-*- coding: utf-8 -*-

Changes with Apache 2.2.19

*) Revert ABI breakage in 2.2.18 caused by the function signature change

of ap_unescape_url_keep2f(). This release restores the signature from

2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().

[Eric Covener]

Changes with Apache 2.2.18

*) Log an error for failures to read a chunk-size, and return 408 instead

413 when this is due to a read timeout. This change also fixes some cases

of two error documents being sent in the response for the same scenario.

[Eric Covener] PR49167

*) core: Only log a 408 if it is no keepalive timeout. PR 39785

[Ruediger Pluem, Mark Montague <markmont umich.edu>]

*) core: Treat timeout reading request as 408 error, not 400.

Log 408 errors in access log as was done in Apache 1.3.x.

PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,

Dan Poirier]

*) Core HTTP: disable keepalive when the Client has sent

Expect: 100-continue

but we respond directly with a non-100 response. Keepalive here led

to data from clients continuing being treated as a new request.

PR 47087. [Nick Kew]

*) htpasswd: Change the default algorithm for htpasswd to MD5 on all

platforms. Crypt with its 8 character limit is not useful anymore;

improve out of disk space handling (PR 30877); print a warning if

a password is truncated by crypt. [Stefan Fritsch]

*) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.

Win32's cscript interpreter can only use a single quote as comment char.

[Guenter Knauf]

*) configure: Fix htpasswd/htdbm libcrypt link errors with some newer

linkers. [Stefan Fritsch]

*) MinGW build improvements. PR 49535. [John Vandenberg

<jayvdb gmail.com>, Jeff Trawick]

*) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.

[Stefan Fritsch]

*) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes

in request URL path info but not decode them. PR 35256,

PR 46830. [Dan Poirier]

*) mod_rewrite: Allow to unset environment variables. PR 50746.

[Rainer Jung]

*) suEXEC: Add Suexec directive to disable suEXEC without renaming the

binary (Suexec Off), or force startup failure if suEXEC is required

but not supported (Suexec On). [Jeff Trawick]

*) mod_proxy: Put the worker in error state if the SSL handshake with the

backend fails. PR 50332.

[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]

*) prefork: Update MPM state in children during a graceful restart.

Allow the HTTP connection handling loop to terminate early

during a graceful restart. PR 41743.

[Andrew Punch <andrew.punch 247realmedia.com>]

*) mod_ssl: Correctly read full lines in input filter when the line is

incomplete during first read. PR 50481. [Ruediger Pluem]

*) mod_autoindex: Merge IndexOptions from server to directory context when

the directory has no mod_autoindex directives. PR 47766. [Eric Covener]

*) mod_cache: Make sure that we never allow a 304 Not Modified response

that we asked for to leak to the client should the 304 response be

uncacheable. PR45341 [Graham Leggett]

*) mod_dav: Send 400 error if malformed Content-Range header is received for

a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]

*) mod_userdir: Add merging of enable, disable, and filename arguments

to UserDir directive, leaving enable/disable of userlists unmerged.

PR 44076 [Eric Covener]

*) core: Honor 'AcceptPathInfo OFF' during internal redirects,

such as per-directory mod_rewrite substitutions. PR 50349.

[Eric Covener]

*) mod_cache: Check the request to determine whether we are allowed

to return cached content at all, and respect a "Cache-Control:

no-cache" header from a client. Previously, "no-cache" would

behave like "max-age=0". [Graham Leggett]

*) mod_mem_cache: Add a debug msg when a streaming response exceeds

MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary

'memory allocation failed' debug message. PR 49604. [Eric Covener]

*) proxy_connect: Don't give up in the middle of a CONNECT tunnel

when the child process is starting to exit. PR50220. [Eric Covener]

Changes with Apache 2.2.17

*) prefork MPM: Run cleanups for final request when process exits gracefully

to work around a flaw in apr-util. PR 43857. [Tom Donovan]

*) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend

connections and other protocol handlers (like mod_ftp). Enforce the

timeout for AP_MODE_GETLINE. If there is a timeout, shorten the lingering

close time from 30 to 2 seconds. [Stefan Fritsch]

*) Proxy balancer: support setting error status according to HTTP response

code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]

*) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the

password to UTF-8. PR 45318.

[Johannes Müller <joh_m gmx.de>, Stefan Fritsch]

*) core: check symlink ownership if both FollowSymlinks and

SymlinksIfOwnerMatch are set [Nick Kew]

*) core: fix origin checking in SymlinksIfOwnerMatch

PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]

*) mod_headers: Enable multi-match-and-replace edit option

PR 46594 [Nick Kew]

*) mod_log_config: Make ${cookie}C correctly match whole cookie names

instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,

Stefan Fritsch]

*) mod_dir, mod_negotiation: Pass the output filter information

to newly created sub requests; as these are later on used

as true requests with an internal redirect. This allows for

mod_cache et.al. to trap the results of the redirect.

PR 17629, 43939

[Dirk-Willem van Gulik, Jim Jagielski, Joe Orton, Ruediger Pluem]

*) rotatelogs: Fix possible buffer overflow if admin configures a

mongo log file path. [Jeff Trawick]

*) mod_ssl: Do not do overlapping memcpy. PR 45444 [Joe Orton]

*) vhost: A purely-numeric Host: header should not be treated as a port.

PR 44979 [Nick Kew]

*) core: (re)-introduce -T commandline option to suppress documentroot

check at startup.

PR 41887 [Jan van den Berg <janvdberg gmail.com>]

Changes with Apache 2.2.16

*) SECURITY: CVE-2010-1452 (cve.mitre.org)

mod_dav, mod_cache: Fix Handling of requests without a path segment.

PR: 49246 [Mark Drayton, Jeff Trawick]

*) SECURITY: CVE-2010-2068 (cve.mitre.org)

mod_proxy_ajp, mod_proxy_http, mod_reqtimeout: Fix timeout detection

for platforms Windows, Netware and OS2. PR: 49417. [Rainer Jung]

*) core: Filter init functions are now run strictly once per request

before handler invocation. The init functions are no longer run

for connection filters. PR 49328. [Joe Orton]

*) mod_filter: enable it to act on non-200 responses.

PR 48377 [Nick Kew]

*) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns

title page only) when any mod_ldap directives were used in VirtualHost

context. [Eric Covener]

*) mod_ssl: Fix segfault at startup if proxy client certs are shared

across multiple vhosts. PR 39915. [Joe Orton]

*) mod_proxy_http: Log the port of the remote server in various messages.

PR 48812. [Igor Galić <i galic brainsware org>]

*) apxs: Fix -A and -a options to ignore whitespace in httpd.conf

[Philip M. Gollucci]

*) mod_dir: add FallbackResource directive, to enable admin to specify

an action to happen when a URL maps to no file, without resorting

to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]

*) mod_rewrite: Allow to set environment variables without explicitly

giving a value. [Rainer Jung]

Changes with Apache 2.2.15

*) SECURITY: CVE-2009-3555 (cve.mitre.org)

mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection

attack when compiled against OpenSSL version 0.9.8m or later. Introduces

the 'SSLInsecureRenegotiation' directive to reopen this vulnerability

and offer unsafe legacy renegotiation with clients which do not yet

support the new secure renegotiation protocol, RFC 5746.

[Joe Orton, and with thanks to the OpenSSL Team]

*) SECURITY: CVE-2009-3555 (cve.mitre.org)

mod_ssl: A partial fix for the TLS renegotiation prefix injection attack

for OpenSSL versions prior to 0.9.8l; reject any client-initiated

renegotiations. Forcibly disable keepalive for the connection if there

is any buffered data readable. Any configuration which requires

renegotiation for per-directory/location access control is still

vulnerable, unless using openssl 0.9.8l or later.

[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

*) SECURITY: CVE-2010-0408 (cve.mitre.org)

mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent

when request headers indicate a request body is incoming; not a case of

HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]

*) SECURITY: CVE-2010-0425 (cve.mitre.org)

mod_isapi: Do not unload an isapi .dll module until the request

processing is completed, avoiding orphaned callback pointers.

[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

*) SECURITY: CVE-2010-0434 (cve.mitre.org)

Ensure each subrequest has a shallow copy of headers_in so that the

parent request headers are not corrupted. Eliminates a problematic

optimization in the case of no request body. PR 48359.

[Jake Scott, William Rowe, Ruediger Pluem]

*) mod_reqtimeout: New module to set timeouts and minimum data rates for

receiving requests from the client. [Stefan Fritsch]

*) mod_proxy_ajp: Really regard the operation a success, when the client

aborted the connection. In addition adjust the log message if the client

aborted the connection. [Ruediger Pluem]

*) mod_negotiation: Preserve query string over multiviews negotiation.

This buglet was fixed for type maps in 2.2.6, but the same issue

affected multiviews and was overlooked.

PR 33112. [Joergen Thomsen <apache jth.net>]

*) mod_cache: Introduce the thundering herd lock, a mechanism to keep

the flood of requests at bay that strike a backend webserver as

a cached entity goes stale. [Graham Leggett]

*) mod_proxy_http: Make sure that when an ErrorDocument is served

from a reverse proxied URL, that the subrequest respects the status

of the original request. This brings the behaviour of proxy_handler

in line with default_handler. PR 47106. [Graham Leggett]

*) mod_log_config: Add the R option to log the handler used within the

request. [Christian Folini <christian.folini netnea com>]

*) mod_include: Allow fine control over the removal of Last-Modified and

ETag headers within the INCLUDES filter, making it possible to cache

responses if desired. Fix the default value of the SSIAccessEnable

directive. [Graham Leggett]

*) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs

is configured for client cert auth. PR 46952. [Joe Orton]

*) core: Fix potential memory leaks by making sure to not destroy

bucket brigades that have been created by earlier filters.

[Stefan Fritsch]

*) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to

try other providers in the case of an LDAP bind failure.

PR 46608. [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]

*) mod_proxy, mod_proxy_http: Support remote https proxies

by using HTTP CONNECT.

PR 19188. [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]

*) worker: Don't report server has reached MaxClients until it has.

Add message when server gets within MinSpareThreads of MaxClients.

PR 46996. [Dan Poirier]

*) mod_ssl: When extracting certificate subject/issuer names to the

SSL_*_DN_* variables, handle RDNs with duplicate tags by

exporting multiple varialables with an "_n" integer suffix.

PR 45875. [Joe Orton, Peter Sylvester <peter.sylvester edelweb.fr>]

*) mod_authnz_ldap: Failures to map a username to a DN, or to check a user

password now result in an informational level log entry instead of

warning level. [Eric Covener]

*) core: Preserve Port information over internal redirects

PR 35999. [Jonas Ringh <jonas.ringh cixit.se>]

*) mod_filter: fix FilterProvider matching where "dispatch" string

doesn't exist.

PR 48054. [<tietew gmail.com>]

*) Build: fix --with-module to work as documented

PR 43881. [Gez Saunders <gez.saunders virgin.net>]

*) mod_mime: Make RemoveType override the info from TypesConfig.

PR 38330. [Stefan Fritsch]

*) mod_proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,

rather than BAD_GATEWAY or (especially) NOT_FOUND.

PR 46971. [Evan Champion <evanc nortel.com>]

*) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.

[Eric Covener]

*) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge

some cache entries and log a warning. Also increase the default

LDAPSharedCacheSize to 500000. This is a more realistic size suitable

for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.

PR 46749. [Stefan Fritsch]

*) mod_disk_cache, mod_mem_cache: don't cache incomplete responses,

per RFC 2616, 13.8. PR15866. [Dan Poirier]

*) mod_rewrite: Make sure that a hostname:port isn't fully qualified if

the request is a CONNECT request. PR 47928.

[Bill Zajac <billz consultla.com>]

*) mod_cache: correctly consider s-maxage in cacheability

decisions. [Dan Poirier]

*) core: Return APR_EOF if request body is shorter than the length announced

by the client. PR 33098. [Stefan Fritsch]

*) mod_rewrite: Add scgi scheme detection. [André Malo]

*) mod_mime: Detect invalid use of MultiviewsMatch inside Location and

LocationMatch sections. PR 47754. [Dan Poirier]

*) ab, mod_ssl: Restore compatibility with OpenSSL < 0.9.7g.

[Guenter Knauf]

Changes with Apache 2.2.14

*) SECURITY: CVE-2009-2699 (cve.mitre.org)

Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support

(Event Port backend) which could trigger hangs in the prefork and event

MPMs on that platform. PR 47645. [Jeff Trawick]

*) SECURITY: CVE-2009-3095 (cve.mitre.org)

mod_proxy_ftp: sanity check authn credentials.

[Stefan Fritsch <sf fritsch.de>, Joe Orton]

*) SECURITY: CVE-2009-3094 (cve.mitre.org)

mod_proxy_ftp: NULL pointer dereference on error paths.

[Stefan Fritsch <sf fritsch.de>, Joe Orton]

*) mod_proxy_scgi: Backport from trunk. [André Malo]

*) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL

has been defined at a very high level. PR 45946. [Eric Covener]

*) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]

*) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries

usage() in synch with the manual and the implementation (0 and -1

both disable the cache). [Eric Covener]

*) mod_ssl: The error message when SSLCertificateFile is missing should

at least give the name or position of the problematic virtual host

definition. [Stefan Fritsch sf sfritsch.de]

*) htdbm: Fix possible buffer overflow if dbm database has very

long values. PR 30586 [Dan Poirier]

*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]

*) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute

type. PR 45107. [Michael Ströder <michael stroeder.com>,

Peter Sylvester <peter.sylvester edelweb.fr>]

*) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore

defined session identifiers encoded in the URL when caching.

[Ruediger Pluem]

*) mod_mem_cache: fix seg fault under load due to pool concurrency problem

PR: 47672 [Dan Poirier <poirier pobox.com>]

*) mod_autoindex: Correctly create an empty cell if the description

for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]

Changes with Apache 2.2.13

*) SECURITY: CVE-2009-2412 (cve.mitre.org)

Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow

in pools and rmm, where size alignment was taking place.

[Matt Lewis <[email protected]>, Sander Striker]

*) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report

warnings compiling mod_ssl against OpenSSL to the httpd developers.

[Guenter Knauf]

*) mod_cgid: Do not add an empty argument when calling the CGI script.

PR 46380 [Ruediger Pluem]

*) Fix potential segfaults with use of the legacy ap_rputs() etc

interfaces, in cases where an output filter fails. PR 36780.

[Joe Orton]

Changes with Apache 2.2.12

*) SECURITY: CVE-2009-1891 (cve.mitre.org)

Fix a potential Denial-of-Service attack against mod_deflate or other

modules, by forcing the server to consume CPU time in compressing a

large file after a client disconnects. PR 39605.

[Joe Orton, Ruediger Pluem]

*) SECURITY: CVE-2009-1195 (cve.mitre.org)

Prevent the "Includes" Option from being enabled in an .htaccess

file if the AllowOverride restrictions do not permit it.

[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,

Ruediger Pluem, Jeff Trawick]

*) SECURITY: CVE-2009-1890 (cve.mitre.org)

Fix a potential Denial-of-Service attack against mod_proxy in a

reverse proxy configuration, where a remote attacker can force a

proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]

*) SECURITY: CVE-2009-1191 (cve.mitre.org)

mod_proxy_ajp: Avoid delivering content from a previous request which

failed to send a request body. PR 46949 [Ruediger Pluem]

*) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)

The bundled copy of the APR-util library has been updated, fixing three

different security issues which may affect particular configurations

and third-party modules.

*) mod_include: fix potential segfault when handling back references

on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]

*) mod_alias: check sanity in Redirect arguments.

PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]

*) mod_proxy_http: fix Host: header for literal IPv6 addresses.

PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]

*) mod_rewrite: Remove locking for writing to the rewritelog.

PR 46942

*) mod_alias: Ensure Redirect emits HTTP-compliant URLs.

PR 44020

*) mod_proxy_http: fix case sensitivity checking transfer encoding

PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]

*) mod_rewrite: Fix the error string returned by RewriteRule.

RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd

argument of RewriteRule was not started with "[" or not ended with "]".

PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]

*) mod_proxy: Complete ProxyPassReverse to handle balancer URL's. Given;

BalancerMember balancer://alias http://example.com/foo

ProxyPassReverse /bash balancer://alias/bar

backend url http://example.com/foo/bar/that is now translated /bash/that

[William Rowe]

*) New piped log syntax: Use "||process args" to launch the given process

without invoking the shell/command interpreter. Use "|$command line"

(the default behavior of "|command line" in 2.2) to invoke using shell,

consuming an additional shell process for the lifetime of the logging

pipe program but granting additional process invocation flexibility.

[William Rowe]

*) mod_ssl: Add server name indication support (RFC 4366) and better

support for name based virtual hosts with SSL. PR 34607

[Peter Sylvester <peter.sylvester edelweb.fr>,

Kaspar Brand <asfbugz velox.ch>, Guenter Knauf, Joe Orton,

Ruediger Pluem]

*) mod_negotiation: Escape pathes of filenames in 406 responses to avoid

HTML injections and HTTP response splitting. PR 46837.

[Geoff Keating <geoffk apple.com>]

*) mod_include: Prevent a case of SSI timefmt-smashing with filter chains

including multiple INCLUDES filters. PR 39369 [Joe Orton]

*) mod_rewrite: When evaluating a proxy rule in directory context, do

escape the filename by default. PR 46428 [Joe Orton]

*) mod_proxy_ajp: Check more strictly that the backend follows the AJP

protocol. [Mladen Turk]

*) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives

to enable stricter checking of remote server certificates.

[Ruediger Pluem]

*) mod_substitute: Fix a memory leak. PR 44948

[Dan Poirier <poirier pobox.com>]

*) mod_proxy_ajp: Forward remote port information by default.

[Rainer Jung]

*) mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders

directive to correctly remove headers before storing them.

[Lars Eilebrecht]

*) mod_deflate: revert changes in 2.2.8 that caused an invalid

etag to be emitted for on-the-fly gzip content-encoding.

PR 39727 will require larger fixes and this fix was far more

harmful than the original code. PR 45023. [Roy T. Fielding]

*) mod_disk_cache: The module now turns off sendfile support if

'EnableSendfile off' is defined globally. PR 41218.

[Lars Eilebrecht, Issac Goldstand]

*) prefork: Fix child process hang during graceful restart/stop in

configurations with multiple listening sockets. PR 42829. [Joe Orton,

Jeff Trawick]

*) mod_ssl: Add SSLRenegBufferSize directive to allow changing the

size of the buffer used for the request-body where necessary

during a per-dir renegotiation. PR 39243. [Joe Orton]

*) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome

way that per-directory rewrites append the previous notion of PATH_INFO

to each substitution before evaluating subsequent rules.

PR38642 [Eric Covener]

*) mod_authnz_ldap: Reduce number of initialization debug messages and make

information more clear. PR 46342 [Dan Poirier]

*) mod_cache: Introduce 'no-cache' per-request environment variable

to prevent the saving of an otherwise cacheable response.

[Eric Covener]

*) core: Translate the status line to ASCII on EBCDIC platforms in

ap_send_interim_response() and for locally generated "100 Continue"

responses. [Eric Covener]

*) CGI: return 504 (Gateway timeout) rather than 500 when a script

times out before returning status line/headers.

PR 42190 [Nick Kew]

*) prefork: Log an error instead of segfaulting when child startup fails

due to pollset creation failures. PR 46467. [Jeff Trawick]

*) mod_ext_filter: fix error handling when the filter prog fails to start,

and introduce an onfail configuration option to abort the request

or to remove the broken filter and continue.

PR 41120 [Nick Kew]

*) mod_include: support generating non-ASCII characters as entities in SSI

PR 25202 [Nick Kew]

*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII

chars [Nick Kew]

*) mod_rewrite: fix "B" flag breakage by reverting r589343

PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]

*) mod_cgid: fix segfault problem on solaris.

PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>, Jeff Trawick]

*) mod_ldap: Avoid a segfault when result->rc is checked in

uldap_connection_init when result is NULL. This could happen if LDAP

initialization failed. PR 45994. [Dan Poirier <poirier pobox.com>]

*) Set Listen protocol to "https" if port is set to 443 and no proto is

specified (as documented but not implemented). PR 46066

[Dan Poirier <poirier pobox.com>]

*) mod_cache: Correctly save Content-Encoding of cachable entity. PR 46401

[Dan Poirier <poirier pobox.com>]

*) Output -M and -S dumps (modules and vhosts) to stdout instead of stderr.

PR 42571 and PR 44266 (dup). [Dan Poirier <poirier pobox.com>]

*) mod_cache: When an explicit Expires or Cache-Control header is set, cache

normally non-cacheable response statuses. PR 46346.

[Alex Polvi <alex polvi.net>]

Changes with Apache 2.2.11

*) core: When the ap_http_header_filter processes an error bucket, cleanup

the passed brigade before returning AP_FILTER_ERROR down the filter

chain. This unambiguously ensures the same error bucket isn't revisited

[Ruediger Pluem]

*) core: Error responses set by filters were being coerced into 500 errors,

sometimes appended to the original error response. Log entry of:

'Handler for (null) returned invalid result code -3'

[Eric Covener]

*) configure: Don't reject libtool 2.x

PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]

*) mod_autoindex: add configuration option to insert string

in HTML HEAD (IndexHeadInsert). [Nick Kew]

*) Add new LogFormat parameter, %k, which logs the number of

keepalive requests on this connection for this request.

PR 45762 [Dan Poirier <poirier pobox.com>, Jim Jagielski]

*) Export and install the mod_rewrite.h header to ensure the optional

rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are

available to third party modules. [Graham Leggett]

*) mod_cache: Convert age of cached object to seconds before comparing it to

age supplied by the request when checking whether to send a Warning

header for a stale response. PR 39713. [Owen Taylor <otaylor redhat.com>]

*) Build: Correctly set SSL_LIBS during openssl detection if pkgconfig is

not available. PR 46018 [Ruediger Pluem]

*) mod_proxy_ajp: Do not fail if response data is sent before all request

data is read. PR 45911 [Ruediger Pluem]

*) mod_proxy_balancer: Add in forced recovery for balancer members if

all are in error state. [Mladen Turk]

*) mod_proxy: Prevent segmentation faults by correctly adjusting the

lifetime of the buckets read from the proxy backend. PR 45792

[Ruediger Pluem]

*) mod_expires: Do not sets negative max-age / Expires header in the past.

PR 39774 [Jim Jagielski]

*) mod_info: Was displaying the wrong value for the KeepAliveTimeout

value. [Jim Jagielski]

*) mod_proxy_ajp: Fix wrongly formatted requests where client

sets Content-Length header, but doesn't provide a body.

Servlet container always expects that next packet is

body whenever C-L is present in the headers. This can lead

to wrong interpretation of the packets. In this case

send the empty body packet, so container can deal with

that. [Mladen Turk]

*) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]

*) mod_proxy: Add the possibility to set the worker parameters

connectiontimeout and ping in milliseconds. [Ruediger Pluem]

*) Worker MPM: Crosscheck that idle workers are still available before using

them and thus preventing an overflow of the worker queue which causes

a SegFault. PR 45605 [Denis Ustimenko <denusk gmail.com>]

*) Windows: Always build the odbc dbd driver on windows, to be consistent

with the apr-util default. [Tom Donovan]

Changes with Apache 2.2.10

*) SECURITY: CVE-2008-2939 (cve.mitre.org)

mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of

the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]

*) Allow for smax to be 0 for balancer members so that all idle

connections are able to be dropped should they exceed ttl.

PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,

Jim Jagielski]

*) mod_proxy_http: Don't trigger a retry by the client if a failure to

read the response line was the result of a timeout.

[Adam Woodworth <mirkperl gmail.com>]

*) Support chroot on Unix-family platforms

PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]

*) mod_ssl: implement dynamic mutex callbacks for the benefit of

OpenSSL. [Sander Temme]

*) mod_proxy_balancer: Add 'bybusyness' load balance method.

[Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski]

*) mod_authn_alias: Detect during startup when AuthDigestProvider

is configured to use an incompatible provider via AuthnProviderAlias.

PR 45196 [Eric Covener]

*) mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be

used as a session path separator/delim PR 45158. [Jim Jagielski]

*) mod_charset_lite: Avoid dropping error responses by handling meta buckets

correctly. PR 45687 [Dan Poirier <poirier pobox.com>]

*) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled

to avoid reusing pooled connections if the client connection is an

initial connection. PR 37770. [Ruediger Pluem]

*) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.

PR 44799 [Christian Wenz <christian wenz.org>]

*) mod_ssl: Rewrite shmcb to avoid memory alignment issues. PR 42101.

[Geoff Thorpe]

*) mod_proxy: Add connectiontimeout parameter for proxy workers in order to

be able to set the timeout for connecting to the backend separately.

PR 45445. [Ruediger Pluem, rahul <rahul sun.com>]

*) mod_dav_fs: Retrieve minimal system information about directory

entries when walking a DAV fs, resolving a performance degradation on

Windows. PR 45464. [Joe Orton, Jeff Trawick]

*) mod_cgid: Pass along empty command line arguments from an ISINDEX

query that has consecutive '+' characters in the QUERY_STRING,

matching the behavior of mod_cgi.

[Eric Covener]

*) mod_headers: Prevent Header edit from processing only the first header

of possibly multiple headers with the same name and deleting the

remaining ones. PR 45333. [Ruediger Pluem]

*) mod_proxy_balancer: Move nonce field in the balancer manager page inside

the html form where it belongs. PR 45578. [Ruediger Pluem]

*) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to

known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.

[Ruediger Pluem]

*) mod_rewrite: Preserve the query string when [proxy,noescape]. PR 45247.

[Tom Donovan]

Changes with Apache 2.2.9

*) SECURITY: CVE-2008-2364 (cve.mitre.org)

mod_proxy_http: Better handling of excessive interim responses

from origin server to prevent potential denial of service and high

memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,

Joe Orton, Jim Jagielski]

*) SECURITY: CVE-2007-6420 (cve.mitre.org)

mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager

interface. [Joe Orton]

*) core: Fix address-in-use startup failure on some platforms caused

by creating an IPv4 listener which overlaps with an existing IPv6

listener. [Jeff Trawick]

*) mod_proxy: Make all proxy modules nocanon aware and do not add the

query string again in this case. PR 44803.

[Jim Jagielski, Ruediger Pluem]

*) mod_unique_id: Fix timestamp value in UNIQUE_ID.

PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]

*) htpasswd: Fix salt generation weakness. PR 31440

[Andreas Krennmair <ak synflood.at>, Peter Watkins <peterw tux.org>,

Paul Querna]

*) core: Add the filename of the configuration file to the warning message

about the useless use of AllowOverride. PR 39992.

[Darryl Miles <darryl darrylmiles.org>]

*) scoreboard: Remove unused proxy load balancer elements from scoreboard

image (not scoreboard memory itself). [Chris Darroch]

*) mod_proxy: Support environment variable interpolation in reverse

proxying directives. [Nick Kew]

*) suexec: When group is given as a numeric gid, validate it by looking up

the actual group name such that the name can be used in log entries.

PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]

*) Fix garbled TRACE response on EBCDIC platforms.

[David Jones <oscaremma gmail.com>]

*) ab: Include <limits.h> earlier if available since we may need

INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.

PR 45024 [Ruediger Pluem]

*) ab: Improve client performance by clearing connection pool instead

of destroying it. PR 40054 [Brad Roberts <braddr puremagic.com>]

*) ab: Don't stop sending a request if EAGAIN is returned, which

will only happen if both the write and subsequent wait are

returning EAGAIN, and count posted bytes correctly when the initial

write of a request is not complete. PR 10038, 38861, 39679

[Patrick McManus <mcmanus datapower.com>,

Stefan Fleiter <stefan.fleiter web.de>,

Davanum Srinivas, Roy T. Fielding]

*) ab: Overhaul stats collection and reporting to avoid integer

truncation and time divisions within the test loop, retain

native time resolution until output, remove unused data,

consistently round milliseconds, and generally avoid losing

accuracy of calculation due to type casts. PR 44878, 44931.

[Roy T. Fielding]

*) ab: Add -r option to continue after socket receive errors.

[Filip Hanik <devlist hanik.com>]

*) core: Do not allow Options ALL if not all options are allowed to be

overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]

*) mod_cache: Handle If-Range correctly if the cached resource was stale.

PR 44579 [Ruediger Pluem]

*) mod_proxy: Do not try a direct connection if the connection via a

remote proxy failed before and the request has a request body.

[Ruediger Pluem]

*) mod_proxy_ajp: Do not retry request in the case that we either failed to

sent a part of the request body or if the request is not idempotent.

PR 44334 [Ruediger Pluem]

*) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early

enough. PR 44641 [Daniel Lescohier <daniel.lescohier cnet.com>]

*) mod_dav: Return "method not allowed" if the destination URI of a WebDAV

copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]

*) http_filters: Don't return 100-continue on redirects. PR 43711

[Ruediger Pluem]

*) mod_ssl: Fix a memory leak with connections that have zlib compression

turned on. PR 44975 [Joe Orton, Amund Elstad <Amund.Elstad ist.com>,

Dr Stephen Henson <steve openssl.org>]

*) mod_proxy: Trigger a retry by the client in the case we fail to read the

response line from the backend by closing the connection to the client.

PR 37770 [Ruediger Pluem]

*) gen_test_char: add double-quote to the list of T_HTTP_TOKEN_STOP.

PR 9727 [Ville Skytt <ville.skytta iki.fi>]

*) core: reinstate location walk to fix config for subrequests

PR 41960 [Jose Kahan <jose w3.org>]

*) rotatelogs: Log the current file size and error code/description

when failing to write to the log file. [Jeff Trawick]

*) rotatelogs: Added '-f' option to force rotatelogs to create the

logfile as soon as started, and not wait until it reads the

first entry. [Jim Jagielski]

*) rotatelogs: Don't leak memory when reopening the logfile.

PR 40183 [Ruediger Pluem, Takashi Sato <serai lans-tv.com>]

*) rotatelogs: Improve atomicity when using -l and cleaup code.

PR 44004 [Rainer Jung]

*) mod_authn_dbd: Disambiguate and tidy database authentication

error messages. PR 43210. [Chris Darroch, Phil Endecott

<spam_from_apache_bugzilla chezphil.org>]

*) mod_headers: Add 'merge' option to avoid duplicate values within

the same header. [Chris Darroch]

*) mod_cgid: Explicitly set permissions of the socket (ScriptSock) shared by

mod_cgid and request processing threads, for OS'es such as HPUX and AIX

that do not use umask for AF_UNIX socket permissions.

[Eric Covener, Jeff Trawick]

*) mod_cgid: Don't try to restart the daemon if it fails to initialize

the socket. [Jeff Trawick]

*) mod_log_config: Add format options for %p so that the actual local

or remote port can be logged. PR 43415. [Adam Hasselbalch Hansen

<[email protected]>, Ruediger Pluem, Jeff Trawick]

*) Added 'disablereuse' option for ProxyPass which, essentially,

disables connection pooling for the backend servers.

[Jim Jagielski]

*) mod_speling: remove regression from 1.3/2.0 behavior and

drop dependency between mod_speling and AcceptPathInfo.

PR 43562 [Jose Kahan <jose w3.org>]

*) mod_substitute: The default is now flattening the buckets after

each substitution. The newly added 'q' flag allows for the

quicker, more efficient bucket-splitting if the user so

desires. [Jim Jagielski]

*) http_filters: Don't spin if get an error when reading the

next chunk. PR 44381 [Ruediger Pluem]

*) ab: Do not try to read non existing response bodies of HEAD requests.

PR 34275 [Takashi Sato <serai lans-tv.com>]

*) ab: Use a 64 bit unsigned int instead of a signed long to count the

bytes transferred to avoid integer overflows. PR 44346 [Ruediger Pluem]

*) ProxyPassReverse is now balancer aware. [Jim Jagielski]

*) mod_include: Correctly handle SSI directives split over multiple filter

passes. PR 44447 [Harald Niesche <harald brokenerror.de>]

*) mod_cache: Revalidate cache entities which have Cache-Control: no-cache

set in their response headers. PR 44511 [Ruediger Pluem]

*) mod_rewrite: Check all files used by DBM maps for freshness, mod_rewrite

didn't pick up on updated sdbm maps due to this.

PR41190 [Niklas Edmundsson]

*) mod_proxy: Lower memory consumption for short lived connections.

PR 44026. [Ruediger Pluem]

*) mod_proxy: Keep connections to the backend persistent in the HTTPS case.

[Ruediger Pluem]

*) Don't add bogus duplicate Content-Language entries

PR 11035 [Davi Arnaut]

*) Worker / Event MPM: Fix race condition in pool recycling that leads to

segmentation faults under load. PR 44402

[Basant Kumar Kukreja <basant.kukreja sun.com>]

*) mod_proxy_ftp: Fix base for directory listings.

PR 27834 [Nick Kew]

*) mod_logio: Provide optional function to allow modules to adjust the

bytes_in count [Eric Covener]

*) http_filters: Don't return 100-continue on client error

PR 43711 [Chetan Reddy <chetanreddy gmail.com>]

*) mod_charset_lite: Add TranslateAllMimeTypes sub-option to

CharsetOptions, allowing the administrator to skip the

mimetype checking that precedes translation.

PR 44458 [Eric Covener]

*) mod_proxy_http: Fix processing of chunked responses if

Connection: Transfer-Encoding is set in the response of the proxied

system. PR 44311 [Ruediger Pluem]

*) mod_proxy_http: Return HTTP status codes instead of apr_status_t

values for errors encountered while forwarding the request body

PR 44165 [Eric Covener]

*) mod_rewrite: Don't canonicalise URLs with [P,NE]

PR 43319 [<rahul sun.com>]

Changes with Apache 2.2.8

*) core: Fix regression in 2.2.7 in chunk filtering with massively

chunked requests. [Ruediger Pluem, Nick Kew]

*) winnt_mpm: Resolve modperl issues by redirecting console mode stdout

to /Device/Nul as the server is starting up, mirroring unix MPM's.

PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe]

*) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform

by recreating the bucket allocator each time the trans pool is cleared.

PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>]

*) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals.

PR 38034 [Paritosh Shah <shah.paritosh gmail.com>]

Changes with Apache 2.2.7 (not released)

*) SECURITY: CVE-2007-6421 (cve.mitre.org)

mod_proxy_balancer: Correctly escape the worker route and the worker

redirect string in the HTML output of the balancer manager.

Reported by SecurityReason. [Ruediger Pluem]

*) SECURITY: CVE-2007-6422 (cve.mitre.org)

Prevent crash in balancer manager if invalid balancer name is passed

as parameter. Reported by SecurityReason. [Ruediger Pluem]

*) SECURITY: CVE-2007-6388 (cve.mitre.org)

mod_status: Ensure refresh parameter is numeric to prevent

a possible XSS attack caused by redirecting to other URLs.

Reported by SecurityReason. [Mark Cox, Joe Orton]

*) SECURITY: CVE-2007-5000 (cve.mitre.org)

mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.

[Joe Orton]

*) SECURITY: CVE-2008-0005 (cve.mitre.org)

Introduce the ProxyFtpDirCharset directive, allowing the administrator

to identify a default, or specific servers or paths which list their

contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

*) mod_dav: Adjust etag generation to produce identical results on 32-bit

and 64-bit platforms and avoid a regression with conditional PUT's on

lock and etag. PR 44152.

[Michael Clark <michael metaparadigm.com>, Ruediger Pluem]

*) mod_ssl: Fix handling of the buffered request body during a per-location

renegotiation, when an internal redirect occurs. PR 43738.

[Joe Orton]

*) mod_ldap: Try to establish a new backend LDAP connection when the

Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g. after the

LDAP server has closed the connection due to a timeout.

PR 39095 [Eric Covener]

*) log.c: Ensure Win32 resurrects its lost robust logger processes.

[William Rowe]

*) mod_disk_cache: Delete temporary files if they cannot be renamed to their

final name. [Davi Arnaut <davi haxent.com.br>]

*) Add explicit charset to the output of various modules to work around

possible cross-site scripting flaws affecting web browsers that do not

derive the response character set as required by RFC2616. One of these

reported by SecurityReason [Joe Orton]

*) http_protocol: Escape request method in 405 error reporting.

This has no security impact since the browser cannot be tricked

into sending arbitrary method strings. [Jeff Trawick]

*) mod_ssl: Fix SSL client certificate extensions parsing bug. PR 44073.

[yl <yl bee-ware.net>]

*) mod_proxy_ajp: Use 64K as maximum AJP packet size. This is the maximum

length we can squeeze inside the AJP message packet.

[Mladen Turk]

*) core: Lower memory consumption of ap_r* functions by reusing the brigade

instead of recreating it during each filter pass.

[Stefan Fritsch <sf sfritsch.de>]

*) core: Lower memory consumption in case that flush buckets are passed thru

the chunk filter as last bucket of a brigade. PR 23567.

[Stefan Fritsch <sf sfritsch.de>]