You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2022/05/18 12:44:42 UTC

svn commit: r1901034 - in /httpd/httpd/trunk: ./ changes-entries/

Author: ylavic
Date: Wed May 18 12:44:41 2022
New Revision: 1901034

URL: http://svn.apache.org/viewvc?rev=1901034&view=rev
Log:
Sync CHANGES entries [skip ci]

Removed:
    httpd/httpd/trunk/changes-entries/ab_tls13.txt
    httpd/httpd/trunk/changes-entries/ab_workers.txt
    httpd/httpd/trunk/changes-entries/core_ap_escape_quotes.txt
    httpd/httpd/trunk/changes-entries/core_request_buckets.txt
    httpd/httpd/trunk/changes-entries/core_response_buckets.txt
    httpd/httpd/trunk/changes-entries/core_secondary_conn.txt
    httpd/httpd/trunk/changes-entries/event_early_killed_children.txt
    httpd/httpd/trunk/changes-entries/event_note_child_stopped.txt
    httpd/httpd/trunk/changes-entries/h2_request_buckets.txt
    httpd/httpd/trunk/changes-entries/md_acme_failover.txt
    httpd/httpd/trunk/changes-entries/md_auto_status.txt
    httpd/httpd/trunk/changes-entries/md_ocsp_update.txt
    httpd/httpd/trunk/changes-entries/md_tailscale.txt
    httpd/httpd/trunk/changes-entries/md_timeperiod_null.txt
    httpd/httpd/trunk/changes-entries/mod_heartmonitor-HeartbeatMaxServers.diff
    httpd/httpd/trunk/changes-entries/mod_proxy_log_backend_port.txt
    httpd/httpd/trunk/changes-entries/mod_proxy_set_502_on_close.txt
    httpd/httpd/trunk/changes-entries/osx_nopush.txt
    httpd/httpd/trunk/changes-entries/pr66033.txt
    httpd/httpd/trunk/changes-entries/pr66034.txt
    httpd/httpd/trunk/changes-entries/pr66037.txt
Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1901034&r1=1901033&r2=1901034&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed May 18 12:44:41 2022
@@ -1,6 +1,112 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
+     an ACME CA. This gives a failover for renewals when several consecutive attempts
+     to get a certificate failed.
+     A new directive was added: `MDRetryDelay` sets the delay of retries.
+     A new directive was added: `MDRetryFailover` sets the number of errored
+     attempts before an alternate CA is selected for certificate renewals.
+     [Stefan Eissing]
+
+  *) mod_heartmonitor: Set the documented default value
+     "10" for HeartbeatMaxServers instead of "0". With "0"
+     no shared memory slotmem was initialized. [Rainer Jung]
+
+  *) mod_md:  fixed a bug leading to failed transfers for OCSP
+     stapling information when more than 6 certificates needed
+     updates in the same run. [Stefan Eissing]
+
+  *) mod_http2: use the new REQUEST buckets to forward request
+     on secondary connections. Use the now generic
+     ap_process_connection() in h2 workers to process those.
+     [Stefan Eissing]
+
+  *) Implement full auto status ("key: value" type status output).
+     Especially not only status summary counts for certificates and
+     OCSP stapling but also lists. Auto status format is similar to
+     what was used for mod_proxy_balancer.
+     [Rainer Jung]
+
+  *) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific
+     input filter to separate the handling for HTTP requests from the
+     handling of HTTP/1.x request parsing and checks.
+     A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections
+     before a request is being read. It generates either a REQUEST meta
+     bucket on success or an ERROR bucket with the proposed response status.
+     The core connection processing, relying on ap_read_request(), now expects
+     a REQUEST or ERROR bucket from the input filters and is agnostic to
+     specific HTTP versions and how they bring requests into the server.
+     [Stefan Eissing]
+
+  *) mod_http2: remove unused and insecure code. Fixes PR66037.
+     Thanks to Ronald Crane (Zippenhop LLC) for reporting this.
+     [Stefan Eissing]
+
+  *) mod_md: added support for managing certificates via a
+     local tailscale demon for users of that secure networking.
+     This gives trusted certificates for tailscale  assigned
+     domain names in the *.ts.net space.
+     [Stefan Eissing]
+
+  *) mod_md: a possible NULL pointer deref was fixed in
+     the JSON code for persisting time periods (start+end).
+     Fixes #282 on mod_md's github.
+     Thanks to @marcstern for finding this.
+
+  *) core: Avoid an overflow on large inputs in ap_is_matchexp.  PR 66033
+     [Ruediger Pluem]
+
+  *) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specific
+     filter to send responses through the output filter chain.
+     Specifically: the HTTP_HEADER output filter and ap_send_interim_response()
+     create a RESPONSE bucket and no longer are concerned with HTTP/1.x
+     serialization.
+     A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x
+     bytes when dealing with a RESPONSE bucket. That filter installs itself
+     on the pre_read_request hook when the connection has protocol 'http/1.1'.
+     [Stefan Eissing]
+
+  *) MPM event: Restart chilren processes killed before idle maintenance.
+     PR 65769.  [Yann Ylavic, Ruediger Pluem]
+
+  *) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
+     transmission delays.  PR 66019.  [Yann Ylavic]
+
+  *) ab: Allow for TLSv1.3 when the SSL library supports it.
+     [abhilash1232 gmail.com, xiaolongx.jiang intel.com, Yann Ylavic]
+
+  *) ab: Add the -W option to use worker threads, allowing for multiple CPUs
+     to handle the load.  [Yann Ylavic]
+
+  *) mod_substitute: Fix an integer overflow that can happen in very special
+     setups.  PR 66034 [Ruediger Pluem]
+
+  *) core: make ap_escape_quotes() work correctly on strings
+     with more than MAX_INT/2 characters, counting quotes double.
+     Credit to <ge...@zippenhop.com> for finding this.
+     [Stefan Eissing]
+
+  *) core: adding a new hook and method to the API:
+     create_secondary_connection and ap_create_secondary_connection()
+     to setup connections related to a "master" one, as used in
+     the HTTP/2 protocol implementation.
+  *) mod_http2: using the new API calls to get rid of knowledge
+     about how the core handles conn_rec specifics.
+     Improvements in pollset stream handling to use less sets.
+     Using atomic read/writes instead of volatiles now.
+     Keeping a reserve of "transit" pools and bucket_allocs for
+     use on secondary connections to avoid repeated setup/teardowns.
+
+  *) mod_proxy: Set a status code of 502 in case the backend just closed the
+     connection in reply to our forwarded request.  [Ruediger Pluem]
+
+  *) MPM event: Fix accounting of active/total processes on ungraceful restart,
+     PR 66004 (follow up to PR 65626 from 2.4.52).  [Yann Ylavic]
+
+  *) mod_proxy: Add backend port to log messages to
+     ease identification of involved service.
+
   *) mod_systemd: Systemd socket activation can now be enabled at
      build time but disabled at run time, if mod_systemd is not
      loaded.  [Lubos Uhliarik <luhliari redhat.com>]