You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2010/06/17 14:22:50 UTC
svn commit: r140 - /release/httpd/
Author: jim
Date: Thu Jun 17 12:22:46 2010
New Revision: 140
Log:
Fold in alpha 2.3.6 of httpd
Added:
release/httpd/CHANGES_2.3.6
release/httpd/httpd-2.3.6-deps.tar.bz2 (with props)
release/httpd/httpd-2.3.6-deps.tar.bz2.asc
release/httpd/httpd-2.3.6-deps.tar.bz2.md5
release/httpd/httpd-2.3.6-deps.tar.bz2.sha1
release/httpd/httpd-2.3.6-deps.tar.gz (with props)
release/httpd/httpd-2.3.6-deps.tar.gz.asc
release/httpd/httpd-2.3.6-deps.tar.gz.md5
release/httpd/httpd-2.3.6-deps.tar.gz.sha1
release/httpd/httpd-2.3.6.tar.bz2 (with props)
release/httpd/httpd-2.3.6.tar.bz2.asc
release/httpd/httpd-2.3.6.tar.bz2.md5
release/httpd/httpd-2.3.6.tar.bz2.sha1
release/httpd/httpd-2.3.6.tar.gz (with props)
release/httpd/httpd-2.3.6.tar.gz.asc
release/httpd/httpd-2.3.6.tar.gz.md5
release/httpd/httpd-2.3.6.tar.gz.sha1
Modified:
release/httpd/Announcement2.3.txt
release/httpd/CHANGES_2.3
Modified: release/httpd/Announcement2.3.txt
==============================================================================
--- release/httpd/Announcement2.3.txt (original)
+++ release/httpd/Announcement2.3.txt Thu Jun 17 12:22:46 2010
@@ -1,14 +1,14 @@
- Apache HTTP Server 2.3.5-alpha Released
+ Apache HTTP Server 2.3.6-alpha Released
The Apache Software Foundation and the Apache HTTP Server Project are
- pleased to announce the release of version 2.3.5-alpha of the Apache HTTP
+ pleased to announce the release of version 2.3.6-alpha of the Apache HTTP
Server ("Apache"). This version of Apache is principally an alpha release
to test new technology and features that are incompatible or too large for
the stable 2.2.x branch. This alpha release should not be presumed to
be compatible with binaries built against any prior or future version.
- Apache HTTP Server 2.3.5-alpha is available for download from:
+ Apache HTTP Server 2.3.6-alpha is available for download from:
http://httpd.apache.org/download.cgi
Modified: release/httpd/CHANGES_2.3
==============================================================================
--- release/httpd/CHANGES_2.3 (original)
+++ release/httpd/CHANGES_2.3 Thu Jun 17 12:22:46 2010
@@ -1,9 +1,264 @@
- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
+
+Changes with Apache 2.3.6
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
+ attack when compiled against OpenSSL version 0.9.8m or later. Introduces
+ the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
+ and offer unsafe legacy renegotiation with clients which do not yet
+ support the new secure renegotiation protocol, RFC 5746.
+ [Joe Orton, and with thanks to the OpenSSL Team]
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
+ by rejecting any client-initiated renegotiations. Forcibly disable
+ keepalive for the connection if there is any buffered data readable. Any
+ configuration which requires renegotiation for per-directory/location
+ access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
+ [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
+
+ *) SECURITY: CVE-2010-0408 (cve.mitre.org)
+ mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
+ when request headers indicate a request body is incoming; not a case of
+ HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
+
+ *) SECURITY: CVE-2010-0425 (cve.mitre.org)
+ mod_isapi: Do not unload an isapi .dll module until the request
+ processing is completed, avoiding orphaned callback pointers.
+ [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
+
+ *) core: Filter init functions are now run strictly once per request
+ before handler invocation. The init functions are no longer run
+ for connection filters. PR 49328. [Joe Orton]
+
+ *) core: Adjust the output filter chain correctly in an internal
+ redirect from a subrequest, preserving filters from the main
+ request as necessary. PR 17629. [Joe Orton]
+
+ *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
+ Response if they so choose to do so. Previously an attempt to cache a 206
+ was arbitrarily allowed if the response contained an Expires or
+ Cache-Control header, and arbitrarily denied if both headers were missing.
+ [Graham Leggett]
+
+ *) core: Add microsecond timestamp fractions, process id and thread id
+ to the error log. [Rainer Jung]
+
+ *) configure: The "most" module set gets build by default. [Rainer Jung]
+
+ *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
+
+ *) configure: Fix broken VPATH build when using included APR.
+ [Rainer Jung]
+
+ *) mod_session_crypto: Fix configure problem when building
+ with APR 2 and for VPATH builds with included APR.
+ [Rainer Jung]
+
+ *) mod_session_crypto: API compatibility with APR 2 crypto and
+ APR Util 1.x crypto. [Rainer Jung]
+
+ *) ab: Fix memory leak with -v2 and SSL. PR 49383.
+ [Pavel Kankovsky <peak argo troja mff cuni cz>]
+
+ *) core: Add per-module and per-directory loglevel configuration.
+ Add some more trace logging.
+ mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
+ mod_ssl: Replace LogLevelDebugDump with trace log levels.
+ mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
+ and debug.
+ mod_dumpio: Replace DumpIOLogLevel with trace log levels.
+ [Stefan Fritsch]
+
+ *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
+ title page only) when any mod_ldap directives were used in VirtualHost
+ context. [Eric Covener]
+
+ *) mod_disk_cache: Decline the opportunity to cache if the response is
+ a 206 Partial Content. This stops a reverse proxied partial response
+ from becoming cached, and then being served in subsequent responses.
+ [Graham Leggett]
+
+ *) mod_deflate: avoid the risk of forwarding data before headers are set.
+ PR 49369 [Matthew Steele <mdsteele google.com>]
+
+ *) mod_authnz_ldap: Ensure nested groups are checked when the
+ top-level group doesn't have any direct non-group members
+ of attributes in AuthLDAPGroupAttribute. [Eric Covener]
+
+ *) mod_authnz_ldap: Search or Comparison during authorization phase
+ can use the credentials from the authentication phase
+ (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
+ PR 48340 [Domenico Rotiroti, Eric Covener]
+
+ *) mod_authnz_ldap: Allow the initial DN search during authentication
+ to use the HTTP username/pass instead of an anonymous or hard-coded
+ LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
+ [Eric Covener]
+
+ *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
+ when this module is used for authorization. See AuthLDAPAuthorizePrefix.
+ PR 45584 [Eric Covener]
+
+ *) apxs -q: Stop filtering out ':' characters from the reported values.
+ PR 45343. [Bill Cole]
+
+ *) prefork MPM: Run cleanups for final request when process exits gracefully.
+ PR 43857. [Tom Donovan]
+
+ *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
+ [Bryn Dole <dole blekko.com>]
+
+ *) Log an error for failures to read a chunk-size, and return 408 instead of
+ 413 when this is due to a read timeout. This change also fixes some cases
+ of two error documents being sent in the response for the same scenario.
+ [Eric Covener] PR49167
+
+ *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
+ to control/set the nonce used in the balancer-manager application.
+ [Jim Jagielski]
+
+ *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
+ [Stefan Fritsch]
+
+ *) Proxy balancer: support setting error status according to HTTP response
+ code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
+
+ *) htcacheclean: Introduce the ability to clean specific URLs from the
+ cache, if provided as an optional parameter on the command line.
+ [Graham Leggett]
+
+ *) core: Introduce the IncludeStrict directive, which explicitly fails
+ server startup if no files or directories match a wildcard path.
+ [Graham Leggett]
+
+ *) htcacheclean: Report additional statistics about entries deleted.
+ PR 48944. [Mark Drayton mark markdrayton.info]
+
+ *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
+ builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
+ build of openssl is required for 'SSLFIPS on'. PR 46270.
+ [Dr Stephen Henson <steve openssl.org>, William Rowe]
+
+ *) mod_proxy_http: Log the port of the remote server in various messages.
+ PR 48812. [Igor GaliÄ <i galic brainsware org>]
+
+ *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
+ connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
+
+ *) mod_proxy_ajp: Really regard the operation a success, when the client
+ aborted the connection. In addition adjust the log message if the client
+ aborted the connection. [Ruediger Pluem]
+
+ *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
+ allows insecure renegotiation with clients which do not yet
+ support the secure renegotiation protocol. [Joe Orton]
+
+ *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
+ is configured for client cert auth. PR 46952. [Joe Orton]
+
+ *) core: Only log a 408 if it is no keepalive timeout. PR 39785
+ [Ruediger Pluem, Mark Montague <markmont umich.edu>]
+
+ *) support/rotatelogs: Add -L option to create a link to the current
+ log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
+
+ *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
+ setting only, matching most of the documentation and examples.
+ PR 46541 [Paul Reder, Eric Covener]
+
+ *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
+ types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
+
+ *) mod_negotiation: Preserve query string over multiviews negotiation.
+ This buglet was fixed for type maps in 2.2.6, but the same issue
+ affected multiviews and was overlooked.
+ PR 33112 [Joergen Thomsen <apache jth.net>]
+
+ *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
+ when some are not password-protected. [Eric Covener]
+
+ *) Fix startup segfault when the Mutex directive is used but no loaded
+ modules use httpd mutexes. PR 48787. [Jeff Trawick]
+
+ *) Proxy: get the headers right in a HEAD request with
+ ProxyErrorOverride, by checking for an overridden error
+ before not after going into a catch-all code path.
+ PR 41646. [Nick Kew, Stuart Children]
+
+ *) support/rotatelogs: Support the simplest log rotation case, log
+ truncation. Useful when the log is being processed in real time
+ using a command like tail. [Graham Leggett]
+
+ *) support/htcacheclean: Teach it how to write a pid file (modelled on
+ httpd's writing of a pid file) so that it becomes possible to run
+ more than one instance of htcacheclean on the same machine.
+ [Graham Leggett]
+
+ *) Log command line on startup, so there's a record of command line
+ arguments like -f. PR 48752. [Dan Poirier]
+
+ *) Introduce mod_reflector, a handler capable of reflecting POSTed
+ request bodies back within the response through the output filter
+ stack. Can be used to turn an output filter into a web service.
+ [Graham Leggett]
+
+ *) mod_proxy_http: Make sure that when an ErrorDocument is served
+ from a reverse proxied URL, that the subrequest respects the status
+ of the original request. This brings the behaviour of proxy_handler
+ in line with default_handler. PR 47106. [Graham Leggett]
+
+ *) Support wildcards in both the directory and file components of
+ the path specified by the Include directive. [Graham Leggett]
+
+ *) mod_proxy, mod_proxy_http: Support remote https proxies
+ by using HTTP CONNECT. PR 19188.
+ [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
+
+ *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
+ [Philip M. Gollucci]
+
+ *) worker: Don't report server has reached MaxClients until it has.
+ Add message when server gets within MinSpareThreads of MaxClients.
+ PR 46996. [Dan Poirier]
+
+ *) mod_session: Session expiry was being initialised, but not updated
+ on each session save, resulting in timed out sessions when there
+ should not have been. Fixed. [Graham Leggett]
+
+ *) mod_log_config: Add the R option to log the handler used within the
+ request. [Christian Folini <christian.folini netnea com>]
+
+ *) mod_include: Allow fine control over the removal of Last-Modified and
+ ETag headers within the INCLUDES filter, making it possible to cache
+ responses if desired. Fix the default value of the SSIAccessEnable
+ directive. [Graham Leggett]
+
+ *) Add new UnDefine directive to undefine a variable. PR 35350.
+ [Stefan Fritsch]
+
+ *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
+ for regex backreferences as mod_rewrite and mod_include: Remove the use
+ of '&' as an alias for '$0' and allow to escape any character with a
+ backslash. PR 48351. [Stefan Fritsch]
+
+ *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
+ password to UTF-8. PR 45318.
+ [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
+
+ *) ab: Fix calculation of requests per second in HTML output. PR 48594.
+ [Stefan Fritsch]
+
+ *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
+ password now result in an informational level log entry instead of
+ warning level. [Eric Covener]
Changes with Apache 2.3.5
- *) Ensure each subrequest has a shallow copy of headers_in so that the
- parent request headers are not corrupted. Elimiates a problematic
+ *) SECURITY: CVE-2010-0434 (cve.mitre.org)
+ Ensure each subrequest has a shallow copy of headers_in so that the
+ parent request headers are not corrupted. Eliminates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]
@@ -23,7 +278,7 @@
*) mod_cache: Do an exact match of the keys defined by
CacheIgnoreURLSessionIdentifiers against the querystring instead of
- a partial match. PR 48401.i
+ a partial match. PR 48401.
[Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
*) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
Added: release/httpd/CHANGES_2.3.6
==============================================================================
--- release/httpd/CHANGES_2.3.6 (added)
+++ release/httpd/CHANGES_2.3.6 Thu Jun 17 12:22:46 2010
@@ -0,0 +1,273 @@
+ -*- coding: utf-8 -*-
+
+Changes with Apache 2.3.6
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
+ attack when compiled against OpenSSL version 0.9.8m or later. Introduces
+ the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
+ and offer unsafe legacy renegotiation with clients which do not yet
+ support the new secure renegotiation protocol, RFC 5746.
+ [Joe Orton, and with thanks to the OpenSSL Team]
+
+ *) SECURITY: CVE-2009-3555 (cve.mitre.org)
+ mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
+ by rejecting any client-initiated renegotiations. Forcibly disable
+ keepalive for the connection if there is any buffered data readable. Any
+ configuration which requires renegotiation for per-directory/location
+ access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
+ [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
+
+ *) SECURITY: CVE-2010-0408 (cve.mitre.org)
+ mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
+ when request headers indicate a request body is incoming; not a case of
+ HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
+
+ *) SECURITY: CVE-2010-0425 (cve.mitre.org)
+ mod_isapi: Do not unload an isapi .dll module until the request
+ processing is completed, avoiding orphaned callback pointers.
+ [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
+
+ *) core: Filter init functions are now run strictly once per request
+ before handler invocation. The init functions are no longer run
+ for connection filters. PR 49328. [Joe Orton]
+
+ *) core: Adjust the output filter chain correctly in an internal
+ redirect from a subrequest, preserving filters from the main
+ request as necessary. PR 17629. [Joe Orton]
+
+ *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
+ Response if they so choose to do so. Previously an attempt to cache a 206
+ was arbitrarily allowed if the response contained an Expires or
+ Cache-Control header, and arbitrarily denied if both headers were missing.
+ [Graham Leggett]
+
+ *) core: Add microsecond timestamp fractions, process id and thread id
+ to the error log. [Rainer Jung]
+
+ *) configure: The "most" module set gets build by default. [Rainer Jung]
+
+ *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
+
+ *) configure: Fix broken VPATH build when using included APR.
+ [Rainer Jung]
+
+ *) mod_session_crypto: Fix configure problem when building
+ with APR 2 and for VPATH builds with included APR.
+ [Rainer Jung]
+
+ *) mod_session_crypto: API compatibility with APR 2 crypto and
+ APR Util 1.x crypto. [Rainer Jung]
+
+ *) ab: Fix memory leak with -v2 and SSL. PR 49383.
+ [Pavel Kankovsky <peak argo troja mff cuni cz>]
+
+ *) core: Add per-module and per-directory loglevel configuration.
+ Add some more trace logging.
+ mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
+ mod_ssl: Replace LogLevelDebugDump with trace log levels.
+ mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
+ and debug.
+ mod_dumpio: Replace DumpIOLogLevel with trace log levels.
+ [Stefan Fritsch]
+
+ *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
+ title page only) when any mod_ldap directives were used in VirtualHost
+ context. [Eric Covener]
+
+ *) mod_disk_cache: Decline the opportunity to cache if the response is
+ a 206 Partial Content. This stops a reverse proxied partial response
+ from becoming cached, and then being served in subsequent responses.
+ [Graham Leggett]
+
+ *) mod_deflate: avoid the risk of forwarding data before headers are set.
+ PR 49369 [Matthew Steele <mdsteele google.com>]
+
+ *) mod_authnz_ldap: Ensure nested groups are checked when the
+ top-level group doesn't have any direct non-group members
+ of attributes in AuthLDAPGroupAttribute. [Eric Covener]
+
+ *) mod_authnz_ldap: Search or Comparison during authorization phase
+ can use the credentials from the authentication phase
+ (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
+ PR 48340 [Domenico Rotiroti, Eric Covener]
+
+ *) mod_authnz_ldap: Allow the initial DN search during authentication
+ to use the HTTP username/pass instead of an anonymous or hard-coded
+ LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
+ [Eric Covener]
+
+ *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
+ when this module is used for authorization. See AuthLDAPAuthorizePrefix.
+ PR 45584 [Eric Covener]
+
+ *) apxs -q: Stop filtering out ':' characters from the reported values.
+ PR 45343. [Bill Cole]
+
+ *) prefork MPM: Run cleanups for final request when process exits gracefully.
+ PR 43857. [Tom Donovan]
+
+ *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
+ [Bryn Dole <dole blekko.com>]
+
+ *) Log an error for failures to read a chunk-size, and return 408 instead of
+ 413 when this is due to a read timeout. This change also fixes some cases
+ of two error documents being sent in the response for the same scenario.
+ [Eric Covener] PR49167
+
+ *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
+ to control/set the nonce used in the balancer-manager application.
+ [Jim Jagielski]
+
+ *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
+ [Stefan Fritsch]
+
+ *) Proxy balancer: support setting error status according to HTTP response
+ code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
+
+ *) htcacheclean: Introduce the ability to clean specific URLs from the
+ cache, if provided as an optional parameter on the command line.
+ [Graham Leggett]
+
+ *) core: Introduce the IncludeStrict directive, which explicitly fails
+ server startup if no files or directories match a wildcard path.
+ [Graham Leggett]
+
+ *) htcacheclean: Report additional statistics about entries deleted.
+ PR 48944. [Mark Drayton mark markdrayton.info]
+
+ *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
+ builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
+ build of openssl is required for 'SSLFIPS on'. PR 46270.
+ [Dr Stephen Henson <steve openssl.org>, William Rowe]
+
+ *) mod_proxy_http: Log the port of the remote server in various messages.
+ PR 48812. [Igor GaliÄ <i galic brainsware org>]
+
+ *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
+ connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
+
+ *) mod_proxy_ajp: Really regard the operation a success, when the client
+ aborted the connection. In addition adjust the log message if the client
+ aborted the connection. [Ruediger Pluem]
+
+ *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
+ allows insecure renegotiation with clients which do not yet
+ support the secure renegotiation protocol. [Joe Orton]
+
+ *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
+ is configured for client cert auth. PR 46952. [Joe Orton]
+
+ *) core: Only log a 408 if it is no keepalive timeout. PR 39785
+ [Ruediger Pluem, Mark Montague <markmont umich.edu>]
+
+ *) support/rotatelogs: Add -L option to create a link to the current
+ log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
+
+ *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
+ setting only, matching most of the documentation and examples.
+ PR 46541 [Paul Reder, Eric Covener]
+
+ *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
+ types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
+
+ *) mod_negotiation: Preserve query string over multiviews negotiation.
+ This buglet was fixed for type maps in 2.2.6, but the same issue
+ affected multiviews and was overlooked.
+ PR 33112 [Joergen Thomsen <apache jth.net>]
+
+ *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
+ when some are not password-protected. [Eric Covener]
+
+ *) Fix startup segfault when the Mutex directive is used but no loaded
+ modules use httpd mutexes. PR 48787. [Jeff Trawick]
+
+ *) Proxy: get the headers right in a HEAD request with
+ ProxyErrorOverride, by checking for an overridden error
+ before not after going into a catch-all code path.
+ PR 41646. [Nick Kew, Stuart Children]
+
+ *) support/rotatelogs: Support the simplest log rotation case, log
+ truncation. Useful when the log is being processed in real time
+ using a command like tail. [Graham Leggett]
+
+ *) support/htcacheclean: Teach it how to write a pid file (modelled on
+ httpd's writing of a pid file) so that it becomes possible to run
+ more than one instance of htcacheclean on the same machine.
+ [Graham Leggett]
+
+ *) Log command line on startup, so there's a record of command line
+ arguments like -f. PR 48752. [Dan Poirier]
+
+ *) Introduce mod_reflector, a handler capable of reflecting POSTed
+ request bodies back within the response through the output filter
+ stack. Can be used to turn an output filter into a web service.
+ [Graham Leggett]
+
+ *) mod_proxy_http: Make sure that when an ErrorDocument is served
+ from a reverse proxied URL, that the subrequest respects the status
+ of the original request. This brings the behaviour of proxy_handler
+ in line with default_handler. PR 47106. [Graham Leggett]
+
+ *) Support wildcards in both the directory and file components of
+ the path specified by the Include directive. [Graham Leggett]
+
+ *) mod_proxy, mod_proxy_http: Support remote https proxies
+ by using HTTP CONNECT. PR 19188.
+ [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
+
+ *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
+ [Philip M. Gollucci]
+
+ *) worker: Don't report server has reached MaxClients until it has.
+ Add message when server gets within MinSpareThreads of MaxClients.
+ PR 46996. [Dan Poirier]
+
+ *) mod_session: Session expiry was being initialised, but not updated
+ on each session save, resulting in timed out sessions when there
+ should not have been. Fixed. [Graham Leggett]
+
+ *) mod_log_config: Add the R option to log the handler used within the
+ request. [Christian Folini <christian.folini netnea com>]
+
+ *) mod_include: Allow fine control over the removal of Last-Modified and
+ ETag headers within the INCLUDES filter, making it possible to cache
+ responses if desired. Fix the default value of the SSIAccessEnable
+ directive. [Graham Leggett]
+
+ *) Add new UnDefine directive to undefine a variable. PR 35350.
+ [Stefan Fritsch]
+
+ *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
+ for regex backreferences as mod_rewrite and mod_include: Remove the use
+ of '&' as an alias for '$0' and allow to escape any character with a
+ backslash. PR 48351. [Stefan Fritsch]
+
+ *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
+ password to UTF-8. PR 45318.
+ [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
+
+ *) ab: Fix calculation of requests per second in HTML output. PR 48594.
+ [Stefan Fritsch]
+
+ *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
+ password now result in an informational level log entry instead of
+ warning level. [Eric Covener]
+
+
+ [Apache 2.1.0-dev includes those bug fixes and changes with the
+ Apache 2.2.xx tree as documented, and except as noted, below.]
+
+Changes with Apache 2.2.x and later:
+
+ *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
+
+Changes with Apache 2.0.x and later:
+
+ *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
+
+Changes with Apache 1.3.x and later:
+
+ *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup
+
+
Added: release/httpd/httpd-2.3.6-deps.tar.bz2
==============================================================================
Binary file - no diff available.
Propchange: release/httpd/httpd-2.3.6-deps.tar.bz2
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: release/httpd/httpd-2.3.6-deps.tar.bz2.asc
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.bz2.asc (added)
+++ release/httpd/httpd-2.3.6-deps.tar.bz2.asc Thu Jun 17 12:22:46 2010
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (Darwin)
+
+iD8DBQBMEikrizpgHwjJdeURAkZ6AJ984VCZ4ZxdkdMpQ2mcCEgZxXanugCfVL+y
+hqWxt8kmujHXtfLoEg4gJco=
+=0vOh
+-----END PGP SIGNATURE-----
Added: release/httpd/httpd-2.3.6-deps.tar.bz2.md5
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.bz2.md5 (added)
+++ release/httpd/httpd-2.3.6-deps.tar.bz2.md5 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+4005207fd52e5a71e0547f2a97ac42a9 *httpd-2.3.6-deps.tar.bz2
Added: release/httpd/httpd-2.3.6-deps.tar.bz2.sha1
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.bz2.sha1 (added)
+++ release/httpd/httpd-2.3.6-deps.tar.bz2.sha1 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+b1165e90475dfd81a31672b7973a7b0a2204036c *httpd-2.3.6-deps.tar.bz2
Added: release/httpd/httpd-2.3.6-deps.tar.gz
==============================================================================
Binary file - no diff available.
Propchange: release/httpd/httpd-2.3.6-deps.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: release/httpd/httpd-2.3.6-deps.tar.gz.asc
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.gz.asc (added)
+++ release/httpd/httpd-2.3.6-deps.tar.gz.asc Thu Jun 17 12:22:46 2010
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (Darwin)
+
+iD8DBQBMEikkizpgHwjJdeURAr8zAKCcgwlmbAFuaIeWwYJ1oy3osLYGWACgjg9t
+KbT3V8KHE5qF/pifCVCSRXs=
+=BUlF
+-----END PGP SIGNATURE-----
Added: release/httpd/httpd-2.3.6-deps.tar.gz.md5
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.gz.md5 (added)
+++ release/httpd/httpd-2.3.6-deps.tar.gz.md5 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+960e6766c149ae4f7364e6a4cb34c233 *httpd-2.3.6-deps.tar.gz
Added: release/httpd/httpd-2.3.6-deps.tar.gz.sha1
==============================================================================
--- release/httpd/httpd-2.3.6-deps.tar.gz.sha1 (added)
+++ release/httpd/httpd-2.3.6-deps.tar.gz.sha1 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+d4fa43377732f96174704f55c2a8ded86518d3bc *httpd-2.3.6-deps.tar.gz
Added: release/httpd/httpd-2.3.6.tar.bz2
==============================================================================
Binary file - no diff available.
Propchange: release/httpd/httpd-2.3.6.tar.bz2
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: release/httpd/httpd-2.3.6.tar.bz2.asc
==============================================================================
--- release/httpd/httpd-2.3.6.tar.bz2.asc (added)
+++ release/httpd/httpd-2.3.6.tar.bz2.asc Thu Jun 17 12:22:46 2010
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (Darwin)
+
+iD8DBQBMEikdizpgHwjJdeURAi2eAKCzD4E8t2uZKz699wd6V5uCms74uwCeMvsn
+hAbpU3vN5F4F0OgwiJtXr+4=
+=09AC
+-----END PGP SIGNATURE-----
Added: release/httpd/httpd-2.3.6.tar.bz2.md5
==============================================================================
--- release/httpd/httpd-2.3.6.tar.bz2.md5 (added)
+++ release/httpd/httpd-2.3.6.tar.bz2.md5 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+298c96c3ce2b69545a823ce2e54e02bf *httpd-2.3.6.tar.bz2
Added: release/httpd/httpd-2.3.6.tar.bz2.sha1
==============================================================================
--- release/httpd/httpd-2.3.6.tar.bz2.sha1 (added)
+++ release/httpd/httpd-2.3.6.tar.bz2.sha1 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+09cf1f6996e2c8213fd71b3bbb05ebbc18462289 *httpd-2.3.6.tar.bz2
Added: release/httpd/httpd-2.3.6.tar.gz
==============================================================================
Binary file - no diff available.
Propchange: release/httpd/httpd-2.3.6.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: release/httpd/httpd-2.3.6.tar.gz.asc
==============================================================================
--- release/httpd/httpd-2.3.6.tar.gz.asc (added)
+++ release/httpd/httpd-2.3.6.tar.gz.asc Thu Jun 17 12:22:46 2010
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (Darwin)
+
+iD8DBQBMEikMizpgHwjJdeURAjyjAKCUJ+QnLg8+qBv8eFdSGolh+VqnFgCgtaGc
+Wh+WE+Poa5SeL3wa9VhbIhQ=
+=ywvi
+-----END PGP SIGNATURE-----
Added: release/httpd/httpd-2.3.6.tar.gz.md5
==============================================================================
--- release/httpd/httpd-2.3.6.tar.gz.md5 (added)
+++ release/httpd/httpd-2.3.6.tar.gz.md5 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+5b49ec47d751c473dce59bbe1e66166e *httpd-2.3.6.tar.gz
Added: release/httpd/httpd-2.3.6.tar.gz.sha1
==============================================================================
--- release/httpd/httpd-2.3.6.tar.gz.sha1 (added)
+++ release/httpd/httpd-2.3.6.tar.gz.sha1 Thu Jun 17 12:22:46 2010
@@ -0,0 +1 @@
+e1acf01caae87e9391055bcbe6661cac688862eb *httpd-2.3.6.tar.gz