You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2009/12/04 00:18:54 UTC
svn commit: r38 - /release/httpd/
Author: pquerna
Date: Thu Dec 3 18:18:52 2009
New Revision: 38
Log:
Add release tarballs for 2.3.4.
Added:
release/httpd/httpd-2.3.4-alpha-deps.tar.bz2
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.bz2
release/httpd/httpd-2.3.4-alpha-deps.tar.bz2.asc
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.bz2.asc
release/httpd/httpd-2.3.4-alpha-deps.tar.bz2.md5
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.bz2.md5
release/httpd/httpd-2.3.4-alpha-deps.tar.bz2.sha1
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.bz2.sha1
release/httpd/httpd-2.3.4-alpha-deps.tar.gz
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.gz
release/httpd/httpd-2.3.4-alpha-deps.tar.gz.asc
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.gz.asc
release/httpd/httpd-2.3.4-alpha-deps.tar.gz.md5
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.gz.md5
release/httpd/httpd-2.3.4-alpha-deps.tar.gz.sha1
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha-deps.tar.gz.sha1
release/httpd/httpd-2.3.4-alpha.tar.bz2
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.bz2
release/httpd/httpd-2.3.4-alpha.tar.bz2.asc
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.bz2.asc
release/httpd/httpd-2.3.4-alpha.tar.bz2.md5
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.bz2.md5
release/httpd/httpd-2.3.4-alpha.tar.bz2.sha1
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.bz2.sha1
release/httpd/httpd-2.3.4-alpha.tar.gz
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.gz
release/httpd/httpd-2.3.4-alpha.tar.gz.asc
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.gz.asc
release/httpd/httpd-2.3.4-alpha.tar.gz.md5
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.gz.md5
release/httpd/httpd-2.3.4-alpha.tar.gz.sha1
- copied unchanged from r37, dev/httpd/httpd-2.3.4-alpha.tar.gz.sha1
Modified:
release/httpd/CHANGES_2.3
Modified: release/httpd/CHANGES_2.3
==============================================================================
--- release/httpd/CHANGES_2.3 (original)
+++ release/httpd/CHANGES_2.3 Thu Dec 3 18:18:52 2009
@@ -1,5 +1,335 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.3.4
+
+ *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
+ and WatchdogMutexPath with a single Mutex directive. Add APIs to
+ simplify setup and user customization of APR proc and global mutexes.
+ (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
+ respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
+
+ *) http_core: KeepAlive no longer accepts other than On|Off.
+ [Takashi Sato]
+
+ *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
+ and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
+ [Jeff Trawick]
+
+ *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
+ try other providers in the case of an LDAP bind failure.
+ PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
+
+ *) Build: fix --with-module to work as documented
+ PR 43881 [Gez Saunders <gez.saunders virgin.net>]
+
+Changes with Apache 2.3.3
+
+ *) SECURITY: CVE-2009-3095 (cve.mitre.org)
+ mod_proxy_ftp: sanity check authn credentials.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
+ *) SECURITY: CVE-2009-3094 (cve.mitre.org)
+ mod_proxy_ftp: NULL pointer dereference on error paths.
+ [Stefan Fritsch <sf fritsch.de>, Joe Orton]
+
+ *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
+ OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
+
+ *) mod_dav: Include uri when logging a PUT error due to connection abort.
+ PR 38149. [Stefan Fritsch]
+
+ *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
+ resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
+
+ *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
+ (a COPY request where the parent of the destination resource does not
+ exist). PR 39299. [Stefan Fritsch]
+
+ *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
+ PR 42896. [Stefan Fritsch]
+
+ *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
+ old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
+
+ *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
+ creating files. On systems with inode numbers, this is a format change of
+ the DavLockDB. The old DavLockDB must be deleted on upgrade.
+ [Stefan Fritsch]
+
+ *) mod_log_config: Make ${cookie}C correctly match whole cookie names
+ instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
+ Stefan Fritsch]
+
+ *) vhost: A purely-numeric Host: header should not be treated as a port.
+ PR 44979 [Nick Kew]
+
+ *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
+ when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
+ LDAPReferralHopLimit is explicitly configured.
+ [Eric Covener]
+
+ *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
+ [Eric Covener]
+
+ *) mod_ssl: Add support for OCSP Stapling. PR 43822.
+ [Dr Stephen Henson <shenson oss-institute.org>]
+
+ *) mod_socache_shmcb: Allow parens in file name if cache size is given.
+ Fixes SSLSessionCache directive mis-parsing parens in pathname.
+ PR 47945. [Stefan Fritsch]
+
+ *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
+
+ *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
+
+ *) mod_sed: Reduce memory consumption when processing very long lines.
+ PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
+
+ *) ab: Fix segfault in case the argument for -n is a very large number.
+ PR 47178. [Philipp Hagemeister <oss phihag.de>]
+
+ *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
+ [Stefan Fritsch]
+
+ *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
+ for worker MPM. [Takashi Sato]
+
+ *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
+ from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
+ Brian France <brian brianfrance.com>]
+
+ *) Build: Use install instead of cp if available on installing
+ modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
+
+ *) mod_cache: correctly consider s-maxage in cacheability
+ decisions. [Dan Poirier]
+
+ *) mod_logio/core: Report more accurate byte counts in mod_status if
+ mod_logio is loaded. PR 25656. [Stefan Fritsch]
+
+ *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
+ some cache entries and log a warning. Also increase the default
+ LDAPSharedCacheSize to 500000. This is a more realistic size suitable
+ for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
+ PR 46749. [Stefan Fritsch]
+
+ *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
+ the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
+
+ *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
+ Location section, in line with how ProxyPass works. [Graham Leggett]
+
+ *) mod_reqtimeout: New module to set timeouts and minimum data rates for
+ receiving requests from the client. [Stefan Fritsch]
+
+ *) core: Fix potential memory leaks by making sure to not destroy
+ bucket brigades that have been created by earlier filters.
+ [Stefan Fritsch]
+
+ *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
+ brigades in several places. [Stefan Fritsch]
+
+ *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
+ match by scheme, or by a wildcarded hostname. PR 40169
+ [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
+
+ *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
+ on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
+
+ *) mod_mime: Make RemoveType override the info from TypesConfig.
+ PR 38330. [Stefan Fritsch]
+
+ *) mod_cache: Introduce the option to run the cache from within the
+ normal request handler, and to allow fine grained control over
+ where in the filter chain content is cached. [Graham Leggett]
+
+ *) core: Treat timeout reading request as 408 error, not 400.
+ Log 408 errors in access log as was done in Apache 1.3.x.
+ PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
+ Stefan Fritsch <sf fritsch.de>, Dan Poirier]
+
+ *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
+ SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
+ [Peter Sylvester <peter.sylvester edelweb.fr>]
+
+ *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
+ PR15866. [Dan Poirier]
+
+ *) ab: ab segfaults in verbose mode on https sites
+ PR46393. [Ryan Niebur]
+
+ *) mod_dav: Allow other modules to become providers and add resource types
+ to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
+ Brian France <brian brianfrance.com>]
+
+ *) mod_dav: Allow other modules to add things to the DAV or Allow headers
+ of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
+ Brian France <brian brianfrance.com>]
+
+ *) core: Lower memory usage of core output filter.
+ [Stefan Fritsch <sf sfritsch.de>]
+
+ *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
+ LocationMatch sections. PR47754. [Dan Poirier]
+
+ *) mod_request: Make sure the KeptBodySize directive rejects values
+ that aren't valid numbers. [Graham Leggett]
+
+ *) mod_session_crypto: Sanity check should the potentially encrypted
+ session cookie be too short. [Graham Leggett]
+
+ *) mod_session.c: Prevent a segfault when session is added but not
+ configured. [Graham Leggett]
+
+ *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
+
+ *) mod_auth_digest: Fail server start when nonce count checking
+ is configured without shared memory, or md5-sess algorithm is
+ configured. [Dan Poirier]
+
+ *) mod_proxy_connect: The connect method doesn't work if the client is
+ connecting to the apache proxy through an ssl socket. Fixed.
+ PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
+ David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
+ Kevin Croft, Rudolf Cardinal]
+
+ *) mod_ssl: The error message when SSLCertificateFile is missing should
+ at least give the name or position of the problematic virtual host
+ definition. [Stefan Fritsch sf sfritsch.de]
+
+ *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
+
+ *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
+
+ *) mod_headers: generalise the envclause to support expression
+ evaluation with ap_expr parser [Nick Kew]
+
+ *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
+ the flood of requests at bay that strike a backend webserver as
+ a cached entity goes stale. [Graham Leggett]
+
+ *) mod_auth_digest: Fix usage of shared memory and re-enable it.
+ PR 16057 [Dan Poirier]
+
+ *) Preserve Port information over internal redirects
+ PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]
+
+ *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
+ rather than BAD_GATEWAY or (especially) NOT_FOUND.
+ PR 46971 [evanc nortel.com]
+
+ *) Various modules: Do better checking of pollset operations in order to
+ avoid segmentation faults if they fail. PR 46467
+ [Stefan Fritsch <sf sfritsch.de>]
+
+ *) mod_autoindex: Correctly create an empty cell if the description
+ for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
+
+ *) ab: Fix broken error messages after resolver or connect() failures.
+ [Jeff Trawick]
+
+ *) SECURITY: CVE-2009-1890 (cve.mitre.org)
+ Fix a potential Denial-of-Service attack against mod_proxy in a
+ reverse proxy configuration, where a remote attacker can force a
+ proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
+
+ *) SECURITY: CVE-2009-1191 (cve.mitre.org)
+ mod_proxy_ajp: Avoid delivering content from a previous request which
+ failed to send a request body. PR 46949 [Ruediger Pluem]
+
+ *) htdbm: Fix possible buffer overflow if dbm database has very
+ long values. PR 30586 [Dan Poirier]
+
+ *) core: Return APR_EOF if request body is shorter than the length announced
+ by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
+
+ *) mod_suexec: correctly set suexec_enabled when httpd is run by a
+ non-root user and may have insufficient permissions.
+ PR 42175 [Jim Radford <radford blackbean.org>]
+
+ *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
+ type. PR 45107. [Michael Ströder <michael stroeder.com>,
+ Peter Sylvester <peter.sylvester edelweb.fr>]
+
+ *) mod_proxy_http: fix case sensitivity checking transfer encoding
+ PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
+
+ *) mod_alias: ensure Redirect issues a valid URL.
+ PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
+
+ *) mod_dir: add FallbackResource directive, to enable admin to specify
+ an action to happen when a URL maps to no file, without resorting
+ to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
+
+ *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
+ CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
+
+ *) mod_rewrite: Remove locking for writing to the rewritelog.
+ PR 46942 [Dan Poirier <poirier pobox.com>]
+
+ *) mod_alias: check sanity in Redirect arguments.
+ PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
+
+ *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
+ PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
+
+ *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
+ defined session identifiers encoded in the URL when caching.
+ [Ruediger Pluem]
+
+ *) mod_rewrite: Fix the error string returned by RewriteRule.
+ RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
+ argument of RewriteRule was not started with "[" or not ended with "]".
+ PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
+
+ *) Windows: Fix usage message.
+ [Rainer Jung]
+
+ *) apachectl: When passing through arguments to httpd in
+ non-SysV mode, use the "$@" syntax to preserve arguments.
+ [Eric Covener]
+
+ *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
+ be run when a connection is opened. PR 46827
+ [Marko Kevac <mkevac gmail.com>]
+
+ *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
+ PR 47037. [Jeff Trawick]
+
+ *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
+ protocol. [Mladen Turk]
+
+ *) mod_proxy_ajp: Forward remote port information by default.
+ [Rainer Jung]
+
+ *) Allow MPMs to be loaded dynamically, as with most other modules. Use
+ --enable-mpms-shared={list|"all"} to enable. This required changes to
+ the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
+ header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
+ ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
+ called until after the register-hooks phase. [Jeff Trawick]
+
+ *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
+ to enable stricter checking of remote server certificates.
+ [Ruediger Pluem]
+
+ *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
+ returns EINPROGRESS and a subsequent poll() returns only POLLERR.
+ Observed on HP-UX. [Eric Covener]
+
+ *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
+ as A/UX, Next, and Tandem. [Jeff Trawick]
+
+ *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
+ globbing characters to be retrieved instead of converted into a
+ directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
+
+ *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
+ of module state across unload/load. [Jeff Trawick]
+
+ *) mod_substitute: Fix a memory leak. PR 44948
+ [Dan Poirier <poirier pobox.com>]
+
Changes with Apache 2.3.2
*) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
@@ -388,7 +718,7 @@
*) core: fix origin checking in SymlinksIfOwnerMatch
PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
- *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
+ *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
'most' set for '--enable-modules' and '--enable-shared-mods'. Include
mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
@@ -636,3 +966,5 @@
Changes with Apache 1.3.x and later:
*) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup
+
+