Академический Документы
Профессиональный Документы
Культура Документы
22
some cache entries and log a warning. Also increase the default
LDAPSharedCacheSize to 500000. This is a more realistic size suitable
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
PR 46749. [Stefan Fritsch]
*) mod_disk_cache, mod_mem_cache: don't cache incomplete responses,
per RFC 2616, 13.8. PR15866. [Dan Poirier]
*) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
the request is a CONNECT request. PR 47928.
[Bill Zajac <billz consultla.com>]
*) mod_cache: correctly consider s-maxage in cacheability
decisions. [Dan Poirier]
*) core: Return APR_EOF if request body is shorter than the length announced
by the client. PR 33098. [Stefan Fritsch]
*) mod_rewrite: Add scgi scheme detection. [Andr Malo]
*) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
LocationMatch sections. PR 47754. [Dan Poirier]
*) ab, mod_ssl: Restore compatibility with OpenSSL < 0.9.7g.
[Guenter Knauf]
Changes with Apache 2.2.14
*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork and event
MPMs on that platform. PR 47645. [Jeff Trawick]
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) mod_proxy_scgi: Backport from trunk. [Andr Malo]
*) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL
has been defined at a very high level. PR 45946. [Eric Covener]
*) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
*) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries
usage() in synch with the manual and the implementation (0 and -1
both disable the cache). [Eric Covener]
*) mod_ssl: The error message when SSLCertificateFile is missing should
at least give the name or position of the problematic virtual host
definition. [Stefan Fritsch sf sfritsch.de]
*) htdbm: Fix possible buffer overflow if dbm database has very
long values. PR 30586 [Dan Poirier]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
*) mod_proxy: Make all proxy modules nocanon aware and do not add the
query string again in this case. PR 44803.
[Jim Jagielski, Ruediger Pluem]
*) mod_unique_id: Fix timestamp value in UNIQUE_ID.
PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]
*) htpasswd: Fix salt generation weakness. PR 31440
[Andreas Krennmair <ak synflood.at>, Peter Watkins <peterw tux.org>,
Paul Querna]
*) core: Add the filename of the configuration file to the warning message
about the useless use of AllowOverride. PR 39992.
[Darryl Miles <darryl darrylmiles.org>]
*) scoreboard: Remove unused proxy load balancer elements from scoreboard
image (not scoreboard memory itself). [Chris Darroch]
*) mod_proxy: Support environment variable interpolation in reverse
proxying directives. [Nick Kew]
*) suexec: When group is given as a numeric gid, validate it by looking up
the actual group name such that the name can be used in log entries.
PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
*) Fix garbled TRACE response on EBCDIC platforms.
[David Jones <oscaremma gmail.com>]
*) ab: Include <limits.h> earlier if available since we may need
INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS.
PR 45024 [Ruediger Pluem]
*) ab: Improve client performance by clearing connection pool instead
of destroying it. PR 40054 [Brad Roberts <braddr puremagic.com>]
*) ab: Don't stop sending a request if EAGAIN is returned, which
will only happen if both the write and subsequent wait are
returning EAGAIN, and count posted bytes correctly when the initial
write of a request is not complete. PR 10038, 38861, 39679
[Patrick McManus <mcmanus datapower.com>,
Stefan Fleiter <stefan.fleiter web.de>,
Davanum Srinivas, Roy T. Fielding]
*) ab: Overhaul stats collection and reporting to avoid integer
truncation and time divisions within the test loop, retain
native time resolution until output, remove unused data,
consistently round milliseconds, and generally avoid losing
accuracy of calculation due to type casts. PR 44878, 44931.
[Roy T. Fielding]
*) ab: Add -r option to continue after socket receive errors.
[Filip Hanik <devlist hanik.com>]
*) core: Do not allow Options ALL if not all options are allowed to be
overwritten. PR 44262 [Micha Grz dzicki <lazy iq.pl>]
*) mod_cache: Handle If-Range correctly if the cached resource was stale.
PR 44579 [Ruediger Pluem]
*) mod_cache: Correctly cache objects whose URL query string has been
modified by mod_rewrite. PR 40805. [Ruediger Pluem]
*) HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses alone. Only
processing of error responses (4xx, 5xx) will be altered. PR 39245.
[Jeff Trawick, Bart van der Schans <schans hippo.nl>]
*) htdbm: Enable crypt support on platforms with crypt() but not
<crypt.h>, such as z/OS. [David Jones <oscaremma gmail.com>]
*) mod_ssl: initialize thread locks before initializing the hardware
acceleration library, so the latter can make use of the former.
PR 20951. [<adunn at ncipher.com>]
*) ab.c: Correct behavior of HTTP request headers sent by ab
in presence of -H command-line overrides. PR 31268, 26554.
[Arvind Srinivasan <arvind.srinivasan sun.com>]
*) ab.c: The apr_port_t type is unsigned, but ab was using a
signed format code in its reports. PR 42070.
[Takashi Sato <serai lans-tv.com>]
*) mod_ldap: Remove the hardcoded size limit parameter for
ldap_search_ext_s and replace it with an APR_ defined value that
is set according to the LDAP SDK being used, resolving a problem
with SDKs that define LDAP_NO_LIMIT to something other than -1.
[David Jones <oscaremma gmail com>]
*) core: Correct a regression since 2.0.x in the handling of AllowOverride
Options. PR 41829. [Torsten Frtsch <torsten.foertsch gmx.net>]
*) mod_proxy_http: Handle request bodies larger than 2 GB by converting
the Content-Length header of the request correctly. PR 40883.
[Ruediger Pluem, toadie <toadie643 gmail.com>]
*) mod_proxy: Fix some proxy setting inheritance problems (eg:
ProxyTimeout). PR 11540. [Stuart Children <stuart terminus.co.uk>]
*) Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
can work after that terminating signal.
[Eric Covener]
*) Win32: Makefile.win will now build with MS VC 8 (Visual Studio 2005)
including embedding the .manifest information into each binary.
[William Rowe]
There was no Apache 2.2.5
Changes with Apache 2.2.4
*) mod_isapi: Correctly present SERVER_PORT_SECURE.
PR: 40573. [Matt Eaton <asf divinehawk.com>]
*) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util
statically like the older support programs.
[Eric Covener <covener gmail.com>]
*) core: Fix NONBLOCK status of listening sockets on restart/graceful
PR 37680. [Darius Davis <darius-abz free-range.com.au>]
*) mod_isapi: Ensure we walk through all the methods the developer may have
employed to report their HTTP status result code. PR 16637 30033 28089
[Matt Lewandowsky <matt iamcode.net>, William Rowe]
*) mod_echo: Fix precedence problem in if statement. PR 40658.
[Larry Cipriani <lvc lucent.com>]
*) mod_mime_magic: Fix precedence problem in if statement. PR 40656.
[Larry Cipriani <lvc lucent.com>]
*) The full server version information is now included in the error log at
startup as well as server status reports, irrespective of the setting
of the ServerTokens directive. ap_get_server_version() is now
deprecated, and is replaced by ap_get_server_banner() and
ap_get_server_description(). [Jeff Trawick]
*) mod_proxy_balancer: Workers can now be defined as part of
a balancer cluster "set" in which members of a lower-numbered set
are preferred over higher numbered ones. [Jim Jagielski]
*) mod_proxy_balancer: Workers can now be defined as "hot standby" which
will only be used if all other workers are unusable (eg: in
error or disabled). Also, the balancer-manager displays the election
count and I/O counts of all workers. [Jim Jagielski]
*) mod_proxy_ajp: Close connection to backend if reading of request body
fails. PR 40310. [Ian Abel <ianabel mxtelecom.com>]
*) mod_proxy_balancer: Retry worker chosen by route / redirect worker if
it is in error state before sending "Service Temporarily Unavailable".
PR 38962. [Christian Boitel <cboitel lfdj.com>]
Changes with Apache 2.2.3
*) SECURITY: CVE-2006-3747 (cve.mitre.org)
mod_rewrite: Fix an off-by-one security problem in the ldap scheme
handling. For some RewriteRules this could lead to a pointer being
written out of bounds. Reported by Mark Dowd of McAfee.
[Mark Cox]
*) Win32: Minor fixes to build more cleanly under Visual Studio 2005
with command line builds. [William Rowe]
*) mod_authn_alias: Add a check to make sure that the base provider and the
alias names are different and also that the alias has not been registered
before. PR 40051. [Brad Nicholes]
*) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
[Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
*) mod_cache: Do not overwrite the Content-Type in the cache, for
successfully revalidated cached objects. PR 39647. [Ruediger Pluem]
*) mod_speling: Add directive to deal with case corrections only
and ignore other misspellings [Olivier Thereaux <ot w3.org>]
*) mod_dbd: Fix dependence on virtualhost configuration in
defining prepared statements (possible segfault at startup
in user modules such as mod_authn_dbd). [Nick Kew]
[Joe Orton]
*) Fix bug in mod_deflate that unconditionally sent deflate'd output
even when Accept-Encoding is not present. [Justin Erenkrantz]
*) Pass environment variables through to piped loggers and start
them via the shell, resolving regressions since 1.3. PR 28815
[Ken Coar, Jeff Trawick]
*) External rewrite map responses are no longer limited to 2048
bytes. [Andr Malo]
*) Proxy server was deleting cookies that Apache had already
assigned if the origin server had set any cookies. PR 27023.
[Jim Jagielski]
*) Removed old and unmaintained ap_add_named_module API and changed
the following APIs to return an error instead of hard exiting:
ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
and ap_process_resource_config. [Andr Malo]
*) mod_headers: Allow %% in header values to represent a literal %.
[Andr Malo]
*) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
[Andr Malo]
*) mod_headers: Allow 'echo' also for ErrorHeaders. [Andr Malo]
*) mod_deflate: New option for DEFLATE output file (force-gzip),
new output filter 'INFLATE' for uncompressing responses.
[Nick Kew <Nick at WebThing dot com>, Ian Holsman]
*) Added new module mod_version, which provides version dependent
configuration containers. [Andr Malo]
*) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. PR 27787. [Andr Malo]
*) Allow Digest providers to return AUTH_DENIED to propagate a 401
status and terminate the provider chain prior to checking the password.
[Geoffrey Young]
*) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
Don't place script socket inside default server root instead of
actual server root. PR 27886. [Jeff Trawick]
*) mod_proxy: Fix handling of non-200 success status codes when
"ProxyErrorOverride On" is configured. PR 20183.
[Marcus Janson <marcus.janson tre.se>, Joe Orton]
*) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
directive (previously NetWare-only) to override default thread
stack size for threads which handle client connections. Required
for some third-party modules on platforms with small default
thread stack size. [Jeff Trawick]
*) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
now populates r->user with the (possibly unauthenticated) user,
and mod_auth_digest returns 500 when a provider returns
AUTH_GENERAL_ERROR.
[Geoffrey Young]
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
*) Delete some make-generated files in the server directory during
"make clean" processing. PR 26552. [Jeff Trawick]
*) Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
[Andr Malo]
*) mod_rewrite: EOLs sent by external rewritemaps are now consumed
as whole. That way, on systems with more than one EOL character
rewritemap programs no longer need to switch stdout to binary
mode. PR 25635. [Andr Malo]
*) mod_rewrite: Introduce the ability to force a content handler via
the [handler=...] flag. [Andr Malo]
*) mod_rewrite: Introduce the RewriteCond -x check, which returns
true if the pattern is a file with execution permissions.
[Andr Malo]
*) mod_rewrite: Allow proxying and RewriteRules in directory context
for subrequests. PR 14648, 15114. [Andr Malo]
*) mod_rewrite: Allow setting of any valid HTTP response code.
PR 25917. [Andr Malo]
*) mod_rewrite: Cookie creation now works locale independent.
[Andr Malo]
*) mod_ssl: Add support for distributed session cache using 'distcache'.
[Geoff Thorpe <geoff geoffthorpe.net>]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
*) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
attaches a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
*) Bring ErrorHeader concept forward from 1.3, so that response
header fields can be set for return even on errors or external
redirects. [Ken Coar]
*) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
in the initial container. PR 25414.
[Geoffrey Young <geoff apache.org>]
*) Clean up httpd -V output: Instead of displaying the MPM source
directory, display the MPM name and some MPM properties.
[Geoffrey Young <geoff apache.org>]
*) mod_ssl/mod_status: Re-enable support for output of SSL session
cache information in server-status page. [Joe Orton]