You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2002/06/20 18:58:30 UTC
Fwd: Re: [ANNOUNCE] Apache 2.0.39 Released
A response to our announce from the front. I don't recognize the problem,
perhaps someone else will.
Kevin, you may want to follow up with a bug report to
http://nagoya.apache.org/bugzilla/
as we've closed down email bug reporting through bugs.apache.org.
Your report is a little sparse on details, please add some specifics before
filing a bug report.
Bill
>Date: Wed, 19 Jun 2002 15:24:16 -0600
>From: "Kevin Dahl" <KD...@sidney.ars.usda.gov>
>To: <bu...@apache.org>, <wr...@apache.org>
>Subject: Re: [ANNOUNCE] Apache 2.0.39 Released
>
>FYI......
>
>Installing v2.0.39 broke my perl scripts ability to
>run.........(ActivePerl v5.6.1.632).....uninstalling 2.0.39 and
>installing 2.0.36 allowed them to work again.........thought you might
>want to know.........
>
>I saw this once before with v 1.3.12 I believe..........installing
>1.3.14 broke the functionality and reinstalling 1.3.12 allowed them to
>work again........all installations after 1.3.14 worked
>fine............
>
>
>K-Dee
>
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>** Kevin Dahl
>** Computer Specialist
>** USDA / ARS / Northern Plains Ag Research Lab
>** http://www.sidney.ars.usda.gov/
>** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
> >>> <wr...@apache.org> 6/18/2002 5:53:49 PM >>>
>The Apache HTTP Server Project is proud to announce the third public
>release of Apache 2.0. Apache 2.0 has been running on the Apache.org
>website since December of 2000 and has proven to be very reliable.
>
>This version of Apache is principally a security and bug fix
>release. A summary of the bug fixes is given at the end of this
>document.
>Of particular note is that 2.0.39 addresses and fixes the issues noted
>in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a
>vulnerability
>in the handling of chunked transfer encoding. We would like to thank
>Mark Litchfield of ngssoftware.com for discovering and reporting the
>vulnerability.
>
>Apache 2.0 offers numerous enhancements, improvements and performance
>boosts over the 1.3 codebase. The most visible and noteworthy addition
>is the ability to run Apache in a hybrid thread/process mode on any
>platform that supports both threads and processes. This has shown to
>improve the scalability of the Apache HTTP Server significantly in
>our testing. Apache 2.0 also includes support for filtered I/O. This
>allows modules to modify the output of other modules before it is
>sent to the client. We have also included support for IPv6 on any
>platform that supports IPv6.
>
>This version of Apache is known to work on many versions of Unix,
>BeOS,
>OS/2, Windows, and Netware. Because of many of the advancements in
>Apache 2.0, the initial release of Apache is expected to perform
>equally
>well on all supported platforms.
>
>There are new snapshots of the Apache httpd source available every 6
>hours from http://cvs.apache.org/snapshots/ - please download and test
>if you feel brave. We don't guarantee anything except that it will
>take up disk space, but if you have the time and skills, please
>give it a spin on your platforms.
>
>Apache has been the most popular web server on the Internet since
>April of 1996. The March 2002 WWW server site survey by Netcraft (see
>http://www.netcraft.com/survey/) found that more web servers were
>using Apache than any other software; Apache runs on more than 54%
>of the web servers on the Internet.
>
>For more information and to download the release tarballs, please
>visit http://httpd.apache.org/
>
>
>Changes since 2.0.36
>---------------------------------------------
>
>Changes with Apache 2.0.39
>
> *) Fixed a build problem in htpasswd.c on Win32.
> [Guenter Knauf <ef...@gmx.net>, Cliff Woolley]
>
>Changes with Apache 2.0.38
>
> *) Rewrite htpasswd to use APR. The removes the annoying warning
>about
> tmpnam being unsafe. [Ryan Bloom]
>
> *) We must set the MIME-type for .shtml files to text/html if we want
>them
> to be parsed for SSI tags. Add the config for that to the default
>
> config file so that it is easier to enable .shtml parsing.
> [Dave Dyer <dd...@real-me.net>]
>
> *) Fixed a problem with 'make install' on ReliantUnix.
> [Jean-frederic Clere <jf...@fujitsu-siemens.com>]
>
> *) Make the default_handler catch all requests that aren't served by
> another handler. This also gets us to return a 404 if a
>directory
> is requested, there is no DirectoryIndex, and mod_autoindex isn't
> loaded. [Justin Erenkrantz]
>
> *) Fixed the handling of nested if-statements in shtml files.
> PR 9866 [Brian Pane]
>
> *) Allow 'make install DESTDIR=/path'. This allows packagers to
>install
> into a directory different from the one that was configured. This
>
> also mirrors the root= feature from 1.3. We cannot use prefix=,
> because both APR and APR-util resolve their installation paths at
>
> configuration time. This means that there is no variable prefix
> to replace. [Andreas Hasenack <an...@netbank.com.br>]
>
> *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
> These levels of AIX don't have a thundering herd problem with
> accept(). [Jeff Trawick]
>
> *) prefork MPM: Ignore mutex errors during graceful restart. For
> certain types of mutexes (particularly SysV semaphores), we
> should expect to occasionally fail to obtain or release the
> mutex during restart processing. [Jeff Trawick]
>
> *) Fix install-bindist.sh so that it finds any perl instead of just
> early perl 5.x versions. This is consistent with a build/install
> from source, and it allows the perl scripts installed by a bindist
>
> to work on systems with perl 5.6. [Jeff Trawick]
>
> *) Fix apxs so that the makefile created by "apxs -g" works on AIX
>and
> Tru64 (and probably some other platforms). [Jeff Trawick]
>
> *) Allow CGI scripts to return their Content-Length. This also fixes
>a
> hang on HEAD requests seen on certain platforms (such as
>FreeBSD).
> [Justin Erenkrantz]
>
> *) Added log rotation based on file size to the RotateLog support
> utility. [Brad Nicholes]
>
> *) Fix some casting in mod_rewrite which broke random maps.
> PR 9770 [Allan Edwards, Greg Ames, Jeff Trawick]
>
>Changes with Apache 2.0.37
>
> *) allow POST method over SSL when per-directory client cert
> authentication is used with 'SSLOptions +OptRenegotiate' enabled
> and a client cert was found in the ssl session cache.
>
> *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
> session cache when there is no cert chain in the cache. prior to
> the fix this situation would result in a FORBIDDEN response and
> error message "Cannot find peer certificate chain"
> [Doug MacEachern]
>
> *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
> one was already sent. PR 9644 [Jeff Trawick]
>
> *) Fix the display of the default name for the mime types config
> file. PR 9729 [Matthew Brecknell <mb...@orchestream.com>]
>
> *) Fix the working directory *for WinNT/2K/XP services only* to
> change to the Apache directory (one level above the location
> of Apache.exe, in the case that Apache.exe resides in bin/.)
> Solves the case of ServerRoot /foo paths where /foo was not
> on the same drive as /winnt/system32. [William Rowe]
>
> *) Make 2.0's "AcceptMutex" startup message now "completely"
> match how 1.3 does it. [Jim Jagielski]
>
> *) Implement a fixed size memory cache using a priority queue
> [Ian Holsman]
>
> *) Fix apxs to allow "apxs -q installbuilddir" and to allow
> querying certain other variables from config_vars.mk. PR 9316
> [Jeff Trawick]
>
> *) Added the "detached" attribute to the cgi_exec_info_t internals
> so that Win32 and Netware won't create a new window or console
> for each CGI invoked. PR 8387
> [Brad Nicholes, William Rowe]
>
> *) Consolidated the command line parameters and attributes that are
> manipulated by the optional function ap_cgi_build_command() in
> mod_cgi into a single structure.
> [Brad Nicholes]
>
> *) Get rid of uninitialized value errors with "apxs -q" on certain
> variables. [Stas Bekman <st...@stason.org>]
>
> *) Fix apxs to allow it to work when the build directory is
>somewhere
> besides server-root/build. PR 8453
> [Jeff Trawick and a host of others]
>
> *) Allow ap_discard_request_body to be called multiple times in the
> same request. Essentially, ap_http_filter keeps track of whether
> it has sent an EOS bucket up the stack, if so, it will only ever
> send an EOS bucket for this request.
> [Ryan Bloom, Justin Erenkrantz, Greg Stein]
>
> *) Remove all special mod_ssl URIs. This also fixes the bug where
> redirecting (.*) will allow an SSL protected page to be viewed
> without SSL. [Ryan Bloom]
>
> *) Fix the binary build install script so that the build logic
> created by "apxs -g" will work when the user has a binary
> build. [Jeff Trawick]
>
> *) Allow instdso.sh to work with full paths to the shared module.
> [Justin Erenkrantz]
>
> *) NetWare: Enabled CGI functionality and added mod_cgi as a built
> in module for NetWare [Brad Nicholes]
>
> *) Changed cgi and piped log behavior to accept 65536 characters
> on Win32 (matching Linux) before deadlocking between outputing
> client stdin, slurping the output from stdout and then the stderr
> stream. PR 8179 [William Rowe]
>
> *) Fixed Win32 wintty.exe support to assure the window title is
>valid.
> Elimiates possible gpfault or garbage title without the -t
>option.
> [William Rowe]
>
> *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
> brigades and input filters. [Justin Erenkrantz]
>
> *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no
>request
> body. [Justin Erenkrantz]
>
> *) NetWare: Piping log entries through RotateLogs using the
> CustomLogs directive is finally supported now that we have
> the pipes and spawning functionality working.
> [Brad Nicholes]
>
> *) Detect overflow when reading the hex bytes forming a chunk line.
> [Aaron Bannert]
>
> *) Allow RewriteMap prg:'s to take command-line arguments. PR 8464.
> [James Tait <JT...@wyrddreams.demon.co.uk>]
>
> *) Correctly return 413 when an invalid chunk size is given on
> input. Also modify ap_discard_request_body to not do anything
> on sub-requests or when the connection will be dropped.
> [Justin Erenkrantz]
>
> *) Fix the TIME_* SSL var lookups to be threadsafe. PR 9469.
> [Cliff Woolley]
>
> *) Ensure that apr_brigade_write() flushes in all of the cases that
> it should to avoid conditions in some modules that could cause
> large amounts of data to be buffered. [Cliff Woolley]
>
> *) Fix problem where mod_cache/mod_disk_cache was incorrectly
> stripping the content_type from cached responses.
> [Bill Stoddard]
>
> *) apachectl passes through any httpd options. Note: apachectl
> should be used in preference to httpd since it ensures that any
> appropriate environment variables have been set up.
> [Jeff Trawick]
>
> *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
> PR 7810 [Colm MacCarthaigh <co...@redbrick.dcu.ie>]
>
> *) Fix suexec execution of CGI scripts from mod_include.
> PR 7791, 8291 [Colm MacCarthaigh <co...@redbrick.dcu.ie>]
>
> *) Fix segfaults at startup on some platforms when mod_auth_digest,
> mod_suexec, or mod_ssl were used as DSO's due to the way they
> were tracking the current init phase since DSO's get completely
> unloaded and reloaded between phases. PR 9413.
> [Tsuyoshi Sasamoto <na...@super.win.ne.jp>, Brad Nicholes]
>
> *) Fix mod_include's handling of regular expressions in
> "<!--#if" directives [Julius Gawlas <ju...@hp.com>]
>
> *) Fix the worker MPM deadlock problem [Brian Pane]
>
> *) Modify the module documentation to allow for translations.
> [Yoshiki Hayashi, Joshua Slive]
>
> *) Fix a file permissions problem which prevented mod_disk_cache
> from working on Unix. [Jeff Trawick]
>
> *) Add "-k start|restart|graceful|stop" support to httpd for the Unix
>
> MPMs. These have semantics very similar to the old apachectl
> commands of the same name. [Justin Erenkrantz, Jeff Trawick]
>
> *) Make sure that the runtime dir is created by make install.
> PR 9233. [Jeff Trawick]
>
> *) Fix an unusual set of ./configure arguments that could cause
> mod_http to be built as a DSO, which it currently doesn't
> support. PR 9244.
> [Cliff Woolley, Robin Johnson <ro...@orbis-terrarum.net>]
>
> *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
> of the %X, %b and %B logformat options. PR 8253, 8996.
> [Bill Stoddard]
>
> *) If content-encoding is already present, do not run deflate (PR
>9222)
> [Kazuhisa ASADA <ka...@asada.sytes.net>]
>
> *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
> It is currently ignored and it will be removed in a future
>release
> of Apache. [Jeff Trawick]
>
> *) Removed documentation references to the no-longer-supported
> "make certificate" feature of mod_ssl for Apache 1.3.x. Test
> certificates, if truly desired, can be generated using openssl
> commands. PR 8724. [Cliff Woolley]
>
> *) Remove SSLLog and SSLLogLevel directives in favor of having
> mod_ssl use the standard ErrorLog directives. [Justin
>Erenkrantz]
>
> *) OS/390: LIBPATH no longer has to be manually uncommented in
> envvars to get apachectl to set up httpd properly. [Jeff
>Trawick]
>
> *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
> may now be specified to the <File/Directory > container, rather
> than by vhost. [William Rowe]
>
> *) mod_isapi: Experimental support for faux async support for ISAPI
> modules. [William Rowe]
>
> *) mod_isapi: Major refactoring of the code to rely on apr internals
> rather than MS APIs (using our own mod_isapi.h headers for ISAPI
> symbol definitions.) [William Rowe]
>
> *) mod_isapi: Fixed the return string length from GetServerVariable
> callback, it was not including the trailing null in the consumed
> buffer size. This was particularly bad for Delphi 6.0 users.
> PR 8934 [Sebastian Hantsch <se...@gmx.de>]
>
> *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
> [William Rowe]
>
> *) Make apxs look in the correct directory for envvars. It was
> broken when sbindir != bindir. PR 8869
> [Andreas Sundstr÷m <su...@zappa.cx>]
>
> *) Fix mod_deflate corruption when using multiple buckets. PR 9014.
> [Asada Kazuhisa <ka...@asada.sytes.net>]
>
> *) Performance enhancements for access logger when using
> default timestamp formatting [Brian Pane]
>
> *) Added EnableMMAP config directive to enable the server
> administrator to disable memory-mapping of delivered files
> on a per-directory basis. [Brian Pane]
>
> *) Performance enhancements for mod_setenvif [Brian Pane]
>
> *) Fix a mod_ssl build problem on OS/390. [Jeff Trawick]
>
> *) Fixed If-Modified-Since on Win32, which would give false
>positives
> because of the sub-second resolution of file timestamps on that
> platform. [Cliff Woolley]
>
> *) Reverse the hook ordering for mod_userdir and mod_alias so
> that Alias/ScriptAlias will override Userdir. PR 8841
> [Joshua Slive]
>
> *) Move mod_deflate out of experimental and into filters.
> [Justin Erenkrantz]
>
> *) Get proxy CONNECT basically working. [Jeff Trawick]
>
> *) Fix mod_rewrite hang when APR uses SysV Semaphores and
> RewriteLogLevel is set to anything other than 0. PR: 8143
> [Aaron Bannert, Cliff Woolley]
>
> *) Fix byterange requests from returning 416 when using dynamic data
> (such as filters like mod_include). [Justin Erenkrantz]
>
> *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
> to be extended by third-party modules via an optional function.
> [Tahiry Ramanamampanoharana <no...@hotmail.com>, Cliff
>Woolley]
>
> *) Fix mod_include expression parser's handling of unquoted strings
> followed immediately by a closing paren. PR 8462. [Brian Pane]
>
> *) Remove autom4te.cache in 'make distclean'.
> [Thom May <th...@planetarytramp.net>]
>
> *) Fix generated httpd.conf to respect layout for LoadModule lines.
> PR 8170. [Thom May <th...@planetarytramp.net>]
>
> *) Win32: During a graceful restart, threads in the new process
> were accessing scoreboard slots still in use by active threads in
>
> the the old process. [Bill Stoddard]