIBS_SHLIB and TARGET were not recognized
+ and the usage page was inconsistent with the functionality and manpage.
+ [Ralf S. Engelschall]
+
+ *) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command.
+ They can occur multiple times and their arguments (`xxx') are passed AS
+ IS to the compiler/linker command. [Ralf S. Engelschall]
+
+ *) Fixed possible (but harmless in practice) bug in the DBM lookup
+ procedure of mod_rewrite: very long keys were truncated.
+ [Ralf S. Engelschall]
+
+ *) Added a generic --with-layout=[FILE:]ID option. ID here is a layout
+ identifier, currently "Apache" and "GNU" are pre-defined in the file
+ config.layout. Custom layouts are possible by using FILE:ID as the
+ argument where the layout ID is taken from FILE.
+
+ The config.layout file consists of <Layout ID>..</Layout> sections
+ where inside those sections "path_variable: path_value" pairs can be
+ specified. These lines are converted to path_variable='path_value'.
+
+ *) Add a DefaultLanguage directive so that files missing a language
+ extension (e.g., .fr, .de) can be labelled as being some other
+ default language. DefaultLanguage can appear in <Directory> and
+ <Files> containers as well as .htaccess files. [Paul Sutton]
+ PR#1180
+
+ *) Fix TARGET configuration when configuring and installing using
+ APACI configure. TARGET now defines the basename of the configuration
+ file, startup script, manual page, etc. log_error_core() now reports
+ the server binary name given by argv[0]. TARGET can now also be defined
+ with --target=TARGET parameter passed to APACI configure.
+ [Ralf Engelschall, Randy Terbush]
+
+ *) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC
+ rather than OPT_INCLUDES [Rainer Schoepf <schoepf@uni-mainz.de>]
+
+ *) ap_md5_binary() was using sprintf() rather than a table lookup
+ to convert binary bytes to hex digits.
+ [Ronald Tschalär <ronald@innovation.ch>] PR#3409
+
+ *) Fix SEGV in TCN negotiation if no variants are acceptable.
+ [Martin Plechsmid <plechsmi@karlin.mff.cuni.cz>] PR#1987
+
+ *) API: ap_exists_config_define() function is now "public" [Doug MacEachern]
+
+ *) Fix documentation of `Action' directive: It can activate a CGI script
+ when either a handler or a MIME content type is triggered by the request.
+ [Andrew Pimlott <pimlott@math.harvard.edu>] PR#3340
+
+ *) Document the `add' command of `dbmmanage' in `dbmmanage.1' manpage.
+ [David MacKenzie <djm@uu.net>] PR#3394
+
+ *) Ignore a "ErrorDocument 401" directive with a full URL and write a
+ notice to the error log. It is not possible to send a 401 response
+ and a redirect at the same time. [Lars Eilebrecht]
+
+ *) Fallback to native compilers for IRIX-32 platform. It seems that
+ a gcc 2.8.1 compiled apache is logging client addresses with all
+ bits set (255.255.255.255). This is the second such problem caused
+ by gcc 2.8.1 compiler. The first being broken semaphore locking.
+ [Randy Terbush]
+
+ *) Updated mime.types to reflect current Internet media types
+ and include a URL to the registry.
+ [Manoj Kasichainula, Roy Fielding] PR#2380, 2286, 2246
+
+ *) SECURITY: Do a more complete check in mod_include to avoid
+ an infinite loop of recursive SSI includes. [Marc Slemko] PR#3323
+
+ *) Add APACI --suexec-docroot and --suexec-logfile options which can be
+ used to set the document root directory (DOC_ROOT) and the suexec
+ logfile (LOG_EXEC), respectively. Additionally the --layout option
+ was changed to show more information about the suEXEC setup.
+ [Lars Eilebrecht] PR#3316, 3357, 3361
+
+ *) Added the last two WebDAV status codes of 424 (Failed Dependency)
+ and 507 (Insufficient Storage) for use by third-party modules.
+ [Roy Fielding]
+
+ *) Enabled all of the WebDAV method names for use by third-party
+ modules, Limit, and Script directives. That includes PATCH,
+ PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.
+ Improved mod_actions.c so that it can use any of the methods
+ defined in httpd.h. Added ap_method_number_of(method) for
+ getting the internal method number. [Roy Fielding]
+
+ *) PORT: Add a port to the TPF OS. [Joe Moenich <moenich@us.ibm.com> and
+ others at IBM]
+
+ *) Fix problems with handling of UNC names (e.g., \\host\path)
+ on Win32. [Ken Parzygnat <kparz@us.ibm.com>]
+
+ *) Rework os_canonical_*() on Win32 so it's simpler, more
+ robust, and works. [Ken Parzygnat <kparz@us.ibm.com>]
+ PR#2555, 2915, 3064, 3232
+
+ *) Work around incomplete implementation of strftime on Win32.
+ [Manoj Kasichainula, Ken Parzygnat <kparz@us.ibm.com>]
+
+ *) Move a typedef to fix compile problems on Linux with 1.x kernels.
+ [Manoj Kasichainula] PR#3177
+
+ *) PORT: Add a port to the Concurrent PowerMAX OS. [Tom Horsley
+ <Tom.Horsley@mail.ccur.com>]
+
+ *) WIN32: Log more explicit error messages if spawning an interpreted
+ script failed, including the command line used to attempt to execute
+ the interpreter and the Win32 error code returned. [Marc Slemko]
+
+ *) Disable sending of error-notes on a 500 (Internal Server Error) response
+ since it often includes file path info. Enable sending of error-notes
+ on a 501 (Method Not Implemented). [Roy Fielding] PR#3173
+
+ *) http_config.c would respond with 501 (Method Not Implemented) if a
+ content type handler was specified but could not be found, which
+ should have been a 500 response. Likewise, mod_proxy.c would responsd
+ with a 501 if the URI scheme is unrecognized instead of the correct
+ response of 403 (Forbidden). [Roy Fielding]
+
+ *) SECURITY: Eliminate DoS attack when a bad URI path contains what
+ looks like a printf format escape. [Marc Slemko, Studenten Net Twente]
+
+ *) Fix in mod_autoindex: for files where the last modified time stamp was
+ unavailable, an empty string was printed which was 2 bytes short.
+ The size and description columns were therefore not aligned correctly.
+ [Martin Kraemer] (no PR#)
+
+ *) Update BS2000 OS code to work with recent versions. Starting with
+ release A17, the child fork() must be replaced by a _rfork().
+ (BS2000 only) [Martin Kraemer]
+
+ *) Add the actual server_rec structure of the specific Vhost to the
+ scoreboard file and avoid a string copy (as well as allow some
+ further future enhancements). [Harrie Hazewinkel
+ <harrie.hazewinkel@jrc.it>]
+
+ *) Add APACI --permute-module=foo:bar option which can be used to
+ on-the-fly/batch permute the order of two modules (mod_foo and mod_bar)
+ in the Configuration[.apaci] file. Two special and important variants are
+ supported for the option argument: first BEGIN:foo which permutes module
+ mod_foo with the begin of the module list, i.e. it `moves' the module to
+ the begin of the list (gives it lowest priority). And second foo:END
+ which permutes mod_foo with the end of the module list, i.e. it `moves'
+ the module to the end of the list (gives it highest priority).
+ [Ralf S. Engelschall]
+
+ *) Fix problem with 'apache -k shutdown' and startup event
+ synchronisation (Win32). [Ken Parzygnat <kparz@raleigh.ibm.com>]
+ PR#3255
+
+ *) The config parser wasn't correctly noticing a missing '>'
+ on container start lines (e.g., it wouldn't spot
+ "<Directory /" as a syntax error). [Ryan Bloom <rbbloom@us.ibm.com>]
+ PR#3279
+
+ *) Add a 'RemoveHandler' directive which will selectively remove
+ all handler associations for the specified file extensions.
+ [Ryan Bloom <rbbloom@us.ibm.com>] PR#1799.
+
+ *) Properly handle & allow "nul" and ".*/null" in AccessConfig and
+ ResourceConfig directives on Win32. Also add a note to the effect
+ of 'useless User directive ignored on Win32' to the errorlog if
+ a User directive is encountered on Win32.
+ [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2078, 2303.
+
+ *) Fix multiple whitespace handling in imagemaps for mod_imap which was
+ broken since Apache 1.3.1 where we took out compressing of multiple
+ spaces in ap_cfg_getline().
+ [Ivan Richwalski <ivan@seppuku.net>] PR#3249
+
+ *) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not
+ initialized correctly and the db_open() call used an invalid mode
+ parameter. [Ron Klatchko <ron@ckm.ucsf.edu>] PR#3171
+
+ *) PORT: DSO support for UnixWare 7
+ [Ralf S. Engelschall, Ron Record <rr@sco.com>]
+
+ *) Merge the contents of the {srm,access}.conf-dist* files into the
+ httpd.conf-dist* files. The srm and access files now contain
+ only comments, and httpd.conf has all the combined contents in
+ a rational order. [Ken Coar]
+
+ *) PORT: DSO/ELF support for FreeBSD 3.0.
+ [Ralf S. Engelschall, Dirk Froemberg <ibex@physik.TU-Berlin.DE>]
+
+ *) Add a "default-handler" handler that calls the default_hander()
+ function which is normally called for static content. This allows
+ you to override a specific handler. [Marc Slemko]
+
+ *) Further simplify checking for absolute paths by replacing an
+ hard-coded syntax check with a call to a routine we already created to
+ do this. [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2976, 3074
+
+ *) Log an error if we encounter a malformed "require" directive
+ in mod_auth if we know that we know that no other module can
+ deal with it. [Marc Slemko]
+
+ *) Remove ap_private_extern method of hiding conflicting symbols
+ on the NEXT platform because it is not correct for all versions,
+ and the versions for which it is correct are unknown.
+ [Wilfredo Sanchez <wsanchez@apple.com>]
+
+ *) Fix inheritance of IndexOptions NameWidth and remove unintended
+ restriction on +NameWidth, +IconHeight, and +IconWidth. [Ken Coar]
+
+ *) Fix per-directory config merging for cases in which a 500 error
+ is encountered in an .htaccess file somewhere down the tree.
+ [Ken Coar] PR#2409
+
+ *) Minor performance improvement to ap_escape_html(). [Roy Fielding]
+
+ *) Fixed a segmentation violation in mod_proxy when a response is
+ non-cachable. [Roy Fielding, traced by Doug Bloebaum]. PR#2950, 3056
+
+Changes with Apache 1.3.3
+
+ *) Added a complete implementation of the Expect header field as
+ specified in rev-05 of HTTP/1.1. Disabled the 100 Continue
+ response when we already know the final status, which is mighty
+ useful for PUT responses that result in 302 or 401. [Roy Fielding]
+
+ *) Remove extra trailing whitespace from the getline results as part
+ of the protocol processing, which is extra nice because it works
+ between continuation lines, is almost no cost in the normal case
+ of no extra whitespace, and saves memory. [Roy Fielding]
+
+ *) Added new HTTP status codes and default response bodies from the
+ revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and
+ HTTP Extension Framework (510) specifications. Did not add the
+ WebDAV 424 and 425 codes because they are bogus. We don't use any
+ of these codes yet, but they are now available to 3rd-party modules.
+ [Roy Fielding]
+
+ *) Fix a possible race condition between timed-out requests and the
+ ap_bhalfduplex select that might result in an infinite loop on
+ platforms that do not validate the descriptor. [Roy Fielding]
+
+ *) WIN32: Add "-k shutdown" and "-k restart" options to signal a
+ running Apache server [Paul Sutton]
+
+ *) Fix mod_autoindex bug where directories got a size of "0k" instead
+ of "-". [Martin Plechsmid <plechsmi@karlin.mff.cuni.cz>, Marc Slemko]
+ PR#3130
+
+ *) PORT: DRS 6000 machine. [Paul Debleecker <pdebleecker@jetair.be>]
+
+ *) Add the server signature text (from the core ServerSignature directive)
+ to the list of envariables available to scripts, SSI, and the like.
+ [Ken Coar]
+
+ *) PORT: Fix sys/resource.h handling for SCO 3.x platform.
+ [M. Laak <maert@proinv.ee>] PR#3108
+
+ *) Fallback from sysconf-based to plain HZ-based `ticks per second'
+ calculation in mod_status for all systems which don't have POSIX
+ sysconf() (like UTS 2.1) and not only for the NEXT platform.
+ [Dave Dykstra <dwd@bell-labs.com>] PR#3055
+
+ *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and
+ mod_auth_db by using ap_getword_white() (which uses ap_isspace())
+ instead of ap_getword(..., ' ') (which parses only according to spaces
+ but not tabs). [James Morris <jmorris@intercode.com.au>,
+ Ralf S. Engelschall] PR#3105
+
+ *) Fix the SERVER_NAME variable under sub-request situations (where
+ `UseCanonicalName off' is used) like CGI's called from SSI pages or
+ RewriteCond variables by adopting r->hostname to sub-requests.
+ [James Grinter <jrg@blodwen.demon.co.uk>] PR#3111
+
+ *) Fix stderr redirection under syslog-based error logging situation.
+ [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3095
+
+ *) Document `ErrorLog syslog:facility' variant of error logging.
+ [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#3096
+
+ *) Fix http://localhost/ hints in top-level INSTALL document.
+ [Rob Jenson <robjen@spotch.com>, Ralf S. Engelschall] PR#3088
+
+ *) Quote paths in default configuration files. [Wilfredo Sanchez]
+
+ *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since
+ it is now taken care of properly by the header file tests.
+ [Wilfredo Sanchez <wsanchez@apple.com>]
+
+ *) Fix problem with scripts and filehandle inheritance on Win32.
+ [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2884, 2910
+
+ *) Win32 name canonicalisation could end up using the server's
+ working directory to fill in some blanks. [Ken Parzygnat
+ <kparz@raleigh.ibm.com>] PR#3001
+
+ *) Correct invalid assumption by ap_sub_req_lookup_file() that all
+ absolute paths begin with "/" -- because they don't on Win32.
+ [Ken Parzygnat <kparz@raleigh.ibm.com>] PR#2976, 3074
+
+ *) Add [REDIRECT_]VARIANTS environment variable to mod_speling
+ so that ErrorDocument 300 processors can reformat the list
+ if desired. [Ken Coar] PR#2859
+
+ *) Add +/- incremental prefixes to IndexOptions keywords, and
+ enable merging of multiple IndexOptions directives. [Ken Coar]
+
+ *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron
+ <steve.cameron@compaq.com>]
+
+ *) Reconstructed the loop through multiple htaccess file names so
+ that missing files are not confused with unreadable files.
+ [Roy Fielding]
+
+ *) The ap_pfopen and ap_pfdopen routines were failing to protect the
+ errno on an error, which leads to one error being mistaken for
+ another when reading non-existent .htaccess files.
+ [Jim Jagielski]
+
+ *) OS/2: The new header tests get things right, need to update
+ ap_config.h. [Brian Havard]
+
+ *) The Perl %ENV hash will now be setup by default when using the
+ mod_include `perl' command [Doug MacEachern]
+
+ *) PORT: Add Pyramid DC/OSx support to configuration mechanism.
+ [Earle Ake <akee@wpdiss1.wpafb.af.mil>]
+
+ *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1
+ [Dave Dykstra <dwd@bell-labs.com>] PR#3054
+
+ *) Correct comment in mod_log_config.c about its internals.
+ [Elf Sternberg <elf@halcyon.com>]
+
+ *) Avoid possible line overflow in Configure: Use an awkfile to
+ handle the creation of modules.c [Jim Jagielski]
+
+Changes with Apache 1.3.2
+
+ *) Fix bug in ap_remove_module(), which caused problems for dso's
+ who were the top_module. [Doug MacEachern]
+
+ *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to
+ mod_auth_db to both be friendly to users who wants to use this version
+ and to avoid problems under platforms where only version 2.x is present.
+ [Dan Jacobowitz <drow@false.org>, Ralf S. Engelschall]
+
+ *) When using ap_log_rerror(), make the error message available to the
+ *ERROR_NOTES envariables by default. [Ken Coar]
+
+ *) BS2000 platform only: get rid of the nasty BS2000AuthFile.
+ You now must define a BS2000Account name for the server User.
+ This has fewer security implications than the old approach.
+ [Martin Kraemer]
+
+ *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl'
+ instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this
+ platform to make the braindead HPUX linker happy. Notice, for the module
+ DSOs we don't have to use this, because these are loaded manually (and
+ not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968
+
+ *) Remove 64 thread limit on Win32.
+ [Bill Stoddard <stoddard@raleigh.ibm.com>]
+
+ *) Remove redundant substitutions in top-level Makefile.tmpl.
+ [Ralf S. Engelschall]
+
+ *) Fix APACI's `Group' configuration adjustment - especially for Linux
+ platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall]
+
+ *) Make PrintPath work generically instead of having one version
+ strictly for OS/2. [Jim Jagielski, Brian Havard]
+
+ *) Fix the recently introduced C header file checking: We now use the C
+ pre-processor pass only (and no longer the complete compiler pass) to
+ determine whether a C header file exists or not. Because only this way
+ we're safe against inter-header dependencies (which caused horrible
+ portability problems). The only drawback is that we now have a CPP
+ configuration variable which has to be determined first (we do a similar
+ approach as GNU Autoconf does here). When all fails the user still has
+ the possibility to override it manually via APACI or src/Configuration.
+ As a fallback for the header check itself we can directly check the
+ existance of the file under /usr/include, too.
+ [Ralf S. Engelschall] PR#2777
+
+ *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined
+ as an alternate mechanism for mmap'd shared memory for RHAPSODY.
+ ap_private_extern defined to hide symbols that conflict with loaded
+ dynamic libraries on the NEXT and RHAPSODY platforms.
+ [Wilfredo Sanchez <wsanchez@apple.com>]
+
+ *) Delete PID file on clean shutdowns.
+ [Charles Randall <crandall@matchlogic.com>] PR#2947
+
+ *) Fix mod_auth_*.html documents: NSCA -> NCSA
+ [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2991
+
+ *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org
+ [Karl Berry <karl@gnu.org>] PR#2994
+
+ *) Fix dbmmanage.1 manual page.
+ [Youichirou Koga <y-koga@jp.FreeBSD.org>] PR#2992
+
+ *) Fix possible buffer overflow situation in suexec.c.
+ [Jeff Stewart <jws@purdue.edu>] PR#2790
+
+ *) Add some more LIBS for the SCO5 platform which are needed for the already
+ used -lprot. It's actually a bug in SCO5, of course.
+ [Ronald Record <rr@sco.com>] PR#2533
+
+ *) Fix documentation of ProxyPass/ProxyPassReverse according to the
+ trailing slash problem. [Jon Drukman <jsd@gamespot.com>] PR#2933
+
+ *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1)
+ platform, because it's only supported under version 4.0 and higher. But
+ because our GuessOS is still unaware of Digital UNIX versions and the
+ -msym is just to optimize the DSO statup time a little bit it's safe and
+ best when we leave it out now. [Ralf S. Engelschall] PR#2969
+
+ *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf()
+ functions: First all three functions no longer fail on strings containing
+ "%" chars and second ap_log_printf() no longer does a double-formatting
+ (instead it directly passes through the message to be formatted to the
+ real internal formatting function). [Ralf S. Engelschall] PR#2941
+
+ *) Allow "Include" directives anywhere in the server config
+ files (but not .htaccess files). [Ken Coar] PR#2727
+
+ *) The proxy was refusing to serve CONNECT requests except to
+ port 443 (https://) and 563 (snews://). The new AllowCONNECT
+ directive allows the configuration of the ports to which a
+ CONNECT is allowed. [Sameer Parekh, Martin Kraemer]
+
+ *) mod_expires will now act on content that is not sent from a file
+ on disk. Previously it would never add an Expires: header to
+ any response that did not come from a file on disk; the only
+ case where it still doesn't (and can't) add one for that type of
+ content is if you are using a modification date based setting.
+ [Marc Slemko, Paul Phillips <paulp@go2net.com>]
+
+ *) Problems encountered during .htaccess parsing or CGI execution
+ that lead to a "500 Server Error" condition now provide explanatory
+ text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts.
+ [Ken Coar] PR#1291
+
+ *) Add NameWidth keyword to IndexOptions directive so that the
+ width of the filename column is customisable. [Ken Coar, Dean Gaudet]
+ PR#1949, 2324.
+
+ *) Recognize lowercase _and_ uppercase `uname' results under
+ SCO OpenServer. [David Coelho <drc@ppt.com>]
+
+ *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be
+ a common problem of (mis-administrated?) IIS servers, make the apache
+ proxy immune to these errors (and ignore the duplicates, but log
+ the fact to error_log). [Martin Kraemer], after the proposal in PR#2914
+
+ *) The <IfModule and <IfDefine block starting directives now only
+ allow exactly one argument. Previously, the optional negation
+ character '!' could be separated by whitespace without a syntax
+ error being reported, albeit defeating the IfModule functionality
+ (enclosed directives would ALWAYS be executed). By using the
+ stricter syntax, these hard-to-track errors can be avoided.
+ [Martin Kraemer]
+
+ *) Simplify handling of IndexOptions in mod_autoindex -- and BTW
+ cause the standalone FancyIndexing directive to logically OR
+ into any existing IndexOptions settings rather than wiping
+ them out. [Ken Coar]
+
+ *) Changes in ftp proxy: make URL parsing simpler by using the
+ parsed_uri stuff.
+ + Add display of the "current directory" in cases where it's
+ different from the supplied path (e.g., ftp://user@host/ lives
+ in /home/user, not in /, therefore clicking on "../" in the
+ starting directory might send us to /home/).
+ + When ftp login fails, (esp. when a user name was part of the
+ URL already), we now return [401 Unauthorized ] to allow the
+ browser to pop up an authorization dialog. This makes passwords
+ slightly less visible (they don't appear in the regular log files)
+ and implements a functionality that other www proxy servers
+ already offered.
+ [Martin Kraemer]
+
+ *) Triggered by the recent "Via:" header changes, the proxy module would
+ dump core for replies with invalid headers (e.g., duplicate
+ "HTTP/1.0 200 OK" lines). These errors are now logged and the
+ core dump is avoided. Also, broken replies are not cached.
+ [Martin Kraemer] PR#2914
+
+ *) new `GprofDir' directive when compiled with -DGPROF, where gprof can
+ plop gmon.out profile data for each child [Doug MacEachern]
+
+ *) Use the construct ``"$@"'' instead of ``$*'' in the generated
+ config.status script to be immune against arguments with whitespaces.
+ [Yves Arrouye <yves@apple.com>] PR#2866
+
+ *) Replace the inlined information grabbing stuff for the configuration
+ adjustment feature (no --without-confadjust) with calls to a new helper
+ script `buildinfo.sh' which is both more flexible and already proofed to
+ be more robust against platform differences. This mainly fixes the
+ recently occured ``sed: command garbled: ...'' problems.
+ [Ralf S. Engelschall] PR#2776, PR#2848
+
+ *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align
+ -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline''
+ without complains after we recently added the POST feature.
+ [Ralf S. Engelschall]
+
+ *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside
+ modules as API functions and we forgot them at the big symbol renaming.
+ [Ralf S. Engelschall]
+
+ *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html
+ [Youichirou Koga <y-koga@jp.FreeBSD.ORG>] PR#2895
+
+ *) Dynamically size the filename column of mod_autoindex output.
+ [Dean Gaudet]
+
+ *) Add the ability to do POST requests to the ab benchmarking tool.
+ [Kurt Sussman <kls@best.com>] PR#2871
+
+ *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of
+ 5 to 10 because there are some users out there who always have 5 to 8
+ variables in one RewriteRule and had to patch mod_rewrite.h for every
+ release. So 15 should be now more than enough, even for them. (I never
+ needed more than 4 in my RewriteRules ;-)
+ [Ralf S. Engelschall]
+
+ *) Make the proxy generate and understand Via: headers
+ [Martin Kraemer]
+
+ *) Change the proxy to use tables instead of array_headers for
+ the header lines. [Martin Kraemer]
+
+ *) Make sure the config.status file is not overridden when just
+ ``configure --help'' is used. [Ralf S. Engelschall] PR#2844
+
+ *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should
+ provide a way to trace API changes that add functionality but do
+ not create a compatibility issue for precompiled modules, etc.
+ See include/ap_mmn.h for more details. [Randy Terbush]
+
+ *) Fix suexec installation under `make install root=xxx' situation.
+ [Ralf S. Engelschall]
+
+ *) Extend the output of the -V switch to include the paths of all
+ compiled-in configuration files, if they were overridden at
+ compile time, for least astonishment of the user.
+ [Martin Kraemer]
+
+ *) When READing a request in ExtendedStatus mode, the "old"
+ vhost, request and client information is not displayed.
+ [Jim Jagielski]
+
+ *) STATUS is no longer available. Full status information now
+ run-time configurable using the ExtendedStatus directive.
+ [Jim Jagielski]
+
+ *) SECURITY: Eliminate O(n^2) space DoS attacks (and other O(n^2)
+ cpu time attacks) in header parsing. Add ap_overlap_tables(),
+ a function which can be used to perform bulk update operations
+ on tables in a more efficient manner. [Dean Gaudet]
+
+ *) SECURITY: Added compile-time and configurable limits for
+ various aspects of reading a client request to avoid some simple
+ denial of service attacks, including limits on maximum request-line
+ size (LimitRequestLine), number of header fields (LimitRequestFields),
+ and size of any one header field (LimitRequestFieldsize). Also added
+ a configurable directive LimitRequestBody for limiting the size of the
+ request message body. [Roy Fielding]
+
+ *) Make status module aware of DNS and logging states, even if
+ STATUS not defined. [Jim Jagielski]
+
+ *) Fix a problem with the new OS/2 mutexes. [Brian Havard]
+
+ *) Enhance mod_speling so that CheckSpelling can be used in
+ <Directory> containers and .htaccess files. [Ken Coar]
+
+ *) API: new ap_custom_response() function for hooking into the
+ ErrorDocument mechanism at runtime [Doug MacEachern]
+
+ *) API: new ap_uuencode() function [Doug MacEachern]
+
+ *) API: scan_script_header_err_core() now "public" and renamed
+ ap_scan_script_header_err_core() [Doug MacEachern]
+
+ *) The 'status' module will now show the process pid's and their
+ state even without full STATUS accounting. [Jim Jagielski]
+
+ *) Restore the client IP address to the error log messages, this
+ was lost during the transition from 1.2 to 1.3. Add a new
+ function ap_log_rerror() which takes a request_rec * and
+ formats it appropriately. [Dean Gaudet] PR#2661
+
+ *) Cure ap_cfg_getline() of its nasty habit of compressing internal
+ whitespace in input lines -- including within quoted strings.
+ [Ken Coar]
+ but leading and trailing whitespace should continue to be
+ stripped [Martin Kraemer]
+
+ *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid
+ the ugly use of an env. variable and use command-line args for
+ alternate $PATH. Make more like advanced 'type's as well.
+ [Jim Jagielski]
+
+ *) The IRIXN32 Rule was being ignored. Configure now correctly adds
+ -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis
+ <alain.st-denis@ec.gc.ca>] PR#2736
+
+ *) Clean up a warning in mod_proxy. [Ralf S. Engelschall]
+
+ *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2
+ following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/
+ directory was renamed to src/os/os2/ for consistency.
+ [Brian Havard, Ralf S. Engelschall]
+
+ *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO
+ files (here modules) against other DSO files (here shared libraries).
+ This is done by determining a subset of LIBS which can be safely used for
+ linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is
+ disabled for all platforms to avoid problems with this (experimental)
+ rule. But we provide it now for those people how ran into problems and
+ want to came out by forcing linking against DSOs.
+ [Ralf S. Engelschall] PR#2587
+
+ *) Fix suEXEC start message: Has to be of `notice' level to really get
+ printed together with the standard startup message because the `notice'
+ level is handled special inside ap_log_error() for startup messages.
+ [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765
+
+ *) Add correct `model' MIME types from RFC2077 to mime.types file.
+ [Ralf S. Engelschall] PR#2732
+
+ *) Fixed examples in mod_rewrite.html document.
+ [Youichirou Koga <y-koga@jp.FreeBSD.org>, Ralf S. Engelschall] PR#2756
+
+ *) Allow ap_read_request errors to propagate through the normal request
+ handling loop so that the connection can be properly closed with
+ lingering_close, thus avoiding a potential TCP reset that would
+ cause the client to miss the HTTP error response. [Roy Fielding]
+
+ *) One more portability fix for APACI shadow tree support: Swap order of awk
+ and sed in top-level configure script to avoid sed fails on some
+ platforms (for instance SunOS 4.1.3 and NCR SysV) because of the
+ non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729
+
+ *) PORT: NEC EWS4800 support.
+ [MATSUURA Takanori <t-matsuu@protein.osaka-u.ac.jp>]
+
+ *) Fix a segfault in the proxy on OS/2. [Brian Havard]
+
+ *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info
+ structure instead of just NULL. This fixes at least the RewriteMap
+ programs under Win32. [Marco De Michele <mdemichele@tin.it>] PR#2483
+
+ *) Add workaround to top-level `configure' script for brain dead
+ `echo' commands which interpet escape sequences per default.
+ [Ralf S. Engelschall] PR#2654
+
+ *) Make sure that the path to the Perl interpreter is correctly
+ adjusted under `make install' also for the printenv CGI script.
+ [Ralf S. Engelschall] PR#2595
+
+ *) Update the mod_rewrite.html document to correctly reflect the situation
+ of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679
+
+ *) Fix `install-includes' sub-target of `install' target in top-level
+ Makefile.tmpl: The umask+cp approach didn't work as expected (especially
+ for users which extracted the distribution under 'umask 077'), so replace
+ it by an explicit cp+chmod approach.
+ [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626
+
+ *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same
+ behavior and to cleanup correctly even under enabled SHARED_CORE rule.
+ [Ralf S. Engelschall]
+
+ *) Use a more straight forward and thus less problematic Sed command in
+ src/helper/mkdir.sh script. [Ralf S. Engelschall]
+
+ *) Make sure the `configure' scripts doesn't fail when trying to guess the
+ domainname of the machine and there are multiple `domainname' and
+ `search' entries in /etc/resolv.conf.
+ [Ralf S. Engelschall] PR#2710
+
+ *) Add note about the SHARED_CORE requirement on some platforms also to the
+ INSTALL file because a lot of users don't read htdocs/manual/dso.html
+ first. [Ralf S. Engelschall] PR#2701
+
+ *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl
+ [Knut A.Syed <Knut.Syed@nhh.no>] PR#2674
+
+ *) Modify mod_rewrite to update the Vary response field if the URL rewriting
+ engine does any manipulations or decisions based upon request fields.
+ [Ken Coar] PR#1644
+
+ *) Document the special APACI behavior for installation paths where
+ ``/apache'' is appended to paths under some (well defined, of course)
+ situations to prevent pollution of system locations with Apache files.
+ [Ralf S. Engelschall] PR#2660
+
+ *) Fixed problem with buffered response message not being sent for
+ the read_request error conditions of URI-too-long (414) and
+ malformed header fields (400). [Roy Fielding] PR#2646
+
+ *) Add support for the Max-Forwards: header line required by RFC2068 for
+ the TRACE method. This allows apache to TRACE along a chain of proxies
+ up to a predetermined depth. [Martin Kraemer]
+
+ *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled
+ (compilers complained) and the .so.V.R.P filename extension was adjusted
+ to correctly reflect the 1.3.2 version.
+ [Ralf S. Engelschall] PR#2644
+
+ *) SECURITY: Plug "..." and other canonicalization holes under OS/2.
+ [Brian Havard]
+
+ *) PORT: implement serialized accepts for OS/2. [Brian Havard]
+
+ *) mod_include had problems with the fsize and flastmod directives
+ under WIN32. Fix also avoids the minor security hole of using
+ ".." paths for fsize and flastmod.
+ [Manoj Kasichainula <manojk@raleigh.ibm.com>] PR#2355
+
+ *) Fixed some Makefile dependency problems. [Dean Gaudet]
+
+Changes with Apache 1.3.1
+
+ *) Disable the incorrect entry for application/msword in the
+ mod_mime_magic "magic" file because it also matches other Office
+ documents. [Ralf S. Engelschall] PR#2608
+
+ *) Fix broken RANLIB handling in src/Configure (the entry from
+ src/Configuration.tmpl was ignored) and additionally force RANLIB to
+ /bin/true under HP/UX where ranlib exists but is deprecated.
+ [Ralf S. Engelschall] PR#2627
+
+ *) 'apachectl status' failed on some systems.
+ [Steve VanDevender <stevev@darkwing.uoregon.edu>, Lars Eilebrecht] PR#2613
+
+ *) Add new flags for ap_unparse_uri_components() to make it generate
+ the scheme://sitepart string only, or to omit the query string.
+ [Martin Kraemer]
+
+ *) WIN32: Canonicalize ServerRoot before checking to see if it
+ is a valid directory. The failure to do this caused certain
+ ServerRoot settings (eg. "ServerRoot /apache") to be improperly
+ rejected. [Marc Slemko]
+
+ *) Global renaming of C header files to both get rid of conflicts with third
+ party packages and to again reach consistency:
+ 1. conf.h -> ap_config.h
+ 2. conf_auto.h -> ap_config_auto.h \ these are now merged
+ 3. ap_config.h -> ap_config_auto.h / in the config process
+ 4. compat.h -> ap_compat.h
+ 5. apctype.h -> ap_ctype.h
+ Backward compatibility files for conf.h and compat.h were created.
+
+ *) mod_mmap_static will no longer take action on requests unless at
+ least one "mmapfile" directive is present in the configuration.
+ This experimental module has to do some black magic to operate
+ inside the current API and thus creates side-effects for other
+ modules under some circumstances.
+ [Ralf S. Engelschall]
+
+ *) Add conservative ticks around more egrep arguments in top-level configure
+ to avoid problems under brain-dead platforms like Digital UNIX (OSF1).
+ [Ralf S. Engelschall] PR#2596
+
+ *) mod_rewrite created RewriteLock files under the UID of the parent
+ process, thus the child processes had no write access to the files.
+ Now a chown() is done on the file to the uid of the children,
+ if applicable. [Lars Eilebrecht, Ralf S. Engelschall] PR#2341
+
+ *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via
+ TestCompile) instead of defining them manually in conf.h based on less
+ accurate platform definitions. This way we no longer have to fiddle with
+ OS-type and/or OS-version identifiers to discover whether a system header
+ file exists or not. Instead we now directly check for the existence of
+ those esoteric ones.
+ [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434,
+ PR#2524, PR#2525, PR#2533, PR#2569
+
+ *) mod_setenvif (BrowserMatch* and friends) will now match a missing
+ field with "^$". [Ken Coar]
+
+ *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded
+ modules to load their own modules dynamically. This improves mod_perl
+ and mod_php3 when these modules are loaded dynamically into Apache.
+ [Rasmus Lerdorf]
+
+ *) Cache a proxied request in the event that the client cancels the
+ transfer, provided that the configured percentage of the file has
+ already been transfered. It works for HTTP transfers only. The
+ new configuration directive is called CacheForceCompletion.
+ [Glen Parker <glenebob@nwlink.com>] PR#2277
+
+ *) Add the "<!DOCTYPE HTML" magic cookie used by modern documents (and
+ required by HTML 3.2 and later) to mod_mime_magic's conf/magic.
+ [Anna Shergold <anna@inext.co.uk>]
+
+ *) Fix yet another signal-based race condition involving nested timers.
+ Signals suck. [Dean Gaudet]
+
+ *) suexec's error messages have been clarified a little bit. [Ken Coar]
+
+ *) Clean up some, but perhaps not all, 8-bit character set problems
+ with config file parsing, and URL parsing. We now define
+ ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char).
+ This should work on most modern unixes.
+ [Dean Gaudet] PR#800, 2282, 2553 (and others)
+
+ *) The "handler not found" error was issued in cases where the handler
+ really did exist, but was just declining to serve the request.
+ [John Van Essen <jve@gamers.org>] PR#2529
+
+ *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x).
+ [Ronald Record <rr@sco.com>] PR#2533
+
+ *) The APACI libexecdir was not extended with an "apache/" subdir
+ if the installation prefix didn't already contain "apache", but
+ it should be because the DSO files are Apache-specific. Now
+ libexecdir is treated the same way sysconfdir, datadir, localstatedir
+ and includedir are already treated.
+ [Charles Levert <charles@comm.polymtl.ca>] PR#2551
+
+ *) The <Limit> parsing routine was incorrectly treating methods as
+ case-insensitive. [Ken Coar]
+
+ *) The ap_bprintf() code neglected to test if there was an error on
+ the connection. ap_bflush() misdiagnosed a failure as a success.
+ [Dean Gaudet]
+
+ *) add support for #perl arg interpolation in mod_include
+ [Doug MacEachern]
+
+ *) API: Name changes of table_elts to ap_table_elts, is_table_empty
+ to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie]
+
+ *) PORT: Add UnixWare 7 support
+ [Vadim Kostoglodoff <vadim@olly.ru>] PR#2463
+
+ *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was
+ used instead of "$PERL" which contains the correctly determined Perl
+ interpreter (important for instance on systems where "perl" and "perl5"
+ exists, like BSDI or FreeBSD, etc).
+ [Ralf S. Engelschall] PR#2505
+
+ *) Move the initial suEXEC-related startup message from plain
+ fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems
+ when Apache is started from inetd (instead of standalone). Under this
+ situation startup messages on stderr lead to problems (the line is sent
+ to the client in front of the requested document).
+ [Ralf S. Engelschall] PR#871, PR#1318
+
+ *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching.
+ [Ken Coar, Dean Gaudet]
+
+ *) WIN32: Don't collapse multiple slashes in PATH_INFO.
+ [Ben Laurie, Bill Stoddard <wgstodda@us.ibm.com>] PR#2274
+
+ *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are
+ ignored by the Windows filesystem, and so can be used to bypass security.
+ [Ben Laurie, Alexei Kosut].
+
+ *) We now attempt to dump core when we get SIGILL. [Jim Jagielski]
+
+ *) PORT: remove broken test for MAP_FILE in http_main.c.
+ [Wilfredo Sanchez <wsanchez@apple.com>]
+
+ *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the
+ httpd is running. This should be more portable than figuring out
+ which of three dozen different versions of "ps" are installed.
+ [a cast of dozens]
+
+ *) WIN32: If we can't figure out how to execute a file in a script
+ directory, bail out of the request with an error message. [W G Stoddard]
+
+ *) WIN32 SECURITY: Eliminate directories consisting of three or more dots;
+ these are treated by Win32 as if they are ".." but are not detected by
+ other machinery within Apache. This is something of a kludge but
+ eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
+
+ *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses
+ pools and thus pollutes libap (until the pool stuff is moved there).
+ [Ken Coar]
+
+ *) IndexIgnore should be case-blind on Win32 (and any other case-aware
+ but case-insensitive platforms). New #define for this added to conf.h
+ (CASE_BLIND_FILESYSTEM). [Ken Coar] PR#2455
+
+ *) Enable DSO support for OpenBSD in general, not only for 2.x, because it
+ also works for OpenBSD 1.x. [Ralf S. Engelschall]
+
+ *) PORT: Fix compilation problem on ARM Linux.
+ [Sam Kington <sam@illuminated.co.uk>] PR#2443
+
+ *) Let APACI's configure script determine some configuration parameters
+ (Group, Port, ServerAdmin, ServerName) via some intelligent tests to
+ remove some of the classical hurdles for new users when setting up
+ Apache. This is done per default because it is useful for the average
+ user. Package authors can use the --without-confadjust option to disable
+ these configuration adjustments.
+ [Ralf S. Engelschall]
+
+ *) Added an EXTRA_DEPS configuration parameter which can be used
+ to add an extra Makefile dependency for the httpd target, for instance
+ to external third-party libraries, etc.
+ [Ralf S. Engelschall]
+
+ *) Add <IfDefine>..</IfDefine> sections to the core module (with same spirit
+ as <IfModule>..</IfModule> sections) which can be used to skip or process
+ contained commands dependend of ``-D PARAMETER'' options on the command
+ line. This can be used to achieve logical conditions like <IfDefine
+ ReverseProxy> instead of physically ones (e.g. <IfModule mod_proxy.c>)
+ and thus especially can be used for conditionally loading DSO-based
+ modules via LoadModule, etc. [Ralf S. Engelschall]
+
+ *) PORT: clean up a warning in mod_status for OS/2. [Brian Havard]
+
+ *) Make table elements const. This may prevent obscure errors. [Ben Laurie]
+
+ *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not
+ truncated which forced following HTTP headers to be data in the HTTP
+ reponse. [Ralf S. Engelschall, Charles Fu <ccwf@bacchus.com>]
+ PR#2412, 2367
+
+ *) Portability fix for APACI shadow tree support: Swap order of awk and sed
+ in top-level configure script to avoid sed fails on some platforms (for
+ instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined
+ output of Awk. [Bill Houle <bhoule@sandiegoca.ncr.com>] PR#2435
+
+ *) Improve performance of directory listings (mod_autoindex) by comparing
+ integer keys (last-modified and size) as integers rather than converting
+ them to strings first. Also use a set of explicit byte tests rather
+ than strcmp() to check for parent directory-ness of an entry. Oh, and
+ make sure the parent directory (if displayed) is *always* listed first
+ regardless of the sort key. Overall performance winnage should be good
+ in CPU time, instruction cache, and memory usage, particularly for large
+ directories. [Ken Coar]
+
+ *) Add a tiny but useful goody to APACI's configure script: The generation
+ of a config.status script (as GNU Autoconf does) which remembers the used
+ configure command and hence can be used to restore the configuration by
+ just re-running this script or for remembering the configuration between
+ releases.
+ [Ralf S. Engelschall]
+
+ *) Add httpd -t (test) option for running configuration syntax tests only.
+ If something is broken it complains and exits with a return code
+ non-equal to 0. This can be used manually by the user to check the Apache
+ configuration after editing and is also automatically used by apachectl
+ on (graceful) restart command to make sure Apache doesn't die on restarts
+ because of a configuration which is now broken since the last (re)start.
+ This way `apachectl restart' can be used inside cronjobs without having
+ to expect Apache to be falling down. Additionally the httpd -t can be run
+ via `apachectl configtest'.
+ [Ralf S. Engelschall] PR#2393
+
+ *) Minor display fix for "install" target of top-level Makefile:
+ the displayed installation command was incorrect although the
+ executed command was correct. Now they are in sync.
+ [Ralf S. Engelschall] PR#2402
+
+ *) Correct initialization of variable `allowed_globals' in http_main.c
+ [Justin Bradford <justin@ukans.edu>] PR#2400
+
+ *) Apache would incorrectly downcase the entire Content-Type passed from
+ CGIs. This affected server-push scripts and such which use
+ multipart/x-mixed-replace;boundary=ThisRandomString.
+ [Dean Gaudet] PR#2394
+
+ *) PORT: QNX update to properly guess 32-bit systems.
+ [Sean Boudreau <seanb@qnx.com>] PR#2390
+
+ *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx()
+ functions which are in libdld under HPUX 9/10.
+ [Ralf S. Engelschall] PR#2378
+
+ *) Make sure the "install" target of the top-level Makefile doesn't break
+ because of a return code of 1 from an "if" (for instance under braindead
+ Ultrix the result code of an "if" construct is 1 if the "then" clause
+ didn't match). [Ralf S. Engelschall]
+
+ *) Add an additional "dummy" target to the "$(LIB)" target in generated
+ modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO"
+ situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are
+ empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer]
+
+ *) Replace two bad sprintf() calls with ap_snprintf() variants in
+ mod_rewrite. [Ralf S. Engelschall]
+
+ *) Fix missing usage description for MetaFiles directive.
+ [David MacKenzie <djm@va.pubnix.com>] PR#2384
+
+ *) mod_log_config wouldn't let vhosts use log formats defined in the
+ main server. [Christof Damian <damian@mediaconsult.com>] PR#2090
+
+ *) mod_usertrack was corrupting the client hostname. As part of the
+ fix, the cookie values were slightly extended to include the
+ fully qualified hostname of the client.
+ [Dean Gaudet] PR#2190, 2229, 2366
+
+ *) Fix a typo in pool debugging code. [Alvaro Martinez Echevarria]
+
+ *) mod_unique_id did not work on alpha linux (in general on any
+ architecture that has 64-bit time_t).
+ [Alvaro Martinez Echevarria]
+
+ *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie]
+
+ *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that
+ Solaris systems experience. So define WORKAROUND_SOLARIS_BUG.
+ [Klaus Weber <kweber@chephren.germany.ncr.com>] PR#1973
+
+ *) Change "Options None" to "Options FollowSymLinks" in the
+ <Directory /> section of the default access.conf-dist
+ (and -win even though it doesn't matter there). This has better
+ performance, and more intuitive semantics. [Dean Gaudet]
+
+ *) PORT: Updated support for UTS 2.1.2.
+ [Dave Dykstra <dwd@bell-labs.com>] PR#2320
+
+ *) Fix symbol export list (src/support/httpd.exp) after recent
+ API changes in the child spawning area.
+ [Jens-Uwe Mager <jum@helios.de>]
+
+ *) Workaround for configure script and old `test' commands which do not
+ support the -x flag (for instance under platforms like Ultrix). This is
+ solved by another helper script findprg.sh which searches for Perl and
+ Awk like PrintPath but _via different names_.
+ [Ralf S. Engelschall]
+
+ *) Remove the system() call from htpasswd.c, which eliminates a system
+ dependancy. ["M.D.Parker" <mdpc@netcom.com>] PR#2332
+
+ *) PORT: Fix compilation failures on NEXTSTEP.
+ [Rex Dieter <rdieter@math.unl.edu>] PR#2293, 2316
+
+ *) PORT: F_NDELAY is a typo, should have been FNDELAY. There's also
+ O_NDELAY on various systems. [Dave Dykstra <dwd@bell-labs.com>] PR#2313
+
+ *) PORT: helpers/GuessOS updates for various versions for NCR SVR4.
+ [juerg schreiner <j.schreiner@zh.ch>,
+ Bill Houle <Bill.Houle@SanDiegoCA.NCR.COM>] PR#2310
+
+ *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which
+ was broken because of invalid ap_pstrcat() -> strcat() transformation.
+ [Ralf S. Engelschall]
+
+ *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection
+ to continue in background, use predefined types (off_t, size_t, time_t),
+ log the current cache usage percentage at LogLevel debug
+ [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik]
+
+Changes with Apache 1.3.0
+
+ *) Using a type map file as a custom error document was not possible.
+ [Lars Eilebrecht] PR#1031
+
+ *) Avoid problems with braindead Awks by additionally searching for gawk
+ and nawk in APACI's configure script.
+ [Dave Dykstra <dwd@bell-labs.com>, Ralf S. Engelschall] PR#2319
+
+ *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on
+ some systems. [Randy Terbush]
+
+ *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to
+ more proper ap_log_error() variants.
+ [Ralf S. Engelschall]
+
+ *) Make sure the argument for the --add-module option to APACI's configure
+ script is of type [path/to/]mod_xxx.c because all calculations inside
+ configure and src/Configure depend on this.
+ [Ralf S. Engelschall] PR#2307
+
+ *) Changes usage of perror/fprintf to stderr to more proper ap_log_error
+ in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config.
+ [Brian Behlendorf]
+
+ *) Various OS/2 cleanups ["Brian Havard" <brianh@kheldar.apana.org.au>]
+
+ *) PORT: QNX needed a #include <sys/mman.h>; and now it uses flock
+ serialized accept to handle multiple sockets.
+ [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2295, 2296
+
+ *) Have NT properly set the directory for CGI scripts
+ (& other spawned children)
+ [W G Stoddard <wgstodda@us.ibm.com>]
+
+ *) Propagate environment to CGI scripts correctly in Win32.
+ [W G Stoddard <wgstodda@us.ibm.com>] PR#2294
+
+ *) Some symbol renaming:
+ ap_spawn_child_err became ap_spawn_child
+ ap_spawn_child_err_buff became ap_bspawn_child
+ spawn_child was obsoleted and moved to compat.h
+ [Brian Behlendorf]
+
+ *) Upgrade the child spawning code in mod_rewrite for the RewriteMap
+ programs: ap_spawn_child_err() is used and the Win32 case now uses
+ CreateProcess() instead of a low-level execl() (which caused problems in
+ the past under Win32).
+ [Ralf S. Engelschall]
+
+ *) A few cosmetics and trivial enhancements to APXS to make the
+ generated Makefile more user friendly. [Ralf S. Engelschall]
+
+ *) Proxy Fix: The proxy special failure routine ap_proxyerror()
+ was updated to use the normal apache error processing, thereby allowing
+ proxy errors to be treated by ErrorDocument's as well. For this
+ purpose, a new module-to-core communication variable "error-notes"
+ was introduced; the proxy (and possibly other modules) communicates
+ its error text using this variable. Its content is copied to a new
+ cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments.
+ The old proxy special error routine ap_proxy_log_uerror()
+ was replaced by regular ap_log_error() calls, many messages were made
+ more informative.
+ [Martin Kraemer] PR#494, 1259
+
+ *) SECURITY: A possible buffer overflow in the ftp proxy was fixed.
+ [Martin Kraemer]
+
+ *) Transform the configure message "You need root privileges for suEXEC"
+ from a fatal error into a (more friendly) warning because the building
+ ("make") of Apache we can allow, of course. Root privileges are needed
+ only for the installation step ("make install"). So make sure the
+ user is aware of this fact but let him proceed as long as he can.
+ [Ralf S. Engelschall] PR#2288
+
+ *) Renamed three more functions to common ap_ prefix which we missed at the
+ Big Symbol Renaming because they're #defines and not real C functions:
+ is_default_port(), default_port(), http_method().
+ [Ralf S. Engelschall]
+
+ *) A zero-length name after a $ in an SSI document should cause
+ just the $ to be in the expansion. This was broken during the
+ security fixes in 1.2.5. [Dean Gaudet] PR#1921, 2249
+
+ *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some
+ memory. [Rob Saccoccio <robs@InfiniteTechnology.com>] PR#2252
+
+ *) Fix src/support/httpd.exp (DSO export file which is currently only
+ used under AIX) because of recent changes to function names.
+ [Ralf S. Engelschall]
+
+Changes with Apache 1.3b7
+
+ *) Make sure a MIME-type can be forced via a RewriteRule even when no
+ substitution takes place, for instance via the following rule:
+ ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often
+ requested by users in the past to force a single script without a .cgi
+ extension and outside any cgi-bin dirs to be executed as a CGI program.
+ [Ralf S. Engelschall] PR#2254
+
+ *) A fix for protocol issues surrounding 400, 408, and
+ 414 responses. [Ed Korthof]
+
+ *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
+
+ *) Fix discrepancy in proxy_ftp.c which was causing failures when
+ trying to connect to certain ftpd's, such as anonftpd.
+ [Rick Ohnemus <rick@ecompcon.com>]
+
+ *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's
+ logfile instead of fiddling around itself with child spawning stuff.
+ [Ralf S. Engelschall]
+
+ *) Made RefererIgnore case-insensitive.
+
+ *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs.
+ [Brian Behlendorf]
+
+ *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything
+ "safe" under Win32. In: mod_include.c, mod_mime_magic.c
+ [Brian Behlendorf]
+
+ *) Improve RFC1413 support. [Bob Beck <beck@bofh.ucs.ualberta.ca>]
+
+ *) Fix support script `dbmmanage': It was unable to handle some sort
+ of passwords, especially passwords with "0" chars.
+ [Ralf S. Engelschall] PR#2242
+
+ *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed.
+ [Ben Laurie] PR#2238
+
+ *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C
+ library), so CGI handling has been changed to use Win32 native handles
+ instead of C file descriptors.
+ [Ben Laurie and Bill Stoddard <wgstodda@us.ibm.com>] PR#1129, 1607
+
+ *) The proxy cache would store an incorrect content-length in the cached
+ file copy after a cache update. That resulted in repeated fetching
+ of the original copy instead of using the cached copy.
+ [Ernst Kloppenburg <kloppen@isr.uni-stuttgart.de>] PR#2094
+
+ *) The Makefiles assumed that DSO files are build via $(LD). This
+ is broken for two reasons: First we never defined at least LD=ld
+ somewhere to make sure this works (it was silently assumed that most Make
+ provide a built-in LD definition - ARGL!) and second using the generic LD
+ variable is not the truth. Instead a special variable named LD_SHLIB is
+ reasonable because although "ld" is usually the default, the command for
+ building DSO files can be "libtool" or even "cc" on some systems.
+ [Ralf S. Engelschall]
+
+ *) Replace the AddVersionPlatform directive with ServerTokens which
+ provides for more control over the format of the Server:
+ header line. SERVER_SUBVERSION is no longer supported;
+ all module should use the ap_add_version_component()
+ API function instead. [Jim Jagielski]
+
+ *) Support for the NCR MP/RAS 3.0
+ [John Withers <withers@semi.kcsc.mwr.irs.gov>]
+
+ *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was
+ not retrieved in src/Configure and thus was not useable.
+ [Ralf S. Engelschall]
+
+ *) Various Makefile consistency cleanups:
+ - make OSDIR also automatically be relative to src/ like INCDIR
+ - SUBDIRS is now generated in src/Makefile only and not in
+ Makefile.config because it is a local define for this location.
+ - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside
+ any Makefile but make sure that at least the "-K inline" is kept in
+ CFLAGS for SCO 5.
+ - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too.
+ - updated the dependencies theirself
+ - removed not existing SHLIB variable from "clean" targets
+ - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS
+ already exists and OBJS_PIC are also just plain objects and have not
+ directly to do with "shared" things. The only difference is that they
+ contain PIC. So OBJS_PIC is the more canonical name.
+ - Updated the Makefile-dependency lines for OBJS_PIC
+ - Removed the Makefile-dependency line in Configure to avoid double
+ definitions
+ - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage
+ of xxx.lo as GNU libtool does with its PIC objects
+ - reduce local complexity in modules Makefile.tmpl by moving the last
+ existing target "depend" to the generation section in Configure, too.
+ - removed the historical $(SPACER) which was used in the past together
+ with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This
+ is no longer needed.
+ - force the build and run of the gen_xxx programs under main/ as the
+ first step before building the objects because it looks cleaner
+ [Ralf S. Engelschall]
+
+ *) WIN32: Make Win32 work again after the /dev/null DoS fix.
+ [Ben Laurie]
+
+ *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
+ [Ben Laurie]
+
+ *) WIN32: Don't force ISAPI headers to finish with \n.
+ [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
+
+ *) When opening "configuration" files (like httpd.conf, htaccess
+ and htpasswd), Apache will not allow them to be non-/dev/null
+ device files. This closes a DoS hole. At the same time,
+ we use ap_pfopen to open these files to handle timeouts.
+ [Jim Jagielski, Martin Kraemer]
+
+ *) Apache will now log the reason its httpd children exit if they exit
+ due to an unexpected signal. (It requires a new porting define,
+ SYS_SIGLIST, which if defined should point to a list of text
+ descriptions of the signals available. See PORTING.) [Dean Gaudet]
+
+ *) WIN32: chdir() doesn't make sense in a multithreaded environment
+ like WIN32. Before, Win32 CGI's could have had sporadic failures
+ if a chdir call from one thread was made between another chdir call
+ and a spawn in another thread. So, for now don't chdir for CGI scripts
+ in WIN32. The current CGI "spec" is unclear as to whether it's
+ necessary. Long-term fix is to either serialize the chdir/spawn combo
+ or use WIN32 native calls to spawn a process. This temp fix was
+ necessary to remove this as a showstopper for 1.3's release.
+ [Brian Behlendorf]
+
+ *) Cleanup the suEXEC support in APACI and make it more safe:
+ 1. Add big fat hint in INSTALL about risks and to read the
+ htdocs/manual/suexec.html document before using the suexec-related
+ configure options.
+ 2. Make sure the user has at least provided one --suexec-xxxx option
+ (specifies suEXEC parameters) in addition to --enable-suexec option.
+ If only --enable-suexec is given APACI stops with a hint to INSTALL
+ and htdocs/manual/suexec.html documents.
+ 3. Provide two additional --suexec-xxxx options to make the suEXEC
+ configuration complete (especially for package maintainers who else
+ had to patch the source tree) by providing ways to configure minimal
+ UID/GID and safe PATH, too.
+ [Ralf S. Engelschall]
+
+ *) Cleanup of the `configure --shadow' process:
+ - make sure the configure script creates its temporary files in the
+ shadow tree to avoid conflicts with parallel configure runs
+ - removed unnecessary option "-r" from "rm" call for Makefiles
+ - make sure the configure scripts creates the shadow-wrapper Makefile
+ only when no shadow trees already exists
+ - make sure "make distclean" removes the shadow-wrapper Makefile but only
+ when no more shadow trees exists
+ - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice
+ as fast (in the past it needed 70sec, now it runs just 38sec)
+ - make sure CVS does not complain about the created files
+ Makefille.<gnutriple> and directories src.<gnutriple>
+ [Ralf S. Engelschall]
+
+ *) Added the ap_add_version_component() API routine and the
+ AddVersionPlatform core directive. The first allows modules to
+ declare themselves in the Server response header field value,
+ augmenting the SERVER_SUBVERSION define in the Configuration file
+ with run-time settings (more useful in a loadable-module environment).
+ AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)"
+ into the server version string. [Ken Coar] PR#2056
+
+ *) Minor stability tweaks to avoid core dumps in ap_snprintf.
+ [Martin Kraemer]
+
+ *) Emit the "Accept-Range" header for the default handler.
+ [Brian Behlendorf] PR#1464
+
+ *) Add a note to httpd.conf-dist that apache will on some systems fail
+ to start when the Group # is set to a negative or large positive value.
+ [Martin Kraemer]
+
+ *) Make sure the module execution order is correct even when some modules
+ are loaded under runtime (`LoadModule') via the DSO mechanism:
+ 1. The list of loaded modules is now a dynamically allocated one
+ and not the original statically list from modules.c
+ 2. The loaded modules are now correctly setup by LoadModule for
+ later use by the AddModule command.
+ 3. When the DSO mechanism for modules is used APACI's `install'
+ target now enables all created `LoadModule' lines per default because
+ this is both already expected by the user _and_ needed to avoid
+ confusion with the next point and reduces the Makefile.tmpl complexity
+ 4. When the DSO mechanism for modules is used, APACI's `install'
+ target now additionally makes sure the module list is reconstructed
+ via a complete `ClearModuleList+AddModule...' entry.
+ 5. The support tool `apxs' now also makes sure an AddModule command
+ is added in addition to the LoadModule command.
+ 6. The modules.c generation was extended to now contain two
+ comments to make sure no one is confused by the confusing terminology
+ of loading/linking (we use load=link+load & link=activate instead of
+ the obvious load=activate & link=link :-( )
+ This way now there is no longer a difference under execution time between
+ statically and dynamically linked modules.
+ [Ralf S. Engelschall]
+
+ *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the
+ Big Symbol Renaming. [Ralf S. Engelschall]
+
+ *) Add a comment to mod_example.c showing the format of a FLAG command
+ handler. [Ken Coar]
+
+ *) Standardized the time format in mod_status to match that of other
+ places in the code (e.g. DATE_GMT). PR#1551
+
+ *) Fix handling of %Z in timefmt strings for those platforms with no time
+ zone information in their tm struct. [Paul Eggert <eggert@twinsun.com>]
+ PR#754
+
+ *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature
+ feature compatible with 'UseCanonicalName off' by changing
+ r->server->server_hostname to ap_get_server_name(). And I changed some
+ functions which use r->server->port to use ap_get_server_port() instead,
+ because if there's no Port directive in the config r->server->port is 0.
+ [Lars Eilebrecht]
+
+ *) get/set_module_config are trivial enough to be better off inline. Worth
+ 1.5% performance boost. [Dean Gaudet]
+
+ *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c
+ when ensuring 'x' is at least 30-chars big. [Jim Jagielski,
+ Brian Behlendorf]
+
+ *) [BS2000 security] BS2000 needs an extra authentication to initialize
+ the task environment to the unprivileged User id. Otherwise CGI scripts
+ would have a way to gain super user access. [Martin Kraemer]
+
+ *) Fix debug log messages for BS2000/OSD: instead of logging the whole
+ absolute path, only log base name of logging source as is done
+ in unix. [Martin Kraemer]
+
+ *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in
+ the encoding type from the Accept-Encoding header (if it's there)
+ and use it in the response, as that's probably what it'll be expecting.
+ [Ronald.Tschalaer@psi.ch]
+
+ *) Fix to mod_alias: translate_alias_redir is dealing with
+ a URI, not a filename, so the check for drive letters for win32
+ and emx is not necessary. [Dean Gaudet]
+
+ *) WIN32: Allow .cmd as an executable extension.
+ [Kari Likovuori <Kari.Likovuori@mol.fi>] PR#2146
+
+ *) Make Apache header files, and some variables, C++ friendly.
+ [Michael Anderson's <mka@redes.int.com.mx>]
+
+ *) Child processes can now "signal" (by exiting with a status
+ of APEXIT_CHILDFATAL) the parent process to abort and
+ shutdown the server if the error in the child process was
+ fatal enough. [Jim Jagielski]
+
+ *) mod_autoindex's find_itme() was sensitive to MIME type case.
+ [Jim Jagielski] PR#2112
+
+ *) Make sure the referer_log and agent_log entries in the default httpd.conf
+ file are also adjusted for the actual relative installation paths.
+ [Ralf S. Engelschall] PR#2175
+
+ *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]
+
+ *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie]
+ PR#1558
+
+ *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3.
+ Additionally the checks for finding the vendor DSO library were moved
+ from mod_so.c to Configure because first it needs $PLAT etc. and second
+ mod_so already uses an abstraction layer and does not fiddle with the
+ vendor functions itself.
+ [Jens-Uwe Mager, Ralf S. Engelschall]
+
+ *) PORT: Some optimization defines for NetBSD
+ [Jaromir Dolecek <dolecek@ics.muni.cz>] PR#2165
+
+ *) PORT: Dynamic Shared Object (DSO) support for NetBSD.
+ [Jaromir Dolecek <dolecek@ics.muni.cz>, Ralf S. Engelschall] PR#2158
+
+ *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older
+ AIX variants should work fine, too. Even AIX 3.x should work). This is
+ accomplished by using the free DSO emulation code from Jens-Uwe Mager
+ which we put into a os/unix/os-dso-aix.c file.
+ [Ralf S. Engelschall]
+
+ *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply
+ that we should use NET_SIZE_T == int but the include files force size_t.
+ [Ralf S. Engelschall]
+
+ *) Fix two bugs in select() handling in http_main.c.
+ [Roy Fielding]
+
+ *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO
+ is unset (as it is in situations like timeouts) where it is unclear
+ whether errno is set or not. [Martin Kraemer]
+
+ *) Just having APACI's localstatedir is too general and not enough for most
+ of the systems. 1.3b6 again required manual APACI patches by package
+ maintainers from RedHat and FreeBSD because for their filesystem layout a
+ little bit more flexibility in configuring the paths is needed. Hence we
+ provide three additional configure options (--runtimedir, --logfiledir,
+ --proxycachedir) which now can be used for more granular adjustments if
+ --localstatedir is not enough to fit the particular needs. As a nice
+ side-effect this reduces some subdir fiddling in configure+Makefile.tmpl.
+ [Ralf S. Engelschall]
+
+ *) Make the install root for "make install" in APACI's Makefile overrideable
+ by package authors. This way we are even more friendly to package
+ maintainers (especially Debian and RedHat) who build for the real prefix
+ via "configure --prefix=/<real>" but use a different local prefix via
+ "make root=/tmp/apache install" for rolling the package without bristling
+ the target location on their system.
+ [Ralf S. Engelschall]
+
+ *) Workaround sed limitations in APACI's configure script by now
+ substituting in chunks of 50 commands (because for instance HPUX's vendor
+ sed has a limit of max. 98 commands)
+ [Ralf S. Engelschall] PR#2136
+
+ *) Adding SOCKS5 support and fixing existing SOCKS4 support.
+ [Ralf S. Engelschall] PR#2140
+
+ *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG
+ RENAMING process because they are defined as pre-processor macros instead
+ of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd
+ [Ralf S. Engelschall]
+
+ *) Workaround braindead AWK's when generating ap_config.h: The split() and
+ substr() functions cannot be nested under vendor AWK from Solaris 2.6.
+ [Ralf S. Engelschall] PR#2139
+
+ *) Various bugfixes and cleanups for the APACI configure script:
+ o fix IFS handling for _nested_ situation
+ o fix Perl interpreter search: take first one found instead of last one
+ o fix DSO consistency check
+ o print error messages to stderr instead of stdout
+ o add install-quiet for --shadow situation to Makefile stub
+ o reduce complexity by avoiding sed-hacks for rule and module list loops
+ [Ralf S. Engelschall]
+
+ *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
+
+ *) Make sure the input field separator (IFS) shell variable is explicitly
+ initialized correctly before _every_ `for' loop and also restored after
+ the loops. [Ralf S. Engelschall]
+
+ *) Make sure that "make install" doesn't overwrite the `mime.types' and
+ `magic' files from an existing Apache installation. Because people often
+ customize these for own MIME and content types.
+ [Ralf S. Engelschall]
+
+ *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x
+ [Peter Galbavy, Ralf S. Engelschall] PR#2109
+
+ *) Fix the path to the ScoreBoardFile in the install-config target, too.
+ [Ralf S. Engelschall] PR#2105
+
+ *) Let "configure" clear out the users parameters (provided as shell
+ variables) to avoid side-effects in "src/Configure" when the user
+ exported them (which is not needed, but some users do it).
+ [Ralf S. Engelschall] PR#2101
+
+ *) Provide backward compatibility from some old src/Configuration.tmpl
+ parameter names to the canonical Autoconf-style shell variable names. For
+ instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now
+ but a hint message is displayed. [Ralf S. Engelschall]
+
+ *) Make sure that "make install" doesn't overwrite the DocumentRoot and
+ CGI scripts from an existing Apache installation.
+ [Ralf S. Engelschall, Jim Jagielski] PR#2084
+
+ *) Make `configure --compat' more "compatible" by first
+ let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and
+ second by making sure the "avoid-bristling-suffix" /apache is not
+ appended to sysconfdir, datadir, localstatedir and includedir when
+ --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]
+
+ *) NeXT required strdup() in support/logresolve.c
+ [Francisco Tomei <fatomei@sandburg.unm.edu>] PR#2082
+
+ *) AIX required sys/select.h in support/ab.c
+ [Jens Schleusener <Jens.Schleusener@dlr.de>] PR#2081
+
+ *) Fix the path to the MimeMagicFile in the install-config target, too.
+ [Ralf S. Engelschall] PR#2089
+
+ *) PORT: Added HP-UX 11 patches [Jeff Earickson <jaearick@colby.edu>]
+
+ *) If you start apache with the -S command line option it will dump
+ out the parsed vhost settings. This is useful for folks trying
+ to figure out what is wrong with their vhost configuration.
+ (Other dumps may be added in the future.) [Dean Gaudet]
+
+ *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf,
+ ap_snprintf, and ap_psprintf). See include/ap.h for docs.
+ [Dean Gaudet]
+
+ *) Because /usr/local/apache is the default prefix the ``configure
+ --compat'' option no longer has to set prefix, again. This way the
+ --compat option honors a leading --prefix option. [Lars Eilebrecht]
+
+ *) PORT: Cast the first argument of dlopen() in ap_os_dso_load()
+ to `char *' under OSF1 and FreeBSD 2.x where it is defined this way
+ to avoid "discard const" warnings. [Ralf S. Engelschall]
+
+ *) If a specific handler is set for a file yet the request still
+ ends up being handled by the default handler, log an error
+ message before handling it. This catches things such as trying
+ to use SSIs without mod_include enabled. [Marc Slemko]
+
+ *) Fix error logging for the startup case where ap_log_error() still uses
+ stderr as the target. Now the default log level is honored here, too.
+ [Ralf S. Engelschall]
+
+ *) PORT: Make sure some AWK's don't fail in src/Configure with "string too
+ long" errors when generating the MODULES entry for src/Makefile
+ [Ben Hyde, Ralf S. Engelschall]
+
+ *) Make sure src/Configure doesn't complain about the old directory
+ /usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]
+
+Changes with Apache 1.3b6
+
+ *) PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde]
+
+ *) Adding DSO support for the HP/UX platform by emulating the dlopen-style
+ interface via the similar but proprietary HP/UX shl_xxx-style system
+ calls. [Ralf S. Engelschall]
+
+ *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made
+ APACI Makefile.tmpl "install" target more robust for sensible UnixWare
+ Make. [Ralf S. Engelschall]
+
+ *) ++++ THE BIG SYMBOL RENAMING ++++
+ To avoid symbol clashes with third-party code compiled into the server,
+ we globally applied the prefix "ap_" to the following classes of
+ functions:
+ - Apache provided general functions (e.g., ap_cpystrn)
+ - Public API functions (e.g., palloc, bgets)
+ - Private functions which we can't make static (because of
+ cross-object usage) but should be (e.g., new_connection)
+ For backward source compatibility a new header file named compat.h was
+ created which provides defines for the old symbol names and can be used
+ by third-party module authors.
+ [The Apache Group]
+
+ *) Added dynamic shared object (DSO) support for SVR4-derivates: The
+ problem under SVR4 is that there is no command flag to force the linker
+ to export the global symbols of the httpd executable therewith they are
+ available to the DSO's. Instead of problematic hacks like creating a
+ dummy.so file (containing dummy references to all global symbols) the
+ httpd binary is linked against, we use a clean trick stolen from Perl 5:
+ Placing the Apache core code itself into a DSO library named libhttpd.so.
+ This way the global symbols _HAVE_ to be exported and thus are available
+ to any manually loaded DSO's under runtime. To reduce the impact to the
+ user to null we go even further and create a stub httpd executable which
+ automatically keeps track of the DSO library loading itself and thus
+ hides the complete mechanism from the user. Although the generation of
+ this DSO library is automatically triggered for platforms which
+ essentially need it (mostly all SVR4-derivates) it can be also enabled
+ manually via the Rule SHARED_CORE. This can be interesting in the future
+ where we perhaps exploit this libhttpd.so mechanism for providing nifty
+ features like graceful upgrades, or whatever.
+ [Ralf S. Engelschall, Martin Kraemer]
+
+ *) Build the libraries before building the rest of the tools. [Ben Hyde]
+
+ *) Add "distclean" target to src/-Makefiles to provide "make distclean" also
+ inside the src subtree (i.e. for non-APACI users). Following GNU Makefile
+ conventions while "clean" removes only stuff created by "all" targets,
+ "distclean" additionally removes the stuff from the configuration
+ process. This way "make distclean" (hence the name) provides a fresh
+ source tree as it was for distribution.
+ [Ralf S. Engelschall]
+
+ *) Allow top-level (APACI) Makefile to break on build errors
+ the same way the src/ subtree Makefiles breaks on them by replacing the
+ initial APACI sed-subdir-display-kludge with a more clean
+ variable-passing-solution: variable SDP can optionally hold the subdir
+ prefix which is consistently used for displaying the subdir movement.
+ This way even the top-level Makefile can stop correctly on errors as the
+ user expects. [Ralf S. Engelschall]
+
+ *) Fixed ordering of argument checks for RewriteBase directive.
+ [Todd Eigenschink <eigenstr@mixi.net>] PR#2045
+
+ *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of
+ indicating that a module is being compiled for dynamic loading. Also
+ remove #define IS_MODULE from modules and add SHARED_MODULE define
+ to the mak/dsp files. [Alexei Kosut]
+
+ *) Reduce logging level of "normal" warning messages to APLOG_INFO,
+ since we are now logging APLOG_WARNING by default. [Roy Fielding]
+
+ *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard]
+
+ *) Add documentation file and src/Configuration.tmpl entry for the
+ experimental mod_mmap_static module. Because although it is and marked as
+ an experimental one it is distributed and thus should be documented and
+ prepared for configuration the same way as all others modules.
+ [Ralf S. Engelschall]
+
+ *) Add query (-q) option to apxs support tool to be able to manually query
+ specific settings from apxs. This is needed for instance when you
+ manually want to access Apache's header files and you need to assemble
+ the -I option. Now you can do -I`apxs -q INCLUDEDIR`.
+ [Ralf S. Engelschall]
+
+ *) Now src/Configure uses a fallback strategy for the shared object support
+ on platforms where no explicit information is available: If a Perl
+ installation exists we ask it about its shared object support and if it's
+ the dlopen-style one we shamelessly guess the compiler and linker flags
+ for creating shared objects from Perls knowledge. Of course, the user is
+ warning about what we are doing and informed that he should send us
+ the guessed flags when they work. [Ralf S. Engelschall]
+
+ *) Provide APACI --without-support option to be able to disable the build
+ and installation of the support tools from the src/support/ area.
+ Although its useful to have these installed per default we should provide
+ a way to compile and install without them for backward-compatibility.
+ [Ralf S. Engelschall]
+
+ *) Add of the new APache eXtenSion (apxs) support tool for building and
+ installing modules into an _already installed_ Apache package through the
+ dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that
+ this approach actually doesn't need the Apache source tree. The
+ (APACI-installed) server package is enough, because this now includes the
+ Apache C header files (PREFIX/include) and the new APXS tool
+ (SBINDIR/apxs). The intend is to provide a handy tool for third-party
+ module authors to build their Apache modules _OUTSIDE_ the Apache source
+ tree while avoiding them to fiddle around with the totally platform
+ dependend way of compiling DSO files. The tool supports all ranges of
+ modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3
+ which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can
+ on-the-fly generate a minimalistic Makefile and sample module for the
+ first step to provide both a quick success event and to demonstrate the
+ APXS mechanism to module authors. [Ralf S. Engelschall]
+
+ *) Fix core dumps in use of CONNECT in proxy.
+ [Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942
+
+ *) Modify the log directives in httpd.conf-dist files to use CustomLog
+ so that users have examples of how CustomLog can be used.
+ [Lars Eilebrecht]
+
+ *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of
+ the Apache distribution tree. Until Apache 1.3 there was no real
+ out-of-the-box batch-capable build and installation procedure for the
+ complete Apache package. This is now provided by a top-level "configure"
+ script and a corresponding top-level "Makefile.tmpl" file. The goal is
+ to provide a GNU Autoconf-style frontend which is capable to both drive
+ the old src/Configure stuff in batch and additionally installs the
+ package with a GNU-conforming directory layout. Any options from the old
+ configuration scheme are available plus a lot of new options for flexibly
+ customizing Apache. [Ralf S. Engelschall]
+
+ *) The floating point ap_snprintf code wasn't threadsafe.
+ Had to remove the HAVE_CVT macro in order to do threadsafe
+ calling of the ?cvt() floating point routines. [Dean Gaudet]
+
+ *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962
+
+ *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler
+ [Jim Jagielski] PR#1901
+
+ *) BUG: Configure was using TCC and CC inconsistently. Make sure
+ Configure knows which CC we are using. [Jim Jagielski]
+
+ *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec"
+ was defined in a parent directory. [Lars Eilebrecht]
+
+ *) API: ap_snprintf() code mutated into ap_vformatter(), which is
+ a generic printf-style routine that can call arbitrary output
+ routines. Use this to replace http_bprintf.c. Add new routines
+ psprintf(), pvsprintf() which allocate the exact amount of memory
+ required for a string from a pool. Use psprintf() to clean up
+ various bits of code which used ap_snprintf()/pstrdup().
+ [Dean Gaudet]
+
+ *) PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because
+ ap_snprintf() has different semantics and formatting codes than
+ snprintf(). [Dean Gaudet]
+
+ *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This
+ is necessary on at least Solaris where the /etc/rc?.d scripts
+ are run with these signals ignored, and "SIG_IGN" settings are
+ maintained across exec().
+ [Rein Tollevik <reint@sys.sol.no>] PR#2009
+
+ *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was
+ used instead of lstat() and thus this flag didn't work as expected.
+ [Rein Tollevik <reint@sys.sol.no>] PR#2010
+
+ *) Fix the proxy pass-through feature of mod_rewrite for the case of
+ existing QUERY_STRING now that mod_proxy was recently changed because of
+ the new URL parsing stuff. [Ralf S. Engelschall]
+
+ *) A few changes to scoreboard definitions which helps gcc generate
+ better code. [Dean Gaudet]
+
+ *) ANSI C doesn't guarantee that "int foo : 2" in a structure will
+ be a signed bitfield. So mark a few bitfields as signed to
+ ensure correct code. [Dean Gaudet]
+
+ *) The default for HostnameLookups was changed to Off, but there
+ was a problem and it wasn't taking effect. [Dean Gaudet]
+
+ *) PORT: Clean up undefined signals on some platforms (SCO, BeOS).
+ [Dean Gaudet]
+
+ *) After a SIGHUP the listening sockets in the parent weren't
+ properly marked for closure on fork().
+ [Jürgen Keil <jk@tools.de>] PR#2000
+
+ *) Allow %2F in two situations: 1) it is in the query part of the URI,
+ therefore not exposed to %2F -> '/' translations and 2) the request
+ is a proxy request, so we're not dealing with a local resource anyway.
+ Without this, the proxy would fail to work for any URL's with
+ %2f in them (occurs quite often in
+ http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer]
+
+ *) Protect against FD_SETSIZE mismatches. [Dean Gaudet]
+
+ *) Make the shared object compilation command more portable by avoiding
+ the direct combination of `-c' & `-o' which is not honored by some
+ compilers like UnixWare's cc. [Ralf S. Engelschall]
+
+ *) WIN32: the proxy was creating filenames missing the last four
+ characters. While this normally doesn't stop anything from
+ working, it can result in extra collisions.
+ [Tim Costello <tjcostel@socs.uts.edu.au>] PR#1890
+
+ *) Now mod_proxy uses the response string (in addition to the response status
+ code) from the already used FTP SIZE command to setup the Content-Length
+ header if available. [Ralf S. Engelschall] PR#1183
+
+ *) Reanimated the (still undocumented) proxy receive buffer size directive:
+ Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old
+ name was really too generic, added documentation for this directive to
+ the mod_proxy.html and corrected the hyperlink to it in the
+ new_features_1.3.html document. [Ralf S. Engelschall] PR#1348
+
+ *) Fix a bug in the src/helpers/fp2rp script and make it a little bit
+ faster [Martin Kraemer]
+
+ *) Make Configure die when you give it an unknown command switch.
+ [Ben Hyde]
+
+ *) Add five new and fresh manpages for the support programs: dbmmanage.1,
+ suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date
+ and per default compiled support programs have manual pages - just to
+ document our stuff a little bit more and to be able to do really
+ Unix-like installations ;-) [Ralf S. Engelschall]
+
+ *) Major cleanups to the Configure script to make it and its generated
+ Makefiles again readable and maintainable: add SRCDIR option, removed
+ INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of
+ generated sections, consequently added Makefile headers with inheritance
+ information, added subdir movement messages for easier following where
+ the build process currently stays (more verbose then standard Make, less
+ verbose than GNU make), same style to comments in the Configure script,
+ added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall]
+
+ *) Add the new ApacheBench program "ab" to src/support/: This is derived
+ from the ZeusBench benchmarking program and can be used to determine the
+ response performance of an Apache installation. This version is
+ officially licensed with Zeus Technology, Ltd. See the license agreement
+ statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core.
+ [Ralf S. Engelschall]
+
+ *) API: Various core functions that are definately not part of the API
+ have been made static, and a few have been marked API_EXPORT. Still
+ more have been marked CORE_EXPORT and are not intended for general
+ use by modules. [Doug MacEachern, Dean Gaudet]
+
+ *) mod_proxy was not clearing the Proxy-Connection header from
+ requests; now it does. This did not violate any spec, however
+ causes poor interactions when you are talking to remote proxies.
+ [Marc Slemko] PR#1741
+
+ *) Various cleanups to the command line interface and manual pages.
+ [Ralf S. Engelschall]
+
+ *) cfg_getline() was not properly handling lines that did not end
+ with a line termination character. [Marc Slemko] PR#1869, 1909
+
+ *) Performance tweak to mod_log_config. [Dmitry Khrustalev]
+
+ *) Clean up some undocumented behavior of mod_setenvif related to
+ "merging" two SetEnvIf directives when they match the same header
+ and regex. Document that mod_setenvif will perform comparisons in
+ the order they appear in the config file. Optimize mod_setenvif by
+ doing more work at config time rather than at runtime.
+ [Dean Gaudet]
+
+ *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's
+ to allow for modules to overrule them and to reduce redefinition
+ warnings [Jim Jagielski]
+
+ *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3.
+ [Jim Jagielski]
+
+ *) Making the hard-coded cross-module function call mime_find_ct() (from
+ mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type
+ checking is really called even for proxy requests except for URLs with
+ HTTP schemes (because there we can optimize by not running the type
+ checking hooks due to the fact that the proxy gets the MIME Content-type
+ from the remote host later). This change cleans up mod_mime by removing
+ the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and
+ especially unbundles mod_proxy and mod_mime. This way they both now can
+ be compiled as shared objects and are no longer tied together.
+ [Ralf S. Engelschall]
+
+ *) util.c cleanup and speedup. [Dean Gaudet]
+
+ *) API: Clarification, pstrndup() will always copy n bytes of the source
+ and NUL terminate at the (n+1)st byte. [Dean Gaudet]
+
+ *) Mark module command_rec and handler_rec structures const so that they
+ end up in the read-only data section (and are friendlier to systems
+ that don't do optimistic memory allocation on fork()). [Dean Gaudet]
+
+ *) Add check to the "Port" directive to make sure the specified
+ port is in the appropriate range. [Ben Hyde]
+
+ *) Performance improvements to invoke_handler().
+ [Dmitry Khrustalev <dima@bog.msu.su>]
+
+ *) Added support for building shared objects even for library-style modules
+ (which are built from more than one object file). This now provides the
+ ability to build mod_proxy as a shared object module. Additionally
+ modules like mod_example are now also supported for shared object
+ building because the generated Makefiles now no longer assume there is at
+ least one statically linked module. [Ralf S. Engelschall]
+
+ *) API: Clarify usage of content_type, handler, content_encoding,
+ content_language and content_languages fields in request_rec. They
+ must always be lowercased; and the strings pointed to shouldn't
+ be modified (you must copy them to modify them). Fix a few bugs
+ related to this. [Dean Gaudet]
+
+ *) API: Clarification: except for RAW_ARGS, all command handlers can
+ treat the char * parameters as permanent, and modifiable. There
+ is no need to pstrdup() them. Clean up some needless pstrdup().
+ [Dean Gaudet]
+
+ *) Now mod_so keeps track of which module shared objects with which names
+ are loaded and thus avoids multiple loading and unloading and irritating
+ error_log messages. [Ralf S. Engelschall]
+
+ *) Prior to the existence of mod_setenv it was necessary to tweak the TZ
+ environment variable in the apache core. But that tweaking interferes
+ with mod_setenv. So don't tweak if the user has specified an explicit
+ TZ variable. [Jay Soffian <jay@cimedia.com>] PR#1888
+
+ *) rputs() did not calculate r->sent_bodyct properly.
+ [Siegmund Stirnweiss <siegst@kat.ina.de>] PR#1900
+
+ *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's
+ name, or left unset if this value is unavailable. Apache was setting
+ it to the IP address when unavailable.
+ [Tony Finch <fanf@demon.net>] PR#1925
+
+ *) Various improvements to the configuration and build support for compiling
+ modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and
+ OSF1 support with GCC and vendor compilers was added. This way shared
+ object support is now provided out-of-the-box for FreeBSD, Linux,
+ Solaris, SunOS, IRIX and OSF1. In short: On all major platforms!
+ [Ralf S. Engelschall]
+
+ *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap"
+ scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD
+ and USE_OS2_SCOREBOARD. [Dean Gaudet]
+
+ *) Fix one more special locking problem for RewriteMap programs in
+ mod_rewrite: According to the documentation of flock(), "Locks are on
+ files, not file descriptors. That is, file descriptors duplicated
+ through dup(2) or fork(2) do not result in multiple instances of a lock,
+ but rather multiple references to a single lock. If a process holding a
+ lock on a file forks and the child explicitly unlocks the file, the
+ parent will lose its lock.". To overcome this we have to make sure the
+ RewriteLock file is opened _AFTER_ the childs were spawned which is now
+ the case by opening it in the child_init instead of the module_init API
+ hook. [Ralf S. Engelschall] PR#1029
+
+ *) Change to Location and LocationMatch semantics. LocationMatch no
+ longer lets a single slash match multiple adjacent slashes in the
+ URL. This change is for consistency with RewriteRule and
+ AliasMatch. Multiple slashes have meaning in URLs that they do
+ not have in (some) filesystems. Location on the other hand can
+ be considered a shorthand for a more complicated regex, and it
+ does match multiple slashes with a single slash -- which is
+ also consistent with the Alias directive.
+ [Dean Gaudet] related PR#1440
+
+ *) Fix bug with mod_mime_magic causing certain files, including files
+ of length 0, to result in no response from the server.
+ [Dean Gaudet]
+
+ *) The Configure script now generates src/include/ap_config.h which
+ contains the set of defines used when Apache is compiled on a platform.
+ This file can then be included by external modules before including
+ any Apache header files in case they are being built separately from
+ Apache. Along with this change, a couple of minor changes were
+ made to make Apache's #defines coexist peacefully with any autoconf
+ defines an external module might have. [Rasmus Lerdorf]
+
+ *) Fix mod_rewrite for the ugly API case where <VirtualHost> sections exist
+ but without any RewriteXXXXX directives. Here mod_rewrite is given no
+ chance by the API to initialize its per-server configuration and thus
+ receives the wrong one from the main server. This is now avoided by
+ remembering the server together with the config structure while
+ configuring and later assuming there is no config when we see a
+ difference between the remembered server and the one calling us.
+ [Ralf S. Engelschall] PR#1790
+
+ *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now
+ is automatically disabled under configure time when the dbm_xxx functions
+ are not available. Second, two heavy source code errors in the DBM
+ support code were fixed. This makes DBM RewriteMap's usable again after
+ a long time of brokenness. [Ralf S. Engelschall] PR#1696
+
+ *) Now all configuration files support Unix-style line-continuation via
+ the trailing backslash ("\") character. This enables us to write down
+ complex or just very long directives in a more readable way. The
+ backslash character has to be really the last character before the
+ newline and it has not been prefixed by another (escaping) backslash.
+ [Ralf S. Engelschall]
+
+ *) When using ProxyPass the ?querystring was not passed correctly.
+ [Joel Truher <truher@wired.com>]
+
+ *) To deal with modules being compiled and [dynamically] linked
+ at a different time from the core, the SERVER_VERSION and
+ SERVER_BUILT symbols have been abstracted through the new
+ API routines apapi_get_server_version() and apapi_get_server_built().
+ [Ken Coar] PR#1448
+
+ *) WIN32: Preserve trailing slash in canonical path (and hence
+ in PATH_INFO). [Paul Sutton, Ben Laurie]
+
+ *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable
+ depending on the rev of Solaris and what mixture of modules
+ are in use. So it has been disabled, and Solaris is back to
+ using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with
+ USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed
+ up static content only servers. Or it may fail unpredictably.
+ [Dean Gaudet] PR#1779, 1854, 1904
+
+ *) mod_test_util_uri.c created which tests the logic in util_uri.c.
+ [Dean Gaudet]
+
+ *) API: Rewrite of absoluteURI handling, and in particular how
+ absoluteURIs match vhosts. Unless a request is a proxy request, a
+ "http://host" url is treated as if a similar "Host:" header had been
+ supplied. This change was made to support future HTTP/1.x protocols
+ which may require clients to send absoluteURIs for all requests.
+
+ In order to achieve this change subtle changes were made to the API. In a
+ request_rec, r->hostlen has been removed. r->unparsed_uri now exists so
+ that the unmodified uri can be retrieved easily. r->proxyreq is not set
+ by the core, modules must set it during the post_read_request or
+ translate_names phase.
+
+ Plus changes to the virtualhost test suite for absoluteURI testing.
+
+ This fixes several bugs with the proxy proxying requests to vhosts
+ managed by the same httpd.
+ [Dean Gaudet]
+
+ *) API: Cleanup of code in http_vhost.c, and remove vhost matching
+ code from mod_rewrite. The vhost matching is now performed by a
+ globally available function matches_request_vhost(). [Dean Gaudet]
+
+ *) Reduce memory usage, and speed up ServerAlias support. As a
+ side-effect users can list multiple ServerAlias directives
+ and they're all considered.
+ [Chia-liang Kao <clkao@cirx.org>] PR#1531
+
+ *) The "poly" directive in image maps did not include the borders of the
+ polygon, whereas the "rect" directive does. Fix this inconsistency.
+ [Konstantin Morshnev <moko@design.ru>] PR#1771
+
+ *) Make \\ behave as expected. [Ronald.Tschalaer@psi.ch]
+
+ *) Add the `%a' construct to LogFormat and CustomLog to log the client IP
+ address. [Todd Eigenschink <eigenstr@mixi.net>] PR#1885
+
+ *) API: A new source module main/util_uri.c; It contains a routine
+ parse_uri_components() and friends which breaks a URI into its component
+ parts. These parts are stored in a uri_components structure called
+ parsed_uri within each request_rec, and are available to all modules.
+ Additionally, an unparse routine is supplied which re-assembles the URI
+ components back to an URI, optionally hiding the username:password@ part
+ from ftp proxy requests, and other useful routines. Within the structure,
+ you find on a ready-for-use basis:
+ scheme; /* scheme ("http"/"ftp"/...) */
+ hostinfo; /* combined [user[:password]@]host[:port] */
+ user; /* user name, as in http://user:passwd@host:port/ */
+ password; /* password, as in http://user:passwd@host:port/ */
+ hostname; /* hostname from URI (or from Host: header) */
+ port_str; /* port string (integer representation is in "port") */
+ path; /* the request path (or "/" if only scheme://host was given) */
+ query; /* Everything after a '?' in the path, if present */
+ fragment; /* Trailing "#fragment" string, if present */
+ This is meant to serve as the platform for *BIG* savings in
+ code complexity for the proxy module (and maybe the vhost logic).
+ [Martin Kraemer]
+
+ *) Make all possible meta-construct expansions ($N, %N, %{NAME} and
+ ${map:key}) available for all location where a string is created in
+ mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of
+ RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the
+ possible expansions are consequently usable at all string creation
+ locations. [Ralf S. Engelschall]
+
+ *) Fix initialization of RewriteLogLevel (default now is 0 as documented
+ and not 1) and the per-virtual-server merging of directives. Now all
+ directives except `RewriteEngine' and `RewriteOption' are either
+ completely overridden (default) or completely inherited (when
+ `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325
+
+ *) Fix `RewriteMap' program lookup in situations where such maps are
+ defined but disabled (`RewriteEngine off') in per-server context.
+ [Ralf S. Engelschall] PR#1431
+
+ *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause
+ server to bind to port 0 rather than 80. [Dean Gaudet]
+
+ *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates
+ (like SunOS and FreeBSD) which don't accept the locking of pipes
+ directly. A new directive RewriteLock is introduced which can be used to
+ setup a separate locking file which then is used for synchronization.
+ [Ralf S. Engelschall] PR#1029
+
+ *) WIN32: The server root is obtained from the registry key
+ HKLM\SOFTWARE\Apache Group\Apache\<version> (version is currently
+ "1.3 beta"), unless overridden by the -d command line flag. The
+ value is stored by running "apache -i -d serverroot". [Paul Sutton]
+
+ *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support
+ dynamic loading on Win32 and Unix via the same module. [Paul Sutton]
+
+ *) Now mod_rewrite no longer makes problematic assumptions on the characters
+ a username can contain when trying to expand it via /etc/passwd.
+ [Ralf S. Engelschall]
+
+ *) The mod_setenvif BrowserMatch backwards compatibility command did not
+ work properly with spaces in the regex. [Ronald Tschalaer] PR#1825
+
+ *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt'
+ type but with a special post-processing for the looked-up value: It
+ parses it into alternatives according to `|' chars and then only one
+ particular alternative is chosen randomly (this is an essential
+ functionality needed for balancing between backend-servers when using
+ Apache as a Reverse Proxy. The looked up value here is a list of
+ servers). Second, `int' with the built-in maps named `tolower' and
+ `toupper' which can be used to map URL parts to a fixed case (this is an
+ essential feature to fix the case of server names when doing mass
+ virtual-hosting with the help of mod_rewrite instead of using
+ <VirtualHost> sections). [Ralf S. Engelschall, parts based on code from
+ Jay Soffian <jay@cimedia.com>] PR#1631
+
+ *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'.
+ This directive lets Apache adjust the URL in Location-headers on HTTP
+ redirect responses sent by the remote server. This way the virtually
+ mapped area is no longer left on redirects and thus by-passed which is
+ especially essential when running Apache as a reverse proxy.
+ [Ralf S. Engelschall]
+
+ *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is
+ hidden. [Alvaro Martinez Echevarria]
+
+ *) Apache will, when started with the -X (single process) debugging flag,
+ honor the SIGINT or SIGQUIT signals again now. This capability got lost
+ a while ago during OS/2 signal handling changes.
+
+ *) [PORT] Work around the fact that NeXT runs on more than the
+ m68k chips in mod_status [Scott Anguish and Timothy Luoma
+ <luomat@peak.org>]
+
+ *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well
+ as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov
+ <ache@nagual.pp.ru> and Jim] PR#1450
+
+ *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers.
+ In particular the handlers could trigger themselves into an infinite
+ loop if RLimitMem was used with a small amount of memory -- too small
+ for the signal stack frame to be set up. [Dean Gaudet]
+
+ *) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet,
+ Alvaro Martinez Echevarria <alvaro@lander.es>]
+
+ *) Fix multiple UserDir problem introduced during 1.3b4-dev.
+ [Dean Gaudet] PR#1850
+
+ *) ap_cpystrn() had an off-by-1 error.
+ [Charles Fu <ccwf@klab.caltech.edu>] PR#1847
+
+ *) API: As Ken suggested the check_cmd_context() function and related
+ defines are non-static now so modules can use 'em. [Martin Kraemer]
+
+ *) mod_info would occasionally produce an unpaired <tt> in its
+ output. Fixed. [Martin Kraemer]
+
+ *) By default AIX binds a process (and it's children) to a single
+ processor. httpd children now unbind themselves from that cpu
+ and re-bind to one selected at random via bindprocessor()
+ [Doug MacEachern]
+
+ *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no
+ effect. Work around it by using RLIMIT_AS for the RLimitMEM
+ directive. [Enrik Berkhan <enrik@inka.de>] PR#1816
+
+ *) mod_mime_magic error message should indicate the filename when
+ reads fail. ["M.D.Parker" <mdpc@netcom.com>] PR#1827
+
+ *) Previously Apache would permit </Files> to end <FilesMatch> (and
+ similary for Location and Directory), now this is diagnosed as an
+ error. Improve error messages for mismatched sections (<Files>,
+ <FilesMatch>, <Directory>, <DirectoryMatch>, ...).
+ [Dean Gaudet, Martin Kraemer]
+
+ *) <Files> is not permitted within <Location> (because of the
+ semantic ordering). [Dean Gaudet] PR#379
+
+ *) <Files> with wildcards was broken by the change in wildcard
+ semantics (* does not match /). To fix this, <Files> now
+ apply only to the basename of the request filename. This
+ fixes some other inconsistencies in <Files> semantics
+ (such as <Files a*b> not working). [Dean Gaudet] PR#1817
+
+ *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure
+ backup files are removed on "clean" target [Ralf S. Engelschall]
+
+ *) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639
+
+ *) Various errors from select() and accept() in child_main() would
+ result in an infinite loop. It seems these two tickle kernel
+ or library bugs occasionally, and result in log spammage and
+ a generally bad scene. Now the child exits immediately,
+ which seems to be a good workaround.
+ [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588
+
+ *) Cleaned up some race conditions in unix child_main during
+ initialization. [Dean Gaudet]
+
+ *) SECURITY: "UserDir /abspath" without a * in the path would allow
+ remote users to access "/~.." and bypass access restrictions
+ (but note /~../.. was handled properly).
+ [Lauri Jesmin <jesmin@ut.ee>] PR#1701
+
+ *) API: os_is_path_absolute() now takes a const char * instead of a char *.
+ [Dean Gaudet]
+
+Changes with Apache 1.3b5
+
+ *) Source file dependencies in Makefile.tmpl files throughout the
+ source tree were updated to accurately reflect reality.
+ [Dean Gaudet]
+
+ *) Preserve the content encoding given by the AddEncoding directive
+ when the client doesn't otherwise specify an encoding.
+ [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>]
+
+ *) Sort out problems with canonical filename handling happening too late.
+ [Dean Gaudet, Ben Laurie]
+
+Changes with Apache 1.3b4
+
+ *) The module structure was modified to include a *dynamic_load_handle
+ in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER
+ has been bumped accordingly. [Paul Sutton]
+
+ *) All BrowserMatch directives mentioned in
+ htdocs/manual/known_client_problems.html are in the default
+ configuration files. [Lars Eilebrecht]
+
+ *) MiNT port update. [Jan Paul Schmidt]
+
+ *) HTTP/1.1 requires x-gzip and gzip encodings be treated
+ equivalent, similarly for x-compress and compress. Apache
+ now ignores a leading x- when comparing encodings. It also
+ preserves the encoding the client requests (for example if
+ it requests x-gzip, then Apache will respond with x-gzip
+ in the Content-Encoding header).
+ [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1772
+
+ *) Fix a memory leak on keep-alive connections. [Igor Tatarinov]
+
+ *) Added mod_so module to support dynamic loading of modules on Unix
+ (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule
+ instead of AddModule in Configuration to build shared modules
+ [Sameer Parekh, Paul Sutton]
+
+ *) Minor cleanups to r->finfo handling in some modules.
+ [Dean Gaudet]
+
+ *) Abstract read()/write() to ap_read()/ap_write().
+ Makes it easier to add other types of IO code such as SFIO.
+ [Randy Terbush]
+
+ *) API: Generalize default_port manipulations to make support of
+ different protocols easier. [Ben Laurie, Randy Terbush]
+
+ *) There are many cases where users do not want Apache to form
+ self-referential urls using the "canonical" ServerName and Port.
+ The new UseCanonicalName directive (default on), if set to off
+ will cause Apache to use the client-supplied hostname and port.
+ API: Part of this change required a change to the construct_url()
+ prototype; and the addition of get_server_name() and
+ get_server_port().
+ [Michael Douglass <mikedoug@texas.net>, Dean Gaudet]
+ PR#315, 459, 485, 1433
+
+ *) Yet another rearrangement of the source tree.. now all the common
+ header files are in the src/include directory. The -Imain -Iap
+ references in Makefiles have been changed to the simpler -Iinclude
+ instead. In addition to simplifying the build a little bit, this
+ also makes it clear when a module is referencing something in a
+ other than kosher manner (e.g., the proxy including mod_mime.h).
+ Module-private header files (the proxy, mod_mime, the regex library,
+ and mod_rewrite) have not been moved to src/include; nor have
+ the OS-abstraction files. [Ken Coar]
+
+ *) Fix a bug where r->hostname didn't have the :port stripped
+ from it. [Dean Gaudet]
+
+ *) Tweaked the headers_out table size, and the subprocess_env
+ table size guess in rename_original_environment(). Added
+ MAKE_TABLE_PROFILE which can help discover make_table()
+ calls that use too small an initial guess, see alloc.c.
+ [Dean Gaudet]
+
+ *) Options and AllowOverride weren't properly merging in the main
+ server setting inside vhosts (only an issue when you have no
+ <Directory> or other section containing an Options that affects
+ a request). Options +foo or -foo in the main_server wouldn't
+ affect the main_server's lookup defaults. [Dean Gaudet]
+
+ *) Variable 'cwd' was being used pointlessly before being set.
+ [Ken Coar] PR#1738
+
+ *) r->allowed handling cleaned up in the standard modules.
+ [Dean Gaudet]
+
+ *) Some case-sensitivity issues cleaned up to be consistent with
+ RFC2068. [Dean Gaudet]
+
+ *) SIGURG doesn't exist everywhere.
+ [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
+
+ *) mod_unique_id was erroneously generating a second unique id when
+ an internal redirect occured. Such redirects occur, for example,
+ when processing a DirectoryIndex match. [Dean Gaudet]
+
+ *) API: table_add, table_merge, and table_set include implicit pstrdup()
+ of the key and value. But in many cases this is not required
+ because the key/value is a constant, or the value has been built
+ by pstrcat() or other similar means. New routines table_addn,
+ table_mergen, and table_setn have been added to the API, these
+ routines do not pstrdup() their arguments. The core code and
+ standard modules were changed to take advantage of these routines.
+ The resulting server is up to 20% faster in some situations.
+
+ Note that it is easy to get code subtly wrong if you pass a key/value
+ which is in a pool other than the pool of the table. The only
+ safe thing to do is to pass key/values which are in the pool of
+ the table, or in one of the ancestors of the pool of the table.
+ i.e. if the table is part of a subrequest, a value from the main
+ request's pool is OK since the subrequest pool is a sub_pool of the
+ main request's pool (and therefore has a lifespan at most as long as
+ the main pool). There is debugging code which can detect improper
+ usage, enabled by defining POOL_DEBUG. See alloc.c for more details.
+ [Dmitry Khrustalev <dima@bog.msu.su>, Dean Gaudet]
+
+ *) More mod_mime_magic cleanup: fewer syscalls; should handle "files"
+ which don't exist on disk more gracefully; handles vhosts properly.
+ Update documentation to reflect the code -- if there's no
+ MimeMagicFile directive then the module is not enabled.
+ [Dean Gaudet]
+
+ *) PORT: Some older *nix dialects cannot automatically start scripts
+ which begin with a #! interpreter line (the shell starts the scripts
+ appropriately on these platforms). Apache now supports starting of
+ "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set.
+ [Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm)
+ taken from tcsh]
+
+ *) API: "typedef array_header table" removed from alloc.h, folks should
+ have been writing to use table as if it were an opaque type, but even
+ some standard modules got this wrong. By changing the definition
+ to "typedef struct table table" module authors will receive compile
+ time warnings that they're doing the wrong thing. This change
+ facilitates future changes with more sophisticated table
+ structures. Specifically, module authors should be using table_elts()
+ to get access to an array_header * for the table. [Dean Gaudet]
+
+ *) API: Renamed new_connection() to avoid namespace collision with LDAP
+ library routines. [Ken Coar, Rasmus Lerdorf]
+
+ *) WIN32: mod_speling is now available on the Win32 platform.
+ [Marc Slemko]
+
+ *) For clarity the following compile time definition was changed:
+
+ SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT
+
+ Also, for example, HAVE_MMAP would mean to use mmap() scoreboards
+ and not be a general notice that the OS has mmap(). Now the
+ HAVE_MMAP/SHMGET #defines strictly are informational that the
+ OS has that method of shared memory; the type to use for
+ the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD
+ and USE_SHMGET_SCOREBOARD). This allows outside modules to
+ determine if shared memory is available and allows Apache
+ to determine the best method to use for the scoreboard.
+ [Jim Jagielski]
+
+ *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT,
+ as do various earlier versions. It should be safe on all versions.
+ Unixware 1.x appears to have the same SIGHUP bug as solaris does with
+ the slack code. A few other cleanups for Unixware.
+ [Tom Hughes <thh@cyberscience.com>] PR#1082, PR#1282, PR#1499, PR#1553
+
+ *) PORT: A/UX can handle single-listen accepts without mutex
+ locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski]
+
+ *) When die() happens we need to eat any request body if one exists.
+ Otherwise we can't continue with a keepalive session. This shows up
+ as a POST problem with MSIE 4.0, typically against pages which are
+ authenticated. [Roy Fielding] PR#1399
+
+ *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization
+ header will be passed to CGIs. This is generally a security hole, so
+ it's not a default. [Marc Slemko] PR#549
+
+ *) Fix Y2K problem with date printing in suexec log.
+ [Paul Eggert <eggert@twinsun.com>] PR#1343
+
+ *) WIN32 deserves a pid file. [Ben Hyde]
+
+ *) suexec errors now include the errno/description. [Marc Slemko] PR#1543
+
+ *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467.
+ The choice of flock vs. fcntl was made based on timings which showed that
+ even on non-NFS, non-exported filesystems fcntl() was an order of
+ magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so
+ that single socket users will see no difference. [Dean Gaudet] PR#467
+
+ *) "File does not exist" error message was erroneously including the
+ errno. [Marc Slemko]
+
+ *) Improve the warning message generated when a client drops the
+ connection (hits stop button, etc.) during a send. [Roy Fielding]
+
+ *) Defining GPROF will disable profiling in the parent and enable it
+ in the children. If you're profiling under Linux this is pretty much
+ necessary because SIGPROF is lost across a fork(). [Dean Gaudet]
+
+ *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32.
+ [Brian Havard]
+
+ *) The NeXT cc (which is gcc hacked up) doesn't appear to support some
+ gcc functionality. Work around it.
+ [Keith Severson <keith@sssd.navy.mil>] PR#1613
+
+ *) Some linkers complain when .o files contain no functions.
+ [Keith Severson <keith@sssd.navy.mil>] PR#1614
+
+ *) Some const declarations in mod_imap.c that were added for debugging
+ purposes caused some compilers heartburn without adding any
+ significant value, so they've been removed. [Ken Coar]
+
+ *) The src/main/*.h header files have had #ifndef wrappers added to
+ insulate them against duplicate calls if they get included through
+ multiple paths (e.g., in .c files as well as other .h files).
+ [Ken Coar]
+
+ *) The libap routines now have a header file for their prototypes,
+ src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar]
+
+ *) mod_autoindex with a plaintext header file would emit the <PRE>
+ start-tag before the HTML preamble, rather than after the preamble
+ but before the header file contents. [John Van Essen <jve@gamers.org>]
+ PR#1667
+
+ *) SECURITY: Fix a possible buffer overflow in logresolve. This is
+ only an issue on systems without a MAXDNAME define or where
+ the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
+
+ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
+ is used to read various types of files such as htaccess and
+ htpasswd files. [Marc Slemko]
+
+ *) SECURITY: Ensure that the buffer returned by ht_time is always
+ properly null terminated. [Marc Slemko]
+
+ *) The "Connection" header could be sent back with multiple "close"
+ tokens. Not an error, but a waste.
+ [Ronald.Tschalaer@psi.ch] PR#1683
+
+ *) mod_rewrite's RewriteLog should behave like mod_log_config, it
+ shouldn't force hostname lookups. [Dean Gaudet] PR#1684
+
+ *) "basic" auth needs a case-insensitive comparison.
+ [Ronald.Tschalaer@psi.ch] PR#1666
+
+ *) For maximum portability, the environment passed to CGIs should
+ only contain variables whose names match the regex
+ /[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping
+ underscores over any character outside the regex. This
+ affects HTTP_* variables, in a way that should be backward
+ compatible for all the standard headers; and affects variables
+ set with SetEnv/BrowserMatch and similar directives.
+ [Dean Gaudet]
+
+ *) mod_speling returned incorrect HREF's when an ambigous match
+ was found. Noticed by <robinton@amtrash.comlink.de> (Soeren Ziehe)
+ [robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
+
+ *) PORT: Apache now compiles & runs on an EBCDIC mainframe
+ (the Siemens BS2000/OSD family) in the POSIX subsystem
+ [Martin Kraemer]
+
+ *) PORT: Fix problem killing children when terminating. Allow ^C
+ to shut down the server. [Brian Havard]
+
+ *) pstrdup() is implicit in calls to table_* functions, so there's
+ no need to do it before calling. Clean up a few cases.
+ [Marc Slemko, Dean Gaudet]
+
+ *) new -C and -c command line arguments
+ usage:
+ -C "directive" : process directive before reading config files
+ -c "directive" : process directive after reading config files
+ example:
+ httpd -C "PerlModule Apache::httpd_conf"
+ [Doug MacEachern, Martin Kraemer]
+
+ *) WIN32: Fix the execution of CGIs that are scripts and called
+ with path info that does not have an '=' in.
+ (eg. http://server/cgi-bin/printenv?foobar)
+ [Marc Slemko] PR#1591
+
+ *) WIN32: Fix a call to os_canonical_filename so it doesn't try to
+ mess with fake filenames. This fixes proxy caching on
+ win32. PR#1265
+
+ *) SECURITY: General mod_include cleanup, including fixing several
+ possible buffer overflows and a possible infinite loop.
+ [Dean Gaudet, Marc Slemko]
+
+ *) SECURITY: Numerous changes to mod_imap in a general cleanup
+ including fixing a possible buffer overflow. [Dean Gaudet]
+
+ *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
+ (connections are not dropped). Code can handle graceful restarts
+ (but there is as yet no way to signal this to Apache). Various
+ other cleanups. [Paul Sutton]
+
+ *) The aplog_error changes specific to 1.3 introduced a buffer
+ overrun in the (now legacy) log_printf function. Fixed.
+ [Dean Gaudet]
+
+ *) mod_digest didn't properly deal with proxy authentication. It
+ also lacked a case-insensitive comparision of the "Digest"
+ token. [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>] PR#1599
+
+ *) A few cleanups in mod_status for efficiency. [Dean Gaudet]
+
+ *) A few cleanups in mod_info to make it thread-safe, and remove an
+ off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
+
+ *) no2slash() was O(n^2) in the length of the input. Make it O(n).
+ [Dean Gaudet]
+
+ *) API: migration from strncpy() to our "enhanced" version called
+ ap_cpystrn() for performance and functionality reasons.
+ Located in libap.a. [Jim Jagielski]
+
+ *) table_set() and table_unset() did not deal correctly with
+ multiple occurrences of the same key.
+ [Stephen Scheck <sscheck@infonex.net>, Ben Laurie] PR#1604
+
+ *) The AuthName must now be enclosed in quotes if it is to contain
+ spaces. [Ken Coar] PR#1195
+
+ *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
+
+ *) WIN32: Work around optimiser bug that killed ISAPI in release
+ versions. [Ben Laurie] PR#1533
+
+ *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
+
+ *) Interim (slow) fix for p->sub_pool critical sections in
+ alloc.c (affects win32 only). [Ben Hyde]
+
+ *) non-WIN32 was missing destroy_mutex definition. [Ben Hyde]
+
+ *) send_fd_length() did not calculate total_bytes_sent properly.
+ [Ben Reser <breser@regnow.com>] PR#1366
+
+ *) The bputc() macro was not properly integrated with the chunking
+ code; in many cases modules using bputc() could cause completely
+ bogus chunked output. (Typically this will show up as problems
+ with Internet Explorer 4.0 reading a page, but other browsers
+ having no problem.) [Dean Gaudet]
+
+ *) Create LARGE_WRITE_THRESHOLD define which determines how many
+ bytes have to be supplied to bwrite() before it will consider
+ doing a writev() to assemble multiple buffers in one system
+ call. This is critical for modules such as mod_include,
+ mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
+ strings in some cases. The result would be extra effort
+ setting up writev(), and in many cases extra effort building
+ chunks. The default is 31, it can be overriden at compile
+ time. [Dean Gaudet]
+
+ *) Move the gid switching code into the child so that log files
+ and pid files are opened with the root gid.
+ [Gregory A Lundberg <lundberg@vr.net>]
+
+ *) WIN32: Check for binaries by looking for the executable header
+ instead of counting control characters.
+ [Jim Patterson <Jim.Patterson@Cognos.COM>] PR#1340
+
+ *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
+ so the functionality is available to applications other than the
+ server itself (like the src/support tools). [Ken Coar]
+
+ *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
+ the libap consolidation work. [Ken Coar]
+
+ *) ap_snprintf() with a len of 0 behaved like sprintf(). This is not
+ useful, and isn't what the standards require. Now it returns 0
+ and writes nothing. [Dean Gaudet]
+
+ *) When an error occurs in fcntl() locking suggest the user look up
+ the docs for LockFile. [Dean Gaudet]
+
+ *) Eliminate some dead code from writev_it_all().
+ [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
+
+ *) mod_autoindex had an fread() without checking the result code.
+ It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
+ (note the missing closing paren) properly. [Dean Gaudet]
+
+ *) It appears the "257th byte" bug (see
+ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
+ at the 256th byte as well. Fixed. [Dean Gaudet]
+
+ *) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
+ [Brian Havard]
+
+ *) Fix memory corruption caused by allocating auth usernames in the
+ wrong pool. [Dean Gaudet] PR#1500
+
+ *) Fix an off-by-1, and an unterminated string error in
+ mod_mime_magic. [Dean Gaudet]
+
+ *) Fix a potential SEGV problem in mod_negotiation when dealing
+ with type-maps. [Dean Gaudet]
+
+ *) Better glibc support under Linux. [Dean Gaudet] PR#1542
+
+ *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
+
+ *) WIN32: avoid overflows during file canonicalisations.
+ [malcolm@mgdev.demon.co.uk] PR#1378
+
+ *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
+ PR#1511, 1508
+
+ *) WIN32: mod_status display header didn't match fields. [Ben Laurie]
+
+ *) The pthread_mutex_* functions return an error code, and don't
+ set errno. [Igor Tatarinov <tatarino@prairie.NoDak.edu>]
+
+ *) WIN32: Allow spaces to prefix the interpreter in #! lines.
+ [Ben Laurie] PR#1101
+
+ *) WIN32: Cure file leak in CGIs. [Peter Tillemans <pti@net4all.be>] PR#1523
+
+ *) proxy_ftp: the directory listings generated by the proxy ftp module
+ now have a title in which the path components are clickable and allow
+ quick navigation to the clicked-on directory on the currently listed
+ ftp server. This also fixes a bug where the ".." directory links would
+ sometimes refer to the wrong directory. [Martin Kraemer]
+
+ *) WIN32: Allocate the correct amount of memory for the scoreboard.
+ [Ben Hyde] PR#1387
+
+ *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
+ PR#1505
+
+ *) Fix problems with timeouts in inetd mode and -X mode. [Dean Gaudet]
+
+ *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
+ error messages. [Ben Hyde]
+
+Changes with Apache 1.3b3
+
+ *) WIN32: Work around brain-damaged spawn calls that can't deal
+ with spaces and slashes. [Ben Laurie]
+
+ *) WIN32: Fix the code so CGIs can use socket calls on Windows.
+ The problem was that certain undocumented environment variables
+ needed for sockets to work under Win32 were not being passed.
+ [Frank Faubert <frank@sane.com>]
+
+ *) Add a "-V" command line flag to the httpd binary. This
+ flag shows some of the defines that Apache was compiled with.
+ It is useful for debugging purposes. [Martin Kraemer]
+
+ *) Start separating the ap_*() routines into their own library, so they
+ can be used by items in src/support among other things.
+ [Ken Coar] PR#512, 905, 1252, 1308
+
+ *) Give a more informative error when no AuthType is set.
+ [Lars Eilebrecht]
+
+ *) Remove strtoul() use from mod_proxy because it isn't available
+ on all platforms. [Marc Slemko] PR#1214
+
+ *) WIN32: Some Win32 systems terminated all responses after 16 kB.
+ This turns out to be a bug in Winsock - select() doesn't always
+ return the correct status. [Ben Laurie]
+
+ *) Directives owned by http_core can now use the new check_cmd_context()
+ routine to ensure that they're not being used within a container
+ (e.g., <Directory>) where they're invalid. [Martin Kraemer]
+
+ *) PORT: Recent changes made it necessary to add explicit prototype
+ for fgetc() and fgets() on SunOS 4.x. [Martin Kraemer, Ben Hyde]
+
+ *) It was necessary to distinguish between resources which are
+ allocated in the parent, for cleanup in the parent, and resources
+ which are allocated in each child, for cleanup in each child.
+ A new pool was created which is passed to the module child_init
+ and child_exit functions; modules are free to register per-child
+ cleanups there. This fixes a bug with reliable piped logs.
+ [Dean Gaudet]
+
+ *) mod_autoindex wasn't displaying the ReadmeName file at the bottom
+ unless it was also doing FancyIndexes, but it displayed the
+ HeaderName file at the top under all circumstances. It now shows
+ the ReadmeName file for simple indices, too, as it should.
+ [Ken Coar] PR#1373
+
+ *) http_core was mmap()ing even in cases where it wasn't going to
+ read the file. [Ben Hyde <bhyde@gensym.com>]
+
+ *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
+ Now the rewriting engine (the heart of mod_rewrite) is organized more
+ straight-forward, first time well documented and reduced to the really
+ essential parts. All redundant cases were stripped off and processing now
+ is the same for both per-server and per-directory context with only a
+ minimum difference (the prefix stripping in per-dir context). As a
+ side-effect some subtle restrictions and two recently discovered problems
+ are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
+ context and restrictions on the substitution URL on redirects.
+ Additionally some minor source cleanups were done.
+ [Ralf S. Engelschall]
+
+ *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
+ documentation, examples, explanations and caveats. They live in a new
+ subdirectory htdocs/manual/vhost/. [Lars Eilebrecht <sfx@unix-ag.org>]
+
+ *) If ap_slack fails to allocate above the low slack line it's a good
+ indication that further problems will occur; it's a better indication
+ than many external libraries give us when we actually run out of
+ descriptors. So report it to the user once per restart.
+ [Dean Gaudet] PR#1181
+
+ *) Change mod_include and mod_autoindex to use Y2K-safe date formats
+ by default. [Ken Coar]
+
+ *) Add a "SuppressColumnSorting" option to the IndexOptions list,
+ which will keep the column heading from being links for sorting
+ the display. [Ken Coar, suggested by Brian Tiemann <btman@pacific.net>]
+ PR #1261
+
+ *) PORT: Update the LynxOS port. [Marius Groeger <mag@sysgo.de>]
+
+ *) Fix logic error when issuing a mmap() failed message
+ with a non-zero MMAP_THRESHOLD.
+ [David Chambers <davidc@flosun.salk.edu>] PR#1294
+
+ *) Preserve handler value on ProxyPass'ed requests by not
+ calling find_types on a proxy'd request; fixes problems
+ where some ProxyPass'ed URLs weren't actually passed
+ to the proxy.
+ [Lars Eilebrecht] PR#870
+
+ *) Fix a byte ordering problem in mod_access which prevented
+ the old-style syntax (i.e. "a.b.c." to match a class C)
+ from working properly. [Dean Gaudet] PR#1248, 1328, 1384
+
+ *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
+ properly. Each child needs to open the lockfile instead
+ of using the passed file-descriptor from the parent.
+ [Jim Jagielski] PR#1056
+
+ *) Fix the error logging in mod_cgi; the recent error log changes
+ introduced a bug that prevented it from working correctly.
+ [M.D.Parker] PR#1352
+
+ *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly
+ handle multiple Listen directives. [Marc Slemko] PR#872
+
+ *) Inherit a bugfix to fnmatch.c from FreeBSD sources.
+ ["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" <ache@nagual.pp.ru>] PR#1311
+
+ *) When a configuration parse complained about a bad directive,
+ the logger would use whatever (unrelated) value was in errno.
+ errno is now forced to EINVAL first in this case. [Ken Coar]
+
+ *) A sed command in the Configure script pushed the edge of POSIXness,
+ breaking on some systems. [Bhaba R.Misra <system@vt.edu>] PR#1368
+
+ *) Solaris >= 2.5 was totally broken due to a mess up using pthread
+ mutexes. [Roy Fielding, Dean Gaudet]
+
+ *) OS/2 Port updated; it should be possible to build OS/2 from the same
+ sources as Unix now. [Brian Havard <brianh@kheldar.apana.org.au>]
+
+ *) Fix a year formatting bug in mod_usertrack.
+ [Paul Eggert <eggert@twinsun.com>] PR#1342
+
+ *) A mild SIGTERM/SIGALRM race condition was eliminated.
+ [Dean Gaudet] PR#1211
+
+ *) Warn user that default path has changed if /usr/local/etc/httpd
+ is found on the system. [Lars Eilebrecht]
+
+ *) Various mod_mime_magic bug fixes and cleanups: Uncompression
+ should work, it should work on WIN32, and a few resource
+ leaks and abort conditions are fixed.
+ [Dean Gaudet] PR#1205
+
+ *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
+ to use '%' instead of '@' in its encodings.
+ [David Schuler <schuld@btv.ibm.com>] PR#1317
+
+ *) Improve the warning message generated when the "server is busy".
+ [Dean Gaudet] PR#1293
+
+ *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
+ get Spencer regex by default. This is to avoid having to
+ discover bugs in operating system libraries. [Dean Gaudet]
+
+ *) PORT: "Fix" PR#467 by generating warnings on systems which we have
+ not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
+ Document this a bit more in src/PORTING. [Dean Gaudet] PR#467
+
+ *) Ensure that one copy of config warnings makes it to the
+ error_log. [Dean Gaudet]
+
+ *) Invent new structure and associated methods to handle config file
+ reading. Add "custom" hook to use config file cfg_getline() on
+ something which is not a FILE* [Martin Kraemer]
+
+ *) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
+
+ *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
+
+ *) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
+
+ *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
+ [John Line <jml4@cam.ac.uk>] PR#1321
+
+ *) Default pathname has been changed everywhere to /usr/local/apache
+ [Sameer <sameer@c2.net>]
+
+ *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
+ [David Bronder <David-Bronder@uiowa.edu>] PR#849
+
+ *) PORT: i386 AIX does not have memmove.
+ [David Schuler <schuld@btv.ibm.com>] PR#1267
+
+ *) PORT: HPUX now defaults to using Spencer regex.
+ [Philippe Vanhaesendonck <pvanhaes@be.oracle.com>,
+ Omar Del Rio <al112263@academ01.lag.itesm.mx>] PR#482, 1246
+
+ *) PORT: Some versions of NetBSD don't automatically define
+ __NetBSD__. Workaround by defining NETBSD.
+ [Chris Craft <ccraft@cncc.cc.co.us>] PR#977
+
+ *) PORT: UnixWare 2.x requires -lgen for syslog.
+ [Hans Snijder <hs@meganet.nl>] PR#1249
+
+ *) PORT: ULTRIX appears to not have syslog.
+ [Lars Eilebrecht <Lars.Eilebrecht@unix-ag.org>]
+
+ *) PORT: Basic Gemini port (treat it like unixware212).
+ ["Pavel Yakovlev (Paul McHacker)" <hac@tomcat.olly.ru>]
+
+ *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
+ use USE_SHMGET_SCOREBOARD.
+ [Martin Kraemer]
+
+ *) Various improvements in detecting config file errors (missing closing
+ directives for <Directory>, <Files> etc. blocks, prohibiting global
+ server settings in <VirtualHost> blocks, flagging unhandled multiple
+ arguments to <Directory>, <Files> etc.)
+ [Martin Kraemer]
+
+ *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
+ variable to provide this one to suexec'd CGIs, too.
+ [M.D.Parker <mdpc@netcom.com>] PR#1284
+
+ *) New support tool: src/support/split-logfile, a sample Perl script which
+ splits up a combined access log into separate files based on the
+ name of the virtual host (listed first in the log records by "%v").
+ [Ken Coar]
+
+Changes with Apache 1.3b2 (there is no 1.3b1)
+
+ *) TestCompile was not passing $LIBS [Dean Gaudet]
+
+ *) Makefile.tmpl was not using $CFLAGS in the link phase.
+ [Martin Kraemer]
+
+ *) Add debugging code to alloc.c. Defining ALLOC_DEBUG provides a
+ rudimentary memory debugger which can be used on live servers with
+ low impact -- it sets all allocated and freed memory bytes to 0xa5.
+ Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
+ and free() for each object. This is far more expensive and should
+ only be used for testing with tools such as Electric Fence and
+ Purify. See main/alloc.c for more details. [Dean Gaudet]
+
+ *) Configure uses a sh trap and didn't set its exitcode properly.
+ [Dean Gaudet] PR#1159
+
+ *) Yet another vhost revamp. Add the NameVirtualHost directive which
+ explicitly lists the ip:port pairs that are to be used for name-vhosts.
+ From a given ip:port, regardless what the Host: header is, you can
+ only reach the vhosts defined on that ip:port. The precedence of
+ vhosts was reversed to match other precedences in the config --
+ the earlier vhosts override the later vhosts. All vhost matching was
+ moved into http_vhost.[ch]. [Dean Gaudet]
+
+ *) ap_inline can be used to force inlining. GNUC __attribute__() can
+ be used for whatever reason is appropriate (i.e. format() warnings
+ for printf style functions). Both are enabled only with
+ gcc >= 2.7.x (so that we have fewer support issues with older
+ versions). [Dean Gaudet]
+
+ *) Fix support for Proxy Authentication (we were testing the response
+ status too early). [Marc Slemko]
+
+ *) CoreDumpDirectory directive directs where the core file is
+ written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
+ received. [Marc Slemko, Dean Gaudet]
+
+ *) PORT: Support for Atari MINT.
+ [Jan Paul Schmidt <Jan.P.Schmidt@mni.fh-giessen.de>]
+
+ *) When booting, apache will now detach itself from stdin, stdout,
+ and stderr. stderr will not be detached until after the config
+ files have been read so you will be able to see initial error
+ messages. After that all errors are logged in the error_log.
+ This makes it more convenient to start apache via rsh, ssh,
+ or crontabs. [Dean Gaudet] PR#523
+
+ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
+ Also removed the auto-generated link to www.apache.org that was the
+ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
+
+ *) send_fb would not detect aborted connections in some situations.
+ [Dean Gaudet]
+
+ *) mod_include would use uninitialized data when parsing certain
+ expressions involving && and ||. [Brian Slesinsky] PR#1139
+
+ *) mod_imap should only handle GET methods. [Jay Bloodworth]
+
+ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
+
+ *) mod_autoindex improperly counted &escapes; as more than one
+ character in the description. It also improperly truncated
+ descriptions that were exactly the maximum length.
+ [Martin Kraemer]
+
+ *) RedirectMatch was not properly escaping the result (PR#1155). Also
+ "RedirectMatch /advertiser/(.*) $1" is now permitted.
+ [Dean Gaudet]
+
+ *) mod_include now uses symbolic names to check for request success
+ and return HTTP errors, and correctly handles all types of
+ redirections (previously it only did temporary redirect correctly).
+ [Ken Coar, Roy Fielding]
+
+ *) mod_userdir was modifying r->finfo in cases where it wasn't setting
+ r->filename. Since those two are meant to be in sync with each other
+ this is a bug. ["Paul B. Henson" <henson@intranet.csupomona.edu>]
+
+ *) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
+ ["Kaufman, Steven E" <Steven.Kaufman@unisys.com>]
+
+ *) Inetd mode (which is buggy) uses timeouts without having setup the
+ jmpbuffer. [Dean Gaudet] PR#1064
+
+ *) Work around problem under Linux where a child will start looping
+ reporting a select error over and over.
+ [Rick Franchuk <rickf@transpect.net>] PR#1107, 987, 588
+
+ *) Fixed error in proxy_util.c when looping through multiple host IP
+ addresses. [Lars Eilebrecht] PR#974
+
+ *) If BUFFERED_LOGS is defined then mod_log_config will do atomic
+ buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
+ bytes before writing, but it will never split a log entry across a
+ buffer boundary. [Dean Gaudet]
+
+ *) API: the short_score record has been split into two pieces, one which
+ the parent writes on, and one which the child writes on. As part of
+ this change the get_scoreboard_info() function was removed, and
+ scoreboard_image was exported. This change fixes a race condition
+ in file based scoreboard systems, and speeds up changes involving the
+ scoreboard in earlier 1.3 development. [Dean Gaudet]
+
+ *) API: New register_other_child() API (see http_main.h) which allows
+ modules to register children with the parent for maintenance. It
+ is disabled by defining NO_OTHER_CHILD. [Dean Gaudet]
+
+ *) API: New piped_log API (see http_log.h) which implements piped logs,
+ and will use register_other_child to implement reliable piped logs
+ when it is available. The reliable piped logs part can be disabled
+ by defining NO_RELIABLE_PIPED_LOGS. At the moment reliable piped
+ logs is only available on Unix. [Dean Gaudet]
+
+ *) API: set_last_modified() broken into set_last_modified(), set_etag(), and
+ meets_conditions(). This allows conditional HTTP selection to be
+ handled separately from the storing of the header fields, and provides
+ the ability for CGIs to set their own ETags for conditional checking.
+ [Ken Coar, Roy Fielding] PR#895
+
+ *) Changes to mod_log_config to allow naming of format strings.
+ Format nicknames are defined with "LogFormat fmt nickname", and can
+ be used with "LogFormat nickname" and "CustomLog logtarget nickname".
+ [Ken Coar]
+
+ *) New module, "mod_speling", which can help find files even when
+ the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
+
+ *) API: New function child_terminate() triggers the child process to
+ exit, while allowing the child finish what it needs to for the
+ current request first.
+ [Doug MacEachern, Alexei Kosut]
+
+ *) Windows now defaults to using full status reports with mod_status.
+ [Alexei Kosut] PR #1094
+
+ *) *Really* disable all mod_rewrite operations if the engine is off.
+ Some things (like RewriteMaps) were checked/performed even if they
+ weren't supposed to be. [Ken Coar] PR #991
+
+ *) Implement a new timer scheme which eliminates the need to call alarm() all
+ the time. Instead a counter in the scoreboard for each child is used to
+ show when the child has made forward progress. The parent samples this
+ counter every scoreboard maintenance cycle, and issues SIGALRM if no
+ progress has been made in the timeout period. This reduces the static
+ request best-case syscall count to 22 from 29. This scheme is only
+ used by systems with memory-based scoreboards. [Dean Gaudet]
+
+ *) The proxy now properly handles CONNECT requests which are sent
+ to proxy servers when using ProxyRemote. [Marc Slemko] PR#1024
+
+ *) A script called apachectl has been added to the support
+ directory. This script allows you to do things such as
+ "apachectl start" and "apachectl restart" from the command
+ line. [Marc Slemko]
+
+ *) Modules and core routines are now put into libraries, which
+ simplifies the link line tremendously (among other advantages).
+ [Paul Sutton]
+
+ *) Some of the MD5 names defined in Apache have been renamed to have
+ an `ap_' prefix to avoid conflicts with routines supplied by
+ external libraries. [Ken Coar]
+
+ *) Removal of mod_auth_msql.c from the distribution. There are many
+ other options for databases today. Rather than offer one option,
+ offer none at this time. mod_auth_msql and other SQL database
+ authentication modules can be found at the Apache Module Registry.
+ http://modules.apache.org/ It would be nice to offer a generic
+ mod_auth_sql option in the near future.
+
+ *) PORT: BeOS support added [Alexei Kosut]
+
+ *) Configure no longer accepts the -make option, since it creates
+ Makefile on the fly based on Makefile.tmpl and Configuration.
+
+ *) Apache now gracefully shuts down when it receives a SIGTERM, instead
+ of forcibly killing off all its processes and exiting without
+ cleaning up. [Alexei Kosut]
+
+ *) API: A new field in the request_rec, r->mtime, has been added to
+ avoid gratuitous parsing of date strings. It is intended to hold
+ the last-modified date of the resource (if applicable). An
+ update_mtime() routine has also been added to advance it if
+ appropriate. [Roy Fielding, Ken Coar]
+
+ *) SECURITY: If a htaccess file can not be read due to bad permissions,
+ deny access to the directory with a HTTP_FORBIDDEN. The previous
+ behavior was to ignore the htaccess file if it could not be read.
+ This change may make some setups with unreadable htaccess files
+ stop working. [Marc Slemko] PR#817
+
+ *) Add aplog_error() providing a mechanism to define levels of
+ verbosity to the server error logging. This addition also provides
+ the ability to log errors using syslogd. Error logging is configurable
+ on a per-server basis using the LogLevel directive. Conversion
+ of log_*() in progress. [Randy Terbush]
+
+ *) Further enhance aplog_error() to not log filename, line number, and
+ errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
+
+ *) WIN32: Canonicalise filenames under Win32. Short filenames are
+ converted to long ones. Backslashes are converted to forward
+ slashes. Case is converted to lower. Parts of URLs that do not
+ correspond to files are left completely alone. [Ben Laurie]
+
+ *) PORT: 2 new OSs added to the list of ports:
+ Encore's UMAX V: Arieh Markel <amarkel@encore.com>
+ Acorn RISCiX: Stephen Borrill <sborrill@xemplar.co.uk>
+
+ *) Add the server version (SERVER_VERSION macro) to the "server
+ configured and running" entry in the error_log. Also build an
+ object file at link-time that contains the current time
+ (SERVER_BUILT global const char[]), and include that in the
+ message. [Ken Coar]
+
+ *) Set r->headers_out when sending responses from the proxy.
+ This fixes things such as the logging of headers sent from
+ the proxy. [Marc Slemko] PR#659
+
+ *) support/httpd_monitor is no longer distributed because the
+ scoreboard should not be file based if at all possible. Use
+ mod_status to see current server snapshot.
+
+ *) (set_file_slot): New function, allowing auth directives to be
+ independent of the server root, so the server documents can be
+ moved to a different directory or machine more easily.
+ [David J. MacKenzie]
+
+ *) If no TransferLog is given explicitly, decline
+ to log. This supports coexistence with other logging modules,
+ such as the custom one that UUNET uses. [David J. MacKenzie]
+
+ *) Check for titles in server-parsed HTML files.
+ Ignore leading newlines and returns in titles. The old behavior
+ of replacing a newline after <title> with a space causes the
+ title to be misaligned in the listing. [David J. MacKenzie]
+
+ *) Change mod_cern_meta to be configurable on a per-directory basis.
+ [David J. MacKenzie]
+
+ *) Add 'Include' directive to allow inclusion of configuration
+ files within configuration files. [Randy Terbush]
+
+ *) Proxy errors on connect() are logged to the error_log (nothing
+ new); now they include the IP address and port that failed
+ (*that's* new). [Ken Coar, Marc Slemko] PR#352
+
+ *) Various architectures now define USE_MMAP_FILES which causes
+ the server to use mmap() for static files. There are two
+ compile-time tunables MMAP_THRESHOLD (minimum number of bytes
+ required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
+ number of bytes written in one cycle from a single mmap()d object,
+ default 32768). [Dean Gaudet]
+
+ *) API: Added post_read_request API phase which is run right after reading
+ the request from a client, or right after an internal redirect. It is
+ useful for modules setting environment variables that depend only on
+ the headers/contents of the request. It does not run during subrequests
+ because subrequests inherit pretty much everything from the main
+ request. [Dean Gaudet]
+
+ *) Added mod_unique_id which is used to generate a unique identifier for
+ each hit, available in the environment variable UNIQUE_ID.
+ [Dean Gaudet]
+
+ *) init_modules is now called after the error logs have been opened. This
+ allows modules to emit information messages into the error logs.
+ [Dean Gaudet]
+
+ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
+ information for case where proxy module is not available. [Marc Slemko]
+
+ *) PORT: Apache has need for mutexes to serialize its children around
+ accept. In prior versions either fcntl file locking or flock file
+ locking were used. The method is chosen by the definition of
+ USE_xxx_SERIALIZED_ACCEPT in conf.h. xxx is FCNTL for fcntl(),
+ and FLOCK for flock(). New options have been added:
+ - SYSVSEM to use System V style semaphores
+ - PTHREAD to use POSIX threads (appears to work on Solaris only)
+ - USLOCK to use IRIX uslock
+ Based on timing various techniques, the following changes were made
+ to the defaults:
+ - Linux 2.x uses flock instead of fcntl
+ - Solaris 2.x uses pthreads
+ - IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
+ work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
+ [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec@vtcom.fr>,
+ Martijn Koster <m.koster@pobox.com>]
+
+ *) PORT: The semantics of accept/select make it very desirable to use
+ mutexes to serialize accept when multiple Listens are in use. But
+ in the case where only a single socket is open it is sometimes
+ redundant to serialize accept(). Not all unixes do a good job with
+ potentially dozens of children blocked on accept() on the same
+ socket. It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
+ the server will avoid serialization when listening on only one socket,
+ and use serialization when listening on multiple sockets.
+ [Dean Gaudet] PR#467
+
+ *) Configure changes: TestLib replaced by TestCompile, which has
+ some additional capability (such as doing a sanity check of
+ the compiler and flags selected); the version of Solaris is now
+ available via the #define value of SOLARIS2; IRIX n32bit libs
+ now supported and selectable by new Configuration Rule: IRIXN32;
+ We no longer default to -O2 optimization. [Jim Jagielski]
+
+ *) Updated Configure: Configuration now uses AddModule to specify
+ module source or binary file location, relative to src directory.
+ Modules can be dropped into modules/extra, or in their own
+ directory, and modules can come with a Makefile or Configure can
+ create one. Modules can add compiler or library information to
+ generated Makefiles. [Paul Sutton]
+
+ *) Source core re-organisation: distributed modules are now in
+ modules/standard. All other source code is in main. OS-specific
+ code is in os/{unix,emx,win32} directories. [Paul Sutton]
+
+ *) mod_browser has been removed, since it's replaced by mod_setenvif.
+ [Ken Coar]
+
+ *) Fix another long-standing bug in sub_req_lookup_file where it would
+ happily skip past access checks on subdirectories looked up with
+ relative paths. (It's used by mod_dir, mod_negotiation,
+ and mod_include.) [Dean Gaudet]
+
+ *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
+ N is the number of <Directory> sections, and M is the number of
+ components in the filename of an object.
+
+ To achieve this optimization the following config changes were made:
+ - Wildcards (* and ?, not the regex forms) in <Directory>s,
+ <Files>s, and <Location>s now treat a slash as a special
+ character. For example "/home/*/public_html" previously would
+ match "/home/a/andrew/public_html", now it only matches things
+ like "/home/bob/public_html". This mimics /bin/sh behaviour.
+ - It's possible now to use [] wildcarding in <Directory>, <Files>
+ or <Location>.
+ - Regex <Directory>s are applied after all non-regex <Directory>s.
+
+ [Dean Gaudet]
+
+ *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
+ and corrupted paths. [Dean Gaudet]
+
+ *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
+ First the grouped parts of RewriteRule pattern matches (parenthesis!) can
+ be accessed now via backreferences $1..$9 in RewriteConds test-against
+ strings in addition to RewriteRules subst string. Second the grouped
+ parts of RewriteCond pattern matches (parenthesis!) can be accessed now
+ via backreferences %1..%9 both in following RewriteCond test-against
+ strings and RewriteRules subst string. This provides maximum flexibility
+ through the use of backreferences.
+ Additionally the rewriting engine was cleaned up by putting common
+ code to the new expand_backrefs_inbuffer() function.
+ [Ralf S. Engelschall]
+
+ *) When merging the main server's <Directory> and <Location> sections into
+ a vhost, put the main server's first and the vhost's second. Otherwise
+ the vhost can't override the main server. [Dean Gaudet] PR#717
+
+ *) The <Directory> code would merge and re-merge the same section after
+ a match was found, possibly causing problems with some modules.
+ [Dean Gaudet]
+
+ *) ip-based vhosts are stored and queried using a hashing function, which
+ has been shown to improve performance on servers with many ip-vhosts.
+ Some other changes had to be made to accommodate this:
+ - the * address for vhosts now behaves like _default_
+ - the matching process now is:
+ - match an ip-vhost directly via hash (possibly matches main
+ server)
+ - if that fails, just pretend it matched the main server
+ - if so far only the main server has been matched, perform
+ name-based lookups (ServerName, ServerAlias, ServerPath)
+ *only on name-based vhosts*
+ - if they fail, look for _default_ vhosts
+ [Dean Gaudet, Dave Hankins <dhankins@sugarat.net>]
+
+ *) dbmmanage overhaul:
+ - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new
+ - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
+ GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
+ - provide better seed for rand
+ - prompt for password as per getpass(3) (turn off echo, read from
+ /dev/tty, etc.)
+ - use "newstyle" crypt based on $Config{osname} ($^O)
+ - will not add a user if already in database, use new `update' command
+ instead
+ - added `check' command to check a users' password
+ - added `import' command to convert existing password text-files or
+ dbm files exported with `view'
+ - more descriptive usage, general cleanup, 'use strict' clean, etc.
+ [Doug MacEachern]
+
+ *) Added psocket() which is a pool form of socket(), various places within
+ the proxy weren't properly blocking alarms while registering the cleanup
+ for its sockets. bclose() now uses pclose() and pclosesocket(). There
+ was a bug where the client socket was being close()d twice due a still
+ registered cleanup. [Dean Gaudet]
+
+ *) A few cleanups were made to reduce time(), getpid(), and signal() calls.
+ [Dean Gaudet]
+
+ *) PORT: AIX >= 4.2 requires -lm due to libc changes.
+ [Jason Venner <jason@idiom.com>] PR#667
+
+ *) Enable ``=""'' for RewriteCond directives to match against
+ the empty string. This is the preferred way instead of ``^$''.
+ [Ralf S. Engelschall]
+
+ *) Fixed an infinite loop in mod_imap for references above the server root
+ [Dean Gaudet] PR#748
+
+ *) mod_proxy now has a ReceiveBufferSize directive, similar to
+ SendBufferSize, so that the TCP window can be set appropriately
+ for LFNs. [Phillip A. Prindeville]
+
+ *) mod_browser has been replaced by the more general mod_setenvif
+ (courtesy of Paul Sutton). BrowserMatch* directives are still
+ available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
+ UnSetEnvIfZero directives. [Ken Coar]
+
+ *) "HostnameLookups double" forces double-reverse DNS to succeed in
+ order for remote_host to be set (for logging, or for the env var
+ REMOTE_HOST). The old define MAXIMUM_DNS has been deprecated.
+ [Dean Gaudet]
+
+ *) mod_access overhaul:
+ - Now understands network/netmask syntax (i.e. 10.1.0.0/255.255.0.0)
+ and cidr syntax (i.e. 10.1.0.0/16). PR#762
+ - Critical path was sped up by pre-computing a few things at config time.
+ - The undocumented syntax "allow user-agents" was removed,
+ the replacement is "allow from env=foobar" combined with mod_browser.
+ - When used with hostnames it now forces a double-reverse lookup
+ no matter what the directory settings are. This double-reverse
+ doesn't affect any of the other routines that use the remote
+ hostname. In particular it's still passed to CGIs and the log
+ without the double-reverse check. Related PR#860.
+ [Dean Gaudet]
+
+ *) When a large bwrite() occurs (larger than the internal buffer size),
+ while there is already something in the buffer, apache will combine
+ the large write and the buffer into a single writev(). (This is
+ in anticipation of using mmap() for reading files.)
+ [Dean Gaudet]
+
+ *) In obscure cases where a partial socket write occurred while chunking,
+ Apache would omit the chunk header/footer on the next block. Cleaned
+ up other bugs/inconsistencies in error conditions in buff.c. Fixed
+ a bug where a long pause in DNS lookups could cause the last packet
+ of a response to be unduly delayed. [Roy Fielding, Dean Gaudet]
+
+ *) API: Added child_exit function to module structure. This is called
+ once per "heavy-weight process" just before a server child exit()'s
+ e.g. when max_requests_per_child is reached, etc.
+ [Doug MacEachern, Dean Gaudet]
+
+ *) mod_include cleanup showed that handle_else was being used to handle
+ endif. It didn't cause problems, but it was cleaned up too.
+ [Howard Fear]
+
+ *) mod_cern_meta would attempt to find meta files for the directory itself
+ in some cases, but not in others. It now avoids it in all cases.
+ [Dean Gaudet]
+
+ *) mod_mime_magic would core dump if there was a decompression error.
+ [Martin Kraemer <Martin.Kraemer@mch.sni.de>] PR#904
+
+ *) PORT: some variants of DGUX require -lsocket -lnsl
+ [Alexander L Jones <alex@systems-options.co.uk>] PR#732
+
+ *) mod_autoindex now allows sorting of FancyIndexed directory listings
+ by the various fields (name, size, et cetera), either in ascending
+ or descending order. Just click on the column header. [Ken Coar]
+
+ *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
+ CPUs like the Alpha. Apache still stores ints in pointers, but that's
+ the relatively safe direction. [Dean Gaudet] PR#344
+
+ *) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
+ [Igor N Kovalenko <infoh@mail.wplus.net>] PR#683
+
+ *) child_main avoids an unneeded call to select() when there is only one
+ listening socket. [Dean Gaudet]
+
+ *) In the event that the server is starved for idle servers it will
+ spawn 1, then 2, then 4, ..., then 32 servers each second,
+ doubling each second. It'll also give a warning in the errorlog
+ since the most common reason for this is a poor StartServers
+ setting. The define MAX_SPAWN_RATE can be used to raise/lower
+ the maximum. [Dean Gaudet]
+
+ *) Apache now provides an effectively unbuffered connection for
+ CGI scripts. This means that data will be sent to the client
+ as soon as the CGI pauses or stops output; previously, Apache would
+ buffer the output up to a fixed buffer size before sending, which
+ could result in the user viewing an empty page until the CGI finished
+ or output a complete buffer. It is no longer necessary to use an
+ "nph-" CGI to get unbuffered output. Given that most CGIs are written
+ in a language that by default does buffering (e.g. perl) this
+ shouldn't have a detrimental effect on performance.
+
+ "nph-" CGIs, which formerly provided a direct socket to the client
+ without any server post-processing, were not fully compatible with
+ HTTP/1.1 or SSL support. As such they would have had to implement
+ the transport details, such as encryption or chunking, in order
+ to work properly in certain situations. Now, the only difference
+ between nph and non-nph scripts is "non-parsed headers".
+ [Dean Gaudet, Sameer Parekh, Roy Fielding]
+
+ *) If a BUFF is switched from buffered to unbuffered reading the first
+ bread() will return whatever remained in the buffer prior to the
+ switch. [Dean Gaudet]
+
+Changes with Apache 1.3a1
+
+ *) Added another Configure helper script: TestLib. It determines
+ if a specified library exists. [Jim Jagielski]
+
+ *) PORT: Allow for use of n32bit libraries under IRIX 6.x
+ [derived from patch from Jeff Hayes <jhayes@aw.sgi.com>]
+ PR#721
+
+ *) PORT: Some architectures use size_t for various lengths in network
+ functions such as accept(), and getsockname(). The definition
+ NET_SIZE_T is used to control this. [Dean Gaudet]
+
+ *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
+ and -lcrypt. Test for various db libraries (dbm, ndbm, db) when
+ mod_auth_dbm or mod_auth_db are included. [Dean Gaudet]
+
+ *) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
+ [Igor N Kovalenko <infoh@mail.wplus.net>]
+
+ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
+ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
+ "downgrade-1.0" which causes Apache to pretend it received a 1.0.
+ [Dean Gaudet] related PR#875
+
+ *) API: Correct child_init() slot declaration from int to void, to
+ match the init() declaration. Update mod_example to use the new
+ hook. [Ken Coar]
+
+ *) added transport handle slot (t_handle) to the BUFF structure
+ [Doug MacEachern]
+
+ *) get_client_block() returns wrong length if policy is
+ REQUEST_CHUNKED_DECHUNK.
+ [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
+
+ *) Support the image map format of FrontPage. For example:
+ rect /url.hrm 10 20 30 40
+ ["Chris O'Byrne" <obyrne@iol.ie>] PR#807
+
+ *) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
+ ["Darren O'Shaughnessy" <darren@aaii.oz.au>] PR#846
+
+ *) AddModuleInfo directive for mod_info which allows you to annotate
+ the output of mod_info. ["Lou D. Langholtz" <ldl@usi.utah.edu>]
+
+ *) Added NoProxy directive to avoid using ProxyRemote for selected
+ addresses. Added ProxyDomain directive to cause unqualified
+ names to be qualified by redirection.
+ [Martin Kraemer <Martin.Kraemer@mch.sni.de>]
+
+ *) Support Proxy Authentication, and don't pass the Proxy-Authorize
+ header to the remote host in the proxy. [Sameer Parekh and
+ Wallace]
+
+ *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
+ 3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
+ URLs, fixed rewritelog(), fixed forced response code handling on
+ redirects from within .htaccess files, disabled pipe locking under
+ braindead SunOS 4.1.x, allow env variables to be set even on rules with
+ no substitution, bugfixed situations where HostnameLookups is off, made
+ mod_rewrite more thread-safe for NT port and fixed problem when creating
+ an empty query string via "xxx?".
+ This update also removes the copyright of Ralf S. Engelschall,
+ i.e. now mod_rewrite no longer has a shared copyright. Instead is is
+ exclusively copyrighted by the Apache Group now. This happened because
+ the author now has gifted mod_rewrite exclusively to the Apache Group and
+ no longer maintains an external version.
+ [Ralf S. Engelschall]
+
+ *) API: Added child_init function to module structure. This is called
+ once per "heavy-weight process" before any requests are handled.
+ See http_config.h for more details. [Dean Gaudet]
+
+ *) Anonymous_LogEmail was logging on each subrequest.
+ [Dean Gaudet] PR#421, 868
+
+ *) API: Added is_initial_req() which tests if the request being
+ processed is the initial request, or a subrequest.
+ [Doug MacEachern]
+
+ *) Extended SSI (mod_include) now handles additional relops for
+ string comparisons (<, >, <=, and >=). [Bruno Wolff III] PR#41
+
+ *) Configure fixed to correctly propagate user-selected options and
+ settings (such as CC and OPTIM) to Makefiles other than
+ src/Makefile (notably support/Makefile). [Ken Coar] PR#666, #834
+
+ *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
+ directory indices to start with the contents of the HeaderName file
+ if there is one. If there isn't one, the behaviour is unchanged.
+ [Ken Coar, Roy Fielding, Andrey A. Chernov]
+
+ *) WIN32: Modules can now be dynamically loaded DLLs using the
+ LoadModule/LoadFile directives. Note that module DLLs must be
+ compiled with the multithreaded DLL version of the runtime library.
+ [Alexei Kosut and Ben Laurie]
+
+ *) Automatic indexing removed from mod_dir and placed into mod_autoindex.
+ This allows the admin to completely remove automatic indexing
+ from the server, while still supporting the basic functions of
+ trailing-slash redirects and DirectoryIndex files. Note that if
+ you're carrying over an old Configuration file and you use directory
+ indexing then you'll want to add:
+
+ Module autoindex_module mod_autoindex.o
+
+ before mod_dir in your Configuration. [Dean Gaudet]
+
+ *) popendir/pclosedir created to properly protect directory scanning.
+ [Dean Gaudet] PR#525
+
+ *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
+ giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
+ and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
+ [Alexei Kosut]
+
+ *) The AccessFileName directive can now take more than one filename.
+ ["Lou D. Langholtz" <ldl@usi.utah.edu>]
+
+ *) The new mod_mime_magic can be used to "magically" determine the type
+ of a file if the extension is unknown. Based on the unix file(1)
+ command. [Ian Kluft <ikluft@cisco.com>]
+
+ *) We now determine and display the time spent processing a
+ request if desired. [Jim Jagielski]
+
+ *) mod_status: PID field of "dead" child slots no longer displays
+ main httpd process's PID. [Jim Jagielski]
+
+ *) Makefile.nt added - to build all the bits from the command line:
+ nmake -f Makefile.nt
+ Doesn't yet work properly. [Ben Laurie]
+
+ *) Default text of 404 error is now "Not Found" rather than the
+ potentially misleading "File Not Found". [Ken Coar]
+
+ *) CONFIG: "HostnameLookups" now defaults to off because it is far better
+ for the net if we require people that actually need this data to
+ enable it. [Linus Torvalds]
+
+ *) directory_walk() is an expensive function, keep a little more state to
+ avoid needless string counting. Add two new functions make_dirstr_parent
+ and make_dirstr_prefix which replace all existing uses of make_dirstr.
+ The new functions are a little less general than make_dirstr, but
+ work more efficiently (less memory, less string counting).
+ [Dean Gaudet]
+
+ *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
+ to LDFLAGS) to avoid complications with lex rules in make files.
+ [Dean Gaudet] PR#372
+
+ *) run_method optimized to avoid needless scanning over NULLs in the
+ module list. [Dean Gaudet]
+
+ *) Revamp of (unix) scoreboard management code such that it avoids
+ unnecessary traversals of the scoreboard on each hit. This is
+ particularly important for high volume sites with a large
+ HARD_SERVER_LIMIT. Some of the previous operations were O(n^2),
+ and are now O(n). See also SCOREBOARD_MAINTENANCE_INTERVAL in
+ httpd.h. [Dean Gaudet]
+
+ *) In configurations using multiple Listen statements it was possible for
+ busy sockets to starve other sockets of service. [Dean Gaudet]
+
+ *) Added hook so standalone_main can be replaced at compile time
+ (define STANDALONE_MAIN)
+ [Doug MacEachern]
+
+ *) Lowest-level read/write functions in buff.c will be replaced with
+ the SFIO library calls sfread/sfwrite if B_SFIO is defined at
+ compile time. The default sfio discipline will behave as apache
+ would without sfio compiled in.
+ [Doug MacEachern]
+
+ *) Enhance UserDir directive (mod_userdir) to accept a list of
+ usernames for the 'disable' keyword, and add 'enable user...' to
+ selectively *en*able userdirs if they're globally disabled.
+ [Ken Coar]
+
+ *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
+ will work with Netscape dbm files. (dbmmanage will probably not
+ work however.) [Alexander Spohr <aspohr@netmatic.com>] PR#444
+
+ *) Add a ListenBacklog directive to control the backlog parameter
+ passed to listen(). Also change the default to 511 from 512.
+ [Marc Slemko]
+
+ *) API: A new handler response DONE which informs apache that the
+ request has been handled and it can finish off quickly, similar to
+ how it handles errors. [Rob Hartill]
+
+ *) Turn off chunked encoding after sending terminating chunk/footer
+ so that we can't do it twice by accident. [Roy Fielding]
+
+ *) mod_expire also issues Cache-Control: max-age headers.
+ [Rob Hartill]
+
+ *) API: Added kill_only_once option for free_proc_chain so that it won't
+ aggressively try to kill off specific children. For fastcgi.
+ [Stanley Gambarin <gambarin@OpenMarket.com>]
+
+ *) mod_auth deals with extra ':' delimited fields. [Marc Slemko]
+
+ *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
+ When used together, these cause mod_dir to emit HEIGHT and WIDTH
+ attributes in the FancyIndexing IMG tags. [Ken Coar]
+
+ *) PORT: Sequent and SONY NEWS-OS support added. [Jim Jagielski]
+
+ *) PORT: Added Windows NT support
+ [Ben Laurie and Ambarish Malpani <ambarish@valicert.com>]
+
+Changes with Apache 1.2.6
+
+ *) mod_include when using XBitHack Full would send ETags in addition to
+ sending Last-Modifieds. This is incorrect HTTP/1.1 behaviour.
+ [Dean Gaudet] PR#1133
+
+ *) SECURITY: When a client connects to a particular port/addr, and
+ gives a Host: header ensure that the virtual host requested can
+ actually be reached via that port/addr. [Ed Korthof <ed@organic.com>]
+
+ *) Support virtual hosts with wildcard port and/or multiple ports
+ properly. [Ed Korthof <ed@organic.com>]
+
+ *) Fixed some case-sensitivity issues according to RFC2068.
+ [Dean Gaudet]
+
+ *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
+ and mod_include.c. [Dean Gaudet]
+
+ *) Variable 'cwd' was being used pointlessly before being set.
+ [Ken Coar] PR#1738
+
+ *) SIGURG doesn't exist on all platforms.
+ [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
+
+ *) When an error occurs during a POST, or other operation with a
+ request body, the body has to be read from the net before allowing
+ a keepalive session to continue. [Roy Fielding] PR#1399
+
+ *) When an error occurs in fcntl() locking suggest the user look up
+ the docs for LockFile. [Dean Gaudet]
+
+ *) table_set() and table_unset() did not deal correctly with
+ multiple occurrences of the same key. [Stephen Scheck
+ <sscheck@infonex.net>, Ben Laurie] PR#1604
+
+ *) send_fd_length() did not calculate total_bytes_sent properly in error
+ cases. [Ben Reser <breser@regnow.com>] PR#1366
+
+ *) r->connection->user was allocated in the wrong pool causing corruption
+ in some cases when used with mod_cern_meta. [Dean Gaudet] PR#1500
+
+ *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
+ Also removed the auto-generated link to www.apache.org that was the
+ source of so many misdirected bug reports. [Roy Fielding, Marc Slemko]
+
+ *) Multiple "close" tokens may have been set in the "Connection"
+ header, not an error, but a waste.
+ [Ronald.Tschalaer@psi.ch] PR#1683
+
+ *) "basic" and "digest" auth tokens should be tested case-insensitive.
+ [Ronald.Tschalaer@psi.ch] PR#1599, PR#1666
+
+ *) It appears the "257th byte" bug (see
+ htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
+ at the 256th byte as well. Fixed. [Dean Gaudet]
+
+ *) mod_rewrite would not handle %3f properly in some situations.
+ [Ralf Engelschall]
+
+ *) Apache could generate improperly chunked HTTP/1.1 responses when
+ the bputc() or rputc() functions were used by modules (such as
+ mod_include). [Dean Gaudet]
+
+ *) #ifdef wrap a few #defines in httpd.h to make life easier on
+ some ports. [Ralf Engelschall]
+
+ *) Fix MPE compilation error in mod_usertrack.c. [Mark Bixby]
+
+ *) Quote CC='$(CC)' to improve recurse make calls. [Martin Kraemer]
+
+ *) Avoid B_ERROR redeclaration on sysvr4 systems. [Martin Kraemer]
+
+Changes with Apache 1.2.5
+
+ *) SECURITY: Fix a possible buffer overflow in logresolve. This is
+ only an issue on systems without a MAXDNAME define or where
+ the resolver returns domain names longer than MAXDNAME. [Marc Slemko]
+
+ *) Fix an improper length in an ap_snprintf call in proxy_date_canon().
+ [Marc Slemko]
+
+ *) Fix core dump in the ftp proxy when reading incorrectly formatted
+ directory listings. [Marc Slemko]
+
+ *) SECURITY: Fix possible minor buffer overflow in the proxy cache.
+ [Marc Slemko]
+
+ *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
+ is used to read various types of files such as htaccess and
+ htpasswd files. [Marc Slemko]
+
+ *) SECURITY: Ensure that the buffer returned by ht_time is always
+ properly null terminated. [Marc Slemko]
+
+ *) SECURITY: General mod_include cleanup, including fixing several
+ possible buffer overflows and a possible infinite loop. This cleanup
+ was done against 1.3 code and then backported to 1.2, the result
+ is a large difference (due to indentation cleanup in 1.3 code).
+ Users interested in seeing a smaller set of relevant differences
+ should consider comparing against src/modules/standard/mod_include.c
+ from the 1.3b3 release. Non-indentation changes to mod_include
+ between 1.2 and 1.3 were minimal. [Dean Gaudet, Marc Slemko]
+
+ *) SECURITY: Numerous changes to mod_imap in a general cleanup
+ including fixing a possible buffer overflow. This cleanup also
+ was done with 1.3 code as a basis, see the the previous note
+ about mod_include. [Dean Gaudet]
+
+ *) SECURITY: If a htaccess file can not be read due to bad
+ permissions, deny access to the directory with a HTTP_FORBIDDEN.
+ The previous behavior was to ignore the htaccess file if it could not
+ be read. This change may make some setups with unreadable
+ htaccess files stop working. PR#817 [Marc Slemko]
+
+ *) SECURITY: no2slash() was O(n^2) in the length of the input.
+ Make it O(n). This inefficiency could be used to mount a denial
+ of service attack against the Apache server. Thanks to
+ Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for reporting
+ this. [Dean Gaudet]
+
+ *) mod_include used uninitialized data for some uses of && and ||.
+ [Brian Slesinsky <bslesins@wired.com>] PR#1139
+
+ *) mod_imap should decline all non-GET methods.
+ [Jay Bloodworth <jay@pathways.sde.state.sc.us>]
+
+ *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
+
+ *) mod_userdir was modifying r->finfo in cases where it wasn't setting
+ r->filename. Since those two are meant to be in sync with each other
+ this is a bug. ["Paul B. Henson" <henson@intranet.csupomona.edu>]
+
+ *) mod_include did not properly handle all possible redirects from sub-
+ requests. [Ken Coar]
+
+ *) Inetd mode (which is buggy) uses timeouts without having setup the
+ jmpbuffer. [Dean Gaudet] PR#1064
+
+ *) Work around problem under Linux where a child will start looping
+ reporting a select error over and over.
+ [Rick Franchuk <rickf@transpect.net>] PR#1107
+
+Changes with Apache 1.2.4
+
+ *) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
+ always making requests with the full-URI instead of just the URI path.
+ [Marc Slemko, Roy Fielding]
+
+ *) Add -lm for AIX versions >= 4.2 to allow Apache to link properly
+ on this platform. [Marc Slemko]
+
+Changes with Apache 1.2.3
+
+ *) The request to a remote proxy was mangled if it was generated as the
+ result of a ProxyPass directive. URL schemes other than http:// were not
+ supported when ProxyRemote was used. PR#260, PR#656, PR#699, PR#713,
+ PR#812 [Lars Eilebrecht]
+
+ *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
+ information for case where proxy module is not available. [Marc Slemko]
+
+ *) Force proxy to always respond as HTTP/1.0, which it was failing to
+ do for errors and cached responses. [Roy Fielding]
+
+ *) PORT: Improved support for ConvexOS 11. [Jeff Venters]
+
+Changes with Apache 1.2.2 [not released]
+
+ *) Fixed another long-standing bug in sub_req_lookup_file where it would
+ happily skip past access checks on subdirectories looked up with relative
+ paths. (It's used by mod_dir, mod_negotiation, and mod_include.)
+ [Dean Gaudet]
+
+ *) Add lockfile name to error message printed out when
+ USE_FLOCK_SERIALIZED_ACCEPT is defined.
+ [Marc Slemko]
+
+ *) Enhanced the chunking and error handling inside the buffer functions.
+ [Dean Gaudet, Roy Fielding]
+
+ *) When merging the main server's <Directory> and <Location> sections into
+ a vhost, put the main server's first and the vhost's second. Otherwise
+ the vhost can't override the main server. [Dean Gaudet] PR#717
+
+ *) The <Directory> code would merge and re-merge the same section after
+ a match was found, possibly causing problems with some modules.
+ [Dean Gaudet]
+
+ *) Fixed an infinite loop in mod_imap for references above the server root.
+ [Dean Gaudet] PR#748
+
+ *) mod_include cleanup showed that handle_else was being used to handle
+ endif. It didn't cause problems, but it was cleaned up too.
+ [Howard Fear]
+
+ *) Last official synchronization of mod_rewrite with author version (because
+ mod_rewrite is now directly developed by the author at the Apache Group):
+ o added diff between mod_rewrite 3.0.6+ and 3.0.9
+ minus WIN32/NT stuff, but plus copyright removement.
+ In detail:
+ - workaround for detecting infinite rewriting loops
+ - fixed setting of env vars when "-" is used as subst string
+ - fixed forced response code on redirects (PR#777)
+ - fixed cases where r->args is ""
+ - kludge to disable locking on pipes under braindead SunOS
+ - fix for rewritelog in cases where remote hostname is unknown
+ - fixed totally damaged request_rec walk-back loop
+ o remove static from local data and add static to global ones.
+ o replaced ugly proxy finding stuff by simple
+ find_linked_module("mod_proxy") call.
+ o added missing negation char on rewritelog()
+ o fixed a few comment typos
+ [Ralf S. Engelschall]
+
+ *) Anonymous_LogEmail was logging on each subrequest.
+ [Dean Gaudet] PR#421, PR#868
+
+ *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
+ begin with. "nokeepalive" now works for HTTP/1.1 clients. Added
+ "downgrade-1.0" which causes Apache to pretend it received a 1.0.
+ Additionally mod_browser now triggers during translate_name to workaround
+ a deficiency in the header_parse phase.
+ [Dean Gaudet] PR#875
+
+ *) get_client_block() returns wrong length if policy is
+ REQUEST_CHUNKED_DECHUNK.
+ [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
+
+ *) Properly treat <files> container like other containers in mod_info.
+ [Marc Slemko] PR#848
+
+ *) The proxy didn't treat the "Host:" keyword of the host header as case-
+ insensitive. The proxy would corrupt the first line of a response from
+ an HTTP/0.9 server. [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#813,814
+
+ *) mod_include would log some bogus values occasionally.
+ [Skip Montanaro <skip@calendar.com>, Marc Slemko] PR#797
+
+ *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP
+ under Solaris 2.x (up through 2.5.1). It has been fixed.
+ [Dean Gaudet] PR#832
+
+ *) API: In HTTP/1.1, whether or not a request message contains a body
+ is independent of the request method and based solely on the presence
+ of a Content-Length or Transfer-Encoding. Therefore, our default
+ handlers need to be prepared to read a body even if they don't know
+ what to do with it; otherwise, the body would be mistaken for the
+ next request on a persistent connection. discard_request_body()
+ has been added to take care of that. [Roy Fielding] PR#378
+
+ *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache
+ release version number, such that it always increases along the
+ same lines as our source code branching. [Roy Fielding]
+
+ *) Minor oversight on multiple variants fixed. [Paul Sutton] PR#94
+
+Changes with Apache 1.2.1
+
+ *) SECURITY: Don't serve file system objects unless they are plain files,
+ symlinks, or directories. This prevents local users from using pipes
+ or named sockets to invoke programs for an extremely crude form of
+ CGI. [Dean Gaudet]
+
+ *) SECURITY: HeaderName and ReadmeName were settable in .htaccess and
+ could contain "../" allowing a local user to "publish" any file on
+ the system. No slashes are allowed now. [Dean Gaudet]
+
+ *) SECURITY: It was possible to violate the symlink Options using mod_dir
+ (headers, readmes, titles), mod_negotiation (type maps), or
+ mod_cern_meta (meta files). [Dean Gaudet]
+
+ *) SECURITY: Apache will refuse to run as "User root" unless
+ BIG_SECURITY_HOLE is defined at compile time. [Dean Gaudet]
+
+ *) CONFIG: If a symlink pointed to a directory then it would be disallowed
+ if it contained a .htaccess disallowing symlinks. This is contrary
+ to the rule that symlink permissions are tested with the symlink
+ options of the parent directory. [Dean Gaudet] PR#353
+
+ *) CONFIG: The LockFile directive can be used to place the serializing
+ lockfile in any location. It previously defaulted to /usr/tmp/htlock.
+ [Somehow it took four of us: Randy Terbush, Jim Jagielski, Dean Gaudet,
+ Marc Slemko]
+
+ *) Request processing now retains state of whether or not the request
+ body has been read, so that internal redirects and subrequests will
+ not try to read it twice (and block). [Roy Fielding]
+
+ *) Add a placeholder in modules/Makefile to avoid errors with certain
+ makes. [Marc Slemko]
+
+ *) QUERY_STRING was unescaped in mod_include, it shouldn't be.
+ [Dean Gaudet] PR#644
+
+ *) mod_include was not properly changing the current directory.
+ [Marc Slemko] PR#742
+
+ *) Attempt to work around problems with third party libraries that do not
+ handle high numbered descriptors (examples include bind, and
+ solaris libc). On all systems apache attempts to keep all permanent
+ descriptors above 15 (called the low slack line). Solaris users
+ can also benefit from adding -DHIGH_SLACK_LINE=256 to EXTRA_CFLAGS
+ which keeps all non-FILE * descriptors above 255. On all systems
+ this should make supporting large numbers of vhosts with many open
+ log files more feasible. If this causes trouble please report it,
+ you can disable this workaround by adding -DNO_SLACK to EXTRA_CFLAGS.
+ [Dean Gaudet] various PRs
+
+ *) Related to the last entry, network sockets are now opened before
+ log files are opened. The only known case where this can cause
+ problems is under Solaris with many virtualhosts and many Listen
+ directives. But using -DHIGH_SLACK_LINE=256 described above will
+ work around this problem. [Dean Gaudet]
+
+ *) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
+ SunOS 4.
+
+ *) Improved unix error response logging. [Marc Slemko]
+
+ *) Update mod_rewrite from 3.0.5 to 3.0.6. New ruleflag
+ QSA=query_string_append. Also fixed a nasty bug in per-dir context:
+ when a URL http://... was used in conjunction with a special
+ redirect flag, e.g. R=permanent, the permanent status was lost.
+ [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>, Ralf S. Engelschall]
+
+ *) If an object has multiple variants that are otherwise equal Apache
+ would prefer the last listed variant rather than the first.
+ [Paul Sutton] PR#94
+
+ *) "make clean" at the top level now removes *.o. [Dean Gaudet] PR#752
+
+ *) mod_status dumps core in inetd mode. [Marc Slemko and Roy Fielding]
+ PR#566
+
+ *) pregsub had an off-by-1 in its error checking code. [Alexei Kosut]
+
+ *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333
+
+ *) PORT: Update UnixWare support for 2.1.2.
+ [Lawrence Rosenman <ler@lerctr.org>] PR#511
+
+ *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim@tandem.com>] PR#327
+
+ *) PORT: Update ConvexOS support for 11.5.
+ [David DeSimone <fox@convex.com>] PR#399
+
+ *) PORT: Support for DEC cc compiler under ULTRIX.
+ ["P. Alejandro Lopez-Valencia" <alejolo@ideam.gov.co>] PR#388
+
+ *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
+
+ *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c.
+ [Marc Slemko] PR#725
+
+ *) PORT: fix problem compiling http_bprintf.c with gcc under SCO
+ [Marc Slemko] PR#695
+
+Changes with Apache 1.2
+
+Changes with Apache 1.2b11
+
+ *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
+
+ *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl.
+ [Doug MacEachern, Rob Hartill]
+
+ *) Proxy needs to use hard_timeout instead of soft_timeout when it is
+ reading from one buffer and writing to another, at least until it has
+ a custom timeout handler. [Roy Fielding and Petr Lampa]
+
+ *) Fixed problem on IRIX with servers hanging in IdentityCheck,
+ apparently due to a mismatch between sigaction and setjmp.
+ [Roy Fielding] PR#502
+
+ *) Log correct status code if we timeout before receiving a request (408)
+ or if we received a request-line that was too long to process (414).
+ [Ed Korthof and Roy Fielding] PR#601
+
+ *) Virtual hosts with the same ServerName, but on different ports, were
+ not being selected properly. [Ed Korthof]
+
+ *) Added code to return the requested IP address from proxy_host2addr()
+ if gethostbyaddr() fails due to reverse DNS lookup problems. Original
+ change submitted by Jozsef Hollosi <hollosi@sbcm.com>.
+ [Chuck Murcko] PR#614
+
+ *) If multiple requests on a single connection are used to retrieve
+ data from different virtual hosts, the virtual host list would be
+ scanned starting with the most recently used VH instead of the first,
+ causing most virtual hosts to be ignored.
+ [Paul Sutton and Martin Mares] PR#610
+
+ *) The OS/2 handling of process group was broken by a porting patch for
+ MPE, so restored prior code for OS/2. [Roy Fielding and Garey Smiley]
+
+ *) Inherit virtual server port from main server if none (or "*") is
+ given for VirtualHost. [Dean Gaudet] PR#576
+
+ *) If the lookup for a DirectoryIndex name with content negotiation
+ has found matching variants, but none are acceptable, return the
+ negotiation result if there are no more DirectoryIndex names to lookup.
+ [Petr Lampa and Roy Fielding]
+
+ *) If a soft_timeout occurs after keepalive is set, then the main child
+ loop would try to read another request even though the connection
+ has been aborted. [Roy Fielding]
+
+ *) Configure changes: Allow for whitespace at the start of a
+ Module declaration. Also, be more understanding about the
+ CC=/OPTIM= format in Configuration. Finally, fix compiler
+ flags if using HP-UX's cc compiler. [Jim Jagielski]
+
+ *) Subrequests and internal redirects now inherit the_request from the
+ original request-line. [Roy Fielding]
+
+ *) Test for error conditions before creating output header fields, since
+ we don't want the error message to include those fields. Likewise,
+ reset the content_language(s) and content_encoding of the response
+ before generating or redirecting to an error message, since the new
+ message will have its own Content-* definitions. [Dean Gaudet]
+
+ *) Restored the semantics of headers_out (headers sent only with 200..299
+ and 304 responses) and err_headers_out (headers sent with all responses).
+ Avoid the overhead of copying tables if err_headers_out is empty
+ (the usual case). [Roy Fielding]
+
+ *) Fixed a couple places where a check for the default Content-Type was
+ not properly checking both the value configured by the DefaultType
+ directive and the DEFAULT_TYPE symbol in httpd.h. Changed the value
+ of DEFAULT_TYPE to match the documented default (text/plain).
+ [Dean Gaudet] PR#506
+
+ *) Escape the HTML-sensitive characters in the Request-URI that is
+ output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501
+
+ *) Properly initialize the flock structures used by the mutex locking
+ around accept() when USE_FCNTL_SERIALIZED_ACCEPT is defined.
+ [Marc Slemko]
+
+ *) The method for determining PATH_INFO has been restored to the pre-1.2b
+ (and NCSA httpd) definition wherein it was the extra path info beyond
+ the CGI script filename. The environment variable FILEPATH_INFO has
+ been removed, and instead we supply the original REQUEST_URI to any
+ script that wants to be Apache-specific and needs the real URI path.
+ This solves a problem with existing scripts that use extra path info
+ in the ScriptAlias directive to pass options to the CGI script.
+ [Roy Fielding]
+
+ *) The _default_ change in 1.2b10 will change the behaviour on configs
+ that use multiple Listen statements for listening on multiple ports.
+ But that change is necessary to make _default_ consistent with other
+ forms of <VirtualHost>. It requires such configs to be modified
+ to use <VirtualHost _default_:*>. The documentation has been
+ updated. [Dean Gaudet] PR#530
+
+ *) If an ErrorDocument CGI script is used to respond to an error
+ generated by another CGI script which has already read the message
+ body of the request, the server would block trying to read the
+ message body again. [Rob Hartill]
+
+ *) signal() replacement conflicted with a define on QNX (and potentially
+ other platforms). Fixed. [Ben Laurie] PR#512
+
+Changes with Apache 1.2b10
+
+ *) Allow HTTPD_ROOT, SERVER_CONFIG_FILE, DEFAULT_PATH, and SHELL_PATH
+ to be configured via -D in Configuration. [Dean Gaudet] PR#449
+
+ *) <VirtualHost _default_:portnum> didn't work properly. [Dean Gaudet]
+
+ *) Added prototype for mktemp() for SUNOS4 [Marc Slemko]
+
+ *) In mod_proxy.c, check return values for proxy_host2addr() when reading
+ config, in case the hostent struct returned is trash.
+ [Chuck Murcko] PR #491
+
+ *) Fixed the fix in 1.2b9 for parsing URL query info into args for CGI
+ scripts. [Dean Gaudet, Roy Fielding, Marc Slemko]
+
+Changes with Apache 1.2b9 [never announced]
+
+ *) Reset the MODULE_MAGIC_NUMBER to account for the unsigned port
+ changes and in anticipation of 1.2 final release. [Roy Fielding]
+
+ *) Fix problem with scripts not receiving a SIGPIPE when client drops
+ the connection (e.g., when user presses Stop). Apache will now stop
+ trying to send a message body immediately after an error from write.
+ [Roy Fielding and Nathan Kurz] PR#335
+
+ *) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
+ than mod_alias, and mod_alias has higher priority than mod_proxy;
+ rearranged other modules to enhance understanding of their purpose
+ and relative order (and maybe even reduce some overhead).
+ [Roy Fielding and Sameer Parekh]
+
+ *) Fix graceful restart. Eliminate many signal-related race
+ conditions in both forms of restart, and in SIGTERM. See
+ htdocs/manual/stopping.html for details on stopping and
+ restarting the parent. [Dean Gaudet]
+
+ *) Fix memory leaks in mod_rewrite, mod_browser, mod_include. Tune
+ memory allocator to avoid a behaviour that required extra blocks to
+ be allocated. [Dean Gaudet]
+
+ *) Allow suexec to access files relative to current directory but not
+ above. (Excluding leading / or any .. directory.) [Ken Coar]
+ PR#269, 319, 395
+
+ *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
+ PR#367, 368, 354, 453
+
+ *) Fix the above fix: if suexec is enabled, avoid destroying r->url
+ while obtaining the /~user and save the username in a separate data
+ area so that it won't be overwritten by the call to getgrgid(), and
+ fix some misuse of the pool string allocation functions. Also fixes
+ a general problem with parsing URL query info into args for CGI scripts.
+ [Roy Fielding] PR#339, 367, 354, 453
+
+ *) Fix IRIX warning about bzero undefined. [Marc Slemko]
+
+ *) Fix problem with <Directory proxy:...>. [Martin Kraemer] PR#271
+
+ *) Corrected spelling of "authoritative". AuthDBAuthoratative became
+ AuthDBAuthoritative. [Marc Slemko] PR#420
+
+ *) MaxClients should be at least 1. [Lars Eilebrecht] PR#375
+
+ *) The default handler now logs invalid methods or URIs (i.e. PUT on an
+ object that can't be PUT, or FOOBAR for some method FOOBAR that
+ apache doesn't know about at all). Log 404s that occur in mod_include.
+ [Paul Sutton, John Van Essen]
+
+ *) If a soft timeout (or lingerout) occurs while trying to flush a
+ buffer or write inside buff.c or fread'ing from a CGI's output,
+ then the timeout would be ignored. [Roy Fielding] PR#373
+
+ *) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's
+ parsing of headers. If the terminating empty-line CRLF occurs starting
+ at the 256th or 257th byte of output, then Navigator will think a normal
+ image is invalid. We are guessing that this is because their initial
+ read of a new request uses a 256 byte buffer. We check the bytes written
+ so far and, if we are about to tickle the bug, we instead insert a
+ padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232
+
+ *) Fixed SIGSEGV problem when a DirectoryIndex file is also the source
+ of an external redirection. [Roy Fielding and Paul Sutton]
+
+ *) Configure would create a broken Makefile if the configuration file
+ contained a commented-out Rule. [Roy Fielding]
+
+ *) Promote per_dir_config and subprocess_env from the subrequest to the
+ main request in mod_negotiation. In particular this fixes a bug
+ where <Files> sections wouldn't properly apply to negotiated content.
+ [Dean Gaudet]
+
+ *) Fix a potential deadlock in mod_cgi script_err handling.
+ [Ralf S. Engelschall]
+
+ *) rotatelogs zero-pads the logfile names to improve alphabetic sorting.
+ [Mitchell Blank Jr]
+
+ *) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within
+ .htaccess files because the RewriteBase was not replaced correctly.
+ Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside
+ <Directory> sections missing a trailing /. [Ralf S. Engelschall]
+
+ *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x. For
+ 1.x the settings are those of pre-1.2b8. For 2.x we include
+ USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
+ HAVE_SYS_RESOURCE_H (enable the RLimit commands).
+ [Dean Gaudet] PR#336, PR#340
+
+ *) Redirect did not preserve ?query_strings when present in the client's
+ request. [Dean Gaudet]
+
+ *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
+
+ *) Use /bin/sh5 on ULTRIX. [P. Alejandro Lopez-Valencia] PR#369
+
+ *) Add UnixWare compile/install instructions. [Chuck Murcko]
+
+ *) Add mod_example (illustration of API techniques). [Ken Coar]
+
+ *) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
+
+ *) Improve handling of directories when filenames have spaces in them.
+ [Chuck Murcko]
+
+ *) For hosts with multiple IP addresses, try all additional addresses if
+ necessary to get a connect. Fail only if hostent address list is
+ exhausted. [Chuck Murcko]
+
+ *) More signed/unsigned port fixes. [Dean Gaudet]
+
+ *) HARD_SERVER_LIMIT can be defined in the Configuration file now.
+ [Dean Gaudet]
+
+Changes with Apache 1.2b8
+
+ *) suexec.c doesn't close the log file, allowing CGIs to continue writing
+ to it. [Marc Slemko]
+
+ *) The addition of <Location> and <File> directives made the
+ sub_req_lookup_simple() function bogus, so we now handle
+ the special cases directly. [Dean Gaudet]
+
+ *) We now try to log where the server is dumping core when a fatal
+ signal is received. [Ken Coar]
+
+ *) Improved lingering_close by adding a special timeout, removing the
+ spurious log messages, removing the nonblocking settings (they
+ are not needed with the better timeout), and adding commentary
+ about the NO_LINGCLOSE and USE_SO_LINGER issues. NO_LINGCLOSE is
+ now the default for SunOS4, UnixWare, NeXT, and IRIX. [Roy Fielding]
+
+ *) Send error messages about setsockopt failures to the server error
+ log instead of stderr. [Roy Fielding]
+
+ *) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
+
+ *) Stopgap solution for CGI 3-second delay with server-side includes: if
+ processing a subrequest, allocate memory from r->main->pool instead
+ of r->pool so that we can avoid waiting for free_proc_chain to cleanup
+ in the middle of an SSI request. [Dean Gaudet] PR #122
+
+ *) Fixed status of response when POST is received for a nonexistent URL
+ (was sending 405, now 404) and when any method is sent with a
+ full-URI that doesn't match the server and the server is not acting
+ as a proxy (was sending 501, now 403). [Roy Fielding]
+
+ *) Host port changed to unsigned short. [Ken Coar] PR #276
+
+ *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
+
+ *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux. [Dean Gaudet]
+
+ *) Report extra info from errno with many errors that cause httpd to exit.
+ spawn_child, popenf, and pclosef now have valid errno returns in the
+ event of an error. Correct problems where errno was stomped on
+ before being reported. [Dean Gaudet]
+
+ *) In the proxy, if the cache filesystem was full, garbage_coll() was
+ never called, and thus the filesystem would remain full indefinitely.
+ We now also remove incomplete cache files left if the origin server
+ didn't send a Content-Length header and either the client has aborted
+ transfer or bwrite() to client has failed. [Petr Lampa]
+
+ *) Fixed the handling of module and script-added header fields.
+ Improved the interface for sending header fields and reduced
+ the duplication of code between sending okay responses and errors.
+ We now always send both headers_out and err_headers_out, and
+ ensure that the server-reserved fields are not being overridden,
+ while not overriding those that are not reserved. [Roy Fielding]
+
+ *) Moved transparent content negotiation fields to err_headers_out
+ to reflect above changes. [Petr Lampa]
+
+ *) Fixed the determination of whether or not we should make the
+ connection persistent for all of the cases where some other part
+ of the server has already indicated that we should not. Also
+ improved the ordering of the test so that chunked encoding will
+ be set whenever it is desired instead of only when KeepAlive
+ is enabled. Added persistent connection capability for most error
+ responses (those that do not indicate a bad input stream) when
+ accessed by an HTTP/1.1 client. [Roy Fielding]
+
+ *) Added missing timeouts for sending header fields, error responses,
+ and the last chunk of chunked encoding, each of which could have
+ resulted in a process being stuck in write forever. Using soft_timeout
+ requires that the sender check for an aborted connection rather than
+ continuing after an EINTR. Timeouts that used to be initiated before
+ send_http_header (and never killed) are now initiated only within or
+ around the routines that actually do the sending, and not allowed to
+ propagate above the caller. [Roy Fielding]
+
+ *) mod_auth_anon required an @ or a . in the email address, not both.
+ [Dirk vanGulik]
+
+ *) per_dir_defaults weren't set correctly until directory_walk for
+ name-based vhosts. This fixes an obscure bug with the wrong config
+ info being used for vhosts that share the same ip as the server.
+ [Dean Gaudet]
+
+ *) Improved generation of modules/Makefile to be more generic for
+ new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
+
+ *) Generate makefile dependency for Configuration based on the actual
+ name given when running the Configure process. [Dean Gaudet]
+
+ *) Fixed problem with vhost error log not being set prior to
+ initializing virtual hosts. [Dean Gaudet]
+
+ *) Fixed infinite loop when a trailing slash is included after a type map
+ file URL (extra path info). [Petr Lampa]
+
+ *) Fixed server status updating of per-connection counters. [Roy Fielding]
+
+ *) Add documentation for DNS issues (reliability and security), and try
+ to explain the virtual host matching process. [Dean Gaudet]
+
+ *) Try to continue gracefully by disabling the vhost if a DNS lookup
+ fails while parsing the configuration file. [Dean Gaudet]
+
+ *) Improved calls to setsockopt. [Roy Fielding]
+
+ *) Negotiation changes: Don't output empty content-type in variant list;
+ Output charset in variant list; Return sooner from handle_multi() if
+ no variants found; Add handling of '*' wildcard in Accept-Charset.
+ [Petr Lampa and Paul Sutton]
+
+ *) Fixed overlaying of request/sub-request notes and headers in
+ mod_negotiation. [Dean Gaudet]
+
+ *) If two variants' charset quality are equal and one is the default
+ charset (iso-8859-1), then prefer the variant that was specifically
+ listed in Accept-Charset instead of the default. [Petr Lampa]
+
+ *) Memory allocation problem in push_array() -- it would corrupt memory
+ when nalloc==0. [Kai Risku <krisku@tf.hut.fi> and Roy Fielding]
+
+ *) invoke_handler() doesn't handle mime arguments in content-type
+ [Petr Lampa] PR#160
+
+ *) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
+ [Ken Coar]
+
+ *) Fixed problem with ErrorDocument not working for virtual hosts
+ due to one of the performance changes in 1.2b7. [Dean Gaudet]
+
+ *) Log an error message if we get a request header that is too long,
+ since it may indicate a buffer overflow attack. [Marc Slemko]
+
+ *) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and
+ not reject URLs without a double-slash, as per RFC2068 section 3.2.
+ [Ken Coar] PR #146, #187
+
+ *) Added table entry placeholder for new header_parser callback
+ in all of the distributed modules. [Ken Coar] PR #191
+
+ *) Allow for cgi files without the .EXE extension on them under OS/2.
+ [Garey Smiley] PR #59
+
+ *) Fixed error message when resource is not found and URL contains
+ path info. [Petr Lampa and Dean Gaudet] PR #40
+
+ *) Fixed user and server confusion over what should be a virtual host
+ and what is the main server, resulting in access to something
+ other than the name defined in the virtualhost directive (but
+ with the same IP address) failing. [Dean Gaudet]
+
+ *) Updated mod_rewrite to version 3.0.2, which: fixes compile error on
+ AIX; improves the redirection stuff to enable the users to generally
+ redirect to http, https, gopher and ftp; added TIME variable for
+ RewriteCond which expands to YYYYMMDDHHMMSS strings and added the
+ special patterns >STRING, <STRING and =STRING to RewriteCond, which
+ can be used in conjunction with %{TIME} or other variables to create
+ time-dependent rewriting rules. [Ralf S. Engelschall]
+
+ *) bpushfd() no longer notes cleanups for the file descriptors it is handed.
+ Module authors may need to adjust their code for proper cleanup to take
+ place (that is, call note_cleanups_for_fd()). This change fixes problems
+ with file descriptors being erroneously closed when the proxy module was
+ in use. [Ben Laurie]
+
+ *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
+ initgroups() to hose the group information needed for later
+ comparisons. [Randy Terbush]
+
+ *) Remove unnecessary call to va_end() in create_argv() which
+ caused a SEGV on some systems.
+
+ *) Use proper MAXHOSTNAMELEN symbol for limiting length of server name.
+ [Dean Gaudet]
+
+ *) Clear memory allocated for listeners. [Randy Terbush]
+
+ *) Improved handling of IP address as a virtualhost address and
+ introduced "_default_" as a synonym for the default vhost config.
+ [Dean Gaudet] PR #212
+
+Changes with Apache 1.2b7
+
+ *) Port to UXP/DS(V20) [Toshiaki Nomura <nom@yk.fujitsu.co.jp>]
+
+ *) unset Content-Length if chunked (RFC-2068) [Petr Lampa]
+
+ *) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159
+ - replace protocol response numbers with symbols
+ - save variant-list into main request notes
+ - free allocated memory from subrequests
+ - merge notes, headers_out and err_headers_out
+
+ *) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
+ "HTTP/#.# ###*" to be more lenient about what we accept.
+ [Chuck Murcko]
+
+ *) more proxy FTP bug fixes:
+ - Changed send_dir() to remove user/passwd from displayed URL.
+ - Changed login error messages to be more descriptive.
+ - remove setting of SO_DEBUG socket option
+ - Make ftp_getrc() more lenient about multiline responses,
+ specifically, 230 responses which don't have continuation 230-
+ on each line). These seem to be all NT FTP servers, and while
+ perhaps questionable, they appear to be legal by RFC 959.
+ - Add missing kill_timeout() after transfer to user completes.
+ [Chuck Murcko]
+
+ *) Fixed problem where a busy server could hang when restarting
+ after being sent a SIGHUP due to child processes not exiting.
+ [Marc Slemko]
+
+ *) Modify mod_include escaping so a '\' only signifies an escaped
+ character if the next character is one that needs
+ escaping. [Ben Laurie]
+
+ *) Eliminated possible infinite loop in mod_imap when relative URLs are
+ used with a 'base' directive that does not have a '/' in it.
+ [Marc Slemko, reported by Onno Witvliet <onno@tc.hsa.nl>]
+
+ *) Reduced the default timeout from 1200 seconds to 300, and the
+ one in the sample configfile from 400 to 300. [Marc Slemko]
+
+ *) Stop vbprintf from crashing if given a NULL string pointer;
+ print (null) instead. [Ken Coar]
+
+ *) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY.
+ [Marc Slemko and Roy Fielding]
+
+ *) Fixed problem with mod_cgi-generated internal redirects trying to
+ read the request message-body twice. [Archie Cobbs and Roy Fielding]
+
+ *) Reduced timeout on lingering close, removed possibility of a blocked
+ read causing the child to hang, and stopped logging of errors if
+ the socket is not connected (reset by client). [Roy Fielding]
+
+ *) Rearranged main child loop to remove duplication of code in
+ select/accept and keep-alive requests, fixed several bugs regarding
+ checking scoreboard_image for exit indication and failure to
+ account for all success conditions and trap all error conditions,
+ prevented multiple flushes before closing the socket; close the entire
+ socket buffer instead of just one descriptor, prevent logging of
+ EPROTO and ECONNABORTED on platforms where supported, and generally
+ improved readability. [Roy Fielding]
+
+ *) Extensive performance improvements. Cleaned up inefficient use of
+ auto initializers, multiple is_matchexp calls on a static string,
+ and excessive merging of response_code_strings. [Dean Gaudet]
+
+ *) Added double-buffering to mod_include to improve performance on
+ server-side includes. [Marc Slemko]
+
+ *) Several fixes for suexec wrapper. [Randy Terbush]
+ - Make wrapper work for files on NFS filesystem.
+ - Fix portability problem of MAXPATHLEN.
+ - Fix array overrun problem in clean_env().
+ - Fix allocation of PATH environment variable
+
+ *) Removed extraneous blank line is description of mod_status chars.
+ [Kurt Kohler]
+
+ *) Logging of errors from the call_exec routine simply went nowhere,
+ since the logfile fd has been closed, so now we send them to stderr.
+ [Harald T. Alvestrand]
+
+ *) Fixed core dump when DocumentRoot is a CGI.
+ [Ben Laurie, reported by geddis@tesserae.com]
+
+ *) Fixed potential file descriptor leak in mod_asis; updated it and
+ http_core to use pfopen/pfclose instead of fopen/fclose.
+ [Randy Terbush and Roy Fielding]
+
+ *) Fixed handling of unsigned ints in ap_snprintf() on some chips such
+ as the DEC Alpha which is 64-bit but uses 32-bit ints.
+ [Dean Gaudet and Ken Coar]
+
+ *) Return a 302 response code to the client when sending a redirect
+ due to a missing trailing '/' on a directory instead of a 301; now
+ it is cacheable. [Markus Gyger]
+
+ *) Fix condition where, if a bad directive occurs in .htaccess, and
+ sub_request() goes first to this directory, then log_reason() will
+ SIGSEGV because it doesn't have initialized r->per_dir_config.
+ [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet]
+
+ *) Fix handling of lang_index in is_variant_better(). This was
+ causing problems which resulted in the server sending the
+ wrong language document in some cases. [Petr Lampa]
+
+ *) Remove free() from clean_env() in suexec wrapper. This was nuking
+ the clean environment on some systems.
+
+ *) Tweak byteserving code (e.g. serving PDF files) to work around
+ bugs in Netscape Navigator and Microsoft Internet Explorer.
+ Emit Content-Length header when sending multipart/byteranges.
+ [Alexei Kosut]
+
+ *) Port to HI-UX/WE2. [Nick Maclaren]
+
+ *) Port to HP MPE operating system for HP 3000 machines
+ [Mark Bixby <markb@cccd.edu>]
+
+ *) Fixed bug which caused a segmentation fault if only one argument
+ given to RLimit* directives. [Ed Korthof]
+
+ *) Continue persistent connection after 204 or 304 response. [Dean Gaudet]
+
+ *) Improved buffered output to the client by delaying the flush decision
+ until the BUFF code is actually about to read the next request.
+ This fixes a problem introduced in 1.2b5 with clients that send
+ an extra CRLF after a POST request. Also improved chunked output
+ performance by combining writes using writev() and removing as
+ many bflush() calls as possible. NOTE: Platforms without writev()
+ must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration
+ or Configure, unless we have already done so. [Dean Gaudet]
+
+ *) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko]
+
+ *) Fixed mod_info output corruption bug introduced by buffer overflow
+ fixes. [Dean Gaudet]
+
+ *) Fixed http_protocol to correctly output all HTTP/1.1 headers, including
+ for the special case of a 304 response. [Paul Sutton]
+
+ *) Improved handling of TRACE method by bypassing normal method handling
+ and header parsing routines; fixed Allow response to always allow TRACE.
+ [Dean Gaudet]
+
+ *) Fixed compiler warnings in the regex library. [Dean Gaudet]
+
+ *) Cleaned-up some of the generated HTML. [Ken Coar]
+
+Changes with Apache 1.2b6
+
+ *) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko]
+
+ *) Fix typo introduced in fix for potential infinite loop around
+ accept() in child_main(). This change caused the rev to 1.2b6.
+ 1.2b5 was never a public beta.
+
+Changes with Apache 1.2b5
+
+ *) Change KeepAlive semantics (On|Off instead of a number), add
+ MaxKeepAliveRequests directive. [Alexei Kosut]
+
+ *) Various NeXT compilation patches, as well as a change in
+ regex/regcomp.c since that file also used a NEXT define.
+ [Andreas Koenig]
+
+ *) Allow * to terminate the end of a directory match in mod_dir.
+ Allows /~* to match for both /~joe and /~joe/. [David Bronder]
+
+ *) Don't call can_exec() if suexec_enabled. Calling this requires
+ scripts executed by the suexec wrapper to be world executable, which
+ defeats one of the advantages of running the wrapper. [Randy Terbush]
+
+ *) Portability Fix: IRIX complained with 'make clean' about *pure* (removed)
+ [Jim Jagielski]
+
+ *) Migration from sprintf() to snprintf() to avoid buffer
+ overflows. [Marc Slemko]
+
+ *) Provide portable snprintf() implementation (ap_snprintf)
+ as well as *cvt family. [Jim Jagielski]
+
+ *) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
+ [Jim Jagielski]
+
+ *) Remove mod_fastcgi.c from the distribution. This module appears
+ to be maintained more through the Open Market channels and should
+ continue to be easily available at http://www.fastcgi.com/
+
+ *) Fixed bug in modules/Makefile that wouldn't allow building in more
+ than one subdirectory (or cleaning, either). [Jeremy Laidman]
+
+ *) mod_info assumed that the config files were relative to ServerRoot.
+ [Ken the Rodent]
+
+ *) CGI scripts called as an error document resulting from failed
+ CGI execution would hang waiting for POST'ed data. [Rob Hartill]
+
+ *) Log reason when mod_dir returns access HTTP_FORBIDDEN
+ [Ken the Rodent]
+
+ *) Properly check errno to prevent display of a directory index
+ when server receives a long enough URL to confuse stat().
+ [Marc Slemko]
+
+ *) Several security enhancements to suexec wrapper. It is _highly_
+ recommended that previously installed versions of the wrapper
+ be replaced with this version. [Randy Terbush, Jason Dour]
+
+ - ~user execution now properly restricted to ~user's home
+ directory and below.
+ - execution restricted to UID/GID > 100
+ - restrict passed environment to known variables
+ - call setgid() before initgroups() (portability fix)
+ - remove use of setenv() (portability fix)
+
+ *) Add HTTP/1.0 response forcing. [Ben Laurie]
+
+ *) Add access control via environment variables. [Ben Laurie]
+
+ *) Add rflush() function. [Alexei Kosut]
+
+ *) remove duplicate pcalloc() call in new_connection().
+
+ *) Fix incorrect comparison which could allow number of children =
+ MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential
+ problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof]
+
+ *) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD
+ AIX PS/2, CONVEXOS. [Jim Jagielski]
+
+ *) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock.
+ It's more portable. [Martin Kraemer]
+
+ *) Replace references to make in Makefile.tmpl with $(MAKE).
+ [Chuck Murcko]
+
+ *) Add ProxyBlock directive w/IP address caching. Add IP address
+ caching to NoCache directive as well. ProxyBlock works with all
+ handlers; NoCache now also works with FTP for anonymous logins.
+ Still more code cleanup. [Chuck Murcko]
+
+ *) Add "header parse" API hook [Ben Laurie]
+
+ *) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko]
+
+ *) suEXEC wrapper was freeing memory that had not been malloc'ed.
+
+ *) Correctly allow access and auth directives in <Files> sections in
+ server config files. [Alexei Kosut]
+
+ *) Fix bug with ServerPath that could cause certain files to be not
+ found by the server. [Alexei Kosut]
+
+ *) Fix handling of ErrorDocument so that it doesn't remove a trailing
+ double-quote from text and so that it properly checks for unsupported
+ status codes using the new index_of_response interface. [Roy Fielding]
+
+ *) Multiple fixes to the lingering_close code in order to avoid being
+ interrupted by a stray timeout, to avoid lingering on a connection
+ that has already been aborted or never really existed, to ensure that
+ we stop lingering as soon as any error condition is received, and to
+ prevent being stuck indefinitely if the read blocks. Also improves
+ reporting of error conditions. [Marc Slemko and Roy Fielding]
+
+ *) Fixed initialization of parameter structure for sigaction.
+ [mgyger@itr.ch, Adrian Filipi-Martin]
+
+ *) Fixed reinitializing the parameters before each call to accept and
+ select, and removed potential for infinite loop in accept.
+ [Roy Fielding, after useful PR from adrian@virginia.edu]
+
+ *) Fixed condition where, if a child fails to fork, the scoreboard would
+ continue to say SERVER_STARTING forever. Eventually, the main process
+ would refuse to start new children because count_idle_servers() will
+ count those SERVER_STARTING entries and will always report that there
+ are enough idle servers. [Phillip Vandry]
+
+ *) Fixed bug in bcwrite regarding failure to account for partial writes.
+ Avoided calling bflush() when the client is pipelining requests.
+ Removed unnecessary flushes from http_protocol. [Dean Gaudet]
+
+ *) Added description of "." mode in server-status [Jim Jagielski]
+
+Changes with Apache 1.2b4
+
+ *) Fix possible race condition in accept_mutex_init() that
+ could leave a small security hole open allowing files to be
+ overwritten in cases where the server UID has write permissions.
+ [Marc Slemko]
+
+ *) Fix awk compatibilty problem in Configure. [Jim Jagielski]
+
+ *) Fix portablity problem in util_script where ARG_MAX may not be
+ defined for some systems.
+
+ *) Add changes to allow compilation on Machten 4.0.3 for PowerPC.
+ [Randal Schwartz]
+
+ *) OS/2 changes to support an MMAP style scoreboard file and UNIX
+ style magic #! token for better script portability. [Garey Smiley]
+
+ *) Fix bug in suexec wrapper introduced in b3 that would cause failed
+ execution for ~userdir CGI. [Jason Dour]
+
+ *) Fix initgroups() business in suexec wrapper. [Jason Dour]
+
+ *) Fix month off by one in suexec wrapper logging.
+
+Changes with Apache 1.2b3:
+
+ *) Fix error in mod_cgi which could cause resources not to be properly
+ freed, or worse. [Dean Gaudet]
+
+ *) Fix find_string() NULL pointer dereference. [Howard Fear]
+
+ *) Add set_flag_slot() at the request of Dirk and others.
+ [Dirk vanGulik]
+
+ *) Sync mod_rewrite with patch level 10. [Ralf Engelschall]
+
+ *) Add changes to improve the error message given for invalid
+ ServerName parameters. [Dirk vanGulik]
+
+ *) Add "Authoritative" directive for Auth modules that don't
+ currently have it. This gives admin control to assign authoritative
+ control to an authentication scheme and allow "fall through" for
+ those authentication modules that aren't "Authoritative" thereby
+ allowing multiple authentication mechanisms to be chained.
+ [Dirk vanGulik]
+
+ *) Remove requirement for ResourceConfig/AccessConfig if not using
+ the three config file layout. [Randy Terbush]
+
+ *) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko]
+
+ *) Changes to suexec wrapper to fix the following problems:
+ 1. symlinked homedirs will kill ~userdirs.
+ 2. initgroups() on Linux 2.0.x clobbers gr->grid.
+ 3. CGI command lines paramters problems
+ 4. pw-pwdir for "docroot check" still the httpd user's pw record.
+ [Randy Terbush, Jason Dour]
+
+ *) Change create_argv() to accept variable arguments. This fixes
+ a problem where arguments were not getting passed to the CGI via
+ argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz]
+
+ *) Collapse multiple slashes in path URLs to properly apply
+ handlers defined by <Location>. [Alexei Kosut]
+
+ *) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX.
+
+ *) Improve the accuracy of request duration timings by setting
+ r->request_time in read_request_line() instead of read_request().
+ [Dean Gaudet]
+
+ *) Reset timeout while reading via get_client_block() in mod_cgi.c
+ Fixes problem with timed out transfers of large files. [Rasmus Lerdorf]
+
+ *) Add the ability to pass different Makefile.tmpl files to Configure
+ using the -make flag. [Rob Hartill]
+
+ *) Fix coredump triggered when sending a SIGHUP to the server caused
+ by an assertion failure, in turn caused by an uninitialised field in a
+ listen_rec.
+ [Ben Laurie]
+
+ *) Add FILEPATH_INFO variable to CGI environment, which is equal to
+ PATH_INFO from previous versions of Apache (in certain situations,
+ Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut]
+ [later removed in 1.2b11]
+
+ *) Add rwrite() function to API to allow for sending strings of
+ arbitrary length. [Doug MacEachern]
+
+ *) Remove rlim_t typedef for NetBSD. Do older versions need this?
+
+ *) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for
+ NeXT. [Jim Jagielski]
+
+ *) Removed recent modification to promote the status code on internal
+ redirects, since the correct fix was to change the default log format
+ in mod_log_config so that it outputs the original status. [Rob Hartill]
+
+Changes with Apache 1.2b2:
+
+ *) Update set_signals() to use sigaction() for setting handlers.
+ This appears to fix a re-entrant problem in the seg_fault()
+ bus_error() handlers. [Randy Terbush]
+
+ *) Changes to allow mod_status compile for OS/2 [Garey Smiley]
+
+ *) changes for DEC AXP running OSF/1 v3.0. [Marc Evans]
+
+ *) proxy_http.c bugfixes: [Chuck Murcko]
+ 1) fixes possible NULL pointer reference w/NoCache
+ 2) fixes NoCache behavior when using ProxyRemote (ProxyRemote
+ host would cache nothing if it was in the local domain,
+ and the local domain was in the NoCache list)
+ 3) Adds Host: header when not available
+ 4) Some code cleanup and clarification
+
+ *) mod_include.c bugfixes:
+ 1) Fixed an ommission that caused include variables to not
+ be parsed in config errmsg directives [Howard Fear]
+ 2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
+ 3) Patch to fix compiler warnings [perrot@lal.in2p3.fr]
+ 4) Allow backslash-escaping to all quoted text
+ [Ben Yoshino <ben@wiliki.eng.hawaii.edu>]
+ 5) Pass variable to command line if not set in XSSI's env
+ [Howard Fear]
+
+ *) Fix infinite loop when processing Content-language lines in
+ type-map files. [Alexei Kosut]
+
+ *) Closed file-globbing hole in test-cgi script. [Brian Behlendorf]
+
+ *) Fixed problem in set_[user|group] that prevented CGI execution
+ for non-virtualhosts when suEXEC was enabled. [Randy Terbush]
+
+ *) Added PORTING information file. [Jim Jagielski]
+
+ *) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
+
+ *) Changed default group to "nogroup" instead of "nobody" [Randy Terbush]
+
+ *) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where
+ USE_FCNTL_SERIALIZED_ACCEPT was intended.
+
+ *) Fixed additional uses of 0xffffffff where INADDR_NONE was intended,
+ which caused problems of systems where socket s_addr is >32bits.
+
+ *) Added comment to explain (r->chunked = 1) side-effect in
+ http_protocol.c [Roy Fielding]
+
+ *) Replaced use of index() in mod_expires.c with more appropriate
+ and portable isdigit() test. [Ben Laurie]
+
+ *) Updated Configure for ...
+ OS/2 (DEF_WANTHSREGEX=yes, other code changes)
+ *-dg-dgux* (bad pattern match)
+ QNX (DEF_WANTHSREGEX=yes)
+ *-sunos4* (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
+ *-ultrix (new)
+ *-unixware211 (new)
+ and added some user diagnostic info. [Ben Laurie]
+
+ *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
+ for better portability. [Jim Jagielski]
+
+ *) Updated helpers/GuessOS for ...
+ SCO 5 (recognize minor releases)
+ SCO UnixWare (braindamaged uname, whatever-whatever-unixware2)
+ SCO UnixWare 2.1.1 (requires a separate set of #defines in conf.h)
+ IRIX64 (-sgi-irix64)
+ ULTRIX (-unknown-ultrix)
+ SINIX (-whatever-sysv4)
+ NCR Unix (-ncr-sysv4)
+ and fixed something in helpers/PrintPath [Ben Laurie]
+
+Changes with Apache 1.2b1
+
+ *) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
+
+Changes with Apache 1.1.1
+
+ *) Fixed bug where Cookie module would make two entries in the
+ logfile for each access [Mark Cox]
+
+ *) Fixed bug where Redirect in .htaccess files would cause memory
+ leak. [Nathan Neulinger]
+
+ *) MultiViews now works correctly with AddHandler [Alexei Kosut]
+
+ *) Problems with mod_auth_msql fixed [Dirk vanGulik]
+
+ *) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon.
+
+Changes with Apache 1.1.0
+
+ *) Bring NeXT support up to date. [Takaaki Matsumoto]
+
+ *) Bring QNX support up to date. [Ben Laurie]
+
+ *) Make virtual hosts default to main server keepalive parameters.
+ [Alexei Kosut, Ben Laurie]
+
+ *) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut]
+
+ *) Fix missing address family for connect, also remove unreachable statement
+ in mod_proxy. [Ben Laurie]
+
+ *) mod_env now turned on by default in Configuration.tmpl.
+
+ *) Bugs which were fixed:
+ a) yet more mod_proxy bugs [Ben Laurie]
+ b) CGI works again with inetd [Alexei Kosut]
+ c) Leading colons were stripped from passwords [osm@interguide.com]
+ d) Another fix to multi-method Limit problem [jk@tools.de]
+
+Changes with Apache 1.1b4
+
+ *) r->bytes_sent variable restored. [Robert Thau]
+
+ *) Previously broken multi-method <Limit> parsing fixed. [Robert Thau]
+
+ *) More possibly unsecure programs removed from the support directory.
+
+ *) More mod_auth_msql authentication improvements.
+
+ *) VirtualHosts based on Host: headers no longer conflict with the
+ Listen directive.
+
+ *) OS/2 compatibility enhancements. [Gary Smiley]
+
+ *) POST now allowed to directory index CGI scripts.
+
+ *) Actions now work with files of the default type.
+
+ *) Bugs which were fixed:
+ a) more mod_proxy bugs
+ b) early termination of inetd requests
+ c) compile warnings on several systems
+ d) problems when scripts stop reading output early
+
+Changes with Apache 1.1b3
+
+ *) Much of cgi-bin and all of cgi-src has been removed, due to
+ various security holes found and that we could no longer support
+ them.
+
+ *) The "Set-Cookie" header is now special-cased to not merge multiple
+ instances, since certain popular browsers can not handle multiple
+ Set-Cookie instructions in a single header. [Paul Sutton]
+
+ *) rprintf() added to buffer code, occurrences of sprintf removed.
+ [Ben Laurie]
+
+ *) CONNECT method for proxy module, which means tunneling SSL should work.
+ (No crypto needed) Also a NoCache config directive.
+
+ *) Several API additions: pstrndup(), table_unset() and get_token()
+ functions now available to modules.
+
+ *) mod_imap fixups, in particular Location: headers are now complete
+ URL's.
+
+ *) New "info" module which reports on installed module set through a
+ special URL, a la mod_status.
+
+ *) "ServerPath" directive added - allows for graceful transition
+ for Host:-header-based virtual hosts.
+
+ *) Anonymous authentication module improvements.
+
+ *) MSQL authentication module improvements.
+
+ *) Status module design improved - output now table-based. [Ben Laurie]
+
+ *) htdigest utility included for use with digest authentication
+ module.
+
+ *) mod_negotiation: Accept values with wildcards to be treated with
+ less priority than those without wildcards at the same quality
+ value. [Alexei Kosut]
+
+ *) Bugs which were fixed:
+ a) numerous mod_proxy bugs
+ b) CGI early-termination bug [Ben Laurie]
+ c) Keepalives not working with virtual hosts
+ d) RefererIgnore problems
+ e) closing fd's twice in mod_include (causing core dumps on
+ Linux and elsewhere).
+
+Changes with Apache 1.1b2
+
+ *) Bugfixes:
+ a) core dumps in mod_digest
+ b) truncated hostnames/ip address in the logs
+ c) relative URL's in mod_imap map files
+
+Changes with Apache 1.1b1
+
+ *) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
+
+Changes with Apache 1.0.3
+
+ *) Internal redirects which occur in mod_dir.c now preserve the
+ query portion of a request (the bit after the question mark).
+ [Adam Sussman]
+
+ *) Escape active characters '<', '>' and '&' in html output in
+ directory listings, error messages and redirection links.
+ [David Robinson]
+
+ *) Apache will now work with LynxOS 2.3 and later [Steven Watt]
+
+ *) Fix for POSIX compliance in waiting for processes in alloc.c.
+ [Nick Williams]
+
+ *) setsockopt no longer takes a const declared argument [Martijn Koster]
+
+ *) Reset timeout timer after each successful fwrite() to the network.
+ This patch adds a reset_timeout() procedure that is called by
+ send_fd() to reset the timeout ever time data is written to the net.
+ [Nathan Schrenk]
+
+ *) timeout() signal handler now checks for SIGPIPE and reports
+ lost connections in a more user friendly way. [Rob Hartill]
+
+ *) Location of the "scoreboard" file which used to live in /tmp is
+ now configurable (for OSes that can't use mmap) via ScoreBoardFile
+ which works similar to PidFile (in httpd.conf) [Rob Hartill]
+
+ *) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
+
+ *) the pstrcat call in mod_cookies.c didn't have an ending NULL,
+ which caused a SEGV with cookies enabled
+
+ *) Output warning when MinSpareServers is set to <= 0 and change it to 1
+ [Rob Hartill]
+
+ *) Log the UNIX textual error returned by some system calls, in
+ particular errors from accept() [David Robinson]
+
+ *) Add strerror function to util.c for SunOS4 [Randy Terbush]
+
+Changes with Apache 1.0.2
+
+ *) patch to get Apache compiled on UnixWare 2.x, recommended as
+ a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
+
+ *) Fix get_basic_auth_pw() to set the auth_type of the request.
+ [David Robinson]
+
+ *) past changes to http_config.c to only use the
+ setrlimit function on systems defining RLIMIT_NOFILE
+ broke the feature on SUNOS4. Now defines HAVE_RESOURCE
+ for SUNOS and prototypes the needed functions.
+
+ *) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
+ [David Robinson]
+
+ *) Fix use of pointer to scratch memory. [Cliff Skolnick]
+
+ *) Merge multiple headers from CGI scripts instead of taking last
+ one. [David Robinson]
+
+ *) Add support for SCO 5. [Ben Laurie]
+
+Changes with Apache 1.0.1
+
+ *) Silence mod_log_referer and mod_log_agent if not configured
+ [Randy Terbush]
+
+ *) Recursive includes can occur if the client supplies PATH_INFO data
+ and the server provider uses relative links; as file.html
+ relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson]
+
+ *) The replacement for initgroups() did not call {set,end}grent(). This
+ had two implications: if anything else used getgrent(), then
+ initgroups() would fail, and it was consuming a file descriptor.
+ [Ben Laurie]
+
+ *) On heavily loaded servers it was possible for the scoreboard to get
+ out of sync with reality, as a result of a race condition.
+ The observed symptoms are far more Apaches running than should
+ be, and heavy system loads, generally followed by catastrophic
+ system failure. [Ben Laurie]
+
+ *) Fix typo in license. [David Robinson]
+
+Changes with Apache 1.0.0 23 Nov 1995
+
+ *) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
+
+Changes with Apache 0.8.16 05 Nov 1995
+
+ *) New man page for 'httpd' added to support directory [David Robinson]
+
+ *) .htgroup files can have more than one line giving members for a
+ given group (each must have the group name in front), for NCSA
+ back-compatibility [Robert Thau]
+
+ *) Mutual exclusion around accept() is on by default for SVR4 systems
+ generally, since they generally can't handle multiple processes in
+ accept() on the same socket. This should cure flaky behavior on
+ a lot of those systems. [David Robinson]
+
+ *) AddType, AddEncoding, and AddLanguage directives take multiple
+ extensions on a single command line [David Robinson]
+
+ *) UserDir can be disabled for a given virtual host by saying
+ "UserDir disabled" in the <VirtualHost> section --- it was a bug
+ that this didn't work. [David Robinson]
+
+ *) Compiles on QNX [Ben Laurie]
+
+ *) Corrected parsing of ctime time format [David Robinson]
+
+ *) httpd does a perror() before exiting if it can't log its pid
+ to the PidFile, to make diagnosing the error a bit easier.
+ [David Robinson]
+
+ *) <!--#include file="..."--> can no longer include files in the
+ parent directory, for NCSA back-compatibility. [David Robinson]
+
+ *) '~' is *not* escaped in URIs generated for directory listings
+ [Roy Fielding]
+
+ *) Eliminated compiler warning in the imagemap module [Randy Terbush]
+
+ *) Fixed bug involving handling URIs with escaped %-characters
+ in redirects [David Robinson]
+
+Changes with Apache 0.8.15 14 Oct 1995
+
+ *) Switched to new, simpler license
+
+ *) Eliminated core dumps with improperly formatted DBM group files [Mark Cox]
+
+ *) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie]
+
+ *) Reject paths containing %-escaped '%' or null characters [David Robinson]
+
+ *) Correctly handles internal redirects to files with names containing '%'
+ [David Robinson]
+
+ *) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson]
+
+ *) Use geteuid() rather than getuid() to see if we have root privilege,
+ so that server correctly resets privilege if run setuid root. [Andrew
+ Wilson]
+
+ *) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module)
+ [Randy Terbush]
+
+ *) Fix relative URLs in imagemap files [Randy Terbush]
+
+ *) Somewhat better fix for the old "Alias /foo/ /bar/" business
+ [David Robinson]
+
+ *) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost>
+ entries all name the same one. [David Robinson]
+
+ *) Fix directory listings with filenames containing unusual characters
+ [David Robinson]
+
+ *) Better URI-escaping for generated URIs in directories with filenames
+ containing unusual characters [Ben Laurie]
+
+ *) Fixed potential FILE* leak in http_main.c [Ben Laurie]
+
+ *) Unblock alarms on error return from spawn_child() [David Robinson]
+
+ *) Sample Config files have extra note for SCO users [Ben Laurie]
+
+ *) Configuration has note for HP-UX users [Rob Hartill]
+
+ *) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
+
+ *) Nuked bogus #define in httpd.h [David Robinson]
+
+ *) Better test for whether a system has setrlimit() [David Robinson]
+
+ *) Calls update_child_status() after reopen_scoreboard() [David Robinson]
+
+ *) Doesn't send itself SIGHUP on startup when run in the -X debug-only mode
+ [Ben Laurie]
+
+Changes with Apache 0.8.14 19 Sep 1995
+
+ *) Compiles on SCO ODT 3.0 [Ben Laurie]
+
+ *) AddDescription works (better) [Ben Laurie]
+
+ *) Leaves an intelligible error diagnostic when it can't set group
+ privileges on standalone startup [Andrew Wilson]
+
+ *) Compiles on NeXT again --- the 0.8.13 RLIMIT patch was failing on
+ that machine, which claims to be BSD but does not support RLIMIT.
+ [Randy Terbush]
+
+ *) gcc -Wall no longer complains about an unused variable when util.c
+ is compiled with -DMINIMAL_DNS [Andrew Wilson]
+
+ *) Nuked another compiler warning for -Wall on Linux [Aram Mirzadeh]
+
+Changes with Apache 0.8.13 07 Sep 1995
+
+ *) Make IndexIgnore *work* (ooops) [Jarkko Torppa]
+
+ *) Have built-in imagemap code recognize & honor Point directive [James
+ Cloos]
+
+ *) Generate cleaner directory listings in directories with a mix of
+ long and short filenames [Rob Hartill]
+
+ *) Properly initialize dynamically loaded modules [Royston Shufflebotham]
+
+ *) Properly default ServerName for virtual servers [Robert Thau]
+
+ *) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
+ Paul Richards and a cast of thousands...]
+
+ *) On self-identified BSD systems (we don't try to guess any more),
+ allocate a few extra file descriptors per virtual host with setrlimit,
+ if we can, to avoid running out. [Randy Terbush]
+
+ *) Write 22-character lock file name into buffer with enough space
+ on startup [Konstantin Olchanski]
+
+ *) Use archaic setpgrp() interface on NeXT, which requires it [Brian
+ Pinkerton]
+
+ *) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
+
+ *) Suppress -Wall warning by initializing variable in negotiation code
+ [Tobias Weingartner]
+
+Changes with Apache 0.8.12 31 Aug 1995
+
+ *) Doesn't pause three seconds after including a CGI script which is
+ too slow to die off (this is done by not even trying to kill off
+ subprocesses, including the SIGTERM/pause/SIGKILL routine, until
+ after the entire document has been processed). [Robert Thau]
+
+ *) Doesn't do SSI if Options Includes is off. (Ooops). [David Robinson]
+
+ *) Options IncludesNoExec allows inclusion of at least text/* [Roy Fielding]
+
+ *) Allows .htaccess files to override <Directory> sections naming the
+ same directory [David Robinson]
+
+ *) Removed an efficiency hack in sub_req_lookup_uri which was
+ causing certain extremely marginal cases (e.g., ScriptAlias of a
+ *particular* index.html file) to fail. [David Robinson]
+
+ *) Doesn't log an error when the requested URI requires
+ authentication, but no auth header line was supplied by the
+ client; this is a normal condition (the client doesn't no auth is
+ needed here yet). [Robert Thau]
+
+ *) Behaves more sanely when the name server loses its mind [Sean Welch]
+
+ *) RFC931 code compiles cleanly on old BSDI releases [Randy Terbush]
+
+ *) RFC931 code no longer passes out name of prior clients on current
+ requests if the current request came from a server that doesn't
+ do RFC931. [David Robinson]
+
+ *) Configuration script accepts "Module" lines with trailing whitespace.
+ [Robert Thau]
+
+ *) Cleaned up compiler warning from mod_access.c [Robert Thau]
+
+ *) Cleaned up comments in mod_cgi.c [Robert Thau]
+
+Changes with Apache 0.8.11 24 Aug 1995
+
+ *) Wildcard <Directory> specifications work. [Robert Thau]
+
+ *) Doesn't loop for buggy CGI on Solaris [Cliff Skolnick]
+
+ *) Symlink checks (FollowSymLinks off, or SymLinkIfOwnerMatch) always check
+ the file being requested itself, in addition to the directories leading
+ up to it. [Robert Thau]
+
+ *) Logs access failures due to symlink checks or invalid client address
+ in the error log [Roy Fielding, Robert Thau]
+
+ *) Symlink checks deal correctly with systems where lstat of
+ "/path/to/some/link/" follows the link. [Thau, Fielding]
+
+ *) Doesn't reset DirectoryIndex to 'index.html' when
+ other directory options are set in a .htaccess file. [Robert Thau]
+
+ *) Clarified init code and nuked bogus warning in mod_access.c
+ [Florent Guillaume]
+
+ *) Corrected several directives in sample srm.conf
+ --- includes corrections to directory indexing icon-related directives
+ (using unknown.gif rather than unknown.xbm as the DefaultIcon, doing
+ icons for encodings right, and turning on AddEncoding by default).
+ [Roy Fielding]
+
+ *) Corrected descriptions of args to AddIcon and AddAlt in command table
+ [James Cloos]
+
+ *) INSTALL & README mention "contributed modules" directory [Brian
+ Behlendorf]
+
+ *) Fixed English in the license language... "for for" --> "for".
+ [Roy Fielding]
+
+ *) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
+ mod_alias.c, merging it almost completely with handling of Alias, and
+ adding a 'notes' field to the request_rec which allows the CGI module
+ to discover whether the Alias module has put this request through
+ ScriptAlias (which it needs to know for back-compatibility, as the old
+ NCSA code did not check Options ExecCGI in ScriptAlias directories).
+ [Robert Thau]
+
+Changes with Apache 0.8.10 18 Aug 1995
+
+ *) AllowOverride applies to the named directory, and not just
+ subdirectories. [David Robinson]
+
+ *) Do locking for accept() exclusion (on systems that need it)
+ using a special file created for the purpose in /usr/tmp, and
+ not the error log; using the error log causes real problems
+ if it's NFS-mounted; this is known to be the cause of a whole
+ lot of "server hang" problems with Solaris. [David Robinson;
+ thanks to Merten Schumann for help diagnosing the problem].
+
+Changes with Apache 0.8.9 12 Aug 1995
+
+ *) Compiles with -DMAXIMUM_DNS ---- ooops! [Henrik Mortensen]
+
+ *) Nested includes see environment variables of the including document,
+ for NCSA bug-compatibility (some sites have standard footer includes
+ which try to print out the last-modified date). [Eric Hagberg/Robert
+ Thau]
+
+ *) <!--exec cgi="/some/uri/here"--> always treats the item named by the
+ URI as a CGI script, even if it would have been treated as something
+ else if requested directly, for NCSA back-compatibility. (Note that
+ this means that people who know the name of the script can see the
+ code just by asking for it). [Robert Thau]
+
+ *) New version of dbmmanage script included in support directory as
+ dbmmanage.new.
+
+ *) Check if scoreboard file couldn't be opened, and say so, rather
+ then going insane [David Robinson]
+
+ *) POST to CGI works on A/UX [Jim Jagielski]
+
+ *) AddIcon and AddAlt commands work properly [Rob Hartill]
+
+ *) NCSA server push works properly --- the Arena bug compatibility
+ workaround, which broke it, is gone (use -DARENA_BUG_WORKAROUND
+ if you still want the workaround). [Rob Hartill]
+
+ *) If client didn't submit any Accept-encodings, ignore encodings in
+ content negotiation. (NB this will all have to be reworked anyway
+ for the new HTTP draft). [Florent Guillaume]
+
+ *) Don't dump core when trying to log timed-out requests [Jim Jagielski]
+
+ *) Really honor CacheNegotiatedDocs [Florent Guillaume]
+
+ *) Give Redirect priority over Alias, for NCSA bug compatibility
+ [David Robinson]
+
+ *) Correctly set PATH_TRANSLATED in all cases from <!--#exec cmd=""-->,
+ paralleling earlier bug fix for CGI [David Robinson]
+
+ *) If DBM auth is improperly configured, report a server error and don't
+ dump core.
+
+ *) Deleted FCNTL_SERIALIZED_ACCEPTS from conf.h entry for A/UX;
+ it seems to work well enough without it (even in a 10 hits/sec
+ workout), and the overhead for the locking under A/UX is
+ alarmingly high (though it is very low on other systems).
+ [Eric Hagberg, Jim Jagielski]
+
+ *) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
+
+ *) Further de-Berklize mod_cookies.c; change the bogus #include. [Brian
+ Behlendorf/Eric Hagberg]
+
+ *) More improvements to default Configuration for A/UX [Jim Jagielski]
+
+ *) Compiles clean on NEXT [Rob Hartill]
+
+ *) Compiles clean on SGI [Robert Thau]
+
+Changes with Apache 0.8.8 08 Aug 1995
+
+ *) SunOS library prototypes now never included unless explicitly
+ requested in the configuration (via -DSUNOS_LIB_PROTOTYPES);
+ people using GNU libc on SunOS are screwed by prototypes for the
+ standard library.
+
+ (Those who wish to compile clean with gcc -Wall on a standard
+ SunOS setup need the prototypes, and may obtain them using
+ -DSUNOS_LIB_PROTOTYPES. Those wishing to use -Wall on a system
+ with nonstandard libraries are presumably competent to make their
+ own arrangements).
+
+ *) Strips trailing '/' characters off both args to the Alias command,
+ to make 'Alias /foo/ /bar/' work.
+
+Changes with Apache 0.8.7 03 Aug 1995
+
+ *) Don't hang when restarting with a child from 'TransferLog "|..."' running
+ [reported by David Robinson]
+
+ *) Compiles clean on OSF/1 [David Robinson]
+
+ *) Added some of the more recent significant changes (AddLanguage stuff,
+ experimental LogFormat support) to CHANGES file in distribution root
+ directory
+
+Changes with Apache 0.8.6 02 Aug 1995
+
+ *) Deleted Netscape reload workaround --- it's in violation of HTTP specs.
+ (If you actually wanted a conditional GET which bypassed the cache, you
+ couldn't get it). [Reported by Roy Fielding]
+
+ *) Properly terminate headers on '304 Not Modified' replies to conditional
+ GETs --- no browser we can find cares much, but the CERN proxy chokes.
+ [Reported by Cliff Skolnick; fix discovered independently by Rob Hartill]
+
+ *) httpd -v doesn't call itself "Shambhala". [Reported by Chuck Murcko]
+
+ *) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
+ not __SUNPRO_C (they're needed to quiet gcc -Wall, but acc chokes on 'em,
+ and older versions don't set the __SUNPRO_C preprocessor variable). On
+ all other systems, these are never used anyway. [Reported by Mark Cox].
+
+ *) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
+
+Changes with Apache 0.8.5 01 Aug 1995
+
+ *) Added last-minute configurable log experiment, as optional module
+
+ *) Correctly set r->bytes_sent for HTTP/0.9 requests, so they get logged
+ properly. (One-line fix to http_protocol.c).
+
+ *) Work around bogus behavior when reloading from Netscape.
+ It's Netscape's bug --- for some reason they expect a request with
+ If-modified-since: to not function as a conditional GET if it also
+ comes with Pragma: no-cache, which is way out of line with the HTTP
+ spec (according to Roy Fielding, the redactor).
+
+ *) Added parameter to set maximum number of server processes.
+
+ *) Added patches to make it work on A/UX. A/UX is *weird*. [Eric Hagberg,
+ Jim Jagielski]
+
+ *) IdentityCheck bugfix [Chuck Murcko].
+
+ *) Corrected cgi-src/Makefile entry for new imagemap script. [Alexei Kosut]
+
+ *) More sample config file corrections; add extension to AddType for
+ *.asis, move AddType generic description to its proper place, and
+ fix miscellaneous typos. [ Alexei Kosut ]
+
+ *) Deleted the *other* reference to the regents from the Berkeley
+ legal disclaimer (everyplace).
+
+ *) Nuked Shambhala name from src/README; had already cleaned it out
+ of everywhere else.
+
+Changes with Apache 0.8.4
+
+ *) Changes to server-pool management parms --- renamed current
+ StartServers to MinSpareServers, created separate StartServers
+ parameter which means what it says, and renamed MaxServers to
+ MaxSpareServers (though the old name still works, for NCSA 1.4
+ back-compatibility). The old names were generally regarded as
+ too confusing. Also altered "docs" in sample config files.
+
+ *) More improvements to default config files ---
+ sample directives (commented out) for XBitHack, BindAddress,
+ CacheNegotiatedDocs, VirtualHost; decent set of AddLanguage
+ defaults, AddTypes for send-as-is and imagemap magic types, and
+ improvements to samples for DirectoryIndex [Alexei Kosut]
+
+ *) Yet more improvements to default config files --- changes to
+ Alexei's sample AddLanguage directives, and sample LanguagePriority
+ [ Florent Guillaume ]
+
+ *) Set config file locations properly if not set in httpd.conf
+ [ David Robinson ]
+
+ *) Don't escape URIs in internal redirects multiple times; don't
+ do that when translating PATH_INFO to PATH_TRANSLATED either.
+ [ David Robinson ]
+
+ *) Corrected spelling of "Required" in 401 error reports [Andrew Wilson]
+
+Changes with Apache 0.8.3
+
+ *) Edited distribution README to *briefly* summarize installation
+ procedures, and give a pointer to the INSTALL file in the src/
+ directory.
+
+ *) Upgraded imagemap script in cgi-bin to 1.8 version from more
+ recent NCSA distributions.
+
+ *) Bug fix to previous bug fix --- if .htaccess file and <Directory>
+ exist for the same directory, use both and don't segfault. [Reported
+ by David Robinson]
+
+ *) Proper makefile dependencies [David Robinson]
+
+ *) Note (re)starts in error log --- reported by Rob Hartill.
+
+ *) Only call no2slash() after get_path_info() has been done, to
+ preserve multiple slashes in the PATH_INFO [NCSA compatibility,
+ reported by Andrew Wilson, though this one is probably a real bug]
+
+ *) Fixed mod_imap.c --- relative paths with base_uri referer don't
+ dump core when Referer is not supplied. [Randy Terbush]
+
+ *) Lightly edited sample config files to refer people to our documentation
+ instead of NCSA's, and to list Rob McCool as *original* author (also
+ deleted his old, and no doubt non-functional email address). Would be
+ nice to have examples of new features...
+
+Changes with Apache 0.8.2 19 Jul 1995
+
+ *) Added AddLanuage code [Florent Guillaume]
+
+ *) Don't say "access forbidden" when a CGI script is not found. [Mark Cox]
+
+ *) All sorts of problems when MultiViews finds a directory. It would
+ be nice if mod_dir.c was robust enough to handle that, but for now,
+ just punt. [reported by Brian Behlendorf]
+
+ *) Wait for all children on restart, to make sure that the old socket
+ is gone and we can reopen it. [reported by Randy Terbush]
+
+ *) Imagemap module is enabled in default Configuration
+
+ *) RefererLog and UserAgentLog modules properly default the logfile
+ [Randy Terbush]
+
+ *) Mark Cox's mod_cookies added to the distribution as an optional
+ module (commented out in the default Configuration, and noted as
+ an experiment, along with mod_dld). [Mark Cox]
+
+ *) Compiles on ULTRIX (a continuing battle...). [Robert Thau]
+
+ *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush]
+
+ *) Changed "Shambhala" to "Apache" in API docs. [Robert Thau]
+
+ *) Added new, toothier legal disclaimer. [Robert Thau; copied from BSD
+ license]
+
+Changes with Apache 0.8.1
+
+ *) New imagemap module [Randy Terbush]
+
+ *) Replacement referer log module with NCSA-compatible RefererIgnore
+ [Matthew Gray again]
+
+ *) Don't mung directory listings with very long filenames.
+ [Florent Guillaume]
+
+Changes with Apache 0.8.0 (nee Shambhala 0.6.2) 16 Jul 1995
+
+ *) New config script. See INSTALL for info. [Robert Thau]
+
+ *) Scoreboard mechanism for regulating the number of extant server
+ processes. MaxServers and StartServers defaults are the same as
+ for NCSA, but the meanings are slightly different. (Actually,
+ I should probably lower the MaxServers default to 10).
+
+ Before asking for a new connection, each server process checks
+ the number of other servers which are also waiting for a
+ connection. If there are more than MaxServers, it quietly dies
+ off. Conversely, every second, the root, or caretaker, process
+ looks to see how many servers are waiting for a new connection;
+ if there are fewer than StartServers, it starts a new one. This
+ does not depend on the number of server processes already extant.
+ The accounting is arranged through a "scoreboard" file, named
+ /tmp/htstatus.*, on which each process has an independent file
+ descriptor (they need to seek without interference).
+
+ The end effect is that MaxServers is the maximum number of
+ servers on an *inactive* server machine, but more will be forked
+ off to handle unusually heavy loads (or unusually slow clients);
+ these will die off when they are no longer needed --- without
+ reverting to the overhead of full forking operation. There is a
+ hard maximum of 150 server processes compiled in, largely to
+ avoid forking out of control and dragging the machine down.
+ (This is arguably too high).
+
+ In my server endurance tests, this mechanism did not appear to
+ impose any significant overhead, even after I forced it to put the
+ scoreboard file on a normal filesystem (which might have more
+ overhead than tmpfs). [Robert Thau]
+
+ *) Set HTTP_FOO variables for SSI <!--#exec cmd-->s, not just CGI scripts.
+ [Cliff Skolnick]
+
+ *) Read .htaccess files even in directory with <Directory> section.
+ (Former incompatibility noted on mailing list, now fixed). [Robert
+ Thau]
+
+ *) "HEAD /" gives the client a "Bad Request" error message, rather
+ than trying to send no body *and* no headers. [Cliff Skolnick].
+
+ *) Don't produce double error reports for some very obscure cases
+ mainly involving auth configuration (the "all modules decline to
+ handle" case which is a sure sign of a server bug in most cases,
+ but also happens when authentication is badly misconfigured).
+ [Robert Thau]
+
+ *) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
+ it's *for*, and this sort of thing really shouldn't be cluttering
+ up the Makefile). [Robert Thau]
+
+ *) Incidental code cleanups in http_main.c --- stop dragging
+ sa_client around; just declare it where used. [Robert Thau]
+
+ *) Another acc-related fix. (It doesn't like const char
+ in some places...). [Mark Cox]
+
+Changes with Shambhala 0.6.1 13 Jul 1995
+
+ *) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
+ Also, fixed auth typo in http_protocol.c unmasked by this fix.
+
+ *) Compiles clean with acc on SunOS [Paul Sutton]
+
+ *) Reordered modules in modules.c so that Redirect takes priority
+ over ScriptAlias, for NCSA bug-compatibility [Rob Hartill] ---
+ believe it or not, he has an actual site with a ScriptAlias and
+ a Redirect declared for the *exact same directory*. Even *my*
+ compatibility fetish wouldn't motivate me to fix this if the fix
+ required any effort, but it doesn't, so what the hey.
+
+ *) Fixed to properly default several server_rec fields for virtual
+ servers from the corresponding fields in the main server_rec.
+ [Cliff Skolnick --- 'port' was a particular irritant].
+
+ *) No longer kills off nph- child processes before they are
+ finished sending output. [Matthew Gray]
+
+Changes with Shambhala 0.6.0 10 Jul 1995
+
+ *) Two styles of timeout --- hard and soft. soft_timeout()s just put
+ the connection to the client in an "aborted" state, but otherwise
+ allow whatever handlers are running to clean up. hard_timeout()s
+ abort the request in progress completely; anything not tied to some
+ resource pool cleanup will leak. They're still around because I
+ haven't yet come up with a more elegant way of handling
+ timeouts when talking to something that isn't the client. The
+ default_handler and the dir_handler now use soft timeouts, largely
+ so I can test the feature. [Robert Thau]
+
+ *) TransferLog "| my_postprocessor ..." seems to be there. Note that
+ the case of log handlers dying prematurely is probably handled VERY
+ gracelessly at this point, and if the logger stops reading input,
+ the server will hang. (It is known to correctly restart the
+ logging process on server restart; this is (should be!) going through
+ the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
+ script). [Robert Thau]
+
+ *) asis files supported (new module). [Robert Thau]
+
+ *) IdentityCheck code is compiled in, but has not been tested. (I
+ don't know anyone who runs identd). [Robert Thau]
+
+ *) PATH_INFO and PATH_TRANSLATED are not set unless some real PATH_INFO
+ came in with the request, for NCSA bug-compatibility. [Robert Thau]
+
+ *) Don't leak the DIR * on HEAD request for a directory. [Robert Thau]
+
+ *) Deleted the block_alarms() stuff from dbm_auth; no longer necessary,
+ as timeouts are not in scope. [Robert Thau]
+
+ *) quoted-string args in config files now handled correctly (doesn't drop
+ the last character). [Robert Thau; reported by Randy Terbush]
+
+ *) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
+ How the hell did it ever work? [Robert Thau; reported by Rob Hartill]
+
+ *) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
+ default default type); the former default default behavior when all
+ type-checkers defaulted had been a core dump. [Paul Sutton]
+
+ *) Copy filenames out of the struct dirent when indexing
+ directories. (On Linux, readdir() returns a pointer to the same
+ memory area every time). Fix is in mod_dir.c. [Paul Sutton]
+
+Changes with Shambhala 0.5.3 [not released]
+
+ *) Default response handler notes "file not found" in the error log,
+ if the file was not found. [Cliff Skolnick].
+
+ *) Another Cliff bug --- "GET /~user" now properly redirects (the userdir
+ code no longer sets up bogus PATH_INFO which fakes out the directory
+ handler). [Cliff Skolnick]
+
+Changes with Shambhala 0.5.2 06 Jul 1995
+
+ *) Changes to http_main.c --- root server no longer plays silly
+ games with SIGCHLD, and so now detects and replaces dying
+ children. Child processes just die on SIGTERM, without taking
+ the whole process group with them. Potential problem --- if any
+ child process refuses to die, we hang in restart.
+ MaxRequestsPerChild may still not work, but it certainly works
+ better than it did before this! [Robert Thau]
+
+ *) mod_dir.c bug fixes: ReadmeName and HeaderName
+ work (or work better, at least); over-long description lines
+ properly terminated. [Mark Cox]
+
+ *) http_request.c now calls unescape_url() more places where it
+ should [Paul Sutton].
+
+ *) More directory handling bugs (reported by Cox)
+ Parent Directory link is now set correctly. [Robert Thau]
+
+Changes with Shambhala 0.5.1 04 Jul 1995
+
+ *) Generalized cleanup interface in alloc.c --- any function can be
+ registered with alloc.c as a cleanup for a resource pool;
+ tracking of files and file descriptors has been reimplemented in
+ terms of this interface, so I can give it some sort of a test.
+ [Robert Thau]
+
+ *) More changes in alloc.c --- new cleanup_for_exec() function,
+ which tracks down and closes all file descriptors which have been
+ registered with the alloc.c machinery before the server exec()s a
+ child process for CGI or <!--#exec-->. CGI children now get
+ started with exactly three file descriptors open. Hopefully,
+ this cures the problem Rob H. was having with overly persistent
+ CGI connections. [Robert Thau]
+
+ *) Mutual exclusion around the accept() in child_main() --- this is
+ required on at least SGI, Solaris and Linux, and is #ifdef'ed in
+ by default on those systems only (-DFCNTL_SERIALIZED_ACCEPT).
+ This uses fcntl(F_SETLK,...) on the error log descriptor because
+ flock() on that descriptor won't work on systems which have BSD
+ flock() semantics, including (I think) Linux 1.3 and Solaris.
+
+ This does work on SunOS (when the server is idle, only one
+ process in the pool is waiting on accept()); it *ought* to work
+ on the other systems. [Robert Thau]
+
+ *) FreeBSD and BSDI portability tweaks [Chuck Murcko]
+
+ *) sizeof(*sa_client) bugfix from [Rob Hartill]
+
+ *) pstrdup(..., NULL) returns NULL, [Randy Terbush]
+
+ *) block_alarms() to avoid leaking the DBM* in dbm auth (this should
+ be unnecessary if I go to the revised timeout-handling scheme).
+ [Robert Thau]
+
+ *) For NCSA bug-compatibility, set QUERY_STRING env var (to a null
+ string) even if none came in with the request. [Robert Thau]
+
+ *) CHANGES file added to distribution ;-).
+
+Changes with Shambhala 0.4.5
+
+ *) mod_dld --- early dynamic loading support [rst]
+ *) Add wildcard content handlers for XBITHACK; default_hander now
+ invoked with that mechanism (as a handler hanging off mod_core) [rst]
+ *) XBITHACK supported as a wildcard content-handler, and
+ configurable at run-time (not just at compile time, as in the
+ "patchy server" releases) [rst]
+
+Changes with Shambhala 0.4.4 30 Jun 1995
+
+ *) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
+ *) Handle Addtype x/y .z [rst, reported by Cox]
+
+Changes with Shambhala 0.4.3
+
+ *) Fixed very dumb bug in mod_alias; "Alias" and "Redirect" are not
+ synonymous [rst, terbush]
+
+Changes with Shambhala 0.4.1 28 Jun 1995
+
+ *) First-cut virtual host implementation; some refit in the config
+ reading code, and log management, was necessary to support this [rst]
+ *) Sub-pool machinery, originally added to avoid excessive storage
+ allocation on listings of large directories (which turned out to
+ be the problem that the 0.3 storage accounting was added to
+ find). Subrequests and mod_dir changed to use subpools. [rst]
+ *) More memory debugging --- free list consistency checks. [rst]
+ *) Added err_headers to request_rec, with support elsewhere [rst]
+ *) Other fixes to minor bugs in mod_dir and mod_includes [rst, terbush]
+
+Changes with Shambhala 0.3 19 Jun 1995
+
+ *) Switch ONE_PROCESS to a runtime command-line option (-X)
+ *) Don't compile in mod_ai_backcompat by default
+ *) Switch name of server from Apache to Shambhala in Makefile
+ *) Add some accounting routines to track memory usage in the pools,
+ for debugging
+
+Changes with Shambhala 0.2
+
+ *) Set DOCUMENT_ROOT CGI variable
+ *) Add single-process debugging, as a compile-time option (ONE_PROCESS)
+ *) Add critical section protection to handling of cleanup structures
+ in alloc.c [rst]
+ *) Significant code reorg within the server core to group related
+ functions together [rst]
+ *) Correctly handle clients that hang up before sending any request
+ [rst]
+ *) Replace dying child processes. [rst]
+
+Changes with Shambhala 0.1 12 Jun 1995
+
+ Major rewrite of the pre-existing "patchy server" codebase, by
+ Robert Thau (rst). Significant portions of the server code, such
+ as configuration-file handling and HTTP authentication support,
+ were ripped out and rewritten from scratch. Code that was not
+ completely rewritten was significantly altered.
+
+ Major changes with this release include:
+
+ *) Introduction of the module API; in request handling, the central
+ machinery just dispatches to various modules, which actually do
+ most of the work. Configuration handling is similar --- modules
+ declare their own commands, and the central machinery just
+ dispatches to them.
+
+ API features from shambhala/0.1 were substantially unchanged in
+ Apache 1.0 and 1.1. (1.0 API features not yet present in this
+ release, such as wildcard handlers and subpools, were added in
+ subsequent Shambhala releases, and were also generally rst's
+ work).
+
+ *) This release included the following modules:
+
+ mod_access (access control --- allow and deny directives),
+ mod_alias (Alias and Redirect commands),
+ mod_auth (straight HTTP authentication, based on flat-files)
+ mod_auth_dbm (same, with dbm files)
+ mod_cgi (CGI scripts and, in this release, ScriptAlias)
+ mod_common_log (CLF access logs; later renamed mod_log_common)
+ mod_dir (directory indexing)
+ mod_include (server-side includes)
+ mod_mime (AddType directives)
+ mod_negotiation (content negotiation)
+ mod_userdir (support for users' public_html directories)
+
+ It also included a mod_ai_backcompat, which was a private hack
+ for back-compatibility with rst's own AI-lab servers.
+
+ All of these modules were substantially complete, and functional
+ or nearly so (a few, which implemented features not in use at
+ Thau's site, required patches of a few lines).
+
+ *) sub-request machinery, to allow modules to determine how other
+ modules would assign MIME types to a given file, or optionally
+ serve its content (this is heavily used by mod_dir, mod_include
+ and mod_negotiation).
+
+ *) Resource pool system for keeping track of memory allocated and
+ files opened in service of a particular request. Much of the
+ code in the modules (when they weren't rewrites) was adjusted to
+ replace a pervasive convention of using fixed-size buffers on
+ the stack with an equally pervasive convention of using memory
+ allocated with palloc().
+
+ *) Reorganization of data structures associated with a given
+ request to eliminate use of global variables and the troublesome
+ unmunge_name function (used in NCSA and early Apache releases to
+ attempt to determine the URI which mapped to a given filename
+ --- a difficult proposition, given that it is easy to produce
+ setups in which multiple URIs map to the same file).
+
+ *) Source files renamed and rearranged
+
+ *) Very simple pre-forking behavior --- parent process forked off a
+ fixed number of children, and then just waited for SIGHUP.
+
+ *) Other more minor changes too numerous to list.
+
+ This release included modified versions of a lot of code from the
+ Apache 0.6.4 public release, plus an early pre-forking patch
+ codeveloped by Robert Thau and Rob Hartill.
+
+Changes with Apache 0.7.3 20 Jun 1995
+
+ *) There were a bunch of changes between Apache 0.6.4 and 0.7.3 that
+ were incorporated by Rob Hartill on the main branch while Robert Thau
+ worked on the Shambhala rewrite above. Most were merged into the
+ Shambala architecture after Apache 0.8.0.
+
+Changes with Apache 0.6.4 13 May 1995
+
+ *) Patches by Rob Hartill, Cliff Skolnick, Randy Terbush, Robert Thau,
+ and others.
+
+Changes with Apache 0.5.1 10 Apr 1995
+
+Changes with Apache 0.4 02 Apr 1995
+
+ *) Patches by Brian Behlendorf, Andrew Wilson, Robert Thau,
+ and Rob Hartill.
+
+Changes with Apache 0.3 24 Mar 1995
+
+ *) Patches by Robert Thau, David Robinson, Rob Hartill, and
+ Carlos Varela.
+
+Changes with Apache 0.2 18 Mar 1995
+
+ *) Based on NCSA httpd 1.3 by Rob McCool and patches by CERT,
+ Roy Fielding, Robert Thau, Nicolas Pioch, David Robinson,
+ Brian Behlendorf, Rob Hartill, and Cliff Skolnick.
projects / apache / commitdiff