You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2013/11/26 20:50:58 UTC
svn commit: r3695 - /release/httpd/CHANGES_2.4
Author: jim
Date: Tue Nov 26 19:50:55 2013
New Revision: 3695
Log:
2.4.7
Modified:
release/httpd/CHANGES_2.4
Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Tue Nov 26 19:50:55 2013
@@ -1,5 +1,191 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.7
+
+ *) APR 1.5.0 or later is now required for the event MPM.
+
+ *) slotmem_shm: Error detection. [Jim Jagielski]
+
+ *) event: Use skiplist data structure. [Jim Jagielski]
+
+ *) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
+ and align w/ trunk. [Jim Jagielski]
+
+ *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
+ directives. [Mike Rumph <mike.rumph oracle.com>]
+
+ *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
+ An individual envvar with an encoded length of more than 16K will be
+ omitted. [Jeff Trawick]
+
+ *) mod_proxy_fcgi: Handle reading protocol data that is split between
+ packets. [Jeff Trawick]
+
+ *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
+ allowing custom parameters to be configured via SSLCertificateFile,
+ and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
+ Unless custom parameters are configured, the standardized parameters
+ are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]
+
+ *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
+
+ *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
+ keys, and unconditionally disable aNULL, eNULL and EXP ciphers
+ (not overridable via SSLCipherSuite). [Kaspar Brand]
+
+ *) Add experimental cmake-based build system for Windows. [Jeff Trawick,
+ Tom Donovan]
+
+ *) event MPM: Fix possible crashes (third party modules accessing c->sbh)
+ or occasional missed mod_status updates for some keepalive requests
+ under load. [Eric Covener]
+
+ *) mod_authn_socache: Support optional initialization arguments for
+ socache providers. [Chris Darroch]
+
+ *) mod_session: Reset the max-age on session save. PR 47476. [Alexey
+ Varlamov <alexey.v.varlamov gmail com>]
+
+ *) mod_session: After parsing the value of the header specified by the
+ SessionHeader directive, remove the value from the response. PR 55279.
+ [Graham Leggett]
+
+ *) mod_headers: Allow for format specifiers in the substitution string
+ when using Header edit. [Daniel Ruggeri]
+
+ *) mod_dav: dav_resource->uri is treated as unencoded. This was an
+ unnecessary ABI changed introduced in 2.4.6. PR 55397.
+
+ *) mod_dav: Don't require lock tokens for COPY source. PR 55306.
+
+ *) core: Don't truncate output when sending is interrupted by a signal,
+ such as from an exiting CGI process. PR 55643. [Jeff Trawick]
+
+ *) WinNT MPM: Exit the child if the parent process crashes or is terminated.
+ [Oracle Corporation]
+
+ *) Windows: Correct failure to discard stderr in some error log
+ configurations. (Error message AH00093) [Jeff Trawick]
+
+ *) mod_session_crypto: Allow using exec: calls to obtain session
+ encryption key. [Daniel Ruggeri]
+
+ *) core: Add missing Reason-Phrase in HTTP response headers.
+ PR 54946. [Rainer Jung]
+
+ *) mod_rewrite: Make rewrite websocket-aware to allow proxying.
+ PR 55598. [Chris Harris <chris.harris kitware com>]
+
+ *) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
+ instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
+
+ *) ab: Add wait time, fix processing time, and output write errors only if
+ they occured. [Christophe Jaillet]
+
+ *) worker MPM: Don't forcibly kill worker threads if the child process is
+ exiting gracefully. [Oracle Corporation]
+
+ *) core: apachectl -S prints wildcard name-based virtual hosts twice.
+ PR54948 [Eric Covener]
+
+ *) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
+ allow migration of passwords from digest to basic authentication.
+ [Chris Darroch]
+
+ *) ab: Add a new -l parameter in order not to check the length of the responses.
+ This can be usefull with dynamic pages.
+ PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
+
+ *) Suppress formatting of startup messages written to the console when
+ ErrorLogFormat is used. [Jeff Trawick]
+
+ *) mod_auth_digest: Be more specific when the realm mismatches because the
+ realm has not been specified. [Graham Leggett]
+
+ *) mod_proxy: Add a note in the balancer manager stating whether changes
+ will or will not be persisted and whether settings are inherited.
+ [Daniel Ruggeri, Jim Jagielski]
+
+ *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
+ [Graham Leggett]
+
+ *) core: Add util_fcgi.h and associated definitions and support
+ routines for FastCGI, based largely on mod_proxy_fcgi.
+ [Jeff Trawick]
+
+ *) mod_headers: Add 'Header note header-name note-name' for copying a response
+ headers value into a note. [Eric Covener]
+
+ *) mod_headers: Add 'setifempty' command to Header and RequestHeader.
+ [Eric Covener]
+
+ *) mod_logio: new format-specifier %S (sum) which is the sum of received
+ and sent byte counts.
+ PR54015 [Christophe Jaillet]
+
+ *) mod_deflate: Improve error detection when decompressing request bodies
+ with trailing garbage: handle case where trailing bytes are in
+ the same bucket. [Rainer Jung]
+
+ *) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
+ from ERROR to DEBUG, since these modules do not know what mod_authz_core
+ is doing with their AUTHZ_DENIED return value. [Eric Covener]
+
+ *) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
+
+ *) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
+
+ *) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
+ SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
+ default, sans rebind authentication callback.
+ [Jan Kaluza <kaluze AT redhat.com>]
+
+ *) core: Log a message at TRACE1 when the client aborts a connection.
+ [Eric Covener]
+
+ *) WinNT MPM: Don't crash during child process initialization if the
+ Listen protocol is unrecognized. [Jeff Trawick]
+
+ *) modules: Fix some compiler warnings. [Guenter Knauf]
+
+ *) Sync 2.4 and trunk
+ - Avoid some memory allocation and work when TRACE1 is not activated
+ - fix typo in include guard
+ - indent
+ - No need to lower the string before removing the path, it is just a waste of time...
+ - Save a few cycles
+ [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
+
+ *) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
+ to remove a providers initial flags set at registration time.
+ [Eric Covener]
+
+ *) core, mod_ssl: Enable the ability for a module to reverse the sense of
+ a poll event from a read to a write or vice versa. This is a step on
+ the way to allow mod_ssl taking full advantage of the event MPM.
+ [Graham Leggett]
+
+ *) Makefile.win: Install proper pcre DLL file during debug build install.
+ PR 55235. [Ben Reser <ben reser org>]
+
+ *) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
+ [Zhenbo Xu <zhenbo1987 gmail com>]
+
+ *) ab: Fix potential buffer overflows when processing the T and X
+ command-line options. PR 55360.
+ [Mike Rumph <mike.rumph oracle.com>]
+
+ *) fcgistarter: Specify SO_REUSEADDR to allow starting a server
+ with old connections in TIME_WAIT. [Jeff Trawick]
+
+ *) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
+ and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
+ used without patches to httpd core. [Stefan Fritsch]
+
+ *) support/htdbm: fix processing of -t command line switch. Regression
+ introduced in 2.4.4
+ PR 55264 [Jo Rhett <jrhett netconsonance com>]
+
Changes with Apache 2.4.6
*) Revert a broken fix for PR54948 that was applied to 2.4.5 (which was
@@ -18,7 +204,7 @@
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
- [Takashi Sato <takashi tks.st>, Graham Leggett]
+ [Takashi Sato, Graham Leggett]
*) mod_auth_basic: Add a generic mechanism to fake basic authentication
using the ap_expr parser. AuthBasicFake allows the administrator to
@@ -53,7 +239,7 @@
*) mod_cache_socache: Make sure the CacheSocacheMaxSize directive is merged
correctly. [Jens Låås <jelaas gmail.com>]
- *) rotatelogs: add -n number-of-files option to roate through a number
+ *) rotatelogs: add -n number-of-files option to rotate through a number
of fixed-name logfiles. [Eric Covener]
*) mod_proxy: Support web-socket tunnels via mod_proxy_wstunnel.
@@ -147,6 +333,9 @@
*) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
+ *) mod_deflate: Remove assumptions as to when an EOS bucket might arrive.
+ Gracefully step aside if the body size is zero. [Graham Leggett]
+
*) 'AuthGroupFile' and 'AuthUserFile' do not accept anymore the optional
'standard' keyword . It was unused and not documented.
PR54463 [Tianyin Xu <tixu cs.ucsd.edu> and Christophe Jaillet]
@@ -2336,6 +2525,7 @@
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
*) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]